kpot | 05e203d905a7ac4bd9ebdd26a103cd9120b09a90f50bf21d76b2616ee6a7a662

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_6c64798148fce0934aec159ecc1b6720.exe
Size

2.0MB
MD5

6c64798148fce0934aec159ecc1b6720
SHA1

c03860a75bc7f0a16b2c4f52751fb34468d21038
SHA256

05e203d905a7ac4bd9ebdd26a103cd9120b09a90f50bf21d76b2616ee6a7a662
SHA512

eb40ade3a2d4e1b8e1f98860c40e5b250880a35eb2e2f1ff03504e77c63e214e979ea3bfd94c246926c9bfa348a86f61ff9949cfdd0cd8f4b3c8dcc719ba54f5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3+:BemTLkNdfE0pZrw2

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023407-7.dat	family_kpot
behavioral2/files/0x0008000000023402-10.dat	family_kpot
behavioral2/files/0x0007000000023406-14.dat	family_kpot
behavioral2/files/0x0007000000023408-20.dat	family_kpot
behavioral2/files/0x000700000002340a-29.dat	family_kpot
behavioral2/files/0x000700000002340f-57.dat	family_kpot
behavioral2/files/0x000700000002340e-65.dat	family_kpot
behavioral2/files/0x0007000000023413-88.dat	family_kpot
behavioral2/files/0x0007000000023414-101.dat	family_kpot
behavioral2/files/0x0007000000023417-109.dat	family_kpot
behavioral2/files/0x0007000000023419-122.dat	family_kpot
behavioral2/files/0x000700000002341b-136.dat	family_kpot
behavioral2/files/0x000700000002341d-149.dat	family_kpot
behavioral2/files/0x0007000000023425-201.dat	family_kpot
behavioral2/files/0x0007000000023423-199.dat	family_kpot
behavioral2/files/0x0007000000023424-194.dat	family_kpot
behavioral2/files/0x0007000000023422-192.dat	family_kpot
behavioral2/files/0x0007000000023421-186.dat	family_kpot
behavioral2/files/0x0007000000023420-179.dat	family_kpot
behavioral2/files/0x000700000002341f-173.dat	family_kpot
behavioral2/files/0x000700000002341e-166.dat	family_kpot
behavioral2/files/0x000700000002341c-153.dat	family_kpot
behavioral2/files/0x000700000002341a-140.dat	family_kpot
behavioral2/files/0x0007000000023418-126.dat	family_kpot
behavioral2/files/0x0007000000023416-114.dat	family_kpot
behavioral2/files/0x0007000000023415-107.dat	family_kpot
behavioral2/files/0x0007000000023412-86.dat	family_kpot
behavioral2/files/0x0007000000023411-80.dat	family_kpot
behavioral2/files/0x0007000000023410-78.dat	family_kpot
behavioral2/files/0x000700000002340d-56.dat	family_kpot
behavioral2/files/0x000700000002340c-61.dat	family_kpot
behavioral2/files/0x000700000002340b-44.dat	family_kpot
behavioral2/files/0x0007000000023409-37.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3948-0-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023407-7.dat	xmrig
behavioral2/memory/1388-8-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023402-10.dat	xmrig
behavioral2/files/0x0007000000023406-14.dat	xmrig
behavioral2/files/0x0007000000023408-20.dat	xmrig
behavioral2/files/0x000700000002340a-29.dat	xmrig
behavioral2/memory/3084-46-0x00007FF72A1C0000-0x00007FF72A514000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-57.dat	xmrig
behavioral2/files/0x000700000002340e-65.dat	xmrig
behavioral2/memory/5080-82-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-88.dat	xmrig
behavioral2/memory/3728-95-0x00007FF6B3E10000-0x00007FF6B4164000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-101.dat	xmrig
behavioral2/files/0x0007000000023417-109.dat	xmrig
behavioral2/files/0x0007000000023419-122.dat	xmrig
behavioral2/files/0x000700000002341b-136.dat	xmrig
behavioral2/files/0x000700000002341d-149.dat	xmrig
behavioral2/memory/4996-164-0x00007FF62C850000-0x00007FF62CBA4000-memory.dmp	xmrig
behavioral2/memory/3336-178-0x00007FF7758C0000-0x00007FF775C14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-201.dat	xmrig
behavioral2/files/0x0007000000023423-199.dat	xmrig
behavioral2/memory/2468-196-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp	xmrig
behavioral2/memory/5080-195-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-194.dat	xmrig
behavioral2/files/0x0007000000023422-192.dat	xmrig
behavioral2/memory/4620-191-0x00007FF7C6180000-0x00007FF7C64D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023421-186.dat	xmrig
behavioral2/memory/4540-185-0x00007FF686D80000-0x00007FF6870D4000-memory.dmp	xmrig
behavioral2/memory/5116-184-0x00007FF66F110000-0x00007FF66F464000-memory.dmp	xmrig
behavioral2/files/0x0007000000023420-179.dat	xmrig
behavioral2/files/0x000700000002341f-173.dat	xmrig
behavioral2/memory/4440-172-0x00007FF72B3F0000-0x00007FF72B744000-memory.dmp	xmrig
behavioral2/memory/1668-171-0x00007FF6AECC0000-0x00007FF6AF014000-memory.dmp	xmrig
behavioral2/files/0x000700000002341e-166.dat	xmrig
behavioral2/memory/4104-165-0x00007FF7A8380000-0x00007FF7A86D4000-memory.dmp	xmrig
behavioral2/memory/4644-158-0x00007FF6DEEB0000-0x00007FF6DF204000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-153.dat	xmrig
behavioral2/memory/1460-152-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp	xmrig
behavioral2/memory/4808-146-0x00007FF61EFE0000-0x00007FF61F334000-memory.dmp	xmrig
behavioral2/memory/4496-145-0x00007FF781860000-0x00007FF781BB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-140.dat	xmrig
behavioral2/memory/2456-139-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp	xmrig
behavioral2/memory/4136-133-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp	xmrig
behavioral2/memory/740-132-0x00007FF7922C0000-0x00007FF792614000-memory.dmp	xmrig
behavioral2/memory/1388-131-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-126.dat	xmrig
behavioral2/memory/516-125-0x00007FF740900000-0x00007FF740C54000-memory.dmp	xmrig
behavioral2/memory/3100-119-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp	xmrig
behavioral2/files/0x0007000000023416-114.dat	xmrig
behavioral2/memory/3948-113-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp	xmrig
behavioral2/memory/1344-112-0x00007FF724390000-0x00007FF7246E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-107.dat	xmrig
behavioral2/memory/3856-106-0x00007FF764080000-0x00007FF7643D4000-memory.dmp	xmrig
behavioral2/memory/2468-91-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-86.dat	xmrig
behavioral2/memory/3440-85-0x00007FF757530000-0x00007FF757884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-80.dat	xmrig
behavioral2/files/0x0007000000023410-78.dat	xmrig
behavioral2/memory/1996-76-0x00007FF6C4330000-0x00007FF6C4684000-memory.dmp	xmrig
behavioral2/memory/2868-71-0x00007FF676CD0000-0x00007FF677024000-memory.dmp	xmrig
behavioral2/memory/5116-70-0x00007FF66F110000-0x00007FF66F464000-memory.dmp	xmrig
behavioral2/memory/3384-60-0x00007FF73EEA0000-0x00007FF73F1F4000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-56.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1388	vkXZrvN.exe
740	nsjimbf.exe
4496	QjzqkTp.exe
4996	knvqDOQ.exe
3384	dfnNsuI.exe
3084	glNiBbq.exe
2992	nqoXutR.exe
5116	WMKcVGx.exe
4104	BfacsrA.exe
2868	nRRKOSX.exe
1996	ivzGqlf.exe
5080	Rilyplg.exe
3440	AomtVXL.exe
2468	gciJDwP.exe
3728	tTKpduz.exe
3856	BcvlwMg.exe
3100	XWvMyTx.exe
1344	xNFryco.exe
516	kRybtkx.exe
4136	IQTUESB.exe
2456	nolDeID.exe
4808	fAhjGhJ.exe
1460	aFHPvNa.exe
4644	vdAfBqq.exe
1668	EQrcedm.exe
4440	KOAgvhP.exe
3336	gUZkvxN.exe
4540	qzFHIIk.exe
4620	aNdQuNq.exe
2052	pFatNMZ.exe
4024	LPxutFd.exe
4732	FCrlNPn.exe
1408	lBwKaUB.exe
4160	KQAiABZ.exe
1456	uTBfIkF.exe
624	CZwPRHy.exe
4504	SOfilIj.exe
208	MKXKoqn.exe
2112	diLCgxF.exe
4296	cvSjYXD.exe
4204	eWpqZSX.exe
4388	XKwfuFC.exe
1940	Iabwmes.exe
2204	bIUtOIE.exe
4520	gZBtHUv.exe
5108	LHsGRHz.exe
3208	WbAeSBA.exe
3820	wddimJI.exe
1000	UEuwLmY.exe
2472	lJMlUHB.exe
2056	RNXeiWt.exe
1072	bxjspvD.exe
3908	vqVUdGi.exe
3920	aCldaHQ.exe
5016	WsysolP.exe
4072	nUCjZmP.exe
1264	gWIjkTr.exe
2084	MtOVwnl.exe
5004	EtsGgRV.exe
1532	oOuvfdH.exe
4524	opGGYGg.exe
5100	apssnDK.exe
5128	gZGmreQ.exe
5156	HhNvkQr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3948-0-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp	upx
behavioral2/files/0x0007000000023407-7.dat	upx
behavioral2/memory/1388-8-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp	upx
behavioral2/files/0x0008000000023402-10.dat	upx
behavioral2/files/0x0007000000023406-14.dat	upx
behavioral2/files/0x0007000000023408-20.dat	upx
behavioral2/files/0x000700000002340a-29.dat	upx
behavioral2/memory/3084-46-0x00007FF72A1C0000-0x00007FF72A514000-memory.dmp	upx
behavioral2/files/0x000700000002340f-57.dat	upx
behavioral2/files/0x000700000002340e-65.dat	upx
behavioral2/memory/5080-82-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp	upx
behavioral2/files/0x0007000000023413-88.dat	upx
behavioral2/memory/3728-95-0x00007FF6B3E10000-0x00007FF6B4164000-memory.dmp	upx
behavioral2/files/0x0007000000023414-101.dat	upx
behavioral2/files/0x0007000000023417-109.dat	upx
behavioral2/files/0x0007000000023419-122.dat	upx
behavioral2/files/0x000700000002341b-136.dat	upx
behavioral2/files/0x000700000002341d-149.dat	upx
behavioral2/memory/4996-164-0x00007FF62C850000-0x00007FF62CBA4000-memory.dmp	upx
behavioral2/memory/3336-178-0x00007FF7758C0000-0x00007FF775C14000-memory.dmp	upx
behavioral2/files/0x0007000000023425-201.dat	upx
behavioral2/files/0x0007000000023423-199.dat	upx
behavioral2/memory/2468-196-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp	upx
behavioral2/memory/5080-195-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp	upx
behavioral2/files/0x0007000000023424-194.dat	upx
behavioral2/files/0x0007000000023422-192.dat	upx
behavioral2/memory/4620-191-0x00007FF7C6180000-0x00007FF7C64D4000-memory.dmp	upx
behavioral2/files/0x0007000000023421-186.dat	upx
behavioral2/memory/4540-185-0x00007FF686D80000-0x00007FF6870D4000-memory.dmp	upx
behavioral2/memory/5116-184-0x00007FF66F110000-0x00007FF66F464000-memory.dmp	upx
behavioral2/files/0x0007000000023420-179.dat	upx
behavioral2/files/0x000700000002341f-173.dat	upx
behavioral2/memory/4440-172-0x00007FF72B3F0000-0x00007FF72B744000-memory.dmp	upx
behavioral2/memory/1668-171-0x00007FF6AECC0000-0x00007FF6AF014000-memory.dmp	upx
behavioral2/files/0x000700000002341e-166.dat	upx
behavioral2/memory/4104-165-0x00007FF7A8380000-0x00007FF7A86D4000-memory.dmp	upx
behavioral2/memory/4644-158-0x00007FF6DEEB0000-0x00007FF6DF204000-memory.dmp	upx
behavioral2/files/0x000700000002341c-153.dat	upx
behavioral2/memory/1460-152-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp	upx
behavioral2/memory/4808-146-0x00007FF61EFE0000-0x00007FF61F334000-memory.dmp	upx
behavioral2/memory/4496-145-0x00007FF781860000-0x00007FF781BB4000-memory.dmp	upx
behavioral2/files/0x000700000002341a-140.dat	upx
behavioral2/memory/2456-139-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp	upx
behavioral2/memory/4136-133-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp	upx
behavioral2/memory/740-132-0x00007FF7922C0000-0x00007FF792614000-memory.dmp	upx
behavioral2/memory/1388-131-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp	upx
behavioral2/files/0x0007000000023418-126.dat	upx
behavioral2/memory/516-125-0x00007FF740900000-0x00007FF740C54000-memory.dmp	upx
behavioral2/memory/3100-119-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp	upx
behavioral2/files/0x0007000000023416-114.dat	upx
behavioral2/memory/3948-113-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp	upx
behavioral2/memory/1344-112-0x00007FF724390000-0x00007FF7246E4000-memory.dmp	upx
behavioral2/files/0x0007000000023415-107.dat	upx
behavioral2/memory/3856-106-0x00007FF764080000-0x00007FF7643D4000-memory.dmp	upx
behavioral2/memory/2468-91-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp	upx
behavioral2/files/0x0007000000023412-86.dat	upx
behavioral2/memory/3440-85-0x00007FF757530000-0x00007FF757884000-memory.dmp	upx
behavioral2/files/0x0007000000023411-80.dat	upx
behavioral2/files/0x0007000000023410-78.dat	upx
behavioral2/memory/1996-76-0x00007FF6C4330000-0x00007FF6C4684000-memory.dmp	upx
behavioral2/memory/2868-71-0x00007FF676CD0000-0x00007FF677024000-memory.dmp	upx
behavioral2/memory/5116-70-0x00007FF66F110000-0x00007FF66F464000-memory.dmp	upx
behavioral2/memory/3384-60-0x00007FF73EEA0000-0x00007FF73F1F4000-memory.dmp	upx
behavioral2/files/0x000700000002340d-56.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eWpqZSX.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\UelluAy.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\cHOCQEi.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\lIDMbCH.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\TiXxefc.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\BtlxHNN.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\zjntAAb.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\GwwaSqq.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\rQhOHBh.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\ESPzVSP.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\KOAgvhP.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\RYXqJqy.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\BqlXIRV.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\KQwBalD.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\NFNXtMs.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\prbcxnF.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\EtmqYlL.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\gyoMuTF.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\IGBdYfp.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\GrRNyyz.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\udJnpVK.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\PNZSORW.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\upfctDS.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\gUZkvxN.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\apssnDK.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\BKpEIDe.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\TPESzql.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\oneAnhi.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\IQTUESB.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\RNXeiWt.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\EZlLgVI.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\EUpltzC.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\bheqzyX.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\SWYnhJd.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\JUuQjKI.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\RJWhcZC.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\EpJVwMw.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\xGOTPPS.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\CvdTGec.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\AomtVXL.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\mCGbggC.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\SmhSOIi.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\BVwiaAD.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\ISWedOd.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\vNOBMva.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\oOuvfdH.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\nlgJCHW.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\BODFMLL.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\LTJfDPa.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\nXjZCjE.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\jUpdojE.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\KYTgNdH.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\gAlcMCP.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\nyPsiLV.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\tZHdfdL.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\gXYgBVG.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\ZuJlAzq.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\gZBtHUv.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\RWohorA.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\RKPsbln.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\bhvNffP.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\KLglGSP.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\OPiHBEh.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe
File created	C:\Windows\System\UHrApKi.exe	virussign.com_6c64798148fce0934aec159ecc1b6720.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14436	dwm.exe
Token: SeChangeNotifyPrivilege	14436	dwm.exe
Token: 33	14436	dwm.exe
Token: SeIncBasePriorityPrivilege	14436	dwm.exe
Token: SeShutdownPrivilege	14436	dwm.exe
Token: SeCreatePagefilePrivilege	14436	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 1388	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	84
PID 3948 wrote to memory of 1388	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	84
PID 3948 wrote to memory of 740	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	85
PID 3948 wrote to memory of 740	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	85
PID 3948 wrote to memory of 4496	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	86
PID 3948 wrote to memory of 4496	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	86
PID 3948 wrote to memory of 4996	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	87
PID 3948 wrote to memory of 4996	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	87
PID 3948 wrote to memory of 3384	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	88
PID 3948 wrote to memory of 3384	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	88
PID 3948 wrote to memory of 3084	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	89
PID 3948 wrote to memory of 3084	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	89
PID 3948 wrote to memory of 2992	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	90
PID 3948 wrote to memory of 2992	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	90
PID 3948 wrote to memory of 4104	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	91
PID 3948 wrote to memory of 4104	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	91
PID 3948 wrote to memory of 5116	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	92
PID 3948 wrote to memory of 5116	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	92
PID 3948 wrote to memory of 2868	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	93
PID 3948 wrote to memory of 2868	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	93
PID 3948 wrote to memory of 1996	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	94
PID 3948 wrote to memory of 1996	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	94
PID 3948 wrote to memory of 5080	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	95
PID 3948 wrote to memory of 5080	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	95
PID 3948 wrote to memory of 3440	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	96
PID 3948 wrote to memory of 3440	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	96
PID 3948 wrote to memory of 2468	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	97
PID 3948 wrote to memory of 2468	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	97
PID 3948 wrote to memory of 3728	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	98
PID 3948 wrote to memory of 3728	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	98
PID 3948 wrote to memory of 3856	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	99
PID 3948 wrote to memory of 3856	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	99
PID 3948 wrote to memory of 3100	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	100
PID 3948 wrote to memory of 3100	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	100
PID 3948 wrote to memory of 1344	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	101
PID 3948 wrote to memory of 1344	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	101
PID 3948 wrote to memory of 516	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	102
PID 3948 wrote to memory of 516	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	102
PID 3948 wrote to memory of 4136	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	103
PID 3948 wrote to memory of 4136	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	103
PID 3948 wrote to memory of 2456	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	104
PID 3948 wrote to memory of 2456	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	104
PID 3948 wrote to memory of 4808	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	105
PID 3948 wrote to memory of 4808	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	105
PID 3948 wrote to memory of 1460	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	106
PID 3948 wrote to memory of 1460	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	106
PID 3948 wrote to memory of 4644	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	107
PID 3948 wrote to memory of 4644	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	107
PID 3948 wrote to memory of 1668	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	108
PID 3948 wrote to memory of 1668	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	108
PID 3948 wrote to memory of 4440	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	109
PID 3948 wrote to memory of 4440	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	109
PID 3948 wrote to memory of 3336	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	110
PID 3948 wrote to memory of 3336	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	110
PID 3948 wrote to memory of 4540	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	111
PID 3948 wrote to memory of 4540	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	111
PID 3948 wrote to memory of 4620	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	112
PID 3948 wrote to memory of 4620	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	112
PID 3948 wrote to memory of 2052	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	113
PID 3948 wrote to memory of 2052	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	113
PID 3948 wrote to memory of 4024	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	114
PID 3948 wrote to memory of 4024	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	114
PID 3948 wrote to memory of 4732	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	115
PID 3948 wrote to memory of 4732	3948	virussign.com_6c64798148fce0934aec159ecc1b6720.exe	115

