kpot | a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830

Analysis

max time kernel
143s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
Size

2.2MB
MD5

5af1a8a044daf37b9d06bf9c270a47f5
SHA1

af3f825441e380f55d1ffc8bcedd5d1efb296d86
SHA256

a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830
SHA512

8bec8960cb567afd141917ccc1d4c7b5fc4c0bc01efebec882dddbe15d7fa1942a585349c4afd2f74dd4b1f7d2465d58ca761941f35da8e92a14d4b44b9630ff
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEnmcI+2zTySP:BemTLkNdfE0pZrwC

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000a000000012286-3.dat	family_kpot
behavioral1/files/0x0008000000016581-11.dat	family_kpot
behavioral1/files/0x0007000000016c52-28.dat	family_kpot
behavioral1/files/0x0007000000016a8a-31.dat	family_kpot
behavioral1/files/0x00080000000165e1-27.dat	family_kpot
behavioral1/files/0x0036000000015fef-26.dat	family_kpot
behavioral1/files/0x0008000000016cc1-52.dat	family_kpot
behavioral1/files/0x0007000000016c6f-47.dat	family_kpot
behavioral1/files/0x0008000000016dd1-59.dat	family_kpot
behavioral1/files/0x003700000001611e-65.dat	family_kpot
behavioral1/files/0x0006000000016ddc-67.dat	family_kpot
behavioral1/files/0x00060000000171d7-84.dat	family_kpot
behavioral1/files/0x0006000000016de3-79.dat	family_kpot
behavioral1/files/0x0006000000017223-96.dat	family_kpot
behavioral1/files/0x00060000000173ca-107.dat	family_kpot
behavioral1/files/0x00060000000173f6-113.dat	family_kpot
behavioral1/files/0x00060000000173f9-116.dat	family_kpot
behavioral1/files/0x0006000000017577-120.dat	family_kpot
behavioral1/files/0x000d000000018673-128.dat	family_kpot
behavioral1/files/0x000500000001870e-133.dat	family_kpot
behavioral1/files/0x000500000001871f-140.dat	family_kpot
behavioral1/files/0x0005000000018723-144.dat	family_kpot
behavioral1/files/0x00050000000187b3-172.dat	family_kpot
behavioral1/files/0x00060000000190da-192.dat	family_kpot
behavioral1/files/0x0006000000018bed-187.dat	family_kpot
behavioral1/files/0x0006000000018bd9-181.dat	family_kpot
behavioral1/files/0x0006000000018b86-177.dat	family_kpot
behavioral1/files/0x000500000001879e-167.dat	family_kpot
behavioral1/files/0x0005000000018797-161.dat	family_kpot
behavioral1/files/0x0005000000018784-157.dat	family_kpot
behavioral1/files/0x000500000001870f-136.dat	family_kpot
behavioral1/files/0x0014000000018668-124.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F640000-0x000000013F994000-memory.dmp	UPX
behavioral1/files/0x000a000000012286-3.dat	UPX
behavioral1/files/0x0008000000016581-11.dat	UPX
behavioral1/files/0x0007000000016c52-28.dat	UPX
behavioral1/memory/2640-32-0x000000013F9D0000-0x000000013FD24000-memory.dmp	UPX
behavioral1/memory/2696-36-0x000000013F3B0000-0x000000013F704000-memory.dmp	UPX
behavioral1/memory/2728-37-0x000000013F120000-0x000000013F474000-memory.dmp	UPX
behavioral1/memory/1732-35-0x000000013F0C0000-0x000000013F414000-memory.dmp	UPX
behavioral1/memory/2972-33-0x000000013F690000-0x000000013F9E4000-memory.dmp	UPX
behavioral1/files/0x0007000000016a8a-31.dat	UPX
behavioral1/files/0x00080000000165e1-27.dat	UPX
behavioral1/files/0x0036000000015fef-26.dat	UPX
behavioral1/memory/2596-25-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX
behavioral1/memory/2232-9-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX
behavioral1/files/0x0008000000016cc1-52.dat	UPX
behavioral1/memory/2624-54-0x000000013F0B0000-0x000000013F404000-memory.dmp	UPX
behavioral1/memory/2648-48-0x000000013F570000-0x000000013F8C4000-memory.dmp	UPX
behavioral1/files/0x0007000000016c6f-47.dat	UPX
behavioral1/files/0x0008000000016dd1-59.dat	UPX
behavioral1/memory/2544-62-0x000000013F5D0000-0x000000013F924000-memory.dmp	UPX
behavioral1/files/0x003700000001611e-65.dat	UPX
behavioral1/files/0x0006000000016ddc-67.dat	UPX
behavioral1/memory/2060-76-0x000000013FBE0000-0x000000013FF34000-memory.dmp	UPX
behavioral1/memory/2144-73-0x000000013F710000-0x000000013FA64000-memory.dmp	UPX
behavioral1/memory/2232-72-0x000000013F640000-0x000000013F994000-memory.dmp	UPX
behavioral1/files/0x00060000000171d7-84.dat	UPX
behavioral1/files/0x0006000000016de3-79.dat	UPX
behavioral1/memory/1732-93-0x000000013F0C0000-0x000000013F414000-memory.dmp	UPX
behavioral1/memory/1204-92-0x000000013FE90000-0x00000001401E4000-memory.dmp	UPX
behavioral1/memory/3028-90-0x000000013FF60000-0x00000001402B4000-memory.dmp	UPX
behavioral1/memory/2972-88-0x000000013F690000-0x000000013F9E4000-memory.dmp	UPX
behavioral1/memory/2640-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp	UPX
behavioral1/files/0x0006000000017223-96.dat	UPX
behavioral1/memory/2728-101-0x000000013F120000-0x000000013F474000-memory.dmp	UPX
behavioral1/memory/2696-100-0x000000013F3B0000-0x000000013F704000-memory.dmp	UPX
behavioral1/memory/2844-103-0x000000013FF70000-0x00000001402C4000-memory.dmp	UPX
behavioral1/files/0x00060000000173ca-107.dat	UPX
behavioral1/files/0x00060000000173f6-113.dat	UPX
behavioral1/files/0x00060000000173f9-116.dat	UPX
behavioral1/files/0x0006000000017577-120.dat	UPX
behavioral1/files/0x000d000000018673-128.dat	UPX
behavioral1/files/0x000500000001870e-133.dat	UPX
behavioral1/files/0x000500000001871f-140.dat	UPX
behavioral1/files/0x0005000000018723-144.dat	UPX
behavioral1/files/0x00050000000187b3-172.dat	UPX
behavioral1/files/0x00060000000190da-192.dat	UPX
behavioral1/memory/2648-345-0x000000013F570000-0x000000013F8C4000-memory.dmp	UPX
behavioral1/files/0x0006000000018bed-187.dat	UPX
behavioral1/files/0x0006000000018bd9-181.dat	UPX
behavioral1/files/0x0006000000018b86-177.dat	UPX
behavioral1/files/0x000500000001879e-167.dat	UPX
behavioral1/files/0x0005000000018797-161.dat	UPX
behavioral1/files/0x0005000000018784-157.dat	UPX
behavioral1/files/0x000500000001870f-136.dat	UPX
behavioral1/files/0x0014000000018668-124.dat	UPX
behavioral1/memory/2624-837-0x000000013F0B0000-0x000000013F404000-memory.dmp	UPX
behavioral1/memory/2596-1079-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX
behavioral1/memory/2696-1081-0x000000013F3B0000-0x000000013F704000-memory.dmp	UPX
behavioral1/memory/2972-1082-0x000000013F690000-0x000000013F9E4000-memory.dmp	UPX
behavioral1/memory/2640-1080-0x000000013F9D0000-0x000000013FD24000-memory.dmp	UPX
behavioral1/memory/1732-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp	UPX
behavioral1/memory/2728-1084-0x000000013F120000-0x000000013F474000-memory.dmp	UPX
behavioral1/memory/2624-1085-0x000000013F0B0000-0x000000013F404000-memory.dmp	UPX
behavioral1/memory/2648-1086-0x000000013F570000-0x000000013F8C4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000a000000012286-3.dat	xmrig
behavioral1/files/0x0008000000016581-11.dat	xmrig
behavioral1/files/0x0007000000016c52-28.dat	xmrig
behavioral1/memory/2640-32-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2232-34-0x0000000002010000-0x0000000002364000-memory.dmp	xmrig
behavioral1/memory/2696-36-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2728-37-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1732-35-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2972-33-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a8a-31.dat	xmrig
behavioral1/memory/2232-29-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00080000000165e1-27.dat	xmrig
behavioral1/files/0x0036000000015fef-26.dat	xmrig
behavioral1/memory/2596-25-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2232-9-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cc1-52.dat	xmrig
behavioral1/memory/2624-54-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2648-48-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c6f-47.dat	xmrig
behavioral1/files/0x0008000000016dd1-59.dat	xmrig
behavioral1/memory/2544-62-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x003700000001611e-65.dat	xmrig
behavioral1/files/0x0006000000016ddc-67.dat	xmrig
behavioral1/memory/2060-76-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2144-73-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2232-72-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x00060000000171d7-84.dat	xmrig
behavioral1/files/0x0006000000016de3-79.dat	xmrig
behavioral1/memory/1732-93-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1204-92-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2232-91-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/3028-90-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2232-89-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2972-88-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2640-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0006000000017223-96.dat	xmrig
behavioral1/memory/2728-101-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2696-100-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2844-103-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173ca-107.dat	xmrig
behavioral1/files/0x00060000000173f6-113.dat	xmrig
behavioral1/files/0x00060000000173f9-116.dat	xmrig
behavioral1/files/0x0006000000017577-120.dat	xmrig
behavioral1/files/0x000d000000018673-128.dat	xmrig
behavioral1/files/0x000500000001870e-133.dat	xmrig
behavioral1/files/0x000500000001871f-140.dat	xmrig
behavioral1/files/0x0005000000018723-144.dat	xmrig
behavioral1/files/0x00050000000187b3-172.dat	xmrig
behavioral1/files/0x00060000000190da-192.dat	xmrig
behavioral1/memory/2648-345-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bed-187.dat	xmrig
behavioral1/files/0x0006000000018bd9-181.dat	xmrig
behavioral1/files/0x0006000000018b86-177.dat	xmrig
behavioral1/files/0x000500000001879e-167.dat	xmrig
behavioral1/files/0x0005000000018797-161.dat	xmrig
behavioral1/files/0x0005000000018784-157.dat	xmrig
behavioral1/files/0x000500000001870f-136.dat	xmrig
behavioral1/files/0x0014000000018668-124.dat	xmrig
behavioral1/memory/2624-837-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2232-1075-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2596-1079-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2696-1081-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2972-1082-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2596	yzkWXOx.exe
1732	eCtlqRh.exe
2696	zPrGxNY.exe
2640	tglrhkw.exe
2972	sbxyjVv.exe
2728	BeixEwQ.exe
2648	IIOEelQ.exe
2624	pwbjYsP.exe
2544	cmFFTJT.exe
2144	ygrpXKS.exe
2060	OBqlAmA.exe
3028	HUilyXG.exe
1204	tfJEmqT.exe
2844	VVOmDqY.exe
744	WuyGwPA.exe
2688	bJyKkDa.exe
2872	lmtuEMF.exe
824	wYWIxXz.exe
1744	vEsewVR.exe
2076	uFiluSl.exe
2916	caQMaZJ.exe
756	ViUxwtr.exe
568	tdTlyBq.exe
300	NSQwkpZ.exe
1708	cImYgsl.exe
1764	Tvbcezk.exe
2460	DvQzMaM.exe
292	cicEQVb.exe
2496	hJQqrmF.exe
2704	DfrJLdr.exe
1312	wvQUunU.exe
2340	fyskjkE.exe
2456	MVquQQZ.exe
1076	tDVPNpc.exe
2484	ynYQhvq.exe
2472	OHOWxvR.exe
2316	VveHXlF.exe
1320	KpzMYxt.exe
1356	iSXAXJc.exe
1536	lcPfuUZ.exe
1280	LUvtFsV.exe
944	ISnqXgj.exe
1864	IYUABim.exe
1972	aafayVy.exe
1984	zmTruCp.exe
896	bizaNSI.exe
968	KGtvvKD.exe
1784	nQiHleY.exe
2952	JtwhBnR.exe
1932	OOQmaYm.exe
2352	PEonFtx.exe
2964	ZOwwODz.exe
1684	DSAMdVg.exe
1756	qmuWWON.exe
2236	SqoeXlq.exe
316	svARHzC.exe
1720	kkrPspJ.exe
2948	nvRhxTq.exe
2344	IcgUFEj.exe
2720	bmAAuoJ.exe
1232	fiZinzB.exe
2132	jnJVlgj.exe
1244	igygVAX.exe
2604	qEHkoSE.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000a000000012286-3.dat	upx
behavioral1/files/0x0008000000016581-11.dat	upx
behavioral1/files/0x0007000000016c52-28.dat	upx
behavioral1/memory/2640-32-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2696-36-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2728-37-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1732-35-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2972-33-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000016a8a-31.dat	upx
behavioral1/files/0x00080000000165e1-27.dat	upx
behavioral1/files/0x0036000000015fef-26.dat	upx
behavioral1/memory/2596-25-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2232-9-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0008000000016cc1-52.dat	upx
behavioral1/memory/2624-54-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2648-48-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0007000000016c6f-47.dat	upx
behavioral1/files/0x0008000000016dd1-59.dat	upx
behavioral1/memory/2544-62-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x003700000001611e-65.dat	upx
