kpot | 0550966e070f0a145b0d81e72ba7e3dc65a0e0659d57bad8860460fa6d4dc76b

Analysis

max time kernel
120s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
Size

2.0MB
MD5

13a7a9ec802772b8e8538b00aa0692e0
SHA1

0d2fedf889f720b23aab40449f7452df4a8ad8b2
SHA256

0550966e070f0a145b0d81e72ba7e3dc65a0e0659d57bad8860460fa6d4dc76b
SHA512

cd135ca55772525d60871abee59347cd7b156372e7f67b61586c98ce76eb298cf2fb7e432e82fb580f8d924b8db5e95de22869ae3de06e2492938ca1f9be355b
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6KI3i4:BemTLkNdfE0pZrwP

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000a0000000233dd-5.dat	family_kpot
behavioral2/files/0x00070000000233e6-9.dat	family_kpot
behavioral2/files/0x00070000000233e5-12.dat	family_kpot
behavioral2/files/0x00070000000233e7-25.dat	family_kpot
behavioral2/files/0x00070000000233ea-39.dat	family_kpot
behavioral2/files/0x00070000000233e8-35.dat	family_kpot
behavioral2/files/0x00070000000233f3-84.dat	family_kpot
behavioral2/files/0x00070000000233f6-99.dat	family_kpot
behavioral2/files/0x00070000000233f7-112.dat	family_kpot
behavioral2/files/0x00070000000233ff-144.dat	family_kpot
behavioral2/files/0x0007000000023403-164.dat	family_kpot
behavioral2/files/0x0007000000023402-165.dat	family_kpot
behavioral2/files/0x0007000000023401-162.dat	family_kpot
behavioral2/files/0x0007000000023400-157.dat	family_kpot
behavioral2/files/0x00070000000233fe-147.dat	family_kpot
behavioral2/files/0x00070000000233fd-142.dat	family_kpot
behavioral2/files/0x00070000000233fc-137.dat	family_kpot
behavioral2/files/0x00070000000233fb-132.dat	family_kpot
behavioral2/files/0x00070000000233fa-127.dat	family_kpot
behavioral2/files/0x00070000000233f9-122.dat	family_kpot
behavioral2/files/0x00070000000233f8-117.dat	family_kpot
behavioral2/files/0x00070000000233f5-102.dat	family_kpot
behavioral2/files/0x00070000000233f4-97.dat	family_kpot
behavioral2/files/0x00070000000233f2-87.dat	family_kpot
behavioral2/files/0x00070000000233f1-82.dat	family_kpot
behavioral2/files/0x00070000000233f0-77.dat	family_kpot
behavioral2/files/0x00070000000233ef-72.dat	family_kpot
behavioral2/files/0x00070000000233ee-67.dat	family_kpot
behavioral2/files/0x00070000000233ed-60.dat	family_kpot
behavioral2/files/0x00070000000233ec-53.dat	family_kpot
behavioral2/files/0x00070000000233eb-52.dat	family_kpot
behavioral2/files/0x00070000000233e9-40.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3524-0-0x00007FF771D10000-0x00007FF772064000-memory.dmp	xmrig
behavioral2/files/0x000a0000000233dd-5.dat	xmrig
behavioral2/files/0x00070000000233e6-9.dat	xmrig
behavioral2/files/0x00070000000233e5-12.dat	xmrig
behavioral2/files/0x00070000000233e7-25.dat	xmrig
behavioral2/files/0x00070000000233ea-39.dat	xmrig
behavioral2/files/0x00070000000233e8-35.dat	xmrig
behavioral2/files/0x00070000000233f3-84.dat	xmrig
behavioral2/files/0x00070000000233f6-99.dat	xmrig
behavioral2/files/0x00070000000233f7-112.dat	xmrig
behavioral2/files/0x00070000000233ff-144.dat	xmrig
behavioral2/files/0x0007000000023403-164.dat	xmrig
behavioral2/memory/2892-687-0x00007FF6CDE80000-0x00007FF6CE1D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023402-165.dat	xmrig
behavioral2/files/0x0007000000023401-162.dat	xmrig
behavioral2/files/0x0007000000023400-157.dat	xmrig
behavioral2/files/0x00070000000233fe-147.dat	xmrig
behavioral2/files/0x00070000000233fd-142.dat	xmrig
behavioral2/files/0x00070000000233fc-137.dat	xmrig
behavioral2/files/0x00070000000233fb-132.dat	xmrig
behavioral2/files/0x00070000000233fa-127.dat	xmrig
behavioral2/files/0x00070000000233f9-122.dat	xmrig
behavioral2/files/0x00070000000233f8-117.dat	xmrig
behavioral2/files/0x00070000000233f5-102.dat	xmrig
behavioral2/files/0x00070000000233f4-97.dat	xmrig
behavioral2/files/0x00070000000233f2-87.dat	xmrig
behavioral2/files/0x00070000000233f1-82.dat	xmrig
behavioral2/files/0x00070000000233f0-77.dat	xmrig
behavioral2/files/0x00070000000233ef-72.dat	xmrig
behavioral2/files/0x00070000000233ee-67.dat	xmrig
behavioral2/files/0x00070000000233ed-60.dat	xmrig
behavioral2/memory/4988-58-0x00007FF649600000-0x00007FF649954000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ec-53.dat	xmrig
behavioral2/files/0x00070000000233eb-52.dat	xmrig
behavioral2/memory/1036-50-0x00007FF6B95E0000-0x00007FF6B9934000-memory.dmp	xmrig
behavioral2/memory/2616-49-0x00007FF6180D0000-0x00007FF618424000-memory.dmp	xmrig
behavioral2/memory/1724-43-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000233e9-40.dat	xmrig
behavioral2/memory/4892-29-0x00007FF693110000-0x00007FF693464000-memory.dmp	xmrig
behavioral2/memory/3732-17-0x00007FF76ABC0000-0x00007FF76AF14000-memory.dmp	xmrig
behavioral2/memory/4668-688-0x00007FF6E4270000-0x00007FF6E45C4000-memory.dmp	xmrig
behavioral2/memory/3404-689-0x00007FF62E5F0000-0x00007FF62E944000-memory.dmp	xmrig
behavioral2/memory/4548-692-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp	xmrig
behavioral2/memory/5004-690-0x00007FF61D8C0000-0x00007FF61DC14000-memory.dmp	xmrig
behavioral2/memory/440-691-0x00007FF72C7C0000-0x00007FF72CB14000-memory.dmp	xmrig
behavioral2/memory/2412-693-0x00007FF721600000-0x00007FF721954000-memory.dmp	xmrig
behavioral2/memory/4192-694-0x00007FF722EF0000-0x00007FF723244000-memory.dmp	xmrig
behavioral2/memory/4576-695-0x00007FF79B000000-0x00007FF79B354000-memory.dmp	xmrig
behavioral2/memory/4068-696-0x00007FF7308B0000-0x00007FF730C04000-memory.dmp	xmrig
behavioral2/memory/3768-697-0x00007FF75ACB0000-0x00007FF75B004000-memory.dmp	xmrig
behavioral2/memory/2028-698-0x00007FF730640000-0x00007FF730994000-memory.dmp	xmrig
behavioral2/memory/3108-723-0x00007FF719680000-0x00007FF7199D4000-memory.dmp	xmrig
behavioral2/memory/4648-719-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp	xmrig
behavioral2/memory/3428-711-0x00007FF770F90000-0x00007FF7712E4000-memory.dmp	xmrig
behavioral2/memory/4252-710-0x00007FF7E2980000-0x00007FF7E2CD4000-memory.dmp	xmrig
behavioral2/memory/4128-706-0x00007FF74B4C0000-0x00007FF74B814000-memory.dmp	xmrig
behavioral2/memory/1096-704-0x00007FF6E4350000-0x00007FF6E46A4000-memory.dmp	xmrig
behavioral2/memory/3056-729-0x00007FF703BA0000-0x00007FF703EF4000-memory.dmp	xmrig
behavioral2/memory/1764-736-0x00007FF7D6FB0000-0x00007FF7D7304000-memory.dmp	xmrig
behavioral2/memory/4992-748-0x00007FF69F630000-0x00007FF69F984000-memory.dmp	xmrig
behavioral2/memory/1044-745-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	xmrig
behavioral2/memory/744-740-0x00007FF799A10000-0x00007FF799D64000-memory.dmp	xmrig
behavioral2/memory/3524-2104-0x00007FF771D10000-0x00007FF772064000-memory.dmp	xmrig
behavioral2/memory/1724-2106-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3732	dsoGWQU.exe
2892	ykabnUC.exe
4892	iTLuLWK.exe
1724	YQtFJiv.exe
4668	thQDLji.exe
2616	qYseUaV.exe
3404	rxSvVBb.exe
1036	LgsTdLI.exe
4988	PYshoRr.exe
5004	GrbNybK.exe
4992	TCAVObF.exe
440	pZbInQN.exe
4548	EnidEiS.exe
2412	UGnCTZu.exe
4192	oxtFrDh.exe
4576	OwQfCRN.exe
4068	PTOLSuc.exe
3768	WQAwRzG.exe
2028	OvBpQds.exe
1096	hwBfADX.exe
4128	zpRCYwJ.exe
4252	xPFVDNQ.exe
3428	KRavJcV.exe
4648	evLAOmV.exe
3108	vuwUriN.exe
3056	xmSAtfA.exe
1764	MxaSAWj.exe
744	oJprzeJ.exe
1044	JaviFBz.exe
4184	MNXyTaP.exe
1644	AgMvmVZ.exe
4908	UXptaUb.exe
2692	EUBkScq.exe
2840	dEcopEM.exe
4816	HFiEcDO.exe
3836	mHnvowa.exe
1616	kozlupQ.exe
3540	TChmYgl.exe
3688	XDouwfB.exe
3484	vOltsBS.exe
2872	DXQtPnJ.exe
3360	sKMMcgN.exe
2976	cCscIht.exe
3436	FkvZPMp.exe
4744	PecYxqM.exe
4808	hkHxpHA.exe
4060	PbNrHts.exe
3180	deafohR.exe
2888	NiRfHEc.exe
1040	NvgJYLu.exe
4556	zzVeGKV.exe
2164	actQfBj.exe
1584	vkKiBPA.exe
3416	JrZzLKu.exe
3012	aEgXVMR.exe
1556	iViYvgp.exe
4400	AwyvBYH.exe
2172	JlkpKAH.exe
1208	QoXOGQE.exe
1992	hzPLBlS.exe
3672	NfnmvUj.exe
2764	oBSfOqA.exe
2752	CNbQaHq.exe
1824	DWEflEB.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3524-0-0x00007FF771D10000-0x00007FF772064000-memory.dmp	upx
behavioral2/files/0x000a0000000233dd-5.dat	upx
behavioral2/files/0x00070000000233e6-9.dat	upx
behavioral2/files/0x00070000000233e5-12.dat	upx
behavioral2/files/0x00070000000233e7-25.dat	upx
behavioral2/files/0x00070000000233ea-39.dat	upx
behavioral2/files/0x00070000000233e8-35.dat	upx
behavioral2/files/0x00070000000233f3-84.dat	upx
behavioral2/files/0x00070000000233f6-99.dat	upx
behavioral2/files/0x00070000000233f7-112.dat	upx
behavioral2/files/0x00070000000233ff-144.dat	upx
behavioral2/files/0x0007000000023403-164.dat	upx
behavioral2/memory/2892-687-0x00007FF6CDE80000-0x00007FF6CE1D4000-memory.dmp	upx
behavioral2/files/0x0007000000023402-165.dat	upx
behavioral2/files/0x0007000000023401-162.dat	upx
behavioral2/files/0x0007000000023400-157.dat	upx
behavioral2/files/0x00070000000233fe-147.dat	upx
behavioral2/files/0x00070000000233fd-142.dat	upx
behavioral2/files/0x00070000000233fc-137.dat	upx
behavioral2/files/0x00070000000233fb-132.dat	upx
behavioral2/files/0x00070000000233fa-127.dat	upx
behavioral2/files/0x00070000000233f9-122.dat	upx
behavioral2/files/0x00070000000233f8-117.dat	upx
behavioral2/files/0x00070000000233f5-102.dat	upx
behavioral2/files/0x00070000000233f4-97.dat	upx
behavioral2/files/0x00070000000233f2-87.dat	upx
behavioral2/files/0x00070000000233f1-82.dat	upx
behavioral2/files/0x00070000000233f0-77.dat	upx
behavioral2/files/0x00070000000233ef-72.dat	upx
behavioral2/files/0x00070000000233ee-67.dat	upx
behavioral2/files/0x00070000000233ed-60.dat	upx
behavioral2/memory/4988-58-0x00007FF649600000-0x00007FF649954000-memory.dmp	upx
behavioral2/files/0x00070000000233ec-53.dat	upx
behavioral2/files/0x00070000000233eb-52.dat	upx
behavioral2/memory/1036-50-0x00007FF6B95E0000-0x00007FF6B9934000-memory.dmp	upx
behavioral2/memory/2616-49-0x00007FF6180D0000-0x00007FF618424000-memory.dmp	upx
behavioral2/memory/1724-43-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp	upx
behavioral2/files/0x00070000000233e9-40.dat	upx
behavioral2/memory/4892-29-0x00007FF693110000-0x00007FF693464000-memory.dmp	upx
behavioral2/memory/3732-17-0x00007FF76ABC0000-0x00007FF76AF14000-memory.dmp	upx
behavioral2/memory/4668-688-0x00007FF6E4270000-0x00007FF6E45C4000-memory.dmp	upx
behavioral2/memory/3404-689-0x00007FF62E5F0000-0x00007FF62E944000-memory.dmp	upx
behavioral2/memory/4548-692-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp	upx
behavioral2/memory/5004-690-0x00007FF61D8C0000-0x00007FF61DC14000-memory.dmp	upx
behavioral2/memory/440-691-0x00007FF72C7C0000-0x00007FF72CB14000-memory.dmp	upx
behavioral2/memory/2412-693-0x00007FF721600000-0x00007FF721954000-memory.dmp	upx
behavioral2/memory/4192-694-0x00007FF722EF0000-0x00007FF723244000-memory.dmp	upx
behavioral2/memory/4576-695-0x00007FF79B000000-0x00007FF79B354000-memory.dmp	upx
behavioral2/memory/4068-696-0x00007FF7308B0000-0x00007FF730C04000-memory.dmp	upx
behavioral2/memory/3768-697-0x00007FF75ACB0000-0x00007FF75B004000-memory.dmp	upx
behavioral2/memory/2028-698-0x00007FF730640000-0x00007FF730994000-memory.dmp	upx
behavioral2/memory/3108-723-0x00007FF719680000-0x00007FF7199D4000-memory.dmp	upx
behavioral2/memory/4648-719-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp	upx
behavioral2/memory/3428-711-0x00007FF770F90000-0x00007FF7712E4000-memory.dmp	upx
behavioral2/memory/4252-710-0x00007FF7E2980000-0x00007FF7E2CD4000-memory.dmp	upx
behavioral2/memory/4128-706-0x00007FF74B4C0000-0x00007FF74B814000-memory.dmp	upx
behavioral2/memory/1096-704-0x00007FF6E4350000-0x00007FF6E46A4000-memory.dmp	upx
behavioral2/memory/3056-729-0x00007FF703BA0000-0x00007FF703EF4000-memory.dmp	upx
behavioral2/memory/1764-736-0x00007FF7D6FB0000-0x00007FF7D7304000-memory.dmp	upx
behavioral2/memory/4992-748-0x00007FF69F630000-0x00007FF69F984000-memory.dmp	upx
behavioral2/memory/1044-745-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	upx
behavioral2/memory/744-740-0x00007FF799A10000-0x00007FF799D64000-memory.dmp	upx
behavioral2/memory/3524-2104-0x00007FF771D10000-0x00007FF772064000-memory.dmp	upx
behavioral2/memory/1724-2106-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pBTvnYi.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\QzLtArQ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\ENAGzdj.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\vyKtnZZ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\BCQqxgL.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\DNuMaMn.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\GrsYRgH.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\Uojqjmq.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\UlttMqW.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\EtztZni.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\UlmYBMI.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\QTLmfat.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\IjvFjvG.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\teJaEaC.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\CjlpUry.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\yBKLZKy.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\caNeksf.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\zOtTlxH.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\PtQgqHG.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\seSlKlk.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\QAwvirY.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\KywnIrL.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\gbgjILO.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\zlobSLi.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\XooMFdJ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\RQNkIJW.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\pXIkmeG.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\gZupBVo.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\EDQtLXj.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\XRZSkzQ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\JaUVwfc.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\GITOzxk.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\xrcpphc.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\jixneTT.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\DNTqLNP.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\noIePNA.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\quOdAks.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\WaEEHTO.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\AgMvmVZ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\TjTEKBt.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\fvOSrTx.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\HyDvieF.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\nndkqei.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\shJYost.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\JmIuhOv.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\DtShwkA.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\Ecgwhmm.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\Wkjqpfs.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\gKyZuhm.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\iXcXqfn.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\YxySmeU.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\tGEnLpQ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\LhfZEzl.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\PXVnVSm.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\AbKMafY.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\bvGDThO.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\uyUFDFL.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\oJprzeJ.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\lDTqNRm.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\MiKxgDh.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\YbNeBWo.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\DUyvWqf.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\cqnVlHj.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
File created	C:\Windows\System\mkctEMX.exe	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7272	dwm.exe
Token: SeChangeNotifyPrivilege	7272	dwm.exe
Token: 33	7272	dwm.exe
Token: SeIncBasePriorityPrivilege	7272	dwm.exe
Token: SeShutdownPrivilege	7272	dwm.exe
Token: SeCreatePagefilePrivilege	7272	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 3732	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	84
PID 3524 wrote to memory of 3732	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	84
PID 3524 wrote to memory of 2892	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	85
PID 3524 wrote to memory of 2892	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	85
PID 3524 wrote to memory of 1724	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	86
PID 3524 wrote to memory of 1724	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	86
PID 3524 wrote to memory of 4892	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	87
PID 3524 wrote to memory of 4892	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	87
PID 3524 wrote to memory of 4668	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	88
PID 3524 wrote to memory of 4668	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	88
PID 3524 wrote to memory of 2616	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	89
PID 3524 wrote to memory of 2616	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	89
PID 3524 wrote to memory of 3404	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	90
PID 3524 wrote to memory of 3404	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	90
PID 3524 wrote to memory of 1036	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	91
PID 3524 wrote to memory of 1036	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	91
PID 3524 wrote to memory of 4988	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	92
PID 3524 wrote to memory of 4988	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	92
PID 3524 wrote to memory of 5004	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	93
PID 3524 wrote to memory of 5004	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	93
PID 3524 wrote to memory of 4992	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	94
PID 3524 wrote to memory of 4992	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	94
PID 3524 wrote to memory of 440	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	95
PID 3524 wrote to memory of 440	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	95
PID 3524 wrote to memory of 4548	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	96
PID 3524 wrote to memory of 4548	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	96
PID 3524 wrote to memory of 2412	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	97
PID 3524 wrote to memory of 2412	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	97
PID 3524 wrote to memory of 4192	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	98
PID 3524 wrote to memory of 4192	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	98
PID 3524 wrote to memory of 4576	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	99
PID 3524 wrote to memory of 4576	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	99
PID 3524 wrote to memory of 4068	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	100
PID 3524 wrote to memory of 4068	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	100
PID 3524 wrote to memory of 3768	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	101
PID 3524 wrote to memory of 3768	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	101
PID 3524 wrote to memory of 2028	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	102
PID 3524 wrote to memory of 2028	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	102
PID 3524 wrote to memory of 1096	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	103
PID 3524 wrote to memory of 1096	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	103
PID 3524 wrote to memory of 4128	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	104
PID 3524 wrote to memory of 4128	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	104
PID 3524 wrote to memory of 4252	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	105
PID 3524 wrote to memory of 4252	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	105
PID 3524 wrote to memory of 3428	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	106
PID 3524 wrote to memory of 3428	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	106
PID 3524 wrote to memory of 4648	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	107
PID 3524 wrote to memory of 4648	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	107
PID 3524 wrote to memory of 3108	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	108
PID 3524 wrote to memory of 3108	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	108
PID 3524 wrote to memory of 3056	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	109
PID 3524 wrote to memory of 3056	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	109
PID 3524 wrote to memory of 1764	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	110
PID 3524 wrote to memory of 1764	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	110
PID 3524 wrote to memory of 744	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	111
PID 3524 wrote to memory of 744	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	111
PID 3524 wrote to memory of 1044	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	112
PID 3524 wrote to memory of 1044	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	112
PID 3524 wrote to memory of 4184	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	113
PID 3524 wrote to memory of 4184	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	113
PID 3524 wrote to memory of 1644	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	114
PID 3524 wrote to memory of 1644	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	114
PID 3524 wrote to memory of 4908	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	115
PID 3524 wrote to memory of 4908	3524	virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe	115