C:\Users\Admin\AppData\Local\Temp\virussign.com_6c64798148fce0934aec159ecc1b6720.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_6c64798148fce0934aec159ecc1b6720.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\System\vkXZrvN.exe
  C:\Windows\System\vkXZrvN.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\nsjimbf.exe
  C:\Windows\System\nsjimbf.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\QjzqkTp.exe
  C:\Windows\System\QjzqkTp.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\knvqDOQ.exe
  C:\Windows\System\knvqDOQ.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\dfnNsuI.exe
  C:\Windows\System\dfnNsuI.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\glNiBbq.exe
  C:\Windows\System\glNiBbq.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\nqoXutR.exe
  C:\Windows\System\nqoXutR.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\BfacsrA.exe
  C:\Windows\System\BfacsrA.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\WMKcVGx.exe
  C:\Windows\System\WMKcVGx.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\nRRKOSX.exe
  C:\Windows\System\nRRKOSX.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ivzGqlf.exe
  C:\Windows\System\ivzGqlf.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\Rilyplg.exe
  C:\Windows\System\Rilyplg.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\AomtVXL.exe
  C:\Windows\System\AomtVXL.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\gciJDwP.exe
  C:\Windows\System\gciJDwP.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\tTKpduz.exe
  C:\Windows\System\tTKpduz.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\BcvlwMg.exe
  C:\Windows\System\BcvlwMg.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\XWvMyTx.exe
  C:\Windows\System\XWvMyTx.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\xNFryco.exe
  C:\Windows\System\xNFryco.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\kRybtkx.exe
  C:\Windows\System\kRybtkx.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\IQTUESB.exe
  C:\Windows\System\IQTUESB.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\nolDeID.exe
  C:\Windows\System\nolDeID.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\fAhjGhJ.exe
  C:\Windows\System\fAhjGhJ.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\aFHPvNa.exe
  C:\Windows\System\aFHPvNa.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\vdAfBqq.exe
  C:\Windows\System\vdAfBqq.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\EQrcedm.exe
  C:\Windows\System\EQrcedm.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\KOAgvhP.exe
  C:\Windows\System\KOAgvhP.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\gUZkvxN.exe
  C:\Windows\System\gUZkvxN.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\qzFHIIk.exe
  C:\Windows\System\qzFHIIk.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\aNdQuNq.exe
  C:\Windows\System\aNdQuNq.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\pFatNMZ.exe
  C:\Windows\System\pFatNMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LPxutFd.exe
  C:\Windows\System\LPxutFd.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\FCrlNPn.exe
  C:\Windows\System\FCrlNPn.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\lBwKaUB.exe
  C:\Windows\System\lBwKaUB.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\KQAiABZ.exe
  C:\Windows\System\KQAiABZ.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\uTBfIkF.exe
  C:\Windows\System\uTBfIkF.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\CZwPRHy.exe
  C:\Windows\System\CZwPRHy.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\SOfilIj.exe
  C:\Windows\System\SOfilIj.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\MKXKoqn.exe
  C:\Windows\System\MKXKoqn.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\diLCgxF.exe
  C:\Windows\System\diLCgxF.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\cvSjYXD.exe
  C:\Windows\System\cvSjYXD.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\eWpqZSX.exe
  C:\Windows\System\eWpqZSX.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\XKwfuFC.exe
  C:\Windows\System\XKwfuFC.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\Iabwmes.exe
  C:\Windows\System\Iabwmes.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\bIUtOIE.exe
  C:\Windows\System\bIUtOIE.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\gZBtHUv.exe
  C:\Windows\System\gZBtHUv.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\LHsGRHz.exe
  C:\Windows\System\LHsGRHz.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\WbAeSBA.exe
  C:\Windows\System\WbAeSBA.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\wddimJI.exe
  C:\Windows\System\wddimJI.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\UEuwLmY.exe
  C:\Windows\System\UEuwLmY.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\lJMlUHB.exe
  C:\Windows\System\lJMlUHB.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\RNXeiWt.exe
  C:\Windows\System\RNXeiWt.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\bxjspvD.exe
  C:\Windows\System\bxjspvD.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\vqVUdGi.exe
  C:\Windows\System\vqVUdGi.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\aCldaHQ.exe
  C:\Windows\System\aCldaHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\WsysolP.exe
  C:\Windows\System\WsysolP.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\nUCjZmP.exe
  C:\Windows\System\nUCjZmP.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\gWIjkTr.exe
  C:\Windows\System\gWIjkTr.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\MtOVwnl.exe
  C:\Windows\System\MtOVwnl.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\EtsGgRV.exe
  C:\Windows\System\EtsGgRV.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\oOuvfdH.exe
  C:\Windows\System\oOuvfdH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\opGGYGg.exe
  C:\Windows\System\opGGYGg.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\apssnDK.exe
  C:\Windows\System\apssnDK.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\gZGmreQ.exe
  C:\Windows\System\gZGmreQ.exe
  2⤵
  - Executes dropped EXE
  PID:5128
- C:\Windows\System\HhNvkQr.exe
  C:\Windows\System\HhNvkQr.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\LSqlVHf.exe
  C:\Windows\System\LSqlVHf.exe
  2⤵
  PID:5184
- C:\Windows\System\UMZmPxC.exe
  C:\Windows\System\UMZmPxC.exe
  2⤵
  PID:5212
- C:\Windows\System\JbEbQjj.exe
  C:\Windows\System\JbEbQjj.exe
  2⤵
  PID:5240
- C:\Windows\System\FgJpDKm.exe
  C:\Windows\System\FgJpDKm.exe
  2⤵
  PID:5268
- C:\Windows\System\fXTVazu.exe
  C:\Windows\System\fXTVazu.exe
  2⤵
  PID:5296
- C:\Windows\System\XsqrgkF.exe
  C:\Windows\System\XsqrgkF.exe
  2⤵
  PID:5324
- C:\Windows\System\RbhRsPG.exe
  C:\Windows\System\RbhRsPG.exe
  2⤵
  PID:5352
- C:\Windows\System\loUfsHi.exe
  C:\Windows\System\loUfsHi.exe
  2⤵
  PID:5380
- C:\Windows\System\LaWnXoM.exe
  C:\Windows\System\LaWnXoM.exe
  2⤵
  PID:5412
- C:\Windows\System\YHhMEsI.exe
  C:\Windows\System\YHhMEsI.exe
  2⤵
  PID:5436
- C:\Windows\System\RIMBVHN.exe
  C:\Windows\System\RIMBVHN.exe
  2⤵
  PID:5464
- C:\Windows\System\VTTESON.exe
  C:\Windows\System\VTTESON.exe
  2⤵
  PID:5492
- C:\Windows\System\JtpGuPI.exe
  C:\Windows\System\JtpGuPI.exe
  2⤵
  PID:5520
- C:\Windows\System\zzTwweL.exe
  C:\Windows\System\zzTwweL.exe
  2⤵
  PID:5548
- C:\Windows\System\ZPeXtks.exe
  C:\Windows\System\ZPeXtks.exe
  2⤵
  PID:5576
- C:\Windows\System\RZeUldr.exe
  C:\Windows\System\RZeUldr.exe
  2⤵
  PID:5604
- C:\Windows\System\oBXCmQl.exe
  C:\Windows\System\oBXCmQl.exe
  2⤵
  PID:5632
- C:\Windows\System\PyeRwpG.exe
  C:\Windows\System\PyeRwpG.exe
  2⤵
  PID:5660
- C:\Windows\System\UAoihpo.exe
  C:\Windows\System\UAoihpo.exe
  2⤵
  PID:5688
- C:\Windows\System\EZlLgVI.exe
  C:\Windows\System\EZlLgVI.exe
  2⤵
  PID:5716
- C:\Windows\System\tkfHNvr.exe
  C:\Windows\System\tkfHNvr.exe
  2⤵
  PID:5744
- C:\Windows\System\bcUGJeb.exe
  C:\Windows\System\bcUGJeb.exe
  2⤵
  PID:5772
- C:\Windows\System\BgLojpT.exe
  C:\Windows\System\BgLojpT.exe
  2⤵
  PID:5800
- C:\Windows\System\pnoHjZK.exe
  C:\Windows\System\pnoHjZK.exe
  2⤵
  PID:5828
- C:\Windows\System\edOiGAR.exe
  C:\Windows\System\edOiGAR.exe
  2⤵
  PID:5856
- C:\Windows\System\RWohorA.exe
  C:\Windows\System\RWohorA.exe
  2⤵
  PID:5884
- C:\Windows\System\cfFEZgf.exe
  C:\Windows\System\cfFEZgf.exe
  2⤵
  PID:5912
- C:\Windows\System\DvyEPDA.exe
  C:\Windows\System\DvyEPDA.exe
  2⤵
  PID:5940
- C:\Windows\System\kHuatTy.exe
  C:\Windows\System\kHuatTy.exe
  2⤵
  PID:5968
- C:\Windows\System\uiSvkAA.exe
  C:\Windows\System\uiSvkAA.exe
  2⤵
  PID:5996
- C:\Windows\System\UcIzWvM.exe
  C:\Windows\System\UcIzWvM.exe
  2⤵
  PID:6024
- C:\Windows\System\prEDbKI.exe
  C:\Windows\System\prEDbKI.exe
  2⤵
  PID:6052
- C:\Windows\System\EUpltzC.exe
  C:\Windows\System\EUpltzC.exe
  2⤵
  PID:6080
- C:\Windows\System\rbdGaTY.exe
  C:\Windows\System\rbdGaTY.exe
  2⤵
  PID:6108
- C:\Windows\System\cHBPVUv.exe
  C:\Windows\System\cHBPVUv.exe
  2⤵
  PID:6136
- C:\Windows\System\eAAdhZb.exe
  C:\Windows\System\eAAdhZb.exe
  2⤵
  PID:4460
- C:\Windows\System\GYUvPUi.exe
  C:\Windows\System\GYUvPUi.exe
  2⤵
  PID:3388
- C:\Windows\System\qfZxvyh.exe
  C:\Windows\System\qfZxvyh.exe
  2⤵
  PID:3952
- C:\Windows\System\nnMoMIM.exe
  C:\Windows\System\nnMoMIM.exe
  2⤵
  PID:592
- C:\Windows\System\xjuaGDs.exe
  C:\Windows\System\xjuaGDs.exe
  2⤵
  PID:3840
- C:\Windows\System\MUmWReM.exe
  C:\Windows\System\MUmWReM.exe
  2⤵
  PID:1092
- C:\Windows\System\iphHHRu.exe
  C:\Windows\System\iphHHRu.exe
  2⤵
  PID:3376
- C:\Windows\System\gJZEFqE.exe
  C:\Windows\System\gJZEFqE.exe
  2⤵
  PID:5176
- C:\Windows\System\MhxLJTm.exe
  C:\Windows\System\MhxLJTm.exe
  2⤵
  PID:5252
- C:\Windows\System\eZWKZbr.exe
  C:\Windows\System\eZWKZbr.exe
  2⤵
  PID:5312
- C:\Windows\System\rZdBACA.exe
  C:\Windows\System\rZdBACA.exe
  2⤵
  PID:5372
- C:\Windows\System\qdTjypI.exe
  C:\Windows\System\qdTjypI.exe
  2⤵
  PID:5448
- C:\Windows\System\aSpbKIZ.exe
  C:\Windows\System\aSpbKIZ.exe
  2⤵
  PID:5508
- C:\Windows\System\EqcIneq.exe
  C:\Windows\System\EqcIneq.exe
  2⤵
  PID:5568
- C:\Windows\System\IAwmzor.exe
  C:\Windows\System\IAwmzor.exe
  2⤵
  PID:5644
- C:\Windows\System\iHoZPDM.exe
  C:\Windows\System\iHoZPDM.exe
  2⤵
  PID:5704
- C:\Windows\System\morWAgA.exe
  C:\Windows\System\morWAgA.exe
  2⤵
  PID:5764
- C:\Windows\System\fHTmLHM.exe
  C:\Windows\System\fHTmLHM.exe
  2⤵
  PID:5840
- C:\Windows\System\pFGDunk.exe
  C:\Windows\System\pFGDunk.exe
  2⤵
  PID:5900
- C:\Windows\System\mrWKfdZ.exe
  C:\Windows\System\mrWKfdZ.exe
  2⤵
  PID:5956
- C:\Windows\System\SVMKQJY.exe
  C:\Windows\System\SVMKQJY.exe
  2⤵
  PID:6036
- C:\Windows\System\rDASTQL.exe
  C:\Windows\System\rDASTQL.exe
  2⤵
  PID:6096
- C:\Windows\System\xhnbcfk.exe
  C:\Windows\System\xhnbcfk.exe
  2⤵
  PID:1112
- C:\Windows\System\SKZgFyQ.exe
  C:\Windows\System\SKZgFyQ.exe
  2⤵
  PID:4972
- C:\Windows\System\qankghg.exe
  C:\Windows\System\qankghg.exe
  2⤵
  PID:4648
- C:\Windows\System\uCGLIJY.exe
  C:\Windows\System\uCGLIJY.exe
  2⤵
  PID:6164
- C:\Windows\System\oPMKUXy.exe