behavioral1/files/0x0006000000016ddc-67.dat	upx
behavioral1/memory/2060-76-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2144-73-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2232-72-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x00060000000171d7-84.dat	upx
behavioral1/files/0x0006000000016de3-79.dat	upx
behavioral1/memory/1732-93-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1204-92-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/3028-90-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2972-88-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2640-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0006000000017223-96.dat	upx
behavioral1/memory/2728-101-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2696-100-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2844-103-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2232-99-0x0000000002010000-0x0000000002364000-memory.dmp	upx
behavioral1/files/0x00060000000173ca-107.dat	upx
behavioral1/files/0x00060000000173f6-113.dat	upx
behavioral1/files/0x00060000000173f9-116.dat	upx
behavioral1/files/0x0006000000017577-120.dat	upx
behavioral1/files/0x000d000000018673-128.dat	upx
behavioral1/files/0x000500000001870e-133.dat	upx
behavioral1/files/0x000500000001871f-140.dat	upx
behavioral1/files/0x0005000000018723-144.dat	upx
behavioral1/files/0x00050000000187b3-172.dat	upx
behavioral1/files/0x00060000000190da-192.dat	upx
behavioral1/memory/2648-345-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0006000000018bed-187.dat	upx
behavioral1/files/0x0006000000018bd9-181.dat	upx
behavioral1/files/0x0006000000018b86-177.dat	upx
behavioral1/files/0x000500000001879e-167.dat	upx
behavioral1/files/0x0005000000018797-161.dat	upx
behavioral1/files/0x0005000000018784-157.dat	upx
behavioral1/files/0x000500000001870f-136.dat	upx
behavioral1/files/0x0014000000018668-124.dat	upx
behavioral1/memory/2624-837-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2596-1079-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2696-1081-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2972-1082-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2640-1080-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1732-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2728-1084-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2624-1085-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NSQwkpZ.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\iTZQLlB.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\yyouqdo.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\qaxkHio.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\tyvGzbk.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\hKJCjpu.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\tdTlyBq.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\fiZinzB.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\bIYYFPL.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\rdzuuHv.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\RLxsodd.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\uzAfvia.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\zJTAgMw.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\JdBHLGX.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\jpAXiij.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\YkJfTkn.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\DfrJLdr.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\UvLBGbV.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\AsxsUTT.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\sZAQSWa.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\WXvMltG.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\bFCJlAt.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\DSSVOVm.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\kZrVFwB.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\BKPfLFe.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\MFlcrAj.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\SIwhgwN.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\rTNwsXD.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\BcwdPHE.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\GuAGYKp.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\yzkWXOx.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\hJQqrmF.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\oFnwGiG.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\HTQmxMS.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\adqSkrc.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\zPrGxNY.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\wlYYCMe.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\PiJFxDf.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\JSmnvkn.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\zytSRev.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\PMtKlAT.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\LpKklxA.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\NkqHFzn.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\kkrPspJ.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\TfJbSuq.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\GiSQZNR.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\GqKvned.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\zBZgQTo.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\KpzMYxt.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\dccXwNa.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\ZsaTbOV.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\AhUoSfg.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\TzYBaRw.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\DYFNwMj.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\uoJXmhC.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\HFKIhCD.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\igygVAX.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\vJXjClZ.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\GosrSJG.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\PnvnOGx.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\iSXAXJc.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\FtsigoZ.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\easVdCp.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
File created	C:\Windows\System\vVlftdY.exe	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
Token: SeLockMemoryPrivilege	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2596	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	29
PID 2232 wrote to memory of 2596	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	29
PID 2232 wrote to memory of 2596	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	29
PID 2232 wrote to memory of 2696	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	30
PID 2232 wrote to memory of 2696	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	30
PID 2232 wrote to memory of 2696	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	30
PID 2232 wrote to memory of 1732	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	31
PID 2232 wrote to memory of 1732	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	31
PID 2232 wrote to memory of 1732	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	31
PID 2232 wrote to memory of 2640	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	32
PID 2232 wrote to memory of 2640	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	32
PID 2232 wrote to memory of 2640	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	32
PID 2232 wrote to memory of 2728	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	33
PID 2232 wrote to memory of 2728	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	33
PID 2232 wrote to memory of 2728	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	33
PID 2232 wrote to memory of 2972	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	34
PID 2232 wrote to memory of 2972	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	34
PID 2232 wrote to memory of 2972	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	34
PID 2232 wrote to memory of 2648	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	35
PID 2232 wrote to memory of 2648	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	35
PID 2232 wrote to memory of 2648	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	35
PID 2232 wrote to memory of 2624	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	36
PID 2232 wrote to memory of 2624	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	36
PID 2232 wrote to memory of 2624	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	36
PID 2232 wrote to memory of 2544	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	37
PID 2232 wrote to memory of 2544	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	37
PID 2232 wrote to memory of 2544	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	37
PID 2232 wrote to memory of 2144	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	38
PID 2232 wrote to memory of 2144	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	38
PID 2232 wrote to memory of 2144	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	38
PID 2232 wrote to memory of 2060	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	39
PID 2232 wrote to memory of 2060	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	39
PID 2232 wrote to memory of 2060	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	39
PID 2232 wrote to memory of 3028	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	40
PID 2232 wrote to memory of 3028	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	40
PID 2232 wrote to memory of 3028	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	40
PID 2232 wrote to memory of 1204	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	41
PID 2232 wrote to memory of 1204	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	41
PID 2232 wrote to memory of 1204	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	41
PID 2232 wrote to memory of 2844	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	42
PID 2232 wrote to memory of 2844	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	42
PID 2232 wrote to memory of 2844	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	42
PID 2232 wrote to memory of 744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	43
PID 2232 wrote to memory of 744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	43
PID 2232 wrote to memory of 744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	43
PID 2232 wrote to memory of 2688	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	44
PID 2232 wrote to memory of 2688	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	44
PID 2232 wrote to memory of 2688	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	44
PID 2232 wrote to memory of 2872	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	45
PID 2232 wrote to memory of 2872	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	45
PID 2232 wrote to memory of 2872	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	45
PID 2232 wrote to memory of 824	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	46
PID 2232 wrote to memory of 824	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	46
PID 2232 wrote to memory of 824	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	46
PID 2232 wrote to memory of 1744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	47
PID 2232 wrote to memory of 1744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	47
PID 2232 wrote to memory of 1744	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	47
PID 2232 wrote to memory of 2076	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	48
PID 2232 wrote to memory of 2076	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	48
PID 2232 wrote to memory of 2076	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	48
PID 2232 wrote to memory of 2916	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	49
PID 2232 wrote to memory of 2916	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	49
PID 2232 wrote to memory of 2916	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	49
PID 2232 wrote to memory of 756	2232	a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe	50

