kpot | 70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
Size

2.0MB
MD5

627f56d3dfc66c65c658d56bc4c58e6e
SHA1

1243a8691547134ff7fe8c78439de36c603132d7
SHA256

70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077
SHA512

dc4b766a60b58a1904d88b3b84b215771bb5f3115d43ffa51e2d9c2c505958a8d81d7cb558b097f82d289500c4e196691d2d4c8c5a5ac4ffec4b8ae51d7338bc
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2e:GemTLkNdfE0pZaQm

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000600000002328f-4.dat	family_kpot
behavioral2/files/0x0007000000023413-7.dat	family_kpot
behavioral2/files/0x000800000002340f-10.dat	family_kpot
behavioral2/files/0x0007000000023414-21.dat	family_kpot
behavioral2/files/0x0007000000023416-38.dat	family_kpot
behavioral2/files/0x0007000000023417-46.dat	family_kpot
behavioral2/files/0x000700000002341c-57.dat	family_kpot
behavioral2/files/0x0007000000023419-66.dat	family_kpot
behavioral2/files/0x0007000000023422-79.dat	family_kpot
behavioral2/files/0x0007000000023420-95.dat	family_kpot
behavioral2/files/0x0007000000023426-110.dat	family_kpot
behavioral2/files/0x0007000000023425-108.dat	family_kpot
behavioral2/files/0x0007000000023424-106.dat	family_kpot
behavioral2/files/0x0007000000023423-104.dat	family_kpot
behavioral2/files/0x000700000002341d-102.dat	family_kpot
behavioral2/files/0x0007000000023421-98.dat	family_kpot
behavioral2/files/0x000700000002341f-92.dat	family_kpot
behavioral2/files/0x000700000002341e-89.dat	family_kpot
behavioral2/files/0x000700000002341b-76.dat	family_kpot
behavioral2/files/0x000700000002341a-69.dat	family_kpot
behavioral2/files/0x0007000000023418-55.dat	family_kpot
behavioral2/files/0x0007000000023415-29.dat	family_kpot
behavioral2/files/0x0007000000023427-113.dat	family_kpot
behavioral2/files/0x0008000000023410-120.dat	family_kpot
behavioral2/files/0x0007000000023429-128.dat	family_kpot
behavioral2/files/0x000700000002342a-130.dat	family_kpot
behavioral2/files/0x000700000002342b-134.dat	family_kpot
behavioral2/files/0x000700000002342d-144.dat	family_kpot
behavioral2/files/0x000700000002342c-142.dat	family_kpot
behavioral2/files/0x0007000000023430-155.dat	family_kpot
behavioral2/files/0x0007000000023431-159.dat	family_kpot
behavioral2/files/0x000700000002342e-158.dat	family_kpot
behavioral2/files/0x000700000002342f-152.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000600000002328f-4.dat	xmrig
behavioral2/files/0x0007000000023413-7.dat	xmrig
behavioral2/files/0x000800000002340f-10.dat	xmrig
behavioral2/files/0x0007000000023414-21.dat	xmrig
behavioral2/files/0x0007000000023416-38.dat	xmrig
behavioral2/files/0x0007000000023417-46.dat	xmrig
behavioral2/files/0x000700000002341c-57.dat	xmrig
behavioral2/files/0x0007000000023419-66.dat	xmrig
behavioral2/files/0x0007000000023422-79.dat	xmrig
behavioral2/files/0x0007000000023420-95.dat	xmrig
behavioral2/files/0x0007000000023426-110.dat	xmrig
behavioral2/files/0x0007000000023425-108.dat	xmrig
behavioral2/files/0x0007000000023424-106.dat	xmrig
behavioral2/files/0x0007000000023423-104.dat	xmrig
behavioral2/files/0x000700000002341d-102.dat	xmrig
behavioral2/files/0x0007000000023421-98.dat	xmrig
behavioral2/files/0x000700000002341f-92.dat	xmrig
behavioral2/files/0x000700000002341e-89.dat	xmrig
behavioral2/files/0x000700000002341b-76.dat	xmrig
behavioral2/files/0x000700000002341a-69.dat	xmrig
behavioral2/files/0x0007000000023418-55.dat	xmrig
behavioral2/files/0x0007000000023415-29.dat	xmrig
behavioral2/files/0x0007000000023427-113.dat	xmrig
behavioral2/files/0x0008000000023410-120.dat	xmrig
behavioral2/files/0x0007000000023429-128.dat	xmrig
behavioral2/files/0x000700000002342a-130.dat	xmrig
behavioral2/files/0x000700000002342b-134.dat	xmrig
behavioral2/files/0x000700000002342d-144.dat	xmrig
behavioral2/files/0x000700000002342c-142.dat	xmrig
behavioral2/files/0x0007000000023430-155.dat	xmrig
behavioral2/files/0x0007000000023431-159.dat	xmrig
behavioral2/files/0x000700000002342e-158.dat	xmrig
behavioral2/files/0x000700000002342f-152.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3032	ZfkKSuw.exe
1096	hBtmdSF.exe
2200	vbfTijQ.exe
384	pYGwUFW.exe
4312	JBMQhJQ.exe
3932	Jhhovxf.exe
668	jnDGtFr.exe
3436	ufPgLuS.exe
1140	IBVbgcy.exe
2408	WHFCUeE.exe
3076	YCLRBpO.exe
1160	NJvBGjS.exe
4600	heINSNs.exe
3356	MphlhJQ.exe
1192	RrPrpAM.exe
3212	nxwTkeO.exe
2760	ETbtolc.exe
1844	cnjOIsQ.exe
1292	BCQrWVt.exe
3972	laxWHDJ.exe
1136	ZCuqGWB.exe
2680	GgXwDRm.exe
4896	LvcLwPW.exe
2272	StlCNMZ.exe
1432	cUHUkgG.exe
2724	jiQRaha.exe
3496	yfPSFYH.exe
1372	nVHhtkk.exe
2172	kykCBOD.exe
3200	jKUjjeB.exe
3276	RBfzMqv.exe
408	IVVuugl.exe
4532	uDavOuh.exe
3404	OEepOem.exe
2232	tBjFlqw.exe
3936	zvcZkuO.exe
5116	OwVpVgU.exe
1816	ilkZVPk.exe
4412	BBLPUsI.exe
2580	ZDCTzny.exe
3760	aEeraPg.exe
4848	SZDaLZy.exe
2880	qTEMzmb.exe
4396	LSoqTzP.exe
4424	HWeeSjK.exe
3252	gAowDTz.exe
2164	KSRtUdw.exe
3848	QYpxhRh.exe
4772	HPopZyV.exe
3552	jrQPwLJ.exe
2012	cqYUVla.exe
2188	eqXnVmZ.exe
2168	VeIpOTS.exe
5016	tExSxZq.exe
4388	iWuXbER.exe
4372	WTPWxMh.exe
4852	BNMZrrN.exe
880	BMatZhU.exe
4400	iUYGXmF.exe
1468	rJjLDbg.exe
1016	zbCdkfh.exe
4840	UaSBweq.exe
452	hdErZcL.exe
5092	LOPNfZI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NIAyVNE.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\KrflBfV.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\mFSTcQv.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\HCSqKCV.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\FzOaoPf.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\IACQQfR.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\NEujXOZ.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\JJaXgQY.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\sAvCvFk.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\wVLxbjp.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ntKDNKv.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\tVUFjZx.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\JmFFHAs.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\aEeraPg.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\maGKRzn.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\qfOlymn.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\laBqVIK.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\zAVobWy.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\hgxKYPb.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\HQwcWiN.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ufPgLuS.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\kSvonPK.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ldEzGMw.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\rAcjoVK.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\MhJdnAb.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\csnMyCo.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\VIDYjxM.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\olGIRAp.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\soboTLp.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\aFhmfNz.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\KMspNwI.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\VhRtOZP.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\VgYvCCw.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ItIinSI.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\svywujS.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\BUjYnkZ.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\GNqUcum.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\rDvHpkJ.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\hdErZcL.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\qizPdmu.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\xMVtgHL.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\pYGwUFW.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\WHFCUeE.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\BBLPUsI.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\LSoqTzP.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\XwvZzcu.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\sphZsED.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ZfkKSuw.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ZCuqGWB.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\SZDaLZy.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\RBfzMqv.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\jcxwRcz.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\AAnXgHL.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\MaNNaFC.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\iUYGXmF.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\EdGQRmX.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\ZUyRZct.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\tjBVscz.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\cWHTWMT.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\tExSxZq.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\YhoMBMl.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\tXAVxmS.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\mxIJace.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
File created	C:\Windows\System\KEMBCTM.exe	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
Token: SeLockMemoryPrivilege	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3032	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	84
PID 2824 wrote to memory of 3032	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	84
PID 2824 wrote to memory of 1096	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	85
PID 2824 wrote to memory of 1096	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	85
PID 2824 wrote to memory of 2200	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	86
PID 2824 wrote to memory of 2200	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	86
PID 2824 wrote to memory of 384	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	87
PID 2824 wrote to memory of 384	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	87
PID 2824 wrote to memory of 4312	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	88
PID 2824 wrote to memory of 4312	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	88
PID 2824 wrote to memory of 3932	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	89
PID 2824 wrote to memory of 3932	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	89
PID 2824 wrote to memory of 668	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	90
PID 2824 wrote to memory of 668	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	90
PID 2824 wrote to memory of 3436	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	91
PID 2824 wrote to memory of 3436	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	91
PID 2824 wrote to memory of 1140	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	92
PID 2824 wrote to memory of 1140	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	92
PID 2824 wrote to memory of 2408	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	93
PID 2824 wrote to memory of 2408	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	93
PID 2824 wrote to memory of 3076	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	94
PID 2824 wrote to memory of 3076	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	94
PID 2824 wrote to memory of 1160	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	95
PID 2824 wrote to memory of 1160	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	95
PID 2824 wrote to memory of 4600	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	96
PID 2824 wrote to memory of 4600	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	96
PID 2824 wrote to memory of 3356	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	97
PID 2824 wrote to memory of 3356	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	97
PID 2824 wrote to memory of 1192	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	98
PID 2824 wrote to memory of 1192	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	98
PID 2824 wrote to memory of 3212	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	99
PID 2824 wrote to memory of 3212	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	99
PID 2824 wrote to memory of 2760	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	100
PID 2824 wrote to memory of 2760	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	100
PID 2824 wrote to memory of 1844	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	101
PID 2824 wrote to memory of 1844	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	101
PID 2824 wrote to memory of 1292	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	102
PID 2824 wrote to memory of 1292	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	102
PID 2824 wrote to memory of 3972	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	103
PID 2824 wrote to memory of 3972	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	103
PID 2824 wrote to memory of 1136	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	104
PID 2824 wrote to memory of 1136	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	104
PID 2824 wrote to memory of 2680	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	105
PID 2824 wrote to memory of 2680	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	105
PID 2824 wrote to memory of 4896	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	106
PID 2824 wrote to memory of 4896	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	106
PID 2824 wrote to memory of 2272	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	107
PID 2824 wrote to memory of 2272	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	107
PID 2824 wrote to memory of 1432	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	108
PID 2824 wrote to memory of 1432	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	108
PID 2824 wrote to memory of 2724	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	110
PID 2824 wrote to memory of 2724	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	110
PID 2824 wrote to memory of 3496	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	111
PID 2824 wrote to memory of 3496	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	111
PID 2824 wrote to memory of 1372	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	112
PID 2824 wrote to memory of 1372	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	112
PID 2824 wrote to memory of 2172	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	113
PID 2824 wrote to memory of 2172	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	113
PID 2824 wrote to memory of 3200	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	114
PID 2824 wrote to memory of 3200	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	114
PID 2824 wrote to memory of 3276	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	115
PID 2824 wrote to memory of 3276	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	115
PID 2824 wrote to memory of 408	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	116
PID 2824 wrote to memory of 408	2824	70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe	116