C:\Users\Admin\AppData\Local\Temp\virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_13a7a9ec802772b8e8538b00aa0692e0.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\System\dsoGWQU.exe
  C:\Windows\System\dsoGWQU.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\ykabnUC.exe
  C:\Windows\System\ykabnUC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YQtFJiv.exe
  C:\Windows\System\YQtFJiv.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\iTLuLWK.exe
  C:\Windows\System\iTLuLWK.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\thQDLji.exe
  C:\Windows\System\thQDLji.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\qYseUaV.exe
  C:\Windows\System\qYseUaV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\rxSvVBb.exe
  C:\Windows\System\rxSvVBb.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\LgsTdLI.exe
  C:\Windows\System\LgsTdLI.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\PYshoRr.exe
  C:\Windows\System\PYshoRr.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\GrbNybK.exe
  C:\Windows\System\GrbNybK.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\TCAVObF.exe
  C:\Windows\System\TCAVObF.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\pZbInQN.exe
  C:\Windows\System\pZbInQN.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\EnidEiS.exe
  C:\Windows\System\EnidEiS.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\UGnCTZu.exe
  C:\Windows\System\UGnCTZu.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\oxtFrDh.exe
  C:\Windows\System\oxtFrDh.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\OwQfCRN.exe
  C:\Windows\System\OwQfCRN.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\PTOLSuc.exe
  C:\Windows\System\PTOLSuc.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\WQAwRzG.exe
  C:\Windows\System\WQAwRzG.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\OvBpQds.exe
  C:\Windows\System\OvBpQds.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\hwBfADX.exe
  C:\Windows\System\hwBfADX.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zpRCYwJ.exe
  C:\Windows\System\zpRCYwJ.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\xPFVDNQ.exe
  C:\Windows\System\xPFVDNQ.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\KRavJcV.exe
  C:\Windows\System\KRavJcV.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\evLAOmV.exe
  C:\Windows\System\evLAOmV.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\vuwUriN.exe
  C:\Windows\System\vuwUriN.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\xmSAtfA.exe
  C:\Windows\System\xmSAtfA.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\MxaSAWj.exe
  C:\Windows\System\MxaSAWj.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\oJprzeJ.exe
  C:\Windows\System\oJprzeJ.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\JaviFBz.exe
  C:\Windows\System\JaviFBz.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\MNXyTaP.exe
  C:\Windows\System\MNXyTaP.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\AgMvmVZ.exe
  C:\Windows\System\AgMvmVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\UXptaUb.exe
  C:\Windows\System\UXptaUb.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\EUBkScq.exe
  C:\Windows\System\EUBkScq.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\dEcopEM.exe
  C:\Windows\System\dEcopEM.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\HFiEcDO.exe
  C:\Windows\System\HFiEcDO.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\mHnvowa.exe
  C:\Windows\System\mHnvowa.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\kozlupQ.exe
  C:\Windows\System\kozlupQ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\TChmYgl.exe
  C:\Windows\System\TChmYgl.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\XDouwfB.exe
  C:\Windows\System\XDouwfB.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\vOltsBS.exe
  C:\Windows\System\vOltsBS.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\DXQtPnJ.exe
  C:\Windows\System\DXQtPnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\sKMMcgN.exe
  C:\Windows\System\sKMMcgN.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\cCscIht.exe
  C:\Windows\System\cCscIht.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\FkvZPMp.exe
  C:\Windows\System\FkvZPMp.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\PecYxqM.exe
  C:\Windows\System\PecYxqM.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\hkHxpHA.exe
  C:\Windows\System\hkHxpHA.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\PbNrHts.exe
  C:\Windows\System\PbNrHts.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\deafohR.exe
  C:\Windows\System\deafohR.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\NiRfHEc.exe
  C:\Windows\System\NiRfHEc.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\NvgJYLu.exe
  C:\Windows\System\NvgJYLu.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\zzVeGKV.exe
  C:\Windows\System\zzVeGKV.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\actQfBj.exe
  C:\Windows\System\actQfBj.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\vkKiBPA.exe
  C:\Windows\System\vkKiBPA.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\JrZzLKu.exe
  C:\Windows\System\JrZzLKu.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\aEgXVMR.exe
  C:\Windows\System\aEgXVMR.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\iViYvgp.exe
  C:\Windows\System\iViYvgp.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\AwyvBYH.exe
  C:\Windows\System\AwyvBYH.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\JlkpKAH.exe
  C:\Windows\System\JlkpKAH.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\QoXOGQE.exe
  C:\Windows\System\QoXOGQE.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\hzPLBlS.exe
  C:\Windows\System\hzPLBlS.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\NfnmvUj.exe
  C:\Windows\System\NfnmvUj.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\oBSfOqA.exe
  C:\Windows\System\oBSfOqA.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\CNbQaHq.exe
  C:\Windows\System\CNbQaHq.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\DWEflEB.exe
  C:\Windows\System\DWEflEB.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\iDNAlLO.exe
  C:\Windows\System\iDNAlLO.exe
  2⤵
  PID:4332
- C:\Windows\System\iXcXqfn.exe
  C:\Windows\System\iXcXqfn.exe
  2⤵
  PID:520
- C:\Windows\System\wdhFEwJ.exe
  C:\Windows\System\wdhFEwJ.exe
  2⤵
  PID:3876
- C:\Windows\System\CCymgwx.exe
  C:\Windows\System\CCymgwx.exe
  2⤵
  PID:4580
- C:\Windows\System\MezJBOx.exe
  C:\Windows\System\MezJBOx.exe
  2⤵
  PID:2636
- C:\Windows\System\nPVcpBK.exe
  C:\Windows\System\nPVcpBK.exe
  2⤵
  PID:4304
- C:\Windows\System\KywnIrL.exe
  C:\Windows\System\KywnIrL.exe
  2⤵
  PID:2824
- C:\Windows\System\CKKoZZa.exe
  C:\Windows\System\CKKoZZa.exe
  2⤵
  PID:2100
- C:\Windows\System\iBNQyWV.exe
  C:\Windows\System\iBNQyWV.exe
  2⤵
  PID:4460
- C:\Windows\System\FZorCxp.exe
  C:\Windows\System\FZorCxp.exe
  2⤵
  PID:1548
- C:\Windows\System\CPipZWZ.exe
  C:\Windows\System\CPipZWZ.exe
  2⤵
  PID:2284
- C:\Windows\System\TEZPPmq.exe
  C:\Windows\System\TEZPPmq.exe
  2⤵
  PID:4492
- C:\Windows\System\lDTqNRm.exe
  C:\Windows\System\lDTqNRm.exe
  2⤵
  PID:3676
- C:\Windows\System\iVHgdiY.exe
  C:\Windows\System\iVHgdiY.exe
  2⤵
  PID:1232
- C:\Windows\System\TyZOHlK.exe
  C:\Windows\System\TyZOHlK.exe
  2⤵
  PID:3172
- C:\Windows\System\eAOqvOH.exe
  C:\Windows\System\eAOqvOH.exe
  2⤵
  PID:5132
- C:\Windows\System\oRCkYAB.exe
  C:\Windows\System\oRCkYAB.exe
  2⤵
  PID:5160
- C:\Windows\System\AHQDtkI.exe
  C:\Windows\System\AHQDtkI.exe
  2⤵
  PID:5188
- C:\Windows\System\PKNcSmp.exe
  C:\Windows\System\PKNcSmp.exe
  2⤵
  PID:5216
- C:\Windows\System\wxqJmrL.exe
  C:\Windows\System\wxqJmrL.exe
  2⤵
  PID:5244
- C:\Windows\System\YBGSuTl.exe
  C:\Windows\System\YBGSuTl.exe
  2⤵
  PID:5276
- C:\Windows\System\yZieqxD.exe
  C:\Windows\System\yZieqxD.exe
  2⤵
  PID:5300
- C:\Windows\System\TzCeYHR.exe
  C:\Windows\System\TzCeYHR.exe
  2⤵
  PID:5328
- C:\Windows\System\EmXpfJU.exe
  C:\Windows\System\EmXpfJU.exe
  2⤵
  PID:5356
- C:\Windows\System\LQtqUIa.exe
  C:\Windows\System\LQtqUIa.exe
  2⤵
  PID:5388
- C:\Windows\System\nWrXXAS.exe
  C:\Windows\System\nWrXXAS.exe
  2⤵
  PID:5416
- C:\Windows\System\aELLoSG.exe
  C:\Windows\System\aELLoSG.exe
  2⤵
  PID:5440
- C:\Windows\System\HxJumtG.exe
  C:\Windows\System\HxJumtG.exe
  2⤵
  PID:5460
- C:\Windows\System\AyuTfZh.exe
  C:\Windows\System\AyuTfZh.exe
  2⤵
  PID:5488
- C:\Windows\System\jOkIlJu.exe
  C:\Windows\System\jOkIlJu.exe
  2⤵
  PID:5516
- C:\Windows\System\shJYost.exe
  C:\Windows\System\shJYost.exe
  2⤵
  PID:5544
- C:\Windows\System\yzwrEAp.exe
  C:\Windows\System\yzwrEAp.exe
  2⤵
  PID:5572
- C:\Windows\System\cUoOMdE.exe
  C:\Windows\System\cUoOMdE.exe
  2⤵
  PID:5600
- C:\Windows\System\MiKxgDh.exe
  C:\Windows\System\MiKxgDh.exe
  2⤵
  PID:5628
- C:\Windows\System\TkFyDNB.exe
  C:\Windows\System\TkFyDNB.exe
  2⤵
  PID:5656
- C:\Windows\System\hcYgRYl.exe
  C:\Windows\System\hcYgRYl.exe
  2⤵
  PID:5684
- C:\Windows\System\BWnfrqi.exe
  C:\Windows\System\BWnfrqi.exe
  2⤵
  PID:5712
- C:\Windows\System\iaFhIyl.exe
  C:\Windows\System\iaFhIyl.exe
  2⤵
  PID:5740
- C:\Windows\System\aHTEAFr.exe
  C:\Windows\System\aHTEAFr.exe
  2⤵
  PID:5768
- C:\Windows\System\WjyjUnI.exe
  C:\Windows\System\WjyjUnI.exe
  2⤵
  PID:5796
- C:\Windows\System\GMZRWJs.exe
  C:\Windows\System\GMZRWJs.exe
  2⤵
  PID:5824
- C:\Windows\System\ExKytUO.exe
  C:\Windows\System\ExKytUO.exe
  2⤵
  PID:5852
- C:\Windows\System\gjYocuA.exe
  C:\Windows\System\gjYocuA.exe
  2⤵
  PID:5880
- C:\Windows\System\bjSqkbo.exe
  C:\Windows\System\bjSqkbo.exe
  2⤵
  PID:5908
- C:\Windows\System\vUIGKYR.exe
  C:\Windows\System\vUIGKYR.exe
  2⤵
  PID:5936
- C:\Windows\System\XbctVaE.exe
  C:\Windows\System\XbctVaE.exe
  2⤵
  PID:5964
- C:\Windows\System\oebhHnN.exe
  C:\Windows\System\oebhHnN.exe
  2⤵
  PID:5992
- C:\Windows\System\CjlpUry.exe
  C:\Windows\System\CjlpUry.exe
  2⤵
  PID:6020
- C:\Windows\System\FCFgYOh.exe
  C:\Windows\System\FCFgYOh.exe
  2⤵
  PID:6048
- C:\Windows\System\KBQikHE.exe
  C:\Windows\System\KBQikHE.exe
  2⤵
  PID:6076
- C:\Windows\System\rZpWEXk.exe
  C:\Windows\System\rZpWEXk.exe
  2⤵
  PID:6104
- C:\Windows\System\fXFCcjS.exe
  C:\Windows\System\fXFCcjS.exe
  2⤵
  PID:6132
- C:\Windows\System\cdtWdPD.exe
  C:\Windows\System\cdtWdPD.exe
  2⤵
  PID:3928
- C:\Windows\System\xrcpphc.exe
  C:\Windows\System\xrcpphc.exe
  2⤵
  PID:4076
- C:\Windows\System\Tqcoxbn.exe
  C:\Windows\System\Tqcoxbn.exe
  2⤵
  PID:1536
- C:\Windows\System\kqeiMqs.exe
  C:\Windows\System\kqeiMqs.exe
  2⤵
  PID:3744
- C:\Windows\System\gbgjILO.exe
  C:\Windows\System\gbgjILO.exe
  2⤵
  PID:1908
- C:\Windows\System\gNuPyCf.exe