C:\Users\Admin\AppData\Local\Temp\a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe
"C:\Users\Admin\AppData\Local\Temp\a2d4ad6ebf6649ce657ef6c4b25374b47b4511f176238ae5ae53fb02dc5c1830.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\System\yzkWXOx.exe
  C:\Windows\System\yzkWXOx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\zPrGxNY.exe
  C:\Windows\System\zPrGxNY.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\eCtlqRh.exe
  C:\Windows\System\eCtlqRh.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\tglrhkw.exe
  C:\Windows\System\tglrhkw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\BeixEwQ.exe
  C:\Windows\System\BeixEwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\sbxyjVv.exe
  C:\Windows\System\sbxyjVv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\IIOEelQ.exe
  C:\Windows\System\IIOEelQ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\pwbjYsP.exe
  C:\Windows\System\pwbjYsP.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\cmFFTJT.exe
  C:\Windows\System\cmFFTJT.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ygrpXKS.exe
  C:\Windows\System\ygrpXKS.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\OBqlAmA.exe
  C:\Windows\System\OBqlAmA.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\HUilyXG.exe
  C:\Windows\System\HUilyXG.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\tfJEmqT.exe
  C:\Windows\System\tfJEmqT.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\VVOmDqY.exe
  C:\Windows\System\VVOmDqY.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\WuyGwPA.exe
  C:\Windows\System\WuyGwPA.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\bJyKkDa.exe
  C:\Windows\System\bJyKkDa.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\lmtuEMF.exe
  C:\Windows\System\lmtuEMF.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\wYWIxXz.exe
  C:\Windows\System\wYWIxXz.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\vEsewVR.exe
  C:\Windows\System\vEsewVR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\uFiluSl.exe
  C:\Windows\System\uFiluSl.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\caQMaZJ.exe
  C:\Windows\System\caQMaZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ViUxwtr.exe
  C:\Windows\System\ViUxwtr.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\tdTlyBq.exe
  C:\Windows\System\tdTlyBq.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\NSQwkpZ.exe
  C:\Windows\System\NSQwkpZ.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\cImYgsl.exe
  C:\Windows\System\cImYgsl.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\Tvbcezk.exe
  C:\Windows\System\Tvbcezk.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\DvQzMaM.exe
  C:\Windows\System\DvQzMaM.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\cicEQVb.exe
  C:\Windows\System\cicEQVb.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\hJQqrmF.exe
  C:\Windows\System\hJQqrmF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\DfrJLdr.exe
  C:\Windows\System\DfrJLdr.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\wvQUunU.exe
  C:\Windows\System\wvQUunU.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\fyskjkE.exe
  C:\Windows\System\fyskjkE.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\MVquQQZ.exe
  C:\Windows\System\MVquQQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\tDVPNpc.exe
  C:\Windows\System\tDVPNpc.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ynYQhvq.exe
  C:\Windows\System\ynYQhvq.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\OHOWxvR.exe
  C:\Windows\System\OHOWxvR.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\VveHXlF.exe
  C:\Windows\System\VveHXlF.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\KpzMYxt.exe
  C:\Windows\System\KpzMYxt.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\iSXAXJc.exe
  C:\Windows\System\iSXAXJc.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\lcPfuUZ.exe
  C:\Windows\System\lcPfuUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\LUvtFsV.exe
  C:\Windows\System\LUvtFsV.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\ISnqXgj.exe
  C:\Windows\System\ISnqXgj.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\IYUABim.exe
  C:\Windows\System\IYUABim.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\aafayVy.exe
  C:\Windows\System\aafayVy.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\zmTruCp.exe
  C:\Windows\System\zmTruCp.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bizaNSI.exe
  C:\Windows\System\bizaNSI.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\KGtvvKD.exe
  C:\Windows\System\KGtvvKD.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\nQiHleY.exe
  C:\Windows\System\nQiHleY.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\JtwhBnR.exe
  C:\Windows\System\JtwhBnR.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OOQmaYm.exe
  C:\Windows\System\OOQmaYm.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\PEonFtx.exe
  C:\Windows\System\PEonFtx.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZOwwODz.exe
  C:\Windows\System\ZOwwODz.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DSAMdVg.exe
  C:\Windows\System\DSAMdVg.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\qmuWWON.exe
  C:\Windows\System\qmuWWON.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\SqoeXlq.exe
  C:\Windows\System\SqoeXlq.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\svARHzC.exe
  C:\Windows\System\svARHzC.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\kkrPspJ.exe
  C:\Windows\System\kkrPspJ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\nvRhxTq.exe
  C:\Windows\System\nvRhxTq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\IcgUFEj.exe
  C:\Windows\System\IcgUFEj.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\bmAAuoJ.exe
  C:\Windows\System\bmAAuoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\fiZinzB.exe
  C:\Windows\System\fiZinzB.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\jnJVlgj.exe
  C:\Windows\System\jnJVlgj.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\igygVAX.exe
  C:\Windows\System\igygVAX.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\qEHkoSE.exe
  C:\Windows\System\qEHkoSE.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\EjOpOBt.exe
  C:\Windows\System\EjOpOBt.exe
  2⤵
  PID:2616
- C:\Windows\System\jTjkQQO.exe
  C:\Windows\System\jTjkQQO.exe
  2⤵
  PID:2800
- C:\Windows\System\pAQefJk.exe
  C:\Windows\System\pAQefJk.exe
  2⤵
  PID:2512
- C:\Windows\System\bIYYFPL.exe
  C:\Windows\System\bIYYFPL.exe
  2⤵
  PID:2808
- C:\Windows\System\UzuCjij.exe
  C:\Windows\System\UzuCjij.exe
  2⤵
  PID:2528
- C:\Windows\System\ivaBydM.exe
  C:\Windows\System\ivaBydM.exe
  2⤵
  PID:2272
- C:\Windows\System\YCEZbDe.exe
  C:\Windows\System\YCEZbDe.exe
  2⤵
  PID:3060