C:\Users\Admin\AppData\Local\Temp\70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe
"C:\Users\Admin\AppData\Local\Temp\70c2061e92656cb8394303a7f215bf6b533dcf2f6f2ecf17b16ccbb633a81077.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\System\ZfkKSuw.exe
  C:\Windows\System\ZfkKSuw.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\hBtmdSF.exe
  C:\Windows\System\hBtmdSF.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\vbfTijQ.exe
  C:\Windows\System\vbfTijQ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\pYGwUFW.exe
  C:\Windows\System\pYGwUFW.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\JBMQhJQ.exe
  C:\Windows\System\JBMQhJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\Jhhovxf.exe
  C:\Windows\System\Jhhovxf.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\jnDGtFr.exe
  C:\Windows\System\jnDGtFr.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\ufPgLuS.exe
  C:\Windows\System\ufPgLuS.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\IBVbgcy.exe
  C:\Windows\System\IBVbgcy.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\WHFCUeE.exe
  C:\Windows\System\WHFCUeE.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\YCLRBpO.exe
  C:\Windows\System\YCLRBpO.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\NJvBGjS.exe
  C:\Windows\System\NJvBGjS.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\heINSNs.exe
  C:\Windows\System\heINSNs.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\MphlhJQ.exe
  C:\Windows\System\MphlhJQ.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\RrPrpAM.exe
  C:\Windows\System\RrPrpAM.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\nxwTkeO.exe
  C:\Windows\System\nxwTkeO.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\ETbtolc.exe
  C:\Windows\System\ETbtolc.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\cnjOIsQ.exe
  C:\Windows\System\cnjOIsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\BCQrWVt.exe
  C:\Windows\System\BCQrWVt.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\laxWHDJ.exe
  C:\Windows\System\laxWHDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\ZCuqGWB.exe
  C:\Windows\System\ZCuqGWB.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\GgXwDRm.exe
  C:\Windows\System\GgXwDRm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\LvcLwPW.exe
  C:\Windows\System\LvcLwPW.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\StlCNMZ.exe
  C:\Windows\System\StlCNMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\cUHUkgG.exe
  C:\Windows\System\cUHUkgG.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\jiQRaha.exe
  C:\Windows\System\jiQRaha.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\yfPSFYH.exe
  C:\Windows\System\yfPSFYH.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\nVHhtkk.exe
  C:\Windows\System\nVHhtkk.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\kykCBOD.exe
  C:\Windows\System\kykCBOD.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\jKUjjeB.exe
  C:\Windows\System\jKUjjeB.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\RBfzMqv.exe
  C:\Windows\System\RBfzMqv.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\IVVuugl.exe
  C:\Windows\System\IVVuugl.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\uDavOuh.exe
  C:\Windows\System\uDavOuh.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\OEepOem.exe
  C:\Windows\System\OEepOem.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\tBjFlqw.exe
  C:\Windows\System\tBjFlqw.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\zvcZkuO.exe
  C:\Windows\System\zvcZkuO.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\OwVpVgU.exe
  C:\Windows\System\OwVpVgU.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\ilkZVPk.exe
  C:\Windows\System\ilkZVPk.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\BBLPUsI.exe
  C:\Windows\System\BBLPUsI.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\ZDCTzny.exe
  C:\Windows\System\ZDCTzny.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\aEeraPg.exe
  C:\Windows\System\aEeraPg.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\SZDaLZy.exe
  C:\Windows\System\SZDaLZy.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\qTEMzmb.exe
  C:\Windows\System\qTEMzmb.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\LSoqTzP.exe
  C:\Windows\System\LSoqTzP.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\HWeeSjK.exe
  C:\Windows\System\HWeeSjK.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\gAowDTz.exe
  C:\Windows\System\gAowDTz.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\KSRtUdw.exe
  C:\Windows\System\KSRtUdw.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\QYpxhRh.exe
  C:\Windows\System\QYpxhRh.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\HPopZyV.exe
  C:\Windows\System\HPopZyV.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\jrQPwLJ.exe
  C:\Windows\System\jrQPwLJ.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\cqYUVla.exe
  C:\Windows\System\cqYUVla.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\eqXnVmZ.exe
  C:\Windows\System\eqXnVmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\VeIpOTS.exe
  C:\Windows\System\VeIpOTS.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\tExSxZq.exe
  C:\Windows\System\tExSxZq.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\iWuXbER.exe
  C:\Windows\System\iWuXbER.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\WTPWxMh.exe