  C:\Windows\System\oPMKUXy.exe
  2⤵
  PID:6192
- C:\Windows\System\NNPJgkq.exe
  C:\Windows\System\NNPJgkq.exe
  2⤵
  PID:6220
- C:\Windows\System\lbiHlNm.exe
  C:\Windows\System\lbiHlNm.exe
  2⤵
  PID:6248
- C:\Windows\System\pfUSNWi.exe
  C:\Windows\System\pfUSNWi.exe
  2⤵
  PID:6276
- C:\Windows\System\SddRqMJ.exe
  C:\Windows\System\SddRqMJ.exe
  2⤵
  PID:6304
- C:\Windows\System\buHbnDh.exe
  C:\Windows\System\buHbnDh.exe
  2⤵
  PID:6332
- C:\Windows\System\cpQmTwN.exe
  C:\Windows\System\cpQmTwN.exe
  2⤵
  PID:6360
- C:\Windows\System\VWxYzhw.exe
  C:\Windows\System\VWxYzhw.exe
  2⤵
  PID:6388
- C:\Windows\System\MzKZaDe.exe
  C:\Windows\System\MzKZaDe.exe
  2⤵
  PID:6420
- C:\Windows\System\hTGfzvB.exe
  C:\Windows\System\hTGfzvB.exe
  2⤵
  PID:6444
- C:\Windows\System\HQnKqXn.exe
  C:\Windows\System\HQnKqXn.exe
  2⤵
  PID:6472
- C:\Windows\System\ecffpQl.exe
  C:\Windows\System\ecffpQl.exe
  2⤵
  PID:6500
- C:\Windows\System\dPnKMdy.exe
  C:\Windows\System\dPnKMdy.exe
  2⤵
  PID:6528
- C:\Windows\System\bheqzyX.exe
  C:\Windows\System\bheqzyX.exe
  2⤵
  PID:6556
- C:\Windows\System\TEUDvGM.exe
  C:\Windows\System\TEUDvGM.exe
  2⤵
  PID:6584
- C:\Windows\System\DktpNCI.exe
  C:\Windows\System\DktpNCI.exe
  2⤵
  PID:6612
- C:\Windows\System\EWAAZac.exe
  C:\Windows\System\EWAAZac.exe
  2⤵
  PID:6640
- C:\Windows\System\QuHyFIz.exe
  C:\Windows\System\QuHyFIz.exe
  2⤵
  PID:6668
- C:\Windows\System\RYXqJqy.exe
  C:\Windows\System\RYXqJqy.exe
  2⤵
  PID:6696
- C:\Windows\System\jJgqvKP.exe
  C:\Windows\System\jJgqvKP.exe
  2⤵
  PID:6724
- C:\Windows\System\WgRlpbM.exe
  C:\Windows\System\WgRlpbM.exe
  2⤵
  PID:6752
- C:\Windows\System\VxTJnmH.exe
  C:\Windows\System\VxTJnmH.exe
  2⤵
  PID:6784
- C:\Windows\System\iuMkjNI.exe
  C:\Windows\System\iuMkjNI.exe
  2⤵
  PID:6808
- C:\Windows\System\fvqibvb.exe
  C:\Windows\System\fvqibvb.exe
  2⤵
  PID:6836
- C:\Windows\System\FeOLRKJ.exe
  C:\Windows\System\FeOLRKJ.exe
  2⤵
  PID:6864
- C:\Windows\System\vcHCAeJ.exe
  C:\Windows\System\vcHCAeJ.exe
  2⤵
  PID:6892
- C:\Windows\System\fnOGjQH.exe
  C:\Windows\System\fnOGjQH.exe
  2⤵
  PID:6920
- C:\Windows\System\fKZmLmZ.exe
  C:\Windows\System\fKZmLmZ.exe
  2⤵
  PID:6948
- C:\Windows\System\QHNgzIl.exe
  C:\Windows\System\QHNgzIl.exe
  2⤵
  PID:6976
- C:\Windows\System\pRzAOvh.exe
  C:\Windows\System\pRzAOvh.exe
  2⤵
  PID:7004
- C:\Windows\System\KPGOfor.exe
  C:\Windows\System\KPGOfor.exe
  2⤵
  PID:7032
- C:\Windows\System\jLVKVWx.exe
  C:\Windows\System\jLVKVWx.exe
  2⤵
  PID:7060
- C:\Windows\System\RweCbxt.exe
  C:\Windows\System\RweCbxt.exe
  2⤵
  PID:7088
- C:\Windows\System\gaKJLYK.exe
  C:\Windows\System\gaKJLYK.exe
  2⤵
  PID:7116
- C:\Windows\System\BtlxHNN.exe
  C:\Windows\System\BtlxHNN.exe
  2⤵
  PID:7148
- C:\Windows\System\OPRcVIU.exe
  C:\Windows\System\OPRcVIU.exe
  2⤵
  PID:2684
- C:\Windows\System\CgUdaCf.exe
  C:\Windows\System\CgUdaCf.exe
  2⤵
  PID:5280
- C:\Windows\System\CsaDVYV.exe
  C:\Windows\System\CsaDVYV.exe
  2⤵
  PID:5420
- C:\Windows\System\hLQIWyx.exe
  C:\Windows\System\hLQIWyx.exe
  2⤵
  PID:5560
- C:\Windows\System\qPXkvfO.exe
  C:\Windows\System\qPXkvfO.exe
  2⤵
  PID:5680
- C:\Windows\System\rQcyOkw.exe
  C:\Windows\System\rQcyOkw.exe
  2⤵
  PID:5816
- C:\Windows\System\xcsfxlL.exe
  C:\Windows\System\xcsfxlL.exe
  2⤵
  PID:5988
- C:\Windows\System\GSMMlXe.exe
  C:\Windows\System\GSMMlXe.exe
  2⤵
  PID:6124
- C:\Windows\System\BqyyyTC.exe
  C:\Windows\System\BqyyyTC.exe
  2⤵
  PID:628
- C:\Windows\System\xWMuvcs.exe
  C:\Windows\System\xWMuvcs.exe
  2⤵
  PID:6184
- C:\Windows\System\teAjaHn.exe
  C:\Windows\System\teAjaHn.exe
  2⤵
  PID:6260
- C:\Windows\System\QjjmJbe.exe
  C:\Windows\System\QjjmJbe.exe
  2⤵
  PID:6320
- C:\Windows\System\wvNFVbf.exe
  C:\Windows\System\wvNFVbf.exe
  2⤵
  PID:6380
- C:\Windows\System\SYGOrDW.exe
  C:\Windows\System\SYGOrDW.exe
  2⤵
  PID:6456
- C:\Windows\System\UelluAy.exe
  C:\Windows\System\UelluAy.exe
  2⤵
  PID:6492
- C:\Windows\System\JniCBzO.exe
  C:\Windows\System\JniCBzO.exe
  2⤵
  PID:6568
- C:\Windows\System\PLGuQoP.exe
  C:\Windows\System\PLGuQoP.exe
  2⤵
  PID:6628
- C:\Windows\System\TNZeVRF.exe
  C:\Windows\System\TNZeVRF.exe
  2⤵
  PID:6688
- C:\Windows\System\DESrStX.exe
  C:\Windows\System\DESrStX.exe
  2⤵
  PID:6744
- C:\Windows\System\zjntAAb.exe
  C:\Windows\System\zjntAAb.exe
  2⤵
  PID:6820
- C:\Windows\System\fznygBZ.exe
  C:\Windows\System\fznygBZ.exe
  2⤵
  PID:6880
- C:\Windows\System\uNeaKmC.exe
  C:\Windows\System\uNeaKmC.exe
  2⤵
  PID:6940
- C:\Windows\System\ZfhYaEE.exe
  C:\Windows\System\ZfhYaEE.exe
  2⤵
  PID:7016
- C:\Windows\System\QMwROxw.exe
  C:\Windows\System\QMwROxw.exe
  2⤵
  PID:7076
- C:\Windows\System\iprCGzM.exe
  C:\Windows\System\iprCGzM.exe
  2⤵
  PID:7144
- C:\Windows\System\PLpoTGz.exe
  C:\Windows\System\PLpoTGz.exe
  2⤵
  PID:5340
- C:\Windows\System\FYfNNHM.exe
  C:\Windows\System\FYfNNHM.exe
  2⤵
  PID:1268
- C:\Windows\System\febHyHI.exe
  C:\Windows\System\febHyHI.exe
  2⤵
  PID:5928
- C:\Windows\System\ehPXSPL.exe
  C:\Windows\System\ehPXSPL.exe
  2⤵
  PID:4912
- C:\Windows\System\dpsehyE.exe
  C:\Windows\System\dpsehyE.exe
  2⤵
  PID:6288
- C:\Windows\System\MYvpqPK.exe
  C:\Windows\System\MYvpqPK.exe
  2⤵
  PID:6428
- C:\Windows\System\gulaJCR.exe
  C:\Windows\System\gulaJCR.exe
  2⤵
  PID:7176
- C:\Windows\System\uZichKn.exe
  C:\Windows\System\uZichKn.exe
  2⤵
  PID:7204
- C:\Windows\System\NlvQoWP.exe
  C:\Windows\System\NlvQoWP.exe
  2⤵
  PID:7232
- C:\Windows\System\OifGErG.exe
  C:\Windows\System\OifGErG.exe
  2⤵
  PID:7260
- C:\Windows\System\mCGbggC.exe
  C:\Windows\System\mCGbggC.exe
  2⤵
  PID:7288
- C:\Windows\System\DbJnHvh.exe
  C:\Windows\System\DbJnHvh.exe
  2⤵
  PID:7316
- C:\Windows\System\pGWseIw.exe
  C:\Windows\System\pGWseIw.exe
  2⤵
  PID:7344
- C:\Windows\System\jcevTRi.exe
  C:\Windows\System\jcevTRi.exe
  2⤵
  PID:7372
- C:\Windows\System\JhonvTQ.exe
  C:\Windows\System\JhonvTQ.exe
  2⤵
  PID:7400
- C:\Windows\System\wWiMpTw.exe
  C:\Windows\System\wWiMpTw.exe
  2⤵
  PID:7428
- C:\Windows\System\vVzSgvS.exe
  C:\Windows\System\vVzSgvS.exe
  2⤵
  PID:7452
- C:\Windows\System\HDSngxw.exe
  C:\Windows\System\HDSngxw.exe
  2⤵
  PID:7484
- C:\Windows\System\TJJOFvx.exe
  C:\Windows\System\TJJOFvx.exe
  2⤵
  PID:7512
- C:\Windows\System\tObcnFE.exe
  C:\Windows\System\tObcnFE.exe
  2⤵
  PID:7540
- C:\Windows\System\lxJargf.exe
  C:\Windows\System\lxJargf.exe
  2⤵
  PID:7568
- C:\Windows\System\CxnvqSg.exe
  C:\Windows\System\CxnvqSg.exe
  2⤵
  PID:7596
- C:\Windows\System\ullTDrh.exe
  C:\Windows\System\ullTDrh.exe
  2⤵
  PID:7624
- C:\Windows\System\cEYigwG.exe
  C:\Windows\System\cEYigwG.exe
  2⤵
  PID:7652
- C:\Windows\System\WURUsMG.exe
  C:\Windows\System\WURUsMG.exe
  2⤵
  PID:7680
- C:\Windows\System\DogTsnq.exe
  C:\Windows\System\DogTsnq.exe
  2⤵
  PID:7708
- C:\Windows\System\boWKrMx.exe
  C:\Windows\System\boWKrMx.exe
  2⤵
  PID:7736
- C:\Windows\System\lrTMXDa.exe
  C:\Windows\System\lrTMXDa.exe
  2⤵
  PID:7764
- C:\Windows\System\unMwKLu.exe
  C:\Windows\System\unMwKLu.exe
  2⤵
  PID:7792
- C:\Windows\System\DQKZeqR.exe
  C:\Windows\System\DQKZeqR.exe
  2⤵
  PID:7820
- C:\Windows\System\yBxkFvP.exe
  C:\Windows\System\yBxkFvP.exe
  2⤵
  PID:7848
- C:\Windows\System\LToSdOo.exe
  C:\Windows\System\LToSdOo.exe
  2⤵
  PID:7876
- C:\Windows\System\MfMmRia.exe
  C:\Windows\System\MfMmRia.exe
  2⤵
  PID:7904
- C:\Windows\System\PNCKZiy.exe
  C:\Windows\System\PNCKZiy.exe
  2⤵
  PID:7932
- C:\Windows\System\xweJDPL.exe
  C:\Windows\System\xweJDPL.exe
  2⤵
  PID:7960
- C:\Windows\System\uRhulgI.exe
  C:\Windows\System\uRhulgI.exe
  2⤵
  PID:7988
- C:\Windows\System\HOWzXdQ.exe
  C:\Windows\System\HOWzXdQ.exe
  2⤵
  PID:8016
- C:\Windows\System\bLgfVmR.exe
  C:\Windows\System\bLgfVmR.exe
  2⤵
  PID:8044
- C:\Windows\System\SmhSOIi.exe
  C:\Windows\System\SmhSOIi.exe
  2⤵
  PID:8072
- C:\Windows\System\evxRJwU.exe
  C:\Windows\System\evxRJwU.exe
  2⤵
  PID:8100
- C:\Windows\System\UvAjGoq.exe
  C:\Windows\System\UvAjGoq.exe
  2⤵
  PID:8128
- C:\Windows\System\ZoKlIAK.exe
  C:\Windows\System\ZoKlIAK.exe
  2⤵
  PID:8156
- C:\Windows\System\HLIIfyh.exe
  C:\Windows\System\HLIIfyh.exe
  2⤵
  PID:8184
- C:\Windows\System\nyPsiLV.exe
  C:\Windows\System\nyPsiLV.exe
  2⤵
  PID:6656
- C:\Windows\System\KxVgeEp.exe
  C:\Windows\System\KxVgeEp.exe
  2⤵
  PID:6792
- C:\Windows\System\RQUnXst.exe
  C:\Windows\System\RQUnXst.exe
  2⤵
  PID:6912
- C:\Windows\System\BODFMLL.exe
  C:\Windows\System\BODFMLL.exe
  2⤵
  PID:7048
- C:\Windows\System\oYZUozt.exe
  C:\Windows\System\oYZUozt.exe
  2⤵
  PID:3368
- C:\Windows\System\yNAouQP.exe
  C:\Windows\System\yNAouQP.exe
  2⤵
  PID:5792
- C:\Windows\System\bWBGuxC.exe
  C:\Windows\System\bWBGuxC.exe
  2⤵
  PID:2928
- C:\Windows\System\CsgbFiw.exe
  C:\Windows\System\CsgbFiw.exe
  2⤵
  PID:6372
- C:\Windows\System\esercOT.exe
  C:\Windows\System\esercOT.exe
  2⤵
  PID:7196
- C:\Windows\System\EzKQTOm.exe
  C:\Windows\System\EzKQTOm.exe
  2⤵
  PID:7252
- C:\Windows\System\RAzcLxV.exe
  C:\Windows\System\RAzcLxV.exe
  2⤵
  PID:7328
- C:\Windows\System\EZBRGmT.exe
  C:\Windows\System\EZBRGmT.exe
  2⤵
  PID:7388
- C:\Windows\System\YJgxCkJ.exe
  C:\Windows\System\YJgxCkJ.exe
  2⤵
  PID:7448
- C:\Windows\System\nlgJCHW.exe
  C:\Windows\System\nlgJCHW.exe
  2⤵
  PID:7524
- C:\Windows\System\tqmFNGl.exe
  C:\Windows\System\tqmFNGl.exe
  2⤵
  PID:7584
- C:\Windows\System\gzndZlL.exe
  C:\Windows\System\gzndZlL.exe
  2⤵
  PID:7644
- C:\Windows\System\ooVqMna.exe
  C:\Windows\System\ooVqMna.exe
  2⤵
  PID:7700
- C:\Windows\System\iEmKXSp.exe
  C:\Windows\System\iEmKXSp.exe
  2⤵
  PID:7756
- C:\Windows\System\OPsgGQg.exe
  C:\Windows\System\OPsgGQg.exe
  2⤵
  PID:7808
- C:\Windows\System\sOqjaYb.exe
  C:\Windows\System\sOqjaYb.exe
  2⤵
  PID:7864
- C:\Windows\System\HepfWUD.exe
  C:\Windows\System\HepfWUD.exe
  2⤵
  PID:7924
- C:\Windows\System\FkQQAiB.exe
  C:\Windows\System\FkQQAiB.exe
  2⤵
  PID:8000
- C:\Windows\System\JhvlXkn.exe
  C:\Windows\System\JhvlXkn.exe
  2⤵
  PID:8056
- C:\Windows\System\HrnutbV.exe
  C:\Windows\System\HrnutbV.exe
  2⤵
  PID:8116
- C:\Windows\System\FiWnyWe.exe
  C:\Windows\System\FiWnyWe.exe
  2⤵
  PID:8176
- C:\Windows\System\UbzbkqX.exe
  C:\Windows\System\UbzbkqX.exe
  2⤵
  PID:6852
- C:\Windows\System\JsSnwNY.exe
  C:\Windows\System\JsSnwNY.exe
  2⤵
  PID:6992
- C:\Windows\System\zItVvPX.exe
  C:\Windows\System\zItVvPX.exe
  2⤵
  PID:2752
- C:\Windows\System\SWYnhJd.exe
  C:\Windows\System\SWYnhJd.exe
  2⤵
  PID:6348
- C:\Windows\System\cHOCQEi.exe
  C:\Windows\System\cHOCQEi.exe
  2⤵
  PID:7244
- C:\Windows\System\RVCAcsw.exe
  C:\Windows\System\RVCAcsw.exe
  2⤵
  PID:7416
- C:\Windows\System\jMbOuTJ.exe
  C:\Windows\System\jMbOuTJ.exe
  2⤵
  PID:7556
- C:\Windows\System\KCOABNC.exe
  C:\Windows\System\KCOABNC.exe
  2⤵
  PID:7692
- C:\Windows\System\nhqxKwM.exe
  C:\Windows\System\nhqxKwM.exe
  2⤵
  PID:1376
- C:\Windows\System\EtWkXVo.exe
  C:\Windows\System\EtWkXVo.exe
  2⤵
  PID:7892
- C:\Windows\System\fNikPTh.exe
  C:\Windows\System\fNikPTh.exe
  2⤵
  PID:8008
- C:\Windows\System\NZKSJnF.exe
  C:\Windows\System\NZKSJnF.exe
  2⤵
  PID:8144