- C:\Windows\System\bulEsLY.exe
  C:\Windows\System\bulEsLY.exe
  2⤵
  PID:3040
- C:\Windows\System\kSspstU.exe
  C:\Windows\System\kSspstU.exe
  2⤵
  PID:1696
- C:\Windows\System\rdzuuHv.exe
  C:\Windows\System\rdzuuHv.exe
  2⤵
  PID:1328
- C:\Windows\System\GGNmjuy.exe
  C:\Windows\System\GGNmjuy.exe
  2⤵
  PID:2036
- C:\Windows\System\RLxsodd.exe
  C:\Windows\System\RLxsodd.exe
  2⤵
  PID:904
- C:\Windows\System\VWtwjKh.exe
  C:\Windows\System\VWtwjKh.exe
  2⤵
  PID:2252
- C:\Windows\System\XiLFkKZ.exe
  C:\Windows\System\XiLFkKZ.exe
  2⤵
  PID:2368
- C:\Windows\System\ZHjBBEl.exe
  C:\Windows\System\ZHjBBEl.exe
  2⤵
  PID:3032
- C:\Windows\System\UvLBGbV.exe
  C:\Windows\System\UvLBGbV.exe
  2⤵
  PID:2764
- C:\Windows\System\VBapAkj.exe
  C:\Windows\System\VBapAkj.exe
  2⤵
  PID:348
- C:\Windows\System\FtsigoZ.exe
  C:\Windows\System\FtsigoZ.exe
  2⤵
  PID:2860
- C:\Windows\System\VJCVWhq.exe
  C:\Windows\System\VJCVWhq.exe
  2⤵
  PID:2876
- C:\Windows\System\AsxsUTT.exe
  C:\Windows\System\AsxsUTT.exe
  2⤵
  PID:1016
- C:\Windows\System\rTNwsXD.exe
  C:\Windows\System\rTNwsXD.exe
  2⤵
  PID:112
- C:\Windows\System\FPcwRpq.exe
  C:\Windows\System\FPcwRpq.exe
  2⤵
  PID:2052
- C:\Windows\System\JAIjVxn.exe
  C:\Windows\System\JAIjVxn.exe
  2⤵
  PID:1528
- C:\Windows\System\PkcJAJm.exe
  C:\Windows\System\PkcJAJm.exe
  2⤵
  PID:1448
- C:\Windows\System\zOVoLak.exe
  C:\Windows\System\zOVoLak.exe
  2⤵
  PID:1628
- C:\Windows\System\GiitCOv.exe
  C:\Windows\System\GiitCOv.exe
  2⤵
  PID:524
- C:\Windows\System\aOuNBge.exe
  C:\Windows\System\aOuNBge.exe
  2⤵
  PID:876
- C:\Windows\System\KabUcAo.exe
  C:\Windows\System\KabUcAo.exe
  2⤵
  PID:1132
- C:\Windows\System\iBROkTe.exe
  C:\Windows\System\iBROkTe.exe
  2⤵
  PID:2308
- C:\Windows\System\sZAQSWa.exe
  C:\Windows\System\sZAQSWa.exe
  2⤵
  PID:1688
- C:\Windows\System\KMTrxdu.exe
  C:\Windows\System\KMTrxdu.exe
  2⤵
  PID:2356
- C:\Windows\System\UFBifUa.exe
  C:\Windows\System\UFBifUa.exe
  2⤵
  PID:760
- C:\Windows\System\uzAfvia.exe
  C:\Windows\System\uzAfvia.exe
  2⤵
  PID:2980
- C:\Windows\System\EmqnuFb.exe
  C:\Windows\System\EmqnuFb.exe
  2⤵
  PID:1956
- C:\Windows\System\NVgnHQq.exe
  C:\Windows\System\NVgnHQq.exe
  2⤵
  PID:1028
- C:\Windows\System\easVdCp.exe
  C:\Windows\System\easVdCp.exe
  2⤵
  PID:2192
- C:\Windows\System\qStDVCT.exe
  C:\Windows\System\qStDVCT.exe
  2⤵
  PID:1396
- C:\Windows\System\zJTAgMw.exe
  C:\Windows\System\zJTAgMw.exe
  2⤵
  PID:1996
- C:\Windows\System\nVKsSZs.exe
  C:\Windows\System\nVKsSZs.exe
  2⤵
  PID:872
- C:\Windows\System\adyGgYw.exe
  C:\Windows\System\adyGgYw.exe
  2⤵
  PID:1928
- C:\Windows\System\nRAQsmo.exe
  C:\Windows\System\nRAQsmo.exe
  2⤵
  PID:1596
- C:\Windows\System\YBSmBTM.exe
  C:\Windows\System\YBSmBTM.exe
  2⤵
  PID:2836
- C:\Windows\System\HKSWoZk.exe
  C:\Windows\System\HKSWoZk.exe
  2⤵
  PID:2156
- C:\Windows\System\ZGkJVIf.exe
  C:\Windows\System\ZGkJVIf.exe
  2⤵
  PID:2904
- C:\Windows\System\bBnVMvL.exe
  C:\Windows\System\bBnVMvL.exe
  2⤵
  PID:2680
- C:\Windows\System\GvKLrTk.exe
  C:\Windows\System\GvKLrTk.exe
  2⤵
  PID:2620
- C:\Windows\System\UCVoRHg.exe
  C:\Windows\System\UCVoRHg.exe
  2⤵
  PID:2828
- C:\Windows\System\uoJXmhC.exe
  C:\Windows\System\uoJXmhC.exe
  2⤵
  PID:2160
- C:\Windows\System\VbpNlnn.exe
  C:\Windows\System\VbpNlnn.exe
  2⤵
  PID:2524
- C:\Windows\System\iqiqiyJ.exe
  C:\Windows\System\iqiqiyJ.exe
  2⤵
  PID:2108
- C:\Windows\System\lcSRQuc.exe
  C:\Windows\System\lcSRQuc.exe
  2⤵
  PID:2560
- C:\Windows\System\WXvMltG.exe
  C:\Windows\System\WXvMltG.exe
  2⤵
  PID:2292
- C:\Windows\System\oFnwGiG.exe
  C:\Windows\System\oFnwGiG.exe
  2⤵
  PID:3004
- C:\Windows\System\VWmquSd.exe
  C:\Windows\System\VWmquSd.exe
  2⤵
  PID:1552
- C:\Windows\System\zjDTgGt.exe
  C:\Windows\System\zjDTgGt.exe
  2⤵
  PID:1588
- C:\Windows\System\KplJIER.exe
  C:\Windows\System\KplJIER.exe
  2⤵
  PID:2248
- C:\Windows\System\QWYzNFq.exe
  C:\Windows\System\QWYzNFq.exe
  2⤵
  PID:676
- C:\Windows\System\ZTKHQox.exe
  C:\Windows\System\ZTKHQox.exe
  2⤵
  PID:1036
- C:\Windows\System\dccXwNa.exe
  C:\Windows\System\dccXwNa.exe
  2⤵
  PID:2120
- C:\Windows\System\iTZQLlB.exe
  C:\Windows\System\iTZQLlB.exe
  2⤵
  PID:328
- C:\Windows\System\giGIVpM.exe
  C:\Windows\System\giGIVpM.exe
  2⤵
  PID:2840
- C:\Windows\System\qeQcCXJ.exe
  C:\Windows\System\qeQcCXJ.exe
  2⤵
  PID:1556
- C:\Windows\System\HUicECh.exe
  C:\Windows\System\HUicECh.exe
  2⤵
  PID:1092
- C:\Windows\System\ZsaTbOV.exe
  C:\Windows\System\ZsaTbOV.exe
  2⤵
  PID:2328
- C:\Windows\System\NAcHcTT.exe
  C:\Windows\System\NAcHcTT.exe
  2⤵
  PID:976
- C:\Windows\System\yyouqdo.exe
  C:\Windows\System\yyouqdo.exe
  2⤵
  PID:836
- C:\Windows\System\wlYYCMe.exe
  C:\Windows\System\wlYYCMe.exe
  2⤵
  PID:1952
- C:\Windows\System\fmuMEtr.exe
  C:\Windows\System\fmuMEtr.exe
  2⤵
  PID:924
- C:\Windows\System\XcEzwtJ.exe
  C:\Windows\System\XcEzwtJ.exe
  2⤵
  PID:2636
- C:\Windows\System\KiOyizn.exe
  C:\Windows\System\KiOyizn.exe
  2⤵
  PID:1200
- C:\Windows\System\aqNddBy.exe
  C:\Windows\System\aqNddBy.exe
  2⤵
  PID:2856
- C:\Windows\System\oDNBzMh.exe
  C:\Windows\System\oDNBzMh.exe
  2⤵
  PID:2336
- C:\Windows\System\dErjJoa.exe
  C:\Windows\System\dErjJoa.exe
  2⤵
  PID:2412
- C:\Windows\System\haRyLNE.exe
  C:\Windows\System\haRyLNE.exe
  2⤵
  PID:2072
- C:\Windows\System\PiJFxDf.exe
  C:\Windows\System\PiJFxDf.exe
  2⤵
  PID:2416
- C:\Windows\System\drQWJix.exe
  C:\Windows\System\drQWJix.exe
  2⤵
  PID:2012
- C:\Windows\System\toJVywZ.exe
  C:\Windows\System\toJVywZ.exe
  2⤵
  PID:1568
- C:\Windows\System\ztHJoNk.exe
  C:\Windows\System\ztHJoNk.exe
  2⤵
  PID:2284
- C:\Windows\System\HaDwHhT.exe
  C:\Windows\System\HaDwHhT.exe
  2⤵
  PID:2832
- C:\Windows\System\txVFilz.exe
  C:\Windows\System\txVFilz.exe
  2⤵
  PID:580
- C:\Windows\System\wfHnPLF.exe
  C:\Windows\System\wfHnPLF.exe
  2⤵
  PID:1736
- C:\Windows\System\VtGEtmG.exe
  C:\Windows\System\VtGEtmG.exe
  2⤵
  PID:1576
- C:\Windows\System\XqNhLqO.exe
  C:\Windows\System\XqNhLqO.exe
  2⤵
  PID:1944
- C:\Windows\System\sAEVXhr.exe
  C:\Windows\System\sAEVXhr.exe
  2⤵
  PID:2576
- C:\Windows\System\eUTELHg.exe
  C:\Windows\System\eUTELHg.exe
  2⤵
  PID:1920
- C:\Windows\System\gWnRtdK.exe
  C:\Windows\System\gWnRtdK.exe
  2⤵
  PID:1304
- C:\Windows\System\vVlftdY.exe
  C:\Windows\System\vVlftdY.exe
  2⤵
  PID:2772
- C:\Windows\System\JSmnvkn.exe
  C:\Windows\System\JSmnvkn.exe
  2⤵
  PID:2928
- C:\Windows\System\AhUoSfg.exe
  C:\Windows\System\AhUoSfg.exe
  2⤵
  PID:1680
- C:\Windows\System\mYKTYeM.exe
  C:\Windows\System\mYKTYeM.exe
  2⤵
  PID:980
- C:\Windows\System\BcwdPHE.exe
  C:\Windows\System\BcwdPHE.exe
  2⤵
  PID:2200
- C:\Windows\System\BQpvTnr.exe
  C:\Windows\System\BQpvTnr.exe
  2⤵
  PID:1300