  C:\Windows\System\gNuPyCf.exe
  2⤵
  PID:392
- C:\Windows\System\QHmLcWl.exe
  C:\Windows\System\QHmLcWl.exe
  2⤵
  PID:5156
- C:\Windows\System\QPrgiOF.exe
  C:\Windows\System\QPrgiOF.exe
  2⤵
  PID:5212
- C:\Windows\System\veVkJzR.exe
  C:\Windows\System\veVkJzR.exe
  2⤵
  PID:5288
- C:\Windows\System\rRMXtGw.exe
  C:\Windows\System\rRMXtGw.exe
  2⤵
  PID:5348
- C:\Windows\System\IYmpscy.exe
  C:\Windows\System\IYmpscy.exe
  2⤵
  PID:5404
- C:\Windows\System\BnuJtfF.exe
  C:\Windows\System\BnuJtfF.exe
  2⤵
  PID:5472
- C:\Windows\System\YxySmeU.exe
  C:\Windows\System\YxySmeU.exe
  2⤵
  PID:5532
- C:\Windows\System\DMtKuzw.exe
  C:\Windows\System\DMtKuzw.exe
  2⤵
  PID:5592
- C:\Windows\System\rvntjGh.exe
  C:\Windows\System\rvntjGh.exe
  2⤵
  PID:5668
- C:\Windows\System\HMqUjrf.exe
  C:\Windows\System\HMqUjrf.exe
  2⤵
  PID:5728
- C:\Windows\System\uMNmcka.exe
  C:\Windows\System\uMNmcka.exe
  2⤵
  PID:5792
- C:\Windows\System\AsUvMDN.exe
  C:\Windows\System\AsUvMDN.exe
  2⤵
  PID:5864
- C:\Windows\System\JmIuhOv.exe
  C:\Windows\System\JmIuhOv.exe
  2⤵
  PID:5924
- C:\Windows\System\cemIhvB.exe
  C:\Windows\System\cemIhvB.exe
  2⤵
  PID:5984
- C:\Windows\System\FvaWGRh.exe
  C:\Windows\System\FvaWGRh.exe
  2⤵
  PID:6040
- C:\Windows\System\xtcRqsN.exe
  C:\Windows\System\xtcRqsN.exe
  2⤵
  PID:6116
- C:\Windows\System\XKztrQL.exe
  C:\Windows\System\XKztrQL.exe
  2⤵
  PID:3464
- C:\Windows\System\mrtmxaz.exe
  C:\Windows\System\mrtmxaz.exe
  2⤵
  PID:3696
- C:\Windows\System\ExadjjU.exe
  C:\Windows\System\ExadjjU.exe
  2⤵
  PID:4720
- C:\Windows\System\sFIueSW.exe
  C:\Windows\System\sFIueSW.exe
  2⤵
  PID:5240
- C:\Windows\System\vjLMZBD.exe
  C:\Windows\System\vjLMZBD.exe
  2⤵
  PID:5376
- C:\Windows\System\ZKzwVma.exe
  C:\Windows\System\ZKzwVma.exe
  2⤵
  PID:5504
- C:\Windows\System\SEUVLxZ.exe
  C:\Windows\System\SEUVLxZ.exe
  2⤵
  PID:5640
- C:\Windows\System\QVYGBUb.exe
  C:\Windows\System\QVYGBUb.exe
  2⤵
  PID:2392
- C:\Windows\System\DesEcug.exe
  C:\Windows\System\DesEcug.exe
  2⤵
  PID:5892
- C:\Windows\System\XaQrSZK.exe
  C:\Windows\System\XaQrSZK.exe
  2⤵
  PID:6012
- C:\Windows\System\vWiqplK.exe
  C:\Windows\System\vWiqplK.exe
  2⤵
  PID:4116
- C:\Windows\System\QGwIHvm.exe
  C:\Windows\System\QGwIHvm.exe
  2⤵
  PID:6172
- C:\Windows\System\vcbKdwE.exe
  C:\Windows\System\vcbKdwE.exe
  2⤵
  PID:6200
- C:\Windows\System\JeyNkgx.exe
  C:\Windows\System\JeyNkgx.exe
  2⤵
  PID:6228
- C:\Windows\System\vOwNUwO.exe
  C:\Windows\System\vOwNUwO.exe
  2⤵
  PID:6256
- C:\Windows\System\zvnlQIo.exe
  C:\Windows\System\zvnlQIo.exe
  2⤵
  PID:6284
- C:\Windows\System\foQrpjt.exe
  C:\Windows\System\foQrpjt.exe
  2⤵
  PID:6312
- C:\Windows\System\WICRIai.exe
  C:\Windows\System\WICRIai.exe
  2⤵
  PID:6340
- C:\Windows\System\CMpKRkM.exe
  C:\Windows\System\CMpKRkM.exe
  2⤵
  PID:6368
- C:\Windows\System\GyaHWVL.exe
  C:\Windows\System\GyaHWVL.exe
  2⤵
  PID:6396
- C:\Windows\System\HmDVpoA.exe
  C:\Windows\System\HmDVpoA.exe
  2⤵
  PID:6424
- C:\Windows\System\etTcREN.exe
  C:\Windows\System\etTcREN.exe
  2⤵
  PID:6452
- C:\Windows\System\LhfZEzl.exe
  C:\Windows\System\LhfZEzl.exe
  2⤵
  PID:6480
- C:\Windows\System\cmyBPuM.exe
  C:\Windows\System\cmyBPuM.exe
  2⤵
  PID:6504
- C:\Windows\System\Zhriiet.exe
  C:\Windows\System\Zhriiet.exe
  2⤵
  PID:6536
- C:\Windows\System\Uojqjmq.exe
  C:\Windows\System\Uojqjmq.exe
  2⤵
  PID:6564
- C:\Windows\System\LFDLICB.exe
  C:\Windows\System\LFDLICB.exe
  2⤵
  PID:6592
- C:\Windows\System\RmeUpiE.exe
  C:\Windows\System\RmeUpiE.exe
  2⤵
  PID:6620
- C:\Windows\System\ijTaapE.exe
  C:\Windows\System\ijTaapE.exe
  2⤵
  PID:6644
- C:\Windows\System\DtShwkA.exe
  C:\Windows\System\DtShwkA.exe
  2⤵
  PID:6676
- C:\Windows\System\dpjffZy.exe
  C:\Windows\System\dpjffZy.exe
  2⤵
  PID:6704
- C:\Windows\System\dJMrHRF.exe
  C:\Windows\System\dJMrHRF.exe
  2⤵
  PID:6732
- C:\Windows\System\TzyXtaU.exe
  C:\Windows\System\TzyXtaU.exe
  2⤵
  PID:6760
- C:\Windows\System\uluYXkW.exe
  C:\Windows\System\uluYXkW.exe
  2⤵
  PID:6788
- C:\Windows\System\NtDrbun.exe
  C:\Windows\System\NtDrbun.exe
  2⤵
  PID:6816
- C:\Windows\System\FKdCmGn.exe
  C:\Windows\System\FKdCmGn.exe
  2⤵
  PID:6844
- C:\Windows\System\qNfPIZt.exe
  C:\Windows\System\qNfPIZt.exe
  2⤵
  PID:6872
- C:\Windows\System\GuUXwxL.exe
  C:\Windows\System\GuUXwxL.exe
  2⤵
  PID:6900
- C:\Windows\System\IqZKupB.exe
  C:\Windows\System\IqZKupB.exe
  2⤵
  PID:6928
- C:\Windows\System\tdfWlDE.exe
  C:\Windows\System\tdfWlDE.exe
  2⤵
  PID:6956
- C:\Windows\System\OYXUirP.exe
  C:\Windows\System\OYXUirP.exe
  2⤵
  PID:6984
- C:\Windows\System\MRtdPkp.exe
  C:\Windows\System\MRtdPkp.exe
  2⤵
  PID:7012
- C:\Windows\System\EYahiIC.exe
  C:\Windows\System\EYahiIC.exe
  2⤵
  PID:7040
- C:\Windows\System\IzCPFqG.exe
  C:\Windows\System\IzCPFqG.exe
  2⤵
  PID:7068
- C:\Windows\System\zzKiPJY.exe
  C:\Windows\System\zzKiPJY.exe
  2⤵
  PID:7092
- C:\Windows\System\PxEaNJZ.exe
  C:\Windows\System\PxEaNJZ.exe
  2⤵
  PID:7124
- C:\Windows\System\AsbFgoY.exe
  C:\Windows\System\AsbFgoY.exe
  2⤵
  PID:7152
- C:\Windows\System\tvMgGsE.exe
  C:\Windows\System\tvMgGsE.exe
  2⤵
  PID:3032
- C:\Windows\System\awFWbEv.exe
  C:\Windows\System\awFWbEv.exe
  2⤵
  PID:5316
- C:\Windows\System\AucWsHW.exe
  C:\Windows\System\AucWsHW.exe
  2⤵
  PID:5584
- C:\Windows\System\QzLtArQ.exe
  C:\Windows\System\QzLtArQ.exe
  2⤵
  PID:5836
- C:\Windows\System\XqbYDLr.exe
  C:\Windows\System\XqbYDLr.exe
  2⤵
  PID:4984
- C:\Windows\System\lbaPEQd.exe
  C:\Windows\System\lbaPEQd.exe
  2⤵
  PID:6212
- C:\Windows\System\ixGBlhv.exe
  C:\Windows\System\ixGBlhv.exe
  2⤵
  PID:6272
- C:\Windows\System\ZPQBhEc.exe
  C:\Windows\System\ZPQBhEc.exe
  2⤵
  PID:6328
- C:\Windows\System\LrxXBOH.exe
  C:\Windows\System\LrxXBOH.exe
  2⤵
  PID:2660
- C:\Windows\System\UiRCOLW.exe
  C:\Windows\System\UiRCOLW.exe
  2⤵
  PID:6444
- C:\Windows\System\tavClcc.exe
  C:\Windows\System\tavClcc.exe
  2⤵
  PID:4644
- C:\Windows\System\ZkmRnDA.exe
  C:\Windows\System\ZkmRnDA.exe
  2⤵
  PID:6576
- C:\Windows\System\yCHfZqg.exe
  C:\Windows\System\yCHfZqg.exe
  2⤵
  PID:6632
- C:\Windows\System\pCMfkSl.exe
  C:\Windows\System\pCMfkSl.exe
  2⤵
  PID:6692
- C:\Windows\System\sfeGRcZ.exe
  C:\Windows\System\sfeGRcZ.exe
  2⤵
  PID:3960
- C:\Windows\System\MfYqoxJ.exe
  C:\Windows\System\MfYqoxJ.exe
  2⤵
  PID:6804
- C:\Windows\System\EizBByK.exe
  C:\Windows\System\EizBByK.exe
  2⤵
  PID:6864
- C:\Windows\System\HyDvieF.exe
  C:\Windows\System\HyDvieF.exe
  2⤵
  PID:1532
- C:\Windows\System\odZGRnu.exe
  C:\Windows\System\odZGRnu.exe
  2⤵
  PID:3664
- C:\Windows\System\RQNkIJW.exe
  C:\Windows\System\RQNkIJW.exe
  2⤵
  PID:7028
- C:\Windows\System\aUWxRuL.exe
  C:\Windows\System\aUWxRuL.exe
  2⤵
  PID:7088
- C:\Windows\System\usxvmLa.exe
  C:\Windows\System\usxvmLa.exe
  2⤵
  PID:212
- C:\Windows\System\hSjprau.exe
  C:\Windows\System\hSjprau.exe
  2⤵
  PID:6356
- C:\Windows\System\bWDwZes.exe
  C:\Windows\System\bWDwZes.exe
  2⤵
  PID:6492
- C:\Windows\System\ysPfukr.exe
  C:\Windows\System\ysPfukr.exe
  2⤵
  PID:6660
- C:\Windows\System\IgrcObY.exe
  C:\Windows\System\IgrcObY.exe
  2⤵
  PID:6724
- C:\Windows\System\uygmYoL.exe
  C:\Windows\System\uygmYoL.exe
  2⤵
  PID:4532
- C:\Windows\System\QBVEQbA.exe
  C:\Windows\System\QBVEQbA.exe
  2⤵
  PID:6800
- C:\Windows\System\tcUTLan.exe
  C:\Windows\System\tcUTLan.exe
  2⤵
  PID:1168
- C:\Windows\System\IlhWPKm.exe
  C:\Windows\System\IlhWPKm.exe
  2⤵
  PID:6892
- C:\Windows\System\PXVnVSm.exe
  C:\Windows\System\PXVnVSm.exe
  2⤵
  PID:3952
- C:\Windows\System\LEslpey.exe
  C:\Windows\System\LEslpey.exe
  2⤵
  PID:7080
- C:\Windows\System\FSymmsA.exe
  C:\Windows\System\FSymmsA.exe
  2⤵
  PID:4412
- C:\Windows\System\WlsFqCa.exe
  C:\Windows\System\WlsFqCa.exe
  2⤵
  PID:6092
- C:\Windows\System\aQPtYZm.exe
  C:\Windows\System\aQPtYZm.exe
  2⤵
  PID:808
- C:\Windows\System\CwWgszg.exe
  C:\Windows\System\CwWgszg.exe
  2⤵
  PID:7136
- C:\Windows\System\daGCUYU.exe
  C:\Windows\System\daGCUYU.exe
  2⤵
  PID:972
- C:\Windows\System\WPejkeT.exe
  C:\Windows\System\WPejkeT.exe
  2⤵
  PID:2304
- C:\Windows\System\UEaDnUx.exe
  C:\Windows\System\UEaDnUx.exe
  2⤵
  PID:1504
- C:\Windows\System\fEgAmPh.exe
  C:\Windows\System\fEgAmPh.exe
  2⤵
  PID:7056
- C:\Windows\System\jHKgHxH.exe
  C:\Windows\System\jHKgHxH.exe
  2⤵
  PID:7172
- C:\Windows\System\JnMFdrv.exe
  C:\Windows\System\JnMFdrv.exe
  2⤵
  PID:7192
- C:\Windows\System\ccLksiP.exe
  C:\Windows\System\ccLksiP.exe
  2⤵
  PID:7284
- C:\Windows\System\UlttMqW.exe
  C:\Windows\System\UlttMqW.exe
  2⤵
  PID:7308
- C:\Windows\System\VlDoBAS.exe
  C:\Windows\System\VlDoBAS.exe
  2⤵
  PID:7328
- C:\Windows\System\mvoJSSU.exe
  C:\Windows\System\mvoJSSU.exe
  2⤵
  PID:7344
- C:\Windows\System\uyWogFB.exe
  C:\Windows\System\uyWogFB.exe
  2⤵
  PID:7360
- C:\Windows\System\MBaoGaP.exe
  C:\Windows\System\MBaoGaP.exe
  2⤵
  PID:7388
- C:\Windows\System\xoZONMl.exe
  C:\Windows\System\xoZONMl.exe
  2⤵
  PID:7420
- C:\Windows\System\rHUAGOu.exe
  C:\Windows\System\rHUAGOu.exe
  2⤵
  PID:7476
- C:\Windows\System\IrPGgCv.exe
  C:\Windows\System\IrPGgCv.exe
  2⤵
  PID:7508
- C:\Windows\System\VzJPpAi.exe
  C:\Windows\System\VzJPpAi.exe
  2⤵
  PID:7528
- C:\Windows\System\zlobSLi.exe
  C:\Windows\System\zlobSLi.exe
  2⤵
  PID:7572
- C:\Windows\System\rXBGPWM.exe
  C:\Windows\System\rXBGPWM.exe
  2⤵
  PID:7596
- C:\Windows\System\reWDwHG.exe
  C:\Windows\System\reWDwHG.exe
  2⤵
  PID:7628
- C:\Windows\System\QeytrVM.exe
  C:\Windows\System\QeytrVM.exe
  2⤵
  PID:7664
- C:\Windows\System\fbaMFLU.exe
  C:\Windows\System\fbaMFLU.exe
  2⤵
  PID:7692
- C:\Windows\System\KtFRIPI.exe
  C:\Windows\System\KtFRIPI.exe
  2⤵
  PID:7724
- C:\Windows\System\FDPckiu.exe
  C:\Windows\System\FDPckiu.exe
  2⤵
  PID:7752
- C:\Windows\System\jUWyjgH.exe
  C:\Windows\System\jUWyjgH.exe
  2⤵
  PID:7784
- C:\Windows\System\zeUGAAk.exe
  C:\Windows\System\zeUGAAk.exe
  2⤵
  PID:7800
- C:\Windows\System\EDQtLXj.exe
  C:\Windows\System\EDQtLXj.exe
  2⤵
  PID:7840
- C:\Windows\System\dlOuqev.exe
  C:\Windows\System\dlOuqev.exe
  2⤵
  PID:7864
- C:\Windows\System\oSTSDyN.exe
  C:\Windows\System\oSTSDyN.exe
  2⤵
  PID:7892
- C:\Windows\System\pXIkmeG.exe
  C:\Windows\System\pXIkmeG.exe
  2⤵
  PID:7916
- C:\Windows\System\WGasGuv.exe
  C:\Windows\System\WGasGuv.exe
  2⤵
  PID:7944
- C:\Windows\System\vpPUZrz.exe
  C:\Windows\System\vpPUZrz.exe
  2⤵
  PID:7972
- C:\Windows\System\zagAeZl.exe
  C:\Windows\System\zagAeZl.exe
  2⤵
  PID:8000
- C:\Windows\System\WJrxaai.exe
  C:\Windows\System\WJrxaai.exe
  2⤵
  PID:8040
- C:\Windows\System\KpsNxdj.exe
  C:\Windows\System\KpsNxdj.exe
  2⤵
  PID:8060
- C:\Windows\System\yBKLZKy.exe
  C:\Windows\System\yBKLZKy.exe
  2⤵
  PID:8096