- C:\Windows\System\BVwiaAD.exe
  C:\Windows\System\BVwiaAD.exe
  2⤵
  PID:4004
- C:\Windows\System\rTorDpN.exe
  C:\Windows\System\rTorDpN.exe
  2⤵
  PID:6064
- C:\Windows\System\vPqnIrr.exe
  C:\Windows\System\vPqnIrr.exe
  2⤵
  PID:8196
- C:\Windows\System\MeCCXlw.exe
  C:\Windows\System\MeCCXlw.exe
  2⤵
  PID:8216
- C:\Windows\System\rICQxYU.exe
  C:\Windows\System\rICQxYU.exe
  2⤵
  PID:8244
- C:\Windows\System\qxKpfeq.exe
  C:\Windows\System\qxKpfeq.exe
  2⤵
  PID:8272
- C:\Windows\System\ndUzUIv.exe
  C:\Windows\System\ndUzUIv.exe
  2⤵
  PID:8300
- C:\Windows\System\FUnIKvL.exe
  C:\Windows\System\FUnIKvL.exe
  2⤵
  PID:8328
- C:\Windows\System\ajGHORj.exe
  C:\Windows\System\ajGHORj.exe
  2⤵
  PID:8356
- C:\Windows\System\plPMwNg.exe
  C:\Windows\System\plPMwNg.exe
  2⤵
  PID:8384
- C:\Windows\System\ClLMgdZ.exe
  C:\Windows\System\ClLMgdZ.exe
  2⤵
  PID:8412
- C:\Windows\System\tGdxKqp.exe
  C:\Windows\System\tGdxKqp.exe
  2⤵
  PID:8440
- C:\Windows\System\JYefjHs.exe
  C:\Windows\System\JYefjHs.exe
  2⤵
  PID:8468
- C:\Windows\System\iEVhIPu.exe
  C:\Windows\System\iEVhIPu.exe
  2⤵
  PID:8496
- C:\Windows\System\mBdNfzi.exe
  C:\Windows\System\mBdNfzi.exe
  2⤵
  PID:8524
- C:\Windows\System\xpyPjpw.exe
  C:\Windows\System\xpyPjpw.exe
  2⤵
  PID:8552
- C:\Windows\System\VgNwGLa.exe
  C:\Windows\System\VgNwGLa.exe
  2⤵
  PID:8580
- C:\Windows\System\RKPsbln.exe
  C:\Windows\System\RKPsbln.exe
  2⤵
  PID:8608
- C:\Windows\System\WQWVAIx.exe
  C:\Windows\System\WQWVAIx.exe
  2⤵
  PID:8636
- C:\Windows\System\bhvNffP.exe
  C:\Windows\System\bhvNffP.exe
  2⤵
  PID:8664
- C:\Windows\System\TwNYMjg.exe
  C:\Windows\System\TwNYMjg.exe
  2⤵
  PID:8692
- C:\Windows\System\PlKXgnd.exe
  C:\Windows\System\PlKXgnd.exe
  2⤵
  PID:8720
- C:\Windows\System\jQOCQne.exe
  C:\Windows\System\jQOCQne.exe
  2⤵
  PID:8748
- C:\Windows\System\FWETGuN.exe
  C:\Windows\System\FWETGuN.exe
  2⤵
  PID:8776
- C:\Windows\System\UcuUjLg.exe
  C:\Windows\System\UcuUjLg.exe
  2⤵
  PID:8804
- C:\Windows\System\ZePjxdz.exe
  C:\Windows\System\ZePjxdz.exe
  2⤵
  PID:8832
- C:\Windows\System\XOwhVvb.exe
  C:\Windows\System\XOwhVvb.exe
  2⤵
  PID:8864
- C:\Windows\System\sehbYDs.exe
  C:\Windows\System\sehbYDs.exe
  2⤵
  PID:8888
- C:\Windows\System\wifnWvj.exe
  C:\Windows\System\wifnWvj.exe
  2⤵
  PID:8916
- C:\Windows\System\LJkMKtw.exe
  C:\Windows\System\LJkMKtw.exe
  2⤵
  PID:8944
- C:\Windows\System\otcpVzj.exe
  C:\Windows\System\otcpVzj.exe
  2⤵
  PID:8972
- C:\Windows\System\aDVHmdf.exe
  C:\Windows\System\aDVHmdf.exe
  2⤵
  PID:9000
- C:\Windows\System\OeShLEt.exe
  C:\Windows\System\OeShLEt.exe
  2⤵
  PID:9028
- C:\Windows\System\SHLnsuJ.exe
  C:\Windows\System\SHLnsuJ.exe
  2⤵
  PID:9056
- C:\Windows\System\SSckWjr.exe
  C:\Windows\System\SSckWjr.exe
  2⤵
  PID:9084
- C:\Windows\System\KLglGSP.exe
  C:\Windows\System\KLglGSP.exe
  2⤵
  PID:9112
- C:\Windows\System\EKfPEfw.exe
  C:\Windows\System\EKfPEfw.exe
  2⤵
  PID:9140
- C:\Windows\System\lJosFxq.exe
  C:\Windows\System\lJosFxq.exe
  2⤵
  PID:9168
- C:\Windows\System\DZmbulD.exe
  C:\Windows\System\DZmbulD.exe
  2⤵
  PID:9196
- C:\Windows\System\reeJcTR.exe
  C:\Windows\System\reeJcTR.exe
  2⤵
  PID:7360
- C:\Windows\System\wnEjhUT.exe
  C:\Windows\System\wnEjhUT.exe
  2⤵
  PID:7616
- C:\Windows\System\UufhuXb.exe
  C:\Windows\System\UufhuXb.exe
  2⤵
  PID:7832
- C:\Windows\System\eOKDqVd.exe
  C:\Windows\System\eOKDqVd.exe
  2⤵
  PID:8084
- C:\Windows\System\KQwBalD.exe
  C:\Windows\System\KQwBalD.exe
  2⤵
  PID:4076
- C:\Windows\System\BPBfFhy.exe
  C:\Windows\System\BPBfFhy.exe
  2⤵
  PID:8212
- C:\Windows\System\jfzEbXD.exe
  C:\Windows\System\jfzEbXD.exe
  2⤵
  PID:4672
- C:\Windows\System\QtSgNPf.exe
  C:\Windows\System\QtSgNPf.exe
  2⤵
  PID:1768
- C:\Windows\System\PTPdigU.exe
  C:\Windows\System\PTPdigU.exe
  2⤵
  PID:5088
- C:\Windows\System\oPizgGj.exe
  C:\Windows\System\oPizgGj.exe
  2⤵
  PID:8372
- C:\Windows\System\qwVoMqG.exe
  C:\Windows\System\qwVoMqG.exe
  2⤵
  PID:8404
- C:\Windows\System\dPLbkan.exe
  C:\Windows\System\dPLbkan.exe
  2⤵
  PID:8460
- C:\Windows\System\SBLNiIM.exe
  C:\Windows\System\SBLNiIM.exe
  2⤵
  PID:8512
- C:\Windows\System\mNrWnZc.exe
  C:\Windows\System\mNrWnZc.exe
  2⤵
  PID:8564
- C:\Windows\System\xPuhrpn.exe
  C:\Windows\System\xPuhrpn.exe
  2⤵
  PID:3748
- C:\Windows\System\LMXGIgt.exe
  C:\Windows\System\LMXGIgt.exe
  2⤵
  PID:468
- C:\Windows\System\YICQaaa.exe
  C:\Windows\System\YICQaaa.exe
  2⤵
  PID:8820
- C:\Windows\System\kobHPLT.exe
  C:\Windows\System\kobHPLT.exe
  2⤵
  PID:8848
- C:\Windows\System\JytqTIZ.exe
  C:\Windows\System\JytqTIZ.exe
  2⤵
  PID:8900
- C:\Windows\System\yhttUjy.exe
  C:\Windows\System\yhttUjy.exe
  2⤵
  PID:8932
- C:\Windows\System\qAkNGPW.exe
  C:\Windows\System\qAkNGPW.exe
  2⤵
  PID:9044
- C:\Windows\System\RJROvZt.exe
  C:\Windows\System\RJROvZt.exe
  2⤵
  PID:9096
- C:\Windows\System\sOOCkLA.exe
  C:\Windows\System\sOOCkLA.exe
  2⤵
  PID:9208
- C:\Windows\System\OPiHBEh.exe
  C:\Windows\System\OPiHBEh.exe
  2⤵
  PID:7356
- C:\Windows\System\AnxSBGT.exe
  C:\Windows\System\AnxSBGT.exe
  2⤵
  PID:4880
- C:\Windows\System\ZjfJeKH.exe
  C:\Windows\System\ZjfJeKH.exe
  2⤵
  PID:4452
- C:\Windows\System\ApzKFIu.exe
  C:\Windows\System\ApzKFIu.exe
  2⤵
  PID:2408
- C:\Windows\System\tZHdfdL.exe
  C:\Windows\System\tZHdfdL.exe
  2⤵
  PID:4464
- C:\Windows\System\YfoEiNH.exe
  C:\Windows\System\YfoEiNH.exe
  2⤵
  PID:536
- C:\Windows\System\FLegonC.exe
  C:\Windows\System\FLegonC.exe
  2⤵
  PID:816
- C:\Windows\System\ZlpvtUZ.exe
  C:\Windows\System\ZlpvtUZ.exe
  2⤵
  PID:8488
- C:\Windows\System\tuaLjJZ.exe
  C:\Windows\System\tuaLjJZ.exe
  2⤵
  PID:4940
- C:\Windows\System\nYjGckO.exe
  C:\Windows\System\nYjGckO.exe
  2⤵
  PID:1992
- C:\Windows\System\XcOgDHn.exe
  C:\Windows\System\XcOgDHn.exe
  2⤵
  PID:1972
- C:\Windows\System\oJnIOmS.exe
  C:\Windows\System\oJnIOmS.exe
  2⤵
  PID:5056
- C:\Windows\System\gyoMuTF.exe
  C:\Windows\System\gyoMuTF.exe
  2⤵
  PID:5068
- C:\Windows\System\BLBpwyz.exe
  C:\Windows\System\BLBpwyz.exe
  2⤵
  PID:8816
- C:\Windows\System\LtnbNRI.exe
  C:\Windows\System\LtnbNRI.exe
  2⤵
  PID:9016
- C:\Windows\System\Ywvifri.exe
  C:\Windows\System\Ywvifri.exe
  2⤵
  PID:9132
- C:\Windows\System\yokaXSl.exe
  C:\Windows\System\yokaXSl.exe
  2⤵
  PID:2596
- C:\Windows\System\ieISBhN.exe
  C:\Windows\System\ieISBhN.exe
  2⤵
  PID:8284
- C:\Windows\System\eAnphhG.exe
  C:\Windows\System\eAnphhG.exe
  2⤵
  PID:8432
- C:\Windows\System\sySgXlX.exe
  C:\Windows\System\sySgXlX.exe
  2⤵
  PID:4680
- C:\Windows\System\NFNXtMs.exe
  C:\Windows\System\NFNXtMs.exe
  2⤵
  PID:2960
- C:\Windows\System\nzqPPyR.exe
  C:\Windows\System\nzqPPyR.exe
  2⤵
  PID:3404
- C:\Windows\System\CuszVLV.exe
  C:\Windows\System\CuszVLV.exe
  2⤵
  PID:5064
- C:\Windows\System\zrXpTWz.exe
  C:\Windows\System\zrXpTWz.exe
  2⤵
  PID:9076
- C:\Windows\System\StNtAGe.exe
  C:\Windows\System\StNtAGe.exe
  2⤵
  PID:8320
- C:\Windows\System\DmgyXCw.exe
  C:\Windows\System\DmgyXCw.exe
  2⤵
  PID:8508
- C:\Windows\System\gvGJrdp.exe
  C:\Windows\System\gvGJrdp.exe
  2⤵
  PID:8992
- C:\Windows\System\pWZUpxE.exe
  C:\Windows\System\pWZUpxE.exe
  2⤵
  PID:9224
- C:\Windows\System\FRzLUCe.exe
  C:\Windows\System\FRzLUCe.exe
  2⤵
  PID:9252
- C:\Windows\System\KAwFYjW.exe
  C:\Windows\System\KAwFYjW.exe
  2⤵
  PID:9276
- C:\Windows\System\FsgTDHY.exe
  C:\Windows\System\FsgTDHY.exe
  2⤵
  PID:9292
- C:\Windows\System\cuDDloc.exe
  C:\Windows\System\cuDDloc.exe
  2⤵
  PID:9380
- C:\Windows\System\vKHExwn.exe
  C:\Windows\System\vKHExwn.exe
  2⤵
  PID:9420
- C:\Windows\System\rtHzJAF.exe
  C:\Windows\System\rtHzJAF.exe
  2⤵
  PID:9448
- C:\Windows\System\cleCnIf.exe
  C:\Windows\System\cleCnIf.exe
  2⤵
  PID:9476
- C:\Windows\System\hCvnRzz.exe
  C:\Windows\System\hCvnRzz.exe
  2⤵
  PID:9504
- C:\Windows\System\JgBnnGM.exe
  C:\Windows\System\JgBnnGM.exe
  2⤵
  PID:9532
- C:\Windows\System\GwwaSqq.exe
  C:\Windows\System\GwwaSqq.exe
  2⤵
  PID:9572
- C:\Windows\System\jyaXRnr.exe
  C:\Windows\System\jyaXRnr.exe
  2⤵
  PID:9588
- C:\Windows\System\TfdOHKc.exe
  C:\Windows\System\TfdOHKc.exe
  2⤵
  PID:9616
- C:\Windows\System\MDEUlUy.exe
  C:\Windows\System\MDEUlUy.exe
  2⤵
  PID:9644
- C:\Windows\System\hAfHvji.exe
  C:\Windows\System\hAfHvji.exe
  2⤵
  PID:9672
- C:\Windows\System\xeGwHKv.exe
  C:\Windows\System\xeGwHKv.exe
  2⤵
  PID:9692
- C:\Windows\System\fBSlZZw.exe
  C:\Windows\System\fBSlZZw.exe
  2⤵
  PID:9728
- C:\Windows\System\IGBdYfp.exe
  C:\Windows\System\IGBdYfp.exe
  2⤵
  PID:9756
- C:\Windows\System\YuNzjPz.exe
  C:\Windows\System\YuNzjPz.exe
  2⤵
  PID:9784
- C:\Windows\System\TPESzql.exe
  C:\Windows\System\TPESzql.exe
  2⤵
  PID:9804
- C:\Windows\System\hXxesIP.exe
  C:\Windows\System\hXxesIP.exe
  2⤵
  PID:9828
- C:\Windows\System\pGroOXW.exe
  C:\Windows\System\pGroOXW.exe
  2⤵
  PID:9864
- C:\Windows\System\xtFQDBy.exe
  C:\Windows\System\xtFQDBy.exe
  2⤵
  PID:9884
- C:\Windows\System\sslRqWV.exe
  C:\Windows\System\sslRqWV.exe
  2⤵
  PID:9908
- C:\Windows\System\rBgucDY.exe
  C:\Windows\System\rBgucDY.exe
  2⤵
  PID:9936
- C:\Windows\System\asCVPaj.exe
  C:\Windows\System\asCVPaj.exe
  2⤵
  PID:9992
- C:\Windows\System\LTJfDPa.exe
  C:\Windows\System\LTJfDPa.exe
  2⤵
  PID:10020
- C:\Windows\System\GrRNyyz.exe
  C:\Windows\System\GrRNyyz.exe
  2⤵
  PID:10036
- C:\Windows\System\szNdvqg.exe
  C:\Windows\System\szNdvqg.exe
  2⤵
  PID:10064
- C:\Windows\System\bKTnTRv.exe
  C:\Windows\System\bKTnTRv.exe
  2⤵
  PID:10092
- C:\Windows\System\VGzZgNb.exe
  C:\Windows\System\VGzZgNb.exe
  2⤵
  PID:10120
- C:\Windows\System\ISWedOd.exe
  C:\Windows\System\ISWedOd.exe
  2⤵
  PID:10148
- C:\Windows\System\dpLGgVN.exe
  C:\Windows\System\dpLGgVN.exe
  2⤵
  PID:10188
- C:\Windows\System\UzyyAZc.exe
  C:\Windows\System\UzyyAZc.exe
  2⤵
  PID:10216
- C:\Windows\System\WDgwFZP.exe
  C:\Windows\System\WDgwFZP.exe
  2⤵
  PID:3124
- C:\Windows\System\Jkshglo.exe
  C:\Windows\System\Jkshglo.exe
  2⤵
  PID:9268
- C:\Windows\System\PDJRNUZ.exe
  C:\Windows\System\PDJRNUZ.exe
  2⤵
  PID:9236
- C:\Windows\System\WDHSegN.exe
  C:\Windows\System\WDHSegN.exe
  2⤵
  PID:9264
- C:\Windows\System\aOwmubn.exe
  C:\Windows\System\aOwmubn.exe
  2⤵
  PID:9364
- C:\Windows\System\oMXndMG.exe
  C:\Windows\System\oMXndMG.exe
  2⤵
  PID:9440
- C:\Windows\System\RCwgRTK.exe
  C:\Windows\System\RCwgRTK.exe
  2⤵
  PID:9492
- C:\Windows\System\hCzVXxZ.exe
  C:\Windows\System\hCzVXxZ.exe
  2⤵
  PID:9552
- C:\Windows\System\oneAnhi.exe
  C:\Windows\System\oneAnhi.exe
  2⤵
  PID:9628
- C:\Windows\System\BKpEIDe.exe
  C:\Windows\System\BKpEIDe.exe
  2⤵
  PID:9688
- C:\Windows\System\vRQvwtH.exe
  C:\Windows\System\vRQvwtH.exe
  2⤵
  PID:9752
- C:\Windows\System\oJZJten.exe
  C:\Windows\System\oJZJten.exe
  2⤵
  PID:9852
- C:\Windows\System\JPmOvnu.exe
  C:\Windows\System\JPmOvnu.exe
  2⤵
  PID:9900
- C:\Windows\System\tjzdCxA.exe
  C:\Windows\System\tjzdCxA.exe
  2⤵
  PID:9976
- C:\Windows\System\AyZnfcj.exe
  C:\Windows\System\AyZnfcj.exe
  2⤵
  PID:10032
- C:\Windows\System\dchOMQc.exe
  C:\Windows\System\dchOMQc.exe
  2⤵
  PID:10112
- C:\Windows\System\FWjlkre.exe