- C:\Windows\System\rxPLOea.exe
  C:\Windows\System\rxPLOea.exe
  2⤵
  PID:1336
- C:\Windows\System\vNQVFfP.exe
  C:\Windows\System\vNQVFfP.exe
  2⤵
  PID:1804
- C:\Windows\System\FnKtYLV.exe
  C:\Windows\System\FnKtYLV.exe
  2⤵
  PID:1960
- C:\Windows\System\SaXNFTq.exe
  C:\Windows\System\SaXNFTq.exe
  2⤵
  PID:1860
- C:\Windows\System\lbtKWIY.exe
  C:\Windows\System\lbtKWIY.exe
  2⤵
  PID:2180
- C:\Windows\System\cCXHEuS.exe
  C:\Windows\System\cCXHEuS.exe
  2⤵
  PID:2488
- C:\Windows\System\gqdvfLi.exe
  C:\Windows\System\gqdvfLi.exe
  2⤵
  PID:2276
- C:\Windows\System\lqVqYkJ.exe
  C:\Windows\System\lqVqYkJ.exe
  2⤵
  PID:1172
- C:\Windows\System\MxWZdIp.exe
  C:\Windows\System\MxWZdIp.exe
  2⤵
  PID:2100
- C:\Windows\System\mqXnMDn.exe
  C:\Windows\System\mqXnMDn.exe
  2⤵
  PID:1900
- C:\Windows\System\mBRjKYu.exe
  C:\Windows\System\mBRjKYu.exe
  2⤵
  PID:740
- C:\Windows\System\wuTaoer.exe
  C:\Windows\System\wuTaoer.exe
  2⤵
  PID:1032
- C:\Windows\System\GwASTQY.exe
  C:\Windows\System\GwASTQY.exe
  2⤵
  PID:2128
- C:\Windows\System\fcyTBgN.exe
  C:\Windows\System\fcyTBgN.exe
  2⤵
  PID:2044
- C:\Windows\System\SIwhgwN.exe
  C:\Windows\System\SIwhgwN.exe
  2⤵
  PID:804
- C:\Windows\System\uPImQPO.exe
  C:\Windows\System\uPImQPO.exe
  2⤵
  PID:800
- C:\Windows\System\TnQgAFB.exe
  C:\Windows\System\TnQgAFB.exe
  2⤵
  PID:1484
- C:\Windows\System\KewPugJ.exe
  C:\Windows\System\KewPugJ.exe
  2⤵
  PID:1624
- C:\Windows\System\VjBUjAf.exe
  C:\Windows\System\VjBUjAf.exe
  2⤵
  PID:772
- C:\Windows\System\pXOXpOc.exe
  C:\Windows\System\pXOXpOc.exe
  2⤵
  PID:1252
- C:\Windows\System\HUZkwqC.exe
  C:\Windows\System\HUZkwqC.exe
  2⤵
  PID:1660
- C:\Windows\System\OSJDIhU.exe
  C:\Windows\System\OSJDIhU.exe
  2⤵
  PID:2364
- C:\Windows\System\vJXjClZ.exe
  C:\Windows\System\vJXjClZ.exe
  2⤵
  PID:1964
- C:\Windows\System\OWNrcOy.exe
  C:\Windows\System\OWNrcOy.exe
  2⤵
  PID:1504
- C:\Windows\System\SIElkJO.exe
  C:\Windows\System\SIElkJO.exe
  2⤵
  PID:2024
- C:\Windows\System\WrsIbmJ.exe
  C:\Windows\System\WrsIbmJ.exe
  2⤵
  PID:3056
- C:\Windows\System\ypyDGkV.exe
  C:\Windows\System\ypyDGkV.exe
  2⤵
  PID:1496
- C:\Windows\System\pXvhknv.exe
  C:\Windows\System\pXvhknv.exe
  2⤵
  PID:2960
- C:\Windows\System\WfsmeQg.exe
  C:\Windows\System\WfsmeQg.exe
  2⤵
  PID:468
- C:\Windows\System\yEJBtoS.exe
  C:\Windows\System\yEJBtoS.exe
  2⤵
  PID:2396
- C:\Windows\System\iIVbRrL.exe
  C:\Windows\System\iIVbRrL.exe
  2⤵
  PID:2760
- C:\Windows\System\DaBGgay.exe
  C:\Windows\System\DaBGgay.exe
  2⤵
  PID:3052
- C:\Windows\System\JRlHoNV.exe
  C:\Windows\System\JRlHoNV.exe
  2⤵
  PID:1792
- C:\Windows\System\qaxkHio.exe
  C:\Windows\System\qaxkHio.exe
  2⤵
  PID:2112
- C:\Windows\System\CeMQLoR.exe
  C:\Windows\System\CeMQLoR.exe
  2⤵
  PID:1812
- C:\Windows\System\lEPGxbJ.exe
  C:\Windows\System\lEPGxbJ.exe
  2⤵
  PID:3084
- C:\Windows\System\PSBAPVV.exe
  C:\Windows\System\PSBAPVV.exe
  2⤵
  PID:3100
- C:\Windows\System\phzEWUM.exe
  C:\Windows\System\phzEWUM.exe
  2⤵
  PID:3116
- C:\Windows\System\PXqajzI.exe
  C:\Windows\System\PXqajzI.exe
  2⤵
  PID:3136
- C:\Windows\System\lyzOUjw.exe
  C:\Windows\System\lyzOUjw.exe
  2⤵
  PID:3152
- C:\Windows\System\XJHFvSa.exe
  C:\Windows\System\XJHFvSa.exe
  2⤵
  PID:3168
- C:\Windows\System\zytSRev.exe
  C:\Windows\System\zytSRev.exe
  2⤵
  PID:3192
- C:\Windows\System\TfJbSuq.exe
  C:\Windows\System\TfJbSuq.exe
  2⤵
  PID:3208
- C:\Windows\System\ikqPsXR.exe
  C:\Windows\System\ikqPsXR.exe
  2⤵
  PID:3224
- C:\Windows\System\dgxZyso.exe
  C:\Windows\System\dgxZyso.exe
  2⤵
  PID:3240
- C:\Windows\System\jyYADUR.exe
  C:\Windows\System\jyYADUR.exe
  2⤵
  PID:3256
- C:\Windows\System\UxezJig.exe
  C:\Windows\System\UxezJig.exe
  2⤵
  PID:3272
- C:\Windows\System\oJCTfXa.exe
  C:\Windows\System\oJCTfXa.exe
  2⤵
  PID:3288
- C:\Windows\System\tyvGzbk.exe
  C:\Windows\System\tyvGzbk.exe
  2⤵
  PID:3304
- C:\Windows\System\dpHxxAz.exe
  C:\Windows\System\dpHxxAz.exe
  2⤵
  PID:3320
- C:\Windows\System\GiSQZNR.exe
  C:\Windows\System\GiSQZNR.exe
  2⤵
  PID:3336
- C:\Windows\System\aTIyUNQ.exe
  C:\Windows\System\aTIyUNQ.exe
  2⤵
  PID:3356
- C:\Windows\System\GqKvned.exe
  C:\Windows\System\GqKvned.exe
  2⤵
  PID:3376
- C:\Windows\System\qdeTEqL.exe
  C:\Windows\System\qdeTEqL.exe
  2⤵
  PID:3396
- C:\Windows\System\NqyudRN.exe
  C:\Windows\System\NqyudRN.exe
  2⤵
  PID:3412
- C:\Windows\System\TmmeCOn.exe
  C:\Windows\System\TmmeCOn.exe
  2⤵
  PID:3428
- C:\Windows\System\WwyxFAo.exe
  C:\Windows\System\WwyxFAo.exe
  2⤵
  PID:3448
- C:\Windows\System\AqxUyUr.exe
  C:\Windows\System\AqxUyUr.exe
  2⤵
  PID:3472
- C:\Windows\System\PMtKlAT.exe
  C:\Windows\System\PMtKlAT.exe
  2⤵
  PID:3488
- C:\Windows\System\cUotnvz.exe
  C:\Windows\System\cUotnvz.exe
  2⤵
  PID:3504
- C:\Windows\System\gymBZYB.exe
  C:\Windows\System\gymBZYB.exe
  2⤵
  PID:3596
- C:\Windows\System\Gerqvhd.exe
  C:\Windows\System\Gerqvhd.exe
  2⤵
  PID:3616
- C:\Windows\System\kqINnRl.exe
  C:\Windows\System\kqINnRl.exe
  2⤵
  PID:3632
- C:\Windows\System\YPHATuC.exe
  C:\Windows\System\YPHATuC.exe
  2⤵
  PID:3648
- C:\Windows\System\QEaAvGF.exe
  C:\Windows\System\QEaAvGF.exe
  2⤵
  PID:3668
- C:\Windows\System\pWfVgsw.exe
  C:\Windows\System\pWfVgsw.exe
  2⤵
  PID:3684
- C:\Windows\System\zIQtXsV.exe
  C:\Windows\System\zIQtXsV.exe
  2⤵
  PID:3700
- C:\Windows\System\zYepavq.exe
  C:\Windows\System\zYepavq.exe
  2⤵
  PID:3716
- C:\Windows\System\HFKIhCD.exe
  C:\Windows\System\HFKIhCD.exe
  2⤵
  PID:3732
- C:\Windows\System\LpKklxA.exe
  C:\Windows\System\LpKklxA.exe
  2⤵
  PID:3752
- C:\Windows\System\nTjolUA.exe
  C:\Windows\System\nTjolUA.exe
  2⤵
  PID:3772
- C:\Windows\System\iNmmYeb.exe
  C:\Windows\System\iNmmYeb.exe
  2⤵
  PID:3788
- C:\Windows\System\pPPzrAO.exe
  C:\Windows\System\pPPzrAO.exe
  2⤵
  PID:3804
- C:\Windows\System\ztJgrVI.exe
  C:\Windows\System\ztJgrVI.exe
  2⤵
  PID:3828
- C:\Windows\System\oMiMiDy.exe
  C:\Windows\System\oMiMiDy.exe
  2⤵
  PID:3844
- C:\Windows\System\ZvAKmZg.exe
  C:\Windows\System\ZvAKmZg.exe
  2⤵
  PID:3860
- C:\Windows\System\GosrSJG.exe
  C:\Windows\System\GosrSJG.exe
  2⤵
  PID:3876
- C:\Windows\System\TaflYaM.exe
  C:\Windows\System\TaflYaM.exe
  2⤵
  PID:3892
- C:\Windows\System\NaswvCs.exe
  C:\Windows\System\NaswvCs.exe
  2⤵
  PID:3912
- C:\Windows\System\GuAGYKp.exe
  C:\Windows\System\GuAGYKp.exe
  2⤵
  PID:3932
- C:\Windows\System\rlbnSdO.exe
  C:\Windows\System\rlbnSdO.exe
  2⤵
  PID:3952
- C:\Windows\System\VPVeVAP.exe
  C:\Windows\System\VPVeVAP.exe
  2⤵
  PID:3968
- C:\Windows\System\HTQmxMS.exe
  C:\Windows\System\HTQmxMS.exe
  2⤵
  PID:3984
- C:\Windows\System\wTPgGMl.exe
  C:\Windows\System\wTPgGMl.exe
  2⤵
  PID:4004
- C:\Windows\System\spjacsS.exe
  C:\Windows\System\spjacsS.exe
  2⤵
  PID:4024
- C:\Windows\System\PeNsNRS.exe
  C:\Windows\System\PeNsNRS.exe
  2⤵
  PID:4048
- C:\Windows\System\ZUUGNVB.exe
  C:\Windows\System\ZUUGNVB.exe
  2⤵
  PID:4064
- C:\Windows\System\zXKpKLD.exe
  C:\Windows\System\zXKpKLD.exe
  2⤵
  PID:4084
- C:\Windows\System\valGZtW.exe
  C:\Windows\System\valGZtW.exe
  2⤵
  PID:2944
- C:\Windows\System\hrNZXxP.exe
  C:\Windows\System\hrNZXxP.exe
  2⤵
  PID:320
- C:\Windows\System\GovtsZT.exe
  C:\Windows\System\GovtsZT.exe
  2⤵
  PID:1904
- C:\Windows\System\bFCJlAt.exe
  C:\Windows\System\bFCJlAt.exe
  2⤵
  PID:3484
- C:\Windows\System\iYDHbng.exe
  C:\Windows\System\iYDHbng.exe
  2⤵
  PID:3164
- C:\Windows\System\QEwIohK.exe
  C:\Windows\System\QEwIohK.exe
  2⤵
  PID:3232
- C:\Windows\System\TkXDxTw.exe
  C:\Windows\System\TkXDxTw.exe
  2⤵
  PID:3248
- C:\Windows\System\uicyKnQ.exe
  C:\Windows\System\uicyKnQ.exe
  2⤵
  PID:3560
- C:\Windows\System\mkhLGSW.exe
  C:\Windows\System\mkhLGSW.exe
  2⤵
  PID:3572
- C:\Windows\System\AxGEUZY.exe
  C:\Windows\System\AxGEUZY.exe
  2⤵
  PID:3496
- C:\Windows\System\DSSVOVm.exe
  C:\Windows\System\DSSVOVm.exe
  2⤵
  PID:3624
- C:\Windows\System\MTVShul.exe
  C:\Windows\System\MTVShul.exe
  2⤵
  PID:3660
- C:\Windows\System\giUfuHN.exe
  C:\Windows\System\giUfuHN.exe
  2⤵
  PID:3760
- C:\Windows\System\NcCbjww.exe
  C:\Windows\System\NcCbjww.exe
  2⤵
  PID:3840
- C:\Windows\System\TzYBaRw.exe
  C:\Windows\System\TzYBaRw.exe
  2⤵
  PID:3908
- C:\Windows\System\xzfogZK.exe
  C:\Windows\System\xzfogZK.exe
  2⤵
  PID:3976
- C:\Windows\System\GdHDdZr.exe
  C:\Windows\System\GdHDdZr.exe
  2⤵
  PID:4020
- C:\Windows\System\zwbwRsg.exe
  C:\Windows\System\zwbwRsg.exe
  2⤵
  PID:1820
- C:\Windows\System\pWskYjI.exe
  C:\Windows\System\pWskYjI.exe
  2⤵
  PID:3124
- C:\Windows\System\jYJefbA.exe
  C:\Windows\System\jYJefbA.exe
  2⤵
  PID:3264
- C:\Windows\System\zBZgQTo.exe
  C:\Windows\System\zBZgQTo.exe
  2⤵
  PID:3364
- C:\Windows\System\dqgCoSQ.exe
  C:\Windows\System\dqgCoSQ.exe
  2⤵
  PID:3740
- C:\Windows\System\JdBHLGX.exe
  C:\Windows\System\JdBHLGX.exe
  2⤵
  PID:3812
- C:\Windows\System\gBOmIrI.exe
  C:\Windows\System\gBOmIrI.exe
  2⤵
  PID:3404
- C:\Windows\System\tgCbzXj.exe
  C:\Windows\System\tgCbzXj.exe
  2⤵
  PID:3520
- C:\Windows\System\cSBPCCX.exe
  C:\Windows\System\cSBPCCX.exe
  2⤵
  PID:3536
- C:\Windows\System\wsdAjNl.exe
  C:\Windows\System\wsdAjNl.exe
  2⤵
  PID:3112
- C:\Windows\System\skIjMSB.exe
  C:\Windows\System\skIjMSB.exe
  2⤵
  PID:3180
- C:\Windows\System\hKJCjpu.exe
  C:\Windows\System\hKJCjpu.exe
  2⤵
  PID:3344
- C:\Windows\System\SNCWqbO.exe
  C:\Windows\System\SNCWqbO.exe
  2⤵
  PID:3604
- C:\Windows\System\jpAXiij.exe
  C:\Windows\System\jpAXiij.exe
  2⤵
  PID:3708
- C:\Windows\System\nODgxqV.exe
  C:\Windows\System\nODgxqV.exe
  2⤵
  PID:3300
- C:\Windows\System\NkqHFzn.exe
  C:\Windows\System\NkqHFzn.exe
  2⤵
  PID:3884
- C:\Windows\System\edSnbTS.exe
  C:\Windows\System\edSnbTS.exe
  2⤵
  PID:3960
- C:\Windows\System\hFMwkXX.exe
  C:\Windows\System\hFMwkXX.exe
  2⤵
  PID:2936
- C:\Windows\System\XRjcShp.exe
  C:\Windows\System\XRjcShp.exe
  2⤵
  PID:3568
- C:\Windows\System\tBaaARz.exe
  C:\Windows\System\tBaaARz.exe
  2⤵
  PID:3588
- C:\Windows\System\aYhNZsJ.exe
  C:\Windows\System\aYhNZsJ.exe
  2⤵
  PID:3696
- C:\Windows\System\nfQBOHS.exe
  C:\Windows\System\nfQBOHS.exe
  2⤵
  PID:3872
- C:\Windows\System\EgPkPkD.exe
  C:\Windows\System\EgPkPkD.exe
  2⤵
  PID:3092
- C:\Windows\System\yWKGCMA.exe
  C:\Windows\System\yWKGCMA.exe
  2⤵
  PID:3780
- C:\Windows\System\MFlcrAj.exe
  C:\Windows\System\MFlcrAj.exe
  2⤵
  PID:3204
- C:\Windows\System\TjtIetH.exe
  C:\Windows\System\TjtIetH.exe
  2⤵
  PID:3220
- C:\Windows\System\kZrVFwB.exe
  C:\Windows\System\kZrVFwB.exe
  2⤵
  PID:3900
- C:\Windows\System\DYFNwMj.exe
  C:\Windows\System\DYFNwMj.exe
  2⤵
  PID:3284
- C:\Windows\System\fDuqgyO.exe
  C:\Windows\System\fDuqgyO.exe
  2⤵
  PID:3388
- C:\Windows\System\SrWShSO.exe
  C:\Windows\System\SrWShSO.exe
  2⤵
  PID:3712
- C:\Windows\System\KhukwMi.exe
  C:\Windows\System\KhukwMi.exe
  2⤵
  PID:3352
- C:\Windows\System\vtaSIVS.exe
  C:\Windows\System\vtaSIVS.exe
  2⤵
  PID:3132
- C:\Windows\System\JCnsLrR.exe
  C:\Windows\System\JCnsLrR.exe
  2⤵
  PID:4040
- C:\Windows\System\TzTNqSO.exe
  C:\Windows\System\TzTNqSO.exe
  2⤵
  PID:4060
- C:\Windows\System\PnvnOGx.exe
  C:\Windows\System\PnvnOGx.exe
  2⤵
  PID:3468
- C:\Windows\System\deySmRk.exe
  C:\Windows\System\deySmRk.exe
  2⤵
  PID:3580
- C:\Windows\System\boZvYXb.exe
  C:\Windows\System\boZvYXb.exe
  2⤵
  PID:3384
- C:\Windows\System\EzRwBVv.exe
  C:\Windows\System\EzRwBVv.exe
  2⤵
  PID:3108
- C:\Windows\System\QGakkgK.exe
  C:\Windows\System\QGakkgK.exe
  2⤵
  PID:1796
- C:\Windows\System\bjezeqq.exe
  C:\Windows\System\bjezeqq.exe
  2⤵
  PID:3436
- C:\Windows\System\WyhAMwa.exe
  C:\Windows\System\WyhAMwa.exe
  2⤵
  PID:3528
- C:\Windows\System\YkJfTkn.exe
  C:\Windows\System\YkJfTkn.exe
  2⤵
  PID:3532
- C:\Windows\System\oGOhZEc.exe
  C:\Windows\System\oGOhZEc.exe
  2⤵
  PID:3184
- C:\Windows\System\adqSkrc.exe
  C:\Windows\System\adqSkrc.exe
  2⤵
  PID:3924
- C:\Windows\System\QFCZfrf.exe
  C:\Windows\System\QFCZfrf.exe
  2⤵
  PID:3800
- C:\Windows\System\bQiOvah.exe
  C:\Windows\System\bQiOvah.exe
  2⤵
  PID:4036
- C:\Windows\System\buLpyrR.exe
  C:\Windows\System\buLpyrR.exe
  2⤵
  PID:3728
- C:\Windows\System\BEUkojR.exe
  C:\Windows\System\BEUkojR.exe
  2⤵
  PID:3268
- C:\Windows\System\vUOVcoq.exe
  C:\Windows\System\vUOVcoq.exe
  2⤵
  PID:3820
- C:\Windows\System\eyUaOFp.exe
  C:\Windows\System\eyUaOFp.exe
  2⤵
  PID:4072
- C:\Windows\System\KOajdal.exe
  C:\Windows\System\KOajdal.exe
  2⤵
  PID:3080
- C:\Windows\System\MYSHYKF.exe
  C:\Windows\System\MYSHYKF.exe
  2⤵
  PID:3440
- C:\Windows\System\mvFcJHu.exe
  C:\Windows\System\mvFcJHu.exe
  2⤵
  PID:3332
- C:\Windows\System\cTyUHZD.exe
  C:\Windows\System\cTyUHZD.exe
  2⤵
  PID:3456
- C:\Windows\System\EEilwfn.exe
  C:\Windows\System\EEilwfn.exe
  2⤵
  PID:3920
- C:\Windows\System\jLpbidC.exe
  C:\Windows\System\jLpbidC.exe
  2⤵
  PID:4076
- C:\Windows\System\pEqWBPl.exe
  C:\Windows\System\pEqWBPl.exe
  2⤵
  PID:4032
- C:\Windows\System\mzLqlqw.exe
  C:\Windows\System\mzLqlqw.exe
  2⤵
  PID:4000
- C:\Windows\System\USkTmOf.exe
  C:\Windows\System\USkTmOf.exe
  2⤵
  PID:4112
- C:\Windows\System\DEnFZEF.exe
  C:\Windows\System\DEnFZEF.exe
  2⤵
  PID:4132
- C:\Windows\System\BKPfLFe.exe
  C:\Windows\System\BKPfLFe.exe
  2⤵
  PID:4148
- C:\Windows\System\SQkVrQz.exe
  C:\Windows\System\SQkVrQz.exe
  2⤵
  PID:4164
- C:\Windows\System\nuePEyi.exe
  C:\Windows\System\nuePEyi.exe
  2⤵
  PID:4184
- C:\Windows\System\GUkyghC.exe
  C:\Windows\System\GUkyghC.exe
  2⤵
  PID:4208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BeixEwQ.exe

Filesize
2.2MB

MD5
0aece936d5ec25b7b3c696b9ec936600

SHA1
09bb5ee7758a1da7ce9cf3b1d2d994243befbb81

SHA256
ff3ede454ced7d96c3b64e079ec76a7b5137883a6b2aab3a14f664d442c1c020

SHA512
2141d2046370eaf76333202ce9312eea7130878ee634482dcd35cc65dfafbe645c84c6115d6607e24fae35840365698fbb364255bf7cd8853916f4dda13605a0

Download Submit
C:\Windows\system\DfrJLdr.exe

Filesize
2.2MB

MD5
6adfe6bbf15c6888a489fda2d0e387f9

SHA1
dd7c11c48e1d53f6e36df695cdb9e756469db1e5

SHA256
ed1aaa7a71d44b7093b4a2d5404ad4ca1f0e0a9c80f42c1085bccbf16a3bb1b4

SHA512
aa713007b270408b613542014c132960954ac65ff3597fb3445d31c5e138ebda263ad6b3fd56688e8a44feff22cdc1fa44d7ead6f35768153f3273a8f99a511a

Download Submit
C:\Windows\system\DvQzMaM.exe

Filesize
2.2MB

MD5
d84410b9238183bd8567590d8562cfb2

SHA1
6618e8bd57fc88c1c575f643e9a564a768295a24

SHA256
71c2f863d2706cf88eaf981f1d7201c2bdf604497d143e23358296994d41442a

SHA512
b3ca0c0f9d28a24521c5f9ba265c3e2f20642a454dc2ac966ab01b54eb246baf57a6f2aa1497e3a9be0c92dd2bb6a9edbbe5bcebb0fb991dcb67cf457bf51d61

Download Submit
C:\Windows\system\HUilyXG.exe

Filesize
2.2MB

MD5
081bd4fe606ca9f541137f4b2e3b89fb

SHA1
73b8ba04c4cca3b47040852dcec8939f5b5f29d6

SHA256
3792ff782aa90b508f3e4f17ecb41ced388cea3d6927651c540a1e15e3366733

SHA512
484bad61477c0a79150d55bc36f9bcfe872d1eccc4ca2e634570dc732bbd6aae3613af942a9fbb8ecf829ecf18a97da0ebb6c61573caa38477c7c7672f9350fd

Download Submit
C:\Windows\system\IIOEelQ.exe

Filesize
2.2MB

MD5
057e858226df6d9d7dffac918e0f0345

SHA1
84f95f26297cbd5545b56d6fda3f65d2a7295362

SHA256
7e8e2cbd4108394c903929bccce284e4eb6afc81a8ef85469c8eb45f0f3dcf98

SHA512
8db04f46e2f01ed3d0293c0178e7b05732870cf4ae80bc1b976bf651cf5ef38eac505ec0b9fdb01a4724af04bcc2411c894aa129eec23d72650a69552c2852f1

Download Submit
C:\Windows\system\NSQwkpZ.exe

Filesize
2.2MB

MD5
3417f40355d390d620ddded2b4e94e55

SHA1
802267598945ac8c2280a210df1b8ba29b6275d7

SHA256
39de45c1c04fa4f3173240edcd96b6786130b938ae9b47c4c80730d0c17bab00

SHA512
07be371b68cc5858197b6e1ec2d8fb8192cde9eb1c27cb8ca4789c0b8992b317680f462cb0e44ca6641fbef0a329cd4e510be905c608e65a7881338924655b27

Download Submit
C:\Windows\system\Tvbcezk.exe

Filesize
2.2MB

MD5
2d886d2b87c46733c4735c71405984d9

SHA1
845dae8458a84673f9858477327642023ca5ee08

SHA256
148b92595f7ac2774d6b5c3d7758f6cd5a3a2a5a6355d3edf3087b4724ca5cf1

SHA512
224cd9d285c5ad58b7292291df817d81dd81d46d63f38d04c72628ffd31d5231ae36d46a33e785233141c504c3865ef02a76d14411af5dff29f3d1faf4550907

Download Submit
C:\Windows\system\VVOmDqY.exe

Filesize
2.2MB

MD5
733d227ad0f85cadd81be04ebcb7e4af

SHA1
72b87f33e0e8b46911227fd65e0bb451a2f6626a

SHA256
ef246b765423bddb6f892f57bef08930d582de066094e24ee98350e0b17e865c

SHA512
f5f19ccdfda37c6b7f5239a746347873bcafd7334f8568061235c179b05b74bf7aa7cdc114da3409343dde7889d1674fbf9c71e5094c01fe8d50f584cba6dbc2

Download Submit
C:\Windows\system\ViUxwtr.exe

Filesize
2.2MB

MD5
638154c5e4093d66ad4bad2ce42cdbd2

SHA1
b6c686b2dc02c966138edbe3a5f22e3bb721c910

SHA256
58ffc847e342acd418aea777e05070089b02fb0c1beef55d9e6325766d8d13a7

SHA512
e4b0e67f0b22a5d0cb74fc66b2ba1747344a10985577a06a463323853004641d4a86c1c819fd7733e3dee73dedbb84b41bd8600418762bd14dd8d6507053a70a

Download Submit
C:\Windows\system\WuyGwPA.exe

Filesize
2.2MB

MD5
aa08e20c588dc87411cd4b491eb526b2

SHA1
b0ff2c15f3f653efe52efadaac8dbea6f7106aa5

SHA256
5736c451ddd35e1d16b013b5b4fc6fe2a4898d939abff24d3f4b0ad42fdd6004

SHA512
a96f752a64fa35f43b9304de0f1a465c4d2901f5e5ffb2d34d65a449e8509fb295d040a904ac3557ad0de9871d98d46b520dd09d27e0aad47835fe0fe801b3fb

Download Submit
C:\Windows\system\bJyKkDa.exe

Filesize
2.2MB

MD5
379e76483e5796302a6a4353955e4416

SHA1
1e271f4fa7fac7e8209cddc0e348fb9e8de89f97

SHA256
125a36eed159a32455f147cec304847691e3684ae6cbe7927b2b4f765fe06b04

SHA512
31e6e4ae55fc6fd933b19391ab1e899f5883a945c71602d0372761448f3dc127760eedf1482ac7c828ad02b6eabc277780bad4d14b5f1e8480752d38bbb4bc39

Download Submit
C:\Windows\system\cImYgsl.exe

Filesize
2.2MB

MD5
50edf2c4165f5857e8fc9b0a0ab1a7a6

SHA1
f4198542dfd668d982c21ce5c64d2c6f01e7154a

SHA256
629f1a477d9aedf7ab9f370ab725cb8827c5c347e37a33265058382b9837f6f2

SHA512
49ca43ec2b1b98d75c71a7a9c1bcc70377db008d3961741efe09d702b8a81df575f665eceab38fdcc47f8889d94ea90c2818b40f24e0129a0dfad0227750df85

Download Submit
C:\Windows\system\caQMaZJ.exe

Filesize
2.2MB

MD5
9c83724b5633d5ad254a755e78a18e90

SHA1
1d3b9d699426d43cdfc9ed8cb62c0842755faf1e

SHA256
79708b67dbd5ee725edcf7d1f5e9d808d20a31ce0cafcaf058556d994114db2c

SHA512
98a3941b21ab561b25686c8cb76e870a7766e4a626bc61ad292207b84603ad7fa397466a183f8483643d86d64dbc6f88042d04b192ccd78547d9798c64282089

Download Submit
C:\Windows\system\cicEQVb.exe

Filesize
2.2MB

MD5
34cd60c3c9d6220c5b9c5e9570f66c45

SHA1
c15c6555d1f894aa10fc75a1d5128322461758ea

SHA256
567980179641c2f6718964e4735d759cea877f7fa7a6454fb47f48c1705735b1

SHA512
f36ed39ab764f792fe97dcfc5b404a0150074f8ce47836eec384020b415ea646fb0460eb021f21208e482bd06ae554e5a4072f887e19854470c7ea06a5054a75

Download Submit
C:\Windows\system\cmFFTJT.exe

Filesize
2.2MB

MD5
b2e1fda8aacb6f5b8a3da629e3e4d66f

SHA1
25407690068673c2b5cdae1b03599cc3bb5770c2

SHA256
ed7317a3ab3913aeb1a116b3d0bb2076e2f7133f5bfcaadf1322fae7d5b4f737

SHA512
f36bf266779a592e9a0c1b15d9f5aa276262a45cb7f2d86e7fa53a86ec5beaa114e0303f34c68997c11f120f4c249be93d7b0e9c643b14f78b1abc51afc8aa6e

Download Submit
C:\Windows\system\fyskjkE.exe

Filesize
2.2MB

MD5
d8e65e0bcabc4f22955d7c7aab4dbeb0

SHA1
523ad012ef54af6480c907d420654dc2e0634bcf

SHA256
9cfcb61cce2403353d8590dd4b13daff4319335530eede20557593ce8f5f7c7e

SHA512
f2b8a8b7b8e828579f8cfcc36241693154bdd2aee7a363f69932534557de68c09b9948540b9d45fb6ba517eda9882ea76cb3105a3ec5910bedfa5b0b97101175

Download Submit
C:\Windows\system\hJQqrmF.exe

Filesize
2.2MB

MD5
87a826dc645a96382dd6792ac142e38e

SHA1
4e28ecf26689a855ff010e8c53b7944489a89d73

SHA256
b70c6b98d24566b963f1fcb815bb13784616448ad3e08794e48d73e91e0b8730

SHA512
0e4b75bd8b5e7f43daaed6baa1f037f5bda1b3fed292373ccdd2ff16947c9979cddf8182fefaf9c8aaa832066fd865f7294a82a24ba569469d4642a49da59405

Download Submit
C:\Windows\system\lmtuEMF.exe

Filesize
2.2MB

MD5
0b4107a1c7639f452370018990eb55e0

SHA1
fc54aa253d74e740b23ff00e9ee8bb36846181ba

SHA256
ac889f402f8a31d9edf265bde91fbd8a896031b9c4d637e37abdd993d91271d6

SHA512
8227966c96ae6809e4db8c0f441ca4bf36854bd6c932bc0c8388befd0842c10dccf791c213726a05b8aeb476571ebcab6ee2de876c10f55979c512e57a0e88be

Download Submit
C:\Windows\system\pwbjYsP.exe

Filesize
2.2MB

MD5
10f92bae274e64fd2c959d60a58fefdf

SHA1
ef7f324a52ec7e4aa8e4b12499ab194b114f6da2

SHA256
7bb02d5f94c17479c0f532bc6b3048e0dd84d9c72334f0d5e5008724f1e3a36b

SHA512
406164a9ab429d32a213a916eff61833bc31c12f139895dc1c63ab8dfdfe32d58574e5ce88a882f0c7be96deff0a071e1cfd3417790ff317f4c232391bc8b66c

Download Submit
C:\Windows\system\sbxyjVv.exe

Filesize
2.2MB

MD5
231ac7508ba047162a2fa8d12198c351

SHA1
0d94db0978a73e61e5c050204ea7e1257c694d92

SHA256
0dcc371659a0cbea83b9d2f52f77d75f56a31157cf60b81788eef15bfef8d557

SHA512
5a377dece4feb69f95a6cddb95af4cca701bb65c7b86868ccb8ec3b7b09e0f253e3e1daa7efe80e55804f1bd6dd462c7ce69b4b9fac57e9c0956afef1022bc4f

Download Submit
C:\Windows\system\tdTlyBq.exe

Filesize
2.2MB

MD5
7776e15c7b77ae5f099c5281361ff6fb

SHA1
993fc5a5e3879725b2e4ae4fbbd3c3231a52857c

SHA256
a07361a4bbcbb15029bc31710920069a67d7db16719e429cd14d7fe6f1eb9293

SHA512
df24f0016a90b9cc436b56f4284d1f279e47ad98b3252652bbd380c24daff31d00dc899b9054a4f84bd1b7f51519868978429a91cc507c12e5586ba9d0d51817

Download Submit
C:\Windows\system\tfJEmqT.exe

Filesize
2.2MB

MD5
b44a254f4c6bcbb070a6895b5598c6e3

SHA1
309095783530aa16e413affde021e7f4a61198aa

SHA256
387001e4b166c61e5422e9cfd13a4f192e6376aa3378c5c4822bb517287eaa98

SHA512
4eb652391dd3c3a134ba813bcc445c6b77c71fe4fad5fb394cdfb6a181661c26dbe4f839a926a91e3aabbcfd9c6f757e585c6ea9c36c7b44e64a7aebfb8e25a3

Download Submit
C:\Windows\system\tglrhkw.exe

Filesize
2.2MB

MD5
de557df7a63baa907bc988a143aa68c4

SHA1
0758ab5cabf676a9cb65c4de43ef938744e3ba49

SHA256
a2942276e026329c8b064e83b162a188da1545ad36853a4667e96eb3e6967ee0

SHA512
99ca2a9ee624afdfeaac3e3a9d007b4ab5f469d57f050ac9084439f6e6deafab526c31c3b25ea01c93efbd5a94cb3904dabe94a54d08f68602aad09fe192b703

Download Submit
C:\Windows\system\uFiluSl.exe

Filesize
2.2MB

MD5
7fc805119398ed49c44e44faa0b9770f

SHA1
c4801e33340f79c9cb5d42f65f65a6468cbbea88

SHA256
b730a3f3529ee28afd405a47c60b72ce83847858d8da0f5328b9d5bf018c46aa

SHA512
9d05a209c0a329045d0998b5c27d42cb2809105c638e7f614b42da3130620e1407f9adaa92e2d3dac72d26dbc4562b37e2f111d377f762d83739e37ac65a1a9d

Download Submit
C:\Windows\system\vEsewVR.exe

Filesize
2.2MB

MD5
638df07e04ea7f0706b72d3f42501c0a

SHA1
66de87ae30973feb7009c3b16417d77b1ff2aade

SHA256
9a48b963646ef3d9d89c0a9f0e8af4ce37dcd11ea47b93729b14b3410d616784

SHA512
c961435f80e72034085cf38902338853f4dc4ad3439a8f8464dd2f37095acb70ca4d3ac746d730fe74c00ef74bfb8a7d1a93788f54fb9618a959e2d2726da20d

Download Submit
C:\Windows\system\wYWIxXz.exe

Filesize
2.2MB

MD5
d12655b6b2c035946e4d148412e69675

SHA1
cdb7a7db94d3b9786a2adf8bf48f472f3922ed55

SHA256
41f9eaa3717dc41d81382398713071dacaffbaffb13c4cf14b8e9d4c4561a5de

SHA512
a68ac72984e2d8d50041c4234b4bff8a4669583183c3e308742acd0cd929fc22ececd2a368897d62eb6cce728d10cdee4cc96c60a66b285e1b542494beed2cf0

Download Submit
C:\Windows\system\wvQUunU.exe

Filesize
2.2MB

MD5
0b4794a0876fdf9be41c391b4a135a93

SHA1
e2120f7a2617890b43378de9837c41cf7bebc0cf

SHA256
6a48d9075ba7a65f8de2c9ebff2de9b0e1d4ed8b21cd711c80a3b110ed24c143

SHA512
7f21faf183ac98106a6fc991ff5454e4eb88d1fa0aa91911f3808b86045bfb6f1984903a63e5f1ca16cae90f3918df272f8333b4f2356adf698bbdab9c4d9951

Download Submit
C:\Windows\system\ygrpXKS.exe

Filesize
2.2MB

MD5
792ccf5ffe1c6b4f218e5ff8981571b5

SHA1
da822215d1e4ba2e85d737b0b2ee37dbcc2c9327

SHA256
670f1a42cf344b536dfbf18f728d971abf133075d109ec1e1a5aace408b8eb09

SHA512
de29f4c7835cbe80bd467edf88d4f4d1293039fd346197e195dff83ee2745de987eba99faeb9ae3940c2f1445f314811eaccd689259c9082b861212fd24e5b56

Download Submit
C:\Windows\system\zPrGxNY.exe

Filesize
2.2MB

MD5
0526d791e36e88f29555aff57dc2e33b

SHA1
9455e1669255a8c3e959406fe6224ebd2ad970eb

SHA256
d59394447c146aeca0ce5682b90130a33e5cc5aab6a500a4ec085993039010a7

SHA512
ab5796f30b58c920245d5978123ba2c8876638c6258bb30a511e6c19de6b1dac99d27a9bdc8d9305363545bbec4e795834fee1fa560ea1f5f826a3fc517eb93a

Download Submit
\Windows\system\OBqlAmA.exe

Filesize
2.2MB

MD5
1adccd27dbabc125f39783f6bbd35579

SHA1
6194ccbaaef5b3283d433d3e3c78e8f07c90c09f

SHA256
e78e919ce582e4abd67516fc8b69506f11e6eb9c972441d5250b86cc47da8ee2

SHA512
15a7274739a1f2a70a157208e851a8f7c6cba81d2f407ff949a2b6747ec0fcf8474162be21e64349f8ffc8fd9e893a0f65803eed71d7459239d521b26141c1ec

Download Submit
\Windows\system\eCtlqRh.exe

Filesize
2.2MB

MD5
469c7811d8331a4b0c39aacba8ab3c71

SHA1
4dce53e8b6cec89efb3a7c07b8fa08b79e05e087

SHA256
82df9ba9e91acbe6ae0e9c9224c88579e80ef53b8d9be7652222d64f0c85dd34

SHA512
078325eca2bedea7956f7d782e832f91338c46b0d2f455b45f7d6774e2fedb397555ea128f821e41443760688935400e781436cc6ba60c678b7cb3ad4ea1a734

Download Submit
\Windows\system\yzkWXOx.exe

Filesize
2.2MB

MD5
40f80229e56407d90360f9cd47f4aff8

SHA1
f1bf8c5043b2305addac9f862ecdb51dd94199a3

SHA256
f25de68eeb4ac13cedd8c8e951198937ad61771ba258174a6ea93f9b452bbf97

SHA512
bada009cb1fc35e3f236d671f9ea5a95a6817f75be678f031e63479ac9d72847c587be471dbb1485b371eab147df8d2756cb5b7b9683f692b4f3662568e62b72

Download Submit
memory/1204-92-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-1090-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-93-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1732-35-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2060-76-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1089-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1088-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2144-73-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2232-102-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-34-0x0000000002010000-0x0000000002364000-memory.dmp

Filesize
3.3MB

Download
memory/2232-0-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1078-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2232-99-0x0000000002010000-0x0000000002364000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1077-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-112-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-15-0x0000000002010000-0x0000000002364000-memory.dmp

Filesize
3.3MB

Download
memory/2232-89-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-30-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2232-91-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-70-0x0000000002010000-0x0000000002364000-memory.dmp

Filesize
3.3MB

Download
memory/2232-72-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1076-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-53-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1075-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1074-0x0000000002010000-0x0000000002364000-memory.dmp

Filesize
3.3MB

Download
memory/2232-29-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2232-9-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1087-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2544-62-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1079-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2596-25-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2624-54-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1085-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2624-837-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2640-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1080-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2640-32-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2648-48-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-345-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1086-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-100-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1081-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2696-36-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2728-37-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1084-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2728-101-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2844-103-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1092-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1082-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-33-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-88-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-90-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1091-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download