xmrig | edc33e9fb4ace4f61de399dda19f9f217352056f09c086e7105ddd228fd37972

Analysis

max time kernel
96s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
Size

1.5MB
MD5

bc3d24ff504a33f506a6bb780dc3df00
SHA1

178c00fabc627a84ba91d7f5b34697504708ea7a
SHA256

edc33e9fb4ace4f61de399dda19f9f217352056f09c086e7105ddd228fd37972
SHA512

986856cfd73a8eaf43367921d3a0a333071fd54c39d7bbdda3741d51342618c88e1589e7338fe28077baa178f2bf47c23638fd31a3d128ce3e88a279b839c995
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZdO23/oF7u3hmxjfU3KXAnmwJThEz8tU/FVJ/x:knw9oUUEEDl3aEUiRSW2j3/xbn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 12556 created 3580	12556	WerFaultSecure.exe	78

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/3928-20-0x00007FF7FF250000-0x00007FF7FF641000-memory.dmp	xmrig
behavioral2/memory/4284-58-0x00007FF7FB300000-0x00007FF7FB6F1000-memory.dmp	xmrig
behavioral2/memory/3060-64-0x00007FF7A8B20000-0x00007FF7A8F11000-memory.dmp	xmrig
behavioral2/memory/5016-74-0x00007FF7E95D0000-0x00007FF7E99C1000-memory.dmp	xmrig
behavioral2/memory/2824-449-0x00007FF619AE0000-0x00007FF619ED1000-memory.dmp	xmrig
behavioral2/memory/3020-450-0x00007FF6BF4B0000-0x00007FF6BF8A1000-memory.dmp	xmrig
behavioral2/memory/1412-451-0x00007FF7206E0000-0x00007FF720AD1000-memory.dmp	xmrig
behavioral2/memory/1408-452-0x00007FF6DDC40000-0x00007FF6DE031000-memory.dmp	xmrig
behavioral2/memory/1060-454-0x00007FF745470000-0x00007FF745861000-memory.dmp	xmrig
behavioral2/memory/2020-455-0x00007FF619740000-0x00007FF619B31000-memory.dmp	xmrig
behavioral2/memory/2424-456-0x00007FF769020000-0x00007FF769411000-memory.dmp	xmrig
behavioral2/memory/2368-457-0x00007FF7CE4A0000-0x00007FF7CE891000-memory.dmp	xmrig
behavioral2/memory/2624-459-0x00007FF733510000-0x00007FF733901000-memory.dmp	xmrig
behavioral2/memory/2172-458-0x00007FF72ECA0000-0x00007FF72F091000-memory.dmp	xmrig
behavioral2/memory/4880-453-0x00007FF774A10000-0x00007FF774E01000-memory.dmp	xmrig
behavioral2/memory/2776-71-0x00007FF7C1A40000-0x00007FF7C1E31000-memory.dmp	xmrig
behavioral2/memory/4952-60-0x00007FF67F4B0000-0x00007FF67F8A1000-memory.dmp	xmrig
behavioral2/memory/4532-1944-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp	xmrig
behavioral2/memory/2564-1968-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp	xmrig
behavioral2/memory/1620-1969-0x00007FF773600000-0x00007FF7739F1000-memory.dmp	xmrig
behavioral2/memory/5028-1976-0x00007FF602440000-0x00007FF602831000-memory.dmp	xmrig
behavioral2/memory/3612-1980-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp	xmrig
behavioral2/memory/5092-1982-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp	xmrig
behavioral2/memory/2668-1985-0x00007FF6F2CD0000-0x00007FF6F30C1000-memory.dmp	xmrig
behavioral2/memory/3928-1987-0x00007FF7FF250000-0x00007FF7FF641000-memory.dmp	xmrig
behavioral2/memory/4532-1989-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp	xmrig
behavioral2/memory/4284-1995-0x00007FF7FB300000-0x00007FF7FB6F1000-memory.dmp	xmrig
behavioral2/memory/4952-1993-0x00007FF67F4B0000-0x00007FF67F8A1000-memory.dmp	xmrig
behavioral2/memory/2564-1992-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp	xmrig
behavioral2/memory/1620-1999-0x00007FF773600000-0x00007FF7739F1000-memory.dmp	xmrig
behavioral2/memory/3060-2001-0x00007FF7A8B20000-0x00007FF7A8F11000-memory.dmp	xmrig
behavioral2/memory/2776-2003-0x00007FF7C1A40000-0x00007FF7C1E31000-memory.dmp	xmrig
behavioral2/memory/5016-1997-0x00007FF7E95D0000-0x00007FF7E99C1000-memory.dmp	xmrig
behavioral2/memory/1412-2011-0x00007FF7206E0000-0x00007FF720AD1000-memory.dmp	xmrig
behavioral2/memory/2624-2031-0x00007FF733510000-0x00007FF733901000-memory.dmp	xmrig
behavioral2/memory/4880-2033-0x00007FF774A10000-0x00007FF774E01000-memory.dmp	xmrig
behavioral2/memory/1408-2028-0x00007FF6DDC40000-0x00007FF6DE031000-memory.dmp	xmrig
behavioral2/memory/2020-2025-0x00007FF619740000-0x00007FF619B31000-memory.dmp	xmrig
behavioral2/memory/2424-2022-0x00007FF769020000-0x00007FF769411000-memory.dmp	xmrig
behavioral2/memory/5028-2020-0x00007FF602440000-0x00007FF602831000-memory.dmp	xmrig
behavioral2/memory/3020-2016-0x00007FF6BF4B0000-0x00007FF6BF8A1000-memory.dmp	xmrig
behavioral2/memory/2172-2009-0x00007FF72ECA0000-0x00007FF72F091000-memory.dmp	xmrig
behavioral2/memory/2368-2030-0x00007FF7CE4A0000-0x00007FF7CE891000-memory.dmp	xmrig
behavioral2/memory/1060-2024-0x00007FF745470000-0x00007FF745861000-memory.dmp	xmrig
behavioral2/memory/5092-2005-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp	xmrig
behavioral2/memory/3612-2018-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp	xmrig
behavioral2/memory/2824-2014-0x00007FF619AE0000-0x00007FF619ED1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2668	gFqhxmI.exe
3928	JXimUXq.exe
4284	HeFsKTJ.exe
4532	QDQGSof.exe
4952	TxZIgwT.exe
2564	NOhfHxj.exe
1620	lPFFxTk.exe
5016	SAtDpKU.exe
3060	wNDLJnl.exe
5028	FztuxBG.exe
2776	IsLyQpN.exe
3612	phMKaCA.exe
5092	LZyKcOD.exe
2824	HxYDGnF.exe
3020	pNcFjhO.exe
1412	eLxCfVm.exe
1408	yUOLNoS.exe
4880	PeFuXJv.exe
1060	bmlzqMW.exe
2020	EzgCrqK.exe
2424	NZsNINF.exe
2368	ZIrsoKt.exe
2172	qRnYuJq.exe
2624	MukfnDO.exe
3256	oRPkeKs.exe
3976	qEgFDQT.exe
632	UYElDxo.exe
2044	AIKgPlw.exe
4904	dQYtehH.exe
2492	jkHcFWI.exe
4164	xChqyIl.exe
2572	jJuRyVR.exe
3096	noKlwgR.exe
1908	jAayOwK.exe
5000	OIvMvFz.exe
3828	vaQpTNR.exe
752	bpELNdK.exe
1580	PWWEzFU.exe
1676	DdfpLhM.exe
4480	ilLMXwe.exe
2896	ydCFxRP.exe
4580	jRFLzHj.exe
2556	ZCjDDSH.exe
4076	dLJTZVm.exe
2568	TCgqZqV.exe
2012	RSQafsX.exe
2068	RCHUocd.exe
1932	FiPhTqJ.exe
3276	QIBibQX.exe
4416	QypezPl.exe
1168	KMtAjMm.exe
1388	wPAZdfM.exe
3784	fxsALxR.exe
1948	vAYMuwq.exe
1988	JKwdHDn.exe
1416	HKzLORp.exe
5072	JiDhcWV.exe
2324	vQcmjvJ.exe
4732	PPUyKTy.exe
228	PbZokPc.exe
4696	pkWHRaX.exe
668	dsitqca.exe
2440	abPomyU.exe
3200	YJQtQsN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1848-0-0x00007FF671E30000-0x00007FF672221000-memory.dmp	upx
behavioral2/files/0x0009000000023412-6.dat	upx
behavioral2/files/0x0007000000023419-11.dat	upx
behavioral2/files/0x000700000002341b-21.dat	upx
behavioral2/memory/3928-20-0x00007FF7FF250000-0x00007FF7FF641000-memory.dmp	upx
behavioral2/files/0x000700000002341a-32.dat	upx
behavioral2/memory/4532-33-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp	upx
behavioral2/files/0x000700000002341d-45.dat	upx
behavioral2/files/0x000700000002341f-49.dat	upx
behavioral2/files/0x0007000000023421-53.dat	upx
behavioral2/memory/4284-58-0x00007FF7FB300000-0x00007FF7FB6F1000-memory.dmp	upx
behavioral2/memory/3060-64-0x00007FF7A8B20000-0x00007FF7A8F11000-memory.dmp	upx
behavioral2/files/0x0007000000023422-68.dat	upx
behavioral2/memory/5016-74-0x00007FF7E95D0000-0x00007FF7E99C1000-memory.dmp	upx
behavioral2/files/0x0009000000023416-84.dat	upx
behavioral2/files/0x0007000000023425-92.dat	upx
behavioral2/files/0x0007000000023427-102.dat	upx
behavioral2/files/0x000700000002342e-137.dat	upx
behavioral2/files/0x0007000000023437-175.dat	upx
behavioral2/memory/2824-449-0x00007FF619AE0000-0x00007FF619ED1000-memory.dmp	upx
behavioral2/memory/3020-450-0x00007FF6BF4B0000-0x00007FF6BF8A1000-memory.dmp	upx
behavioral2/memory/1412-451-0x00007FF7206E0000-0x00007FF720AD1000-memory.dmp	upx
behavioral2/memory/1408-452-0x00007FF6DDC40000-0x00007FF6DE031000-memory.dmp	upx
behavioral2/memory/1060-454-0x00007FF745470000-0x00007FF745861000-memory.dmp	upx
behavioral2/memory/2020-455-0x00007FF619740000-0x00007FF619B31000-memory.dmp	upx
behavioral2/memory/2424-456-0x00007FF769020000-0x00007FF769411000-memory.dmp	upx
behavioral2/memory/2368-457-0x00007FF7CE4A0000-0x00007FF7CE891000-memory.dmp	upx
behavioral2/memory/2624-459-0x00007FF733510000-0x00007FF733901000-memory.dmp	upx
behavioral2/memory/2172-458-0x00007FF72ECA0000-0x00007FF72F091000-memory.dmp	upx
behavioral2/memory/4880-453-0x00007FF774A10000-0x00007FF774E01000-memory.dmp	upx
behavioral2/files/0x0007000000023436-172.dat	upx
behavioral2/files/0x0007000000023435-169.dat	upx
behavioral2/files/0x0007000000023434-167.dat	upx
behavioral2/files/0x0007000000023433-159.dat	upx
behavioral2/files/0x0007000000023432-157.dat	upx
behavioral2/files/0x0007000000023431-152.dat	upx
behavioral2/files/0x0007000000023430-147.dat	upx
behavioral2/files/0x000700000002342f-139.dat	upx
behavioral2/files/0x000700000002342d-132.dat	upx
behavioral2/files/0x000700000002342c-127.dat	upx
behavioral2/files/0x000700000002342b-120.dat	upx
behavioral2/files/0x000700000002342a-117.dat	upx
behavioral2/files/0x0007000000023429-109.dat	upx
behavioral2/files/0x0007000000023428-107.dat	upx
behavioral2/files/0x0007000000023426-97.dat	upx
behavioral2/files/0x0007000000023424-82.dat	upx
behavioral2/memory/5092-79-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp	upx
behavioral2/memory/3612-77-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp	upx
behavioral2/files/0x0007000000023423-75.dat	upx
behavioral2/memory/2776-71-0x00007FF7C1A40000-0x00007FF7C1E31000-memory.dmp	upx
behavioral2/memory/5028-67-0x00007FF602440000-0x00007FF602831000-memory.dmp	upx
behavioral2/memory/4952-60-0x00007FF67F4B0000-0x00007FF67F8A1000-memory.dmp	upx
behavioral2/files/0x0007000000023420-57.dat	upx
behavioral2/files/0x000700000002341e-51.dat	upx
behavioral2/files/0x000700000002341c-41.dat	upx
behavioral2/memory/1620-38-0x00007FF773600000-0x00007FF7739F1000-memory.dmp	upx
behavioral2/memory/2564-37-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp	upx
behavioral2/memory/2668-16-0x00007FF6F2CD0000-0x00007FF6F30C1000-memory.dmp	upx
behavioral2/memory/4532-1944-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp	upx
behavioral2/memory/2564-1968-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp	upx
behavioral2/memory/1620-1969-0x00007FF773600000-0x00007FF7739F1000-memory.dmp	upx
behavioral2/memory/5028-1976-0x00007FF602440000-0x00007FF602831000-memory.dmp	upx
behavioral2/memory/3612-1980-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp	upx
behavioral2/memory/5092-1982-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\SoFuOGF.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\SFxfxvS.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\TxZIgwT.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\XIXbDHQ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\CtFHUHs.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\LmtBGMR.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\osFzTQX.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\JVdNKef.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\uKZlejn.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\EckwxlM.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\wlktgku.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\beppuFG.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\XegxryT.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\SXCPSaG.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\NwZKbOc.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\wPAZdfM.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\WOucOZl.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\FqQiHuF.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\iYIpvsw.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\zKvTOEN.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\PKQJolL.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\bBtsLuj.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\PYfTPKU.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\easEopS.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\xwZFSEC.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\wjvNESQ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\wWyUzJC.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\VGWPXJH.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\Nbsytfk.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\pfoQbtK.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\IeiTtXN.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\tyvJneO.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\zRCISwm.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\VNQXAtn.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\AgBzTnu.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\zFYSqgI.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\ibZdrMt.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\lPFFxTk.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\SAtDpKU.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\QnCmLYs.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\trSqjqW.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\DEWXlJW.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\VgBaIut.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\fqQrpRh.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\JlsptDJ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\AIKgPlw.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\SkvanfF.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\HQhXEZw.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\OLtXjkZ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\XQxMjIZ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\IsRdzmu.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\lvIzCSP.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\FpnZFFQ.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\WdUtVLi.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\vaQpTNR.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\IfVMhEY.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\BlvgJBx.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\XlSvMAA.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\qXsXceA.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\GDtZBiz.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\kDlDNTz.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\gMqJJEi.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\DsREnby.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
File created	C:\Windows\System32\EbkHdsX.exe	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
13288	WerFaultSecure.exe
13288	WerFaultSecure.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2668	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	83
PID 1848 wrote to memory of 2668	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	83
PID 1848 wrote to memory of 3928	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	84
PID 1848 wrote to memory of 3928	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	84
PID 1848 wrote to memory of 4284	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	85
PID 1848 wrote to memory of 4284	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	85
PID 1848 wrote to memory of 4532	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	86
PID 1848 wrote to memory of 4532	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	86
PID 1848 wrote to memory of 4952	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	87
PID 1848 wrote to memory of 4952	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	87
PID 1848 wrote to memory of 2564	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	88
PID 1848 wrote to memory of 2564	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	88
PID 1848 wrote to memory of 1620	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	89
PID 1848 wrote to memory of 1620	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	89
PID 1848 wrote to memory of 5016	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	90
PID 1848 wrote to memory of 5016	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	90
PID 1848 wrote to memory of 3060	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	91
PID 1848 wrote to memory of 3060	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	91
PID 1848 wrote to memory of 2776	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	92
PID 1848 wrote to memory of 2776	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	92
PID 1848 wrote to memory of 5028	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	93
PID 1848 wrote to memory of 5028	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	93
PID 1848 wrote to memory of 3612	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	94
PID 1848 wrote to memory of 3612	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	94
PID 1848 wrote to memory of 5092	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	95
PID 1848 wrote to memory of 5092	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	95
PID 1848 wrote to memory of 2824	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	96
PID 1848 wrote to memory of 2824	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	96
PID 1848 wrote to memory of 3020	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	97
PID 1848 wrote to memory of 3020	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	97
PID 1848 wrote to memory of 1412	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	98
PID 1848 wrote to memory of 1412	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	98
PID 1848 wrote to memory of 1408	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	99
PID 1848 wrote to memory of 1408	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	99
PID 1848 wrote to memory of 4880	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	100
PID 1848 wrote to memory of 4880	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	100
PID 1848 wrote to memory of 1060	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	101
PID 1848 wrote to memory of 1060	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	101
PID 1848 wrote to memory of 2020	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	102
PID 1848 wrote to memory of 2020	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	102
PID 1848 wrote to memory of 2424	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	103
PID 1848 wrote to memory of 2424	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	103
PID 1848 wrote to memory of 2368	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	104
PID 1848 wrote to memory of 2368	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	104
PID 1848 wrote to memory of 2172	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	105
PID 1848 wrote to memory of 2172	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	105
PID 1848 wrote to memory of 2624	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	106
PID 1848 wrote to memory of 2624	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	106
PID 1848 wrote to memory of 3256	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	107
PID 1848 wrote to memory of 3256	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	107
PID 1848 wrote to memory of 3976	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	108
PID 1848 wrote to memory of 3976	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	108
PID 1848 wrote to memory of 632	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	109
PID 1848 wrote to memory of 632	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	109
PID 1848 wrote to memory of 2044	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	110
PID 1848 wrote to memory of 2044	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	110
PID 1848 wrote to memory of 4904	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	111
PID 1848 wrote to memory of 4904	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	111
PID 1848 wrote to memory of 2492	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	112
PID 1848 wrote to memory of 2492	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	112
PID 1848 wrote to memory of 4164	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	113
PID 1848 wrote to memory of 4164	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	113
PID 1848 wrote to memory of 2572	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	114
PID 1848 wrote to memory of 2572	1848	virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe	114

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:3580
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 3580 -s 2172
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:13288

C:\Users\Admin\AppData\Local\Temp\virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_bc3d24ff504a33f506a6bb780dc3df00.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\System32\gFqhxmI.exe
  C:\Windows\System32\gFqhxmI.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System32\JXimUXq.exe
  C:\Windows\System32\JXimUXq.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System32\HeFsKTJ.exe
  C:\Windows\System32\HeFsKTJ.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System32\QDQGSof.exe
  C:\Windows\System32\QDQGSof.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System32\TxZIgwT.exe
  C:\Windows\System32\TxZIgwT.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\NOhfHxj.exe
  C:\Windows\System32\NOhfHxj.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System32\lPFFxTk.exe
  C:\Windows\System32\lPFFxTk.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System32\SAtDpKU.exe
  C:\Windows\System32\SAtDpKU.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System32\wNDLJnl.exe
  C:\Windows\System32\wNDLJnl.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System32\IsLyQpN.exe
  C:\Windows\System32\IsLyQpN.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System32\FztuxBG.exe
  C:\Windows\System32\FztuxBG.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System32\phMKaCA.exe
  C:\Windows\System32\phMKaCA.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System32\LZyKcOD.exe
  C:\Windows\System32\LZyKcOD.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System32\HxYDGnF.exe
  C:\Windows\System32\HxYDGnF.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System32\pNcFjhO.exe
  C:\Windows\System32\pNcFjhO.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System32\eLxCfVm.exe
  C:\Windows\System32\eLxCfVm.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System32\yUOLNoS.exe
  C:\Windows\System32\yUOLNoS.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System32\PeFuXJv.exe
  C:\Windows\System32\PeFuXJv.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System32\bmlzqMW.exe
  C:\Windows\System32\bmlzqMW.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System32\EzgCrqK.exe
  C:\Windows\System32\EzgCrqK.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System32\NZsNINF.exe
  C:\Windows\System32\NZsNINF.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System32\ZIrsoKt.exe
  C:\Windows\System32\ZIrsoKt.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System32\qRnYuJq.exe
  C:\Windows\System32\qRnYuJq.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System32\MukfnDO.exe
  C:\Windows\System32\MukfnDO.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System32\oRPkeKs.exe
  C:\Windows\System32\oRPkeKs.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System32\qEgFDQT.exe
  C:\Windows\System32\qEgFDQT.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System32\UYElDxo.exe
  C:\Windows\System32\UYElDxo.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System32\AIKgPlw.exe
  C:\Windows\System32\AIKgPlw.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System32\dQYtehH.exe
  C:\Windows\System32\dQYtehH.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System32\jkHcFWI.exe
  C:\Windows\System32\jkHcFWI.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System32\xChqyIl.exe
  C:\Windows\System32\xChqyIl.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System32\jJuRyVR.exe
  C:\Windows\System32\jJuRyVR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System32\noKlwgR.exe
  C:\Windows\System32\noKlwgR.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System32\jAayOwK.exe
  C:\Windows\System32\jAayOwK.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System32\OIvMvFz.exe
  C:\Windows\System32\OIvMvFz.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System32\vaQpTNR.exe
  C:\Windows\System32\vaQpTNR.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System32\bpELNdK.exe
  C:\Windows\System32\bpELNdK.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System32\PWWEzFU.exe
  C:\Windows\System32\PWWEzFU.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System32\DdfpLhM.exe
  C:\Windows\System32\DdfpLhM.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System32\ilLMXwe.exe
  C:\Windows\System32\ilLMXwe.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System32\ydCFxRP.exe
  C:\Windows\System32\ydCFxRP.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System32\jRFLzHj.exe
  C:\Windows\System32\jRFLzHj.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System32\ZCjDDSH.exe
  C:\Windows\System32\ZCjDDSH.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System32\dLJTZVm.exe
  C:\Windows\System32\dLJTZVm.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System32\TCgqZqV.exe
  C:\Windows\System32\TCgqZqV.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System32\RSQafsX.exe
  C:\Windows\System32\RSQafsX.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System32\RCHUocd.exe
  C:\Windows\System32\RCHUocd.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System32\FiPhTqJ.exe
  C:\Windows\System32\FiPhTqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System32\QIBibQX.exe
  C:\Windows\System32\QIBibQX.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System32\QypezPl.exe
  C:\Windows\System32\QypezPl.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System32\KMtAjMm.exe
  C:\Windows\System32\KMtAjMm.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System32\wPAZdfM.exe
  C:\Windows\System32\wPAZdfM.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System32\fxsALxR.exe
  C:\Windows\System32\fxsALxR.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System32\vAYMuwq.exe
  C:\Windows\System32\vAYMuwq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System32\JKwdHDn.exe
  C:\Windows\System32\JKwdHDn.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System32\HKzLORp.exe
  C:\Windows\System32\HKzLORp.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System32\JiDhcWV.exe
  C:\Windows\System32\JiDhcWV.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System32\vQcmjvJ.exe
  C:\Windows\System32\vQcmjvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System32\PPUyKTy.exe
  C:\Windows\System32\PPUyKTy.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System32\PbZokPc.exe
  C:\Windows\System32\PbZokPc.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System32\pkWHRaX.exe
  C:\Windows\System32\pkWHRaX.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System32\dsitqca.exe
  C:\Windows\System32\dsitqca.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System32\abPomyU.exe
  C:\Windows\System32\abPomyU.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System32\YJQtQsN.exe
  C:\Windows\System32\YJQtQsN.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System32\SticjUk.exe
  C:\Windows\System32\SticjUk.exe
  2⤵
  PID:3004
- C:\Windows\System32\MXQleMV.exe
  C:\Windows\System32\MXQleMV.exe
  2⤵
  PID:1240
- C:\Windows\System32\bAPgZOo.exe
  C:\Windows\System32\bAPgZOo.exe
  2⤵
  PID:3776
- C:\Windows\System32\nrrAMVU.exe
  C:\Windows\System32\nrrAMVU.exe
  2⤵
  PID:1192
- C:\Windows\System32\dRJMXIE.exe
  C:\Windows\System32\dRJMXIE.exe
  2⤵
  PID:4936
- C:\Windows\System32\rnezOSG.exe
  C:\Windows\System32\rnezOSG.exe
  2⤵
  PID:3244
- C:\Windows\System32\NsIzKPx.exe
  C:\Windows\System32\NsIzKPx.exe
  2⤵
  PID:1364
- C:\Windows\System32\TXtCbya.exe
  C:\Windows\System32\TXtCbya.exe
  2⤵
  PID:4004
- C:\Windows\System32\zPAeWtH.exe
  C:\Windows\System32\zPAeWtH.exe
  2⤵
  PID:2536
- C:\Windows\System32\nlIxIoC.exe
  C:\Windows\System32\nlIxIoC.exe
  2⤵
  PID:2972
- C:\Windows\System32\QnCmLYs.exe
  C:\Windows\System32\QnCmLYs.exe
  2⤵
  PID:2652
- C:\Windows\System32\IdIhbdU.exe
  C:\Windows\System32\IdIhbdU.exe
  2⤵
  PID:3080
- C:\Windows\System32\PKQJolL.exe
  C:\Windows\System32\PKQJolL.exe
  2⤵
  PID:3348
- C:\Windows\System32\huDNkAP.exe
  C:\Windows\System32\huDNkAP.exe
  2⤵
  PID:3896
- C:\Windows\System32\IqeEKvL.exe
  C:\Windows\System32\IqeEKvL.exe
  2⤵
  PID:4716
- C:\Windows\System32\glNwFDV.exe
  C:\Windows\System32\glNwFDV.exe
  2⤵
  PID:3164
- C:\Windows\System32\qTxGTtw.exe
  C:\Windows\System32\qTxGTtw.exe
  2⤵
  PID:680
- C:\Windows\System32\GyFmLaA.exe
  C:\Windows\System32\GyFmLaA.exe
  2⤵
  PID:1772
- C:\Windows\System32\WhoOrRL.exe
  C:\Windows\System32\WhoOrRL.exe
  2⤵
  PID:4444
- C:\Windows\System32\jAVePkH.exe
  C:\Windows\System32\jAVePkH.exe
  2⤵
  PID:4428
- C:\Windows\System32\uHSgcwS.exe
  C:\Windows\System32\uHSgcwS.exe
  2⤵
  PID:1396
- C:\Windows\System32\ATVYrTH.exe
  C:\Windows\System32\ATVYrTH.exe
  2⤵
  PID:5136
- C:\Windows\System32\SCSzdJq.exe
  C:\Windows\System32\SCSzdJq.exe
  2⤵
  PID:5164
- C:\Windows\System32\FQimEuB.exe
  C:\Windows\System32\FQimEuB.exe
  2⤵
  PID:5192
- C:\Windows\System32\xfJzpMi.exe
  C:\Windows\System32\xfJzpMi.exe
  2⤵
  PID:5220
- C:\Windows\System32\mlxVPIx.exe
  C:\Windows\System32\mlxVPIx.exe
  2⤵
  PID:5248
- C:\Windows\System32\tgsvZhw.exe
  C:\Windows\System32\tgsvZhw.exe
  2⤵
  PID:5276
- C:\Windows\System32\asXTFIz.exe
  C:\Windows\System32\asXTFIz.exe
  2⤵
  PID:5304
- C:\Windows\System32\iEYYQHo.exe
  C:\Windows\System32\iEYYQHo.exe
  2⤵
  PID:5332
- C:\Windows\System32\DxyzkPZ.exe
  C:\Windows\System32\DxyzkPZ.exe
  2⤵
  PID:5360
- C:\Windows\System32\mmjhdqJ.exe
  C:\Windows\System32\mmjhdqJ.exe
  2⤵
  PID:5384
- C:\Windows\System32\ASLqyhp.exe
  C:\Windows\System32\ASLqyhp.exe
  2⤵
  PID:5416
- C:\Windows\System32\bUEyFSf.exe
  C:\Windows\System32\bUEyFSf.exe
  2⤵
  PID:5452
- C:\Windows\System32\tVjMDTq.exe
  C:\Windows\System32\tVjMDTq.exe
  2⤵
  PID:5472
- C:\Windows\System32\IqYXuqZ.exe
  C:\Windows\System32\IqYXuqZ.exe
  2⤵
  PID:5500
- C:\Windows\System32\HaxlTSZ.exe
  C:\Windows\System32\HaxlTSZ.exe
  2⤵
  PID:5524
- C:\Windows\System32\hXZbpod.exe
  C:\Windows\System32\hXZbpod.exe
  2⤵
  PID:5552
- C:\Windows\System32\HSeyomy.exe
  C:\Windows\System32\HSeyomy.exe
  2⤵
  PID:5580
- C:\Windows\System32\bHekwnK.exe
  C:\Windows\System32\bHekwnK.exe
  2⤵
  PID:5608
- C:\Windows\System32\yYiikIk.exe
  C:\Windows\System32\yYiikIk.exe
  2⤵
  PID:5640
- C:\Windows\System32\RofXTRK.exe
  C:\Windows\System32\RofXTRK.exe
  2⤵
  PID:5668
- C:\Windows\System32\TsvixqR.exe
  C:\Windows\System32\TsvixqR.exe
  2⤵
  PID:5696
- C:\Windows\System32\RsNkLgz.exe
  C:\Windows\System32\RsNkLgz.exe
  2⤵
  PID:5724
- C:\Windows\System32\IsRdzmu.exe
  C:\Windows\System32\IsRdzmu.exe
  2⤵
  PID:5752
- C:\Windows\System32\SUIsFKN.exe
  C:\Windows\System32\SUIsFKN.exe
  2⤵
  PID:5780
- C:\Windows\System32\SpOwZfh.exe
  C:\Windows\System32\SpOwZfh.exe
  2⤵
  PID:5808
- C:\Windows\System32\eCjRFyJ.exe
  C:\Windows\System32\eCjRFyJ.exe
  2⤵
  PID:5836
- C:\Windows\System32\jfYzPDO.exe
  C:\Windows\System32\jfYzPDO.exe
  2⤵
  PID:5860
- C:\Windows\System32\SODfcdg.exe
  C:\Windows\System32\SODfcdg.exe
  2⤵
  PID:5888
- C:\Windows\System32\CmNIbpu.exe
  C:\Windows\System32\CmNIbpu.exe
  2⤵
  PID:5920
- C:\Windows\System32\rXvRDrT.exe
  C:\Windows\System32\rXvRDrT.exe
  2⤵
  PID:5944
- C:\Windows\System32\YQODnpR.exe
  C:\Windows\System32\YQODnpR.exe
  2⤵
  PID:5976
- C:\Windows\System32\NRSoEyc.exe
  C:\Windows\System32\NRSoEyc.exe
  2⤵
  PID:6000
- C:\Windows\System32\MCzuUlT.exe
  C:\Windows\System32\MCzuUlT.exe
  2⤵
  PID:6032
- C:\Windows\System32\kMgNCGs.exe
  C:\Windows\System32\kMgNCGs.exe
  2⤵
  PID:6060
- C:\Windows\System32\DwMBPZk.exe
  C:\Windows\System32\DwMBPZk.exe
  2⤵
  PID:6084
- C:\Windows\System32\CdyULvA.exe
  C:\Windows\System32\CdyULvA.exe
  2⤵
  PID:6112
- C:\Windows\System32\wwqfJXR.exe
  C:\Windows\System32\wwqfJXR.exe
  2⤵
  PID:3232
- C:\Windows\System32\YxKAyLo.exe
  C:\Windows\System32\YxKAyLo.exe
  2⤵
  PID:840
- C:\Windows\System32\sYSDXkd.exe
  C:\Windows\System32\sYSDXkd.exe
  2⤵
  PID:3248
- C:\Windows\System32\sNhirGj.exe
  C:\Windows\System32\sNhirGj.exe
  2⤵
  PID:5240
- C:\Windows\System32\dDpzxbo.exe
  C:\Windows\System32\dDpzxbo.exe
  2⤵
  PID:5324
- C:\Windows\System32\gujRoMb.exe
  C:\Windows\System32\gujRoMb.exe
  2⤵
  PID:5344
- C:\Windows\System32\ngDCqQT.exe
  C:\Windows\System32\ngDCqQT.exe
  2⤵
  PID:5380
- C:\Windows\System32\EMNYWqh.exe
  C:\Windows\System32\EMNYWqh.exe
  2⤵
  PID:5436
- C:\Windows\System32\hcQmaou.exe
  C:\Windows\System32\hcQmaou.exe
  2⤵
  PID:5468
- C:\Windows\System32\BznWchy.exe
  C:\Windows\System32\BznWchy.exe
  2⤵
  PID:1288
- C:\Windows\System32\ZWBpmun.exe
  C:\Windows\System32\ZWBpmun.exe
  2⤵
  PID:5632
- C:\Windows\System32\cmaZQml.exe
  C:\Windows\System32\cmaZQml.exe
  2⤵
  PID:5676
- C:\Windows\System32\HyUbdcX.exe
  C:\Windows\System32\HyUbdcX.exe
  2⤵
  PID:5744
- C:\Windows\System32\FLSukkH.exe
  C:\Windows\System32\FLSukkH.exe
  2⤵
  PID:1484
- C:\Windows\System32\RyqvdYT.exe
  C:\Windows\System32\RyqvdYT.exe
  2⤵
  PID:5788
- C:\Windows\System32\xsigtsE.exe
  C:\Windows\System32\xsigtsE.exe
  2⤵
  PID:5844
- C:\Windows\System32\bykcsba.exe
  C:\Windows\System32\bykcsba.exe
  2⤵
  PID:3732
- C:\Windows\System32\xTJtYay.exe
  C:\Windows\System32\xTJtYay.exe
  2⤵
  PID:4092
- C:\Windows\System32\Hwsydkx.exe
  C:\Windows\System32\Hwsydkx.exe
  2⤵
  PID:5968
- C:\Windows\System32\lMnWbOK.exe
  C:\Windows\System32\lMnWbOK.exe
  2⤵
  PID:5984
- C:\Windows\System32\trSqjqW.exe
  C:\Windows\System32\trSqjqW.exe
  2⤵
  PID:6068
- C:\Windows\System32\jlhfSeL.exe
  C:\Windows\System32\jlhfSeL.exe
  2⤵
  PID:4688
- C:\Windows\System32\DILzXvo.exe
  C:\Windows\System32\DILzXvo.exe
  2⤵
  PID:4720
- C:\Windows\System32\JVdNKef.exe
  C:\Windows\System32\JVdNKef.exe
  2⤵
  PID:4520
- C:\Windows\System32\SWUzadJ.exe
  C:\Windows\System32\SWUzadJ.exe
  2⤵
  PID:3548
- C:\Windows\System32\BZROKBR.exe
  C:\Windows\System32\BZROKBR.exe
  2⤵
  PID:3356
- C:\Windows\System32\ZbpBgqH.exe
  C:\Windows\System32\ZbpBgqH.exe
  2⤵
  PID:1784
- C:\Windows\System32\YmxUzRL.exe
  C:\Windows\System32\YmxUzRL.exe
  2⤵
  PID:3088
- C:\Windows\System32\nxvcrkC.exe
  C:\Windows\System32\nxvcrkC.exe
  2⤵
  PID:1360
- C:\Windows\System32\AJuGkaU.exe
  C:\Windows\System32\AJuGkaU.exe
  2⤵
  PID:3268
- C:\Windows\System32\bejXcjf.exe
  C:\Windows\System32\bejXcjf.exe
  2⤵
  PID:5156
- C:\Windows\System32\iwQOArG.exe
  C:\Windows\System32\iwQOArG.exe
  2⤵
  PID:4628
- C:\Windows\System32\IDwKvAU.exe
  C:\Windows\System32\IDwKvAU.exe
  2⤵
  PID:1196
- C:\Windows\System32\PxyDGAl.exe
  C:\Windows\System32\PxyDGAl.exe
  2⤵
  PID:5372
- C:\Windows\System32\oyoeVQM.exe
  C:\Windows\System32\oyoeVQM.exe
  2⤵
  PID:5312
- C:\Windows\System32\rxZFOJV.exe
  C:\Windows\System32\rxZFOJV.exe
  2⤵
  PID:5424
- C:\Windows\System32\Cleakko.exe
  C:\Windows\System32\Cleakko.exe
  2⤵
  PID:5816
- C:\Windows\System32\LoSDhoT.exe
  C:\Windows\System32\LoSDhoT.exe
  2⤵
  PID:800
- C:\Windows\System32\PHnxKUw.exe
  C:\Windows\System32\PHnxKUw.exe
  2⤵
  PID:5868
- C:\Windows\System32\ZqqUCkg.exe
  C:\Windows\System32\ZqqUCkg.exe
  2⤵
  PID:6044
- C:\Windows\System32\suazboC.exe
  C:\Windows\System32\suazboC.exe
  2⤵
  PID:5940
- C:\Windows\System32\cZbgYuX.exe
  C:\Windows\System32\cZbgYuX.exe
  2⤵
  PID:2148
- C:\Windows\System32\rohcJkH.exe
  C:\Windows\System32\rohcJkH.exe
  2⤵
  PID:5400
- C:\Windows\System32\ZysVYms.exe
  C:\Windows\System32\ZysVYms.exe
  2⤵
  PID:4404
- C:\Windows\System32\JAikqBi.exe
  C:\Windows\System32\JAikqBi.exe
  2⤵
  PID:5732
- C:\Windows\System32\ngJuSKR.exe
  C:\Windows\System32\ngJuSKR.exe
  2⤵
  PID:6100
- C:\Windows\System32\CMKCtEt.exe
  C:\Windows\System32\CMKCtEt.exe
  2⤵
  PID:3704
- C:\Windows\System32\ifFxDqE.exe
  C:\Windows\System32\ifFxDqE.exe
  2⤵
  PID:4684
- C:\Windows\System32\vovbCoI.exe
  C:\Windows\System32\vovbCoI.exe
  2⤵
  PID:4168
- C:\Windows\System32\eLRHaGg.exe
  C:\Windows\System32\eLRHaGg.exe
  2⤵
  PID:5568
- C:\Windows\System32\iEluxcN.exe
  C:\Windows\System32\iEluxcN.exe
  2⤵
  PID:2628
- C:\Windows\System32\WyzXjJE.exe
  C:\Windows\System32\WyzXjJE.exe
  2⤵
  PID:6184
- C:\Windows\System32\ePJFEbB.exe
  C:\Windows\System32\ePJFEbB.exe
  2⤵
  PID:6204
- C:\Windows\System32\CEsaEyc.exe
  C:\Windows\System32\CEsaEyc.exe
  2⤵
  PID:6228
- C:\Windows\System32\MpsreiE.exe
  C:\Windows\System32\MpsreiE.exe
  2⤵
  PID:6288
- C:\Windows\System32\ePUsVvn.exe
  C:\Windows\System32\ePUsVvn.exe
  2⤵
  PID:6308
- C:\Windows\System32\tvnQKmj.exe
  C:\Windows\System32\tvnQKmj.exe
  2⤵
  PID:6336
- C:\Windows\System32\lUShasV.exe
  C:\Windows\System32\lUShasV.exe
  2⤵
  PID:6372
- C:\Windows\System32\EnFsfQI.exe
  C:\Windows\System32\EnFsfQI.exe
  2⤵
  PID:6388
- C:\Windows\System32\gPaBlPD.exe
  C:\Windows\System32\gPaBlPD.exe
  2⤵
  PID:6408
- C:\Windows\System32\IMDDjTC.exe
  C:\Windows\System32\IMDDjTC.exe
  2⤵
  PID:6428
- C:\Windows\System32\WsIkmRj.exe
  C:\Windows\System32\WsIkmRj.exe
  2⤵
  PID:6456
- C:\Windows\System32\IXDlWMT.exe
  C:\Windows\System32\IXDlWMT.exe
  2⤵
  PID:6476
- C:\Windows\System32\uTcSIAd.exe
  C:\Windows\System32\uTcSIAd.exe
  2⤵
  PID:6496
- C:\Windows\System32\CDilyOa.exe
  C:\Windows\System32\CDilyOa.exe
  2⤵
  PID:6516
- C:\Windows\System32\CgJtNxW.exe
  C:\Windows\System32\CgJtNxW.exe
  2⤵
  PID:6532
- C:\Windows\System32\BXGZHaX.exe
  C:\Windows\System32\BXGZHaX.exe
  2⤵
  PID:6560
- C:\Windows\System32\UOeBFMU.exe
  C:\Windows\System32\UOeBFMU.exe
  2⤵
  PID:6584
- C:\Windows\System32\DElmabc.exe
  C:\Windows\System32\DElmabc.exe
  2⤵
  PID:6604
- C:\Windows\System32\eDcBCSI.exe
  C:\Windows\System32\eDcBCSI.exe
  2⤵
  PID:6680
- C:\Windows\System32\SYPKres.exe
  C:\Windows\System32\SYPKres.exe
  2⤵
  PID:6712
- C:\Windows\System32\UmxCtJo.exe
  C:\Windows\System32\UmxCtJo.exe
  2⤵
  PID:6732
- C:\Windows\System32\auOcGCe.exe
  C:\Windows\System32\auOcGCe.exe
  2⤵
  PID:6776
- C:\Windows\System32\nGFxypI.exe
  C:\Windows\System32\nGFxypI.exe
  2⤵
  PID:6828
- C:\Windows\System32\OUcnuIM.exe
  C:\Windows\System32\OUcnuIM.exe
  2⤵
  PID:6848
- C:\Windows\System32\UoSoInu.exe
  C:\Windows\System32\UoSoInu.exe
  2⤵
  PID:6864
- C:\Windows\System32\vwmHKDL.exe
  C:\Windows\System32\vwmHKDL.exe
  2⤵
  PID:6888
- C:\Windows\System32\gNFfDRs.exe
  C:\Windows\System32\gNFfDRs.exe
  2⤵
  PID:6908
- C:\Windows\System32\xaOtZkl.exe
  C:\Windows\System32\xaOtZkl.exe
  2⤵
  PID:6928
- C:\Windows\System32\NMXJhvy.exe
  C:\Windows\System32\NMXJhvy.exe
  2⤵
  PID:6968
- C:\Windows\System32\cUpabMe.exe
  C:\Windows\System32\cUpabMe.exe
  2⤵
  PID:7000
- C:\Windows\System32\WpKlRHI.exe
  C:\Windows\System32\WpKlRHI.exe
  2⤵
  PID:7020
- C:\Windows\System32\UFIMkgB.exe
  C:\Windows\System32\UFIMkgB.exe
  2⤵
  PID:7036
- C:\Windows\System32\XWMIlzK.exe
  C:\Windows\System32\XWMIlzK.exe
  2⤵
  PID:7088
- C:\Windows\System32\BGYIGkL.exe
  C:\Windows\System32\BGYIGkL.exe
  2⤵
  PID:7124
- C:\Windows\System32\QPEVvOJ.exe
  C:\Windows\System32\QPEVvOJ.exe
  2⤵
  PID:7140
- C:\Windows\System32\IcvQkSk.exe
  C:\Windows\System32\IcvQkSk.exe
  2⤵
  PID:7164
- C:\Windows\System32\ztxEGod.exe
  C:\Windows\System32\ztxEGod.exe
  2⤵
  PID:6148
- C:\Windows\System32\kDlDNTz.exe
  C:\Windows\System32\kDlDNTz.exe
  2⤵
  PID:6252
- C:\Windows\System32\uuAMBfi.exe
  C:\Windows\System32\uuAMBfi.exe
  2⤵
  PID:6360
- C:\Windows\System32\CaCAyWQ.exe
  C:\Windows\System32\CaCAyWQ.exe
  2⤵
  PID:6472
- C:\Windows\System32\AeWulhY.exe
  C:\Windows\System32\AeWulhY.exe
  2⤵
  PID:6436
- C:\Windows\System32\AylXUSU.exe
  C:\Windows\System32\AylXUSU.exe
  2⤵
  PID:6464
- C:\Windows\System32\uiuhMrN.exe
  C:\Windows\System32\uiuhMrN.exe
  2⤵
  PID:6600
- C:\Windows\System32\TdVqXEm.exe
  C:\Windows\System32\TdVqXEm.exe
  2⤵
  PID:6548
- C:\Windows\System32\mnbIZes.exe
  C:\Windows\System32\mnbIZes.exe
  2⤵
  PID:6724
- C:\Windows\System32\uZpNmJC.exe
  C:\Windows\System32\uZpNmJC.exe
  2⤵
  PID:6740
- C:\Windows\System32\WOucOZl.exe
  C:\Windows\System32\WOucOZl.exe
  2⤵
  PID:6728
- C:\Windows\System32\IfVMhEY.exe
  C:\Windows\System32\IfVMhEY.exe
  2⤵
  PID:6820
- C:\Windows\System32\WPZrnRm.exe
  C:\Windows\System32\WPZrnRm.exe
  2⤵
  PID:6956
- C:\Windows\System32\oQesxqF.exe
  C:\Windows\System32\oQesxqF.exe
  2⤵
  PID:6920
- C:\Windows\System32\WEdufrn.exe
  C:\Windows\System32\WEdufrn.exe
  2⤵
  PID:7068
- C:\Windows\System32\bdkFsFg.exe
  C:\Windows\System32\bdkFsFg.exe
  2⤵
  PID:7160
- C:\Windows\System32\TrAwoYG.exe
  C:\Windows\System32\TrAwoYG.exe
  2⤵
  PID:6200
- C:\Windows\System32\vEXlnEy.exe
  C:\Windows\System32\vEXlnEy.exe
  2⤵
  PID:5204
- C:\Windows\System32\RxJqGgi.exe
  C:\Windows\System32\RxJqGgi.exe
  2⤵
  PID:4068
- C:\Windows\System32\aVCkHST.exe
  C:\Windows\System32\aVCkHST.exe
  2⤵
  PID:6640
- C:\Windows\System32\uKZlejn.exe
  C:\Windows\System32\uKZlejn.exe
  2⤵
  PID:6880
- C:\Windows\System32\ClGlWAt.exe
  C:\Windows\System32\ClGlWAt.exe
  2⤵
  PID:6788
- C:\Windows\System32\lvIzCSP.exe
  C:\Windows\System32\lvIzCSP.exe
  2⤵
  PID:7048
- C:\Windows\System32\QoZLJez.exe
  C:\Windows\System32\QoZLJez.exe
  2⤵
  PID:6440
- C:\Windows\System32\vQqObcr.exe
  C:\Windows\System32\vQqObcr.exe
  2⤵
  PID:6824
- C:\Windows\System32\xwZFSEC.exe
  C:\Windows\System32\xwZFSEC.exe
  2⤵
  PID:6420
- C:\Windows\System32\NHTYIak.exe
  C:\Windows\System32\NHTYIak.exe
  2⤵
  PID:408
- C:\Windows\System32\nWtXduW.exe
  C:\Windows\System32\nWtXduW.exe
  2⤵
  PID:7184
- C:\Windows\System32\AIvwJTE.exe
  C:\Windows\System32\AIvwJTE.exe
  2⤵
  PID:7204
- C:\Windows\System32\hvcqFno.exe
  C:\Windows\System32\hvcqFno.exe
  2⤵
  PID:7252
- C:\Windows\System32\FqQiHuF.exe
  C:\Windows\System32\FqQiHuF.exe
  2⤵
  PID:7280
- C:\Windows\System32\NHRdlsh.exe
  C:\Windows\System32\NHRdlsh.exe
  2⤵
  PID:7296
- C:\Windows\System32\uzaRUKE.exe
  C:\Windows\System32\uzaRUKE.exe
  2⤵
  PID:7316
- C:\Windows\System32\VEbqIKk.exe
  C:\Windows\System32\VEbqIKk.exe
  2⤵
  PID:7340
- C:\Windows\System32\sgkZorq.exe
  C:\Windows\System32\sgkZorq.exe
  2⤵
  PID:7392
- C:\Windows\System32\iYIpvsw.exe
  C:\Windows\System32\iYIpvsw.exe
  2⤵
  PID:7420
- C:\Windows\System32\IthEtKe.exe
  C:\Windows\System32\IthEtKe.exe
  2⤵
  PID:7452
- C:\Windows\System32\MDrIaNP.exe
  C:\Windows\System32\MDrIaNP.exe
  2⤵
  PID:7472
- C:\Windows\System32\nTwmjcN.exe
  C:\Windows\System32\nTwmjcN.exe
  2⤵
  PID:7492
- C:\Windows\System32\ieEfhOl.exe
  C:\Windows\System32\ieEfhOl.exe
  2⤵
  PID:7512
- C:\Windows\System32\dwTlZGY.exe
  C:\Windows\System32\dwTlZGY.exe
  2⤵
  PID:7560
- C:\Windows\System32\JUMRana.exe
  C:\Windows\System32\JUMRana.exe
  2⤵
  PID:7576
- C:\Windows\System32\awmnfud.exe
  C:\Windows\System32\awmnfud.exe
  2⤵
  PID:7604
- C:\Windows\System32\VNQXAtn.exe
  C:\Windows\System32\VNQXAtn.exe
  2⤵
  PID:7668
- C:\Windows\System32\OEFXtdF.exe
  C:\Windows\System32\OEFXtdF.exe
  2⤵
  PID:7688
- C:\Windows\System32\FwdwjPa.exe
  C:\Windows\System32\FwdwjPa.exe
  2⤵
  PID:7704
- C:\Windows\System32\bXkZiRX.exe
  C:\Windows\System32\bXkZiRX.exe
  2⤵
  PID:7724
- C:\Windows\System32\mgGrzGS.exe
  C:\Windows\System32\mgGrzGS.exe
  2⤵
  PID:7752
- C:\Windows\System32\beppuFG.exe
  C:\Windows\System32\beppuFG.exe
  2⤵
  PID:7776
- C:\Windows\System32\gMqJJEi.exe
  C:\Windows\System32\gMqJJEi.exe
  2⤵
  PID:7828
- C:\Windows\System32\eqWrDIT.exe
  C:\Windows\System32\eqWrDIT.exe
  2⤵
  PID:7844
- C:\Windows\System32\XIXbDHQ.exe
  C:\Windows\System32\XIXbDHQ.exe
  2⤵
  PID:7864
- C:\Windows\System32\OOswsjD.exe
  C:\Windows\System32\OOswsjD.exe
  2⤵
  PID:7888
- C:\Windows\System32\ackOoKI.exe
  C:\Windows\System32\ackOoKI.exe
  2⤵
  PID:7912
- C:\Windows\System32\ixQJvDj.exe
  C:\Windows\System32\ixQJvDj.exe
  2⤵
  PID:7928
- C:\Windows\System32\hLESsUD.exe
  C:\Windows\System32\hLESsUD.exe
  2⤵
  PID:7952
- C:\Windows\System32\WCFjtff.exe
  C:\Windows\System32\WCFjtff.exe
  2⤵
  PID:8000
- C:\Windows\System32\WXwltkj.exe
  C:\Windows\System32\WXwltkj.exe
  2⤵
  PID:8016
- C:\Windows\System32\hmpqpKW.exe
  C:\Windows\System32\hmpqpKW.exe
  2⤵
  PID:8056
- C:\Windows\System32\RpIJYZj.exe
  C:\Windows\System32\RpIJYZj.exe
  2⤵
  PID:8120
- C:\Windows\System32\flUomJS.exe
  C:\Windows\System32\flUomJS.exe
  2⤵
  PID:8136
- C:\Windows\System32\rnjwrGX.exe
  C:\Windows\System32\rnjwrGX.exe
  2⤵
  PID:8160
- C:\Windows\System32\NgSshCk.exe
  C:\Windows\System32\NgSshCk.exe
  2⤵
  PID:8176
- C:\Windows\System32\CtFHUHs.exe
  C:\Windows\System32\CtFHUHs.exe
  2⤵
  PID:7176
- C:\Windows\System32\AgBzTnu.exe
  C:\Windows\System32\AgBzTnu.exe
  2⤵
  PID:7236
- C:\Windows\System32\TpYfGwU.exe
  C:\Windows\System32\TpYfGwU.exe
  2⤵
  PID:7292
- C:\Windows\System32\QPVsDcs.exe
  C:\Windows\System32\QPVsDcs.exe
  2⤵
  PID:7328
- C:\Windows\System32\uOPbhSA.exe
  C:\Windows\System32\uOPbhSA.exe
  2⤵
  PID:7324
- C:\Windows\System32\FiOmvjl.exe
  C:\Windows\System32\FiOmvjl.exe
  2⤵
  PID:7404
- C:\Windows\System32\dpDGegB.exe
  C:\Windows\System32\dpDGegB.exe
  2⤵
  PID:7508
- C:\Windows\System32\bCuPaZr.exe
  C:\Windows\System32\bCuPaZr.exe
  2⤵
  PID:7592
- C:\Windows\System32\cxxjBiJ.exe
  C:\Windows\System32\cxxjBiJ.exe
  2⤵
  PID:7632
- C:\Windows\System32\INlDIrA.exe
  C:\Windows\System32\INlDIrA.exe
  2⤵
  PID:7696
- C:\Windows\System32\WkwyPVx.exe
  C:\Windows\System32\WkwyPVx.exe
  2⤵
  PID:7808
- C:\Windows\System32\OYxLyWV.exe
  C:\Windows\System32\OYxLyWV.exe
  2⤵
  PID:7836
- C:\Windows\System32\PyaejsZ.exe
  C:\Windows\System32\PyaejsZ.exe
  2⤵
  PID:7856
- C:\Windows\System32\rFMbHfX.exe
  C:\Windows\System32\rFMbHfX.exe
  2⤵
  PID:7936
- C:\Windows\System32\OFqRotM.exe
  C:\Windows\System32\OFqRotM.exe
  2⤵
  PID:8008
- C:\Windows\System32\grDApKt.exe
  C:\Windows\System32\grDApKt.exe
  2⤵
  PID:8100
- C:\Windows\System32\gIgXqxb.exe
  C:\Windows\System32\gIgXqxb.exe
  2⤵
  PID:8184
- C:\Windows\System32\ADKJkML.exe
  C:\Windows\System32\ADKJkML.exe
  2⤵
  PID:7196
- C:\Windows\System32\MPXoBSa.exe
  C:\Windows\System32\MPXoBSa.exe
  2⤵
  PID:7264
- C:\Windows\System32\zFYSqgI.exe
  C:\Windows\System32\zFYSqgI.exe
  2⤵
  PID:7432
- C:\Windows\System32\kpruOVC.exe
  C:\Windows\System32\kpruOVC.exe
  2⤵
  PID:7544
- C:\Windows\System32\sXEmjWj.exe
  C:\Windows\System32\sXEmjWj.exe
  2⤵
  PID:7616
- C:\Windows\System32\jtyKSbu.exe
  C:\Windows\System32\jtyKSbu.exe
  2⤵
  PID:7920
- C:\Windows\System32\PtXwzKX.exe
  C:\Windows\System32\PtXwzKX.exe
  2⤵
  PID:3528
- C:\Windows\System32\fxqOgaN.exe
  C:\Windows\System32\fxqOgaN.exe
  2⤵
  PID:8148
- C:\Windows\System32\CPsLkyd.exe
  C:\Windows\System32\CPsLkyd.exe
  2⤵
  PID:7444
- C:\Windows\System32\olChSbt.exe
  C:\Windows\System32\olChSbt.exe
  2⤵
  PID:7840
- C:\Windows\System32\cPHbyxk.exe
  C:\Windows\System32\cPHbyxk.exe
  2⤵
  PID:7488
- C:\Windows\System32\rfVAyJF.exe
  C:\Windows\System32\rfVAyJF.exe
  2⤵
  PID:8068
- C:\Windows\System32\awyveXM.exe
  C:\Windows\System32\awyveXM.exe
  2⤵
  PID:7504
- C:\Windows\System32\zKvTOEN.exe
  C:\Windows\System32\zKvTOEN.exe
  2⤵
  PID:8196
- C:\Windows\System32\zehykiI.exe
  C:\Windows\System32\zehykiI.exe
  2⤵
  PID:8232
- C:\Windows\System32\TNkkvxf.exe
  C:\Windows\System32\TNkkvxf.exe
  2⤵
  PID:8272
- C:\Windows\System32\FxQJAJT.exe
  C:\Windows\System32\FxQJAJT.exe
  2⤵
  PID:8308
- C:\Windows\System32\CSFuFMS.exe
  C:\Windows\System32\CSFuFMS.exe
  2⤵
  PID:8340
- C:\Windows\System32\QaksJCg.exe
  C:\Windows\System32\QaksJCg.exe
  2⤵
  PID:8360
- C:\Windows\System32\UEvytEz.exe
  C:\Windows\System32\UEvytEz.exe
  2⤵
  PID:8404
- C:\Windows\System32\ybSIEES.exe
  C:\Windows\System32\ybSIEES.exe
  2⤵
  PID:8452
- C:\Windows\System32\OWIpPEi.exe
  C:\Windows\System32\OWIpPEi.exe
  2⤵
  PID:8472
- C:\Windows\System32\EckwxlM.exe
  C:\Windows\System32\EckwxlM.exe
  2⤵
  PID:8488
- C:\Windows\System32\BmYWXaQ.exe
  C:\Windows\System32\BmYWXaQ.exe
  2⤵
  PID:8512
- C:\Windows\System32\wHejcMl.exe
  C:\Windows\System32\wHejcMl.exe
  2⤵
  PID:8536
- C:\Windows\System32\xZIyNGL.exe
  C:\Windows\System32\xZIyNGL.exe
  2⤵
  PID:8556
- C:\Windows\System32\TouPIhv.exe
  C:\Windows\System32\TouPIhv.exe
  2⤵
  PID:8580
- C:\Windows\System32\LmtBGMR.exe
  C:\Windows\System32\LmtBGMR.exe
  2⤵
  PID:8644
- C:\Windows\System32\xGuytda.exe
  C:\Windows\System32\xGuytda.exe
  2⤵
  PID:8668
- C:\Windows\System32\WKlpCUD.exe
  C:\Windows\System32\WKlpCUD.exe
  2⤵
  PID:8684
- C:\Windows\System32\LKFpfFh.exe
  C:\Windows\System32\LKFpfFh.exe
  2⤵
  PID:8708
- C:\Windows\System32\AFDOaao.exe
  C:\Windows\System32\AFDOaao.exe
  2⤵
  PID:8792
- C:\Windows\System32\qFhrAxG.exe
  C:\Windows\System32\qFhrAxG.exe
  2⤵
  PID:8832
- C:\Windows\System32\wfBLrjO.exe
  C:\Windows\System32\wfBLrjO.exe
  2⤵
  PID:8872
- C:\Windows\System32\PjUdTyu.exe
  C:\Windows\System32\PjUdTyu.exe
  2⤵
  PID:8924
- C:\Windows\System32\mTKsxah.exe
  C:\Windows\System32\mTKsxah.exe
  2⤵
  PID:8980
- C:\Windows\System32\ExlmHat.exe
  C:\Windows\System32\ExlmHat.exe
  2⤵
  PID:8996
- C:\Windows\System32\wjvNESQ.exe
  C:\Windows\System32\wjvNESQ.exe
  2⤵
  PID:9012
- C:\Windows\System32\jBHyRaE.exe
  C:\Windows\System32\jBHyRaE.exe
  2⤵
  PID:9044
- C:\Windows\System32\ygIPHNx.exe
  C:\Windows\System32\ygIPHNx.exe
  2⤵
  PID:9108
- C:\Windows\System32\tjDjXEx.exe
  C:\Windows\System32\tjDjXEx.exe
  2⤵
  PID:9136
- C:\Windows\System32\CemuyiY.exe
  C:\Windows\System32\CemuyiY.exe
  2⤵
  PID:9160
- C:\Windows\System32\hJqCMkd.exe
  C:\Windows\System32\hJqCMkd.exe
  2⤵
  PID:9192
- C:\Windows\System32\ZzsyqCf.exe
  C:\Windows\System32\ZzsyqCf.exe
  2⤵
  PID:9208
- C:\Windows\System32\AUONLbr.exe
  C:\Windows\System32\AUONLbr.exe
  2⤵
  PID:7136
- C:\Windows\System32\FrKlqRN.exe
  C:\Windows\System32\FrKlqRN.exe
  2⤵
  PID:8212
- C:\Windows\System32\MzRtwna.exe
  C:\Windows\System32\MzRtwna.exe
  2⤵
  PID:8280
- C:\Windows\System32\gCmXIPv.exe
  C:\Windows\System32\gCmXIPv.exe
  2⤵
  PID:8296
- C:\Windows\System32\shZBKHM.exe
  C:\Windows\System32\shZBKHM.exe
  2⤵
  PID:8460
- C:\Windows\System32\ibZdrMt.exe
  C:\Windows\System32\ibZdrMt.exe
  2⤵
  PID:8520
- C:\Windows\System32\OBgtIIm.exe
  C:\Windows\System32\OBgtIIm.exe
  2⤵
  PID:8572
- C:\Windows\System32\deIySeS.exe
  C:\Windows\System32\deIySeS.exe
  2⤵
  PID:8656
- C:\Windows\System32\XLgrPkH.exe
  C:\Windows\System32\XLgrPkH.exe
  2⤵
  PID:8740
- C:\Windows\System32\hLVJyDn.exe
  C:\Windows\System32\hLVJyDn.exe
  2⤵
  PID:4748
- C:\Windows\System32\npulgkX.exe
  C:\Windows\System32\npulgkX.exe
  2⤵
  PID:8812
- C:\Windows\System32\dhAdesI.exe
  C:\Windows\System32\dhAdesI.exe
  2⤵
  PID:8744
- C:\Windows\System32\iJYIDDu.exe
  C:\Windows\System32\iJYIDDu.exe
  2⤵
  PID:8784
- C:\Windows\System32\KvRokgc.exe
  C:\Windows\System32\KvRokgc.exe
  2⤵
  PID:8860
- C:\Windows\System32\MLZIVEC.exe
  C:\Windows\System32\MLZIVEC.exe
  2⤵
  PID:8884
- C:\Windows\System32\ygQMpaw.exe
  C:\Windows\System32\ygQMpaw.exe
  2⤵
  PID:8936
- C:\Windows\System32\ATQtOcE.exe
  C:\Windows\System32\ATQtOcE.exe
  2⤵
  PID:9056
- C:\Windows\System32\GdSnnlK.exe
  C:\Windows\System32\GdSnnlK.exe
  2⤵
  PID:9120
- C:\Windows\System32\iROKEaO.exe
  C:\Windows\System32\iROKEaO.exe
  2⤵
  PID:9168
- C:\Windows\System32\GrWXHYT.exe
  C:\Windows\System32\GrWXHYT.exe
  2⤵
  PID:9200
- C:\Windows\System32\wlktgku.exe
  C:\Windows\System32\wlktgku.exe
  2⤵
  PID:8328
- C:\Windows\System32\miBtCbT.exe
  C:\Windows\System32\miBtCbT.exe
  2⤵
  PID:8468
- C:\Windows\System32\KCOAqnb.exe
  C:\Windows\System32\KCOAqnb.exe
  2⤵
  PID:8632
- C:\Windows\System32\pfoQbtK.exe
  C:\Windows\System32\pfoQbtK.exe
  2⤵
  PID:8768
- C:\Windows\System32\DsREnby.exe
  C:\Windows\System32\DsREnby.exe
  2⤵
  PID:8808
- C:\Windows\System32\zvWncEU.exe
  C:\Windows\System32\zvWncEU.exe
  2⤵
  PID:8912
- C:\Windows\System32\DNWJZjl.exe
  C:\Windows\System32\DNWJZjl.exe
  2⤵
  PID:8992
- C:\Windows\System32\zjZyidT.exe
  C:\Windows\System32\zjZyidT.exe
  2⤵
  PID:9132
- C:\Windows\System32\VpmUbhB.exe
  C:\Windows\System32\VpmUbhB.exe
  2⤵
  PID:8320
- C:\Windows\System32\EbkHdsX.exe
  C:\Windows\System32\EbkHdsX.exe
  2⤵
  PID:8700
- C:\Windows\System32\VMtfCON.exe
  C:\Windows\System32\VMtfCON.exe
  2⤵
  PID:8892
- C:\Windows\System32\yDmNQcW.exe
  C:\Windows\System32\yDmNQcW.exe
  2⤵
  PID:9032
- C:\Windows\System32\SEbXFGt.exe
  C:\Windows\System32\SEbXFGt.exe
  2⤵
  PID:8804
- C:\Windows\System32\JXWbNCT.exe
  C:\Windows\System32\JXWbNCT.exe
  2⤵
  PID:8568
- C:\Windows\System32\dIyeybV.exe
  C:\Windows\System32\dIyeybV.exe
  2⤵
  PID:9256
- C:\Windows\System32\GtmVzwV.exe
  C:\Windows\System32\GtmVzwV.exe
  2⤵
  PID:9292
- C:\Windows\System32\fuPNths.exe
  C:\Windows\System32\fuPNths.exe
  2⤵
  PID:9320
- C:\Windows\System32\IIRzNYP.exe
  C:\Windows\System32\IIRzNYP.exe
  2⤵
  PID:9352
- C:\Windows\System32\mQvAWje.exe
  C:\Windows\System32\mQvAWje.exe
  2⤵
  PID:9368
- C:\Windows\System32\BTeCYRU.exe
  C:\Windows\System32\BTeCYRU.exe
  2⤵
  PID:9408
- C:\Windows\System32\IXoCakt.exe
  C:\Windows\System32\IXoCakt.exe
  2⤵
  PID:9436
- C:\Windows\System32\vTwudDb.exe
  C:\Windows\System32\vTwudDb.exe
  2⤵
  PID:9460
- C:\Windows\System32\bcoyEaF.exe
  C:\Windows\System32\bcoyEaF.exe
  2⤵
  PID:9484
- C:\Windows\System32\RLhPXFg.exe
  C:\Windows\System32\RLhPXFg.exe
  2⤵
  PID:9520
- C:\Windows\System32\hxNAsjU.exe
  C:\Windows\System32\hxNAsjU.exe
  2⤵
  PID:9540
- C:\Windows\System32\STqtggb.exe
  C:\Windows\System32\STqtggb.exe
  2⤵
  PID:9588
- C:\Windows\System32\thosELm.exe
  C:\Windows\System32\thosELm.exe
  2⤵
  PID:9616
- C:\Windows\System32\pNOSVre.exe
  C:\Windows\System32\pNOSVre.exe
  2⤵
  PID:9640
- C:\Windows\System32\Ehharcz.exe
  C:\Windows\System32\Ehharcz.exe
  2⤵
  PID:9660
- C:\Windows\System32\SoFuOGF.exe
  C:\Windows\System32\SoFuOGF.exe
  2⤵
  PID:9676
- C:\Windows\System32\WrKNtSo.exe
  C:\Windows\System32\WrKNtSo.exe
  2⤵
  PID:9692
- C:\Windows\System32\fmCylEe.exe
  C:\Windows\System32\fmCylEe.exe
  2⤵
  PID:9756
- C:\Windows\System32\AeWtwGf.exe
  C:\Windows\System32\AeWtwGf.exe
  2⤵
  PID:9772
- C:\Windows\System32\MXWKQeT.exe
  C:\Windows\System32\MXWKQeT.exe
  2⤵
  PID:9792
- C:\Windows\System32\ZYlSzPR.exe
  C:\Windows\System32\ZYlSzPR.exe
  2⤵
  PID:9816
- C:\Windows\System32\RwdooGV.exe
  C:\Windows\System32\RwdooGV.exe
  2⤵
  PID:9836
- C:\Windows\System32\UUnhdHW.exe
  C:\Windows\System32\UUnhdHW.exe
  2⤵
  PID:9872
- C:\Windows\System32\yxRLQbK.exe
  C:\Windows\System32\yxRLQbK.exe
  2⤵
  PID:9904
- C:\Windows\System32\zOzbztn.exe
  C:\Windows\System32\zOzbztn.exe
  2⤵
  PID:9920
- C:\Windows\System32\VqKuVav.exe
  C:\Windows\System32\VqKuVav.exe
  2⤵
  PID:9944
- C:\Windows\System32\XidMShq.exe
  C:\Windows\System32\XidMShq.exe
  2⤵
  PID:9964
- C:\Windows\System32\WyeQOnM.exe
  C:\Windows\System32\WyeQOnM.exe
  2⤵
  PID:10004
- C:\Windows\System32\nUdeWRI.exe
  C:\Windows\System32\nUdeWRI.exe
  2⤵
  PID:10028
- C:\Windows\System32\nAtWoUl.exe
  C:\Windows\System32\nAtWoUl.exe
  2⤵
  PID:10076
- C:\Windows\System32\WhJgSrf.exe
  C:\Windows\System32\WhJgSrf.exe
  2⤵
  PID:10108
- C:\Windows\System32\SSBtlhJ.exe
  C:\Windows\System32\SSBtlhJ.exe
  2⤵
  PID:10128
- C:\Windows\System32\Ltcjggy.exe
  C:\Windows\System32\Ltcjggy.exe
  2⤵
  PID:10164
- C:\Windows\System32\obEMiZX.exe
  C:\Windows\System32\obEMiZX.exe
  2⤵
  PID:10188
- C:\Windows\System32\IdpaJPc.exe
  C:\Windows\System32\IdpaJPc.exe
  2⤵
  PID:10208
- C:\Windows\System32\XegxryT.exe
  C:\Windows\System32\XegxryT.exe
  2⤵
  PID:9088
- C:\Windows\System32\vLRkcOk.exe
  C:\Windows\System32\vLRkcOk.exe
  2⤵
  PID:9272
- C:\Windows\System32\Qchwvvi.exe
  C:\Windows\System32\Qchwvvi.exe
  2⤵
  PID:9300
- C:\Windows\System32\StwmvQQ.exe
  C:\Windows\System32\StwmvQQ.exe
  2⤵
  PID:9404
- C:\Windows\System32\gXIbSPL.exe
  C:\Windows\System32\gXIbSPL.exe
  2⤵
  PID:9428
- C:\Windows\System32\mWDLEva.exe
  C:\Windows\System32\mWDLEva.exe
  2⤵
  PID:9500
- C:\Windows\System32\UqoMnkX.exe
  C:\Windows\System32\UqoMnkX.exe
  2⤵
  PID:9656
- C:\Windows\System32\wpLiHlL.exe
  C:\Windows\System32\wpLiHlL.exe
  2⤵
  PID:9740
- C:\Windows\System32\gUQoMCW.exe
  C:\Windows\System32\gUQoMCW.exe
  2⤵
  PID:9732
- C:\Windows\System32\CCgKCxq.exe
  C:\Windows\System32\CCgKCxq.exe
  2⤵
  PID:9784
- C:\Windows\System32\DVpJBAK.exe
  C:\Windows\System32\DVpJBAK.exe
  2⤵
  PID:9852
- C:\Windows\System32\CLaJcEJ.exe
  C:\Windows\System32\CLaJcEJ.exe
  2⤵
  PID:9956
- C:\Windows\System32\OnqEzVZ.exe
  C:\Windows\System32\OnqEzVZ.exe
  2⤵
  PID:10012
- C:\Windows\System32\jedvxbE.exe
  C:\Windows\System32\jedvxbE.exe
  2⤵
  PID:10084
- C:\Windows\System32\hvakbdb.exe
  C:\Windows\System32\hvakbdb.exe
  2⤵
  PID:10152
- C:\Windows\System32\cRuIyOT.exe
  C:\Windows\System32\cRuIyOT.exe
  2⤵
  PID:8616
- C:\Windows\System32\SaUTDDL.exe
  C:\Windows\System32\SaUTDDL.exe
  2⤵
  PID:9332
- C:\Windows\System32\DEWXlJW.exe
  C:\Windows\System32\DEWXlJW.exe
  2⤵
  PID:9420
- C:\Windows\System32\JQVqddd.exe
  C:\Windows\System32\JQVqddd.exe
  2⤵
  PID:9536
- C:\Windows\System32\bxNlnEK.exe
  C:\Windows\System32\bxNlnEK.exe
  2⤵
  PID:9632
- C:\Windows\System32\ypzbjYh.exe
  C:\Windows\System32\ypzbjYh.exe
  2⤵
  PID:9880
- C:\Windows\System32\bgRKQwl.exe
  C:\Windows\System32\bgRKQwl.exe
  2⤵
  PID:10024
- C:\Windows\System32\ItisXbl.exe
  C:\Windows\System32\ItisXbl.exe
  2⤵
  PID:10120
- C:\Windows\System32\zScYmEG.exe
  C:\Windows\System32\zScYmEG.exe
  2⤵
  PID:10220
- C:\Windows\System32\hVpiSlO.exe
  C:\Windows\System32\hVpiSlO.exe
  2⤵
  PID:9468
- C:\Windows\System32\GhpUquV.exe
  C:\Windows\System32\GhpUquV.exe
  2⤵
  PID:9712
- C:\Windows\System32\cGqtXth.exe
  C:\Windows\System32\cGqtXth.exe
  2⤵
  PID:10184
- C:\Windows\System32\aIOFIrZ.exe
  C:\Windows\System32\aIOFIrZ.exe
  2⤵
  PID:8908
- C:\Windows\System32\lDFPxUY.exe
  C:\Windows\System32\lDFPxUY.exe
  2⤵
  PID:10272
- C:\Windows\System32\FpnZFFQ.exe
  C:\Windows\System32\FpnZFFQ.exe
  2⤵
  PID:10288
- C:\Windows\System32\bBtsLuj.exe
  C:\Windows\System32\bBtsLuj.exe
  2⤵
  PID:10308
- C:\Windows\System32\wJBRDxk.exe
  C:\Windows\System32\wJBRDxk.exe
  2⤵
  PID:10336
- C:\Windows\System32\EPTRFbV.exe
  C:\Windows\System32\EPTRFbV.exe
  2⤵
  PID:10356
- C:\Windows\System32\EDjBWaY.exe
  C:\Windows\System32\EDjBWaY.exe
  2⤵
  PID:10384
- C:\Windows\System32\dtZmUaI.exe
  C:\Windows\System32\dtZmUaI.exe
  2⤵
  PID:10400
- C:\Windows\System32\caFebbN.exe
  C:\Windows\System32\caFebbN.exe
  2⤵
  PID:10452
- C:\Windows\System32\gnouZvb.exe
  C:\Windows\System32\gnouZvb.exe
  2⤵
  PID:10496
- C:\Windows\System32\WPdvwTJ.exe
  C:\Windows\System32\WPdvwTJ.exe
  2⤵
  PID:10516
- C:\Windows\System32\mQpBMKr.exe
  C:\Windows\System32\mQpBMKr.exe
  2⤵
  PID:10572
- C:\Windows\System32\WdUtVLi.exe
  C:\Windows\System32\WdUtVLi.exe
  2⤵
  PID:10600
- C:\Windows\System32\ZZWOxRM.exe
  C:\Windows\System32\ZZWOxRM.exe
  2⤵
  PID:10640
- C:\Windows\System32\Yzzgnwk.exe
  C:\Windows\System32\Yzzgnwk.exe
  2⤵
  PID:10664
- C:\Windows\System32\DPoXGwZ.exe
  C:\Windows\System32\DPoXGwZ.exe
  2⤵
  PID:10680
- C:\Windows\System32\BlvgJBx.exe
  C:\Windows\System32\BlvgJBx.exe
  2⤵
  PID:10708
- C:\Windows\System32\OLtXjkZ.exe
  C:\Windows\System32\OLtXjkZ.exe
  2⤵
  PID:10752
- C:\Windows\System32\cCAgoSK.exe
  C:\Windows\System32\cCAgoSK.exe
  2⤵
  PID:10776
- C:\Windows\System32\OYzIzYM.exe
  C:\Windows\System32\OYzIzYM.exe
  2⤵
  PID:10792
- C:\Windows\System32\UqqakPn.exe
  C:\Windows\System32\UqqakPn.exe
  2⤵
  PID:10828
- C:\Windows\System32\qXsXceA.exe
  C:\Windows\System32\qXsXceA.exe
  2⤵
  PID:10848
- C:\Windows\System32\AisUBKo.exe
  C:\Windows\System32\AisUBKo.exe
  2⤵
  PID:10868
- C:\Windows\System32\bFcIwPq.exe
  C:\Windows\System32\bFcIwPq.exe
  2⤵
  PID:10908
- C:\Windows\System32\xgbvWSE.exe
  C:\Windows\System32\xgbvWSE.exe
  2⤵
  PID:10948
- C:\Windows\System32\CCLRRwu.exe
  C:\Windows\System32\CCLRRwu.exe
  2⤵
  PID:10964
- C:\Windows\System32\rHeLfpg.exe
  C:\Windows\System32\rHeLfpg.exe
  2⤵
  PID:11000
- C:\Windows\System32\JoGnxhB.exe
  C:\Windows\System32\JoGnxhB.exe
  2⤵
  PID:11016
- C:\Windows\System32\ZsnkPDB.exe
  C:\Windows\System32\ZsnkPDB.exe
  2⤵
  PID:11040
- C:\Windows\System32\UvzdpWR.exe
  C:\Windows\System32\UvzdpWR.exe
  2⤵
  PID:11056
- C:\Windows\System32\FAyhbgO.exe
  C:\Windows\System32\FAyhbgO.exe
  2⤵
  PID:11080
- C:\Windows\System32\VgBaIut.exe
  C:\Windows\System32\VgBaIut.exe
  2⤵
  PID:11100
- C:\Windows\System32\WSvZRiT.exe
  C:\Windows\System32\WSvZRiT.exe
  2⤵
  PID:11124
- C:\Windows\System32\GDtZBiz.exe
  C:\Windows\System32\GDtZBiz.exe
  2⤵
  PID:11184
- C:\Windows\System32\lVXUWSV.exe
  C:\Windows\System32\lVXUWSV.exe
  2⤵
  PID:11220
- C:\Windows\System32\OJpILar.exe
  C:\Windows\System32\OJpILar.exe
  2⤵
  PID:11244
- C:\Windows\System32\KAaIePT.exe
  C:\Windows\System32\KAaIePT.exe
  2⤵
  PID:9268
- C:\Windows\System32\pdhDWax.exe
  C:\Windows\System32\pdhDWax.exe
  2⤵
  PID:10352
- C:\Windows\System32\EmEEzvC.exe
  C:\Windows\System32\EmEEzvC.exe
  2⤵
  PID:10344
- C:\Windows\System32\RhClSxQ.exe
  C:\Windows\System32\RhClSxQ.exe
  2⤵
  PID:10392
- C:\Windows\System32\SXCPSaG.exe
  C:\Windows\System32\SXCPSaG.exe
  2⤵
  PID:10544
- C:\Windows\System32\iyqpELm.exe
  C:\Windows\System32\iyqpELm.exe
  2⤵
  PID:10560
- C:\Windows\System32\EOPUpnv.exe
  C:\Windows\System32\EOPUpnv.exe
  2⤵
  PID:10620
- C:\Windows\System32\EIDCirq.exe
  C:\Windows\System32\EIDCirq.exe
  2⤵
  PID:10676
- C:\Windows\System32\IeiTtXN.exe
  C:\Windows\System32\IeiTtXN.exe
  2⤵
  PID:10156
- C:\Windows\System32\nQRGfWt.exe
  C:\Windows\System32\nQRGfWt.exe
  2⤵
  PID:10864
- C:\Windows\System32\KaRqvlf.exe
  C:\Windows\System32\KaRqvlf.exe
  2⤵
  PID:10820
- C:\Windows\System32\oEuquOu.exe
  C:\Windows\System32\oEuquOu.exe
  2⤵
  PID:10980
- C:\Windows\System32\aLzKqaj.exe
  C:\Windows\System32\aLzKqaj.exe
  2⤵
  PID:11032
- C:\Windows\System32\FkKoBZm.exe
  C:\Windows\System32\FkKoBZm.exe
  2⤵
  PID:11108
- C:\Windows\System32\ytVozUZ.exe
  C:\Windows\System32\ytVozUZ.exe
  2⤵
  PID:11164
- C:\Windows\System32\eDhPXNT.exe
  C:\Windows\System32\eDhPXNT.exe
  2⤵
  PID:9860
- C:\Windows\System32\SFxfxvS.exe
  C:\Windows\System32\SFxfxvS.exe
  2⤵
  PID:10284
- C:\Windows\System32\mjKzTlc.exe
  C:\Windows\System32\mjKzTlc.exe
  2⤵
  PID:10324
- C:\Windows\System32\IykgbuR.exe
  C:\Windows\System32\IykgbuR.exe
  2⤵
  PID:10588
- C:\Windows\System32\xTvAYyt.exe
  C:\Windows\System32\xTvAYyt.exe
  2⤵
  PID:10996
- C:\Windows\System32\JcCzpSF.exe
  C:\Windows\System32\JcCzpSF.exe
  2⤵
  PID:11088
- C:\Windows\System32\PYfTPKU.exe
  C:\Windows\System32\PYfTPKU.exe
  2⤵
  PID:10020
- C:\Windows\System32\KWFOcWr.exe
  C:\Windows\System32\KWFOcWr.exe
  2⤵
  PID:10380
- C:\Windows\System32\mbhoPrU.exe
  C:\Windows\System32\mbhoPrU.exe
  2⤵
  PID:10700
- C:\Windows\System32\wWyUzJC.exe
  C:\Windows\System32\wWyUzJC.exe
  2⤵
  PID:11284
- C:\Windows\System32\nYEvDLh.exe
  C:\Windows\System32\nYEvDLh.exe
  2⤵
  PID:11316
- C:\Windows\System32\xfwUsYW.exe
  C:\Windows\System32\xfwUsYW.exe
  2⤵
  PID:11332
- C:\Windows\System32\SznZDBC.exe
  C:\Windows\System32\SznZDBC.exe
  2⤵
  PID:11356
- C:\Windows\System32\ENfUbnF.exe
  C:\Windows\System32\ENfUbnF.exe
  2⤵
  PID:11392
- C:\Windows\System32\JaQrKbD.exe
  C:\Windows\System32\JaQrKbD.exe
  2⤵
  PID:11412
- C:\Windows\System32\NZFkFYh.exe
  C:\Windows\System32\NZFkFYh.exe
  2⤵
  PID:11444
- C:\Windows\System32\EJXoGOl.exe
  C:\Windows\System32\EJXoGOl.exe
  2⤵
  PID:11468
- C:\Windows\System32\YzrAaax.exe
  C:\Windows\System32\YzrAaax.exe
  2⤵
  PID:11520
- C:\Windows\System32\gLzyHRG.exe
  C:\Windows\System32\gLzyHRG.exe
  2⤵
  PID:11564
- C:\Windows\System32\omRgggi.exe
  C:\Windows\System32\omRgggi.exe
  2⤵
  PID:11604
- C:\Windows\System32\IxlhRUB.exe
  C:\Windows\System32\IxlhRUB.exe
  2⤵
  PID:11632
- C:\Windows\System32\wjQoPFs.exe
  C:\Windows\System32\wjQoPFs.exe
  2⤵
  PID:11652
- C:\Windows\System32\gRdeRUQ.exe
  C:\Windows\System32\gRdeRUQ.exe
  2⤵
  PID:11676
- C:\Windows\System32\kIxYSKH.exe
  C:\Windows\System32\kIxYSKH.exe
  2⤵
  PID:11724
- C:\Windows\System32\tyvJneO.exe
  C:\Windows\System32\tyvJneO.exe
  2⤵
  PID:11752
- C:\Windows\System32\SkvanfF.exe
  C:\Windows\System32\SkvanfF.exe
  2⤵
  PID:11780
- C:\Windows\System32\wstEOBV.exe
  C:\Windows\System32\wstEOBV.exe
  2⤵
  PID:11812
- C:\Windows\System32\INZwanr.exe
  C:\Windows\System32\INZwanr.exe
  2⤵
  PID:11832
- C:\Windows\System32\XQxMjIZ.exe
  C:\Windows\System32\XQxMjIZ.exe
  2⤵
  PID:11852
- C:\Windows\System32\zRCISwm.exe
  C:\Windows\System32\zRCISwm.exe
  2⤵
  PID:11872
- C:\Windows\System32\cGtctfo.exe
  C:\Windows\System32\cGtctfo.exe
  2⤵
  PID:11908
- C:\Windows\System32\FxdLNAO.exe
  C:\Windows\System32\FxdLNAO.exe
  2⤵
  PID:11952
- C:\Windows\System32\vnHwHLu.exe
  C:\Windows\System32\vnHwHLu.exe
  2⤵
  PID:11972
- C:\Windows\System32\IBWLtyx.exe
  C:\Windows\System32\IBWLtyx.exe
  2⤵
  PID:11996
- C:\Windows\System32\NwZKbOc.exe
  C:\Windows\System32\NwZKbOc.exe
  2⤵
  PID:12028
- C:\Windows\System32\osFzTQX.exe
  C:\Windows\System32\osFzTQX.exe
  2⤵
  PID:12044
- C:\Windows\System32\QrEzagu.exe
  C:\Windows\System32\QrEzagu.exe
  2⤵
  PID:12064
- C:\Windows\System32\PReRWIy.exe
  C:\Windows\System32\PReRWIy.exe
  2⤵
  PID:12100
- C:\Windows\System32\eUSfAeU.exe
  C:\Windows\System32\eUSfAeU.exe
  2⤵
  PID:12132
- C:\Windows\System32\VGWPXJH.exe
  C:\Windows\System32\VGWPXJH.exe
  2⤵
  PID:12168
- C:\Windows\System32\Nbsytfk.exe
  C:\Windows\System32\Nbsytfk.exe
  2⤵
  PID:12188
- C:\Windows\System32\hdBAwdm.exe
  C:\Windows\System32\hdBAwdm.exe
  2⤵
  PID:12216
- C:\Windows\System32\vMjmgIi.exe
  C:\Windows\System32\vMjmgIi.exe
  2⤵
  PID:12236
- C:\Windows\System32\YIqhDGp.exe
  C:\Windows\System32\YIqhDGp.exe
  2⤵
  PID:12256
- C:\Windows\System32\SKiplNT.exe
  C:\Windows\System32\SKiplNT.exe
  2⤵
  PID:11028
- C:\Windows\System32\WzYDKvA.exe
  C:\Windows\System32\WzYDKvA.exe
  2⤵
  PID:10836
- C:\Windows\System32\ljYwTjP.exe
  C:\Windows\System32\ljYwTjP.exe
  2⤵
  PID:11208
- C:\Windows\System32\fwDkElx.exe
  C:\Windows\System32\fwDkElx.exe
  2⤵
  PID:11300
- C:\Windows\System32\YMINwiH.exe
  C:\Windows\System32\YMINwiH.exe
  2⤵
  PID:11376
- C:\Windows\System32\IZmBsRX.exe
  C:\Windows\System32\IZmBsRX.exe
  2⤵
  PID:11440
- C:\Windows\System32\JFBeIdO.exe
  C:\Windows\System32\JFBeIdO.exe
  2⤵
  PID:11528
- C:\Windows\System32\iuSyauU.exe
  C:\Windows\System32\iuSyauU.exe
  2⤵
  PID:11536
- C:\Windows\System32\mYMeuvp.exe
  C:\Windows\System32\mYMeuvp.exe
  2⤵
  PID:11588
- C:\Windows\System32\fSyRzbs.exe
  C:\Windows\System32\fSyRzbs.exe
  2⤵
  PID:11692
- C:\Windows\System32\ojdHnQy.exe
  C:\Windows\System32\ojdHnQy.exe
  2⤵
  PID:11764
- C:\Windows\System32\lNcNXcp.exe
  C:\Windows\System32\lNcNXcp.exe
  2⤵
  PID:11796
- C:\Windows\System32\NmEZxwu.exe
  C:\Windows\System32\NmEZxwu.exe
  2⤵
  PID:11840
- C:\Windows\System32\DXybrlW.exe
  C:\Windows\System32\DXybrlW.exe
  2⤵
  PID:11880
- C:\Windows\System32\vqRtdtM.exe
  C:\Windows\System32\vqRtdtM.exe
  2⤵
  PID:11944
- C:\Windows\System32\Cborbck.exe
  C:\Windows\System32\Cborbck.exe
  2⤵
  PID:11984
- C:\Windows\System32\AyIucqM.exe
  C:\Windows\System32\AyIucqM.exe
  2⤵
  PID:12096
- C:\Windows\System32\OEJAqTE.exe
  C:\Windows\System32\OEJAqTE.exe
  2⤵
  PID:12160
- C:\Windows\System32\PIftUeG.exe
  C:\Windows\System32\PIftUeG.exe
  2⤵
  PID:12280
- C:\Windows\System32\pngwGCs.exe
  C:\Windows\System32\pngwGCs.exe
  2⤵
  PID:10556
- C:\Windows\System32\TclvNLH.exe
  C:\Windows\System32\TclvNLH.exe
  2⤵
  PID:11324
- C:\Windows\System32\fPnGpOf.exe
  C:\Windows\System32\fPnGpOf.exe
  2⤵
  PID:11560
- C:\Windows\System32\fIOQqqx.exe
  C:\Windows\System32\fIOQqqx.exe
  2⤵
  PID:11760
- C:\Windows\System32\Ttsmwds.exe
  C:\Windows\System32\Ttsmwds.exe
  2⤵
  PID:11896
- C:\Windows\System32\HdYJIAU.exe
  C:\Windows\System32\HdYJIAU.exe
  2⤵
  PID:12012
- C:\Windows\System32\PnWebox.exe
  C:\Windows\System32\PnWebox.exe
  2⤵
  PID:12112
- C:\Windows\System32\hCsWAYS.exe
  C:\Windows\System32\hCsWAYS.exe
  2⤵
  PID:10304
- C:\Windows\System32\YCMWlBX.exe
  C:\Windows\System32\YCMWlBX.exe
  2⤵
  PID:11076
- C:\Windows\System32\OnHtvuW.exe
  C:\Windows\System32\OnHtvuW.exe
  2⤵
  PID:11700
- C:\Windows\System32\EQJvBRt.exe
  C:\Windows\System32\EQJvBRt.exe
  2⤵
  PID:12020
- C:\Windows\System32\GvhijBE.exe
  C:\Windows\System32\GvhijBE.exe
  2⤵
  PID:5068
- C:\Windows\System32\FqcpqWH.exe
  C:\Windows\System32\FqcpqWH.exe
  2⤵
  PID:3820
- C:\Windows\System32\PmjEBHV.exe
  C:\Windows\System32\PmjEBHV.exe
  2⤵
  PID:11504
- C:\Windows\System32\LTmhkWO.exe
  C:\Windows\System32\LTmhkWO.exe
  2⤵
  PID:12244
- C:\Windows\System32\PjkWkuN.exe
  C:\Windows\System32\PjkWkuN.exe
  2⤵
  PID:12312
- C:\Windows\System32\vfmumng.exe
  C:\Windows\System32\vfmumng.exe
  2⤵
  PID:12332
- C:\Windows\System32\bbDOYOb.exe
  C:\Windows\System32\bbDOYOb.exe
  2⤵
  PID:12376
- C:\Windows\System32\PoCyigh.exe
  C:\Windows\System32\PoCyigh.exe
  2⤵
  PID:12404
- C:\Windows\System32\KDOgpuE.exe
  C:\Windows\System32\KDOgpuE.exe
  2⤵
  PID:12432
- C:\Windows\System32\VSKleps.exe
  C:\Windows\System32\VSKleps.exe
  2⤵
  PID:12448
- C:\Windows\System32\rfMwjbA.exe
  C:\Windows\System32\rfMwjbA.exe
  2⤵
  PID:12464
- C:\Windows\System32\yoNnvZY.exe
  C:\Windows\System32\yoNnvZY.exe
  2⤵
  PID:12508
- C:\Windows\System32\PiKFKBQ.exe
  C:\Windows\System32\PiKFKBQ.exe
  2⤵
  PID:12536
- C:\Windows\System32\UEOdMxv.exe
  C:\Windows\System32\UEOdMxv.exe
  2⤵
  PID:12564
- C:\Windows\System32\dFzLVlu.exe
  C:\Windows\System32\dFzLVlu.exe
  2⤵
  PID:12592
- C:\Windows\System32\FaSzWcf.exe
  C:\Windows\System32\FaSzWcf.exe
  2⤵
  PID:12608
- C:\Windows\System32\BQNUWfD.exe
  C:\Windows\System32\BQNUWfD.exe
  2⤵
  PID:12648
- C:\Windows\System32\JohTnVO.exe
  C:\Windows\System32\JohTnVO.exe
  2⤵
  PID:12684
- C:\Windows\System32\GTvAmmo.exe
  C:\Windows\System32\GTvAmmo.exe
  2⤵
  PID:12704
- C:\Windows\System32\HCIWOfI.exe
  C:\Windows\System32\HCIWOfI.exe
  2⤵
  PID:12756
- C:\Windows\System32\RXmMpnt.exe
  C:\Windows\System32\RXmMpnt.exe
  2⤵
  PID:12780
- C:\Windows\System32\WSaRiWE.exe
  C:\Windows\System32\WSaRiWE.exe
  2⤵
  PID:12796
- C:\Windows\System32\VHEFHtA.exe
  C:\Windows\System32\VHEFHtA.exe
  2⤵
  PID:12824
- C:\Windows\System32\nWjccca.exe
  C:\Windows\System32\nWjccca.exe
  2⤵
  PID:12880
- C:\Windows\System32\tWMmGkl.exe
  C:\Windows\System32\tWMmGkl.exe
  2⤵
  PID:12896
- C:\Windows\System32\lTsFDka.exe
  C:\Windows\System32\lTsFDka.exe
  2⤵
  PID:12924
- C:\Windows\System32\kJjuUCs.exe
  C:\Windows\System32\kJjuUCs.exe
  2⤵
  PID:12940
- C:\Windows\System32\eOHaVpo.exe
  C:\Windows\System32\eOHaVpo.exe
  2⤵
  PID:12960
- C:\Windows\System32\wOdAwwU.exe
  C:\Windows\System32\wOdAwwU.exe
  2⤵
  PID:13008
- C:\Windows\System32\XPByZSI.exe
  C:\Windows\System32\XPByZSI.exe
  2⤵
  PID:13024
- C:\Windows\System32\njRusry.exe
  C:\Windows\System32\njRusry.exe
  2⤵
  PID:13064
- C:\Windows\System32\hdwPilp.exe
  C:\Windows\System32\hdwPilp.exe
  2⤵
  PID:13092
- C:\Windows\System32\KGFGJNf.exe
  C:\Windows\System32\KGFGJNf.exe
  2⤵
  PID:13120
- C:\Windows\System32\xJXfyDc.exe
  C:\Windows\System32\xJXfyDc.exe
  2⤵
  PID:13148
- C:\Windows\System32\TzXtLxw.exe
  C:\Windows\System32\TzXtLxw.exe
  2⤵
  PID:13172
- C:\Windows\System32\zlOXHXs.exe
  C:\Windows\System32\zlOXHXs.exe
  2⤵
  PID:13200
- C:\Windows\System32\fqQrpRh.exe
  C:\Windows\System32\fqQrpRh.exe
  2⤵
  PID:13216
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13216 -s 256
    3⤵
    PID:12992
- C:\Windows\System32\jOCZMEz.exe
  C:\Windows\System32\jOCZMEz.exe
  2⤵
  PID:13240
- C:\Windows\System32\HQhXEZw.exe
  C:\Windows\System32\HQhXEZw.exe
  2⤵
  PID:13268
- C:\Windows\System32\RVndmLu.exe
  C:\Windows\System32\RVndmLu.exe
  2⤵
  PID:13304
- C:\Windows\System32\lKOjhbE.exe
  C:\Windows\System32\lKOjhbE.exe
  2⤵
  PID:11452
- C:\Windows\System32\JClqXES.exe
  C:\Windows\System32\JClqXES.exe
  2⤵
  PID:12320