  C:\Windows\System\FWjlkre.exe
  2⤵
  PID:10132
- C:\Windows\System\sHUwjtt.exe
  C:\Windows\System\sHUwjtt.exe
  2⤵
  PID:10212
- C:\Windows\System\QoVITli.exe
  C:\Windows\System\QoVITli.exe
  2⤵
  PID:756
- C:\Windows\System\fUAZuCE.exe
  C:\Windows\System\fUAZuCE.exe
  2⤵
  PID:9356
- C:\Windows\System\qAqiFzQ.exe
  C:\Windows\System\qAqiFzQ.exe
  2⤵
  PID:9520
- C:\Windows\System\EaPRLHB.exe
  C:\Windows\System\EaPRLHB.exe
  2⤵
  PID:9684
- C:\Windows\System\rBCgaMn.exe
  C:\Windows\System\rBCgaMn.exe
  2⤵
  PID:9880
- C:\Windows\System\EaolvNB.exe
  C:\Windows\System\EaolvNB.exe
  2⤵
  PID:9968
- C:\Windows\System\dwQUyZn.exe
  C:\Windows\System\dwQUyZn.exe
  2⤵
  PID:10200
- C:\Windows\System\oJXDfxB.exe
  C:\Windows\System\oJXDfxB.exe
  2⤵
  PID:9244
- C:\Windows\System\ZZAjXDD.exe
  C:\Windows\System\ZZAjXDD.exe
  2⤵
  PID:9636
- C:\Windows\System\IQpPqxh.exe
  C:\Windows\System\IQpPqxh.exe
  2⤵
  PID:10016
- C:\Windows\System\HuuqKsM.exe
  C:\Windows\System\HuuqKsM.exe
  2⤵
  PID:9608
- C:\Windows\System\FwrciMe.exe
  C:\Windows\System\FwrciMe.exe
  2⤵
  PID:9324
- C:\Windows\System\mgNAkSA.exe
  C:\Windows\System\mgNAkSA.exe
  2⤵
  PID:10268
- C:\Windows\System\XNhrTcj.exe
  C:\Windows\System\XNhrTcj.exe
  2⤵
  PID:10316
- C:\Windows\System\ZxZmLXk.exe
  C:\Windows\System\ZxZmLXk.exe
  2⤵
  PID:10336
- C:\Windows\System\MyhUhmd.exe
  C:\Windows\System\MyhUhmd.exe
  2⤵
  PID:10364
- C:\Windows\System\YgurQqK.exe
  C:\Windows\System\YgurQqK.exe
  2⤵
  PID:10380
- C:\Windows\System\bZPaLQj.exe
  C:\Windows\System\bZPaLQj.exe
  2⤵
  PID:10412
- C:\Windows\System\iYeMlSK.exe
  C:\Windows\System\iYeMlSK.exe
  2⤵
  PID:10448
- C:\Windows\System\uvneBgk.exe
  C:\Windows\System\uvneBgk.exe
  2⤵
  PID:10480
- C:\Windows\System\swpHhlN.exe
  C:\Windows\System\swpHhlN.exe
  2⤵
  PID:10508
- C:\Windows\System\DZdPZvO.exe
  C:\Windows\System\DZdPZvO.exe
  2⤵
  PID:10528
- C:\Windows\System\mPqKVeI.exe
  C:\Windows\System\mPqKVeI.exe
  2⤵
  PID:10576
- C:\Windows\System\oJmsPUf.exe
  C:\Windows\System\oJmsPUf.exe
  2⤵
  PID:10604
- C:\Windows\System\oxyMLZp.exe
  C:\Windows\System\oxyMLZp.exe
  2⤵
  PID:10628
- C:\Windows\System\RsswDUK.exe
  C:\Windows\System\RsswDUK.exe
  2⤵
  PID:10652
- C:\Windows\System\uSzZShp.exe
  C:\Windows\System\uSzZShp.exe
  2⤵
  PID:10684
- C:\Windows\System\PUCAgEg.exe
  C:\Windows\System\PUCAgEg.exe
  2⤵
  PID:10720
- C:\Windows\System\btjfsvy.exe
  C:\Windows\System\btjfsvy.exe
  2⤵
  PID:10740
- C:\Windows\System\EVcRunG.exe
  C:\Windows\System\EVcRunG.exe
  2⤵
  PID:10764
- C:\Windows\System\XiQIqJP.exe
  C:\Windows\System\XiQIqJP.exe
  2⤵
  PID:10780
- C:\Windows\System\GavZOhR.exe
  C:\Windows\System\GavZOhR.exe
  2⤵
  PID:10820
- C:\Windows\System\nXjZCjE.exe
  C:\Windows\System\nXjZCjE.exe
  2⤵
  PID:10868
- C:\Windows\System\myCLeeM.exe
  C:\Windows\System\myCLeeM.exe
  2⤵
  PID:10900
- C:\Windows\System\ubacZNy.exe
  C:\Windows\System\ubacZNy.exe
  2⤵
  PID:10916
- C:\Windows\System\UKCjfWe.exe
  C:\Windows\System\UKCjfWe.exe
  2⤵
  PID:10940
- C:\Windows\System\RglfOcm.exe
  C:\Windows\System\RglfOcm.exe
  2⤵
  PID:10972
- C:\Windows\System\SVpospR.exe
  C:\Windows\System\SVpospR.exe
  2⤵
  PID:11000
- C:\Windows\System\QehPYyA.exe
  C:\Windows\System\QehPYyA.exe
  2⤵
  PID:11028
- C:\Windows\System\ViUZGJv.exe
  C:\Windows\System\ViUZGJv.exe
  2⤵
  PID:11056
- C:\Windows\System\mvTeHSv.exe
  C:\Windows\System\mvTeHSv.exe
  2⤵
  PID:11072
- C:\Windows\System\FyQXVvo.exe
  C:\Windows\System\FyQXVvo.exe
  2⤵
  PID:11092
- C:\Windows\System\VcXAHmz.exe
  C:\Windows\System\VcXAHmz.exe
  2⤵
  PID:11116
- C:\Windows\System\xeayFsu.exe
  C:\Windows\System\xeayFsu.exe
  2⤵
  PID:11172
- C:\Windows\System\yKShwWV.exe
  C:\Windows\System\yKShwWV.exe
  2⤵
  PID:11196
- C:\Windows\System\JUuQjKI.exe
  C:\Windows\System\JUuQjKI.exe
  2⤵
  PID:11220
- C:\Windows\System\bFyDbPi.exe
  C:\Windows\System\bFyDbPi.exe
  2⤵
  PID:11252
- C:\Windows\System\HovpKSI.exe
  C:\Windows\System\HovpKSI.exe
  2⤵
  PID:10260
- C:\Windows\System\oEnNnek.exe
  C:\Windows\System\oEnNnek.exe
  2⤵
  PID:10328
- C:\Windows\System\rVPYyJQ.exe
  C:\Windows\System\rVPYyJQ.exe
  2⤵
  PID:10352
- C:\Windows\System\HoqEoeI.exe
  C:\Windows\System\HoqEoeI.exe
  2⤵
  PID:10436
- C:\Windows\System\BCBxHKq.exe
  C:\Windows\System\BCBxHKq.exe
  2⤵
  PID:10560
- C:\Windows\System\vNOBMva.exe
  C:\Windows\System\vNOBMva.exe
  2⤵
  PID:10592
- C:\Windows\System\owyJzDc.exe
  C:\Windows\System\owyJzDc.exe
  2⤵
  PID:10668
- C:\Windows\System\xlfzzpV.exe
  C:\Windows\System\xlfzzpV.exe
  2⤵
  PID:10752
- C:\Windows\System\EukakOr.exe
  C:\Windows\System\EukakOr.exe
  2⤵
  PID:10800
- C:\Windows\System\fdvcznq.exe
  C:\Windows\System\fdvcznq.exe
  2⤵
  PID:10852
- C:\Windows\System\jndHGQQ.exe
  C:\Windows\System\jndHGQQ.exe
  2⤵
  PID:10928
- C:\Windows\System\FHczrZU.exe
  C:\Windows\System\FHczrZU.exe
  2⤵
  PID:11020
- C:\Windows\System\jUpdojE.exe
  C:\Windows\System\jUpdojE.exe
  2⤵
  PID:11104
- C:\Windows\System\YWsBvGw.exe
  C:\Windows\System\YWsBvGw.exe
  2⤵
  PID:11164
- C:\Windows\System\kiBcPUE.exe
  C:\Windows\System\kiBcPUE.exe
  2⤵
  PID:11208
- C:\Windows\System\uDubzjf.exe
  C:\Windows\System\uDubzjf.exe
  2⤵
  PID:9720
- C:\Windows\System\zZRKyLw.exe
  C:\Windows\System\zZRKyLw.exe
  2⤵
  PID:10376
- C:\Windows\System\rgfwrFl.exe
  C:\Windows\System\rgfwrFl.exe
  2⤵
  PID:10556
- C:\Windows\System\RDZwrVz.exe
  C:\Windows\System\RDZwrVz.exe
  2⤵
  PID:10664
- C:\Windows\System\sKDjFoJ.exe
  C:\Windows\System\sKDjFoJ.exe
  2⤵
  PID:10984
- C:\Windows\System\DKBwrlI.exe
  C:\Windows\System\DKBwrlI.exe
  2⤵
  PID:11044
- C:\Windows\System\vdszgkH.exe
  C:\Windows\System\vdszgkH.exe
  2⤵
  PID:11084
- C:\Windows\System\UrLNaNc.exe
  C:\Windows\System\UrLNaNc.exe
  2⤵
  PID:10356
- C:\Windows\System\DGecwQQ.exe
  C:\Windows\System\DGecwQQ.exe
  2⤵
  PID:10324
- C:\Windows\System\UbhwBlB.exe
  C:\Windows\System\UbhwBlB.exe
  2⤵
  PID:10892
- C:\Windows\System\qHoiLic.exe
  C:\Windows\System\qHoiLic.exe
  2⤵
  PID:10252
- C:\Windows\System\wWflIRE.exe
  C:\Windows\System\wWflIRE.exe
  2⤵
  PID:10772
- C:\Windows\System\aedLQkL.exe
  C:\Windows\System\aedLQkL.exe
  2⤵
  PID:11308
- C:\Windows\System\qgyngLP.exe
  C:\Windows\System\qgyngLP.exe
  2⤵
  PID:11328
- C:\Windows\System\vwXvZbg.exe
  C:\Windows\System\vwXvZbg.exe
  2⤵
  PID:11356
- C:\Windows\System\fhonrXm.exe
  C:\Windows\System\fhonrXm.exe
  2⤵
  PID:11380
- C:\Windows\System\ULcbgYy.exe
  C:\Windows\System\ULcbgYy.exe
  2⤵
  PID:11408
- C:\Windows\System\OPBfbud.exe
  C:\Windows\System\OPBfbud.exe
  2⤵
  PID:11448
- C:\Windows\System\udJnpVK.exe
  C:\Windows\System\udJnpVK.exe
  2⤵
  PID:11464
- C:\Windows\System\wilcsJW.exe
  C:\Windows\System\wilcsJW.exe
  2⤵
  PID:11504
- C:\Windows\System\MzwKlLU.exe
  C:\Windows\System\MzwKlLU.exe
  2⤵
  PID:11532
- C:\Windows\System\ZSmUfsZ.exe
  C:\Windows\System\ZSmUfsZ.exe
  2⤵
  PID:11548
- C:\Windows\System\QQkyTib.exe
  C:\Windows\System\QQkyTib.exe
  2⤵
  PID:11588
- C:\Windows\System\kPYIsOa.exe
  C:\Windows\System\kPYIsOa.exe
  2⤵
  PID:11616
- C:\Windows\System\TENdHef.exe
  C:\Windows\System\TENdHef.exe
  2⤵
  PID:11632
- C:\Windows\System\UIRCCsq.exe
  C:\Windows\System\UIRCCsq.exe
  2⤵
  PID:11660
- C:\Windows\System\nfGQCze.exe
  C:\Windows\System\nfGQCze.exe
  2⤵
  PID:11688
- C:\Windows\System\CzNnvbx.exe
  C:\Windows\System\CzNnvbx.exe
  2⤵
  PID:11716
- C:\Windows\System\msIhuum.exe
  C:\Windows\System\msIhuum.exe
  2⤵
  PID:11736
- C:\Windows\System\lIDMbCH.exe
  C:\Windows\System\lIDMbCH.exe
  2⤵
  PID:11772
- C:\Windows\System\IMZBkFa.exe
  C:\Windows\System\IMZBkFa.exe
  2⤵
  PID:11812
- C:\Windows\System\CVWGCpl.exe
  C:\Windows\System\CVWGCpl.exe
  2⤵
  PID:11828
- C:\Windows\System\SwwoEQy.exe
  C:\Windows\System\SwwoEQy.exe
  2⤵
  PID:11868
- C:\Windows\System\tqpCZzT.exe
  C:\Windows\System\tqpCZzT.exe
  2⤵
  PID:11888
- C:\Windows\System\zPhFFIM.exe
  C:\Windows\System\zPhFFIM.exe
  2⤵
  PID:11912
- C:\Windows\System\cgiVkWP.exe
  C:\Windows\System\cgiVkWP.exe
  2⤵
  PID:11944
- C:\Windows\System\dBvRDqU.exe
  C:\Windows\System\dBvRDqU.exe
  2⤵
  PID:11972
- C:\Windows\System\xAcHzyT.exe
  C:\Windows\System\xAcHzyT.exe
  2⤵
  PID:12000
- C:\Windows\System\jSQsbin.exe
  C:\Windows\System\jSQsbin.exe
  2⤵
  PID:12028
- C:\Windows\System\IibkFqo.exe
  C:\Windows\System\IibkFqo.exe
  2⤵
  PID:12048
- C:\Windows\System\TsDrPpZ.exe
  C:\Windows\System\TsDrPpZ.exe
  2⤵
  PID:12076
- C:\Windows\System\zYinDvh.exe
  C:\Windows\System\zYinDvh.exe
  2⤵
  PID:12108
- C:\Windows\System\ezKcIxz.exe
  C:\Windows\System\ezKcIxz.exe
  2⤵
  PID:12136
- C:\Windows\System\uQbGaIB.exe
  C:\Windows\System\uQbGaIB.exe
  2⤵
  PID:12168
- C:\Windows\System\bujsSdo.exe
  C:\Windows\System\bujsSdo.exe
  2⤵
  PID:12200
- C:\Windows\System\DRwsYDG.exe
  C:\Windows\System\DRwsYDG.exe
  2⤵
  PID:12228
- C:\Windows\System\keCYDfF.exe
  C:\Windows\System\keCYDfF.exe
  2⤵
  PID:12264
- C:\Windows\System\IyGLTNV.exe
  C:\Windows\System\IyGLTNV.exe
  2⤵
  PID:11268
- C:\Windows\System\dgqhklG.exe
  C:\Windows\System\dgqhklG.exe
  2⤵
  PID:11324
- C:\Windows\System\ZARiwCb.exe
  C:\Windows\System\ZARiwCb.exe
  2⤵
  PID:11348
- C:\Windows\System\gWqGmLh.exe
  C:\Windows\System\gWqGmLh.exe
  2⤵
  PID:11440
- C:\Windows\System\YJTFcmU.exe
  C:\Windows\System\YJTFcmU.exe
  2⤵
  PID:11500
- C:\Windows\System\OrUezLL.exe
  C:\Windows\System\OrUezLL.exe
  2⤵
  PID:11544
- C:\Windows\System\enphAoU.exe
  C:\Windows\System\enphAoU.exe
  2⤵
  PID:10860
- C:\Windows\System\FmypGrt.exe
  C:\Windows\System\FmypGrt.exe
  2⤵
  PID:11656
- C:\Windows\System\WGeOADV.exe
  C:\Windows\System\WGeOADV.exe
  2⤵
  PID:11744
- C:\Windows\System\OKhWihL.exe
  C:\Windows\System\OKhWihL.exe
  2⤵
  PID:11820
- C:\Windows\System\ZdjZpDT.exe
  C:\Windows\System\ZdjZpDT.exe
  2⤵
  PID:11860
- C:\Windows\System\WFtTDgi.exe
  C:\Windows\System\WFtTDgi.exe
  2⤵
  PID:11960
- C:\Windows\System\LnkbFlh.exe
  C:\Windows\System\LnkbFlh.exe
  2⤵
  PID:11940
- C:\Windows\System\EkWhHtH.exe
  C:\Windows\System\EkWhHtH.exe
  2⤵
  PID:12072
- C:\Windows\System\KrRoNVf.exe
  C:\Windows\System\KrRoNVf.exe
  2⤵
  PID:12092
- C:\Windows\System\tABbtUZ.exe
  C:\Windows\System\tABbtUZ.exe
  2⤵
  PID:12192
- C:\Windows\System\GzyzGJu.exe
  C:\Windows\System\GzyzGJu.exe
  2⤵
  PID:12248
- C:\Windows\System\UGjJwjx.exe
  C:\Windows\System\UGjJwjx.exe
  2⤵
  PID:11296
- C:\Windows\System\hatBmvF.exe
  C:\Windows\System\hatBmvF.exe
  2⤵
  PID:11484
- C:\Windows\System\cBIIQfV.exe
  C:\Windows\System\cBIIQfV.exe
  2⤵
  PID:11644
- C:\Windows\System\rQhOHBh.exe
  C:\Windows\System\rQhOHBh.exe
  2⤵
  PID:11864
- C:\Windows\System\toslNzH.exe
  C:\Windows\System\toslNzH.exe
  2⤵
  PID:11896
- C:\Windows\System\iEAujUL.exe
  C:\Windows\System\iEAujUL.exe
  2⤵
  PID:12124
- C:\Windows\System\EPHdUgy.exe
  C:\Windows\System\EPHdUgy.exe
  2⤵
  PID:12220
- C:\Windows\System\gQZKZjE.exe
  C:\Windows\System\gQZKZjE.exe
  2⤵
  PID:11528
- C:\Windows\System\prbcxnF.exe
  C:\Windows\System\prbcxnF.exe
  2⤵
  PID:12044
- C:\Windows\System\LeSeAfQ.exe
  C:\Windows\System\LeSeAfQ.exe
  2⤵
  PID:12216
- C:\Windows\System\lRUXkPv.exe