- C:\Windows\System\bdcJGqg.exe
  C:\Windows\System\bdcJGqg.exe
  2⤵
  PID:8112
- C:\Windows\System\FHEfpIf.exe
  C:\Windows\System\FHEfpIf.exe
  2⤵
  PID:8152
- C:\Windows\System\PwFjBAU.exe
  C:\Windows\System\PwFjBAU.exe
  2⤵
  PID:8180
- C:\Windows\System\mQmcpig.exe
  C:\Windows\System\mQmcpig.exe
  2⤵
  PID:3808
- C:\Windows\System\fhqrxRD.exe
  C:\Windows\System\fhqrxRD.exe
  2⤵
  PID:2544
- C:\Windows\System\Dzznsim.exe
  C:\Windows\System\Dzznsim.exe
  2⤵
  PID:4380
- C:\Windows\System\EmGABhX.exe
  C:\Windows\System\EmGABhX.exe
  2⤵
  PID:7184
- C:\Windows\System\zOtTlxH.exe
  C:\Windows\System\zOtTlxH.exe
  2⤵
  PID:7224
- C:\Windows\System\swkSUXw.exe
  C:\Windows\System\swkSUXw.exe
  2⤵
  PID:5956
- C:\Windows\System\RtBTZcR.exe
  C:\Windows\System\RtBTZcR.exe
  2⤵
  PID:7304
- C:\Windows\System\MHSjdcd.exe
  C:\Windows\System\MHSjdcd.exe
  2⤵
  PID:7372
- C:\Windows\System\urDSzed.exe
  C:\Windows\System\urDSzed.exe
  2⤵
  PID:7484
- C:\Windows\System\EprhWvO.exe
  C:\Windows\System\EprhWvO.exe
  2⤵
  PID:7516
- C:\Windows\System\sTWYOVf.exe
  C:\Windows\System\sTWYOVf.exe
  2⤵
  PID:7612
- C:\Windows\System\VcNqYSJ.exe
  C:\Windows\System\VcNqYSJ.exe
  2⤵
  PID:7680
- C:\Windows\System\IzjgZhv.exe
  C:\Windows\System\IzjgZhv.exe
  2⤵
  PID:7772
- C:\Windows\System\hHrDkWf.exe
  C:\Windows\System\hHrDkWf.exe
  2⤵
  PID:7660
- C:\Windows\System\mARuHrE.exe
  C:\Windows\System\mARuHrE.exe
  2⤵
  PID:7884
- C:\Windows\System\AgEqEyC.exe
  C:\Windows\System\AgEqEyC.exe
  2⤵
  PID:7956
- C:\Windows\System\VZsuIBk.exe
  C:\Windows\System\VZsuIBk.exe
  2⤵
  PID:7992
- C:\Windows\System\siDcPhf.exe
  C:\Windows\System\siDcPhf.exe
  2⤵
  PID:8052
- C:\Windows\System\XRZSkzQ.exe
  C:\Windows\System\XRZSkzQ.exe
  2⤵
  PID:8136
- C:\Windows\System\oVsUoNc.exe
  C:\Windows\System\oVsUoNc.exe
  2⤵
  PID:6604
- C:\Windows\System\IDmwPDV.exe
  C:\Windows\System\IDmwPDV.exe
  2⤵
  PID:6856
- C:\Windows\System\nRERJdx.exe
  C:\Windows\System\nRERJdx.exe
  2⤵
  PID:6548
- C:\Windows\System\JaUVwfc.exe
  C:\Windows\System\JaUVwfc.exe
  2⤵
  PID:7384
- C:\Windows\System\vkzHLqg.exe
  C:\Windows\System\vkzHLqg.exe
  2⤵
  PID:7416
- C:\Windows\System\NDeSxBg.exe
  C:\Windows\System\NDeSxBg.exe
  2⤵
  PID:7640
- C:\Windows\System\zFXBDpp.exe
  C:\Windows\System\zFXBDpp.exe
  2⤵
  PID:7984
- C:\Windows\System\UujJhAE.exe
  C:\Windows\System\UujJhAE.exe
  2⤵
  PID:8080
- C:\Windows\System\ZrmVpSc.exe
  C:\Windows\System\ZrmVpSc.exe
  2⤵
  PID:8124
- C:\Windows\System\MFDJZPL.exe
  C:\Windows\System\MFDJZPL.exe
  2⤵
  PID:5076
- C:\Windows\System\WMLQHJQ.exe
  C:\Windows\System\WMLQHJQ.exe
  2⤵
  PID:7448
- C:\Windows\System\oiABfDc.exe
  C:\Windows\System\oiABfDc.exe
  2⤵
  PID:7212
- C:\Windows\System\HTQLJoN.exe
  C:\Windows\System\HTQLJoN.exe
  2⤵
  PID:7408
- C:\Windows\System\LDUXzrD.exe
  C:\Windows\System\LDUXzrD.exe
  2⤵
  PID:7936
- C:\Windows\System\TPrOtSL.exe
  C:\Windows\System\TPrOtSL.exe
  2⤵
  PID:8216
- C:\Windows\System\wYeArQo.exe
  C:\Windows\System\wYeArQo.exe
  2⤵
  PID:8244
- C:\Windows\System\JuKUdZb.exe
  C:\Windows\System\JuKUdZb.exe
  2⤵
  PID:8272
- C:\Windows\System\bzovYiH.exe
  C:\Windows\System\bzovYiH.exe
  2⤵
  PID:8288
- C:\Windows\System\geeTgQw.exe
  C:\Windows\System\geeTgQw.exe
  2⤵
  PID:8304
- C:\Windows\System\fQNgzwy.exe
  C:\Windows\System\fQNgzwy.exe
  2⤵
  PID:8368
- C:\Windows\System\yqxoblM.exe
  C:\Windows\System\yqxoblM.exe
  2⤵
  PID:8384
- C:\Windows\System\XpJoTtE.exe
  C:\Windows\System\XpJoTtE.exe
  2⤵
  PID:8412
- C:\Windows\System\wfuBjlT.exe
  C:\Windows\System\wfuBjlT.exe
  2⤵
  PID:8440
- C:\Windows\System\dMIFQfr.exe
  C:\Windows\System\dMIFQfr.exe
  2⤵
  PID:8468
- C:\Windows\System\MxPKZku.exe
  C:\Windows\System\MxPKZku.exe
  2⤵
  PID:8488
- C:\Windows\System\nFbdgse.exe
  C:\Windows\System\nFbdgse.exe
  2⤵
  PID:8524
- C:\Windows\System\PtQgqHG.exe
  C:\Windows\System\PtQgqHG.exe
  2⤵
  PID:8560
- C:\Windows\System\WyDNSOi.exe
  C:\Windows\System\WyDNSOi.exe
  2⤵
  PID:8584
- C:\Windows\System\BcSESjW.exe
  C:\Windows\System\BcSESjW.exe
  2⤵
  PID:8608
- C:\Windows\System\ekTokNy.exe
  C:\Windows\System\ekTokNy.exe
  2⤵
  PID:8636
- C:\Windows\System\Pheicfx.exe
  C:\Windows\System\Pheicfx.exe
  2⤵
  PID:8664
- C:\Windows\System\bULqAMM.exe
  C:\Windows\System\bULqAMM.exe
  2⤵
  PID:8704
- C:\Windows\System\tEgZlcq.exe
  C:\Windows\System\tEgZlcq.exe
  2⤵
  PID:8724
- C:\Windows\System\NLggHYy.exe
  C:\Windows\System\NLggHYy.exe
  2⤵
  PID:8764
- C:\Windows\System\xvctYXl.exe
  C:\Windows\System\xvctYXl.exe
  2⤵
  PID:8784
- C:\Windows\System\iMUXiIx.exe
  C:\Windows\System\iMUXiIx.exe
  2⤵
  PID:8820
- C:\Windows\System\cqnVlHj.exe
  C:\Windows\System\cqnVlHj.exe
  2⤵
  PID:8840
- C:\Windows\System\bcWfYIM.exe
  C:\Windows\System\bcWfYIM.exe
  2⤵
  PID:8868
- C:\Windows\System\PelmtXL.exe
  C:\Windows\System\PelmtXL.exe
  2⤵
  PID:8896
- C:\Windows\System\VtMrAbD.exe
  C:\Windows\System\VtMrAbD.exe
  2⤵
  PID:8924
- C:\Windows\System\AbKMafY.exe
  C:\Windows\System\AbKMafY.exe
  2⤵
  PID:8940
- C:\Windows\System\XvpwVDm.exe
  C:\Windows\System\XvpwVDm.exe
  2⤵
  PID:8976
- C:\Windows\System\xGtlBLz.exe
  C:\Windows\System\xGtlBLz.exe
  2⤵
  PID:9016
- C:\Windows\System\ZYqJBOw.exe
  C:\Windows\System\ZYqJBOw.exe
  2⤵
  PID:9048
- C:\Windows\System\caNeksf.exe
  C:\Windows\System\caNeksf.exe
  2⤵
  PID:9064
- C:\Windows\System\jixneTT.exe
  C:\Windows\System\jixneTT.exe
  2⤵
  PID:9092
- C:\Windows\System\PERfAiL.exe
  C:\Windows\System\PERfAiL.exe
  2⤵
  PID:9120
- C:\Windows\System\ZjFsBUT.exe
  C:\Windows\System\ZjFsBUT.exe
  2⤵
  PID:9160
- C:\Windows\System\kFZJNxA.exe
  C:\Windows\System\kFZJNxA.exe
  2⤵
  PID:9176
- C:\Windows\System\nuTfpxN.exe
  C:\Windows\System\nuTfpxN.exe
  2⤵
  PID:9212
- C:\Windows\System\Dscnaqi.exe
  C:\Windows\System\Dscnaqi.exe
  2⤵
  PID:8212
- C:\Windows\System\IuXsNtA.exe
  C:\Windows\System\IuXsNtA.exe
  2⤵
  PID:8296
- C:\Windows\System\MbtSQxC.exe
  C:\Windows\System\MbtSQxC.exe
  2⤵
  PID:8360
- C:\Windows\System\VdOUbvz.exe
  C:\Windows\System\VdOUbvz.exe
  2⤵
  PID:8428
- C:\Windows\System\REwkAov.exe
  C:\Windows\System\REwkAov.exe
  2⤵
  PID:8536
- C:\Windows\System\DNKUxhy.exe
  C:\Windows\System\DNKUxhy.exe
  2⤵
  PID:8600
- C:\Windows\System\xUimRTH.exe
  C:\Windows\System\xUimRTH.exe
  2⤵
  PID:8624
- C:\Windows\System\dmKKTkZ.exe
  C:\Windows\System\dmKKTkZ.exe
  2⤵
  PID:8688
- C:\Windows\System\fAQyGHg.exe
  C:\Windows\System\fAQyGHg.exe
  2⤵
  PID:8752
- C:\Windows\System\tCadXGa.exe
  C:\Windows\System\tCadXGa.exe
  2⤵
  PID:8780
- C:\Windows\System\FhFTauE.exe
  C:\Windows\System\FhFTauE.exe
  2⤵
  PID:8856
- C:\Windows\System\lEqCmfI.exe
  C:\Windows\System\lEqCmfI.exe
  2⤵
  PID:8904
- C:\Windows\System\JxwzuSU.exe
  C:\Windows\System\JxwzuSU.exe
  2⤵
  PID:8968
- C:\Windows\System\sxPKcWQ.exe
  C:\Windows\System\sxPKcWQ.exe
  2⤵
  PID:9040
- C:\Windows\System\VuwtfPI.exe
  C:\Windows\System\VuwtfPI.exe
  2⤵
  PID:9132
- C:\Windows\System\nPXDAkY.exe
  C:\Windows\System\nPXDAkY.exe
  2⤵
  PID:9172
- C:\Windows\System\YqWuTWG.exe
  C:\Windows\System\YqWuTWG.exe
  2⤵
  PID:8020
- C:\Windows\System\YcRTmnm.exe
  C:\Windows\System\YcRTmnm.exe
  2⤵
  PID:8404
- C:\Windows\System\nxliMRw.exe
  C:\Windows\System\nxliMRw.exe
  2⤵
  PID:8620
- C:\Windows\System\Fhbvtfq.exe
  C:\Windows\System\Fhbvtfq.exe
  2⤵
  PID:8684
- C:\Windows\System\TQqgBDP.exe
  C:\Windows\System\TQqgBDP.exe
  2⤵
  PID:8800
- C:\Windows\System\ENAGzdj.exe
  C:\Windows\System\ENAGzdj.exe
  2⤵
  PID:9036
- C:\Windows\System\xXrNozh.exe
  C:\Windows\System\xXrNozh.exe
  2⤵
  PID:9208
- C:\Windows\System\irPlcap.exe
  C:\Windows\System\irPlcap.exe
  2⤵
  PID:8500
- C:\Windows\System\mrOZpkb.exe
  C:\Windows\System\mrOZpkb.exe
  2⤵
  PID:8936
- C:\Windows\System\vyKtnZZ.exe
  C:\Windows\System\vyKtnZZ.exe
  2⤵
  PID:8200
- C:\Windows\System\btEXgcF.exe
  C:\Windows\System\btEXgcF.exe
  2⤵
  PID:9116
- C:\Windows\System\iPCCgqV.exe
  C:\Windows\System\iPCCgqV.exe
  2⤵
  PID:9240
- C:\Windows\System\ErgSztO.exe
  C:\Windows\System\ErgSztO.exe
  2⤵
  PID:9260
- C:\Windows\System\sivVYMQ.exe
  C:\Windows\System\sivVYMQ.exe
  2⤵
  PID:9284
- C:\Windows\System\plWshCl.exe
  C:\Windows\System\plWshCl.exe
  2⤵
  PID:9312
- C:\Windows\System\CbpAhau.exe
  C:\Windows\System\CbpAhau.exe
  2⤵
  PID:9336
- C:\Windows\System\DNTqLNP.exe
  C:\Windows\System\DNTqLNP.exe
  2⤵
  PID:9368
- C:\Windows\System\fRgsBvg.exe
  C:\Windows\System\fRgsBvg.exe
  2⤵
  PID:9384
- C:\Windows\System\fmxCsYv.exe
  C:\Windows\System\fmxCsYv.exe
  2⤵
  PID:9400
- C:\Windows\System\dSIoQXn.exe
  C:\Windows\System\dSIoQXn.exe
  2⤵
  PID:9432
- C:\Windows\System\sgbGdmU.exe
  C:\Windows\System\sgbGdmU.exe
  2⤵
  PID:9456
- C:\Windows\System\AeljpQU.exe
  C:\Windows\System\AeljpQU.exe
  2⤵
  PID:9492
- C:\Windows\System\ebWacIA.exe
  C:\Windows\System\ebWacIA.exe
  2⤵
  PID:9520
- C:\Windows\System\FAHWolH.exe
  C:\Windows\System\FAHWolH.exe
  2⤵
  PID:9540
- C:\Windows\System\jwIwCjD.exe
  C:\Windows\System\jwIwCjD.exe
  2⤵
  PID:9564
- C:\Windows\System\vnExrtl.exe
  C:\Windows\System\vnExrtl.exe
  2⤵
  PID:9616
- C:\Windows\System\ewTSBuo.exe
  C:\Windows\System\ewTSBuo.exe
  2⤵
  PID:9656
- C:\Windows\System\EtztZni.exe
  C:\Windows\System\EtztZni.exe
  2⤵
  PID:9676
- C:\Windows\System\hAwkBrQ.exe
  C:\Windows\System\hAwkBrQ.exe
  2⤵
  PID:9704
- C:\Windows\System\TXvqfhX.exe
  C:\Windows\System\TXvqfhX.exe
  2⤵
  PID:9724
- C:\Windows\System\Ozxhtec.exe
  C:\Windows\System\Ozxhtec.exe
  2⤵
  PID:9760
- C:\Windows\System\XXsZFRv.exe
  C:\Windows\System\XXsZFRv.exe
  2⤵
  PID:9800
- C:\Windows\System\xkfQHYM.exe
  C:\Windows\System\xkfQHYM.exe
  2⤵
  PID:9816
- C:\Windows\System\qPHQmde.exe
  C:\Windows\System\qPHQmde.exe
  2⤵
  PID:9832
- C:\Windows\System\osXsAQN.exe
  C:\Windows\System\osXsAQN.exe
  2⤵
  PID:9860
- C:\Windows\System\fmrXJLH.exe
  C:\Windows\System\fmrXJLH.exe
  2⤵
  PID:9876
- C:\Windows\System\CkgXExu.exe
  C:\Windows\System\CkgXExu.exe
  2⤵
  PID:9908
- C:\Windows\System\JgzNbhD.exe
  C:\Windows\System\JgzNbhD.exe
  2⤵
  PID:9944
- C:\Windows\System\BxmDwPE.exe
  C:\Windows\System\BxmDwPE.exe
  2⤵
  PID:9996
- C:\Windows\System\yiqsdsv.exe
  C:\Windows\System\yiqsdsv.exe
  2⤵
  PID:10016
- C:\Windows\System\DLKOnRJ.exe
  C:\Windows\System\DLKOnRJ.exe
  2⤵
  PID:10052
- C:\Windows\System\XwEXtkr.exe
  C:\Windows\System\XwEXtkr.exe
  2⤵
  PID:10080
- C:\Windows\System\gbQIkcb.exe
  C:\Windows\System\gbQIkcb.exe
  2⤵
  PID:10108
- C:\Windows\System\NDdHSQK.exe
  C:\Windows\System\NDdHSQK.exe
  2⤵
  PID:10136
- C:\Windows\System\FJsXobE.exe
  C:\Windows\System\FJsXobE.exe
  2⤵
  PID:10168
- C:\Windows\System\mkctEMX.exe
  C:\Windows\System\mkctEMX.exe
  2⤵
  PID:10196
- C:\Windows\System\wAZIbqE.exe
  C:\Windows\System\wAZIbqE.exe
  2⤵
  PID:10220
- C:\Windows\System\tEEFetF.exe
  C:\Windows\System\tEEFetF.exe
  2⤵
  PID:8812
- C:\Windows\System\jLekXzz.exe
  C:\Windows\System\jLekXzz.exe
  2⤵
  PID:9268
- C:\Windows\System\JcDQKCB.exe
  C:\Windows\System\JcDQKCB.exe
  2⤵
  PID:9324
- C:\Windows\System\moqMYGA.exe
  C:\Windows\System\moqMYGA.exe
  2⤵
  PID:9424
- C:\Windows\System\seSlKlk.exe
  C:\Windows\System\seSlKlk.exe
  2⤵
  PID:9480
- C:\Windows\System\VkoWWxN.exe
  C:\Windows\System\VkoWWxN.exe
  2⤵
  PID:9536
- C:\Windows\System\pbYVejk.exe
  C:\Windows\System\pbYVejk.exe
  2⤵
  PID:9648
- C:\Windows\System\IroDjRg.exe
  C:\Windows\System\IroDjRg.exe
  2⤵
  PID:9652
- C:\Windows\System\gLDSpjF.exe
  C:\Windows\System\gLDSpjF.exe
  2⤵
  PID:9668
- C:\Windows\System\llqGKNF.exe
  C:\Windows\System\llqGKNF.exe
  2⤵
  PID:9744
- C:\Windows\System\uSypYhu.exe
  C:\Windows\System\uSypYhu.exe
  2⤵
  PID:9788
- C:\Windows\System\ZAkyJJL.exe
  C:\Windows\System\ZAkyJJL.exe
  2⤵
  PID:9852
- C:\Windows\System\wzhzXYQ.exe
  C:\Windows\System\wzhzXYQ.exe
  2⤵
  PID:9932
- C:\Windows\System\IxcdpHJ.exe
  C:\Windows\System\IxcdpHJ.exe
  2⤵
  PID:9940
- C:\Windows\System\KNBfBey.exe
  C:\Windows\System\KNBfBey.exe
  2⤵
  PID:10104
- C:\Windows\System\iBFcFGY.exe
  C:\Windows\System\iBFcFGY.exe
  2⤵
  PID:10192
- C:\Windows\System\oiDlidV.exe
  C:\Windows\System\oiDlidV.exe
  2⤵
  PID:10236
- C:\Windows\System\ZbtIfxv.exe
  C:\Windows\System\ZbtIfxv.exe
  2⤵
  PID:9376
- C:\Windows\System\wExTZit.exe
  C:\Windows\System\wExTZit.exe
  2⤵
  PID:9604
- C:\Windows\System\onzRtoE.exe
  C:\Windows\System\onzRtoE.exe
  2⤵
  PID:9696
- C:\Windows\System\hbURLDX.exe
  C:\Windows\System\hbURLDX.exe
  2⤵
  PID:9732
- C:\Windows\System\JVtekBy.exe
  C:\Windows\System\JVtekBy.exe
  2⤵
  PID:9844
- C:\Windows\System\vQnOEUZ.exe
  C:\Windows\System\vQnOEUZ.exe
  2⤵
  PID:10152
- C:\Windows\System\JCxsdOJ.exe
  C:\Windows\System\JCxsdOJ.exe
  2⤵
  PID:9380
- C:\Windows\System\TjTEKBt.exe
  C:\Windows\System\TjTEKBt.exe
  2⤵
  PID:9516
- C:\Windows\System\OGmOKhc.exe
  C:\Windows\System\OGmOKhc.exe
  2⤵
  PID:9848
- C:\Windows\System\INrHHvY.exe
  C:\Windows\System\INrHHvY.exe
  2⤵
  PID:10212
- C:\Windows\System\GseeLMR.exe
  C:\Windows\System\GseeLMR.exe
  2⤵
  PID:9780
- C:\Windows\System\eJtGDGj.exe
  C:\Windows\System\eJtGDGj.exe
  2⤵
  PID:10244
- C:\Windows\System\vpAlYEa.exe
  C:\Windows\System\vpAlYEa.exe
  2⤵
  PID:10268
- C:\Windows\System\QAwvirY.exe
  C:\Windows\System\QAwvirY.exe
  2⤵
  PID:10308
- C:\Windows\System\FgjtUMj.exe
  C:\Windows\System\FgjtUMj.exe
  2⤵
  PID:10336
- C:\Windows\System\EcaXhyC.exe
  C:\Windows\System\EcaXhyC.exe
  2⤵
  PID:10352
- C:\Windows\System\vJJRdPu.exe
  C:\Windows\System\vJJRdPu.exe
  2⤵
  PID:10384
- C:\Windows\System\xgKHDqH.exe
  C:\Windows\System\xgKHDqH.exe
  2⤵
  PID:10408
- C:\Windows\System\eMkHyDY.exe
  C:\Windows\System\eMkHyDY.exe
  2⤵
  PID:10436
- C:\Windows\System\ADdAQaq.exe
  C:\Windows\System\ADdAQaq.exe
  2⤵
  PID:10464
- C:\Windows\System\HjXVqnD.exe
  C:\Windows\System\HjXVqnD.exe
  2⤵
  PID:10500
- C:\Windows\System\ioLWnyY.exe
  C:\Windows\System\ioLWnyY.exe
  2⤵
  PID:10520
- C:\Windows\System\AYnzCZY.exe
  C:\Windows\System\AYnzCZY.exe
  2⤵
  PID:10536
- C:\Windows\System\hyiCYql.exe
  C:\Windows\System\hyiCYql.exe
  2⤵
  PID:10552
- C:\Windows\System\vTpdxhX.exe
  C:\Windows\System\vTpdxhX.exe
  2⤵
  PID:10580
- C:\Windows\System\faUfoTF.exe
  C:\Windows\System\faUfoTF.exe
  2⤵
  PID:10616
- C:\Windows\System\IeijzhQ.exe
  C:\Windows\System\IeijzhQ.exe
  2⤵
  PID:10652
- C:\Windows\System\aWAuAmx.exe
  C:\Windows\System\aWAuAmx.exe
  2⤵
  PID:10668
- C:\Windows\System\OdGFupk.exe
  C:\Windows\System\OdGFupk.exe
  2⤵
  PID:10696
- C:\Windows\System\SBBboEq.exe
  C:\Windows\System\SBBboEq.exe
  2⤵
  PID:10740
- C:\Windows\System\HjmuXWK.exe
  C:\Windows\System\HjmuXWK.exe
  2⤵
  PID:10776
- C:\Windows\System\XEHYmaU.exe
  C:\Windows\System\XEHYmaU.exe
  2⤵
  PID:10792
- C:\Windows\System\SMuAgwf.exe
  C:\Windows\System\SMuAgwf.exe
  2⤵
  PID:10840
- C:\Windows\System\PHdoeVj.exe
  C:\Windows\System\PHdoeVj.exe
  2⤵
  PID:10872
- C:\Windows\System\DzGhAMc.exe
  C:\Windows\System\DzGhAMc.exe
  2⤵
  PID:10900
- C:\Windows\System\PAlvEnJ.exe
  C:\Windows\System\PAlvEnJ.exe
  2⤵
  PID:10928
- C:\Windows\System\fvOSrTx.exe
  C:\Windows\System\fvOSrTx.exe
  2⤵
  PID:10956
- C:\Windows\System\EDmtxFH.exe
  C:\Windows\System\EDmtxFH.exe
  2⤵
  PID:10984
- C:\Windows\System\vyrPIRI.exe
  C:\Windows\System\vyrPIRI.exe
  2⤵
  PID:11012
- C:\Windows\System\wjACuwi.exe
  C:\Windows\System\wjACuwi.exe
  2⤵
  PID:11028
- C:\Windows\System\FzZcqJm.exe
  C:\Windows\System\FzZcqJm.exe
  2⤵
  PID:11056
- C:\Windows\System\DJIexti.exe
  C:\Windows\System\DJIexti.exe
  2⤵
  PID:11096
- C:\Windows\System\FRmEbYA.exe
  C:\Windows\System\FRmEbYA.exe
  2⤵
  PID:11124
- C:\Windows\System\mHPYYYH.exe
  C:\Windows\System\mHPYYYH.exe
  2⤵
  PID:11148
- C:\Windows\System\FjBYvsv.exe
  C:\Windows\System\FjBYvsv.exe
  2⤵
  PID:11172
- C:\Windows\System\YcLPRya.exe
  C:\Windows\System\YcLPRya.exe
  2⤵
  PID:11196
- C:\Windows\System\keerSZL.exe
  C:\Windows\System\keerSZL.exe
  2⤵
  PID:11232
- C:\Windows\System\CMQSnRp.exe
  C:\Windows\System\CMQSnRp.exe
  2⤵
  PID:11260
- C:\Windows\System\LitqNmT.exe
  C:\Windows\System\LitqNmT.exe
  2⤵
  PID:3020
- C:\Windows\System\QoXmOvS.exe
  C:\Windows\System\QoXmOvS.exe
  2⤵
  PID:10348
- C:\Windows\System\GSrQjyb.exe
  C:\Windows\System\GSrQjyb.exe
  2⤵
  PID:10380
- C:\Windows\System\LnrkyVc.exe
  C:\Windows\System\LnrkyVc.exe
  2⤵
  PID:10456
- C:\Windows\System\yhffoNB.exe
  C:\Windows\System\yhffoNB.exe
  2⤵
  PID:10528
- C:\Windows\System\QFnySyi.exe
  C:\Windows\System\QFnySyi.exe
  2⤵
  PID:10548
- C:\Windows\System\YinoEuQ.exe
  C:\Windows\System\YinoEuQ.exe
  2⤵
  PID:10608
- C:\Windows\System\lJEZYBZ.exe
  C:\Windows\System\lJEZYBZ.exe
  2⤵
  PID:10772
- C:\Windows\System\vapnAxR.exe
  C:\Windows\System\vapnAxR.exe
  2⤵
  PID:2156
- C:\Windows\System\oDdVpLT.exe
  C:\Windows\System\oDdVpLT.exe
  2⤵
  PID:10836
- C:\Windows\System\XYzwjHA.exe
  C:\Windows\System\XYzwjHA.exe
  2⤵
  PID:10892
- C:\Windows\System\QqhVqlu.exe
  C:\Windows\System\QqhVqlu.exe
  2⤵
  PID:10924
- C:\Windows\System\KmvRcEU.exe
  C:\Windows\System\KmvRcEU.exe
  2⤵
  PID:11004
- C:\Windows\System\UlmYBMI.exe
  C:\Windows\System\UlmYBMI.exe
  2⤵
  PID:11040
- C:\Windows\System\LhYvQev.exe
  C:\Windows\System\LhYvQev.exe
  2⤵
  PID:11132
- C:\Windows\System\nauqniP.exe
  C:\Windows\System\nauqniP.exe
  2⤵
  PID:11180
- C:\Windows\System\dbtillv.exe
  C:\Windows\System\dbtillv.exe
  2⤵
  PID:11240
- C:\Windows\System\fZJmvgR.exe
  C:\Windows\System\fZJmvgR.exe
  2⤵
  PID:10428
- C:\Windows\System\QTLmfat.exe
  C:\Windows\System\QTLmfat.exe
  2⤵
  PID:10420
- C:\Windows\System\Mdqkvoj.exe
  C:\Windows\System\Mdqkvoj.exe
  2⤵
  PID:10568
- C:\Windows\System\NTzmrKL.exe
  C:\Windows\System\NTzmrKL.exe
  2⤵
  PID:10732
- C:\Windows\System\HfrwTdy.exe
  C:\Windows\System\HfrwTdy.exe
  2⤵
  PID:10916
- C:\Windows\System\FtsloHs.exe
  C:\Windows\System\FtsloHs.exe
  2⤵
  PID:11072
- C:\Windows\System\mBRuAPu.exe
  C:\Windows\System\mBRuAPu.exe
  2⤵
  PID:11216
- C:\Windows\System\egkcckd.exe
  C:\Windows\System\egkcckd.exe
  2⤵
  PID:10324
- C:\Windows\System\DAfsXoY.exe
  C:\Windows\System\DAfsXoY.exe
  2⤵
  PID:10824
- C:\Windows\System\aNYwncn.exe
  C:\Windows\System\aNYwncn.exe
  2⤵
  PID:2904
- C:\Windows\System\KIlfUMJ.exe
  C:\Windows\System\KIlfUMJ.exe
  2⤵
  PID:10320
- C:\Windows\System\wMDCxHf.exe
  C:\Windows\System\wMDCxHf.exe
  2⤵
  PID:10516
- C:\Windows\System\kKuieDr.exe
  C:\Windows\System\kKuieDr.exe
  2⤵
  PID:11272
- C:\Windows\System\BCQqxgL.exe
  C:\Windows\System\BCQqxgL.exe
  2⤵
  PID:11300
- C:\Windows\System\ESGuaFH.exe
  C:\Windows\System\ESGuaFH.exe
  2⤵
  PID:11340
- C:\Windows\System\DEBaIaQ.exe
  C:\Windows\System\DEBaIaQ.exe
  2⤵
  PID:11360
- C:\Windows\System\FFHhWIT.exe
  C:\Windows\System\FFHhWIT.exe
  2⤵
  PID:11388
- C:\Windows\System\bvGDThO.exe
  C:\Windows\System\bvGDThO.exe
  2⤵
  PID:11416
- C:\Windows\System\fgjMySg.exe
  C:\Windows\System\fgjMySg.exe
  2⤵
  PID:11444
- C:\Windows\System\rzpotLn.exe
  C:\Windows\System\rzpotLn.exe
  2⤵
  PID:11468
- C:\Windows\System\RJmOHSn.exe
  C:\Windows\System\RJmOHSn.exe
  2⤵
  PID:11512
- C:\Windows\System\SVARWko.exe
  C:\Windows\System\SVARWko.exe
  2⤵
  PID:11540
- C:\Windows\System\fJdopqU.exe
  C:\Windows\System\fJdopqU.exe
  2⤵
  PID:11556
- C:\Windows\System\btamPYb.exe
  C:\Windows\System\btamPYb.exe
  2⤵
  PID:11584
- C:\Windows\System\xeLwRVm.exe
  C:\Windows\System\xeLwRVm.exe
  2⤵
  PID:11612
- C:\Windows\System\yxsOyMS.exe
  C:\Windows\System\yxsOyMS.exe
  2⤵
  PID:11640
- C:\Windows\System\bfncKuX.exe
  C:\Windows\System\bfncKuX.exe
  2⤵
  PID:11680
- C:\Windows\System\lkrxosp.exe
  C:\Windows\System\lkrxosp.exe
  2⤵
  PID:11696
- C:\Windows\System\uyUFDFL.exe
  C:\Windows\System\uyUFDFL.exe
  2⤵
  PID:11720
- C:\Windows\System\sGhnfvS.exe
  C:\Windows\System\sGhnfvS.exe
  2⤵
  PID:11752
- C:\Windows\System\BnGOIGL.exe
  C:\Windows\System\BnGOIGL.exe
  2⤵
  PID:11784
- C:\Windows\System\XgTULlk.exe
  C:\Windows\System\XgTULlk.exe
  2⤵
  PID:11808
- C:\Windows\System\bqyWzWi.exe
  C:\Windows\System\bqyWzWi.exe
  2⤵
  PID:11848
- C:\Windows\System\noIePNA.exe
  C:\Windows\System\noIePNA.exe
  2⤵
  PID:11876
- C:\Windows\System\KeQIdhT.exe
  C:\Windows\System\KeQIdhT.exe
  2⤵
  PID:11904
- C:\Windows\System\fgkwusv.exe
  C:\Windows\System\fgkwusv.exe
  2⤵
  PID:11932
- C:\Windows\System\kxrRJze.exe
  C:\Windows\System\kxrRJze.exe
  2⤵
  PID:11948
- C:\Windows\System\BbVYCUm.exe
  C:\Windows\System\BbVYCUm.exe
  2⤵
  PID:11976
- C:\Windows\System\spgrylJ.exe
  C:\Windows\System\spgrylJ.exe
  2⤵
  PID:12004
- C:\Windows\System\LQRCQWe.exe
  C:\Windows\System\LQRCQWe.exe
  2⤵
  PID:12032
- C:\Windows\System\RPoVJmu.exe
  C:\Windows\System\RPoVJmu.exe
  2⤵
  PID:12104
- C:\Windows\System\FtHfvgW.exe
  C:\Windows\System\FtHfvgW.exe
  2⤵
  PID:12120
- C:\Windows\System\cvqplwo.exe
  C:\Windows\System\cvqplwo.exe
  2⤵
  PID:12136
- C:\Windows\System\DbqFysq.exe
  C:\Windows\System\DbqFysq.exe
  2⤵
  PID:12152
- C:\Windows\System\yDkShRd.exe
  C:\Windows\System\yDkShRd.exe
  2⤵
  PID:12168
- C:\Windows\System\MMNmsad.exe
  C:\Windows\System\MMNmsad.exe
  2⤵
  PID:12192
- C:\Windows\System\xevWzcz.exe
  C:\Windows\System\xevWzcz.exe
  2⤵
  PID:12220
- C:\Windows\System\XphdGvz.exe
  C:\Windows\System\XphdGvz.exe
  2⤵
  PID:12260
- C:\Windows\System\NOCHibV.exe
  C:\Windows\System\NOCHibV.exe
  2⤵
  PID:12280
- C:\Windows\System\wbnfquT.exe
  C:\Windows\System\wbnfquT.exe
  2⤵
  PID:11332
- C:\Windows\System\WrxGFuw.exe
  C:\Windows\System\WrxGFuw.exe
  2⤵
  PID:11400
- C:\Windows\System\KlSjOJx.exe
  C:\Windows\System\KlSjOJx.exe
  2⤵
  PID:11464
- C:\Windows\System\ueaYLPG.exe
  C:\Windows\System\ueaYLPG.exe
  2⤵
  PID:11548
- C:\Windows\System\IBjebnU.exe
  C:\Windows\System\IBjebnU.exe
  2⤵
  PID:11632
- C:\Windows\System\YRUbKTr.exe
  C:\Windows\System\YRUbKTr.exe
  2⤵
  PID:632
- C:\Windows\System\lydxcbo.exe
  C:\Windows\System\lydxcbo.exe
  2⤵
  PID:11716
- C:\Windows\System\tGEnLpQ.exe
  C:\Windows\System\tGEnLpQ.exe
  2⤵
  PID:11792
- C:\Windows\System\nndkqei.exe
  C:\Windows\System\nndkqei.exe
  2⤵
  PID:11860
- C:\Windows\System\kMyjmFP.exe
  C:\Windows\System\kMyjmFP.exe
  2⤵
  PID:11896
- C:\Windows\System\quOdAks.exe
  C:\Windows\System\quOdAks.exe
  2⤵
  PID:11972
- C:\Windows\System\OBLSfPW.exe
  C:\Windows\System\OBLSfPW.exe
  2⤵
  PID:12076
- C:\Windows\System\AgPXBlM.exe
  C:\Windows\System\AgPXBlM.exe
  2⤵
  PID:12164
- C:\Windows\System\MUQZNme.exe
  C:\Windows\System\MUQZNme.exe
  2⤵
  PID:12232
- C:\Windows\System\eXPERXC.exe
  C:\Windows\System\eXPERXC.exe
  2⤵
  PID:11316
- C:\Windows\System\Ecgwhmm.exe
  C:\Windows\System\Ecgwhmm.exe
  2⤵
  PID:11428
- C:\Windows\System\xpXZAEI.exe
  C:\Windows\System\xpXZAEI.exe
  2⤵
  PID:11596
- C:\Windows\System\FGiLhbS.exe
  C:\Windows\System\FGiLhbS.exe
  2⤵
  PID:11708
- C:\Windows\System\fzgJKDd.exe
  C:\Windows\System\fzgJKDd.exe
  2⤵
  PID:11988
- C:\Windows\System\rxgKUHC.exe
  C:\Windows\System\rxgKUHC.exe
  2⤵
  PID:12132
- C:\Windows\System\ZcdSGBy.exe
  C:\Windows\System\ZcdSGBy.exe
  2⤵
  PID:10868
- C:\Windows\System\GITOzxk.exe
  C:\Windows\System\GITOzxk.exe
  2⤵
  PID:11772
- C:\Windows\System\WSezREt.exe
  C:\Windows\System\WSezREt.exe
  2⤵
  PID:12020
- C:\Windows\System\ZWvIjFt.exe
  C:\Windows\System\ZWvIjFt.exe
  2⤵
  PID:11992
- C:\Windows\System\VEdgPLC.exe
  C:\Windows\System\VEdgPLC.exe
  2⤵
  PID:11840
- C:\Windows\System\uGytXQl.exe
  C:\Windows\System\uGytXQl.exe
  2⤵
  PID:12316
- C:\Windows\System\vNNVmRR.exe
  C:\Windows\System\vNNVmRR.exe
  2⤵
  PID:12340
- C:\Windows\System\oXiVhRZ.exe
  C:\Windows\System\oXiVhRZ.exe
  2⤵
  PID:12376
- C:\Windows\System\JojksGz.exe
  C:\Windows\System\JojksGz.exe
  2⤵
  PID:12404
- C:\Windows\System\hWZfnsR.exe
  C:\Windows\System\hWZfnsR.exe
  2⤵
  PID:12432
- C:\Windows\System\ryJrabc.exe
  C:\Windows\System\ryJrabc.exe
  2⤵
  PID:12460
- C:\Windows\System\UDjlcOV.exe
  C:\Windows\System\UDjlcOV.exe
  2⤵
  PID:12488
- C:\Windows\System\uoIZlXh.exe
  C:\Windows\System\uoIZlXh.exe
  2⤵
  PID:12504
- C:\Windows\System\qIpapUl.exe
  C:\Windows\System\qIpapUl.exe
  2⤵
  PID:12544
- C:\Windows\System\eebwfXg.exe
  C:\Windows\System\eebwfXg.exe
  2⤵
  PID:12560
- C:\Windows\System\IabKeoB.exe
  C:\Windows\System\IabKeoB.exe
  2⤵
  PID:12600
- C:\Windows\System\IaPHIAX.exe
  C:\Windows\System\IaPHIAX.exe
  2⤵
  PID:12616
- C:\Windows\System\gZupBVo.exe
  C:\Windows\System\gZupBVo.exe
  2⤵
  PID:12648
- C:\Windows\System\kzZkekZ.exe
  C:\Windows\System\kzZkekZ.exe
  2⤵
  PID:12672
- C:\Windows\System\NoRLaLh.exe
  C:\Windows\System\NoRLaLh.exe
  2⤵
  PID:12712
- C:\Windows\System\JOeUxSk.exe
  C:\Windows\System\JOeUxSk.exe
  2⤵
  PID:12728
- C:\Windows\System\RGKriws.exe
  C:\Windows\System\RGKriws.exe
  2⤵
  PID:12764
- C:\Windows\System\ZUbkNev.exe
  C:\Windows\System\ZUbkNev.exe
  2⤵
  PID:12800
- C:\Windows\System\eQXfMbo.exe
  C:\Windows\System\eQXfMbo.exe
  2⤵
  PID:12828
- C:\Windows\System\JtmRuey.exe
  C:\Windows\System\JtmRuey.exe
  2⤵
  PID:12852
- C:\Windows\System\ZEfGmGu.exe
  C:\Windows\System\ZEfGmGu.exe
  2⤵
  PID:12872
- C:\Windows\System\QzFeIPR.exe
  C:\Windows\System\QzFeIPR.exe
  2⤵
  PID:12900
- C:\Windows\System\JBGXrKq.exe
  C:\Windows\System\JBGXrKq.exe
  2⤵
  PID:12920
- C:\Windows\System\mqBxrAR.exe
  C:\Windows\System\mqBxrAR.exe
  2⤵
  PID:12948
- C:\Windows\System\DbspwVT.exe
  C:\Windows\System\DbspwVT.exe
  2⤵
  PID:12972
- C:\Windows\System\obhktNN.exe
  C:\Windows\System\obhktNN.exe
  2⤵
  PID:13000
- C:\Windows\System\IvcFbSw.exe
  C:\Windows\System\IvcFbSw.exe
  2⤵
  PID:13028
- C:\Windows\System\fLghPBM.exe
  C:\Windows\System\fLghPBM.exe
  2⤵
  PID:13064
- C:\Windows\System\pBTvnYi.exe
  C:\Windows\System\pBTvnYi.exe
  2⤵
  PID:13100
- C:\Windows\System\RTbpwBF.exe
  C:\Windows\System\RTbpwBF.exe
  2⤵
  PID:13136
- C:\Windows\System\Wkjqpfs.exe
  C:\Windows\System\Wkjqpfs.exe
  2⤵
  PID:13152
- C:\Windows\System\WaEEHTO.exe
  C:\Windows\System\WaEEHTO.exe
  2⤵
  PID:13180
- C:\Windows\System\iLajPPs.exe
  C:\Windows\System\iLajPPs.exe
  2⤵
  PID:13196
- C:\Windows\System\DNuMaMn.exe
  C:\Windows\System\DNuMaMn.exe
  2⤵
  PID:13244
- C:\Windows\System\gKyZuhm.exe
  C:\Windows\System\gKyZuhm.exe
  2⤵
  PID:13264
- C:\Windows\System\MysiAgu.exe
  C:\Windows\System\MysiAgu.exe
  2⤵
  PID:13304
- C:\Windows\System\iFCUsfq.exe
  C:\Windows\System\iFCUsfq.exe
  2⤵
  PID:12304
- C:\Windows\System\fAyApdF.exe
  C:\Windows\System\fAyApdF.exe
  2⤵
  PID:12332
- C:\Windows\System\VpATXXF.exe
  C:\Windows\System\VpATXXF.exe
  2⤵
  PID:12452
- C:\Windows\System\sUOxiqB.exe
  C:\Windows\System\sUOxiqB.exe
  2⤵
  PID:12484
- C:\Windows\System\hHoGeZK.exe
  C:\Windows\System\hHoGeZK.exe
  2⤵
  PID:12552
- C:\Windows\System\gaTBIZe.exe
  C:\Windows\System\gaTBIZe.exe
  2⤵
  PID:12608
- C:\Windows\System\dPLDXyC.exe
  C:\Windows\System\dPLDXyC.exe
  2⤵
  PID:12692
- C:\Windows\System\UMFAIPO.exe
  C:\Windows\System\UMFAIPO.exe
  2⤵
  PID:12748
- C:\Windows\System\iaHPdhm.exe
  C:\Windows\System\iaHPdhm.exe
  2⤵
  PID:12820
- C:\Windows\System\LFHbnDO.exe
  C:\Windows\System\LFHbnDO.exe
  2⤵
  PID:12884
- C:\Windows\System\obFgcDj.exe
  C:\Windows\System\obFgcDj.exe
  2⤵
  PID:12988
- C:\Windows\System\amWYFYQ.exe
  C:\Windows\System\amWYFYQ.exe
  2⤵
  PID:13080
- C:\Windows\System\AGYGFag.exe
  C:\Windows\System\AGYGFag.exe
  2⤵
  PID:13124
- C:\Windows\System\MjXKLUB.exe
  C:\Windows\System\MjXKLUB.exe
  2⤵
  PID:13172
- C:\Windows\System\EIFkMMS.exe
  C:\Windows\System\EIFkMMS.exe
  2⤵
  PID:13252
- C:\Windows\System\qOgLVsl.exe
  C:\Windows\System\qOgLVsl.exe
  2⤵
  PID:12292
- C:\Windows\System\YHJfLmC.exe
  C:\Windows\System\YHJfLmC.exe
  2⤵
  PID:12420
- C:\Windows\System\PWNgQCF.exe
  C:\Windows\System\PWNgQCF.exe
  2⤵
  PID:468
- C:\Windows\System\HhFEUkM.exe
  C:\Windows\System\HhFEUkM.exe
  2⤵
  PID:12536
- C:\Windows\System\pwmgKeo.exe
  C:\Windows\System\pwmgKeo.exe
  2⤵
  PID:12656
- C:\Windows\System\VrSuCPg.exe
  C:\Windows\System\VrSuCPg.exe
  2⤵
  PID:12704
- C:\Windows\System\gAtbOYD.exe
  C:\Windows\System\gAtbOYD.exe
  2⤵
  PID:12908
- C:\Windows\System\rnqtDDy.exe
  C:\Windows\System\rnqtDDy.exe
  2⤵
  PID:13236
- C:\Windows\System\lqWnpdz.exe
  C:\Windows\System\lqWnpdz.exe
  2⤵
  PID:12472
- C:\Windows\System\hNEpaSf.exe
  C:\Windows\System\hNEpaSf.exe
  2⤵
  PID:12588
- C:\Windows\System\vQuCgmg.exe
  C:\Windows\System\vQuCgmg.exe
  2⤵
  PID:13280
- C:\Windows\System\slRvXtP.exe
  C:\Windows\System\slRvXtP.exe
  2⤵
  PID:13340
- C:\Windows\System\KMFPTim.exe
  C:\Windows\System\KMFPTim.exe
  2⤵
  PID:13384
- C:\Windows\System\VEJfYNg.exe
  C:\Windows\System\VEJfYNg.exe
  2⤵
  PID:13400
- C:\Windows\System\oTjgYew.exe
  C:\Windows\System\oTjgYew.exe
  2⤵
  PID:13416
- C:\Windows\System\AIKseJi.exe
  C:\Windows\System\AIKseJi.exe
  2⤵
  PID:13444
- C:\Windows\System\OOneZFW.exe
  C:\Windows\System\OOneZFW.exe
  2⤵
  PID:13476
- C:\Windows\System\FIbGwDB.exe
  C:\Windows\System\FIbGwDB.exe
  2⤵
  PID:13528
- C:\Windows\System\zFbwGSw.exe
  C:\Windows\System\zFbwGSw.exe
  2⤵
  PID:13544
- C:\Windows\System\svncTEb.exe
  C:\Windows\System\svncTEb.exe
  2⤵
  PID:13560
- C:\Windows\System\vPweWYc.exe
  C:\Windows\System\vPweWYc.exe
  2⤵
  PID:13596
- C:\Windows\System\uAxIPUR.exe
  C:\Windows\System\uAxIPUR.exe
  2⤵
  PID:13628
- C:\Windows\System\PFgcFrW.exe
  C:\Windows\System\PFgcFrW.exe
  2⤵
  PID:13680
- C:\Windows\System\jHcjDsu.exe
  C:\Windows\System\jHcjDsu.exe
  2⤵
  PID:13728
- C:\Windows\System\uCPygGB.exe
  C:\Windows\System\uCPygGB.exe
  2⤵
  PID:13752
- C:\Windows\System\OgrxGxx.exe
  C:\Windows\System\OgrxGxx.exe
  2⤵
  PID:13808
- C:\Windows\System\YJtezOP.exe
  C:\Windows\System\YJtezOP.exe
  2⤵
  PID:13824
- C:\Windows\System\XHuBwwQ.exe
  C:\Windows\System\XHuBwwQ.exe
  2⤵
  PID:13860
- C:\Windows\System\CcKUkHf.exe
  C:\Windows\System\CcKUkHf.exe
  2⤵
  PID:13884
- C:\Windows\System\XCTuIQQ.exe
  C:\Windows\System\XCTuIQQ.exe
  2⤵
  PID:13920
- C:\Windows\System\kiWQboH.exe
  C:\Windows\System\kiWQboH.exe
  2⤵
  PID:13948
- C:\Windows\System\fskCXnA.exe
  C:\Windows\System\fskCXnA.exe
  2⤵
  PID:13976
- C:\Windows\System\WXLQmPU.exe
  C:\Windows\System\WXLQmPU.exe
  2⤵
  PID:14016
- C:\Windows\System\IOwCMev.exe
  C:\Windows\System\IOwCMev.exe
  2⤵
  PID:14032
- C:\Windows\System\VDAvYTN.exe
  C:\Windows\System\VDAvYTN.exe
  2⤵
  PID:14064
- C:\Windows\System\FbFzAxy.exe
  C:\Windows\System\FbFzAxy.exe
  2⤵
  PID:14108
- C:\Windows\System\XSlmqcv.exe
  C:\Windows\System\XSlmqcv.exe
  2⤵
  PID:14136
- C:\Windows\System\XHNnOiL.exe
  C:\Windows\System\XHNnOiL.exe
  2⤵
  PID:14152
- C:\Windows\System\nnZLMRA.exe
  C:\Windows\System\nnZLMRA.exe
  2⤵
  PID:14180
- C:\Windows\System\YwrucrN.exe
  C:\Windows\System\YwrucrN.exe
  2⤵
  PID:14220
- C:\Windows\System\xzQbhgI.exe
  C:\Windows\System\xzQbhgI.exe
  2⤵
  PID:14236
- C:\Windows\System\BPNhjLr.exe
  C:\Windows\System\BPNhjLr.exe
  2⤵
  PID:14256
- C:\Windows\System\HbhdGWE.exe
  C:\Windows\System\HbhdGWE.exe
  2⤵
  PID:14280
- C:\Windows\System\gxhmpDf.exe
  C:\Windows\System\gxhmpDf.exe
  2⤵
  PID:14296
- C:\Windows\System\iVPZHdj.exe
  C:\Windows\System\iVPZHdj.exe
  2⤵
  PID:14320
- C:\Windows\System\IjvFjvG.exe
  C:\Windows\System\IjvFjvG.exe
  2⤵
  PID:13392
- C:\Windows\System\mkBBlAs.exe
  C:\Windows\System\mkBBlAs.exe
  2⤵
  PID:13436
- C:\Windows\System\bhShukr.exe
  C:\Windows\System\bhShukr.exe
  2⤵
  PID:13572
- C:\Windows\System\drxriNy.exe
  C:\Windows\System\drxriNy.exe
  2⤵
  PID:13576
- C:\Windows\System\dxDVlhe.exe
  C:\Windows\System\dxDVlhe.exe
  2⤵
  PID:13720
- C:\Windows\System\PSYcyYD.exe
  C:\Windows\System\PSYcyYD.exe
  2⤵
  PID:13836
- C:\Windows\System\KutpcWW.exe
  C:\Windows\System\KutpcWW.exe
  2⤵
  PID:13896
- C:\Windows\System\bMsJqyj.exe
  C:\Windows\System\bMsJqyj.exe
  2⤵
  PID:13960
- C:\Windows\System\YbNeBWo.exe
  C:\Windows\System\YbNeBWo.exe
  2⤵
  PID:14004
- C:\Windows\System\oMAlScN.exe
  C:\Windows\System\oMAlScN.exe
  2⤵
  PID:14072
- C:\Windows\System\UrhGZOJ.exe
  C:\Windows\System\UrhGZOJ.exe
  2⤵
  PID:14204
- C:\Windows\System\MOTYvwn.exe
  C:\Windows\System\MOTYvwn.exe
  2⤵
  PID:14248
- C:\Windows\System\teJaEaC.exe
  C:\Windows\System\teJaEaC.exe
  2⤵
  PID:4516
- C:\Windows\System\iJZZPIr.exe
  C:\Windows\System\iJZZPIr.exe
  2⤵
  PID:13456