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 3580 -i 3580 -h 532 -j 536 -s 544 -d 13136
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:12556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\AIKgPlw.exe

Filesize
1.5MB

MD5
d6ce5f527783646ea097e6dae63e3a82

SHA1
a5766f0d1aee55b597c069aec9ac1cd8724e0ee1

SHA256
ad062717aef8fd8532b40e3f90c1b4533fc7e3cbaf20477e76f8d9c49364bf33

SHA512
4e1c3fdb011acd925db55a10ebd9ecbdd103e09841121a97a5322a69f0431c8323a3e02cd0cbfd45242010bcaeaac8564c63a7c1b7062118cc312d70dc035ed7

Download Submit
C:\Windows\System32\EzgCrqK.exe

Filesize
1.5MB

MD5
dc5130698c766ac94546280112d79d11

SHA1
25b51dba3b00528a0b3d8d2b1a342c6f0d2f428a

SHA256
f9c29646e7da755a602240f58b37e0a492120646b0360e24a690fe9bcf19a8c4

SHA512
751928464bce3e721d8160c70a499c41770fca104d0324c68632bb69eac7c034e5bc1afdef55513bfb1ceb4521e0fa7fc90dfd95243af3b7fcf37e1d2d88d252

Download Submit
C:\Windows\System32\FztuxBG.exe

Filesize
1.5MB

MD5
994f2ec2c4d81ff1fce3c702df104fa9

SHA1
e41f9a014ee089d83f385b060ab6d271f61f985c

SHA256
9297e961ea68f9530e0b383d42fcdfc2744bbe94eed67327a40aa23c31f090ab

SHA512
28ac84da4b3f2e89a1ad3e1f9a4bc521b6a5d79e80dbac9f37c57b01b8edf050a581c5fac2b74e1f71257591963a8f7623e284427f2aba533cd846b68dfdb829

Download Submit
C:\Windows\System32\HeFsKTJ.exe

Filesize
1.5MB

MD5
c533067635ce851fcf457dcb2dc6cbfa

SHA1
1ce59349a0b8f3e9bf8e9786e4c6ec689fb3b001

SHA256
0ba2da9200b9d679a99ece8ce13d5d294cceb846dffe1f5946e27618eda896d5

SHA512
dd201b96969c35d93f23fb6b08c390dcd4223065f731df00cd86425345f5a6bffbea4018a03beae6539d9f8329a468b25e15b4418108ad6ea5eafa25849cc43a

Download Submit
C:\Windows\System32\HxYDGnF.exe

Filesize
1.5MB

MD5
b663d2a4dc41ef105b24db57501a3431

SHA1
28221a773efd9d8068280da7481728106002fbe9

SHA256
216a203b1c3d9f2ec9f3f69accaeb1791b25e3f084fd64caa19d51eb1724aaa2

SHA512
43161b287cb950d0259e9fd32e31e2b36dc15e74925b0f3f486b732e0495c01c6acb67fb38eac986e447ec606140f5fa0140abf4fc68a67dd6099cbf8b3326db

Download Submit
C:\Windows\System32\IsLyQpN.exe

Filesize
1.5MB

MD5
4c9f13f70efc048d3d1db389295c9e98

SHA1
a4b39cbc99773e0d9c1a9cc19ee73b1cb4f0459a

SHA256
feabb324a4d3da9a7c4e9ce4cb60986693c36e56a1cfa3141fff702b05ad4033

SHA512
00a10f77a6cf320686298f4794f9eb156f2c65c5b2ebfd3fb4be0f571d3132063c740db2a60feced968ac51cb949d05ded25ed038bf2f8d27ebf18ac8bb82e47

Download Submit
C:\Windows\System32\JXimUXq.exe

Filesize
1.5MB

MD5
b5cfebc172c6a4344d1cd23c6eb3334c

SHA1
2c35aad7e3d43cc54acf4dabc924e70d352ef016

SHA256
cbe63e79bf7ac2e5d2909360533067ce16dc852af5582e19e6af4f0004214d34

SHA512
f9419ce8bac3f91dce6fb1fd23d72db496299ac6e261a1241e8bcc04a46bfcb7cf40afe15d3b753f971b7862de0e3e65320a3d7e52b6e5b22d96142dbce926e1

Download Submit
C:\Windows\System32\LZyKcOD.exe

Filesize
1.5MB

MD5
f148b49cd176ef3f8b7efc6987d3f7bc

SHA1
50fef96a39c87d3f4eb1e65e00755b25e58b6545

SHA256
bef7901dc27242de92391d041e5e70c4fa87d5703e3bff14a65aa061dbd3993e

SHA512
0688e32fad21c82b8413a01dd40b5b4e22c1f5f45a95573d5313d990c9c1c3a53e7a50e65115a5c36bdc7a6998a172ead446a6c19915eeac1702a8fe98a1a787

Download Submit
C:\Windows\System32\MukfnDO.exe

Filesize
1.5MB

MD5
66d3038fe6f1bc3247cba43495fd9ed6

SHA1
dce962d120bec05ce2855d370d9f2d564ab98e85

SHA256
9cf70ddefe5c02201589038a314e545b28e6daa224005d5fc74fe24fe07e9181

SHA512
5522ef3cc0f1cba5c6afdfa677f5089ceea68556028f6a365e58b27e096a0cc830cc05570528122bd9924f04e0c38aa36c53fb567f8ead2218a2196878efd2ca

Download Submit
C:\Windows\System32\NOhfHxj.exe

Filesize
1.5MB

MD5
88c33e8320c148200000ac91c8fc01ff

SHA1
ec647e6337b26111189114cc7626a8165bcd9b60

SHA256
abee1eae72b06d84a5979a587710e2cc9d38d2a1c41e0807544df40206f64d0e

SHA512
99c3145f07274b02bb063234a80a3d52e592911a207a1cdb0cde3b4d08563eaac5cd0cb69283afc0860ce0a074455ee06dfa90890f9112bc87ce33fc83438c09

Download Submit
C:\Windows\System32\NZsNINF.exe

Filesize
1.5MB

MD5
cde290a824731c66acd1f3f51d09b793

SHA1
eabd774642a9ce686ef4cb85d4c1aeb8e63f5f2c

SHA256
11fd31b9bded93b035772db2ddd468c925abb8fb7a145255462ae9ea7757b9a3

SHA512
c62deee1aeb9fdb0d6e8c5a7cf4a29f59b15aa700c4bb394200d029e80e6cf52cb128a5cab010046cbdd55a8f82e8d05f2c578be7fba06c342bfd31a2e44b9f1

Download Submit
C:\Windows\System32\PeFuXJv.exe

Filesize
1.5MB

MD5
87cfa3a9cb4360e09a8614bc0e762918

SHA1
badaedc9f5ac310f957f7fab9216abf4b883bf98

SHA256
e743338c157666103b06afbba05c1602bb30a9793495bccd128c4424e960a1e7

SHA512
df847d9d1490c6bb86ac961b87f0c7464ff3756d4cca7edb351226a3e436d6d201973740a2d651e0f3adf779b77db6678ff4065dab8d1ebfc541cca502698035

Download Submit
C:\Windows\System32\QDQGSof.exe

Filesize
1.5MB

MD5
6c8af46e9f00ea139da60f2d2d9bb2b3

SHA1
6947faf0a024b77b0c0e2b3e76a7fd63791d6caf

SHA256
66f2d256597a8179eceb902a1197d26c30819bb16ccf1f5ec25f726367c8defd

SHA512
63fe75746cfd9bc88a2744d9b20df0b17b20d4dc9d6e1751fac7381906d13e9ed5e1a32c46a9a37b41c090510ecc8a5730306dcfe992f71deb965363cc0c2243

Download Submit
C:\Windows\System32\SAtDpKU.exe

Filesize
1.5MB

MD5
13090b1dc333b5ad0f69346fb6c7fe0c

SHA1
2520b4b14eb3e1887974037dd69c75746089206a

SHA256
ec3636d2f308679e2330df2d58c0e80872a021e5fe8d2806ebe243df63ac1100

SHA512
bbdeb1098287476aca833399ba257018002a81d5730a3719c8d2c002a207c07ef1a1f693d6db776aed2bf655013c1201cec7375e2611ded30481910ca0521bef

Download Submit
C:\Windows\System32\TxZIgwT.exe

Filesize
1.5MB

MD5
e7124201c54868b3d1989e11cf281319

SHA1
0d79df3bc37398428cf7d1e931a89bf4eb50bdc2

SHA256
2168bb25b5410c2fc982d14926a29a4dc7072943be87232c353f49d4a3f079fc

SHA512
0658fa1ba728588edd9255b173c923fdb09ffefa88ff20428555b907653f61c7b7cf17bb3789aa83d8b1d0da7a3c286071ed35a2620b71818960f050cc3f7071

Download Submit
C:\Windows\System32\UYElDxo.exe

Filesize
1.5MB

MD5
affa3379ae9a271cbb09d4e75d17b773

SHA1
6eb5eb98743176718ffccd568d2af266400bbc44

SHA256
742e6bdd50a8927e5a2c4d5842204faf8b8f7e7f4bac61278a30edcfb76196cc

SHA512
758d64dbe2b63290af6391f96e947a3c2d9221eba7fcc7fd0d9b95be8f7c4744ace53f5134b1dfec5249b281473b3e6d7987e99220216d2775b9f3d3ba4977ca

Download Submit
C:\Windows\System32\ZIrsoKt.exe

Filesize
1.5MB

MD5
49ff7ed965100c4c4dc19b6fbd8aa2b9

SHA1
57c43124a2c6fb3358b17bc110c91f1dfb05730d

SHA256
333aad6dbfd145b9446e8d95f6fe560f9f267891385bc2157d0c0243dd5801a8

SHA512
06d0582b867088caa96087c701357ab5174c3ee48c68f64a21962bbec76998087ce363d738d769e2326c380ee8587d26f03c64113f0902f6c1b716b7d0ffd34f

Download Submit
C:\Windows\System32\bmlzqMW.exe

Filesize
1.5MB

MD5
51193c42ea359fbd79e7a36f813d0d09

SHA1
333f6b488e2189cbe10e03dd0903f66dabef66b9

SHA256
56e75efb9ad69dce8dd8558fc487606bf23fe0f8ff69f2dfec532049c7ba1cd6

SHA512
03025a1bd0446ced771bfde80f5445f78713f3d2a239d716c7dac685347d07661d305257cb7a2768e5092bb144cbca4cacc17b84660169f52ae682e67b389535

Download Submit
C:\Windows\System32\dQYtehH.exe

Filesize
1.5MB

MD5
fb489f9301f648cdb42f8017f76a8319

SHA1
3f9ae1d68b735f1535db4890e839321009a4a747

SHA256
c7b6b9ff1afd3c928f1c049ef71e5d3169e267c07a3d5739161049631fe0b80f

SHA512
7c3172611f10cfeb9b74a038121c8d2629a76129e54345c6f61e6c185b37df0c8457a654c38e503b54ad42101b38258676a14c9376b1d7b3ca6afde624b336ea

Download Submit
C:\Windows\System32\eLxCfVm.exe

Filesize
1.5MB

MD5
73d5fe5f4a4818b1919f807e79d03266

SHA1
57e6261f51d410762619d2200aea09069ee34205

SHA256
e53218645fd0085e8a642459427807ba361f9c3d19614e9f75ed0f82229589bf

SHA512
4c14821241a46dbd69e4dab7a5d24004cb4137de6a522e299a694ece4c2f71eea67f3c6b962e05dd5238e5256f23756f8d1baaa5268a565a2a39693544747d4f

Download Submit
C:\Windows\System32\gFqhxmI.exe

Filesize
1.5MB

MD5
b9b9d04636abd9e793b7a82f90aa8d9f

SHA1
a06076bde7c68f7bb272510c33d1693082c1ac2f

SHA256
3d9a8165cbd98c599e564afe36a68dd413f155e62d7f70cea379f697dad29d27

SHA512
976fea3c89a9d012a7f347731e7ee3058e66f773c848e3349af4101eb02e730f1937b6b60d1ba8b5e943dd31837dc7c9d34912475fc8ecb45b3e276127d9dc0b

Download Submit
C:\Windows\System32\jJuRyVR.exe

Filesize
1.5MB

MD5
5370d2ff0dcb017a9246aff86d6726b3

SHA1
3681fafebea73fdd178fd49e8ac5446f64de3fe1

SHA256
f26a9007a09e466c8a49ede084376a0fcf2e8f7fe7e646f73475d713dffe2009

SHA512
2ec982aaa5b2f884dd6c3cee704263a936166aa5748acabd1d7e84b6e52c35d2a0af081a66ecfb0d8590ff1bfa9caa2495809872b23f6ef5aac8853a4f9783f9

Download Submit
C:\Windows\System32\jkHcFWI.exe

Filesize
1.5MB

MD5
20ab0155d2fc7c028e4d4c4a363d8b50

SHA1
f148d48556bf44529ae1e9dc37438778cee5ef36

SHA256
b4e8c8e7d3f6c03cbc9b81bf14a1cbc9e7f20f60785727778c076e37acf3970e

SHA512
66f359ef948bb21a646f91bf8c95bf47091ce4897d6e0b398ebd8aee2741f3a4de3f84d2adadf80425dc0e70c55c27b7150545d9ac019bcea33fdc7fa5cebba7

Download Submit
C:\Windows\System32\lPFFxTk.exe

Filesize
1.5MB

MD5
509908b194cc62d55cd4c67620a2638a

SHA1
0d77e83e66457814c7bd6e82a0a9ccda99d1f8be

SHA256
ec910c5c9a1e2ae2e9da49cfb88016d252f6d3108468f417a7b6db6364fcd6fa

SHA512
b7e11bb9095b2b5c734aabf7b78e60ed6cedec5aa71e8e11daf95fc9dbc859339336066b5f86d132e6bb3cdf8e7974d8476cec07c45c45997116584d993512f9

Download Submit
C:\Windows\System32\noKlwgR.exe

Filesize
1.5MB

MD5
14547517e61d52512f1c3c8898a8923e

SHA1
028983ff60723bc1edba1c3ae2d61b8e0fdf8649

SHA256
cf0c0ad3e9cd606b125d548a8e689eac8ecc6d8ec3886dd7d143788c02ec4a51

SHA512
fcfc792f3e5c3099b9d04e063e7c6dff217bad5855d7fb930e5ff18a88e73601a6e803abdbfd9b4087b6b8c07242c265fa3f9ff11fcf0fd0f1f4f43dd72390be

Download Submit
C:\Windows\System32\oRPkeKs.exe

Filesize
1.5MB

MD5
238da072c84589eaf24caa379e572eb9

SHA1
2ed3932861bfa796df0bd253dc84dead904514ad

SHA256
b6c8827cd04c92fa22b414865fd2c2e10ad788f58eb12f63a9906a5cd54a27e7

SHA512
f1822c34c464c42fbf416b2afafe15c8a6e5518eaf5e895269ef1409311080e4b4029e84c57d6a061526c7eb75f73e51e038946823afb6e6f7f30779cc2d7381

Download Submit
C:\Windows\System32\pNcFjhO.exe

Filesize
1.5MB

MD5
7b9c5f9b5f67eaef56a73926e3bf1b72

SHA1
1529210f573c577229de78b8fab01cb06f41309c

SHA256
c5f7647ab389c62494a6ff1773dab9feb4c461d929ee7c6350fc1efa4f20ca66

SHA512
97af58e611e341db400ec9d6c0c52473369da01a10a8b500e23817df63ca3215ea7340a91ff8929d1cafad9ed7c53af4400c66cfd40dcdb4696016f8b34655a6

Download Submit
C:\Windows\System32\phMKaCA.exe

Filesize
1.5MB

MD5
ea91d18177e63a5b2c2ffe731893ecc6

SHA1
a2a2fa54245cc11539c1775897af523ee57cef6c

SHA256
85bf6d0901a38b939107cbbd3c33669458555f8badc8a832130eb1eeac488567

SHA512
e8ef58a9cd458e480e67ccdb0c40bf345c4ac147c0f5b99f58baae4402e953896362b0b44660827ae304782caba1a8d10e8050a519318eb9651af111f13072e4

Download Submit
C:\Windows\System32\qEgFDQT.exe

Filesize
1.5MB

MD5
8646f8690addf42fa42efb7f4aa845f4

SHA1
c43b28825db2e7c149420e7b9b153437fbdc3228

SHA256
80b0e01cbdd7a829ad02845deedea61ac3b8d6639eaf17f6e144d499fa3923c7

SHA512
c4622370474649aebaf8dad7aee8ac1e8831a60268bcce774bb2f7cbc19f1409043148ea0824302a883331dbb5e29bb29b723430b9363b7627fdc8203a537108

Download Submit
C:\Windows\System32\qRnYuJq.exe

Filesize
1.5MB

MD5
952ca56519eef66e6c7549a0ed87ead5

SHA1
d003d96c059b2c0574283265b181641d81f57014

SHA256
c76b064c96fd330b31cb8738a81c927b2aabac0e0fbd233e0478ac091364946f

SHA512
c02c5444782020685aed688c25ec88eb9db4a18edb82bcdf7bcd6653032f66036fbd4ec7673b009931ce0c2db6fa3dc5c0dc7ffa12de44b574eb8fc773c6460b

Download Submit
C:\Windows\System32\wNDLJnl.exe

Filesize
1.5MB

MD5
9cd4d13c0eb3b35d5de5a9089cc67bbf

SHA1
52ac3a7039efc4780088190c3ff858d99209359c

SHA256
e0d6b6cc01a5ff0df8c221ff51318a0f208677f9c56bfda0cf652f99186a3de7

SHA512
2135ea3ddb686f6c30953a7b7eff50dcc35e0dd4bb276b19832b3507678eb8dfdfc10f599b5db7b1799c3d36710abbbb899c10830bb98ae5cb47b805cb3ac95e

Download Submit
C:\Windows\System32\xChqyIl.exe

Filesize
1.5MB

MD5
586dc1c875fb770bd4cdff6082f4ced9

SHA1
5d9e72f8a8a4bfb8293f3e88546c06c7c6c74b84

SHA256
ebfcae3ff527b1df2098ed523a49bce20a3a4989233f6aacb0dd0b16fb0a101f

SHA512
9f36e0e7366facefa83430277df02d4c3ef8fdbe5fafda189b08dd72970c6e4fb326b27481c81727e289bcd465e413e571ab750226ad540c7c35e4f162205626

Download Submit
C:\Windows\System32\yUOLNoS.exe

Filesize
1.5MB

MD5
d496979fcfaacf1772ffd00ab904623d

SHA1
43f22772a8bb20fc17730afd2a2c47750cbab24c

SHA256
0e8307bceb92b32cad05e7bcc3d33617ff6625081cefd39fd2879ee6eef60a02

SHA512
681bc56f39142d46a5e360e1a14f3381c223879069bf4ed7bb493299581b8091bb2ba6a1ec873ee41a29ea8fd67c51c0037049397f5488f8a341ca4d3b0352fd

Download Submit
memory/1060-454-0x00007FF745470000-0x00007FF745861000-memory.dmp

Filesize
3.9MB

Download
memory/1060-2024-0x00007FF745470000-0x00007FF745861000-memory.dmp

Filesize
3.9MB

Download
memory/1408-452-0x00007FF6DDC40000-0x00007FF6DE031000-memory.dmp

Filesize
3.9MB

Download
memory/1408-2028-0x00007FF6DDC40000-0x00007FF6DE031000-memory.dmp

Filesize
3.9MB

Download
memory/1412-451-0x00007FF7206E0000-0x00007FF720AD1000-memory.dmp

Filesize
3.9MB

Download
memory/1412-2011-0x00007FF7206E0000-0x00007FF720AD1000-memory.dmp

Filesize
3.9MB

Download
memory/1620-1999-0x00007FF773600000-0x00007FF7739F1000-memory.dmp

Filesize
3.9MB

Download
memory/1620-1969-0x00007FF773600000-0x00007FF7739F1000-memory.dmp

Filesize
3.9MB

Download
memory/1620-38-0x00007FF773600000-0x00007FF7739F1000-memory.dmp

Filesize
3.9MB

Download
memory/1848-0-0x00007FF671E30000-0x00007FF672221000-memory.dmp

Filesize
3.9MB

Download
memory/1848-1-0x00000159242A0000-0x00000159242B0000-memory.dmp

Filesize
64KB

Download
memory/2020-2025-0x00007FF619740000-0x00007FF619B31000-memory.dmp

Filesize
3.9MB

Download
memory/2020-455-0x00007FF619740000-0x00007FF619B31000-memory.dmp

Filesize
3.9MB

Download
memory/2172-2009-0x00007FF72ECA0000-0x00007FF72F091000-memory.dmp

Filesize
3.9MB

Download
memory/2172-458-0x00007FF72ECA0000-0x00007FF72F091000-memory.dmp

Filesize
3.9MB

Download
memory/2368-457-0x00007FF7CE4A0000-0x00007FF7CE891000-memory.dmp

Filesize
3.9MB

Download
memory/2368-2030-0x00007FF7CE4A0000-0x00007FF7CE891000-memory.dmp

Filesize
3.9MB

Download
memory/2424-456-0x00007FF769020000-0x00007FF769411000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2022-0x00007FF769020000-0x00007FF769411000-memory.dmp

Filesize
3.9MB

Download
memory/2564-37-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp

Filesize
3.9MB

Download
memory/2564-1968-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp

Filesize
3.9MB

Download
memory/2564-1992-0x00007FF732ED0000-0x00007FF7332C1000-memory.dmp

Filesize
3.9MB

Download
memory/2624-2031-0x00007FF733510000-0x00007FF733901000-memory.dmp

Filesize
3.9MB

Download
memory/2624-459-0x00007FF733510000-0x00007FF733901000-memory.dmp

Filesize
3.9MB

Download
memory/2668-1985-0x00007FF6F2CD0000-0x00007FF6F30C1000-memory.dmp

Filesize
3.9MB

Download
memory/2668-16-0x00007FF6F2CD0000-0x00007FF6F30C1000-memory.dmp

Filesize
3.9MB

Download
memory/2776-71-0x00007FF7C1A40000-0x00007FF7C1E31000-memory.dmp

Filesize
3.9MB

Download
memory/2776-2003-0x00007FF7C1A40000-0x00007FF7C1E31000-memory.dmp

Filesize
3.9MB

Download
memory/2824-2014-0x00007FF619AE0000-0x00007FF619ED1000-memory.dmp

Filesize
3.9MB

Download
memory/2824-449-0x00007FF619AE0000-0x00007FF619ED1000-memory.dmp

Filesize
3.9MB

Download
memory/3020-450-0x00007FF6BF4B0000-0x00007FF6BF8A1000-memory.dmp

Filesize
3.9MB

Download
memory/3020-2016-0x00007FF6BF4B0000-0x00007FF6BF8A1000-memory.dmp

Filesize
3.9MB

Download
memory/3060-2001-0x00007FF7A8B20000-0x00007FF7A8F11000-memory.dmp

Filesize
3.9MB

Download
memory/3060-64-0x00007FF7A8B20000-0x00007FF7A8F11000-memory.dmp

Filesize
3.9MB

Download
memory/3612-1980-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp

Filesize
3.9MB

Download
memory/3612-2018-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp

Filesize
3.9MB

Download
memory/3612-77-0x00007FF756AB0000-0x00007FF756EA1000-memory.dmp

Filesize
3.9MB

Download
memory/3928-20-0x00007FF7FF250000-0x00007FF7FF641000-memory.dmp

Filesize
3.9MB

Download
memory/3928-1987-0x00007FF7FF250000-0x00007FF7FF641000-memory.dmp

Filesize
3.9MB

Download
memory/4284-1995-0x00007FF7FB300000-0x00007FF7FB6F1000-memory.dmp

Filesize
3.9MB

Download
memory/4284-58-0x00007FF7FB300000-0x00007FF7FB6F1000-memory.dmp

Filesize
3.9MB

Download
memory/4532-1989-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp

Filesize
3.9MB

Download
memory/4532-33-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp

Filesize
3.9MB

Download
memory/4532-1944-0x00007FF6C7690000-0x00007FF6C7A81000-memory.dmp

Filesize
3.9MB

Download
memory/4880-453-0x00007FF774A10000-0x00007FF774E01000-memory.dmp

Filesize
3.9MB

Download
memory/4880-2033-0x00007FF774A10000-0x00007FF774E01000-memory.dmp

Filesize
3.9MB

Download
memory/4952-60-0x00007FF67F4B0000-0x00007FF67F8A1000-memory.dmp

Filesize
3.9MB

Download
memory/4952-1993-0x00007FF67F4B0000-0x00007FF67F8A1000-memory.dmp

Filesize
3.9MB

Download
memory/5016-1997-0x00007FF7E95D0000-0x00007FF7E99C1000-memory.dmp

Filesize
3.9MB

Download
memory/5016-74-0x00007FF7E95D0000-0x00007FF7E99C1000-memory.dmp

Filesize
3.9MB

Download
memory/5028-1976-0x00007FF602440000-0x00007FF602831000-memory.dmp

Filesize
3.9MB

Download
memory/5028-2020-0x00007FF602440000-0x00007FF602831000-memory.dmp

Filesize
3.9MB

Download
memory/5028-67-0x00007FF602440000-0x00007FF602831000-memory.dmp

Filesize
3.9MB

Download
memory/5092-1982-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp

Filesize
3.9MB

Download
memory/5092-2005-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp

Filesize
3.9MB

Download
memory/5092-79-0x00007FF7C7FB0000-0x00007FF7C83A1000-memory.dmp

Filesize
3.9MB

Download