  C:\Windows\System\WTPWxMh.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\BNMZrrN.exe
  C:\Windows\System\BNMZrrN.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\BMatZhU.exe
  C:\Windows\System\BMatZhU.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\iUYGXmF.exe
  C:\Windows\System\iUYGXmF.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\rJjLDbg.exe
  C:\Windows\System\rJjLDbg.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\zbCdkfh.exe
  C:\Windows\System\zbCdkfh.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\UaSBweq.exe
  C:\Windows\System\UaSBweq.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\hdErZcL.exe
  C:\Windows\System\hdErZcL.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\LOPNfZI.exe
  C:\Windows\System\LOPNfZI.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\NIECAuu.exe
  C:\Windows\System\NIECAuu.exe
  2⤵
  PID:60
- C:\Windows\System\LGHxTRf.exe
  C:\Windows\System\LGHxTRf.exe
  2⤵
  PID:3064
- C:\Windows\System\BUjYnkZ.exe
  C:\Windows\System\BUjYnkZ.exe
  2⤵
  PID:4544
- C:\Windows\System\wzplLne.exe
  C:\Windows\System\wzplLne.exe
  2⤵
  PID:2388
- C:\Windows\System\JmFFHAs.exe
  C:\Windows\System\JmFFHAs.exe
  2⤵
  PID:2908
- C:\Windows\System\hTWjFaw.exe
  C:\Windows\System\hTWjFaw.exe
  2⤵
  PID:2024
- C:\Windows\System\IACQQfR.exe
  C:\Windows\System\IACQQfR.exe
  2⤵
  PID:4376
- C:\Windows\System\xRjYlwd.exe
  C:\Windows\System\xRjYlwd.exe
  2⤵
  PID:3852
- C:\Windows\System\ItYiwkH.exe
  C:\Windows\System\ItYiwkH.exe
  2⤵
  PID:3492
- C:\Windows\System\TkCneKG.exe
  C:\Windows\System\TkCneKG.exe
  2⤵
  PID:4972
- C:\Windows\System\GforYkF.exe
  C:\Windows\System\GforYkF.exe
  2⤵
  PID:212
- C:\Windows\System\OrDEVpi.exe
  C:\Windows\System\OrDEVpi.exe
  2⤵
  PID:4584
- C:\Windows\System\YhoMBMl.exe
  C:\Windows\System\YhoMBMl.exe
  2⤵
  PID:4316
- C:\Windows\System\PKMqcmT.exe
  C:\Windows\System\PKMqcmT.exe
  2⤵
  PID:3264
- C:\Windows\System\sVIvdQr.exe
  C:\Windows\System\sVIvdQr.exe
  2⤵
  PID:2500
- C:\Windows\System\Rcbfezo.exe
  C:\Windows\System\Rcbfezo.exe
  2⤵
  PID:4864
- C:\Windows\System\fXjsKqT.exe
  C:\Windows\System\fXjsKqT.exe
  2⤵
  PID:4940
- C:\Windows\System\maGKRzn.exe
  C:\Windows\System\maGKRzn.exe
  2⤵
  PID:512
- C:\Windows\System\hdTLBou.exe
  C:\Windows\System\hdTLBou.exe
  2⤵
  PID:1428
- C:\Windows\System\FWbHQob.exe
  C:\Windows\System\FWbHQob.exe
  2⤵
  PID:2000
- C:\Windows\System\kSvonPK.exe
  C:\Windows\System\kSvonPK.exe
  2⤵
  PID:4364
- C:\Windows\System\FNxRtYE.exe
  C:\Windows\System\FNxRtYE.exe
  2⤵
  PID:2256
- C:\Windows\System\tXAVxmS.exe
  C:\Windows\System\tXAVxmS.exe
  2⤵
  PID:3752
- C:\Windows\System\NEujXOZ.exe
  C:\Windows\System\NEujXOZ.exe
  2⤵
  PID:4844
- C:\Windows\System\gTQzJSi.exe
  C:\Windows\System\gTQzJSi.exe
  2⤵
  PID:5048
- C:\Windows\System\BOTMCua.exe
  C:\Windows\System\BOTMCua.exe
  2⤵
  PID:2428
- C:\Windows\System\lKiXVrc.exe
  C:\Windows\System\lKiXVrc.exe
  2⤵
  PID:1524
- C:\Windows\System\LHowRYR.exe
  C:\Windows\System\LHowRYR.exe
  2⤵
  PID:2696
- C:\Windows\System\TbiaAZV.exe
  C:\Windows\System\TbiaAZV.exe
  2⤵
  PID:836
- C:\Windows\System\ffNgHti.exe
  C:\Windows\System\ffNgHti.exe
  2⤵
  PID:3480
- C:\Windows\System\XqkhQyL.exe
  C:\Windows\System\XqkhQyL.exe
  2⤵
  PID:4184
- C:\Windows\System\cZoajYH.exe
  C:\Windows\System\cZoajYH.exe
  2⤵
  PID:3920
- C:\Windows\System\WnVjgyf.exe
  C:\Windows\System\WnVjgyf.exe
  2⤵
  PID:4328
- C:\Windows\System\KtPgyOI.exe
  C:\Windows\System\KtPgyOI.exe
  2⤵
  PID:3056
- C:\Windows\System\xOTeENr.exe
  C:\Windows\System\xOTeENr.exe
  2⤵
  PID:2692
- C:\Windows\System\mFaWtoF.exe
  C:\Windows\System\mFaWtoF.exe
  2⤵
  PID:1544
- C:\Windows\System\ZuvxXmv.exe
  C:\Windows\System\ZuvxXmv.exe
  2⤵
  PID:5128
- C:\Windows\System\qHkPcJh.exe
  C:\Windows\System\qHkPcJh.exe
  2⤵
  PID:5144
- C:\Windows\System\IbsjfUM.exe
  C:\Windows\System\IbsjfUM.exe
  2⤵
  PID:5184
- C:\Windows\System\GNqUcum.exe
  C:\Windows\System\GNqUcum.exe
  2⤵
  PID:5204
- C:\Windows\System\VtqENOb.exe
  C:\Windows\System\VtqENOb.exe
  2⤵
  PID:5244
- C:\Windows\System\GdqCegG.exe
  C:\Windows\System\GdqCegG.exe
  2⤵
  PID:5268
- C:\Windows\System\wVLxbjp.exe
  C:\Windows\System\wVLxbjp.exe
  2⤵
  PID:5304
- C:\Windows\System\mwtTdTc.exe
  C:\Windows\System\mwtTdTc.exe
  2⤵
  PID:5332
- C:\Windows\System\oRvtnAk.exe
  C:\Windows\System\oRvtnAk.exe
  2⤵
  PID:5348
- C:\Windows\System\WydqaJs.exe
  C:\Windows\System\WydqaJs.exe
  2⤵
  PID:5380
- C:\Windows\System\CDkcelk.exe
  C:\Windows\System\CDkcelk.exe
  2⤵
  PID:5408
- C:\Windows\System\duiXnJZ.exe
  C:\Windows\System\duiXnJZ.exe
  2⤵
  PID:5440
- C:\Windows\System\CuYzXHA.exe
  C:\Windows\System\CuYzXHA.exe
  2⤵
  PID:5468
- C:\Windows\System\CymEoWF.exe
  C:\Windows\System\CymEoWF.exe
  2⤵
  PID:5496
- C:\Windows\System\OGLEmVc.exe
  C:\Windows\System\OGLEmVc.exe
  2⤵
  PID:5524
- C:\Windows\System\HVcAjbW.exe
  C:\Windows\System\HVcAjbW.exe
  2⤵
  PID:5556
- C:\Windows\System\XwvZzcu.exe
  C:\Windows\System\XwvZzcu.exe
  2⤵
  PID:5604
- C:\Windows\System\JJaXgQY.exe
  C:\Windows\System\JJaXgQY.exe
  2⤵
  PID:5620
- C:\Windows\System\SMDOSJf.exe
  C:\Windows\System\SMDOSJf.exe
  2⤵
  PID:5648
- C:\Windows\System\iSwEVba.exe
  C:\Windows\System\iSwEVba.exe
  2⤵
  PID:5668
- C:\Windows\System\omeCPIG.exe
  C:\Windows\System\omeCPIG.exe
  2⤵
  PID:5696
- C:\Windows\System\CKOLpwb.exe
  C:\Windows\System\CKOLpwb.exe
  2⤵
  PID:5712