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AgMvmVZ.exe

Filesize
2.1MB

MD5
d25d7b3a1bb6a221e3dda28dece1a396

SHA1
a8ef81bcbe4f0b2aeaf59b351f0c5fa7faee7275

SHA256
2ddc4098bbfaec9bdd30fe280460def4156c0bf3da31d5bb967f31d4e596b1f5

SHA512
81ee77827b01c80ad1e7630bb5a2e4f240ec58d966ad3222374883d49fee40e2ce0e27c9550f9e9ffe112599def5a8e4c6d58f7e492d9a5640f5c97a01c59539

Download Submit
C:\Windows\System\EnidEiS.exe

Filesize
2.1MB

MD5
1cf150da8cde10202f32e4bdb7da1e54

SHA1
25a59811aa312ed6f99cb3e389f3f172e9aeb334

SHA256
d4ff3b5b1f5c6b54f6f8f65616c4dc09a316d3cfe517641f1796d94bfb867456

SHA512
e9f2438cea3c0a09bbb92c4a34c43061574472be739dbd24fdc7cf81cbaec2fec168a2f67aecb6760dbe3ffbb1d222520e6fefbd23b2cfc860c9acbd7bc72cec

Download Submit
C:\Windows\System\GrbNybK.exe

Filesize
2.0MB

MD5
a1df8fc6f087464dd807d8b22f0c70eb

SHA1
2fcf91016d17ab770c72112a01fb4bdf12012f52

SHA256
49bdf88d6d476cac5be28b56a2657694bb8243b99b4fa292661494edbc820494

SHA512
ea6c9584133dc04abc801d744d651bf7732a4accb8a94d278813b4def6d8918f82f85fcdcfebf34e480494eb32f5e9ca6065f8bccbac65e6c2db77c50b11c181

Download Submit
C:\Windows\System\JaviFBz.exe

Filesize
2.1MB

MD5
2c746db202c430d7ce62e7b8d9e1ccce

SHA1
34af03c9674c62028fa1f6174370f0db5b13a311

SHA256
d7c494fdcf3f5922cf89953a994fdd384daa27d4f9884d242ddd309f23a1b0e3

SHA512
f5a34c8e523932e6989e077dfdb650175d237389506cdaab074e20f62620dc86d6cbf42e494716ca0b6d0e0189e138410c6e9ee04641449c61f6de666c921988

Download Submit
C:\Windows\System\KRavJcV.exe

Filesize
2.1MB

MD5
3cc20032ee7f39e5ab32e92e765eb585

SHA1
aa334647f6cb5383e6da119ce996538a92d1d7e8

SHA256
fb9bf8023a8a5383bd2b30ed336fd18a41e68014b2e2fd25f27b74c1a3792adc

SHA512
4ac79de2420921d07549012cb470838120b30fa096c06a30802933a4dbd518d81e7ca5c815bd5a0ef81edd9c65056ab0543c4150b58c8d14333d672bb2a15241

Download Submit
C:\Windows\System\LgsTdLI.exe

Filesize
2.0MB

MD5
d13593118d493547b11d565057f1f1a2

SHA1
7c518b9582a8662e390a265b20a3023333e7e568

SHA256
711da6082bd60f3f43b42ececf2e4b3c063515d982d5d5b96f76ca430081ec9f

SHA512
e8364be386d580f8bbacf4b9ce2780de82d438891244323d556d60509d6f54a27b157f3db651a90a0ee6449cd5a05a3afa91dbf0b304fe39efee28f594bfcbff

Download Submit
C:\Windows\System\MNXyTaP.exe

Filesize
2.1MB

MD5
eea8c25bba2228b4f9521cca352b19bd

SHA1
df0e8e5918cbe4b7b7c1555ce62e597e807fdb17

SHA256
de8504af60a9e0a91ac0742d2d176b38ccfd422739c4ba3d756db6a9ad4f1fe5

SHA512
b8ce28d8ef270c5d4b447c9d079d17c12c439e5dce49aaccf04e2d32a97059ded06a5f8896737af0f44f58d432ccd9aff785028d3f77a85b79ca374ac22eace5

Download Submit
C:\Windows\System\MxaSAWj.exe

Filesize
2.1MB

MD5
45a2635a67250157916dc0767c5e4093

SHA1
5df4569b0a95f851812c4bebb418ec7d88f2a0ee

SHA256
038cf18eabc17ad59e7cc281e35f2b758b0c48578ac546814fc1b38f467a9b33

SHA512
7addae4ab3b27078f04e8b0e42bcbdb81dd92b824398c009bcf8262c5e2dd0d1d6e714a91af97c0075f77d606ce0ea54a84fe5f7c19206cd6fd70ff4cf64386f

Download Submit
C:\Windows\System\OvBpQds.exe

Filesize
2.1MB

MD5
a82dd7e7b6cf3682a31c28f55822e788

SHA1
6dc61cd0ffaba2464dd5b4f99ee043c20f192e10

SHA256
bbb70c81f0e29d0f2cb077b421f8412f4bc1b5fa7a445e1340200dfa1c7683fd

SHA512
42e5dae30537fe8eb4d5cd0ed9f7dcdf42d21c9b6f4226a7ed7daf7a5a55d09df4df7e4a3ca378cc288bfd14a594d688aef3b1437e9911dbfa41fb10f6f5d075

Download Submit
C:\Windows\System\OwQfCRN.exe

Filesize
2.1MB

MD5
d2414b0c9823a6ce144c43884abd7a2e

SHA1
3c5d243808979b1e87ff3450e28fd6a0ad730ec5

SHA256
b623631931e2262912c9331a4563b730117d78d573fc1f4796f6101b88d1d220

SHA512
eae9f7a2cdf05dc7510b475f85168108e9be0d57dcea3ed317c0a03e8927ec1aaa38d27d7cf22263e4d2bc240ee293efbbb2510f1e9b4da0ad6317127a0fd778

Download Submit
C:\Windows\System\PTOLSuc.exe

Filesize
2.1MB

MD5
74fd151b70b0e081f703bf0768e57c88

SHA1
8783a7773ce6fdb5312b23da22a5785db371bde7

SHA256
89ebe3d386a0d0d3ce5a36510391fcd55d7e43ed31abbce51aef38c8f40e1971

SHA512
6efd8f4b9f9fa136b0789da6ac8a6b3e5a374b80e1f0f937861e511faa7d5732837ade8443553a8314b5aceaf9a19ff7d0adb87fd73b6f2d4458b96959439d3f

Download Submit
C:\Windows\System\PYshoRr.exe

Filesize
2.0MB

MD5
06fe1adafedcc3dcc6e2cae9ee77b246

SHA1
293b0663f925cecc18df1cec01453b2a4f3ff349

SHA256
5b33817e91bae739fbc150867e791aac477d55f731f2c4dd7060630c0b6b5b79

SHA512
5147c368fe30b0f4796c97cccf35c003f403d998fda44df06211b07b8dfa96df860e84c9446a40766d2b96e266e37a3a64441e07d3323f71d98904f5433f7978

Download Submit
C:\Windows\System\TCAVObF.exe

Filesize
2.0MB

MD5
d20f445064ba70c4b3742da034d67a94

SHA1
012bfe3043516a550038e9336db10476ffb8ff2f

SHA256
4db15b8715d749d2f85052e9ddbafe20bcb3685b83d9e87a46d4f86817792bc0

SHA512
4238e1089dcbee84d280d498c3532495205c0c282403dc1f39c9eed2f7c17e829abcb4ad415bb29ca9691aa3c0952f7bb9a29287774a2f0161b50c28e8ff9ed5

Download Submit
C:\Windows\System\UGnCTZu.exe

Filesize
2.1MB

MD5
d5b5d847ade1930636414fe148e8ab12

SHA1
aa31d86d0530438d84994a8b398fca05fe8a2fa6

SHA256
108f49727725b391773370052b14ca002a8347e8074950aeb8fbb12288851fee

SHA512
a618885a62d6554ef786afd09162f0233c49527ed3c1f3ed5ef21dd16f2967a58738c224daca5bebab01258d75c3c4e9f8e0c3787111166b79429a5cd9f72dc5

Download Submit
C:\Windows\System\UXptaUb.exe

Filesize
2.1MB

MD5
0da63be27cae713823574ae122f7840c

SHA1
f6d72221e40940cf68ee81de162e3c50624ae95a

SHA256
0d57017caf9fa6845f77387e093746032ca55240f2589fe16214526ff77f6150

SHA512
944075db24c617b991f12de60dbff71d09c0e2578298609c570451224963cae7b4684d89145990f7e3547f4895da2186af968f29dc167381af98a7c77130053f

Download Submit
C:\Windows\System\WQAwRzG.exe

Filesize
2.1MB

MD5
48364e1296e1fb5fc0e45a6d463e072d

SHA1
4c14ea3cad5d72c2f08e43038837aa6667ea1dbf

SHA256
405d69161273c27895b9de2be393a7a4c9dd3f2a50d21b2654aef37e8905920c

SHA512
b7539bc493d6ae820fd190ac58ed86f3d14978838a2ba98c91cc8f0747cb5641e7f4623c0fd9bab07522175645aa70f7325a3cddbc0917dd932fa65a1fea87b5

Download Submit
C:\Windows\System\YQtFJiv.exe

Filesize
2.0MB

MD5
976e0ecc8a99a997374486199249fd78

SHA1
3c5bd071a2a9dd7b6fc46caf3308a826400c46db

SHA256
0334b5eb3a236a03bc4329bc7f39ec1847c70d4bc36cccbed952bb27d18245e1

SHA512
a31f147a2a98a4a4f458b3adff2270b0fb3658390eb4f9c1f2d86571c8098b573df30975ba8c83b356291b919c62deb3dd3c20e99b080a44cd3f5d228053c838

Download Submit
C:\Windows\System\dsoGWQU.exe

Filesize
2.0MB

MD5
328011eeed394a0864be854549119c60

SHA1
103111b25fb01ec8e124fad3e1abc4cf95c65977

SHA256
05cc673a338581711e380ef773db11d3e47548576a6e45b9a683eaf96d314472

SHA512
72be8af9e46aed564514267762d9b70295ac2af874ebc882d937fdeaced70bc227e163a6759d83235fe73ecd5f2bed80e482621e437acf4f32f145fed1d38bdd

Download Submit
C:\Windows\System\evLAOmV.exe

Filesize
2.1MB

MD5
b85f1326e43c259558bafabff0fa44e0

SHA1
f611826bd03f4fa2ebf5e83e99a56369dcf89f21

SHA256
71623af1fd90a5a24842a9bfcecdd2339268c0be8bd3236fe2c9fcdf474e3557

SHA512
511408c3c31e39c6402f62be25857c9da67c02039998e6aac12dd268dff51340234d1f5e2ca426eefd0dee940b91f6a380cf667dd72699c6b709ad818dffffc7

Download Submit
C:\Windows\System\hwBfADX.exe

Filesize
2.1MB

MD5
9a2bc319ac77d22311615a02754fa0e1

SHA1
5321b1eafe8990b2733ceff0ec5d626d92584a08

SHA256
720fb70d2c14c4332afef679a9684d204dcb63a9c61b8612d1a661463ed8fd33

SHA512
89fd6179961dc92c3ffdddf6c5827e683004a100a9248bb52921b0f8bece3aed43cd0e965f2e9b347dabacc91be191016b6e4b00b68abcd8023c2d97a639b8b4

Download Submit
C:\Windows\System\iTLuLWK.exe

Filesize
2.0MB

MD5
a9ff16df363b39f122a9d788aea9212a

SHA1
cc8f82d38d7b2c6875bff2cc8a686e398c5df468

SHA256
222a3568ded1fdbfbf9a7e507da1d39756f7e26d742e26455f484e6e6581b10a

SHA512
6b28eb7bcbc67bb7f0288ef1bf6967d77fbbb8169658e2b470c51daaeabbf78cbe87c9133089da11550cc0f8087ae87a9abe36b3b3324a735bd5bec9b6d1afe4

Download Submit
C:\Windows\System\oJprzeJ.exe

Filesize
2.1MB

MD5
3bc72825bd79f7870d7191366154b4c6

SHA1
e8dbc75ea514063b8d5db17109faeadcb422af45

SHA256
b253b518ba710271371712f332e840b8ffa15acce17ae63bdf6a18786f8737f5

SHA512
270981695351ec36337b5d7794d9f38e08c127a55fa6b028810d5720791f4a8e68ed011a8590e67a58a0f1cdeabb326c8ec0dfd0e00a27682cb564fc0350e5cf

Download Submit
C:\Windows\System\oxtFrDh.exe

Filesize
2.1MB

MD5
75ac9867c3b4544c7b5e6940dd73c88b

SHA1
a844604ae20ac8ccda4500cc51871ed95fdaf640

SHA256
6d99517851f17dc78f4468ec307942ee0a9e933ae6cee19fb414ee8a7cec7904

SHA512
29c8db2b9b530318329e45af2738b5e677f2605dfca66742e7632248a1c76e6ffb657866c63b863096f77b7cd6edaf62097abe59945ee0e78db2c701fffb0224

Download Submit
C:\Windows\System\pZbInQN.exe

Filesize
2.1MB

MD5
fd177ec55d6b083fd2ab480b109481f9

SHA1
c91ab914773756574dc7dc24fb3ace97e66d4e55

SHA256
8c50a9cf3b2926218925ec9a503a951c45b7d5f09a26e1d0a1e615b5d5fd53e1

SHA512
1945068ce10d14aeba2303f79e67d0aa0ea8fd661b2420f0e1866084a4ad9c8194af2c8146bc0820fa07cc94c2c789d81e80f832cdbe5d7167a4c2aa275bfa45

Download Submit
C:\Windows\System\qYseUaV.exe

Filesize
2.0MB

MD5
c77802ac5d06e173d1612098fc86df32

SHA1
9665481f7b53fb908ad6906b0390f62370148515

SHA256
030a2a478bb4ddf87826f470242da7279108d0fdd213fe081605d69f0262f3d3

SHA512
55b85da2451c7634282fc66f57b4ec4cb74544033dfbed975865ff32a9793a2f910d83f92bbc0934401e3e1f83263e548a7c34b27d37572bb78d3824a34c3605

Download Submit
C:\Windows\System\rxSvVBb.exe

Filesize
2.0MB

MD5
d2352aa0aae9d64295b1906549576c65

SHA1
d7de548680f63ebe85b432b3bf0fa40007975796

SHA256
00f62835b0012827f73cb6643e3a45c567e22adc09d68d9312e309774f953335

SHA512
8d610ffd91cb1c43ca3d2215ad408bf916d970481ae9c9ac787b3c78d3e0b5cad7bef8e5ddcc78682ab4c7663b474bc40612b11a8571919abb04dec3589336dc

Download Submit
C:\Windows\System\thQDLji.exe

Filesize
2.0MB

MD5
5c799fe39cd78cfc7341a997bafb95fb

SHA1
4207f9e0e51ca04fea2003e767eb5ff009d261d4

SHA256
19c6e81c267f6f13a3085b1243c4786679c3af49a8fdc09e3825e4f0919eb609

SHA512
be378a638330a2977f4af5d3be63da0efa2b5d0ef27a6187052317fc0d1e88260c0cbd322f39269e0281216605b08fb7e4940e3046381d689dfa0cc4e2774eae

Download Submit
C:\Windows\System\vuwUriN.exe

Filesize
2.1MB

MD5
1d7d4681bcef9ab5724270ea7cdbfb23

SHA1
ccc45e938d3dcda6ab595188e82638c8f4838eab

SHA256
5bc44adc1bfcba3b71adb25440189f5a73e21f357513cfd1c6f4aa13ace9c309

SHA512
3c79947f3783b07b1cba5017c5465e858eb65e48096b767fc4bf57c03175ca88803ed2a1d35553a6640f165b0c8c493313632382cf499ee364b3d461132d73ed

Download Submit
C:\Windows\System\xPFVDNQ.exe

Filesize
2.1MB

MD5
90062851ce239fc19fcd373738473c54

SHA1
5df9d2e1ebf52fb5771e54178bf87f6717bfca81

SHA256
28d075f1d4d991e0c0b7ed7f29c3224687d4db7c04d094a8b57eaa94a60ed19f

SHA512
03a6b136d1a204c0b11d0e77cebc10a87373b3ba7a7b2e23d40352dbdf9ae9aaae3eaedb0f0012e30eb0f85aaa8cd993858e30ed773ef996e5418ccc09a7cc5c

Download Submit
C:\Windows\System\xmSAtfA.exe

Filesize
2.1MB

MD5
70f10b8a5ba0bd17cef710280db0dc2b

SHA1
b97ab244df6efbae20d2394f5b247efd3d857d59

SHA256
fef1fb3f68d1cc4a925c9329d8b00c3d3cbb04fae5ba317d8a90eb53e5eb4cc6

SHA512
3d416ab944f1940361d332f7929186b262bac0ed04199e1fe605b9572b743e99d2aa284f793200d1729d1fc4e7c7259e52fa1b26829e7420d3c6e4235e91075c

Download Submit
C:\Windows\System\ykabnUC.exe

Filesize
2.0MB

MD5
f351d6a99fd9b7666989d25c82952b2c

SHA1
25975388fe60ce560d39b498b726bc6cf59e4cb2

SHA256
40f88de3702e894ec880928192cba38cb6b76473225249a33a78bf6daa40861d

SHA512
e2d37ea0c6bb2846365ec0054313dd80fb8a70b065db221afc905c75ee32bce799bf9be26fdfcc794269267abc01669397a3e2b73c8f904308084269e3a17b4f

Download Submit
C:\Windows\System\zpRCYwJ.exe

Filesize
2.1MB

MD5
d43bca6251c8c8a7d93ec25b437f003f

SHA1
aeacafba0d74973014b6e9fae92bb3a4ec081709

SHA256
eaa0939cc968c2d4a4dbc98ccf39aebf09e573875ad1204856e5e7dc9ed47d7d

SHA512
1021b4287e74ce1b0111d9829467807a2b89b64e9fce05a5bfb9aaef4c45155285984ead1d0f0a83c1440203f98d75531eaab9620c5fae5bc3002012d0a7704e

Download Submit
memory/440-2125-0x00007FF72C7C0000-0x00007FF72CB14000-memory.dmp

Filesize
3.3MB

Download
memory/440-691-0x00007FF72C7C0000-0x00007FF72CB14000-memory.dmp

Filesize
3.3MB

Download
memory/744-740-0x00007FF799A10000-0x00007FF799D64000-memory.dmp

Filesize
3.3MB

Download
memory/744-2122-0x00007FF799A10000-0x00007FF799D64000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2115-0x00007FF6B95E0000-0x00007FF6B9934000-memory.dmp

Filesize
3.3MB

Download
memory/1036-50-0x00007FF6B95E0000-0x00007FF6B9934000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2108-0x00007FF6B95E0000-0x00007FF6B9934000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2137-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp

Filesize
3.3MB

Download
memory/1044-745-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp

Filesize
3.3MB

Download
memory/1096-2132-0x00007FF6E4350000-0x00007FF6E46A4000-memory.dmp

Filesize
3.3MB

Download
memory/1096-704-0x00007FF6E4350000-0x00007FF6E46A4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-43-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2106-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-2112-0x00007FF6071A0000-0x00007FF6074F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-736-0x00007FF7D6FB0000-0x00007FF7D7304000-memory.dmp

Filesize
3.3MB

Download
memory/1764-2123-0x00007FF7D6FB0000-0x00007FF7D7304000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2134-0x00007FF730640000-0x00007FF730994000-memory.dmp

Filesize
3.3MB

Download
memory/2028-698-0x00007FF730640000-0x00007FF730994000-memory.dmp

Filesize
3.3MB

Download
memory/2412-2120-0x00007FF721600000-0x00007FF721954000-memory.dmp

Filesize
3.3MB

Download
memory/2412-693-0x00007FF721600000-0x00007FF721954000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2114-0x00007FF6180D0000-0x00007FF618424000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2107-0x00007FF6180D0000-0x00007FF618424000-memory.dmp

Filesize
3.3MB

Download
memory/2616-49-0x00007FF6180D0000-0x00007FF618424000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2110-0x00007FF6CDE80000-0x00007FF6CE1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-687-0x00007FF6CDE80000-0x00007FF6CE1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2119-0x00007FF703BA0000-0x00007FF703EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-729-0x00007FF703BA0000-0x00007FF703EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-723-0x00007FF719680000-0x00007FF7199D4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2121-0x00007FF719680000-0x00007FF7199D4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-689-0x00007FF62E5F0000-0x00007FF62E944000-memory.dmp

Filesize
3.3MB

Download
memory/3404-2113-0x00007FF62E5F0000-0x00007FF62E944000-memory.dmp

Filesize
3.3MB

Download
memory/3428-711-0x00007FF770F90000-0x00007FF7712E4000-memory.dmp

Filesize
3.3MB

Download
memory/3428-2136-0x00007FF770F90000-0x00007FF7712E4000-memory.dmp

Filesize
3.3MB

Download
memory/3524-1-0x000001F3C9B50000-0x000001F3C9B60000-memory.dmp

Filesize
64KB

Download
memory/3524-2104-0x00007FF771D10000-0x00007FF772064000-memory.dmp

Filesize
3.3MB

Download
memory/3524-0-0x00007FF771D10000-0x00007FF772064000-memory.dmp

Filesize
3.3MB

Download
memory/3732-17-0x00007FF76ABC0000-0x00007FF76AF14000-memory.dmp

Filesize
3.3MB

Download
memory/3732-2109-0x00007FF76ABC0000-0x00007FF76AF14000-memory.dmp

Filesize
3.3MB

Download
memory/3768-697-0x00007FF75ACB0000-0x00007FF75B004000-memory.dmp

Filesize
3.3MB

Download
memory/3768-2135-0x00007FF75ACB0000-0x00007FF75B004000-memory.dmp

Filesize
3.3MB

Download
memory/4068-696-0x00007FF7308B0000-0x00007FF730C04000-memory.dmp

Filesize
3.3MB

Download
memory/4068-2129-0x00007FF7308B0000-0x00007FF730C04000-memory.dmp

Filesize
3.3MB

Download
memory/4128-2133-0x00007FF74B4C0000-0x00007FF74B814000-memory.dmp

Filesize
3.3MB

Download
memory/4128-706-0x00007FF74B4C0000-0x00007FF74B814000-memory.dmp

Filesize
3.3MB

Download
memory/4192-694-0x00007FF722EF0000-0x00007FF723244000-memory.dmp

Filesize
3.3MB

Download
memory/4192-2128-0x00007FF722EF0000-0x00007FF723244000-memory.dmp

Filesize
3.3MB

Download
memory/4252-2131-0x00007FF7E2980000-0x00007FF7E2CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4252-710-0x00007FF7E2980000-0x00007FF7E2CD4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-2124-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp

Filesize
3.3MB

Download
memory/4548-692-0x00007FF7C7700000-0x00007FF7C7A54000-memory.dmp

Filesize
3.3MB

Download
memory/4576-695-0x00007FF79B000000-0x00007FF79B354000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2127-0x00007FF79B000000-0x00007FF79B354000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2130-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp

Filesize
3.3MB

Download
memory/4648-719-0x00007FF75EE40000-0x00007FF75F194000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2116-0x00007FF6E4270000-0x00007FF6E45C4000-memory.dmp

Filesize
3.3MB

Download
memory/4668-688-0x00007FF6E4270000-0x00007FF6E45C4000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2105-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/4892-2111-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/4892-29-0x00007FF693110000-0x00007FF693464000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2117-0x00007FF649600000-0x00007FF649954000-memory.dmp

Filesize
3.3MB

Download
memory/4988-58-0x00007FF649600000-0x00007FF649954000-memory.dmp

Filesize
3.3MB

Download
memory/4992-748-0x00007FF69F630000-0x00007FF69F984000-memory.dmp

Filesize
3.3MB

Download
memory/4992-2126-0x00007FF69F630000-0x00007FF69F984000-memory.dmp

Filesize
3.3MB

Download
memory/5004-690-0x00007FF61D8C0000-0x00007FF61DC14000-memory.dmp

Filesize
3.3MB

Download
memory/5004-2118-0x00007FF61D8C0000-0x00007FF61DC14000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads