Malware Analysis Report

2024-10-16 07:54

Sample ID 240602-xpsrhabe6y
Target virussign.com_a28f82713688ac2f057fbfab65add680.vir
SHA256 366d6d3015dc6b19c09146895dcf8eaf51fa232dea9340286c0027d630c0fd4d
Tags
miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

366d6d3015dc6b19c09146895dcf8eaf51fa232dea9340286c0027d630c0fd4d

Threat Level: Known bad

The file virussign.com_a28f82713688ac2f057fbfab65add680.vir was found to be: Known bad.

Malicious Activity Summary

miner kpot xmrig stealer trojan

Xmrig family

KPOT

xmrig

Kpot family

XMRig Miner payload

KPOT Core Executable

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 19:02

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 19:02

Reported

2024-06-02 19:04

Platform

win7-20240419-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TgqmcyP.exe N/A
N/A N/A C:\Windows\System\QMhXWnl.exe N/A
N/A N/A C:\Windows\System\pdOsfXP.exe N/A
N/A N/A C:\Windows\System\CdZVLqV.exe N/A
N/A N/A C:\Windows\System\BtJTHiX.exe N/A
N/A N/A C:\Windows\System\IMSQQIy.exe N/A
N/A N/A C:\Windows\System\xeTOGuS.exe N/A
N/A N/A C:\Windows\System\uEtEMjr.exe N/A
N/A N/A C:\Windows\System\rswJCKc.exe N/A
N/A N/A C:\Windows\System\MBZvACY.exe N/A
N/A N/A C:\Windows\System\uEilGOS.exe N/A
N/A N/A C:\Windows\System\uOFJWTg.exe N/A
N/A N/A C:\Windows\System\TlcdWel.exe N/A
N/A N/A C:\Windows\System\MFUimzg.exe N/A
N/A N/A C:\Windows\System\JCaQsuH.exe N/A
N/A N/A C:\Windows\System\hkIiLhB.exe N/A
N/A N/A C:\Windows\System\ugIYIql.exe N/A
N/A N/A C:\Windows\System\AMSuBJO.exe N/A
N/A N/A C:\Windows\System\LUclsMQ.exe N/A
N/A N/A C:\Windows\System\IykzJtN.exe N/A
N/A N/A C:\Windows\System\zWZyZJH.exe N/A
N/A N/A C:\Windows\System\hWuVdMn.exe N/A
N/A N/A C:\Windows\System\DnEgCYo.exe N/A
N/A N/A C:\Windows\System\cALyAON.exe N/A
N/A N/A C:\Windows\System\fwwwSnx.exe N/A
N/A N/A C:\Windows\System\onxdVkw.exe N/A
N/A N/A C:\Windows\System\NODsZvP.exe N/A
N/A N/A C:\Windows\System\nqTgsyH.exe N/A
N/A N/A C:\Windows\System\NQErbuR.exe N/A
N/A N/A C:\Windows\System\OZblijs.exe N/A
N/A N/A C:\Windows\System\XXIxXJZ.exe N/A
N/A N/A C:\Windows\System\jzqyKsr.exe N/A
N/A N/A C:\Windows\System\grCpXaY.exe N/A
N/A N/A C:\Windows\System\zpLOHEI.exe N/A
N/A N/A C:\Windows\System\QkNHSCI.exe N/A
N/A N/A C:\Windows\System\UJsvhNx.exe N/A
N/A N/A C:\Windows\System\rkbQAYz.exe N/A
N/A N/A C:\Windows\System\YuBNQIr.exe N/A
N/A N/A C:\Windows\System\uSUqgFn.exe N/A
N/A N/A C:\Windows\System\XVTewdI.exe N/A
N/A N/A C:\Windows\System\MDRdzNu.exe N/A
N/A N/A C:\Windows\System\FeJYNgu.exe N/A
N/A N/A C:\Windows\System\zZeYbKO.exe N/A
N/A N/A C:\Windows\System\DxSNpSl.exe N/A
N/A N/A C:\Windows\System\NQaxcBG.exe N/A
N/A N/A C:\Windows\System\vIoloRp.exe N/A
N/A N/A C:\Windows\System\QQVmuqL.exe N/A
N/A N/A C:\Windows\System\wSZMOib.exe N/A
N/A N/A C:\Windows\System\VbXwTmc.exe N/A
N/A N/A C:\Windows\System\uiecnjr.exe N/A
N/A N/A C:\Windows\System\XwyzplD.exe N/A
N/A N/A C:\Windows\System\KHLSwjw.exe N/A
N/A N/A C:\Windows\System\QkZuyxK.exe N/A
N/A N/A C:\Windows\System\jpkHhVV.exe N/A
N/A N/A C:\Windows\System\nnAyUus.exe N/A
N/A N/A C:\Windows\System\krDWFpz.exe N/A
N/A N/A C:\Windows\System\NrelGPQ.exe N/A
N/A N/A C:\Windows\System\UZJFZMR.exe N/A
N/A N/A C:\Windows\System\EFQZtRK.exe N/A
N/A N/A C:\Windows\System\VmSeiSp.exe N/A
N/A N/A C:\Windows\System\bwlqiHH.exe N/A
N/A N/A C:\Windows\System\AjqWdEQ.exe N/A
N/A N/A C:\Windows\System\IVqnpez.exe N/A
N/A N/A C:\Windows\System\BoonGzh.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\cALyAON.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\VbXwTmc.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\WuYFIAN.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\YgDzahu.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\pdOsfXP.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\BQelWmc.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\XtWphqC.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\mDoeSLe.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\DCEqUdj.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\LUclsMQ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\sxFPpnM.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nuAJmxP.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\hkIiLhB.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\NQaxcBG.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\XwyzplD.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nYJPsWM.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nVamCZn.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\ulESxZb.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\zpLOHEI.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\XXIxXJZ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\RYJNLvV.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\shJkgKG.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\fVdGXlK.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\hKDXntb.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\QMhXWnl.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\eJHzTXV.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\GdbGzWY.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\XVTewdI.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\QkZuyxK.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\gLWvIoq.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\IEwYJqJ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\VJXrQGQ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\sZwrFUm.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wSZMOib.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\vCFtFHs.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\OweEWxH.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\zPECQXy.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\zxTvRBY.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\crkyTJE.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\SHgCwhZ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\XRkVZMJ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\UJsvhNx.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\RosMGvR.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\FygLvaB.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\KCaXyGy.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\uEilGOS.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nqTgsyH.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\GvazhIW.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\RfrrxUD.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\MxrbrWn.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\NyVuAcq.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\IboHjLP.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\DSTmwGd.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\DnEgCYo.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\hTQgcZT.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\gsDiAKD.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\yVDdtbG.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wBOiDko.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\mFLMXMf.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\toOPbir.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\ptHpOVt.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\vDPNXbc.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\OFrJOjC.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\hWuVdMn.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TgqmcyP.exe
PID 2372 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TgqmcyP.exe
PID 2372 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TgqmcyP.exe
PID 2372 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\QMhXWnl.exe
PID 2372 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\QMhXWnl.exe
PID 2372 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\QMhXWnl.exe
PID 2372 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\pdOsfXP.exe
PID 2372 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\pdOsfXP.exe
PID 2372 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\pdOsfXP.exe
PID 2372 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\CdZVLqV.exe
PID 2372 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\CdZVLqV.exe
PID 2372 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\CdZVLqV.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\BtJTHiX.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\BtJTHiX.exe
PID 2372 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\BtJTHiX.exe
PID 2372 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IMSQQIy.exe
PID 2372 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IMSQQIy.exe
PID 2372 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IMSQQIy.exe
PID 2372 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\xeTOGuS.exe
PID 2372 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\xeTOGuS.exe
PID 2372 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\xeTOGuS.exe
PID 2372 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEtEMjr.exe
PID 2372 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEtEMjr.exe
PID 2372 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEtEMjr.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\rswJCKc.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\rswJCKc.exe
PID 2372 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\rswJCKc.exe
PID 2372 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MBZvACY.exe
PID 2372 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MBZvACY.exe
PID 2372 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MBZvACY.exe
PID 2372 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEilGOS.exe
PID 2372 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEilGOS.exe
PID 2372 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uEilGOS.exe
PID 2372 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uOFJWTg.exe
PID 2372 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uOFJWTg.exe
PID 2372 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\uOFJWTg.exe
PID 2372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TlcdWel.exe
PID 2372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TlcdWel.exe
PID 2372 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\TlcdWel.exe
PID 2372 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MFUimzg.exe
PID 2372 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MFUimzg.exe
PID 2372 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\MFUimzg.exe
PID 2372 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\JCaQsuH.exe
PID 2372 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\JCaQsuH.exe
PID 2372 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\JCaQsuH.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hkIiLhB.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hkIiLhB.exe
PID 2372 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hkIiLhB.exe
PID 2372 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ugIYIql.exe
PID 2372 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ugIYIql.exe
PID 2372 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ugIYIql.exe
PID 2372 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\AMSuBJO.exe
PID 2372 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\AMSuBJO.exe
PID 2372 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\AMSuBJO.exe
PID 2372 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LUclsMQ.exe
PID 2372 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LUclsMQ.exe
PID 2372 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LUclsMQ.exe
PID 2372 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IykzJtN.exe
PID 2372 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IykzJtN.exe
PID 2372 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IykzJtN.exe
PID 2372 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\zWZyZJH.exe
PID 2372 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\zWZyZJH.exe
PID 2372 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\zWZyZJH.exe
PID 2372 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hWuVdMn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe

"C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe"

C:\Windows\System\TgqmcyP.exe

C:\Windows\System\TgqmcyP.exe

C:\Windows\System\QMhXWnl.exe

C:\Windows\System\QMhXWnl.exe

C:\Windows\System\pdOsfXP.exe

C:\Windows\System\pdOsfXP.exe

C:\Windows\System\CdZVLqV.exe

C:\Windows\System\CdZVLqV.exe

C:\Windows\System\BtJTHiX.exe

C:\Windows\System\BtJTHiX.exe

C:\Windows\System\IMSQQIy.exe

C:\Windows\System\IMSQQIy.exe

C:\Windows\System\xeTOGuS.exe

C:\Windows\System\xeTOGuS.exe

C:\Windows\System\uEtEMjr.exe

C:\Windows\System\uEtEMjr.exe

C:\Windows\System\rswJCKc.exe

C:\Windows\System\rswJCKc.exe

C:\Windows\System\MBZvACY.exe

C:\Windows\System\MBZvACY.exe

C:\Windows\System\uEilGOS.exe

C:\Windows\System\uEilGOS.exe

C:\Windows\System\uOFJWTg.exe

C:\Windows\System\uOFJWTg.exe

C:\Windows\System\TlcdWel.exe

C:\Windows\System\TlcdWel.exe

C:\Windows\System\MFUimzg.exe

C:\Windows\System\MFUimzg.exe

C:\Windows\System\JCaQsuH.exe

C:\Windows\System\JCaQsuH.exe

C:\Windows\System\hkIiLhB.exe

C:\Windows\System\hkIiLhB.exe

C:\Windows\System\ugIYIql.exe

C:\Windows\System\ugIYIql.exe

C:\Windows\System\AMSuBJO.exe

C:\Windows\System\AMSuBJO.exe

C:\Windows\System\LUclsMQ.exe

C:\Windows\System\LUclsMQ.exe

C:\Windows\System\IykzJtN.exe

C:\Windows\System\IykzJtN.exe

C:\Windows\System\zWZyZJH.exe

C:\Windows\System\zWZyZJH.exe

C:\Windows\System\hWuVdMn.exe

C:\Windows\System\hWuVdMn.exe

C:\Windows\System\DnEgCYo.exe

C:\Windows\System\DnEgCYo.exe

C:\Windows\System\cALyAON.exe

C:\Windows\System\cALyAON.exe

C:\Windows\System\fwwwSnx.exe

C:\Windows\System\fwwwSnx.exe

C:\Windows\System\onxdVkw.exe

C:\Windows\System\onxdVkw.exe

C:\Windows\System\NODsZvP.exe

C:\Windows\System\NODsZvP.exe

C:\Windows\System\nqTgsyH.exe

C:\Windows\System\nqTgsyH.exe

C:\Windows\System\NQErbuR.exe

C:\Windows\System\NQErbuR.exe

C:\Windows\System\OZblijs.exe

C:\Windows\System\OZblijs.exe

C:\Windows\System\XXIxXJZ.exe

C:\Windows\System\XXIxXJZ.exe

C:\Windows\System\jzqyKsr.exe

C:\Windows\System\jzqyKsr.exe

C:\Windows\System\grCpXaY.exe

C:\Windows\System\grCpXaY.exe

C:\Windows\System\zpLOHEI.exe

C:\Windows\System\zpLOHEI.exe

C:\Windows\System\QkNHSCI.exe

C:\Windows\System\QkNHSCI.exe

C:\Windows\System\UJsvhNx.exe

C:\Windows\System\UJsvhNx.exe

C:\Windows\System\rkbQAYz.exe

C:\Windows\System\rkbQAYz.exe

C:\Windows\System\YuBNQIr.exe

C:\Windows\System\YuBNQIr.exe

C:\Windows\System\uSUqgFn.exe

C:\Windows\System\uSUqgFn.exe

C:\Windows\System\XVTewdI.exe

C:\Windows\System\XVTewdI.exe

C:\Windows\System\MDRdzNu.exe

C:\Windows\System\MDRdzNu.exe

C:\Windows\System\FeJYNgu.exe

C:\Windows\System\FeJYNgu.exe

C:\Windows\System\zZeYbKO.exe

C:\Windows\System\zZeYbKO.exe

C:\Windows\System\DxSNpSl.exe

C:\Windows\System\DxSNpSl.exe

C:\Windows\System\NQaxcBG.exe

C:\Windows\System\NQaxcBG.exe

C:\Windows\System\vIoloRp.exe

C:\Windows\System\vIoloRp.exe

C:\Windows\System\QQVmuqL.exe

C:\Windows\System\QQVmuqL.exe

C:\Windows\System\wSZMOib.exe

C:\Windows\System\wSZMOib.exe

C:\Windows\System\VbXwTmc.exe

C:\Windows\System\VbXwTmc.exe

C:\Windows\System\uiecnjr.exe

C:\Windows\System\uiecnjr.exe

C:\Windows\System\XwyzplD.exe

C:\Windows\System\XwyzplD.exe

C:\Windows\System\KHLSwjw.exe

C:\Windows\System\KHLSwjw.exe

C:\Windows\System\QkZuyxK.exe

C:\Windows\System\QkZuyxK.exe

C:\Windows\System\jpkHhVV.exe

C:\Windows\System\jpkHhVV.exe

C:\Windows\System\nnAyUus.exe

C:\Windows\System\nnAyUus.exe

C:\Windows\System\krDWFpz.exe

C:\Windows\System\krDWFpz.exe

C:\Windows\System\NrelGPQ.exe

C:\Windows\System\NrelGPQ.exe

C:\Windows\System\UZJFZMR.exe

C:\Windows\System\UZJFZMR.exe

C:\Windows\System\EFQZtRK.exe

C:\Windows\System\EFQZtRK.exe

C:\Windows\System\VmSeiSp.exe

C:\Windows\System\VmSeiSp.exe

C:\Windows\System\bwlqiHH.exe

C:\Windows\System\bwlqiHH.exe

C:\Windows\System\AjqWdEQ.exe

C:\Windows\System\AjqWdEQ.exe

C:\Windows\System\IVqnpez.exe

C:\Windows\System\IVqnpez.exe

C:\Windows\System\BoonGzh.exe

C:\Windows\System\BoonGzh.exe

C:\Windows\System\bcAGjYe.exe

C:\Windows\System\bcAGjYe.exe

C:\Windows\System\mFLMXMf.exe

C:\Windows\System\mFLMXMf.exe

C:\Windows\System\kIlosoo.exe

C:\Windows\System\kIlosoo.exe

C:\Windows\System\gLWvIoq.exe

C:\Windows\System\gLWvIoq.exe

C:\Windows\System\VJBBnPQ.exe

C:\Windows\System\VJBBnPQ.exe

C:\Windows\System\BXuzBLQ.exe

C:\Windows\System\BXuzBLQ.exe

C:\Windows\System\QQWVZZM.exe

C:\Windows\System\QQWVZZM.exe

C:\Windows\System\iYcjhQj.exe

C:\Windows\System\iYcjhQj.exe

C:\Windows\System\kASjngq.exe

C:\Windows\System\kASjngq.exe

C:\Windows\System\kiWUqLZ.exe

C:\Windows\System\kiWUqLZ.exe

C:\Windows\System\zxTvRBY.exe

C:\Windows\System\zxTvRBY.exe

C:\Windows\System\pmxKJzj.exe

C:\Windows\System\pmxKJzj.exe

C:\Windows\System\bKaXdUm.exe

C:\Windows\System\bKaXdUm.exe

C:\Windows\System\uWPaEBs.exe

C:\Windows\System\uWPaEBs.exe

C:\Windows\System\DelwjgG.exe

C:\Windows\System\DelwjgG.exe

C:\Windows\System\IEwYJqJ.exe

C:\Windows\System\IEwYJqJ.exe

C:\Windows\System\xKuDILT.exe

C:\Windows\System\xKuDILT.exe

C:\Windows\System\HwpRzht.exe

C:\Windows\System\HwpRzht.exe

C:\Windows\System\hZrKCPv.exe

C:\Windows\System\hZrKCPv.exe

C:\Windows\System\DxyxdpS.exe

C:\Windows\System\DxyxdpS.exe

C:\Windows\System\XZXlwZr.exe

C:\Windows\System\XZXlwZr.exe

C:\Windows\System\toOPbir.exe

C:\Windows\System\toOPbir.exe

C:\Windows\System\eJHzTXV.exe

C:\Windows\System\eJHzTXV.exe

C:\Windows\System\RosMGvR.exe

C:\Windows\System\RosMGvR.exe

C:\Windows\System\QjxSWte.exe

C:\Windows\System\QjxSWte.exe

C:\Windows\System\LVYaMmR.exe

C:\Windows\System\LVYaMmR.exe

C:\Windows\System\QHXNivC.exe

C:\Windows\System\QHXNivC.exe

C:\Windows\System\nRQZpuF.exe

C:\Windows\System\nRQZpuF.exe

C:\Windows\System\LEMYmlC.exe

C:\Windows\System\LEMYmlC.exe

C:\Windows\System\TaDInGz.exe

C:\Windows\System\TaDInGz.exe

C:\Windows\System\EWbPQWN.exe

C:\Windows\System\EWbPQWN.exe

C:\Windows\System\uKqCTAO.exe

C:\Windows\System\uKqCTAO.exe

C:\Windows\System\omQobAG.exe

C:\Windows\System\omQobAG.exe

C:\Windows\System\tnnKbSK.exe

C:\Windows\System\tnnKbSK.exe

C:\Windows\System\APWecRH.exe

C:\Windows\System\APWecRH.exe

C:\Windows\System\qzeXzwk.exe

C:\Windows\System\qzeXzwk.exe

C:\Windows\System\inHmABs.exe

C:\Windows\System\inHmABs.exe

C:\Windows\System\ZdmXGwn.exe

C:\Windows\System\ZdmXGwn.exe

C:\Windows\System\vCFtFHs.exe

C:\Windows\System\vCFtFHs.exe

C:\Windows\System\PeEEEMD.exe

C:\Windows\System\PeEEEMD.exe

C:\Windows\System\nYJPsWM.exe

C:\Windows\System\nYJPsWM.exe

C:\Windows\System\AaBaHtg.exe

C:\Windows\System\AaBaHtg.exe

C:\Windows\System\GlUbSak.exe

C:\Windows\System\GlUbSak.exe

C:\Windows\System\prJjwNM.exe

C:\Windows\System\prJjwNM.exe

C:\Windows\System\uOiOYqK.exe

C:\Windows\System\uOiOYqK.exe

C:\Windows\System\LfmOBqs.exe

C:\Windows\System\LfmOBqs.exe

C:\Windows\System\OweEWxH.exe

C:\Windows\System\OweEWxH.exe

C:\Windows\System\exEkVjL.exe

C:\Windows\System\exEkVjL.exe

C:\Windows\System\kStdQwo.exe

C:\Windows\System\kStdQwo.exe

C:\Windows\System\WnveTFN.exe

C:\Windows\System\WnveTFN.exe

C:\Windows\System\umvnFKU.exe

C:\Windows\System\umvnFKU.exe

C:\Windows\System\BOOHVfX.exe

C:\Windows\System\BOOHVfX.exe

C:\Windows\System\nVamCZn.exe

C:\Windows\System\nVamCZn.exe

C:\Windows\System\jqoDcsT.exe

C:\Windows\System\jqoDcsT.exe

C:\Windows\System\kOBZkdM.exe

C:\Windows\System\kOBZkdM.exe

C:\Windows\System\GvazhIW.exe

C:\Windows\System\GvazhIW.exe

C:\Windows\System\YwiOVAh.exe

C:\Windows\System\YwiOVAh.exe

C:\Windows\System\VJXrQGQ.exe

C:\Windows\System\VJXrQGQ.exe

C:\Windows\System\yNgoSKi.exe

C:\Windows\System\yNgoSKi.exe

C:\Windows\System\LYJqXOH.exe

C:\Windows\System\LYJqXOH.exe

C:\Windows\System\CpWOPnn.exe

C:\Windows\System\CpWOPnn.exe

C:\Windows\System\PCsmVGu.exe

C:\Windows\System\PCsmVGu.exe

C:\Windows\System\aoSDnsd.exe

C:\Windows\System\aoSDnsd.exe

C:\Windows\System\olUxPTV.exe

C:\Windows\System\olUxPTV.exe

C:\Windows\System\TTDbwbZ.exe

C:\Windows\System\TTDbwbZ.exe

C:\Windows\System\RfrrxUD.exe

C:\Windows\System\RfrrxUD.exe

C:\Windows\System\oFkykpd.exe

C:\Windows\System\oFkykpd.exe

C:\Windows\System\LkQtXrX.exe

C:\Windows\System\LkQtXrX.exe

C:\Windows\System\yrNZcYK.exe

C:\Windows\System\yrNZcYK.exe

C:\Windows\System\SQQzgHG.exe

C:\Windows\System\SQQzgHG.exe

C:\Windows\System\vJNyhjR.exe

C:\Windows\System\vJNyhjR.exe

C:\Windows\System\PhKhjVg.exe

C:\Windows\System\PhKhjVg.exe

C:\Windows\System\VzQqzzc.exe

C:\Windows\System\VzQqzzc.exe

C:\Windows\System\SZlnYfr.exe

C:\Windows\System\SZlnYfr.exe

C:\Windows\System\NfoblIb.exe

C:\Windows\System\NfoblIb.exe

C:\Windows\System\BdyQKtJ.exe

C:\Windows\System\BdyQKtJ.exe

C:\Windows\System\mpCnTut.exe

C:\Windows\System\mpCnTut.exe

C:\Windows\System\vbQjsGD.exe

C:\Windows\System\vbQjsGD.exe

C:\Windows\System\ZuCnoLc.exe

C:\Windows\System\ZuCnoLc.exe

C:\Windows\System\xaXGYDB.exe

C:\Windows\System\xaXGYDB.exe

C:\Windows\System\kpwaHVr.exe

C:\Windows\System\kpwaHVr.exe

C:\Windows\System\QqknZRl.exe

C:\Windows\System\QqknZRl.exe

C:\Windows\System\pDpNVuT.exe

C:\Windows\System\pDpNVuT.exe

C:\Windows\System\LHGAwei.exe

C:\Windows\System\LHGAwei.exe

C:\Windows\System\JlXmEEI.exe

C:\Windows\System\JlXmEEI.exe

C:\Windows\System\twvZnqq.exe

C:\Windows\System\twvZnqq.exe

C:\Windows\System\drCayRx.exe

C:\Windows\System\drCayRx.exe

C:\Windows\System\vtsdPzP.exe

C:\Windows\System\vtsdPzP.exe

C:\Windows\System\hTQgcZT.exe

C:\Windows\System\hTQgcZT.exe

C:\Windows\System\zYalOkk.exe

C:\Windows\System\zYalOkk.exe

C:\Windows\System\hunJnYy.exe

C:\Windows\System\hunJnYy.exe

C:\Windows\System\mZVOpgn.exe

C:\Windows\System\mZVOpgn.exe

C:\Windows\System\oKOnZnp.exe

C:\Windows\System\oKOnZnp.exe

C:\Windows\System\dzjQKvF.exe

C:\Windows\System\dzjQKvF.exe

C:\Windows\System\ptHpOVt.exe

C:\Windows\System\ptHpOVt.exe

C:\Windows\System\gWCBxwq.exe

C:\Windows\System\gWCBxwq.exe

C:\Windows\System\sZwrFUm.exe

C:\Windows\System\sZwrFUm.exe

C:\Windows\System\yGxpnUU.exe

C:\Windows\System\yGxpnUU.exe

C:\Windows\System\JxHIrUz.exe

C:\Windows\System\JxHIrUz.exe

C:\Windows\System\xYZVwda.exe

C:\Windows\System\xYZVwda.exe

C:\Windows\System\CQWctxr.exe

C:\Windows\System\CQWctxr.exe

C:\Windows\System\CWsliFO.exe

C:\Windows\System\CWsliFO.exe

C:\Windows\System\gVLuxzl.exe

C:\Windows\System\gVLuxzl.exe

C:\Windows\System\JtEBzzH.exe

C:\Windows\System\JtEBzzH.exe

C:\Windows\System\OJqnvsx.exe

C:\Windows\System\OJqnvsx.exe

C:\Windows\System\ysInQGe.exe

C:\Windows\System\ysInQGe.exe

C:\Windows\System\YTMwelU.exe

C:\Windows\System\YTMwelU.exe

C:\Windows\System\SEJGYWO.exe

C:\Windows\System\SEJGYWO.exe

C:\Windows\System\OqMeFhn.exe

C:\Windows\System\OqMeFhn.exe

C:\Windows\System\SaJzpxX.exe

C:\Windows\System\SaJzpxX.exe

C:\Windows\System\gsDiAKD.exe

C:\Windows\System\gsDiAKD.exe

C:\Windows\System\SZXbQMY.exe

C:\Windows\System\SZXbQMY.exe

C:\Windows\System\zPECQXy.exe

C:\Windows\System\zPECQXy.exe

C:\Windows\System\MxrbrWn.exe

C:\Windows\System\MxrbrWn.exe

C:\Windows\System\DYbKuji.exe

C:\Windows\System\DYbKuji.exe

C:\Windows\System\FUicBBJ.exe

C:\Windows\System\FUicBBJ.exe

C:\Windows\System\VgyZaQl.exe

C:\Windows\System\VgyZaQl.exe

C:\Windows\System\rLeTNRY.exe

C:\Windows\System\rLeTNRY.exe

C:\Windows\System\ZKHJeNj.exe

C:\Windows\System\ZKHJeNj.exe

C:\Windows\System\iZDrtOe.exe

C:\Windows\System\iZDrtOe.exe

C:\Windows\System\PavVfHw.exe

C:\Windows\System\PavVfHw.exe

C:\Windows\System\xjNDrnn.exe

C:\Windows\System\xjNDrnn.exe

C:\Windows\System\mLrJHRL.exe

C:\Windows\System\mLrJHRL.exe

C:\Windows\System\MRxcBKQ.exe

C:\Windows\System\MRxcBKQ.exe

C:\Windows\System\rImUUbM.exe

C:\Windows\System\rImUUbM.exe

C:\Windows\System\DJzLfRH.exe

C:\Windows\System\DJzLfRH.exe

C:\Windows\System\vHHrGIG.exe

C:\Windows\System\vHHrGIG.exe

C:\Windows\System\dEzSBOp.exe

C:\Windows\System\dEzSBOp.exe

C:\Windows\System\nyHhzoU.exe

C:\Windows\System\nyHhzoU.exe

C:\Windows\System\vDPNXbc.exe

C:\Windows\System\vDPNXbc.exe

C:\Windows\System\vjCABOc.exe

C:\Windows\System\vjCABOc.exe

C:\Windows\System\VKslJdW.exe

C:\Windows\System\VKslJdW.exe

C:\Windows\System\yGPvEtJ.exe

C:\Windows\System\yGPvEtJ.exe

C:\Windows\System\wenwZiG.exe

C:\Windows\System\wenwZiG.exe

C:\Windows\System\ivOeElR.exe

C:\Windows\System\ivOeElR.exe

C:\Windows\System\ulESxZb.exe

C:\Windows\System\ulESxZb.exe

C:\Windows\System\CuwREBF.exe

C:\Windows\System\CuwREBF.exe

C:\Windows\System\XRkVZMJ.exe

C:\Windows\System\XRkVZMJ.exe

C:\Windows\System\SXsulPv.exe

C:\Windows\System\SXsulPv.exe

C:\Windows\System\YssDRQD.exe

C:\Windows\System\YssDRQD.exe

C:\Windows\System\vxGKigg.exe

C:\Windows\System\vxGKigg.exe

C:\Windows\System\RYJNLvV.exe

C:\Windows\System\RYJNLvV.exe

C:\Windows\System\bmokXcA.exe

C:\Windows\System\bmokXcA.exe

C:\Windows\System\htIaHwP.exe

C:\Windows\System\htIaHwP.exe

C:\Windows\System\DCEqUdj.exe

C:\Windows\System\DCEqUdj.exe

C:\Windows\System\XNpLblH.exe

C:\Windows\System\XNpLblH.exe

C:\Windows\System\AfbPvRA.exe

C:\Windows\System\AfbPvRA.exe

C:\Windows\System\fSeUVxe.exe

C:\Windows\System\fSeUVxe.exe

C:\Windows\System\GPCzfEy.exe

C:\Windows\System\GPCzfEy.exe

C:\Windows\System\RtJAGsA.exe

C:\Windows\System\RtJAGsA.exe

C:\Windows\System\AUjmfgE.exe

C:\Windows\System\AUjmfgE.exe

C:\Windows\System\QXskJcF.exe

C:\Windows\System\QXskJcF.exe

C:\Windows\System\HNEqhnK.exe

C:\Windows\System\HNEqhnK.exe

C:\Windows\System\SQAOhpA.exe

C:\Windows\System\SQAOhpA.exe

C:\Windows\System\Afdgojw.exe

C:\Windows\System\Afdgojw.exe

C:\Windows\System\hAkkjsD.exe

C:\Windows\System\hAkkjsD.exe

C:\Windows\System\WuYFIAN.exe

C:\Windows\System\WuYFIAN.exe

C:\Windows\System\WAJNDlu.exe

C:\Windows\System\WAJNDlu.exe

C:\Windows\System\fndjjKU.exe

C:\Windows\System\fndjjKU.exe

C:\Windows\System\YXIPfTX.exe

C:\Windows\System\YXIPfTX.exe

C:\Windows\System\gkJseOG.exe

C:\Windows\System\gkJseOG.exe

C:\Windows\System\ZnyGfRA.exe

C:\Windows\System\ZnyGfRA.exe

C:\Windows\System\BQelWmc.exe

C:\Windows\System\BQelWmc.exe

C:\Windows\System\sdFCmLP.exe

C:\Windows\System\sdFCmLP.exe

C:\Windows\System\dGUsOSG.exe

C:\Windows\System\dGUsOSG.exe

C:\Windows\System\rgMcARc.exe

C:\Windows\System\rgMcARc.exe

C:\Windows\System\ZFufuZR.exe

C:\Windows\System\ZFufuZR.exe

C:\Windows\System\GxjVHhw.exe

C:\Windows\System\GxjVHhw.exe

C:\Windows\System\NyVuAcq.exe

C:\Windows\System\NyVuAcq.exe

C:\Windows\System\VDaeCmR.exe

C:\Windows\System\VDaeCmR.exe

C:\Windows\System\AOfgqzc.exe

C:\Windows\System\AOfgqzc.exe

C:\Windows\System\DFpJCoY.exe

C:\Windows\System\DFpJCoY.exe

C:\Windows\System\oXRZCxR.exe

C:\Windows\System\oXRZCxR.exe

C:\Windows\System\CtctSNl.exe

C:\Windows\System\CtctSNl.exe

C:\Windows\System\KbutQYR.exe

C:\Windows\System\KbutQYR.exe

C:\Windows\System\JcEQbwy.exe

C:\Windows\System\JcEQbwy.exe

C:\Windows\System\alclCQf.exe

C:\Windows\System\alclCQf.exe

C:\Windows\System\dCaTjYn.exe

C:\Windows\System\dCaTjYn.exe

C:\Windows\System\ntefuDq.exe

C:\Windows\System\ntefuDq.exe

C:\Windows\System\BLzqXJF.exe

C:\Windows\System\BLzqXJF.exe

C:\Windows\System\sxFPpnM.exe

C:\Windows\System\sxFPpnM.exe

C:\Windows\System\QnxZJUE.exe

C:\Windows\System\QnxZJUE.exe

C:\Windows\System\OFrJOjC.exe

C:\Windows\System\OFrJOjC.exe

C:\Windows\System\EwMisYs.exe

C:\Windows\System\EwMisYs.exe

C:\Windows\System\LqCMSoA.exe

C:\Windows\System\LqCMSoA.exe

C:\Windows\System\vPqKGgk.exe

C:\Windows\System\vPqKGgk.exe

C:\Windows\System\UaZdcJd.exe

C:\Windows\System\UaZdcJd.exe

C:\Windows\System\yqGKWtQ.exe

C:\Windows\System\yqGKWtQ.exe

C:\Windows\System\LwJZtmP.exe

C:\Windows\System\LwJZtmP.exe

C:\Windows\System\vMbMbGw.exe

C:\Windows\System\vMbMbGw.exe

C:\Windows\System\shJkgKG.exe

C:\Windows\System\shJkgKG.exe

C:\Windows\System\UoxBvOP.exe

C:\Windows\System\UoxBvOP.exe

C:\Windows\System\nkNrZax.exe

C:\Windows\System\nkNrZax.exe

C:\Windows\System\XtWphqC.exe

C:\Windows\System\XtWphqC.exe

C:\Windows\System\UrbEpmY.exe

C:\Windows\System\UrbEpmY.exe

C:\Windows\System\oLElIUZ.exe

C:\Windows\System\oLElIUZ.exe

C:\Windows\System\YHdIRRG.exe

C:\Windows\System\YHdIRRG.exe

C:\Windows\System\tPDisGC.exe

C:\Windows\System\tPDisGC.exe

C:\Windows\System\dAPLsaE.exe

C:\Windows\System\dAPLsaE.exe

C:\Windows\System\EVpVONW.exe

C:\Windows\System\EVpVONW.exe

C:\Windows\System\XBFacnV.exe

C:\Windows\System\XBFacnV.exe

C:\Windows\System\hrlBfHp.exe

C:\Windows\System\hrlBfHp.exe

C:\Windows\System\pprXFys.exe

C:\Windows\System\pprXFys.exe

C:\Windows\System\crkyTJE.exe

C:\Windows\System\crkyTJE.exe

C:\Windows\System\BPNkJNF.exe

C:\Windows\System\BPNkJNF.exe

C:\Windows\System\CAHjcXu.exe

C:\Windows\System\CAHjcXu.exe

C:\Windows\System\alLhwnk.exe

C:\Windows\System\alLhwnk.exe

C:\Windows\System\WKJFiEy.exe

C:\Windows\System\WKJFiEy.exe

C:\Windows\System\mDoeSLe.exe

C:\Windows\System\mDoeSLe.exe

C:\Windows\System\ZueGZIF.exe

C:\Windows\System\ZueGZIF.exe

C:\Windows\System\QIArera.exe

C:\Windows\System\QIArera.exe

C:\Windows\System\mHgYMFk.exe

C:\Windows\System\mHgYMFk.exe

C:\Windows\System\ciBNDTm.exe

C:\Windows\System\ciBNDTm.exe

C:\Windows\System\aZhgjbu.exe

C:\Windows\System\aZhgjbu.exe

C:\Windows\System\fVdGXlK.exe

C:\Windows\System\fVdGXlK.exe

C:\Windows\System\TkeWTsB.exe

C:\Windows\System\TkeWTsB.exe

C:\Windows\System\gwtKraV.exe

C:\Windows\System\gwtKraV.exe

C:\Windows\System\PfUqcKG.exe

C:\Windows\System\PfUqcKG.exe

C:\Windows\System\yVDdtbG.exe

C:\Windows\System\yVDdtbG.exe

C:\Windows\System\hKDXntb.exe

C:\Windows\System\hKDXntb.exe

C:\Windows\System\mHMdzxa.exe

C:\Windows\System\mHMdzxa.exe

C:\Windows\System\YgDzahu.exe

C:\Windows\System\YgDzahu.exe

C:\Windows\System\sVfGCMZ.exe

C:\Windows\System\sVfGCMZ.exe

C:\Windows\System\mTagBGN.exe

C:\Windows\System\mTagBGN.exe

C:\Windows\System\ICvooZd.exe

C:\Windows\System\ICvooZd.exe

C:\Windows\System\GdbGzWY.exe

C:\Windows\System\GdbGzWY.exe

C:\Windows\System\ztMsUMj.exe

C:\Windows\System\ztMsUMj.exe

C:\Windows\System\TeaNbLr.exe

C:\Windows\System\TeaNbLr.exe

C:\Windows\System\yyyCeWv.exe

C:\Windows\System\yyyCeWv.exe

C:\Windows\System\hRQAwBR.exe

C:\Windows\System\hRQAwBR.exe

C:\Windows\System\ijSEyoI.exe

C:\Windows\System\ijSEyoI.exe

C:\Windows\System\EXpgbne.exe

C:\Windows\System\EXpgbne.exe

C:\Windows\System\FygLvaB.exe

C:\Windows\System\FygLvaB.exe

C:\Windows\System\PLLUIJq.exe

C:\Windows\System\PLLUIJq.exe

C:\Windows\System\KCaXyGy.exe

C:\Windows\System\KCaXyGy.exe

C:\Windows\System\JKjonDc.exe

C:\Windows\System\JKjonDc.exe

C:\Windows\System\wBOiDko.exe

C:\Windows\System\wBOiDko.exe

C:\Windows\System\mbBTKoG.exe

C:\Windows\System\mbBTKoG.exe

C:\Windows\System\xehQWba.exe

C:\Windows\System\xehQWba.exe

C:\Windows\System\hngUuAa.exe

C:\Windows\System\hngUuAa.exe

C:\Windows\System\VelzinQ.exe

C:\Windows\System\VelzinQ.exe

C:\Windows\System\XXNGEJk.exe

C:\Windows\System\XXNGEJk.exe

C:\Windows\System\IboHjLP.exe

C:\Windows\System\IboHjLP.exe

C:\Windows\System\YgBFHip.exe

C:\Windows\System\YgBFHip.exe

C:\Windows\System\lrDPdGE.exe

C:\Windows\System\lrDPdGE.exe

C:\Windows\System\wLVyLcL.exe

C:\Windows\System\wLVyLcL.exe

C:\Windows\System\QHHmtDs.exe

C:\Windows\System\QHHmtDs.exe

C:\Windows\System\YRszgKi.exe

C:\Windows\System\YRszgKi.exe

C:\Windows\System\uyCUHSO.exe

C:\Windows\System\uyCUHSO.exe

C:\Windows\System\DwarlVK.exe

C:\Windows\System\DwarlVK.exe

C:\Windows\System\lnLoBAg.exe

C:\Windows\System\lnLoBAg.exe

C:\Windows\System\nuAJmxP.exe

C:\Windows\System\nuAJmxP.exe

C:\Windows\System\YKrFytC.exe

C:\Windows\System\YKrFytC.exe

C:\Windows\System\ymwWFlU.exe

C:\Windows\System\ymwWFlU.exe

C:\Windows\System\SHgCwhZ.exe

C:\Windows\System\SHgCwhZ.exe

C:\Windows\System\lLiPeZO.exe

C:\Windows\System\lLiPeZO.exe

C:\Windows\System\DSTmwGd.exe

C:\Windows\System\DSTmwGd.exe

C:\Windows\System\hQwQrNp.exe

C:\Windows\System\hQwQrNp.exe

C:\Windows\System\rVPWiqh.exe

C:\Windows\System\rVPWiqh.exe

C:\Windows\System\XrWRugO.exe

C:\Windows\System\XrWRugO.exe

C:\Windows\System\MGaYegP.exe

C:\Windows\System\MGaYegP.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2372-0-0x00000000002F0000-0x0000000000300000-memory.dmp

\Windows\system\TgqmcyP.exe

MD5 6456b62806b445f079a1129b9045c444
SHA1 db9b20d33cf7303a4856821047a0f4520fadae67
SHA256 7a47a58aaae992f3058418f16c48f468b496cd313d4ec620313e56cebe3c161c
SHA512 c05f88c70c8d2ad5a0807933a3025e85791499b98bb0ca7010e94120c8a237a7ec78d5361533f34d5db4574fe9ed384aaa85c94d7ebebe2a33e3f65229d1db5b

\Windows\system\QMhXWnl.exe

MD5 c34f18638a9612837f2673f8338b9f7e
SHA1 9a439cc5c1fc41b2086c62af2d1c3c833e7c01f1
SHA256 248b018e29e71626774e70f7018801ae558160ab3eb698a0cf072625439d3f3d
SHA512 43236d0900e6cbed8bb0d710583435f7c4096641b56b6cec0a7fdd5ac1c3b199e65d18a70a88e8de913107266bfe083ff7b7f87c8fbff17b17a4ae887c6f7269

C:\Windows\system\pdOsfXP.exe

MD5 9473a6a19d79880de2c084ace8cc7639
SHA1 eb8ddac1574ca45450884a43e246afa799fe3833
SHA256 ad90498eb7aef7a28cec2d1057ddd477cd6408fccc656061b9a9e318f4e37f48
SHA512 5d59f17ad318a11af867a41ede112df13306633806e2cba858135e2bc5e0442a3cdada75ad0e6639749b483235e32120f955d424293053d9b1750dd3d4932332

\Windows\system\CdZVLqV.exe

MD5 ad3dee2a036fb33f33b32c85a27c1811
SHA1 506be37b1d03cbd7ad4ae7dc66e0bf06628230b1
SHA256 8a11d153084ca33759f14776a24abce76ce42022599c462c8d94440de1f45ddf
SHA512 3ea70312200f865184027b83b4601b76ef6db97b55169e35c53cbb68d51b7283153e028ad383bec633b0621c9f7dafe212de3c21cbfd81b8ee8ddff50a2962a4

C:\Windows\system\IMSQQIy.exe

MD5 28e2d52b77a34ee8c141a07ff86cf8d3
SHA1 07793fcf16a8f520129e54051bbb5437fb5c27a7
SHA256 154ac9f011cfaa36d5b1d47a3172bbc860930390ad308a96550f20420e97a29c
SHA512 44b574b440ea33a1ee811bb6d9ddf4457673f367f8a5865720402f62c2293e2bc78aed5a69695d1b1c3162dfce80d93a4ed68df524ab59a000992d19b01fe177

C:\Windows\system\xeTOGuS.exe

MD5 f64d383a8e49127609451b3d55353a00
SHA1 00ddf376ff30504d76b3fb8140f593cf32ddcdad
SHA256 82f1d78404eff063ba48bdaf53627c46bb572632579cdf8a682302da5ddb2545
SHA512 bff89b9e997567f636ef35efdfba9fb527dce7d24d2c717dba86a3f5c16191bc57c36808c04381b14799bb293f2fddee11c6a406888c277a12df11d9087dc75d

C:\Windows\system\uEilGOS.exe

MD5 00d37a92dfb1465996e3f97f1ffe011b
SHA1 9677bb7df25abf96797d44788b8a0afc8e7addc2
SHA256 61a6de1d5e6a28d7b4d804f4510c70320fb6b7ba00a3b7300f65e622adeb2534
SHA512 404fc426009c7e7519b32927ac26d04d208289fd8708c6000e6be1dad982cbb4f3ddbc6c20b6a6df6de0463fa516ab445240df336c9c1b70306b824df042ccf7

C:\Windows\system\MFUimzg.exe

MD5 4e64eb232d72db90ba260b566a910c50
SHA1 c18b6740a9493c6f49ac06287a2fdd0471105514
SHA256 1f48877edb9306bea3abeef66772105351b21a2c60c28c4dd51fe061735e1600
SHA512 3ba58ada6575a4db2dbf2ac760a88e19810d1d3c66103c662b2dccf4d32c6760eb438acdd46f7eac45c9252f93cf178d58fb34f67f07e414535396627bf850c0

C:\Windows\system\TlcdWel.exe

MD5 c5d83b80dbefab1695cc5f1d0983c1fd
SHA1 a70fcafd72e259d888cb7cd92db7edd43a87a08e
SHA256 653113e029f48c89e95724110258125bf7fcf83e659d7b85cf8310a357bfe255
SHA512 d30eac96570bf836fda36eb7eed8758522bba718f0f7497b6f2aace83824dbbc62eed5f9666b65cee6512325e67fa123ff54ae56123a13ff3e57cc32371e421a

C:\Windows\system\AMSuBJO.exe

MD5 e0dd049dd77b3dfb66edc0c82a09c394
SHA1 743553a721379f1a2d14671a15c05e752cab1f9c
SHA256 235104afceaf7e9526cc7602c42731b0c2f903ee368ca8df3b75607fbc3f55e0
SHA512 19a9d4b458facf23201791d98b6540a0b8e9567c664e3bb85c5129f78fd375c3ae96cf8a8b9100a3fd491177e3b187efe1bc148da613bdcbab0008e50c7937c8

C:\Windows\system\jzqyKsr.exe

MD5 0edde281a0456689b87b0f0cac422383
SHA1 e29afa390e264572163f24c7554377e018eff306
SHA256 7fe893e1ad6ecccc344964134dfc072a1f434e453d19ef49bd77cf99ee5094e5
SHA512 9384c6e419b28c5d1045016488e98d3f58c6664eb196f815e02e5d8c7f11548c5108551c1a4a1e05e91a38063923eedd666c1a6041a690d6b6e033fdd0fc5ff7

C:\Windows\system\XXIxXJZ.exe

MD5 62ca63be22104526eec1b8cd8eb9eb17
SHA1 b94d0e34fe60ebe3e61a6d171ab6265952dc5314
SHA256 8fdaaf230572fe8e3e0c138f747411d4996aa3863e93045ce37f9f94508231fc
SHA512 2238f3d43b767525e114b62e329f6237dd2d6331429b78953cce572bd51ee8aa2a3ed6fe77a7fb5081ed9f77a9277a8e4e17a179404078cf26eb1decfb5f88ec

C:\Windows\system\OZblijs.exe

MD5 a603441f7f16819f093e257ed8d586dd
SHA1 af85d5f6a0aaabf176719089ec684ce9f0fa9ed3
SHA256 6a39dd7ee7930fd17760be50fee14bb8ba62867e963bf1af50477bcc2811cd0a
SHA512 923a4a61684df5d849b79b5f69a6a3868dd127e29e42236b635de536f394649f02511ec01a41cf4c7fa5fe5abc2aba9fa897cebe60323691c54cd0fb64bea183

C:\Windows\system\NQErbuR.exe

MD5 a85b4ea599f831d88048397092d1ed91
SHA1 a3e9276fe253239bbb6c347476b33dbd8b91f09d
SHA256 dc3c9a7ac8dd33a6b8d0d134f5a858c05a45bb8fa3462412bad7b7b84cbbfd79
SHA512 18d45f15ace167da5d46c65958dd4bb871131d1af61da36a5b0c23a03d01f803fe3afbe72698316466462cbd522682ca13b3955af6af647b0d8cc284d19a84f6

C:\Windows\system\nqTgsyH.exe

MD5 0358ab7a96709cba8039dec706b507fc
SHA1 b3235931c2c9a315c07a3d62de68d6981927160f
SHA256 c7f113a2b1073b6b0857e2972408f46a47cfadfda4b928ced4a4009ddf36aded
SHA512 27ea90b6f597c295dfe6f097e479ff30fb48dc96362a53ea1e5049477cffb78656f8a025c2a35d0bf9c5e14ecfbf7447da5e960a8886ce2cf62440f14bd2f1c8

C:\Windows\system\NODsZvP.exe

MD5 2764d7c53b801d9d42980db107bb9e50
SHA1 c1808fcf77257b246af38e4cbb883e9a672e68a9
SHA256 3bb85a1b5e5c82b1d51729d0ae690874615ea9db4a1fdb3c65d182ce5145edf5
SHA512 d40269842493d7f2223e91a7ec0c5e6f747ba79aa229fbf8b8b28d69009f26175ee7c47193ae4c0dcae64904889b573068acac602121c2c397c36e1670dd0fe0

C:\Windows\system\onxdVkw.exe

MD5 78151b0305604e6e8eff3eea568e3b9c
SHA1 a5687444bd117a2b2e10cd7ab8cca1a5403acb52
SHA256 71a13d36f4893a359903be3667f4dfc5cafc617522a9eee31794ccad0c574de5
SHA512 b11b7d3be01cc2109829b3a01ef749fc5861627242a232b0baf04742f6e8843698c2a273f0a8df0fe6923c727bb8b50b3888db3411b25c32a1a17250c20ea871

C:\Windows\system\fwwwSnx.exe

MD5 a200368e70e8788f25b3c61178e7040e
SHA1 d603d1a28000de768039392c2644fe6790380eeb
SHA256 00564b969dfe93b5dcd2ae54570eeb015a719a544a5854e381dca776909241b0
SHA512 fc4bad585f2e4d74a77fe14b9f64d53ec9f1839184d73dcbbf8857eef339f8d39e6b58ff50a2f3baa79acd00607cb3ec0a433a4b1122114ef7eb6592a583e488

C:\Windows\system\cALyAON.exe

MD5 0cab2277dcb4bda1c000942df3d6c29d
SHA1 7023b6bcb31c6854e9de1877ed8b2e455b16cba1
SHA256 88312d81d02eaa82380b702a0b559fefbad4add62a0c00c395774c2606251eb5
SHA512 3f23d258d67b5d15d55bd89983fd9c5d2dc45d09b3ea9cab7bfa3e193682912b1413493abb9e2610a47bcc8b79e826a5ffd3c3605aa759ff7bf14d8ca5720f07

C:\Windows\system\DnEgCYo.exe

MD5 03cfb74c8982754bba35453e9c0617f7
SHA1 ca6bd78215e023eec7dc5893800d5544057baa2e
SHA256 cd5d14b186e1fa0d2a2999008a0384d18bd011e563111ddf827fd0c45fad95db
SHA512 40d9a5b5f75a261947016bb119ab7176288634af859bf21fd9d0c418b0bc5daf81f72a0c0f31d5cb0999e5c92243024263548f2f94f4bb09afd2235f8a5bc83c

C:\Windows\system\hWuVdMn.exe

MD5 e06f73144e75e1c6441c67b168916aef
SHA1 4631483df82820a212b76525f5357a2016127d5b
SHA256 c0aef4e792bf85c48080d3b147b9dc3934f0015ec846391bd4b932f5b5a03b3f
SHA512 905dcdc81f395ca12374ba6430e5528ebe86d810b600ab927c89b6642389e31c10c1e2458e1b6a958abc5e8dd04f82fbf4528650873b406e184ff5da23924b86

C:\Windows\system\zWZyZJH.exe

MD5 c93201c8f68b526d19ea804323afbfc1
SHA1 78e2fd44ecfbc95ba0f44ea5412dcf533d2c26b0
SHA256 7b4b0703c2c65f9e837b42315cbb6396066724930d2ecefd6ac6a3fa1993c6ff
SHA512 b82220c3a3829c0fd6251d97eaa758247ddd2c79d030c110ee4ef4d10f9149b1f3666080e8c362b19925a506f2e7259d00708f3134424b641fbb476c4fe772e3

C:\Windows\system\LUclsMQ.exe

MD5 786dbb0b7165a1636a7edf3ef01e336a
SHA1 abdfc9c22383e782f923014e06d9ce34648cb900
SHA256 62b60a81bec6a74c016e22966847d8e3e72d2b8e13b1ed25baf4e11f6d6fc226
SHA512 9f6b1d61a02574b89154016b038ab620f65ac4dde59c8965290170f499d1d6a41b0e119bb7457662950c5f90d5329de0a046cde124959d9f4598847684bac6bf

C:\Windows\system\IykzJtN.exe

MD5 66edb87330a39f03dd5e686502c4587f
SHA1 aea3be7e00a6878b60bd189276210eadc034a41a
SHA256 76dad6d61c39be4751565333fd8772fdbbe873aff8bf9e5a0c62c6541d61c84e
SHA512 53165d8c52b8a6b438e98aba4dccdfcc2a7b1a5098d22b1d2ef2939580abdea615a04fcb0f86214b81abebd03fb1da02bcb6597a42be881b436a84528e9053bb

C:\Windows\system\ugIYIql.exe

MD5 537625235331d65e425d1e628aa41cde
SHA1 ed553ef27ac9cfaec5abc29d92044db903786f68
SHA256 986965aa88aa74aa407f424553a36de6fac70fedfe71eb7616a65a289765381c
SHA512 fbb89ac5693bd68b621116a1b41026056fd4c69a945864e004b9f5c9a027c342696f99c785950e7661862b698c207ab59efda69bf1ff5762aa914d788c0fdbff

C:\Windows\system\JCaQsuH.exe

MD5 7a20fda5326eeabedbfa9ddd4790a3d6
SHA1 9c1bc5504b88c43319124a36a09b0df78862d85a
SHA256 dfddf76e9181590e450c55a58702db715487d566573e83170a23ac6ace72c68b
SHA512 91c7350354a3a095c394ed77674aa17e545503db01f7ac535c621076ac0c4a0b686ee84da613cdd0092b40ec0f8b52a62afe07c388abbbfbde7832f61a0b4be5

C:\Windows\system\hkIiLhB.exe

MD5 876886656a3aaeeb80cb723c25e5afea
SHA1 aaf2d71fa86d1a4a63c959f002220cba3e2ba6f1
SHA256 4f27983ccac4b9d512dd7a56d840b8cc213707e2dfa83372993a20221775b95d
SHA512 f9fd280a0a97d76697a40579b3601d7f42b944e491df180ec62487752a29d044d4f8122af563ef9dff1f73b8162382a6ccf6d2b92ed9a0d2c65b53563cae2e17

C:\Windows\system\uOFJWTg.exe

MD5 bb35996cebc78c0af41263b8251db5e6
SHA1 d2363c6993833801d21aa2e0a6a9120454e21a2d
SHA256 cc306b085920ff866678ce3dbe32281ac87c097e830ccc9b76ce4245c697d131
SHA512 584bbeeab497abb2e8bd867fcd30390e521adc298daf70c9a5e41825d26b9d375465c7678e4f2ca508693af9738311db267a6aeab4b298fc7366b74c20260dbf

C:\Windows\system\MBZvACY.exe

MD5 aa6c83c4d2b86fdc7180196afe3127e3
SHA1 3ce04c129e9b95385d38a6fa1d01ddece0a2835c
SHA256 d7f0b9e7ad8afe99459e852c95f6a3b2d1099324247e338cbd72c7cee3b288ed
SHA512 377cb5d5fcf858e654608b4da7ff30e74238076cc93fc2f7154dfc875b2182d4bd6ac7d65ae6e9fa74af3884dd08e932e0ed8fd7c9d177a41f4939e491ef4341

C:\Windows\system\rswJCKc.exe

MD5 0aa89112ad38ab6c0ebbabc455ba6851
SHA1 9cab198ab85abffeeee595d012404f56abb5653b
SHA256 0ed71205cf9aff974f1b30322fe624c0575db0bfb6313eb84c0c3e75bce24453
SHA512 56d701aa0459b888a56e7c8f9920d9b426d5fd8bd09ef225605451005b4b7e2bf511acfd85587648879b8c9e1fbe65cec707dd59cdcf038b82536a116ea11d27

C:\Windows\system\uEtEMjr.exe

MD5 16783033ace64d712b747495d22fa51f
SHA1 22d2ab2f3ce7cf66ace398d023c3b90e2e721555
SHA256 fbf32a7ab90f37288b1b43e499de103676f69b3a4c83b426d4a27dcc8e1219ae
SHA512 5604eb47852991e498ae07a8023fa0a1ab4e13704c9e0f7a8bafdf954ecf640d5bbb945744315c78c090921494738959c043df47cca487def4adad7dc7360a08

C:\Windows\system\BtJTHiX.exe

MD5 3a700b5c0e35b384e06c6f644a5d8a02
SHA1 e1d2844dffed5cd77c7ecef81fc7fb996b335c8e
SHA256 d0fd10d6231ca258146237417463c9082cb52292e7b6b5a1621c667794f59e72
SHA512 066cac803f650c7521225cbc99ced7a34204406b5d85098729f3830b0084b5862ecbe3f002c08c18fb67521cebb6f3c2f7a55b30816bf314c897eb3bd27047cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 19:02

Reported

2024-06-02 19:04

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WRKZmZH.exe N/A
N/A N/A C:\Windows\System\lvaXYXa.exe N/A
N/A N/A C:\Windows\System\QVpXohT.exe N/A
N/A N/A C:\Windows\System\ccDfgRG.exe N/A
N/A N/A C:\Windows\System\RUyGcIS.exe N/A
N/A N/A C:\Windows\System\KWwDmpK.exe N/A
N/A N/A C:\Windows\System\HPQyykT.exe N/A
N/A N/A C:\Windows\System\NLeARlU.exe N/A
N/A N/A C:\Windows\System\lcwYice.exe N/A
N/A N/A C:\Windows\System\YcrEKGB.exe N/A
N/A N/A C:\Windows\System\RQOCtBN.exe N/A
N/A N/A C:\Windows\System\ugBzJBO.exe N/A
N/A N/A C:\Windows\System\ZtApqjX.exe N/A
N/A N/A C:\Windows\System\oKaMseC.exe N/A
N/A N/A C:\Windows\System\IiKOvIr.exe N/A
N/A N/A C:\Windows\System\qQxmaQE.exe N/A
N/A N/A C:\Windows\System\LhOPmLY.exe N/A
N/A N/A C:\Windows\System\xJpuJic.exe N/A
N/A N/A C:\Windows\System\wCUyqfh.exe N/A
N/A N/A C:\Windows\System\XiSdFqS.exe N/A
N/A N/A C:\Windows\System\LQhNgTf.exe N/A
N/A N/A C:\Windows\System\XIJnvFX.exe N/A
N/A N/A C:\Windows\System\FYPqHQf.exe N/A
N/A N/A C:\Windows\System\AtjYllt.exe N/A
N/A N/A C:\Windows\System\pGyqAdl.exe N/A
N/A N/A C:\Windows\System\LAnSvbf.exe N/A
N/A N/A C:\Windows\System\IfYSlBq.exe N/A
N/A N/A C:\Windows\System\HNlcqxt.exe N/A
N/A N/A C:\Windows\System\UtKUObV.exe N/A
N/A N/A C:\Windows\System\hicdUAM.exe N/A
N/A N/A C:\Windows\System\nYwjMHR.exe N/A
N/A N/A C:\Windows\System\cJmnDjb.exe N/A
N/A N/A C:\Windows\System\YtXTTlo.exe N/A
N/A N/A C:\Windows\System\nXhEccJ.exe N/A
N/A N/A C:\Windows\System\iaJnpaO.exe N/A
N/A N/A C:\Windows\System\CKojAik.exe N/A
N/A N/A C:\Windows\System\MLbTspP.exe N/A
N/A N/A C:\Windows\System\ktyHxDl.exe N/A
N/A N/A C:\Windows\System\inOYnTk.exe N/A
N/A N/A C:\Windows\System\KifZupI.exe N/A
N/A N/A C:\Windows\System\cSGOXHQ.exe N/A
N/A N/A C:\Windows\System\jDXEIQM.exe N/A
N/A N/A C:\Windows\System\pzOOpRX.exe N/A
N/A N/A C:\Windows\System\cVjIsgg.exe N/A
N/A N/A C:\Windows\System\aJzQOqk.exe N/A
N/A N/A C:\Windows\System\MufgVXA.exe N/A
N/A N/A C:\Windows\System\hCHatpr.exe N/A
N/A N/A C:\Windows\System\yWcMnEr.exe N/A
N/A N/A C:\Windows\System\SNTZqsa.exe N/A
N/A N/A C:\Windows\System\LRISAWE.exe N/A
N/A N/A C:\Windows\System\DuNaeYS.exe N/A
N/A N/A C:\Windows\System\ElAuOZY.exe N/A
N/A N/A C:\Windows\System\yrApwTn.exe N/A
N/A N/A C:\Windows\System\CYTPqQS.exe N/A
N/A N/A C:\Windows\System\YZzxtGC.exe N/A
N/A N/A C:\Windows\System\ZmgxzHQ.exe N/A
N/A N/A C:\Windows\System\qitTJsF.exe N/A
N/A N/A C:\Windows\System\ynRIHOX.exe N/A
N/A N/A C:\Windows\System\wzVcrfy.exe N/A
N/A N/A C:\Windows\System\uJkDkjk.exe N/A
N/A N/A C:\Windows\System\oxFPgIX.exe N/A
N/A N/A C:\Windows\System\kqrpTiZ.exe N/A
N/A N/A C:\Windows\System\mUwjahq.exe N/A
N/A N/A C:\Windows\System\BYagnxx.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FkMKlhM.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\vUPsXAv.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\pGyqAdl.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\DuNaeYS.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\yDZdQeC.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\MqAjKhn.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\QDpCArz.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\ElAuOZY.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\jwjCWRR.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\NUZbIba.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\dbucDGK.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\xGGQKwv.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\ELtSdHj.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\gOSkyGA.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\LQhNgTf.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wbdBJND.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\mGEKbQJ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\JsQJaSs.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\SmPwyQC.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\xEelraZ.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\OaLxGwB.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\HWLpuYF.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\YtXTTlo.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\yAkMUqX.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\khNsZBv.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\OufTqTO.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\EaljfBk.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\WCXXoeY.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\RUyGcIS.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nYwjMHR.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\noKjITf.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\BYagnxx.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\NUoLfjy.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\oTXAtuf.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\YylYltL.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wswJark.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\pHtHLOT.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\sEWMYLo.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wRskqdT.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\fHibrDD.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\riqCSgu.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\UNBoKJU.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\xJpuJic.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\kjccMqP.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\JsmHbbS.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\bxKxvVO.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\nsWPLtf.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\RQOCtBN.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\CoXWjPn.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\BhkGusE.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\rvHNWOF.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\KWwDmpK.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wiVHaRL.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\kOVrKRd.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\pxDESGE.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\wSCJGMp.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\zciNiOp.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\pqFFXPm.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\IiKOvIr.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\YZzxtGC.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\ItHuAWD.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\DMGhTzI.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\QkHKlxO.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
File created C:\Windows\System\SwKjZmq.exe C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4684 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\WRKZmZH.exe
PID 4684 wrote to memory of 3684 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\WRKZmZH.exe
PID 4684 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\lvaXYXa.exe
PID 4684 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\lvaXYXa.exe
PID 4684 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\QVpXohT.exe
PID 4684 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\QVpXohT.exe
PID 4684 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ccDfgRG.exe
PID 4684 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ccDfgRG.exe
PID 4684 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\RUyGcIS.exe
PID 4684 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\RUyGcIS.exe
PID 4684 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\KWwDmpK.exe
PID 4684 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\KWwDmpK.exe
PID 4684 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\HPQyykT.exe
PID 4684 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\HPQyykT.exe
PID 4684 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\NLeARlU.exe
PID 4684 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\NLeARlU.exe
PID 4684 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\lcwYice.exe
PID 4684 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\lcwYice.exe
PID 4684 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\YcrEKGB.exe
PID 4684 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\YcrEKGB.exe
PID 4684 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\RQOCtBN.exe
PID 4684 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\RQOCtBN.exe
PID 4684 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ugBzJBO.exe
PID 4684 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ugBzJBO.exe
PID 4684 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ZtApqjX.exe
PID 4684 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\ZtApqjX.exe
PID 4684 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\oKaMseC.exe
PID 4684 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\oKaMseC.exe
PID 4684 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IiKOvIr.exe
PID 4684 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IiKOvIr.exe
PID 4684 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\qQxmaQE.exe
PID 4684 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\qQxmaQE.exe
PID 4684 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LhOPmLY.exe
PID 4684 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LhOPmLY.exe
PID 4684 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\xJpuJic.exe
PID 4684 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\xJpuJic.exe
PID 4684 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\wCUyqfh.exe
PID 4684 wrote to memory of 1420 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\wCUyqfh.exe
PID 4684 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\XiSdFqS.exe
PID 4684 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\XiSdFqS.exe
PID 4684 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LQhNgTf.exe
PID 4684 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LQhNgTf.exe
PID 4684 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\XIJnvFX.exe
PID 4684 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\XIJnvFX.exe
PID 4684 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\FYPqHQf.exe
PID 4684 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\FYPqHQf.exe
PID 4684 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\AtjYllt.exe
PID 4684 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\AtjYllt.exe
PID 4684 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\pGyqAdl.exe
PID 4684 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\pGyqAdl.exe
PID 4684 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LAnSvbf.exe
PID 4684 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\LAnSvbf.exe
PID 4684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IfYSlBq.exe
PID 4684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\IfYSlBq.exe
PID 4684 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\HNlcqxt.exe
PID 4684 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\HNlcqxt.exe
PID 4684 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\UtKUObV.exe
PID 4684 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\UtKUObV.exe
PID 4684 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hicdUAM.exe
PID 4684 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\hicdUAM.exe
PID 4684 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\nYwjMHR.exe
PID 4684 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\nYwjMHR.exe
PID 4684 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\cJmnDjb.exe
PID 4684 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe C:\Windows\System\cJmnDjb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe

"C:\Users\Admin\AppData\Local\Temp\virussign.com_a28f82713688ac2f057fbfab65add680.exe"

C:\Windows\System\WRKZmZH.exe

C:\Windows\System\WRKZmZH.exe

C:\Windows\System\lvaXYXa.exe

C:\Windows\System\lvaXYXa.exe

C:\Windows\System\QVpXohT.exe

C:\Windows\System\QVpXohT.exe

C:\Windows\System\ccDfgRG.exe

C:\Windows\System\ccDfgRG.exe

C:\Windows\System\RUyGcIS.exe

C:\Windows\System\RUyGcIS.exe

C:\Windows\System\KWwDmpK.exe

C:\Windows\System\KWwDmpK.exe

C:\Windows\System\HPQyykT.exe

C:\Windows\System\HPQyykT.exe

C:\Windows\System\NLeARlU.exe

C:\Windows\System\NLeARlU.exe

C:\Windows\System\lcwYice.exe

C:\Windows\System\lcwYice.exe

C:\Windows\System\YcrEKGB.exe

C:\Windows\System\YcrEKGB.exe

C:\Windows\System\RQOCtBN.exe

C:\Windows\System\RQOCtBN.exe

C:\Windows\System\ugBzJBO.exe

C:\Windows\System\ugBzJBO.exe

C:\Windows\System\ZtApqjX.exe

C:\Windows\System\ZtApqjX.exe

C:\Windows\System\oKaMseC.exe

C:\Windows\System\oKaMseC.exe

C:\Windows\System\IiKOvIr.exe

C:\Windows\System\IiKOvIr.exe

C:\Windows\System\qQxmaQE.exe

C:\Windows\System\qQxmaQE.exe

C:\Windows\System\LhOPmLY.exe

C:\Windows\System\LhOPmLY.exe

C:\Windows\System\xJpuJic.exe

C:\Windows\System\xJpuJic.exe

C:\Windows\System\wCUyqfh.exe

C:\Windows\System\wCUyqfh.exe

C:\Windows\System\XiSdFqS.exe

C:\Windows\System\XiSdFqS.exe

C:\Windows\System\LQhNgTf.exe

C:\Windows\System\LQhNgTf.exe

C:\Windows\System\XIJnvFX.exe

C:\Windows\System\XIJnvFX.exe

C:\Windows\System\FYPqHQf.exe

C:\Windows\System\FYPqHQf.exe

C:\Windows\System\AtjYllt.exe

C:\Windows\System\AtjYllt.exe

C:\Windows\System\pGyqAdl.exe

C:\Windows\System\pGyqAdl.exe

C:\Windows\System\LAnSvbf.exe

C:\Windows\System\LAnSvbf.exe

C:\Windows\System\IfYSlBq.exe

C:\Windows\System\IfYSlBq.exe

C:\Windows\System\HNlcqxt.exe

C:\Windows\System\HNlcqxt.exe

C:\Windows\System\UtKUObV.exe

C:\Windows\System\UtKUObV.exe

C:\Windows\System\hicdUAM.exe

C:\Windows\System\hicdUAM.exe

C:\Windows\System\nYwjMHR.exe

C:\Windows\System\nYwjMHR.exe

C:\Windows\System\cJmnDjb.exe

C:\Windows\System\cJmnDjb.exe

C:\Windows\System\YtXTTlo.exe

C:\Windows\System\YtXTTlo.exe

C:\Windows\System\nXhEccJ.exe

C:\Windows\System\nXhEccJ.exe

C:\Windows\System\iaJnpaO.exe

C:\Windows\System\iaJnpaO.exe

C:\Windows\System\CKojAik.exe

C:\Windows\System\CKojAik.exe

C:\Windows\System\MLbTspP.exe

C:\Windows\System\MLbTspP.exe

C:\Windows\System\ktyHxDl.exe

C:\Windows\System\ktyHxDl.exe

C:\Windows\System\inOYnTk.exe

C:\Windows\System\inOYnTk.exe

C:\Windows\System\KifZupI.exe

C:\Windows\System\KifZupI.exe

C:\Windows\System\cSGOXHQ.exe

C:\Windows\System\cSGOXHQ.exe

C:\Windows\System\jDXEIQM.exe

C:\Windows\System\jDXEIQM.exe

C:\Windows\System\pzOOpRX.exe

C:\Windows\System\pzOOpRX.exe

C:\Windows\System\cVjIsgg.exe

C:\Windows\System\cVjIsgg.exe

C:\Windows\System\aJzQOqk.exe

C:\Windows\System\aJzQOqk.exe

C:\Windows\System\MufgVXA.exe

C:\Windows\System\MufgVXA.exe

C:\Windows\System\hCHatpr.exe

C:\Windows\System\hCHatpr.exe

C:\Windows\System\yWcMnEr.exe

C:\Windows\System\yWcMnEr.exe

C:\Windows\System\SNTZqsa.exe

C:\Windows\System\SNTZqsa.exe

C:\Windows\System\LRISAWE.exe

C:\Windows\System\LRISAWE.exe

C:\Windows\System\DuNaeYS.exe

C:\Windows\System\DuNaeYS.exe

C:\Windows\System\ElAuOZY.exe

C:\Windows\System\ElAuOZY.exe

C:\Windows\System\yrApwTn.exe

C:\Windows\System\yrApwTn.exe

C:\Windows\System\CYTPqQS.exe

C:\Windows\System\CYTPqQS.exe

C:\Windows\System\YZzxtGC.exe

C:\Windows\System\YZzxtGC.exe

C:\Windows\System\ZmgxzHQ.exe

C:\Windows\System\ZmgxzHQ.exe

C:\Windows\System\qitTJsF.exe

C:\Windows\System\qitTJsF.exe

C:\Windows\System\ynRIHOX.exe

C:\Windows\System\ynRIHOX.exe

C:\Windows\System\wzVcrfy.exe

C:\Windows\System\wzVcrfy.exe

C:\Windows\System\uJkDkjk.exe

C:\Windows\System\uJkDkjk.exe

C:\Windows\System\oxFPgIX.exe

C:\Windows\System\oxFPgIX.exe

C:\Windows\System\kqrpTiZ.exe

C:\Windows\System\kqrpTiZ.exe

C:\Windows\System\mUwjahq.exe

C:\Windows\System\mUwjahq.exe

C:\Windows\System\BYagnxx.exe

C:\Windows\System\BYagnxx.exe

C:\Windows\System\GOEioRj.exe

C:\Windows\System\GOEioRj.exe

C:\Windows\System\iJuIWEP.exe

C:\Windows\System\iJuIWEP.exe

C:\Windows\System\pHtHLOT.exe

C:\Windows\System\pHtHLOT.exe

C:\Windows\System\pRKBdWK.exe

C:\Windows\System\pRKBdWK.exe

C:\Windows\System\uMVPEDq.exe

C:\Windows\System\uMVPEDq.exe

C:\Windows\System\tGZUBVS.exe

C:\Windows\System\tGZUBVS.exe

C:\Windows\System\jwjCWRR.exe

C:\Windows\System\jwjCWRR.exe

C:\Windows\System\BLzQpFn.exe

C:\Windows\System\BLzQpFn.exe

C:\Windows\System\EhuqhLq.exe

C:\Windows\System\EhuqhLq.exe

C:\Windows\System\LaGFPpv.exe

C:\Windows\System\LaGFPpv.exe

C:\Windows\System\ItHuAWD.exe

C:\Windows\System\ItHuAWD.exe

C:\Windows\System\wbdBJND.exe

C:\Windows\System\wbdBJND.exe

C:\Windows\System\DIjcerz.exe

C:\Windows\System\DIjcerz.exe

C:\Windows\System\lQtpToJ.exe

C:\Windows\System\lQtpToJ.exe

C:\Windows\System\wMTQCgv.exe

C:\Windows\System\wMTQCgv.exe

C:\Windows\System\Otxgtbe.exe

C:\Windows\System\Otxgtbe.exe

C:\Windows\System\noKjITf.exe

C:\Windows\System\noKjITf.exe

C:\Windows\System\wrybJeo.exe

C:\Windows\System\wrybJeo.exe

C:\Windows\System\kvJIdpa.exe

C:\Windows\System\kvJIdpa.exe

C:\Windows\System\qLdbNZO.exe

C:\Windows\System\qLdbNZO.exe

C:\Windows\System\jbZtpdt.exe

C:\Windows\System\jbZtpdt.exe

C:\Windows\System\mGEKbQJ.exe

C:\Windows\System\mGEKbQJ.exe

C:\Windows\System\vARldLQ.exe

C:\Windows\System\vARldLQ.exe

C:\Windows\System\NWCpqwa.exe

C:\Windows\System\NWCpqwa.exe

C:\Windows\System\daHctWh.exe

C:\Windows\System\daHctWh.exe

C:\Windows\System\YIeVnxJ.exe

C:\Windows\System\YIeVnxJ.exe

C:\Windows\System\yChrfHs.exe

C:\Windows\System\yChrfHs.exe

C:\Windows\System\yDZdQeC.exe

C:\Windows\System\yDZdQeC.exe

C:\Windows\System\nwLINVV.exe

C:\Windows\System\nwLINVV.exe

C:\Windows\System\PTmqlLO.exe

C:\Windows\System\PTmqlLO.exe

C:\Windows\System\sEWMYLo.exe

C:\Windows\System\sEWMYLo.exe

C:\Windows\System\hSANLjH.exe

C:\Windows\System\hSANLjH.exe

C:\Windows\System\fgTTlwT.exe

C:\Windows\System\fgTTlwT.exe

C:\Windows\System\yAkMUqX.exe

C:\Windows\System\yAkMUqX.exe

C:\Windows\System\vIoihrW.exe

C:\Windows\System\vIoihrW.exe

C:\Windows\System\TJlrdea.exe

C:\Windows\System\TJlrdea.exe

C:\Windows\System\eIeuEft.exe

C:\Windows\System\eIeuEft.exe

C:\Windows\System\FotPsNM.exe

C:\Windows\System\FotPsNM.exe

C:\Windows\System\XMtEduT.exe

C:\Windows\System\XMtEduT.exe

C:\Windows\System\ClWNPlq.exe

C:\Windows\System\ClWNPlq.exe

C:\Windows\System\kmEVEIh.exe

C:\Windows\System\kmEVEIh.exe

C:\Windows\System\IqrjwhU.exe

C:\Windows\System\IqrjwhU.exe

C:\Windows\System\DONsooj.exe

C:\Windows\System\DONsooj.exe

C:\Windows\System\yZfrSRC.exe

C:\Windows\System\yZfrSRC.exe

C:\Windows\System\EaljfBk.exe

C:\Windows\System\EaljfBk.exe

C:\Windows\System\OAuRKGA.exe

C:\Windows\System\OAuRKGA.exe

C:\Windows\System\haqThYG.exe

C:\Windows\System\haqThYG.exe

C:\Windows\System\khNsZBv.exe

C:\Windows\System\khNsZBv.exe

C:\Windows\System\GGBwxfP.exe

C:\Windows\System\GGBwxfP.exe

C:\Windows\System\CXAHNTc.exe

C:\Windows\System\CXAHNTc.exe

C:\Windows\System\wRskqdT.exe

C:\Windows\System\wRskqdT.exe

C:\Windows\System\XIZqDXz.exe

C:\Windows\System\XIZqDXz.exe

C:\Windows\System\NUZbIba.exe

C:\Windows\System\NUZbIba.exe

C:\Windows\System\cIsJeuP.exe

C:\Windows\System\cIsJeuP.exe

C:\Windows\System\iVFUVGZ.exe

C:\Windows\System\iVFUVGZ.exe

C:\Windows\System\eGehuWx.exe

C:\Windows\System\eGehuWx.exe

C:\Windows\System\jBCVgOt.exe

C:\Windows\System\jBCVgOt.exe

C:\Windows\System\BUURzGf.exe

C:\Windows\System\BUURzGf.exe

C:\Windows\System\QXHrNSG.exe

C:\Windows\System\QXHrNSG.exe

C:\Windows\System\ejnFxKK.exe

C:\Windows\System\ejnFxKK.exe

C:\Windows\System\UHpPAqa.exe

C:\Windows\System\UHpPAqa.exe

C:\Windows\System\ULlKifk.exe

C:\Windows\System\ULlKifk.exe

C:\Windows\System\vOBizYP.exe

C:\Windows\System\vOBizYP.exe

C:\Windows\System\ADBEufi.exe

C:\Windows\System\ADBEufi.exe

C:\Windows\System\ccuhSiN.exe

C:\Windows\System\ccuhSiN.exe

C:\Windows\System\pxDESGE.exe

C:\Windows\System\pxDESGE.exe

C:\Windows\System\qXPScDX.exe

C:\Windows\System\qXPScDX.exe

C:\Windows\System\wiVHaRL.exe

C:\Windows\System\wiVHaRL.exe

C:\Windows\System\qaRjDLN.exe

C:\Windows\System\qaRjDLN.exe

C:\Windows\System\auJuQeo.exe

C:\Windows\System\auJuQeo.exe

C:\Windows\System\RJajqxp.exe

C:\Windows\System\RJajqxp.exe

C:\Windows\System\NJNwDlZ.exe

C:\Windows\System\NJNwDlZ.exe

C:\Windows\System\pBgiIdH.exe

C:\Windows\System\pBgiIdH.exe

C:\Windows\System\javBjbE.exe

C:\Windows\System\javBjbE.exe

C:\Windows\System\INqofwF.exe

C:\Windows\System\INqofwF.exe

C:\Windows\System\IqNAuQi.exe

C:\Windows\System\IqNAuQi.exe

C:\Windows\System\uRAqpmr.exe

C:\Windows\System\uRAqpmr.exe

C:\Windows\System\kOVrKRd.exe

C:\Windows\System\kOVrKRd.exe

C:\Windows\System\gCLUexR.exe

C:\Windows\System\gCLUexR.exe

C:\Windows\System\wJnlzJs.exe

C:\Windows\System\wJnlzJs.exe

C:\Windows\System\qIagABr.exe

C:\Windows\System\qIagABr.exe

C:\Windows\System\DMGhTzI.exe

C:\Windows\System\DMGhTzI.exe

C:\Windows\System\Vxnupan.exe

C:\Windows\System\Vxnupan.exe

C:\Windows\System\JsQJaSs.exe

C:\Windows\System\JsQJaSs.exe

C:\Windows\System\YBfVlXK.exe

C:\Windows\System\YBfVlXK.exe

C:\Windows\System\gBqGLKZ.exe

C:\Windows\System\gBqGLKZ.exe

C:\Windows\System\TNLpzgo.exe

C:\Windows\System\TNLpzgo.exe

C:\Windows\System\rNTCiez.exe

C:\Windows\System\rNTCiez.exe

C:\Windows\System\AlQPzBS.exe

C:\Windows\System\AlQPzBS.exe

C:\Windows\System\SmPwyQC.exe

C:\Windows\System\SmPwyQC.exe

C:\Windows\System\sgAkopm.exe

C:\Windows\System\sgAkopm.exe

C:\Windows\System\Mxwbymk.exe

C:\Windows\System\Mxwbymk.exe

C:\Windows\System\jRuIpYb.exe

C:\Windows\System\jRuIpYb.exe

C:\Windows\System\soEfLpe.exe

C:\Windows\System\soEfLpe.exe

C:\Windows\System\FkMKlhM.exe

C:\Windows\System\FkMKlhM.exe

C:\Windows\System\qiLuxwz.exe

C:\Windows\System\qiLuxwz.exe

C:\Windows\System\tIDIsUs.exe

C:\Windows\System\tIDIsUs.exe

C:\Windows\System\kjwAmnT.exe

C:\Windows\System\kjwAmnT.exe

C:\Windows\System\NPkNAEK.exe

C:\Windows\System\NPkNAEK.exe

C:\Windows\System\CcCwPny.exe

C:\Windows\System\CcCwPny.exe

C:\Windows\System\eLAXONe.exe

C:\Windows\System\eLAXONe.exe

C:\Windows\System\WCXXoeY.exe

C:\Windows\System\WCXXoeY.exe

C:\Windows\System\CyHhrOA.exe

C:\Windows\System\CyHhrOA.exe

C:\Windows\System\vLAIztj.exe

C:\Windows\System\vLAIztj.exe

C:\Windows\System\PCRByGY.exe

C:\Windows\System\PCRByGY.exe

C:\Windows\System\OTxJMNf.exe

C:\Windows\System\OTxJMNf.exe

C:\Windows\System\hPZQtkD.exe

C:\Windows\System\hPZQtkD.exe

C:\Windows\System\QkHKlxO.exe

C:\Windows\System\QkHKlxO.exe

C:\Windows\System\XiEtEtc.exe

C:\Windows\System\XiEtEtc.exe

C:\Windows\System\DylkQEB.exe

C:\Windows\System\DylkQEB.exe

C:\Windows\System\wigNlYf.exe

C:\Windows\System\wigNlYf.exe

C:\Windows\System\MqAjKhn.exe

C:\Windows\System\MqAjKhn.exe

C:\Windows\System\YMWnFEW.exe

C:\Windows\System\YMWnFEW.exe

C:\Windows\System\CnjwwfM.exe

C:\Windows\System\CnjwwfM.exe

C:\Windows\System\QDpCArz.exe

C:\Windows\System\QDpCArz.exe

C:\Windows\System\IHBMcnY.exe

C:\Windows\System\IHBMcnY.exe

C:\Windows\System\IfzcnGp.exe

C:\Windows\System\IfzcnGp.exe

C:\Windows\System\NUoLfjy.exe

C:\Windows\System\NUoLfjy.exe

C:\Windows\System\wSCJGMp.exe

C:\Windows\System\wSCJGMp.exe

C:\Windows\System\wkyNvVe.exe

C:\Windows\System\wkyNvVe.exe

C:\Windows\System\MleNoir.exe

C:\Windows\System\MleNoir.exe

C:\Windows\System\OyRRFLS.exe

C:\Windows\System\OyRRFLS.exe

C:\Windows\System\dBHtpqV.exe

C:\Windows\System\dBHtpqV.exe

C:\Windows\System\aJiwGvk.exe

C:\Windows\System\aJiwGvk.exe

C:\Windows\System\QMnGVlU.exe

C:\Windows\System\QMnGVlU.exe

C:\Windows\System\qATUSKY.exe

C:\Windows\System\qATUSKY.exe

C:\Windows\System\egJfANm.exe

C:\Windows\System\egJfANm.exe

C:\Windows\System\UzJKUKM.exe

C:\Windows\System\UzJKUKM.exe

C:\Windows\System\NRUNFCY.exe

C:\Windows\System\NRUNFCY.exe

C:\Windows\System\kgaYmjh.exe

C:\Windows\System\kgaYmjh.exe

C:\Windows\System\QKDIAwm.exe

C:\Windows\System\QKDIAwm.exe

C:\Windows\System\aLUHwau.exe

C:\Windows\System\aLUHwau.exe

C:\Windows\System\oqjeNzX.exe

C:\Windows\System\oqjeNzX.exe

C:\Windows\System\VneOABv.exe

C:\Windows\System\VneOABv.exe

C:\Windows\System\CCoIPaX.exe

C:\Windows\System\CCoIPaX.exe

C:\Windows\System\qOSPNBa.exe

C:\Windows\System\qOSPNBa.exe

C:\Windows\System\tZFTtcz.exe

C:\Windows\System\tZFTtcz.exe

C:\Windows\System\zciNiOp.exe

C:\Windows\System\zciNiOp.exe

C:\Windows\System\JrXmMBy.exe

C:\Windows\System\JrXmMBy.exe

C:\Windows\System\mpJEvQG.exe

C:\Windows\System\mpJEvQG.exe

C:\Windows\System\dbucDGK.exe

C:\Windows\System\dbucDGK.exe

C:\Windows\System\CoXWjPn.exe

C:\Windows\System\CoXWjPn.exe

C:\Windows\System\iAXlyFM.exe

C:\Windows\System\iAXlyFM.exe

C:\Windows\System\Kjjebsd.exe

C:\Windows\System\Kjjebsd.exe

C:\Windows\System\wzeuMFx.exe

C:\Windows\System\wzeuMFx.exe

C:\Windows\System\oLjxcQI.exe

C:\Windows\System\oLjxcQI.exe

C:\Windows\System\SmzbNos.exe

C:\Windows\System\SmzbNos.exe

C:\Windows\System\ylqCfij.exe

C:\Windows\System\ylqCfij.exe

C:\Windows\System\dVKQrxK.exe

C:\Windows\System\dVKQrxK.exe

C:\Windows\System\kjccMqP.exe

C:\Windows\System\kjccMqP.exe

C:\Windows\System\BhkGusE.exe

C:\Windows\System\BhkGusE.exe

C:\Windows\System\NaKJNBf.exe

C:\Windows\System\NaKJNBf.exe

C:\Windows\System\SgELlOl.exe

C:\Windows\System\SgELlOl.exe

C:\Windows\System\pqFFXPm.exe

C:\Windows\System\pqFFXPm.exe

C:\Windows\System\PnYXXeD.exe

C:\Windows\System\PnYXXeD.exe

C:\Windows\System\QXOjKIw.exe

C:\Windows\System\QXOjKIw.exe

C:\Windows\System\HUzGYeO.exe

C:\Windows\System\HUzGYeO.exe

C:\Windows\System\jtCVxRP.exe

C:\Windows\System\jtCVxRP.exe

C:\Windows\System\bxKxvVO.exe

C:\Windows\System\bxKxvVO.exe

C:\Windows\System\kHsSSFm.exe

C:\Windows\System\kHsSSFm.exe

C:\Windows\System\JsmHbbS.exe

C:\Windows\System\JsmHbbS.exe

C:\Windows\System\oAJryFM.exe

C:\Windows\System\oAJryFM.exe

C:\Windows\System\XwyHRxt.exe

C:\Windows\System\XwyHRxt.exe

C:\Windows\System\jHebqLz.exe

C:\Windows\System\jHebqLz.exe

C:\Windows\System\NAiovXW.exe

C:\Windows\System\NAiovXW.exe

C:\Windows\System\FgdRQUy.exe

C:\Windows\System\FgdRQUy.exe

C:\Windows\System\hfBMvRq.exe

C:\Windows\System\hfBMvRq.exe

C:\Windows\System\QKXjhNt.exe

C:\Windows\System\QKXjhNt.exe

C:\Windows\System\QHuOhbc.exe

C:\Windows\System\QHuOhbc.exe

C:\Windows\System\xiVeKeh.exe

C:\Windows\System\xiVeKeh.exe

C:\Windows\System\IROHCwe.exe

C:\Windows\System\IROHCwe.exe

C:\Windows\System\cvTzYKz.exe

C:\Windows\System\cvTzYKz.exe

C:\Windows\System\nsWPLtf.exe

C:\Windows\System\nsWPLtf.exe

C:\Windows\System\OtkHjrY.exe

C:\Windows\System\OtkHjrY.exe

C:\Windows\System\emycxXB.exe

C:\Windows\System\emycxXB.exe

C:\Windows\System\gdwZNGy.exe

C:\Windows\System\gdwZNGy.exe

C:\Windows\System\JqMMdgj.exe

C:\Windows\System\JqMMdgj.exe

C:\Windows\System\vUPsXAv.exe

C:\Windows\System\vUPsXAv.exe

C:\Windows\System\WvIuVSQ.exe

C:\Windows\System\WvIuVSQ.exe

C:\Windows\System\wWSWNKa.exe

C:\Windows\System\wWSWNKa.exe

C:\Windows\System\oTXAtuf.exe

C:\Windows\System\oTXAtuf.exe

C:\Windows\System\dFsXEWD.exe

C:\Windows\System\dFsXEWD.exe

C:\Windows\System\YGzuEwi.exe

C:\Windows\System\YGzuEwi.exe

C:\Windows\System\OcUxswi.exe

C:\Windows\System\OcUxswi.exe

C:\Windows\System\HEypVUz.exe

C:\Windows\System\HEypVUz.exe

C:\Windows\System\jzcsWEo.exe

C:\Windows\System\jzcsWEo.exe

C:\Windows\System\iOwaUmQ.exe

C:\Windows\System\iOwaUmQ.exe

C:\Windows\System\zghAHSZ.exe

C:\Windows\System\zghAHSZ.exe

C:\Windows\System\xGGQKwv.exe

C:\Windows\System\xGGQKwv.exe

C:\Windows\System\vORDbbH.exe

C:\Windows\System\vORDbbH.exe

C:\Windows\System\YylYltL.exe

C:\Windows\System\YylYltL.exe

C:\Windows\System\wCnwUtN.exe

C:\Windows\System\wCnwUtN.exe

C:\Windows\System\FbtCxMJ.exe

C:\Windows\System\FbtCxMJ.exe

C:\Windows\System\QsOmsBZ.exe

C:\Windows\System\QsOmsBZ.exe

C:\Windows\System\viktSht.exe

C:\Windows\System\viktSht.exe

C:\Windows\System\TImkXpG.exe

C:\Windows\System\TImkXpG.exe

C:\Windows\System\eRKMFzi.exe

C:\Windows\System\eRKMFzi.exe

C:\Windows\System\ELtSdHj.exe

C:\Windows\System\ELtSdHj.exe

C:\Windows\System\SwKjZmq.exe

C:\Windows\System\SwKjZmq.exe

C:\Windows\System\wgEYwRn.exe

C:\Windows\System\wgEYwRn.exe

C:\Windows\System\gOSkyGA.exe

C:\Windows\System\gOSkyGA.exe

C:\Windows\System\AhWTUNR.exe

C:\Windows\System\AhWTUNR.exe

C:\Windows\System\fHibrDD.exe

C:\Windows\System\fHibrDD.exe

C:\Windows\System\sdxuIjM.exe

C:\Windows\System\sdxuIjM.exe

C:\Windows\System\xEelraZ.exe

C:\Windows\System\xEelraZ.exe

C:\Windows\System\aXmGIkH.exe

C:\Windows\System\aXmGIkH.exe

C:\Windows\System\HHfjXDJ.exe

C:\Windows\System\HHfjXDJ.exe

C:\Windows\System\MzIhyDW.exe

C:\Windows\System\MzIhyDW.exe

C:\Windows\System\UbhBpgM.exe

C:\Windows\System\UbhBpgM.exe

C:\Windows\System\MMKIAgr.exe

C:\Windows\System\MMKIAgr.exe

C:\Windows\System\cxQrDng.exe

C:\Windows\System\cxQrDng.exe

C:\Windows\System\FCcLxDM.exe

C:\Windows\System\FCcLxDM.exe

C:\Windows\System\svrFczH.exe

C:\Windows\System\svrFczH.exe

C:\Windows\System\riqCSgu.exe

C:\Windows\System\riqCSgu.exe

C:\Windows\System\relVyxz.exe

C:\Windows\System\relVyxz.exe

C:\Windows\System\AZCIPhH.exe

C:\Windows\System\AZCIPhH.exe

C:\Windows\System\WcYAUdh.exe

C:\Windows\System\WcYAUdh.exe

C:\Windows\System\cfcFzWn.exe

C:\Windows\System\cfcFzWn.exe

C:\Windows\System\vVWCuIU.exe

C:\Windows\System\vVWCuIU.exe

C:\Windows\System\DuhbFAt.exe

C:\Windows\System\DuhbFAt.exe

C:\Windows\System\UNBoKJU.exe

C:\Windows\System\UNBoKJU.exe

C:\Windows\System\FeTlErG.exe

C:\Windows\System\FeTlErG.exe

C:\Windows\System\JpYxNDt.exe

C:\Windows\System\JpYxNDt.exe

C:\Windows\System\rvHNWOF.exe

C:\Windows\System\rvHNWOF.exe

C:\Windows\System\gXRGXYu.exe

C:\Windows\System\gXRGXYu.exe

C:\Windows\System\wswJark.exe

C:\Windows\System\wswJark.exe

C:\Windows\System\ikCIRes.exe

C:\Windows\System\ikCIRes.exe

C:\Windows\System\TmCetRL.exe

C:\Windows\System\TmCetRL.exe

C:\Windows\System\OkiXGJe.exe

C:\Windows\System\OkiXGJe.exe

C:\Windows\System\SbPwJZe.exe

C:\Windows\System\SbPwJZe.exe

C:\Windows\System\yNXbqCa.exe

C:\Windows\System\yNXbqCa.exe

C:\Windows\System\KgkQiRe.exe

C:\Windows\System\KgkQiRe.exe

C:\Windows\System\EDHtcum.exe

C:\Windows\System\EDHtcum.exe

C:\Windows\System\EEmGzzE.exe

C:\Windows\System\EEmGzzE.exe

C:\Windows\System\EjSCkws.exe

C:\Windows\System\EjSCkws.exe

C:\Windows\System\zeOFoad.exe

C:\Windows\System\zeOFoad.exe

C:\Windows\System\bQQbolG.exe

C:\Windows\System\bQQbolG.exe

C:\Windows\System\LHOYGBt.exe

C:\Windows\System\LHOYGBt.exe

C:\Windows\System\OaLxGwB.exe

C:\Windows\System\OaLxGwB.exe

C:\Windows\System\hKrGADh.exe

C:\Windows\System\hKrGADh.exe

C:\Windows\System\ospOOdJ.exe

C:\Windows\System\ospOOdJ.exe

C:\Windows\System\ccgWIdO.exe

C:\Windows\System\ccgWIdO.exe

C:\Windows\System\UtoWwYY.exe

C:\Windows\System\UtoWwYY.exe

C:\Windows\System\LViWgqN.exe

C:\Windows\System\LViWgqN.exe

C:\Windows\System\MStctzV.exe

C:\Windows\System\MStctzV.exe

C:\Windows\System\HWLpuYF.exe

C:\Windows\System\HWLpuYF.exe

C:\Windows\System\mXgtOaO.exe

C:\Windows\System\mXgtOaO.exe

C:\Windows\System\OufTqTO.exe

C:\Windows\System\OufTqTO.exe

C:\Windows\System\UAeHCRY.exe

C:\Windows\System\UAeHCRY.exe

C:\Windows\System\MuJydtu.exe

C:\Windows\System\MuJydtu.exe

C:\Windows\System\cAbXFCe.exe

C:\Windows\System\cAbXFCe.exe

C:\Windows\System\MiHhNzn.exe

C:\Windows\System\MiHhNzn.exe

C:\Windows\System\KKctJLw.exe

C:\Windows\System\KKctJLw.exe

C:\Windows\System\KLiDxSa.exe

C:\Windows\System\KLiDxSa.exe

C:\Windows\System\BxQvECB.exe

C:\Windows\System\BxQvECB.exe

C:\Windows\System\FOPVDEx.exe

C:\Windows\System\FOPVDEx.exe

C:\Windows\System\rBeUloo.exe

C:\Windows\System\rBeUloo.exe

C:\Windows\System\UjcoIvp.exe

C:\Windows\System\UjcoIvp.exe

C:\Windows\System\mZCCjms.exe

C:\Windows\System\mZCCjms.exe

C:\Windows\System\jJoSPyM.exe

C:\Windows\System\jJoSPyM.exe

C:\Windows\System\hZHpQHU.exe

C:\Windows\System\hZHpQHU.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 155.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 168.83.221.88.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

memory/4684-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\WRKZmZH.exe

MD5 fe87a215a9e6abb18bad1186dfaa499c
SHA1 e9ade46189c35357438c7882ee532379d6f26b84
SHA256 eb4ea563bbde7f3a58ae8b960fb6a0afea8d93c183a11e14b40d0459182aae82
SHA512 8368563d410bbd9ca5883005f15cd989a71581cd15fd048ed1057ba639f1ed15ad8d1cfdfdcd19fa3199f36cfaf690cf1034b3da2e61234943214e1b72996e23

C:\Windows\System\QVpXohT.exe

MD5 8aed680a2d7a42394199109fe6d88435
SHA1 fd68db37b4dddc2972cd80035df6a9873da9bc25
SHA256 b0076911b4be966e36ebf095f0f5bfdd06c3bd4f31501b90c0eb3b0cb49c9d29
SHA512 695f400f303975618aa30aca723d54dfd5901e7613ec59b9653ee1cb911bb60bb09286ba29cfb223a0c231349bd0a037ef0bde1c11a72c509c2070951cbb791c

C:\Windows\System\lvaXYXa.exe

MD5 859a5764548f555778e19d8873ac9b15
SHA1 0dd51e6f69850c27aa665d765954e37201f73a82
SHA256 fa0d3c486b63d7ac1f9c7771286aa98c5d5fce1413c07909c2b751cc6f9b644d
SHA512 43f1d3a013c89c5b2634345977c1c35e4f114220d438af2084dd191f8adc92a63f9642b920d8e71a81b2090c5705fc0000a9baefeb000cc068477c514790b35c

C:\Windows\System\ccDfgRG.exe

MD5 8f0238b9843c6b50474845c53b8a2247
SHA1 92fca74314f54a07759db75bf80a445426fce121
SHA256 3fa948a75d94b529440b9a98f9da57da4b1bc8fc6f612e10ff7d90ac4a0a43f9
SHA512 fd70cab0e0d426d87a424d2e33b326adbaa5dd12fc9ca4fb6f4b9e4c530a42720f8dc287974d87cc262f32cc3b0ad9d25d61283894b90f9d3c7fef6a5c691348

C:\Windows\System\RUyGcIS.exe

MD5 691fddda4f750e789fe8f88325e7d7d6
SHA1 3f575c510f2c405240680edb7aa24946e4719047
SHA256 5bd1d9685264ee130784c9c7b07cdefa426f922e4738784a8c431504f22d3716
SHA512 9eb19ff49575c23f342701523dc14d4f23ad8bf352556908a5bb7b73419d7346777c4888ea437bcc49f4126ef6997b5cd9ebe249b2da7fd7971dc58f70dd5e88

C:\Windows\System\KWwDmpK.exe

MD5 c57c757fb02e5cebbfb96ca8fce7b692
SHA1 a6bdc1c06e5fc085f1a49d55a24eb090f284edad
SHA256 94ca875e2737be3b91c929928acbe6d2d3874be4bf99482ba1c7c8deb06d6bda
SHA512 4aeec06ce529c97a1f529d8581420ee648659e26351a9d1674f283556ff79377d63c67ef53736fabe86e198ffc4645e8ba3e33b2ccc5a7e403bf41e97cd42e23

C:\Windows\System\HPQyykT.exe

MD5 b9780ae93b5934f03e24a5511a53cb53
SHA1 370bb5dc3c1af71313fd8e6f0a1ec775db8bd455
SHA256 f2fbe901b0524a520592acc8a284c4123a632f9a21496cf8aa6cf9a24ad01651
SHA512 31d1a194022fb1af686b9f6173a59b0e62b48bcac9ff4fe7b3e2cbcd866fd33ee3306e1ba0ae6fe66ad8eb6c22da4e186bac6e428e7499dc67d2ed02e879a309

C:\Windows\System\NLeARlU.exe

MD5 571139b14cb5809b76ec252a34918025
SHA1 d71822b2896c250bc0f3a5401c13b82338166719
SHA256 41ae6534617da81bd7e9bac944d141c9315d020538198776e22868d2430b550e
SHA512 f3c4b8717216691054663704986acfeb07b8683ed958e3e258982cd020fb0748a3d71ef88cc9f95d53bf9031b1121a3a3646b57f74d2c8b22695e0c45c313d3b

C:\Windows\System\lcwYice.exe

MD5 6b62ded112d33453c58c0a787358b671
SHA1 d09b731620b2a5765a9b5f084627ac8446105a0e
SHA256 df3dd9ac9cf7f10af629b9e90b1ae91ae0a87d711d07dce8d86f93709941a896
SHA512 44a5ca31e4e08248facb5b736fed8b0446ed114f463492ed1ba9b2a1a50904766546b083f04935221cac88d8e768e66f559de4350b386702dead5ed6535cf584

C:\Windows\System\YcrEKGB.exe

MD5 cecce868ff1a802119941e0a51effe40
SHA1 876262338fca4e9e93d3a79751a396416972fca8
SHA256 29ee4d87e480de767c8613abeb35439c7bd64dc6dc48153ab452fac8dbc7fa8b
SHA512 3ced6539aace7ce874a553cec970ee7516bedce5c591e330078ec299032f88c2a3437e77dc5413c85d2d93ec6714ce224779030e58090a89b7724179e4cd316e

C:\Windows\System\RQOCtBN.exe

MD5 96fcdb9126211e83d91ad6d8bfd7cde1
SHA1 5ea36a5942c0d451c1c52dc8c8f6dcab2ba963c4
SHA256 df035c7a23e9a5d37a1cad3a7309579dda2655aa878e85a3f1d48e60017d1e82
SHA512 4bc74b40dbe174e7da322f15e6781047ca8a705ccf1177ec06255b4c56ad0cae5f48c47d3c43792348901869227811e6e10030ece77f2b378ed72d52c6b2ad50

C:\Windows\System\ugBzJBO.exe

MD5 027690edd95da1b9337b08a3bfa67b32
SHA1 7054be205e57e7463e535de9306da5a283ec6927
SHA256 046886eb66550f38354ac1b316ec2b6bf9e9d5c75045796a44d5e100eae1798a
SHA512 a10bee10e640ef7f68627fd9b36924068b975caa947f2723cb6117f6b5e65a9cbcde145baff96bb9719651d17b5e4d734e38ffd3a2d8d35b717cf9046fd4ac34

C:\Windows\System\ZtApqjX.exe

MD5 58cde3ca307909574ea9624896d411bc
SHA1 2ebb633b0154798487077205bdad48f9e9bcd0b8
SHA256 e532ee2559e0346295f403c52520b3bc837b3476cf9db09f65606ae127a09f7c
SHA512 53ee30bb8f436108355dd4e04fa8879562cbd22c7839f85ddd83f6693f7ed90e7144314d8dc81fa6789893f2e8c5541003cba4218d53891ed73cf9e7bae67283

C:\Windows\System\oKaMseC.exe

MD5 10186c5482ce9d04b6a2e93932e6e29f
SHA1 bf4c71edab614d0be2af6aefa6515b602ad99fc3
SHA256 6750bb29ef272236ec5e715fa63576647ba046863a53ec8bc006ff71b86cf0b4
SHA512 69f279d366e043bcf96218bb75fe0c16436760cd0652c5dd656d4f9eb7431711daf9a9576fef43a913f2e97d7139de34bc635c2570f28cff7add99fcd97d14ff

C:\Windows\System\qQxmaQE.exe

MD5 4d7019275ea48043ab078021878e3abf
SHA1 1e0a732ecbb98dd0effb33d3fbb3fa8363df9708
SHA256 d8b0b30dcb4122d7e9634c5775206596675d35351a7cf69d4dcc682db4538004
SHA512 59203c11c993cf4dd9f90468f98989c72a791b4ab6c6fbfa83b597303fe8be7b2ed77b37998dec1a53b021734b2851a9696e1b8af386cbc3968cb7e94af582b8

C:\Windows\System\IiKOvIr.exe

MD5 da1b92d17f5ed8e7b0a03c4be784994e
SHA1 f07c02e6712ab4de4d6b6554fe9f00cb037eb79b
SHA256 ebc87fd57810d2fb3d96de57b0dc5c2d80d191eac55949628b5aee3a02a58919
SHA512 82adae66c9a3981ec5d2dfcbbded32727eb305ef052a7df93b7713805788d31df1afb84a7e876c199a46fc5617691fd258f7acb627a187d0da8ffa9973516fd3

C:\Windows\System\LhOPmLY.exe

MD5 70f436820372ee6c770209bdbae57bc1
SHA1 0471b12d923ddfb28b4fe8f2a9162999932acfa4
SHA256 25cd672cc4656c64cf363aaa873496ca03d7cef22b04f8869e7404ff7d372ab4
SHA512 4ac7cd3a617400425d5f9887425d2bd0490c25d9cb19ecca1ddc10ccb85905b01ca7782b41d15673630b4008a92c2a239fccc2347f48f3983ec9b5d5d9856a7d

C:\Windows\System\xJpuJic.exe

MD5 f478e2fbd067049547222a019116f752
SHA1 4624c2fd47e11d5981a0e2d76279323fe2d539a4
SHA256 db45e3a99fcd0147c5c67df592fad4f25a68560b1aaf762ea3e6ed8a70e37c3d
SHA512 484ff6a2aa99cea1b8e3aba20bbbf152eda5f05d50e187e6ee6ca86b35938a57d6caa6e1636006cd50cc972518f83e29347317b13b1d11cdcd14ab11f0fbf4f7

C:\Windows\System\wCUyqfh.exe

MD5 d54a450987e765d652ab50846f24af8d
SHA1 ddbca99ded3fc41291e5291a47d0169d14dd1136
SHA256 666a8cba1f582d2a3604d4a0996cf9330eadc3913ca2d70c3a2fb630f90a88d8
SHA512 fe9ee91a7b863fdbb81287f911b8dd80da465170b8b502a1745e724823b05a7c6350ffc6d4a5a447a30c943d1220254e09519a620c480bf0a447bd808150d719

C:\Windows\System\XiSdFqS.exe

MD5 379d201007ee9065b1ee6f7ba2047eef
SHA1 a91c192e746bdc8ec247b19b486135b7bc639370
SHA256 465e258d5ef823fab5ba24059dbbf32d13cda898bdd77f268090ff0f089b7bb0
SHA512 36e906f79ec5dd104d5998d83ad788d0f756d3f0171e50992de7416ea6d356ddac30282a4beb7b75cbdfff1b273cca2d8fa9e7144cc541c67c8613efe37d5c6f

C:\Windows\System\LQhNgTf.exe

MD5 0dec5bc0985658a4f12942109fff042f
SHA1 12bb92ef07f634d629ce549e462e78181ad368a0
SHA256 4c39ca944921a1e0449646b443da7aa0f72a32c2d5fab496b56c905c9612b7a0
SHA512 1db41d39d48e818fd4955a3c8115365b97e12ee8b614ef4cd17b3326f6a00eab0363f0d523691feb6270c6ca945f870f4db1153c4946c7648845221bb786b27d

C:\Windows\System\XIJnvFX.exe

MD5 fa764813095a30e6384245f4a0c3a4ce
SHA1 17e0b931b3c19e2f0f51566ca9652641ec34ae90
SHA256 99f0890f0bc2b6ce011c924d9c6904e3e7f5bffa6208f6aca0774b89f2932f70
SHA512 58abee5ebb2916a1df800cfaedbf18c6b7a7042cbe88daf308a49e8757b9399aa86c6d3b0740ae3d3c30b904ca8b70a420dea51a2fa81ac8d282066bb67a8098

C:\Windows\System\FYPqHQf.exe

MD5 7a58e9957c59af3d230c42fc0ab2283c
SHA1 1e40ac5cdb910dd70a95c3a5ebe9d990952f00d5
SHA256 30d0aa529d4950d99739c253c5a0854df43617bd30722283defb6d4267221dba
SHA512 2ddb815a5300ab6fb54c7384750b90e2a79b12d449ed61eb66db5d516b8e49464a3b9c60892055cba331d99474339e5ddfe2d483d5bda765b986ef14ca714b38

C:\Windows\System\AtjYllt.exe

MD5 10247ad529565f47f418df6a066e6dac
SHA1 6548040a3dfbc30700148f4f21ceaf0719e9d6de
SHA256 e592f5154c98b3bfa456abec985f0f813ba951377c25cc5ce00356c388e7fc0d
SHA512 e0decce255a03fb17ec22941e4aae8fe5c244c758810b8753dd7a3f9b186a38a26311111b959550e322a33248991e865193f972eedf3e171063edbce40ef703d

C:\Windows\System\pGyqAdl.exe

MD5 0225110c0a0f613ad09feea475655d71
SHA1 7f30038245fcdc5d333ce962415704d9c9be53a3
SHA256 25b8496ccd5ebc7b68e29b4eb055f6fffe7e99b15dd2d8c5014892e4c04e93ba
SHA512 142f09f97436a586d08e0754ec03717d03f9b7fb4bb4a24cff4deabc3347eff597752d0880366e1f23074a4e2c61bccf5884882259e29d651b9636cac11a5b40

C:\Windows\System\LAnSvbf.exe

MD5 a6fb7a2ed01d3a58173f6d974bae112c
SHA1 37bd68c063f613d8f34ef6b95e10f6f4bc722152
SHA256 dc521ad70eceef52e4145ad0a4abcac2d588fde1b89c30c468c5fd22d3177a3a
SHA512 7ca031acfcfc9761605f8622235c9eee3949921171172799a98de6572e5757fe8fc77f9b9a50e1e313e98496074f46958a4480acfacacc85f1ff98fd48c17c70

C:\Windows\System\IfYSlBq.exe

MD5 0c41d36c987439bf9984735bea806344
SHA1 cd4457717f8cf1d23682603182c5d94ccab222d8
SHA256 13c9200b56651366f7402006b65f450e13e202690369ef25eb012819f6ea13f3
SHA512 42e8efb6a2eda72e24932027feff5d461efc308b7d49dcc5c17b8acc3e74e50eda52e52290632c57f932ba4bac6eea8ecfe522a0a094a9558d5361d9c194e0c6

C:\Windows\System\HNlcqxt.exe

MD5 6229a59617244c4937f3d25a187fc9a6
SHA1 76084379617a3321bc7d0fa55a6fedb7ef2c1f75
SHA256 4bb30c4bf38286cf716438ad67602324231f1965ce161f12f06c8b5df4bc9c20
SHA512 99b1ecddc8f6502d3fcae9f928af7cd7967173045b9903eb993c69984b449b56de72644623076be8686afedfac71d2bcf93f468fb7ecc09c7d2bd4319af15441

C:\Windows\System\UtKUObV.exe

MD5 36a2c640b39c7c2edd4738a591c5f555
SHA1 fe798f1024a9e65480885adbc61a0543f612d84e
SHA256 0c8227f3bb1400bf70e5a44b143fd42187bf4b0ca3f911ea7e57d6ba3e91bb71
SHA512 999e578ff56e69e23c9e83d0faee5bcb10c1b5eb201d87cee35f72fdc07f7fcc7e9eab22aa6cabe7dfe2dbcbe6667aa2dde6ef1d01bb6b254ac58f8c06ad3eea

C:\Windows\System\hicdUAM.exe

MD5 c0ede52ae98c5d665affbded7522005a
SHA1 169238c65d11db0f67551d8bc1a7f6f14b010513
SHA256 f68f63e341404c973171ad66544e59dda88028e991742858b4c2455babdd736e
SHA512 11af90e42fd6459fc1172467d45274a83340314b23d3777fdca5aaced93c9780ed48df51a1c63c39b21bb995899125fbaa4ae7e4a8fdfb2ffff271274ac5caa6

C:\Windows\System\nYwjMHR.exe

MD5 26d053c1bb17523703ce5d0d4d39545b
SHA1 56af11833d068693a618af98e09b985e21656ccc
SHA256 6697faa0165f488e67ad9d50d3fcf80269608102a05b086ff3ab133983f69d53
SHA512 fb5a28890388afd457f45db33b5aeb8e88ceff69e5e15984a55b7524c4c3d2dbffd5097eb1d80c43c823ea40f2c78b079d40bc4fe532762b16618d0b74b79df9

C:\Windows\System\cJmnDjb.exe

MD5 32f367ae004aab717d4a8f24272d8a81
SHA1 720cdaf6205300452a1a5d73d0cee48e7f6f68be
SHA256 3ec491ede0767924103d1dede4a7c02aca0d294c6330cc7f51c6712e06c41828
SHA512 84f5ed50de5e280fea7cf6913f04c8625dc750a28180861e23b4e6d5b5e10bddf3f6fc1a12e6b9ca253b417d555bed6704376991fb20dd5c13a42ee60e18f5fe

C:\Windows\System\YtXTTlo.exe

MD5 096232c429717fadd5ce3b53f48ffb63
SHA1 9c5b7ecd6b8eacfe1dbd3d817d121ec709e47f94
SHA256 40401e3d6968328c0461cea6ba33fae9a2fa185d60492ffb27b928ed3db8ae4c
SHA512 8773b30fb7840d3888406b3298af2b726efc8bb41fcfd5e4f7fef5be3f5fe2b05633d88a9a19ab5a5581d664148d9117b957f58e3143bd2495da82dd95d95a66