- C:\Windows\System\AtRpnMh.exe
  C:\Windows\System\AtRpnMh.exe
  2⤵
  PID:5744
- C:\Windows\System\unmYzxw.exe
  C:\Windows\System\unmYzxw.exe
  2⤵
  PID:5776
- C:\Windows\System\DknlWnQ.exe
  C:\Windows\System\DknlWnQ.exe
  2⤵
  PID:5792
- C:\Windows\System\WLojAjJ.exe
  C:\Windows\System\WLojAjJ.exe
  2⤵
  PID:5820
- C:\Windows\System\YIbxGlT.exe
  C:\Windows\System\YIbxGlT.exe
  2⤵
  PID:5848
- C:\Windows\System\rDvHpkJ.exe
  C:\Windows\System\rDvHpkJ.exe
  2⤵
  PID:5896
- C:\Windows\System\CbmKMWM.exe
  C:\Windows\System\CbmKMWM.exe
  2⤵
  PID:5916
- C:\Windows\System\owEQdlS.exe
  C:\Windows\System\owEQdlS.exe
  2⤵
  PID:5944
- C:\Windows\System\vhDVRwp.exe
  C:\Windows\System\vhDVRwp.exe
  2⤵
  PID:5972
- C:\Windows\System\TNbZRRk.exe
  C:\Windows\System\TNbZRRk.exe
  2⤵
  PID:6008
- C:\Windows\System\ceFoFOa.exe
  C:\Windows\System\ceFoFOa.exe
  2⤵
  PID:6040
- C:\Windows\System\CEaNmYR.exe
  C:\Windows\System\CEaNmYR.exe
  2⤵
  PID:6056
- C:\Windows\System\WzjifIf.exe
  C:\Windows\System\WzjifIf.exe
  2⤵
  PID:6092
- C:\Windows\System\PjfJXFB.exe
  C:\Windows\System\PjfJXFB.exe
  2⤵
  PID:6120
- C:\Windows\System\FbJhyIl.exe
  C:\Windows\System\FbJhyIl.exe
  2⤵
  PID:1800
- C:\Windows\System\WeDxxhp.exe
  C:\Windows\System\WeDxxhp.exe
  2⤵
  PID:5156
- C:\Windows\System\bvofswd.exe
  C:\Windows\System\bvofswd.exe
  2⤵
  PID:5224
- C:\Windows\System\TndDbfB.exe
  C:\Windows\System\TndDbfB.exe
  2⤵
  PID:5300
- C:\Windows\System\OZRHlST.exe
  C:\Windows\System\OZRHlST.exe
  2⤵
  PID:5364
- C:\Windows\System\kdKmLeG.exe
  C:\Windows\System\kdKmLeG.exe
  2⤵
  PID:5420
- C:\Windows\System\sxepwse.exe
  C:\Windows\System\sxepwse.exe
  2⤵
  PID:5480
- C:\Windows\System\BExEUbv.exe
  C:\Windows\System\BExEUbv.exe
  2⤵
  PID:5572
- C:\Windows\System\CENCNfq.exe
  C:\Windows\System\CENCNfq.exe
  2⤵
  PID:5612
- C:\Windows\System\qUwzwjg.exe
  C:\Windows\System\qUwzwjg.exe
  2⤵
  PID:5684
- C:\Windows\System\MxpQJut.exe
  C:\Windows\System\MxpQJut.exe
  2⤵
  PID:5724
- C:\Windows\System\VIDYjxM.exe
  C:\Windows\System\VIDYjxM.exe
  2⤵
  PID:5808
- C:\Windows\System\FXHPQLA.exe
  C:\Windows\System\FXHPQLA.exe
  2⤵
  PID:5880
- C:\Windows\System\BUYJBqt.exe
  C:\Windows\System\BUYJBqt.exe
  2⤵
  PID:5960
- C:\Windows\System\DqjmMyi.exe
  C:\Windows\System\DqjmMyi.exe
  2⤵
  PID:6024
- C:\Windows\System\qfOlymn.exe
  C:\Windows\System\qfOlymn.exe
  2⤵
  PID:6100
- C:\Windows\System\RhWWoQt.exe
  C:\Windows\System\RhWWoQt.exe
  2⤵
  PID:6128
- C:\Windows\System\VhRtOZP.exe
  C:\Windows\System\VhRtOZP.exe
  2⤵
  PID:5164
- C:\Windows\System\HRspqkr.exe
  C:\Windows\System\HRspqkr.exe
  2⤵
  PID:4556
- C:\Windows\System\lavPQcH.exe
  C:\Windows\System\lavPQcH.exe
  2⤵
  PID:5512
- C:\Windows\System\YzvnACV.exe
  C:\Windows\System\YzvnACV.exe
  2⤵
  PID:5736
- C:\Windows\System\LRUneIT.exe
  C:\Windows\System\LRUneIT.exe
  2⤵
  PID:5888
- C:\Windows\System\bYKPDXn.exe
  C:\Windows\System\bYKPDXn.exe
  2⤵
  PID:6076
- C:\Windows\System\ntKDNKv.exe
  C:\Windows\System\ntKDNKv.exe
  2⤵
  PID:5292
- C:\Windows\System\zhiCCeh.exe
  C:\Windows\System\zhiCCeh.exe
  2⤵
  PID:5460
- C:\Windows\System\AvUJLXF.exe
  C:\Windows\System\AvUJLXF.exe
  2⤵
  PID:5964
- C:\Windows\System\rHnswqL.exe
  C:\Windows\System\rHnswqL.exe
  2⤵
  PID:5664
- C:\Windows\System\iSGRois.exe
  C:\Windows\System\iSGRois.exe
  2⤵
  PID:5316
- C:\Windows\System\jtymuTM.exe
  C:\Windows\System\jtymuTM.exe
  2⤵
  PID:6164
- C:\Windows\System\cnysSbF.exe
  C:\Windows\System\cnysSbF.exe
  2⤵
  PID:6192
- C:\Windows\System\Iniqsbs.exe
  C:\Windows\System\Iniqsbs.exe
  2⤵
  PID:6208
- C:\Windows\System\tjBVscz.exe
  C:\Windows\System\tjBVscz.exe
  2⤵
  PID:6232
- C:\Windows\System\skwMfgr.exe
  C:\Windows\System\skwMfgr.exe
  2⤵
  PID:6264
- C:\Windows\System\NIAyVNE.exe
  C:\Windows\System\NIAyVNE.exe
  2⤵
  PID:6292
- C:\Windows\System\dkJrjLo.exe
  C:\Windows\System\dkJrjLo.exe
  2⤵
  PID:6320
- C:\Windows\System\RtbDGPu.exe
  C:\Windows\System\RtbDGPu.exe
  2⤵
  PID:6348
- C:\Windows\System\XtLiNqO.exe
  C:\Windows\System\XtLiNqO.exe
  2⤵
  PID:6388
- C:\Windows\System\EqXYLgx.exe
  C:\Windows\System\EqXYLgx.exe
  2⤵
  PID:6416
- C:\Windows\System\enBqqZb.exe
  C:\Windows\System\enBqqZb.exe
  2⤵
  PID:6468
- C:\Windows\System\QAuLGUn.exe
  C:\Windows\System\QAuLGUn.exe
  2⤵
  PID:6492
- C:\Windows\System\KyNdskb.exe
  C:\Windows\System\KyNdskb.exe
  2⤵
  PID:6512
- C:\Windows\System\rccZFEm.exe
  C:\Windows\System\rccZFEm.exe
  2⤵
  PID:6528
- C:\Windows\System\OehqZbo.exe
  C:\Windows\System\OehqZbo.exe
  2⤵
  PID:6568
- C:\Windows\System\AuvcIlc.exe
  C:\Windows\System\AuvcIlc.exe
  2⤵
  PID:6588
- C:\Windows\System\PfxvNPj.exe
  C:\Windows\System\PfxvNPj.exe
  2⤵
  PID:6612
- C:\Windows\System\tvsjaTV.exe
  C:\Windows\System\tvsjaTV.exe
  2⤵
  PID:6644
- C:\Windows\System\KrflBfV.exe
  C:\Windows\System\KrflBfV.exe
  2⤵
  PID:6668
- C:\Windows\System\ldEzGMw.exe
  C:\Windows\System\ldEzGMw.exe
  2⤵
  PID:6700
- C:\Windows\System\ncdymUr.exe
  C:\Windows\System\ncdymUr.exe
  2⤵
  PID:6736
- C:\Windows\System\FIGSxyr.exe
  C:\Windows\System\FIGSxyr.exe
  2⤵
  PID:6756
- C:\Windows\System\laBqVIK.exe
  C:\Windows\System\laBqVIK.exe
  2⤵
  PID:6780
- C:\Windows\System\ywGgwzL.exe
  C:\Windows\System\ywGgwzL.exe
  2⤵
  PID:6824
- C:\Windows\System\awMCwtk.exe
  C:\Windows\System\awMCwtk.exe
  2⤵
  PID:6848
- C:\Windows\System\VjjQKUs.exe
  C:\Windows\System\VjjQKUs.exe
  2⤵
  PID:6864
- C:\Windows\System\reNeaav.exe
  C:\Windows\System\reNeaav.exe
  2⤵
  PID:6892
- C:\Windows\System\wJTTDpb.exe
  C:\Windows\System\wJTTDpb.exe
  2⤵
  PID:6920
- C:\Windows\System\zAVobWy.exe
  C:\Windows\System\zAVobWy.exe
  2⤵
  PID:6952
- C:\Windows\System\rJRlEEI.exe
  C:\Windows\System\rJRlEEI.exe
  2⤵
  PID:6976
- C:\Windows\System\aGmcXWC.exe
  C:\Windows\System\aGmcXWC.exe
  2⤵
  PID:7004
- C:\Windows\System\jcxwRcz.exe
  C:\Windows\System\jcxwRcz.exe
  2⤵
  PID:7036
- C:\Windows\System\JfhAQNS.exe
  C:\Windows\System\JfhAQNS.exe
  2⤵
  PID:7060
- C:\Windows\System\frTZppp.exe
  C:\Windows\System\frTZppp.exe
  2⤵
  PID:7084
- C:\Windows\System\skiWomY.exe
  C:\Windows\System\skiWomY.exe
  2⤵
  PID:7104
- C:\Windows\System\LNGjCPz.exe
  C:\Windows\System\LNGjCPz.exe
  2⤵
  PID:7124
- C:\Windows\System\urPLsdR.exe
  C:\Windows\System\urPLsdR.exe
  2⤵
  PID:7144
- C:\Windows\System\wcfVZpR.exe
  C:\Windows\System\wcfVZpR.exe
  2⤵
  PID:6160
- C:\Windows\System\PIYHZnz.exe
  C:\Windows\System\PIYHZnz.exe
  2⤵
  PID:6248
- C:\Windows\System\tVUFjZx.exe
  C:\Windows\System\tVUFjZx.exe
  2⤵
  PID:6312
- C:\Windows\System\OEdQZJz.exe
  C:\Windows\System\OEdQZJz.exe
  2⤵
  PID:6376
- C:\Windows\System\ZqBoTXJ.exe
  C:\Windows\System\ZqBoTXJ.exe
  2⤵
  PID:6440
- C:\Windows\System\FQhbNgZ.exe
  C:\Windows\System\FQhbNgZ.exe
  2⤵
  PID:6540
- C:\Windows\System\jQraUsQ.exe
  C:\Windows\System\jQraUsQ.exe
  2⤵
  PID:6636
- C:\Windows\System\zQhMkYl.exe
  C:\Windows\System\zQhMkYl.exe
  2⤵
  PID:6732
- C:\Windows\System\RbudnRD.exe
  C:\Windows\System\RbudnRD.exe
  2⤵
  PID:6804
- C:\Windows\System\tNDOVVx.exe
  C:\Windows\System\tNDOVVx.exe
  2⤵
  PID:6884
- C:\Windows\System\aYIEBPW.exe
  C:\Windows\System\aYIEBPW.exe
  2⤵
  PID:6908
- C:\Windows\System\VgYvCCw.exe
  C:\Windows\System\VgYvCCw.exe
  2⤵
  PID:6996
- C:\Windows\System\GZmRcZz.exe
  C:\Windows\System\GZmRcZz.exe
  2⤵
  PID:7052
- C:\Windows\System\hjrPBpt.exe
  C:\Windows\System\hjrPBpt.exe
  2⤵
  PID:7092
- C:\Windows\System\eGqlNQe.exe
  C:\Windows\System\eGqlNQe.exe
  2⤵
  PID:7112
- C:\Windows\System\jYeDSXI.exe
  C:\Windows\System\jYeDSXI.exe
  2⤵
  PID:6156
- C:\Windows\System\nBPKrpy.exe
  C:\Windows\System\nBPKrpy.exe
  2⤵
  PID:6368
- C:\Windows\System\gMWgQor.exe
  C:\Windows\System\gMWgQor.exe
  2⤵
  PID:6560
- C:\Windows\System\noMINgg.exe
  C:\Windows\System\noMINgg.exe
  2⤵
  PID:6776
- C:\Windows\System\IXYJdhO.exe
  C:\Windows\System\IXYJdhO.exe
  2⤵
  PID:6932
- C:\Windows\System\UZYCorw.exe
  C:\Windows\System\UZYCorw.exe
  2⤵
  PID:7048
- C:\Windows\System\mFSTcQv.exe
  C:\Windows\System\mFSTcQv.exe
  2⤵
  PID:7160
- C:\Windows\System\ItIinSI.exe
  C:\Windows\System\ItIinSI.exe
  2⤵
  PID:6596
- C:\Windows\System\dNkEKaj.exe
  C:\Windows\System\dNkEKaj.exe
  2⤵
  PID:6940
- C:\Windows\System\hgxKYPb.exe
  C:\Windows\System\hgxKYPb.exe
  2⤵
  PID:6888
- C:\Windows\System\olGIRAp.exe
  C:\Windows\System\olGIRAp.exe
  2⤵
  PID:7080
- C:\Windows\System\GIQAVJG.exe
  C:\Windows\System\GIQAVJG.exe
  2⤵
  PID:7200
- C:\Windows\System\AwAhhyX.exe
  C:\Windows\System\AwAhhyX.exe
  2⤵
  PID:7228
- C:\Windows\System\dByUXgN.exe
  C:\Windows\System\dByUXgN.exe
  2⤵
  PID:7256
- C:\Windows\System\tCJIhnv.exe
  C:\Windows\System\tCJIhnv.exe
  2⤵
  PID:7284
- C:\Windows\System\OyEQxTB.exe
  C:\Windows\System\OyEQxTB.exe
  2⤵
  PID:7300
- C:\Windows\System\AtfwwLJ.exe
  C:\Windows\System\AtfwwLJ.exe
  2⤵
  PID:7344
- C:\Windows\System\uEagxUE.exe
  C:\Windows\System\uEagxUE.exe
  2⤵
  PID:7364
- C:\Windows\System\IjXWIpN.exe
  C:\Windows\System\IjXWIpN.exe
  2⤵
  PID:7400
- C:\Windows\System\VVbnuTG.exe
  C:\Windows\System\VVbnuTG.exe
  2⤵
  PID:7432
- C:\Windows\System\AAnXgHL.exe
  C:\Windows\System\AAnXgHL.exe
  2⤵
  PID:7456
- C:\Windows\System\soboTLp.exe
  C:\Windows\System\soboTLp.exe
  2⤵
  PID:7488
- C:\Windows\System\sgXwxZV.exe
  C:\Windows\System\sgXwxZV.exe
  2⤵
  PID:7528
- C:\Windows\System\OBhTKwS.exe
  C:\Windows\System\OBhTKwS.exe
  2⤵
  PID:7548
- C:\Windows\System\HJDaAKV.exe
  C:\Windows\System\HJDaAKV.exe
  2⤵
  PID:7572
- C:\Windows\System\svywujS.exe
  C:\Windows\System\svywujS.exe
  2⤵
  PID:7588
- C:\Windows\System\VbTgjTt.exe
  C:\Windows\System\VbTgjTt.exe
  2⤵
  PID:7616
- C:\Windows\System\JFzjrGh.exe
  C:\Windows\System\JFzjrGh.exe
  2⤵
  PID:7644
- C:\Windows\System\SaDJwQq.exe
  C:\Windows\System\SaDJwQq.exe
  2⤵
  PID:7668
- C:\Windows\System\WPsOCCC.exe
  C:\Windows\System\WPsOCCC.exe
  2⤵
  PID:7708
- C:\Windows\System\rJgzlBS.exe
  C:\Windows\System\rJgzlBS.exe
  2⤵
  PID:7728
- C:\Windows\System\fssbTXQ.exe
  C:\Windows\System\fssbTXQ.exe
  2⤵
  PID:7764
- C:\Windows\System\LZBpHlg.exe
  C:\Windows\System\LZBpHlg.exe
  2⤵
  PID:7792
- C:\Windows\System\HCSqKCV.exe
  C:\Windows\System\HCSqKCV.exe
  2⤵
  PID:7824
- C:\Windows\System\tDYTfXd.exe
  C:\Windows\System\tDYTfXd.exe
  2⤵
  PID:7860
- C:\Windows\System\qizPdmu.exe
  C:\Windows\System\qizPdmu.exe
  2⤵
  PID:7880
- C:\Windows\System\LRphPVW.exe
  C:\Windows\System\LRphPVW.exe
  2⤵
  PID:7896
- C:\Windows\System\QMwRjpK.exe
  C:\Windows\System\QMwRjpK.exe
  2⤵
  PID:7924
- C:\Windows\System\cmbGsfT.exe
  C:\Windows\System\cmbGsfT.exe
  2⤵
  PID:7952
- C:\Windows\System\RrzgScb.exe
  C:\Windows\System\RrzgScb.exe
  2⤵
  PID:7992
- C:\Windows\System\FzOaoPf.exe
  C:\Windows\System\FzOaoPf.exe
  2⤵
  PID:8012
- C:\Windows\System\FflvblS.exe
  C:\Windows\System\FflvblS.exe
  2⤵
  PID:8040
- C:\Windows\System\lXZkuCI.exe
  C:\Windows\System\lXZkuCI.exe
  2⤵
  PID:8060
- C:\Windows\System\UimuQWp.exe
  C:\Windows\System\UimuQWp.exe
  2⤵
  PID:8104
- C:\Windows\System\xMVtgHL.exe
  C:\Windows\System\xMVtgHL.exe
  2⤵
  PID:8124
- C:\Windows\System\KoFdDDJ.exe
  C:\Windows\System\KoFdDDJ.exe
  2⤵
  PID:8164
- C:\Windows\System\nbyWrYx.exe
  C:\Windows\System\nbyWrYx.exe
  2⤵
  PID:8180
- C:\Windows\System\mwxDCYq.exe
  C:\Windows\System\mwxDCYq.exe
  2⤵
  PID:7188
- C:\Windows\System\YNXYwOu.exe
  C:\Windows\System\YNXYwOu.exe
  2⤵
  PID:7244
- C:\Windows\System\ICCxZvg.exe
  C:\Windows\System\ICCxZvg.exe
  2⤵
  PID:7292
- C:\Windows\System\mxIJace.exe
  C:\Windows\System\mxIJace.exe
  2⤵
  PID:7376
- C:\Windows\System\zZpJTYD.exe
  C:\Windows\System\zZpJTYD.exe
  2⤵
  PID:7388
- C:\Windows\System\dsMGqTs.exe
  C:\Windows\System\dsMGqTs.exe
  2⤵
  PID:7496
- C:\Windows\System\aFhmfNz.exe
  C:\Windows\System\aFhmfNz.exe
  2⤵
  PID:7608
- C:\Windows\System\WUfklAD.exe
  C:\Windows\System\WUfklAD.exe
  2⤵
  PID:7680
- C:\Windows\System\UEkJQkC.exe
  C:\Windows\System\UEkJQkC.exe
  2⤵
  PID:7660
- C:\Windows\System\EdGQRmX.exe
  C:\Windows\System\EdGQRmX.exe
  2⤵
  PID:7784
- C:\Windows\System\HVvpHyj.exe
  C:\Windows\System\HVvpHyj.exe
  2⤵
  PID:7852
- C:\Windows\System\RKlhqrT.exe
  C:\Windows\System\RKlhqrT.exe
  2⤵
  PID:7912
- C:\Windows\System\cWHTWMT.exe
  C:\Windows\System\cWHTWMT.exe
  2⤵
  PID:8024
- C:\Windows\System\QtTNlWK.exe
  C:\Windows\System\QtTNlWK.exe
  2⤵
  PID:8052
- C:\Windows\System\rxZbtgY.exe
  C:\Windows\System\rxZbtgY.exe
  2⤵
  PID:8116
- C:\Windows\System\cehGZhA.exe
  C:\Windows\System\cehGZhA.exe
  2⤵
  PID:7296
- C:\Windows\System\RaOVZAP.exe
  C:\Windows\System\RaOVZAP.exe
  2⤵
  PID:7416
- C:\Windows\System\xOvIveW.exe
  C:\Windows\System\xOvIveW.exe
  2⤵
  PID:7476
- C:\Windows\System\sphZsED.exe
  C:\Windows\System\sphZsED.exe
  2⤵
  PID:7556
- C:\Windows\System\vrzkKdZ.exe
  C:\Windows\System\vrzkKdZ.exe
  2⤵
  PID:7632
- C:\Windows\System\ZUyRZct.exe
  C:\Windows\System\ZUyRZct.exe
  2⤵
  PID:7868
- C:\Windows\System\HQwcWiN.exe
  C:\Windows\System\HQwcWiN.exe
  2⤵
  PID:8008
- C:\Windows\System\WEuskSo.exe
  C:\Windows\System\WEuskSo.exe
  2⤵
  PID:7276
- C:\Windows\System\rAcjoVK.exe
  C:\Windows\System\rAcjoVK.exe
  2⤵
  PID:7752
- C:\Windows\System\MhJdnAb.exe
  C:\Windows\System\MhJdnAb.exe
  2⤵
  PID:8172
- C:\Windows\System\fjDFxvs.exe
  C:\Windows\System\fjDFxvs.exe
  2⤵
  PID:7804
- C:\Windows\System\MaNNaFC.exe
  C:\Windows\System\MaNNaFC.exe
  2⤵
  PID:7568
- C:\Windows\System\cikgmts.exe
  C:\Windows\System\cikgmts.exe
  2⤵
  PID:8212
- C:\Windows\System\rBbKybM.exe
  C:\Windows\System\rBbKybM.exe
  2⤵
  PID:8244
- C:\Windows\System\PPOUZaT.exe
  C:\Windows\System\PPOUZaT.exe
  2⤵
  PID:8264
- C:\Windows\System\IpbYKip.exe
  C:\Windows\System\IpbYKip.exe
  2⤵
  PID:8292
- C:\Windows\System\CqOpXvC.exe
  C:\Windows\System\CqOpXvC.exe
  2⤵
  PID:8320
- C:\Windows\System\bwjIDNx.exe
  C:\Windows\System\bwjIDNx.exe
  2⤵
  PID:8356
- C:\Windows\System\sAvCvFk.exe
  C:\Windows\System\sAvCvFk.exe
  2⤵
  PID:8380
- C:\Windows\System\iUMbWql.exe
  C:\Windows\System\iUMbWql.exe
  2⤵
  PID:8404
- C:\Windows\System\SOAjeJf.exe
  C:\Windows\System\SOAjeJf.exe
  2⤵
  PID:8420
- C:\Windows\System\OSlVBPr.exe
  C:\Windows\System\OSlVBPr.exe
  2⤵
  PID:8448
- C:\Windows\System\BIOtzCB.exe
  C:\Windows\System\BIOtzCB.exe
  2⤵
  PID:8476
- C:\Windows\System\HEAcCnx.exe
  C:\Windows\System\HEAcCnx.exe
  2⤵
  PID:8492
- C:\Windows\System\BgzsnlL.exe
  C:\Windows\System\BgzsnlL.exe
  2⤵
  PID:8520
- C:\Windows\System\KEMBCTM.exe
  C:\Windows\System\KEMBCTM.exe
  2⤵
  PID:8548
- C:\Windows\System\sqvKWjr.exe
  C:\Windows\System\sqvKWjr.exe
  2⤵
  PID:8592
- C:\Windows\System\SqjAIFD.exe
  C:\Windows\System\SqjAIFD.exe
  2⤵
  PID:8620
- C:\Windows\System\ijlcnOI.exe
  C:\Windows\System\ijlcnOI.exe
  2⤵
  PID:8648
- C:\Windows\System\zjoSBsa.exe
  C:\Windows\System\zjoSBsa.exe
  2⤵
  PID:8672
- C:\Windows\System\stJFjHT.exe
  C:\Windows\System\stJFjHT.exe
  2⤵
  PID:8708
- C:\Windows\System\cmGwtMv.exe
  C:\Windows\System\cmGwtMv.exe
  2⤵
  PID:8728
- C:\Windows\System\ppOQlTT.exe
  C:\Windows\System\ppOQlTT.exe
  2⤵
  PID:8752
- C:\Windows\System\rXPctoi.exe
  C:\Windows\System\rXPctoi.exe
  2⤵
  PID:8788
- C:\Windows\System\kUnnjRw.exe
  C:\Windows\System\kUnnjRw.exe
  2⤵
  PID:8812
- C:\Windows\System\nkmrgok.exe
  C:\Windows\System\nkmrgok.exe
  2⤵
  PID:8852
- C:\Windows\System\MMcaOji.exe
  C:\Windows\System\MMcaOji.exe
  2⤵
  PID:8888
- C:\Windows\System\jfSpYck.exe
  C:\Windows\System\jfSpYck.exe
  2⤵
  PID:8920
- C:\Windows\System\TGJJOAG.exe
  C:\Windows\System\TGJJOAG.exe
  2⤵
  PID:8948
- C:\Windows\System\csnMyCo.exe
  C:\Windows\System\csnMyCo.exe
  2⤵
  PID:8976
- C:\Windows\System\gYUdqgy.exe
  C:\Windows\System\gYUdqgy.exe
  2⤵
  PID:9004
- C:\Windows\System\gFCaFaF.exe
  C:\Windows\System\gFCaFaF.exe
  2⤵
  PID:9020
- C:\Windows\System\HZsnEPo.exe
  C:\Windows\System\HZsnEPo.exe
  2⤵
  PID:9048
- C:\Windows\System\xBVqUMX.exe
  C:\Windows\System\xBVqUMX.exe
  2⤵
  PID:9080
- C:\Windows\System\KMspNwI.exe
  C:\Windows\System\KMspNwI.exe
  2⤵
  PID:9104
- C:\Windows\System\ZuAnqdu.exe
  C:\Windows\System\ZuAnqdu.exe
  2⤵
  PID:9120
- C:\Windows\System\LJdfUva.exe
  C:\Windows\System\LJdfUva.exe
  2⤵
  PID:9144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BCQrWVt.exe

Filesize
2.0MB

MD5
410a2d8bc064ca3df52ce70d1d95805e

SHA1
1c8bc63650275e3a39570dd64a8ad4d70e49358f

SHA256
f4fd87fc784a07d3eb475640bb5a96677ed5704ec37ef2082e12bb45678c2e1a

SHA512
a1ab25448834a165344974fdd3a177be134121b5907f7207191ff630aabc069fc3ae9cce810900084c07926231db04a0306f34503b587e425761f528e222acfa

Download Submit
C:\Windows\System\ETbtolc.exe

Filesize
2.0MB

MD5
52785c7d8194f02a49a678a5007aadd9

SHA1
6bd6567454f3676b4b6e00bb5c882da5fc0b8275

SHA256
5635cc2eab82917fc2536aaebacfc7b1f350d486eda20893ee38bd17520de94f

SHA512
af42cddb5b1d534c56892c3c016483d11ff94649c5e21ce9fb291442e13a87c2bae975512ccea98d2c762405c1dc62adb9a9f27fc9f36f1446a70d40354c5f6a

Download Submit
C:\Windows\System\GgXwDRm.exe

Filesize
2.0MB

MD5
6c244b3b11d49f8c28b8e4918d9fab1f

SHA1
e1bae602175ea47d07f189ba5967112b15760cad

SHA256
17eed4b1ad0c94dbf59ed83abd02036a6fc1eda8995f9887608b11d32c2f3586

SHA512
b86a9a1229f75c5fc74859393a5ce83403945d03c84a61028a49d3f75057e0372a7b1cca58cfcc525ce06b4f8565de6e51056b94e8e29057872c20a31c0abab0

Download Submit
C:\Windows\System\IBVbgcy.exe

Filesize
2.0MB

MD5
8f7756ac5696075c1c975618ccf58881

SHA1
5db06ed96b0fd2108e46339bcb444b23eb1ec77f

SHA256
2b6eaafa5a568205c24b3b5ece3577e0cacb4182eb4a0c32f9a7205d0d90aea6

SHA512
d90359666df56e66cfe81f32708e64d5fae01850e4f221a947880685bb8d3666f3fc0b5cbe71b2174ee356f1fbc61a799d29fa5dd73641b16b45c1f07c9d8842

Download Submit
C:\Windows\System\IVVuugl.exe

Filesize
2.0MB

MD5
3e79027e13ef6ce42d33d96b5d206a2c

SHA1
c0c5d91cb6349709b0112f6123531feb8776e746

SHA256
5d09e6f953d1647de88c4fff0428a6000d367e6a00fefbbb248e3459187d1207

SHA512
db73d89f861f88d70b6af665041e3be27eef00c9c899c796c61dd0d89a25d59395f7dfc317713753008dd953ff06f6cc96f395deee3bf4e449aa7c741a4a67ae

Download Submit
C:\Windows\System\JBMQhJQ.exe

Filesize
2.0MB

MD5
1feb0d2fa82d7bce12ec161df7ae839d

SHA1
1c1dab7ed90decc646538986d96b94adc8ac373e

SHA256
f50f811952c694d512426f8e00ed1d41c5de14541a09c178b42564a8dfdc020b

SHA512
799fb20c5573f1c5bf8359145a58ceae14999b0dd0061bc0fa6d28d0c008767cee92422371b98a7a7f6c92c9e8e6b19d1e68d6add9a79d6ec5a5f129027a160e

Download Submit
C:\Windows\System\Jhhovxf.exe

Filesize
2.0MB

MD5
0fad01891c27e55b1cbd20bcb41610df

SHA1
f0c2c5625de19373c3564738d4cd2f5bb5868156

SHA256
529de56601221a57f3e1a122c7d9ebfed4e4c9f00aea0077772b5b030b7cbe7d

SHA512
f44b34ebf49327b20394a86196d536b5e9f68bc41535c9915ef1d6428d19a7b5f842253641df07d5eb7e4a0fdfd4c13775b0a3ddeb8a1f8c86191d9494e01b88

Download Submit
C:\Windows\System\LvcLwPW.exe

Filesize
2.0MB

MD5
1a044317cace94531dc6ae09650062a5

SHA1
53974e0850874e71d5b633e2cc7259813d6fbb0e

SHA256
6db4225f2ff96ad36b170b5afef47713b4044842cc690131c80ddf4422265612

SHA512
25ffaaab219f7e75c98c7c2d416c6eb19071a6dbbf3d5e9bc1dfc15f224492a48f11ba1d5776cb05e409a8f8d2573874b6fb97e597b6288d7bb89e5fd170d900

Download Submit
C:\Windows\System\MphlhJQ.exe

Filesize
2.0MB

MD5
08d90520b1235ae91651122d3bc09e27

SHA1
cf97ada1d0861f958f08a655db90f568d809a063

SHA256
a187770a2261bf54287adfcaeb76cce4a345199c4288c8ce75334e9537eb88b1

SHA512
17365549b4e686717f8895de575fb22e658d950afafca507df750892cbf716f561053d9f8aec87ec65c893e4dc90abff232b22a4d383102fe02691a8dd9ea1f4

Download Submit
C:\Windows\System\NJvBGjS.exe

Filesize
2.0MB

MD5
87043a52dac4b5c8c80be153ca5e16bd

SHA1
3a878474cc5a0f0a589aeae50038ca86a65cf3c6

SHA256
5a4d99f05e6ebd8f60ef61aeddb9bdc80cfb15396491ca4e548e27b6b4005579

SHA512
fac6e29dd396eebb8bb0342aac5819c6c455caba84447270412997420624e373c291da5d93e71d28fd5d6199b0e9a0c27aa3fc4e69a02c7f969d760ea6177e59

Download Submit
C:\Windows\System\RBfzMqv.exe

Filesize
2.0MB

MD5
c36ff691325f34fc6345dae59d2c6fcd

SHA1
053ad14ad3eaf4f857c5d93e812bbd640b862dd6

SHA256
b286489063ad62e3dd95a944bfe9f303fe522bdd30ffd314b97e69fa6f4238b9

SHA512
f331b6e9ae15ca5eb140e47fb797f6fcc560ba7f87897faf70dd34c74198f24c7141f5940886ecce8df257f15aff896309021adc27b1c2b35d936f6055ca8fa7

Download Submit
C:\Windows\System\RrPrpAM.exe

Filesize
2.0MB

MD5
5e6b7e32c1f5dfd0e760dfc808a0b2e5

SHA1
910cfa8f17310e5977feab734b4c7c9f7316fc19

SHA256
482f625a133a79ea110d75293fc2e2e0f7f056ba7c489fb84b4acffc33422a5b

SHA512
991e707ef6510c2a69aaab33670ede5cf1a260f3c43dc019813895388aa8ffb6a001a93215c40380605e03d5084a23a4f1df76eb21de00256a26d25a457b73e3

Download Submit
C:\Windows\System\StlCNMZ.exe

Filesize
2.0MB

MD5
8eac836ff5e88f3f186d0a6f0a556047

SHA1
f3ab3502603b069db315e8e5be0f34708c5e39c3

SHA256
b8963fbf96b85b9d125a9f0b51b126ef83e98b910b4e0a0211c3381e7cf06886

SHA512
d73b20d60ac1c6bc0c2b608338bd63c503f7fa4791b5d7bceb3eef672093c54e05c74de5cd6da608e5eee2dba8a6e6c092df5865a0db067b9604766811ec78c3

Download Submit
C:\Windows\System\WHFCUeE.exe

Filesize
2.0MB

MD5
04c2b7f265ce82c0b66c507ab19cff2b

SHA1
f817e65c9739d5c3079e63bea8ab9179b357504c

SHA256
75765988547c76f31db4acc93ea22389dc2163b5754a095b6ec3b4440e25f72c

SHA512
446f9856692a2003e863efc7bcc29e79eb34a5ec634904c8d38f90da612cfb636fc66277d4e66d0c43543ad9d0c5f3846154e19abeb5f740798b3cf0fff19e5c

Download Submit
C:\Windows\System\YCLRBpO.exe

Filesize
2.0MB

MD5
39ba8b9a249acb3e3a209f239dc3d9ff

SHA1
4816d12bd78c04dac29c93b4a54e3ccb7fcc0844

SHA256
06149a135b3bebe74f61cbd1680bc538f26571449c31a92583af6ebce5c78013

SHA512
0600347679cb9d39a46a36b1cc1926d575908bf9d28763589547871715fe6aab377a7b6d6cd144f2acb5798da9af3ebd22079a997b150143501cfd0efc2a03bd

Download Submit
C:\Windows\System\ZCuqGWB.exe

Filesize
2.0MB

MD5
e942c15ca4a9991f0a8e37280425822c

SHA1
b98fc9e7778ec26757e86478491de7132d8dc090

SHA256
9dc62cc85eccfced01229505cb61813c902172c60eac9d91440283d7bf90db02

SHA512
66e116146e75b32f0b4457eb61e970e8b760c4b732ed057d2055ae19d0dad76a0f47d1787558e6f9ba17b3e42fec9d9afdce9b16f2b826c228d1ee2e30609222

Download Submit
C:\Windows\System\ZfkKSuw.exe

Filesize
2.0MB

MD5
ecd25595acde0ba90b70d72ae581dd85

SHA1
141b50abcd3c9a0feef9122be44d196485843fc2

SHA256
193d4f4f7768bff6975078fec605e309e88a7d0def25ec0fca516444d3c12865

SHA512
473e51fc1744505e1457e468e5e0b58fc743849673cba20ee07dba50ce5b78c13e6d9d3fa2b279ac73096e422adb46a82132860c24c33147b899bd5962030090

Download Submit
C:\Windows\System\cUHUkgG.exe

Filesize
2.0MB

MD5
a86eea190ad6c6c72c30be290846d1c1

SHA1
b0aab0bbba69eb5de13a8cf0e988947ef5892a10

SHA256
6bbb3d81e6aa7f216b8ed346c387bbc7f31336de32d32e3e54a5ec21e56642cc

SHA512
3e424f3477df707e317a71b83d703665f7a077124857933561b2c55888345c68bde2e366780fe4869855ba801e96d66da78650a772b7542a72524abac195c51c

Download Submit
C:\Windows\System\cnjOIsQ.exe

Filesize
2.0MB

MD5
e8de07d295996205ffe7588d932ded59

SHA1
86c8a47f57554b062d238d3d235743d7bb761de7

SHA256
21911172aa516747f6f92786402d76ac7a118a0f87fee5bf7f44a8305321f431

SHA512
1f5ab0df87915ca2cd2abdd62fce881e9b0e6cd713685ab2b601ec6804e450738cdf02346b514b90ebc6ddac665744d1150e1227dbb16ca975895ee7ad7b6079

Download Submit
C:\Windows\System\hBtmdSF.exe

Filesize
2.0MB

MD5
fa9ae9dd50a9fdb1a2a3a1f275fe2c49

SHA1
a72d53a10694d36ecad4958ae7730561bf93744b

SHA256
d87f2451ed23b9a20cf8929fed51c83fa8b2df1a81f2380952837bc9fa441bc9

SHA512
7921b311b2a215c7fb4e2e7c955435ba5e7784faf9ae8548c91fd03f02c399e71c1becf4146a2aa7e492f74230b271d2fdeae81ccfd9e8b6b112ab2a5b4285d1

Download Submit
C:\Windows\System\heINSNs.exe

Filesize
2.0MB

MD5
cd8e6607a27a69f40e9957cabf1af718

SHA1
d86acdb20db5c2382260e290564ab5ff92495d9c

SHA256
0ccf463ad51d450b1cc4515b70092716a6d8882959f964dc6e0bb4c986178de6

SHA512
d856339208b6e0a7fa97a10481910317340880a8a8d3183962e84503490ea0c5110dd87a55b23627db86d0487a159c9d4199295b83aa0e096f496287e5ed2097

Download Submit
C:\Windows\System\jKUjjeB.exe

Filesize
2.0MB

MD5
eb33121f79e4af9258f6f1186a64990d

SHA1
233edd8683b3d765a049ddeef7a89cfda3ae488b

SHA256
b84ea4788a48b27fafd61082ef24847b5570081a75bb585d468399da82aef45d

SHA512
46257d2e9c5381e5bac974b4e1daa94881b32ffbc0ceaf448e10792e192d96fd925a5ef4d9f064ea53c97a5eb7ecdbbb2054e5044484b77d5033f4069c638b6b

Download Submit
C:\Windows\System\jiQRaha.exe

Filesize
2.0MB

MD5
bfd516953e7b65f620129f493e12a056

SHA1
34c7279ed716551835922fd581a2cc23df1efece

SHA256
7a40eff35feab679c442ffe73b40e1d6e6db29637edbc35f533c46539f2aee16

SHA512
ba0a858c5dafa2b5de6d332ec5ae80af807efd9bcb49b9761660a5b9c899503bb6834f19d34922abd1b232ffbaa1251e42bded74ab18f2845495fa956488a9b2

Download Submit
C:\Windows\System\jnDGtFr.exe

Filesize
2.0MB

MD5
fba50e73aad1045f969a22a51b0b6e52

SHA1
842ec8f38d793fe67e7d5195cb9eb86582072da9

SHA256
1a6be3a1886c466aadd05c5f4b56166db7b22b7642af76a3422c7ad85a27bd19

SHA512
8ca3a8deb5471b173004d080ed5ce77341ea4b774ece4503188e043817024c4842710272969161052c213d9810295dd1cf4a1a8e977c1ed597790c418d8e82a4

Download Submit
C:\Windows\System\kykCBOD.exe

Filesize
2.0MB

MD5
b0a2800bf0bd1e1135e6d01eb1a4e124

SHA1
407b5928e1cd09fed357d7d6192a3164cbd90dd0

SHA256
0c785847be6aebde43fb640f3a0237db6af705840eb576b707d70e3c46075e9c

SHA512
65f44aa15e1eab35843fa5d35deef01c5d0d1bd35592f67787cb4b6518f75d2906b563c0c92a251f8c965fef1727a52cfad7840fc94303c8c643516e7053b6cc

Download Submit
C:\Windows\System\laxWHDJ.exe

Filesize
2.0MB

MD5
9efd1599f28ab9e78e5c17d410b99da0

SHA1
bfb4011aedb8d637d4491cef06a7c5cc0c4226ba

SHA256
45d5c394f8b503400367d198a285e7230c0fd5b28a7f581251e3bc6d4eafde07

SHA512
28b4b0e539b92bff7cd64ae3e3217a022ae9714695ec1ce4021bdc63b9108e1e9261654a062d15e52c2ba6a2ef9666743b33bdc07009225fbac820500155bbda

Download Submit
C:\Windows\System\nVHhtkk.exe

Filesize
2.0MB

MD5
999a59bda0f3c10e2a78b498630620c7

SHA1
cc30c211b0d5b2efa1ee6af73e09180dd6f05714

SHA256
04a859fdfa3860832eb6ea80a464c8007dddcfc9fdee7fb8847a24af37456966

SHA512
c88e4cf5f9f199284e3b480912d3323f2631fc6413f9d13e211cd7c54635dd06cc3d545e3c222b71048fc16ed7e8ca7c761a25ee0efbd52b35dd466f7a1278b7

Download Submit
C:\Windows\System\nxwTkeO.exe

Filesize
2.0MB

MD5
08ed83c74586848d9c7d3ad35d001b94

SHA1
bbe52a7c97e315da93d7e602f6dbfb1c385161b8

SHA256
505509eabcbe359663e0acfcdbf6378e0f6cc5549ce123395d6e9330c1b853c9

SHA512
b15db0a2e4284f20ee6167948c789a275fb9baefd439c487a2a8b95ed5119724d6173a3070f991821eff29a4bc5fe2c076a5a12b812cb876ea878a960cab4295

Download Submit
C:\Windows\System\pYGwUFW.exe

Filesize
2.0MB

MD5
912666e9b5758418fca592addaca6f59

SHA1
fa334f4b9856a580c3bd9194d798e0fedbbdd49d

SHA256
911d49054c707625aa978dcebc3143f2a56b47abc1775a9dd032ac433a43f18b

SHA512
12dd3b2e1109f0cb4e54b9e55ed356066ac1f1e7c5ae0ebedce0fa488b9871cabbcd12470498e8f4015ce42144bf707a0a6bd4c076e3b248272dc43dc17ab0d0

Download Submit
C:\Windows\System\uDavOuh.exe

Filesize
2.0MB

MD5
8e01bb156e5c2fb818c05b7011b13a43

SHA1
9c034c275664bc60b81e115fbef68915144bba60

SHA256
96b41b5f0ba8fb71177b6f31573a9b6cc42a48460d5ac9b3d971c1571e207f9a

SHA512
2c47258a8da19aae186b6a929c3c1a8ab384a9257cd5d4a47aa7ed831513ec8ae4381fdcba610cfd3b03d269dc411f7a216ea31ca545acedba0bf5ca880d1c96

Download Submit
C:\Windows\System\ufPgLuS.exe

Filesize
2.0MB

MD5
e548589bd18663627264c2a59436d6d1

SHA1
ef9edf848eaaa58ddd28995c7a10ec239eaa2a34

SHA256
d72b6a1c263b0f6cbf0bec69ae485f64656febb013dd420225db02b5051bc7ee

SHA512
0bf280aaf4766e954d88f0f25083ff17fe070cee947b5e6d9d00dc3471f7cb6c144a3789ab1cd7848571f5c2967c338de3ce2f61b7c6c71bcd74b3eb0e852f03

Download Submit
C:\Windows\System\vbfTijQ.exe

Filesize
2.0MB

MD5
49597849f7fa9499b3de5977afd15b3a

SHA1
59f9000398c16ea5202de8debbd193749d2f5257

SHA256
5d1e6b536a041315911b03ea94c9db69f48bd6804d397a261836532a5e52effd

SHA512
ce6ca74302d2533b07775ef7a8b51159dbbc407d401aedb2c3b32ac7681c447ea85c226560e95768759be7ab7a09dba514e1f45c712b0b64358a65bf4b3c4273

Download Submit
C:\Windows\System\yfPSFYH.exe

Filesize
2.0MB

MD5
5c3c0a21c1d47b5475509b04207e7189

SHA1
e466ab39f80b028c6c407b509cf86c5b493ced84

SHA256
2457530aa5d5097b82e230db1ca62960dec252c7939fb51795b846ec93d09319

SHA512
a352d817f308f1a1b3bd8748711ed2eb9662089b2fd051ce5dca2002d10e775fe17f135745af8aa31cf26b8b473ab67af46217ad185349b0dffbb135e0ef99d6

Download Submit
memory/2824-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download