  C:\Windows\System\lRUXkPv.exe
  2⤵
  PID:11796
- C:\Windows\System\ExLlEYT.exe
  C:\Windows\System\ExLlEYT.exe
  2⤵
  PID:11424
- C:\Windows\System\fWnmgSO.exe
  C:\Windows\System\fWnmgSO.exe
  2⤵
  PID:12324
- C:\Windows\System\EqTFYiQ.exe
  C:\Windows\System\EqTFYiQ.exe
  2⤵
  PID:12340
- C:\Windows\System\ZmTtdMH.exe
  C:\Windows\System\ZmTtdMH.exe
  2⤵
  PID:12356
- C:\Windows\System\RJWhcZC.exe
  C:\Windows\System\RJWhcZC.exe
  2⤵
  PID:12408
- C:\Windows\System\kMYOsEj.exe
  C:\Windows\System\kMYOsEj.exe
  2⤵
  PID:12436
- C:\Windows\System\PNZSORW.exe
  C:\Windows\System\PNZSORW.exe
  2⤵
  PID:12452
- C:\Windows\System\TiXxefc.exe
  C:\Windows\System\TiXxefc.exe
  2⤵
  PID:12472
- C:\Windows\System\qRZdrit.exe
  C:\Windows\System\qRZdrit.exe
  2⤵
  PID:12504
- C:\Windows\System\FiqJWFE.exe
  C:\Windows\System\FiqJWFE.exe
  2⤵
  PID:12532
- C:\Windows\System\ooPCyUe.exe
  C:\Windows\System\ooPCyUe.exe
  2⤵
  PID:12560
- C:\Windows\System\JWJAkEc.exe
  C:\Windows\System\JWJAkEc.exe
  2⤵
  PID:12592
- C:\Windows\System\bOvasrk.exe
  C:\Windows\System\bOvasrk.exe
  2⤵
  PID:12632
- C:\Windows\System\BnaPfex.exe
  C:\Windows\System\BnaPfex.exe
  2⤵
  PID:12660
- C:\Windows\System\zwgSVmO.exe
  C:\Windows\System\zwgSVmO.exe
  2⤵
  PID:12688
- C:\Windows\System\pJSduLq.exe
  C:\Windows\System\pJSduLq.exe
  2⤵
  PID:12712
- C:\Windows\System\hocdhHM.exe
  C:\Windows\System\hocdhHM.exe
  2⤵
  PID:12744
- C:\Windows\System\gyApaxc.exe
  C:\Windows\System\gyApaxc.exe
  2⤵
  PID:12760
- C:\Windows\System\kraeZcf.exe
  C:\Windows\System\kraeZcf.exe
  2⤵
  PID:12788
- C:\Windows\System\JlJCsbX.exe
  C:\Windows\System\JlJCsbX.exe
  2⤵
  PID:12816
- C:\Windows\System\DdgANCW.exe
  C:\Windows\System\DdgANCW.exe
  2⤵
  PID:12852
- C:\Windows\System\zcFrJuy.exe
  C:\Windows\System\zcFrJuy.exe
  2⤵
  PID:12884
- C:\Windows\System\menchai.exe
  C:\Windows\System\menchai.exe
  2⤵
  PID:12912
- C:\Windows\System\GMWegnQ.exe
  C:\Windows\System\GMWegnQ.exe
  2⤵
  PID:12928
- C:\Windows\System\eTwHeKE.exe
  C:\Windows\System\eTwHeKE.exe
  2⤵
  PID:12960
- C:\Windows\System\cacwWKH.exe
  C:\Windows\System\cacwWKH.exe
  2⤵
  PID:12980
- C:\Windows\System\WzgHqCA.exe
  C:\Windows\System\WzgHqCA.exe
  2⤵
  PID:13004
- C:\Windows\System\yhkMvwY.exe
  C:\Windows\System\yhkMvwY.exe
  2⤵
  PID:13028
- C:\Windows\System\FDdWyQF.exe
  C:\Windows\System\FDdWyQF.exe
  2⤵
  PID:13060
- C:\Windows\System\egKedoi.exe
  C:\Windows\System\egKedoi.exe
  2⤵
  PID:13124
- C:\Windows\System\rXzOkGQ.exe
  C:\Windows\System\rXzOkGQ.exe
  2⤵
  PID:13140
- C:\Windows\System\hcHfpZd.exe
  C:\Windows\System\hcHfpZd.exe
  2⤵
  PID:13156
- C:\Windows\System\tAXYVea.exe
  C:\Windows\System\tAXYVea.exe
  2⤵
  PID:13176
- C:\Windows\System\gwftKua.exe
  C:\Windows\System\gwftKua.exe
  2⤵
  PID:13224
- C:\Windows\System\ZmLdJOz.exe
  C:\Windows\System\ZmLdJOz.exe
  2⤵
  PID:13240
- C:\Windows\System\uzIuoUQ.exe
  C:\Windows\System\uzIuoUQ.exe
  2⤵
  PID:13268
- C:\Windows\System\CsiQcJQ.exe
  C:\Windows\System\CsiQcJQ.exe
  2⤵
  PID:13296
- C:\Windows\System\vKrSowR.exe
  C:\Windows\System\vKrSowR.exe
  2⤵
  PID:12296
- C:\Windows\System\IsbwUQu.exe
  C:\Windows\System\IsbwUQu.exe
  2⤵
  PID:12400
- C:\Windows\System\KboNZBf.exe
  C:\Windows\System\KboNZBf.exe
  2⤵
  PID:12444
- C:\Windows\System\lLKGxOC.exe
  C:\Windows\System\lLKGxOC.exe
  2⤵
  PID:12528
- C:\Windows\System\gKNKynn.exe
  C:\Windows\System\gKNKynn.exe
  2⤵
  PID:12580
- C:\Windows\System\LNytLjj.exe
  C:\Windows\System\LNytLjj.exe
  2⤵
  PID:12680
- C:\Windows\System\lUchGTI.exe
  C:\Windows\System\lUchGTI.exe
  2⤵
  PID:12708
- C:\Windows\System\vNZhWmn.exe
  C:\Windows\System\vNZhWmn.exe
  2⤵
  PID:12800
- C:\Windows\System\QUcQgpx.exe
  C:\Windows\System\QUcQgpx.exe
  2⤵
  PID:12812
- C:\Windows\System\dZmNCuj.exe
  C:\Windows\System\dZmNCuj.exe
  2⤵
  PID:12896
- C:\Windows\System\HRTCEjQ.exe
  C:\Windows\System\HRTCEjQ.exe
  2⤵
  PID:1540
- C:\Windows\System\TRszvnZ.exe
  C:\Windows\System\TRszvnZ.exe
  2⤵
  PID:12996
- C:\Windows\System\hsEZYzU.exe
  C:\Windows\System\hsEZYzU.exe
  2⤵
  PID:13040
- C:\Windows\System\lEPmcji.exe
  C:\Windows\System\lEPmcji.exe
  2⤵
  PID:13152
- C:\Windows\System\vwEzueh.exe
  C:\Windows\System\vwEzueh.exe
  2⤵
  PID:13172
- C:\Windows\System\uRVUOUR.exe
  C:\Windows\System\uRVUOUR.exe
  2⤵
  PID:13252
- C:\Windows\System\yfuugsG.exe
  C:\Windows\System\yfuugsG.exe
  2⤵
  PID:12348
- C:\Windows\System\NEAeqKH.exe
  C:\Windows\System\NEAeqKH.exe
  2⤵
  PID:12384
- C:\Windows\System\wlhWBHC.exe
  C:\Windows\System\wlhWBHC.exe
  2⤵
  PID:12428
- C:\Windows\System\mHRLpVS.exe
  C:\Windows\System\mHRLpVS.exe
  2⤵
  PID:12648
- C:\Windows\System\VmwoOUv.exe
  C:\Windows\System\VmwoOUv.exe
  2⤵
  PID:12780
- C:\Windows\System\CsEjMeq.exe
  C:\Windows\System\CsEjMeq.exe
  2⤵
  PID:12976
- C:\Windows\System\awUXnrV.exe
  C:\Windows\System\awUXnrV.exe
  2⤵
  PID:1108
- C:\Windows\System\upfctDS.exe
  C:\Windows\System\upfctDS.exe
  2⤵
  PID:13232
- C:\Windows\System\cexSEGi.exe
  C:\Windows\System\cexSEGi.exe
  2⤵
  PID:13308
- C:\Windows\System\pIwZgcA.exe
  C:\Windows\System\pIwZgcA.exe
  2⤵
  PID:12424
- C:\Windows\System\gfggOWg.exe
  C:\Windows\System\gfggOWg.exe
  2⤵
  PID:12900
- C:\Windows\System\paEVmQl.exe
  C:\Windows\System\paEVmQl.exe
  2⤵
  PID:13196
- C:\Windows\System\LztRseE.exe
  C:\Windows\System\LztRseE.exe
  2⤵
  PID:12336
- C:\Windows\System\WxplbRY.exe
  C:\Windows\System\WxplbRY.exe
  2⤵
  PID:13208
- C:\Windows\System\gfMuntn.exe
  C:\Windows\System\gfMuntn.exe
  2⤵
  PID:13320
- C:\Windows\System\KYTgNdH.exe
  C:\Windows\System\KYTgNdH.exe
  2⤵
  PID:13352
- C:\Windows\System\dbqhnFE.exe
  C:\Windows\System\dbqhnFE.exe
  2⤵
  PID:13392
- C:\Windows\System\CvdTGec.exe
  C:\Windows\System\CvdTGec.exe
  2⤵
  PID:13420
- C:\Windows\System\jExEHnL.exe
  C:\Windows\System\jExEHnL.exe
  2⤵
  PID:13448
- C:\Windows\System\UXukefg.exe
  C:\Windows\System\UXukefg.exe
  2⤵
  PID:13488
- C:\Windows\System\MRDBrZl.exe
  C:\Windows\System\MRDBrZl.exe
  2⤵
  PID:13508
- C:\Windows\System\YQNfdcq.exe
  C:\Windows\System\YQNfdcq.exe
  2⤵
  PID:13540
- C:\Windows\System\PeLFnal.exe
  C:\Windows\System\PeLFnal.exe
  2⤵
  PID:13560
- C:\Windows\System\BkOJojH.exe
  C:\Windows\System\BkOJojH.exe
  2⤵
  PID:13588
- C:\Windows\System\vQYsFKS.exe
  C:\Windows\System\vQYsFKS.exe
  2⤵
  PID:13624
- C:\Windows\System\UcSmZGT.exe
  C:\Windows\System\UcSmZGT.exe
  2⤵
  PID:13640
- C:\Windows\System\GkaHTEj.exe
  C:\Windows\System\GkaHTEj.exe
  2⤵
  PID:13684
- C:\Windows\System\zClanKu.exe
  C:\Windows\System\zClanKu.exe
  2⤵
  PID:13720
- C:\Windows\System\RxrLkOs.exe
  C:\Windows\System\RxrLkOs.exe
  2⤵
  PID:13760
- C:\Windows\System\UHrApKi.exe
  C:\Windows\System\UHrApKi.exe
  2⤵
  PID:13776
- C:\Windows\System\zcSOeJT.exe
  C:\Windows\System\zcSOeJT.exe
  2⤵
  PID:13792
- C:\Windows\System\HxlnGUA.exe
  C:\Windows\System\HxlnGUA.exe
  2⤵
  PID:13828
- C:\Windows\System\XbtdAtI.exe
  C:\Windows\System\XbtdAtI.exe
  2⤵
  PID:13872
- C:\Windows\System\qmhXyrn.exe
  C:\Windows\System\qmhXyrn.exe
  2⤵
  PID:13900
- C:\Windows\System\HcSAPUb.exe
  C:\Windows\System\HcSAPUb.exe
  2⤵
  PID:13916
- C:\Windows\System\CRIbRGq.exe
  C:\Windows\System\CRIbRGq.exe
  2⤵
  PID:13944
- C:\Windows\System\IVcMaIc.exe
  C:\Windows\System\IVcMaIc.exe
  2⤵
  PID:13972
- C:\Windows\System\oUlODng.exe
  C:\Windows\System\oUlODng.exe
  2⤵
  PID:13988
- C:\Windows\System\GnSeBqd.exe
  C:\Windows\System\GnSeBqd.exe
  2⤵
  PID:14016
- C:\Windows\System\ABfckZI.exe
  C:\Windows\System\ABfckZI.exe
  2⤵
  PID:14056
- C:\Windows\System\dSXshMC.exe
  C:\Windows\System\dSXshMC.exe
  2⤵
  PID:14084
- C:\Windows\System\WGoWOwp.exe
  C:\Windows\System\WGoWOwp.exe
  2⤵
  PID:14100
- C:\Windows\System\uktLbzc.exe
  C:\Windows\System\uktLbzc.exe
  2⤵
  PID:14148
- C:\Windows\System\gLOFHsS.exe
  C:\Windows\System\gLOFHsS.exe
  2⤵
  PID:14180
- C:\Windows\System\TqDfWCT.exe
  C:\Windows\System\TqDfWCT.exe
  2⤵
  PID:14208
- C:\Windows\System\EdUihaD.exe
  C:\Windows\System\EdUihaD.exe
  2⤵
  PID:14224
- C:\Windows\System\lXYvcND.exe
  C:\Windows\System\lXYvcND.exe
  2⤵
  PID:14252
- C:\Windows\System\OyllmIU.exe
  C:\Windows\System\OyllmIU.exe
  2⤵
  PID:14268
- C:\Windows\System\aKuSGmY.exe
  C:\Windows\System\aKuSGmY.exe
  2⤵
  PID:14312
- C:\Windows\System\zcsXkcg.exe
  C:\Windows\System\zcsXkcg.exe
  2⤵
  PID:13096
- C:\Windows\System\LVqklCH.exe
  C:\Windows\System\LVqklCH.exe
  2⤵
  PID:13328
- C:\Windows\System\UMyVRcp.exe
  C:\Windows\System\UMyVRcp.exe
  2⤵
  PID:13464
- C:\Windows\System\QNrzxoK.exe
  C:\Windows\System\QNrzxoK.exe
  2⤵
  PID:13520
- C:\Windows\System\BqlXIRV.exe
  C:\Windows\System\BqlXIRV.exe
  2⤵
  PID:13548
- C:\Windows\System\ESPzVSP.exe
  C:\Windows\System\ESPzVSP.exe
  2⤵
  PID:13568
- C:\Windows\System\yHftgWb.exe
  C:\Windows\System\yHftgWb.exe
  2⤵
  PID:13716
- C:\Windows\System\zUhcElu.exe
  C:\Windows\System\zUhcElu.exe
  2⤵
  PID:13812
- C:\Windows\System\LdESdTa.exe
  C:\Windows\System\LdESdTa.exe
  2⤵
  PID:13856
- C:\Windows\System\nBUWtco.exe
  C:\Windows\System\nBUWtco.exe
  2⤵
  PID:13908
- C:\Windows\System\VhtakRV.exe
  C:\Windows\System\VhtakRV.exe
  2⤵
  PID:13984
- C:\Windows\System\NYVdFiH.exe
  C:\Windows\System\NYVdFiH.exe
  2⤵
  PID:14068
- C:\Windows\System\tLyTJRd.exe
  C:\Windows\System\tLyTJRd.exe
  2⤵
  PID:14096
- C:\Windows\System\NOAfhUZ.exe
  C:\Windows\System\NOAfhUZ.exe
  2⤵
  PID:14160
- C:\Windows\System\OTRZfKK.exe
  C:\Windows\System\OTRZfKK.exe
  2⤵
  PID:3484
- C:\Windows\System\NLOGzIW.exe
  C:\Windows\System\NLOGzIW.exe
  2⤵
  PID:2732
- C:\Windows\System\VuYPjSb.exe
  C:\Windows\System\VuYPjSb.exe
  2⤵
  PID:14288
- C:\Windows\System\DCGtrWO.exe
  C:\Windows\System\DCGtrWO.exe
  2⤵
  PID:12460
- C:\Windows\System\BEsDWhA.exe
  C:\Windows\System\BEsDWhA.exe
  2⤵
  PID:13484
- C:\Windows\System\zkYsYTl.exe
  C:\Windows\System\zkYsYTl.exe
  2⤵
  PID:13704
- C:\Windows\System\mzTUdEI.exe
  C:\Windows\System\mzTUdEI.exe
  2⤵
  PID:13768
- C:\Windows\System\smbLAjU.exe
  C:\Windows\System\smbLAjU.exe
  2⤵
  PID:14008
- C:\Windows\System\bChHFBp.exe
  C:\Windows\System\bChHFBp.exe
  2⤵
  PID:14140
- C:\Windows\System\gXYgBVG.exe
  C:\Windows\System\gXYgBVG.exe
  2⤵
  PID:14264
- C:\Windows\System\NLxGASG.exe
  C:\Windows\System\NLxGASG.exe
  2⤵
  PID:13612
- C:\Windows\System\MGnjwEi.exe
  C:\Windows\System\MGnjwEi.exe
  2⤵
  PID:13928
- C:\Windows\System\qWroIob.exe
  C:\Windows\System\qWroIob.exe
  2⤵
  PID:14300
- C:\Windows\System\ejqWMtz.exe
  C:\Windows\System\ejqWMtz.exe
  2⤵
  PID:13752
- C:\Windows\System\urplUQr.exe
  C:\Windows\System\urplUQr.exe
  2⤵
  PID:14344
- C:\Windows\System\PSKrQOt.exe
  C:\Windows\System\PSKrQOt.exe
  2⤵
  PID:14372
- C:\Windows\System\OhYzrLf.exe
  C:\Windows\System\OhYzrLf.exe
  2⤵
  PID:14404
- C:\Windows\System\aQueUdU.exe
  C:\Windows\System\aQueUdU.exe
  2⤵
  PID:14444
- C:\Windows\System\gNQpedp.exe
  C:\Windows\System\gNQpedp.exe
  2⤵
  PID:14480
- C:\Windows\System\JRCQhhD.exe
  C:\Windows\System\JRCQhhD.exe
  2⤵
  PID:14504
- C:\Windows\System\rsvHSOc.exe
  C:\Windows\System\rsvHSOc.exe
  2⤵
  PID:14576

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AomtVXL.exe

Filesize
2.0MB

MD5
dbf845d4cce089a2eab78356f413d6d1

SHA1
052078ae4045ff35ce8285855e348b1f6bf4a08a

SHA256
20a51c1629a71d36a18fd4d27df857f78d77733e7e8e3130ca08ba4e98ddcc20

SHA512
e57864ca2b3086c326a3f3ba42000f64d3c91e2b5192dc9863c0a78c80952639230ec7656d27a4eab3287d6b7b152a739990eb359057e36d299f7e978717e120

Download Submit
C:\Windows\System\BcvlwMg.exe

Filesize
2.0MB

MD5
57698bfd7ea6f30416028213adec692b

SHA1
383dec1e49a117e4de6cc9ea6fdaf15b637ed6b6

SHA256
66244082365540f9d1e597e43202414c02c7bd510f30734f3aa7f57c273d8db6

SHA512
156c7eab16eb814071d9ada01be0cef451d948e5c52b4f2f23649d933a47af839d290788ad97fe8f48b2656eb25404caa2fecc6d641b90bfbdef0ea84f0c6812

Download Submit
C:\Windows\System\BfacsrA.exe

Filesize
2.0MB

MD5
ebb7c931839061008cef9b1cf72d7c58

SHA1
9a5919c2373f71810ce539a2599776d8cbd36987

SHA256
10b0d7f0caea2628c6ece1350b80de61f761f9d94deb2800a373bd78fa61e2f3

SHA512
11d917a4aefb02cbe742ee1f05a985092293add4e295d09b11af30b48a898b6ff386f5149e556760a04e3bd25b3e3ec6f15d672a6aec7539b47010953c63118b

Download Submit
C:\Windows\System\EQrcedm.exe

Filesize
2.0MB

MD5
08d8df6003174b830e0d9d173255f04a

SHA1
5eebaa7b0b69185d0fd9b824f4b89b429df08279

SHA256
ad0d72d58e475140a069427b11eedd61fca356b500d81626860bfe5fb3107924

SHA512
1538d0c3d7b8f506aeed7da4c06c06dddaded6a58631584dceb9ec6acdec4c3ded0d9f83d3729f31ec4947934819337fdaf5b2b4c95effdd9e09bdc72997dfcf

Download Submit
C:\Windows\System\FCrlNPn.exe

Filesize
2.0MB

MD5
b36e5af74a5d15a5316adff3212bfc7f

SHA1
775a3930cd970ac724cf307a3a14f99ee795d122

SHA256
2c918bafdffe0c88be87493d015aa23fe3ee20745bafba64f8f9c2c2efaebeb1

SHA512
abce8c141328e8bec2ce45533c24ecfc1ea4aae9a581bd12102c1979d7a4e1337e268e6c17d2cf785710ca485fc5b8f40a71e1a29c32d186a418ea89d3f70696

Download Submit
C:\Windows\System\IQTUESB.exe

Filesize
2.0MB

MD5
97c5dbce1eb084265991ca306112d0ce

SHA1
a1fb76c6fedd6dcdb1992f09ef0a06e46be17631

SHA256
c626575cc751e62331bbd6f7e46ebe4819e15bbf166c5937cd5a57ae12162ee0

SHA512
4cc2fd65914ae0780e257a74ccdcb31e8afb5c9de07b24f3d4a6f3178e924f11b823703052764cc9c60ebb4e094a9129db3e09107f6b0b020804ae3a4555ebab

Download Submit
C:\Windows\System\KOAgvhP.exe

Filesize
2.0MB

MD5
48030da90c091eb9a4a2f6419e370208

SHA1
8788ce46afe8dd232337332698ed0ff97d0478cf

SHA256
73382530c8ce3065c4c5cd86647ad0ae6ce62985abea03ef1f54768f4d94201a

SHA512
2042caadc8b6b5b949fbad8be5e1098fe47d8df293844c438bb69766bde0d28549ab3449f692499832d83e15f918f8e897f578720f3f6eeef7a1bfafbc79127c

Download Submit
C:\Windows\System\LPxutFd.exe

Filesize
2.0MB

MD5
6321463de0f8466e2a5f984ecf23dcde

SHA1
7226bef55b1c010f66e6b4cc4461e100e01a3ce4

SHA256
935cd594bc95c6fad84063efd873160f27587b0a5cdfbcf018578a34ab440be7

SHA512
7f3ed3eb89196c985532589cd51c3341159f585d895044cf9bee78ff8b545eef14377dfcc9bb400860a3103fb16d30ff7f87dad7fc1ed0483d0678a08f897ffb

Download Submit
C:\Windows\System\QjzqkTp.exe

Filesize
2.0MB

MD5
43a386a63560a8c68a7d7a59d3ad16ab

SHA1
f14f751e056befe4f887d88a63eab0fbfd678d39

SHA256
b8a09952712b00398e7cd71b824f52e91e6e4edb0eb13134c00e227c51d7750b

SHA512
4135bcf8dd33a7961c31a32d2339a5b38c9058448e57e227c3f361c34d3453a2080ddc6b38d25b73049b3979da79d3c5998f161525a5b91fcf2405fe798c073a

Download Submit
C:\Windows\System\Rilyplg.exe

Filesize
2.0MB

MD5
d0212cc4dec8a06c43d04a0d74b8bbaa

SHA1
d3346f709203a0a870fb02075f467a3222467a2f

SHA256
c437fd7f4a95f0b6e750c7711cea704821129da3ef8b43278dcd4f4e5ca90ba8

SHA512
c405ea9d6f54fea0fa9f596f9e0ab26c923f9e0b73e77507fd30d404b1c612b7e45f73c21c5db71c25cc1835938d939e61b7cdd7b83c0dea67698dff978e012d

Download Submit
C:\Windows\System\WMKcVGx.exe

Filesize
2.0MB

MD5
fd73e46ab119a9e3861e8b70ceb6f196

SHA1
64bfca3408dba738a66d092ad3d3e60bdb5db643

SHA256
62227c0523efadbcbab36c17531f0fcc7b36522e41da65f6169cd4241fc56930

SHA512
cd8eaa4d9e80a6e2159b05ce5f60f328f117be17c867beed146c44081deb01c734260487f1ddae6f256b8edeaa074bcdaba958885f2aea02788fdf115be9cb01

Download Submit
C:\Windows\System\XWvMyTx.exe

Filesize
2.0MB

MD5
a7d06a88db4a353404083545aaf73a4f

SHA1
f311aaea7c006ffb8a05a688a239e82802ee793c

SHA256
c421fed974f5b66e5d2b848614061626389aa7b2fcd70c7ae05cfa23f9da5a52

SHA512
cf53c8ccb9c69cb9b92619fae3dadeb55d7442d00776e6bc4670badf24349e6a56db8c3cbd6038d96bc70313f47b984fb68ba713c808a706179422fc68a9b3f2

Download Submit
C:\Windows\System\aFHPvNa.exe

Filesize
2.0MB

MD5
3ed405d58bab6fa92c8c1644bf84dc68

SHA1
3eaadaa03d1cf523bdb1559960e13c20f2bd4a64

SHA256
b707185ba6c9be522eb5bda92ec412a7f54676382766269831ff28679244df7e

SHA512
4bd974cf1da4e7c184bef001de767283d5c93e7bceb54623a3de12de36fbad8998f16f908eab48ae2bc2f000c018916c2b4d64b17e87e6c415dec27e34edd3b1

Download Submit
C:\Windows\System\aNdQuNq.exe

Filesize
2.0MB

MD5
21378932fc4d209611775e7e09228086

SHA1
a78c71c7addc03ec7fe5bade5ee0519adec37cd3

SHA256
2d7b1d45ac25de0f1f38a99ece614a41ef5082902d96ee93a559a078ea9b242e

SHA512
decb4e8115585ae0c471cd9b17c942dde19ff9e38d3424c0bc5c5c1a592ddd511a6153d7531ab2ea929803e189c736ae2b6dd974a2fe9f362dfac7483feba837

Download Submit
C:\Windows\System\dfnNsuI.exe

Filesize
2.0MB

MD5
93e7ed934a89bb413bac40e36ea44fef

SHA1
4cb54194915fc072fd486a76db0cf658462d447d

SHA256
bb3747b52badc354a38042ddf542d68dac8b125928817f05f4414fede849b8f3

SHA512
8584b4d2ec96efccdcc8af403a38305ba4465825d09ef47a7cf553046bbc080909ac8ddacee764aa478758dc36e7e2e91393d0b8d87484ba1e9203fe42566cdb

Download Submit
C:\Windows\System\fAhjGhJ.exe

Filesize
2.0MB

MD5
6c9aae1d9dffe040add3d403bfe65e87

SHA1
466604f0bdef972b5a1a1427975c2ecf0459f45d

SHA256
08269c62ee088a3bd4de948c13cfef60405802b5ebb01846116b324d3c19dbac

SHA512
93d88cb068095e7acf8a454f51dfad42ce88f33331cc280ddab0c53cf604652279ce4d7d0c40e0eef542f24851b0bdcf8b13510b8091d712b6c0cc75a3fb9027

Download Submit
C:\Windows\System\gUZkvxN.exe

Filesize
2.0MB

MD5
f433a214c8090c5224d6fde20f8a0999

SHA1
f5b0b58071a1a137e2b528317fc5656bd76f13bc

SHA256
0749b926cc32e6482d4f7961d3bb4cff9815972b1b658df067f458e281c5a5f5

SHA512
7e781a1cbcbec1c67e57c9498a2d458f70b9f79d91c18fa6275de31dd62f7601cb2513f66d951145b7a423f3de65a0efd8393d65899bd1fc6c38250c57b81a08

Download Submit
C:\Windows\System\gciJDwP.exe

Filesize
2.0MB

MD5
9ec3b4944e77249f303beba9bcf67572

SHA1
0a720b8fcbc66afa0e6e0c4bb086f8e987c1519a

SHA256
024184616a767157a6b533334ce4c536ed17cfca58a56fc0ee8fdb9eb524dc30

SHA512
cc8a7cb3e17d2ab1d6baa4a3febe4fbfd838596be42d15474482c4d5a3d5fb72655da643c239d8b92cb2c7c1bcd8830c548a0ffc28a2e2a4929798550740c00e

Download Submit
C:\Windows\System\glNiBbq.exe

Filesize
2.0MB

MD5
10f1651d661b47c8729d8ba632429878

SHA1
dc5e3754af9ee583c9898b8860974ee367ad5d7a

SHA256
a064b1493767a83daf4b6c31c23bfe422aa3d8a1ab3dcaa41db455fd02b92037

SHA512
1af165fefe6c9a8ed63d2ad9c785b23edfb55de6b49a9c3faf4abbeac5a5a014c8fe773fd56ed987ce894eda96ed2d29def429492b32d442b4a88b6d3eefbce3

Download Submit
C:\Windows\System\ivzGqlf.exe

Filesize
2.0MB

MD5
a0c46c80e24b98f64f618afdd6b81b7b

SHA1
fc08964bb46b5e316640b95f28b4290f9012ece8

SHA256
4bb2154409e49f5c1423093768cdf0b0e6eecf1aa0563ef038fff18ea6786891

SHA512
6e9efd2ffeb7bc11cbe6bb7a406c9ac58f8cf890d30b2a2995e8963ab6037840f67404bc658078d993c18117630bdae68467fece4336c31f7fcca9088da52f7f

Download Submit
C:\Windows\System\kRybtkx.exe

Filesize
2.0MB

MD5
5cb824478c216a10528d65e4ca372784

SHA1
d2a379f93256d2a3677198655a0a653cd44c449c

SHA256
6c43033d0588bd0c938ce3d36f70b623d7a5640a53f7f867945d3d37332465c0

SHA512
6eea1f212af06d2ae5019c42ecd4aa4b2a2676e13f357f9a877d83d05c2996e991841069104090f3eafc282a3bd009cf41c6922a1116c4933a4829913a1a2067

Download Submit
C:\Windows\System\knvqDOQ.exe

Filesize
2.0MB

MD5
28014e5a2a683289113a4ec3e32067f3

SHA1
834f60eb7005b6e2090d46ef95078e5de02d582b

SHA256
4bde8d8511a80324aa87401e09ab7e9813d301ba815ac8d6e902a0338b5561cb

SHA512
ff1b706e5f892238921702bf21a1802a49a6d2289bf52d7bc64b4171c4f2e92992c6fcf0e168336b4d8fa2921b31e273f7ea7222122670dd09f5c61d0adbf4a2

Download Submit
C:\Windows\System\lBwKaUB.exe

Filesize
2.0MB

MD5
830db58a3efbc5fd15680f3c97039dd4

SHA1
f13b99622e3c1afbda3072dd700f3ccb6896ef36

SHA256
69ad635f118e54780840f18c310c25125d73d70a42e314aeab3bb6f438781c55

SHA512
c2c7f8afcb78fa6cb0f14a2656e992e69e07d58d8411351cbc966e80da5c922ccb66de9ab3d724b40feefd1bcfcf72eb6506114ca75d917ec6f9a36584c110aa

Download Submit
C:\Windows\System\nRRKOSX.exe

Filesize
2.0MB

MD5
57dd7b5fa5b49ee46df3799f24a47de3

SHA1
1f860ea0f576e7a43a7f7ea9a791314225c95cc8

SHA256
0f871c5d01a5399ad5931f9687244f0afa31f8852c6f696d253cab10aa2b9073

SHA512
0f62b8ebd5eaee336022de708657b30cef131a5be30752e0dfdbdf95b3f11f94d614870f8645d8bc7059ab031ba81406fae0370cd7bac35f5ff0515da7e95991

Download Submit
C:\Windows\System\nolDeID.exe

Filesize
2.0MB

MD5
01f4a45db97395425f576398bb7f6135

SHA1
11940c4704fc7dd8e2b8a70f0085ef2126fd59c0

SHA256
60f11c312a48a74df797934acf37c52388372dd3bb6331305c4e007312cd3485

SHA512
1c9094577e9570440b3f23263fe0880e5332474c73b3745adcf1671d36263f831f0f1cfd2c9c48aff49b4dbf548903e5a4c407676c4a2778ba97016598a3111f

Download Submit
C:\Windows\System\nqoXutR.exe

Filesize
2.0MB

MD5
8f36fbacc24bc83fcfb0dc0900133ef2

SHA1
9d626fb35345f240ee30cbb0a64f6c7c1027d355

SHA256
5fc74515e0dc58fbaf155a3febdceba630128f20d00676b9553d7d99e63fa676

SHA512
817850e3adce0693f82f830c48ae1ee7a7e56d2772a370be65acaf6973cfbb835019ad968e3e09f68984428fec5684c87f092e0d2572ea5ab7725dece73461e7

Download Submit
C:\Windows\System\nsjimbf.exe

Filesize
2.0MB

MD5
c6013283be3f05bdb9a5d699b78e2f37

SHA1
4691a90b2d6b51cf4a8c48fa7e8b2f501000561f

SHA256
796d07899d4b2862e12ac8ad7561dc9d072433ce61c3eaebc569fafa72f0393a

SHA512
ae78a3aa6086623fc855445d7e58a1e24e1becfa6f75cc967aea8d7046967fd593ead66313acdf6623c09950047342d08e1d822a06db3119993e02495f055e8a

Download Submit
C:\Windows\System\pFatNMZ.exe

Filesize
2.0MB

MD5
0539ac55520ee162382234dfd7c2973b

SHA1
aa1c5b050b84b4f77af5d679eb0f31790ed9d47f

SHA256
cd9e26eb52d4fa2725faff2042ddccd40c5104ea409f379f78eeb8fc68ef628f

SHA512
ba439a385df440b0748e7294f78e96fab326d372b86ad70e4857d63cd9b4c414aa1d7cdb04e7b16466377bcc0a35b178d1771b07e404a4fe80ecde585d47b245

Download Submit
C:\Windows\System\qzFHIIk.exe

Filesize
2.0MB

MD5
63d7e44050d0e36a054dbdc3c8fb6c9f

SHA1
4491ba7c7928583204072ab1106c0bace7d978af

SHA256
19f2311e5a4ceeeddaebc889bdb8a1c3cf40bd39c95341c6685821b2453d98a5

SHA512
387eefff0714317b2bd630c929fbc1de6717bb138664cc11c699ebe9da83f6cbe6723697887496800dc8540451a8006b5aa5f7c3aceb8911a40dacdfb3bf302b

Download Submit
C:\Windows\System\tTKpduz.exe

Filesize
2.0MB

MD5
a6db2fb3c16eac79355d3090784a8cbf

SHA1
c6a36a36246ef62c4424e392377141c5471d93ce

SHA256
5662c0f480b0d9144193dfc4e806635c445155c62cb0c61522003443b13a5aa3

SHA512
ae51100ee67740ef612e22c85c9ae6b22dd276488de30387f16fda309dff224ef9c2ee58fe50bcacdce71aca65d26f23691b586d04381f990121f3da4c8646b8

Download Submit
C:\Windows\System\vdAfBqq.exe

Filesize
2.0MB

MD5
2d886ed7d8764e8c1beb86158b72c388

SHA1
3a2b20cc3cf90363786abd95010763f159bb7194

SHA256
ff1a8320192d6a169caac9ae9e4300e61f4f5fc73542f24a2d2c613e3d142734

SHA512
9ffca367347f701b5ffcf8fc3d038603e0228de1daf8b043d9c72e86f2207c779290f508698671bfe5d0f79b00f84d065170b88dff2c2bfdebd1cc01b7d59b2f

Download Submit
C:\Windows\System\vkXZrvN.exe

Filesize
2.0MB

MD5
d6920cf9479519c702555a41978060a1

SHA1
a96cdb68397cad3a8a491b67b2d8d0641eaeb1a1

SHA256
71c79527306226798b804dbc7e23df667222b0f776fb3f04bc37ce694aa973b5

SHA512
e5dffb8f60dd2d55e62aaade6d125b1cc29fece59eb4699aa4cbfc76ad1266632db90d15fdf45667b65cfa1ffbcfd3db3eb400c861c6177e9d0b9bf1b0d112a3

Download Submit
C:\Windows\System\xNFryco.exe

Filesize
2.0MB

MD5
1e7122f7bdc32b58472c6968b970cbfe

SHA1
9ae0b0647abb9dc89fc5180e49220da9541d9254

SHA256
559a065e9fc4ca9d6c204ee25d5f1fa1d2a41aaac526ac43a013aeb4fc234014

SHA512
f0fef941d24aaca5f0b4ddbb8f00e1ac79f2649baf416942a7bbf4a42a6caa5cd0a671ddcfecd8b12e14117362d3527cf602409dabe80fc8a0059e655de364e5

Download Submit
memory/516-2219-0x00007FF740900000-0x00007FF740C54000-memory.dmp

Filesize
3.3MB

Download
memory/516-125-0x00007FF740900000-0x00007FF740C54000-memory.dmp

Filesize
3.3MB

Download
memory/516-2244-0x00007FF740900000-0x00007FF740C54000-memory.dmp

Filesize
3.3MB

Download
memory/740-2224-0x00007FF7922C0000-0x00007FF792614000-memory.dmp

Filesize
3.3MB

Download
memory/740-19-0x00007FF7922C0000-0x00007FF792614000-memory.dmp

Filesize
3.3MB

Download
memory/740-132-0x00007FF7922C0000-0x00007FF792614000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2239-0x00007FF724390000-0x00007FF7246E4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-112-0x00007FF724390000-0x00007FF7246E4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-2213-0x00007FF724390000-0x00007FF7246E4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-2223-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-131-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-8-0x00007FF7DAFA0000-0x00007FF7DB2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2220-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-152-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2246-0x00007FF7ECFA0000-0x00007FF7ED2F4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-2245-0x00007FF6AECC0000-0x00007FF6AF014000-memory.dmp

Filesize
3.3MB

Download
memory/1668-171-0x00007FF6AECC0000-0x00007FF6AF014000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2233-0x00007FF6C4330000-0x00007FF6C4684000-memory.dmp

Filesize
3.3MB

Download
memory/1996-76-0x00007FF6C4330000-0x00007FF6C4684000-memory.dmp

Filesize
3.3MB

Download
memory/2456-2242-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-139-0x00007FF653E80000-0x00007FF6541D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-91-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-196-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-2236-0x00007FF75BF90000-0x00007FF75C2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-71-0x00007FF676CD0000-0x00007FF677024000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2234-0x00007FF676CD0000-0x00007FF677024000-memory.dmp

Filesize
3.3MB

Download
memory/2992-51-0x00007FF646AE0000-0x00007FF646E34000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2229-0x00007FF646AE0000-0x00007FF646E34000-memory.dmp

Filesize
3.3MB

Download
memory/3084-2228-0x00007FF72A1C0000-0x00007FF72A514000-memory.dmp

Filesize
3.3MB

Download
memory/3084-46-0x00007FF72A1C0000-0x00007FF72A514000-memory.dmp

Filesize
3.3MB

Download
memory/3100-119-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

Filesize
3.3MB

Download
memory/3100-2240-0x00007FF77D0F0000-0x00007FF77D444000-memory.dmp

Filesize
3.3MB

Download
memory/3336-2249-0x00007FF7758C0000-0x00007FF775C14000-memory.dmp

Filesize
3.3MB

Download
memory/3336-178-0x00007FF7758C0000-0x00007FF775C14000-memory.dmp

Filesize
3.3MB

Download
memory/3384-2225-0x00007FF73EEA0000-0x00007FF73F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3384-60-0x00007FF73EEA0000-0x00007FF73F1F4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-85-0x00007FF757530000-0x00007FF757884000-memory.dmp

Filesize
3.3MB

Download
memory/3440-2230-0x00007FF757530000-0x00007FF757884000-memory.dmp

Filesize
3.3MB

Download
memory/3728-2237-0x00007FF6B3E10000-0x00007FF6B4164000-memory.dmp

Filesize
3.3MB

Download
memory/3728-95-0x00007FF6B3E10000-0x00007FF6B4164000-memory.dmp

Filesize
3.3MB

Download
memory/3728-1882-0x00007FF6B3E10000-0x00007FF6B4164000-memory.dmp

Filesize
3.3MB

Download
memory/3856-106-0x00007FF764080000-0x00007FF7643D4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-2238-0x00007FF764080000-0x00007FF7643D4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-1-0x000001D9802F0000-0x000001D980300000-memory.dmp

Filesize
64KB

Download
memory/3948-113-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-0-0x00007FF6A88A0000-0x00007FF6A8BF4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-2232-0x00007FF7A8380000-0x00007FF7A86D4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-165-0x00007FF7A8380000-0x00007FF7A86D4000-memory.dmp

Filesize
3.3MB

Download
memory/4104-55-0x00007FF7A8380000-0x00007FF7A86D4000-memory.dmp

Filesize
3.3MB

Download
memory/4136-2243-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp

Filesize
3.3MB

Download
memory/4136-133-0x00007FF7BF020000-0x00007FF7BF374000-memory.dmp

Filesize
3.3MB

Download
memory/4440-172-0x00007FF72B3F0000-0x00007FF72B744000-memory.dmp

Filesize
3.3MB

Download
memory/4440-2248-0x00007FF72B3F0000-0x00007FF72B744000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2226-0x00007FF781860000-0x00007FF781BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-145-0x00007FF781860000-0x00007FF781BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-23-0x00007FF781860000-0x00007FF781BB4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-185-0x00007FF686D80000-0x00007FF6870D4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-2251-0x00007FF686D80000-0x00007FF6870D4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2250-0x00007FF7C6180000-0x00007FF7C64D4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-2222-0x00007FF7C6180000-0x00007FF7C64D4000-memory.dmp

Filesize
3.3MB

Download
memory/4620-191-0x00007FF7C6180000-0x00007FF7C64D4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2247-0x00007FF6DEEB0000-0x00007FF6DF204000-memory.dmp

Filesize
3.3MB

Download
memory/4644-158-0x00007FF6DEEB0000-0x00007FF6DF204000-memory.dmp

Filesize
3.3MB

Download
memory/4644-2221-0x00007FF6DEEB0000-0x00007FF6DF204000-memory.dmp

Filesize
3.3MB

Download
memory/4808-2241-0x00007FF61EFE0000-0x00007FF61F334000-memory.dmp

Filesize
3.3MB

Download
memory/4808-146-0x00007FF61EFE0000-0x00007FF61F334000-memory.dmp

Filesize
3.3MB

Download
memory/4996-40-0x00007FF62C850000-0x00007FF62CBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-164-0x00007FF62C850000-0x00007FF62CBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2227-0x00007FF62C850000-0x00007FF62CBA4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-82-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2231-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp

Filesize
3.3MB

Download
memory/5080-195-0x00007FF7EC840000-0x00007FF7ECB94000-memory.dmp

Filesize
3.3MB

Download
memory/5116-184-0x00007FF66F110000-0x00007FF66F464000-memory.dmp

Filesize
3.3MB

Download
memory/5116-2235-0x00007FF66F110000-0x00007FF66F464000-memory.dmp

Filesize
3.3MB

Download
memory/5116-70-0x00007FF66F110000-0x00007FF66F464000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads