kpot | e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
Size

2.0MB
MD5

7c8d7dc2fbb5f2847f0cc46fef1203f0
SHA1

eba1485638e8d0d4bc7598baea0b38ac1d2b6b93
SHA256

e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93
SHA512

3be5acc429bfe0fc384aa74f9e0423c2fad8b3a2ec02bfed75cbdbb73944a3b891db0e0e81353955dda4bc3cdcf1d2f8cd27bc55e45fb4a16993b94c66fd5f86
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2N:GemTLkNdfE0pZaQ1

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000a0000000233dd-4.dat	family_kpot
behavioral2/files/0x00070000000233e5-9.dat	family_kpot
behavioral2/files/0x00070000000233e6-8.dat	family_kpot
behavioral2/files/0x00070000000233e7-19.dat	family_kpot
behavioral2/files/0x00070000000233e8-23.dat	family_kpot
behavioral2/files/0x00070000000233e9-30.dat	family_kpot
behavioral2/files/0x00070000000233ea-34.dat	family_kpot
behavioral2/files/0x00080000000233e2-39.dat	family_kpot
behavioral2/files/0x00070000000233eb-44.dat	family_kpot
behavioral2/files/0x00070000000233ec-49.dat	family_kpot
behavioral2/files/0x00070000000233ed-52.dat	family_kpot
behavioral2/files/0x00070000000233ef-62.dat	family_kpot
behavioral2/files/0x00070000000233ee-63.dat	family_kpot
behavioral2/files/0x00070000000233f0-70.dat	family_kpot
behavioral2/files/0x00070000000233f1-74.dat	family_kpot
behavioral2/files/0x00070000000233f2-80.dat	family_kpot
behavioral2/files/0x00070000000233f6-103.dat	family_kpot
behavioral2/files/0x00070000000233f8-113.dat	family_kpot
behavioral2/files/0x00070000000233fb-124.dat	family_kpot
behavioral2/files/0x00070000000233fc-135.dat	family_kpot
behavioral2/files/0x0007000000023400-149.dat	family_kpot
behavioral2/files/0x0007000000023403-162.dat	family_kpot
behavioral2/files/0x0007000000023401-160.dat	family_kpot
behavioral2/files/0x0007000000023402-157.dat	family_kpot
behavioral2/files/0x00070000000233ff-147.dat	family_kpot
behavioral2/files/0x00070000000233fe-143.dat	family_kpot
behavioral2/files/0x00070000000233fd-140.dat	family_kpot
behavioral2/files/0x00070000000233fa-122.dat	family_kpot
behavioral2/files/0x00070000000233f9-118.dat	family_kpot
behavioral2/files/0x00070000000233f7-108.dat	family_kpot
behavioral2/files/0x00070000000233f5-97.dat	family_kpot
behavioral2/files/0x00070000000233f4-93.dat	family_kpot
behavioral2/files/0x00070000000233f3-87.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a0000000233dd-4.dat	xmrig
behavioral2/files/0x00070000000233e5-9.dat	xmrig
behavioral2/files/0x00070000000233e6-8.dat	xmrig
behavioral2/files/0x00070000000233e7-19.dat	xmrig
behavioral2/files/0x00070000000233e8-23.dat	xmrig
behavioral2/files/0x00070000000233e9-30.dat	xmrig
behavioral2/files/0x00070000000233ea-34.dat	xmrig
behavioral2/files/0x00080000000233e2-39.dat	xmrig
behavioral2/files/0x00070000000233eb-44.dat	xmrig
behavioral2/files/0x00070000000233ec-49.dat	xmrig
behavioral2/files/0x00070000000233ed-52.dat	xmrig
behavioral2/files/0x00070000000233ef-62.dat	xmrig
behavioral2/files/0x00070000000233ee-63.dat	xmrig
behavioral2/files/0x00070000000233f0-70.dat	xmrig
behavioral2/files/0x00070000000233f1-74.dat	xmrig
behavioral2/files/0x00070000000233f2-80.dat	xmrig
behavioral2/files/0x00070000000233f6-103.dat	xmrig
behavioral2/files/0x00070000000233f8-113.dat	xmrig
behavioral2/files/0x00070000000233fb-124.dat	xmrig
behavioral2/files/0x00070000000233fc-135.dat	xmrig
behavioral2/files/0x0007000000023400-149.dat	xmrig
behavioral2/files/0x0007000000023403-162.dat	xmrig
behavioral2/files/0x0007000000023401-160.dat	xmrig
behavioral2/files/0x0007000000023402-157.dat	xmrig
behavioral2/files/0x00070000000233ff-147.dat	xmrig
behavioral2/files/0x00070000000233fe-143.dat	xmrig
behavioral2/files/0x00070000000233fd-140.dat	xmrig
behavioral2/files/0x00070000000233fa-122.dat	xmrig
behavioral2/files/0x00070000000233f9-118.dat	xmrig
behavioral2/files/0x00070000000233f7-108.dat	xmrig
behavioral2/files/0x00070000000233f5-97.dat	xmrig
behavioral2/files/0x00070000000233f4-93.dat	xmrig
behavioral2/files/0x00070000000233f3-87.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
864	iqAMsiw.exe
3240	ZMdUfAM.exe
1792	IBGWbFo.exe
4688	BPObuvp.exe
4392	IlQXBJx.exe
3388	kGORbfP.exe
716	kjBgIJL.exe
2316	qLWiRlM.exe
1704	jZaGyey.exe
1468	EKRWdjE.exe
2128	MqgWKVi.exe
4844	EQEGBZF.exe
796	OohOsPv.exe
3080	UwhztWY.exe
2720	csEVOHs.exe
1116	SGumjxY.exe
5112	hYZvKyB.exe
3176	zNLrESl.exe
516	lKEQNfO.exe
3076	UzuIwQL.exe
3976	ZHzRmtR.exe
2396	jwadnLS.exe
4284	AuiKOUq.exe
2132	KxLJOPO.exe
2140	mLoNQdU.exe
1612	WVnkjSb.exe
2300	iFXUnBY.exe
400	vjElfFp.exe
2276	WNIiqqG.exe
4988	kYfAOYx.exe
4260	fTMtNHG.exe
1972	TahNrqK.exe
4204	kTOmmKp.exe
3732	PEjMluZ.exe
3164	MejjjuW.exe
4172	sYucxPj.exe
3364	wAoTcef.exe
2652	FBkkUhV.exe
3956	GCRtRXU.exe
396	IVGvSQC.exe
4904	kSZHfpb.exe
3752	BVfMzsQ.exe
1452	MwZiADS.exe
764	JIYuBvs.exe
4852	PmSUhpP.exe
232	vbJRnew.exe
4420	gZSosKc.exe
880	GSAgLHp.exe
1736	mbivaOA.exe
4248	ebDchpp.exe
2604	kMknipE.exe
3588	sPBrJAF.exe
1620	nVnCOnD.exe
1032	jCGyLQW.exe
1188	kJzOGqz.exe
3996	ieGfTiq.exe
3068	QtMurmz.exe
4948	xdkPBLi.exe
2164	dNTMhbI.exe
2256	rzaiNQS.exe
1524	YHLlLEF.exe
3848	NRrkpUV.exe
3532	aztZBZo.exe
456	XxbocwL.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qNoPpVz.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\wAoTcef.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\WcXsqyJ.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\fyhFIkz.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\fcetnin.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\vqmqQBQ.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\eBZrsBT.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\TEsHOwt.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\XnmGekO.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\VXIBEnf.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\JACUqip.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\MMylfmm.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\LQOslYk.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\axlJWll.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\wLguZFe.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\USVyRqP.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\wzIStVr.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\AuiKOUq.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\ngjNDGN.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\BSAOPII.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\ZZyhpok.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\UzuIwQL.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\MSWolgA.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\WqOWcMF.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\NQjrhby.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\XQIaHrh.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\IWRfMyj.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\ryZOPLG.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\zRQiXSv.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\wyMQmgv.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\EQEGBZF.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\ynsPaee.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\gKciTvQ.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\oZYSTap.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\imSXJeM.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\JpExkVR.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\vbJRnew.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\kJzOGqz.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\HQZhLYh.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\beHmZas.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\KKSpVta.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\lFMEANB.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\KIYedJM.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\vjElfFp.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\GSAgLHp.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\fGCyDhK.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\UNvkSrr.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\kUVYqzD.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\WVnkjSb.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\IVGvSQC.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\rwpkGcI.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\VLiTIJv.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\DBcvjIo.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\GCqiVXS.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\QVCLEyV.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\FaXEzqz.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\oorTyWx.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\gnbcMVV.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\mODqxit.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\eDtfLVc.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\IiqWuda.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\qYHAceP.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\kTOmmKp.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
File created	C:\Windows\System\oCZIydX.exe	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
Token: SeLockMemoryPrivilege	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 864	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	83
PID 1004 wrote to memory of 864	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	83
PID 1004 wrote to memory of 3240	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	84
PID 1004 wrote to memory of 3240	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	84
PID 1004 wrote to memory of 1792	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	85
PID 1004 wrote to memory of 1792	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	85
PID 1004 wrote to memory of 4688	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	86
PID 1004 wrote to memory of 4688	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	86
PID 1004 wrote to memory of 4392	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	87
PID 1004 wrote to memory of 4392	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	87
PID 1004 wrote to memory of 3388	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	88
PID 1004 wrote to memory of 3388	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	88
PID 1004 wrote to memory of 716	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	90
PID 1004 wrote to memory of 716	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	90
PID 1004 wrote to memory of 2316	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	91
PID 1004 wrote to memory of 2316	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	91
PID 1004 wrote to memory of 1704	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	92
PID 1004 wrote to memory of 1704	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	92
PID 1004 wrote to memory of 1468	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	93
PID 1004 wrote to memory of 1468	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	93
PID 1004 wrote to memory of 2128	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	94
PID 1004 wrote to memory of 2128	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	94
PID 1004 wrote to memory of 4844	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	95
PID 1004 wrote to memory of 4844	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	95
PID 1004 wrote to memory of 796	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	96
PID 1004 wrote to memory of 796	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	96
PID 1004 wrote to memory of 3080	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	97
PID 1004 wrote to memory of 3080	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	97
PID 1004 wrote to memory of 2720	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	98
PID 1004 wrote to memory of 2720	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	98
PID 1004 wrote to memory of 1116	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	100
PID 1004 wrote to memory of 1116	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	100
PID 1004 wrote to memory of 5112	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	101
PID 1004 wrote to memory of 5112	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	101
PID 1004 wrote to memory of 3176	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	102
PID 1004 wrote to memory of 3176	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	102
PID 1004 wrote to memory of 516	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	103
PID 1004 wrote to memory of 516	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	103
PID 1004 wrote to memory of 3076	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	104
PID 1004 wrote to memory of 3076	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	104
PID 1004 wrote to memory of 3976	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	105
PID 1004 wrote to memory of 3976	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	105
PID 1004 wrote to memory of 2396	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	106
PID 1004 wrote to memory of 2396	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	106
PID 1004 wrote to memory of 4284	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	107
PID 1004 wrote to memory of 4284	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	107
PID 1004 wrote to memory of 2132	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	108
PID 1004 wrote to memory of 2132	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	108
PID 1004 wrote to memory of 2140	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	109
PID 1004 wrote to memory of 2140	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	109
PID 1004 wrote to memory of 1612	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	110
PID 1004 wrote to memory of 1612	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	110
PID 1004 wrote to memory of 2300	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	111
PID 1004 wrote to memory of 2300	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	111
PID 1004 wrote to memory of 400	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	112
PID 1004 wrote to memory of 400	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	112
PID 1004 wrote to memory of 2276	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	113
PID 1004 wrote to memory of 2276	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	113
PID 1004 wrote to memory of 4988	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	114
PID 1004 wrote to memory of 4988	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	114
PID 1004 wrote to memory of 4260	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	115
PID 1004 wrote to memory of 4260	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	115
PID 1004 wrote to memory of 1972	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	116
PID 1004 wrote to memory of 1972	1004	e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe	116

C:\Users\Admin\AppData\Local\Temp\e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe
"C:\Users\Admin\AppData\Local\Temp\e56cdd4e9b2061fcf084942e9fa4d1f6c884d311ce8ad9c4123d801b7a959e93.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Windows\System\iqAMsiw.exe
  C:\Windows\System\iqAMsiw.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\ZMdUfAM.exe
  C:\Windows\System\ZMdUfAM.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\IBGWbFo.exe
  C:\Windows\System\IBGWbFo.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\BPObuvp.exe
  C:\Windows\System\BPObuvp.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\IlQXBJx.exe
  C:\Windows\System\IlQXBJx.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\kGORbfP.exe
  C:\Windows\System\kGORbfP.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\kjBgIJL.exe
  C:\Windows\System\kjBgIJL.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\qLWiRlM.exe
  C:\Windows\System\qLWiRlM.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\jZaGyey.exe
  C:\Windows\System\jZaGyey.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\EKRWdjE.exe
  C:\Windows\System\EKRWdjE.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\MqgWKVi.exe
  C:\Windows\System\MqgWKVi.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\EQEGBZF.exe
  C:\Windows\System\EQEGBZF.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\OohOsPv.exe
  C:\Windows\System\OohOsPv.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\UwhztWY.exe
  C:\Windows\System\UwhztWY.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\csEVOHs.exe
  C:\Windows\System\csEVOHs.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\SGumjxY.exe
  C:\Windows\System\SGumjxY.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\hYZvKyB.exe
  C:\Windows\System\hYZvKyB.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\zNLrESl.exe
  C:\Windows\System\zNLrESl.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\lKEQNfO.exe
  C:\Windows\System\lKEQNfO.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\UzuIwQL.exe
  C:\Windows\System\UzuIwQL.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\ZHzRmtR.exe
  C:\Windows\System\ZHzRmtR.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\jwadnLS.exe
  C:\Windows\System\jwadnLS.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\AuiKOUq.exe
  C:\Windows\System\AuiKOUq.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\KxLJOPO.exe
  C:\Windows\System\KxLJOPO.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\mLoNQdU.exe
  C:\Windows\System\mLoNQdU.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\WVnkjSb.exe
  C:\Windows\System\WVnkjSb.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\iFXUnBY.exe
  C:\Windows\System\iFXUnBY.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\vjElfFp.exe
  C:\Windows\System\vjElfFp.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\WNIiqqG.exe
  C:\Windows\System\WNIiqqG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\kYfAOYx.exe
  C:\Windows\System\kYfAOYx.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\fTMtNHG.exe
  C:\Windows\System\fTMtNHG.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\TahNrqK.exe
  C:\Windows\System\TahNrqK.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\kTOmmKp.exe
  C:\Windows\System\kTOmmKp.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\PEjMluZ.exe
  C:\Windows\System\PEjMluZ.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\MejjjuW.exe
  C:\Windows\System\MejjjuW.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\sYucxPj.exe
  C:\Windows\System\sYucxPj.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\wAoTcef.exe
  C:\Windows\System\wAoTcef.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\FBkkUhV.exe
  C:\Windows\System\FBkkUhV.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\GCRtRXU.exe
  C:\Windows\System\GCRtRXU.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\IVGvSQC.exe
  C:\Windows\System\IVGvSQC.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\kSZHfpb.exe
  C:\Windows\System\kSZHfpb.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\BVfMzsQ.exe
  C:\Windows\System\BVfMzsQ.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\MwZiADS.exe
  C:\Windows\System\MwZiADS.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\JIYuBvs.exe
  C:\Windows\System\JIYuBvs.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\PmSUhpP.exe
  C:\Windows\System\PmSUhpP.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\vbJRnew.exe
  C:\Windows\System\vbJRnew.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\gZSosKc.exe
  C:\Windows\System\gZSosKc.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\GSAgLHp.exe
  C:\Windows\System\GSAgLHp.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\mbivaOA.exe
  C:\Windows\System\mbivaOA.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\ebDchpp.exe
  C:\Windows\System\ebDchpp.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\kMknipE.exe
  C:\Windows\System\kMknipE.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\sPBrJAF.exe
  C:\Windows\System\sPBrJAF.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\nVnCOnD.exe
  C:\Windows\System\nVnCOnD.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\jCGyLQW.exe
  C:\Windows\System\jCGyLQW.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\kJzOGqz.exe
  C:\Windows\System\kJzOGqz.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\ieGfTiq.exe
  C:\Windows\System\ieGfTiq.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\QtMurmz.exe
  C:\Windows\System\QtMurmz.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xdkPBLi.exe
  C:\Windows\System\xdkPBLi.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\dNTMhbI.exe
  C:\Windows\System\dNTMhbI.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\rzaiNQS.exe
  C:\Windows\System\rzaiNQS.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\YHLlLEF.exe
  C:\Windows\System\YHLlLEF.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\NRrkpUV.exe
  C:\Windows\System\NRrkpUV.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\aztZBZo.exe
  C:\Windows\System\aztZBZo.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\XxbocwL.exe
  C:\Windows\System\XxbocwL.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\xplRUCi.exe
  C:\Windows\System\xplRUCi.exe
  2⤵
  PID:1008
- C:\Windows\System\EzuUvPc.exe
  C:\Windows\System\EzuUvPc.exe
  2⤵
  PID:912
- C:\Windows\System\gKhvHUF.exe
  C:\Windows\System\gKhvHUF.exe
  2⤵
  PID:1440
- C:\Windows\System\GCqiVXS.exe
  C:\Windows\System\GCqiVXS.exe
  2⤵
  PID:4876
- C:\Windows\System\HBkifFh.exe
  C:\Windows\System\HBkifFh.exe
  2⤵
  PID:3360
- C:\Windows\System\WiHgefh.exe
  C:\Windows\System\WiHgefh.exe
  2⤵
  PID:2756
- C:\Windows\System\uGZTREC.exe
  C:\Windows\System\uGZTREC.exe
  2⤵
  PID:4424
- C:\Windows\System\hkbCWXj.exe
  C:\Windows\System\hkbCWXj.exe
  2⤵
  PID:2008
- C:\Windows\System\blVKFoG.exe
  C:\Windows\System\blVKFoG.exe
  2⤵
  PID:3468
- C:\Windows\System\qTQcPVz.exe
  C:\Windows\System\qTQcPVz.exe
  2⤵
  PID:4588
- C:\Windows\System\AlSEFzD.exe
  C:\Windows\System\AlSEFzD.exe
  2⤵
  PID:4328
- C:\Windows\System\EPAnUHi.exe
  C:\Windows\System\EPAnUHi.exe
  2⤵
  PID:4352
- C:\Windows\System\ZBISIsC.exe
  C:\Windows\System\ZBISIsC.exe
  2⤵
  PID:3700
- C:\Windows\System\yczULzi.exe
  C:\Windows\System\yczULzi.exe
  2⤵
  PID:3592
- C:\Windows\System\haYGMWL.exe
  C:\Windows\System\haYGMWL.exe
  2⤵
  PID:8
- C:\Windows\System\kLFCFwN.exe
  C:\Windows\System\kLFCFwN.exe
  2⤵
  PID:3084
- C:\Windows\System\RlpaXfa.exe
  C:\Windows\System\RlpaXfa.exe
  2⤵
  PID:3320
- C:\Windows\System\LQOslYk.exe
  C:\Windows\System\LQOslYk.exe
  2⤵
  PID:4976
- C:\Windows\System\gqDTtrd.exe
  C:\Windows\System\gqDTtrd.exe
  2⤵
  PID:3340
- C:\Windows\System\ZyjGNKF.exe
  C:\Windows\System\ZyjGNKF.exe
  2⤵
  PID:2348
- C:\Windows\System\vjpIcbf.exe
  C:\Windows\System\vjpIcbf.exe
  2⤵
  PID:1908
- C:\Windows\System\CCliADq.exe
  C:\Windows\System\CCliADq.exe
  2⤵
  PID:3632
- C:\Windows\System\kBBdYQc.exe
  C:\Windows\System\kBBdYQc.exe
  2⤵
  PID:1060
- C:\Windows\System\XvXaQwA.exe
  C:\Windows\System\XvXaQwA.exe
  2⤵
  PID:4192
- C:\Windows\System\oCZIydX.exe
  C:\Windows\System\oCZIydX.exe
  2⤵
  PID:3276
- C:\Windows\System\HQZhLYh.exe
  C:\Windows\System\HQZhLYh.exe
  2⤵
  PID:5144
- C:\Windows\System\cKZkhPC.exe
  C:\Windows\System\cKZkhPC.exe
  2⤵
  PID:5172
- C:\Windows\System\gVSJcoO.exe
  C:\Windows\System\gVSJcoO.exe
  2⤵
  PID:5200
- C:\Windows\System\pWSiXzU.exe
  C:\Windows\System\pWSiXzU.exe
  2⤵
  PID:5228
- C:\Windows\System\QfwwOya.exe
  C:\Windows\System\QfwwOya.exe
  2⤵
  PID:5256
- C:\Windows\System\VvGbAGz.exe
  C:\Windows\System\VvGbAGz.exe
  2⤵
  PID:5284
- C:\Windows\System\VPFFZmB.exe
  C:\Windows\System\VPFFZmB.exe
  2⤵
  PID:5312
- C:\Windows\System\axlJWll.exe
  C:\Windows\System\axlJWll.exe
  2⤵
  PID:5340
- C:\Windows\System\iqaYSmp.exe
  C:\Windows\System\iqaYSmp.exe
  2⤵
  PID:5368
- C:\Windows\System\cSMfYBT.exe
  C:\Windows\System\cSMfYBT.exe
  2⤵
  PID:5396
- C:\Windows\System\UVsZQOH.exe
  C:\Windows\System\UVsZQOH.exe
  2⤵
  PID:5424
- C:\Windows\System\pyZoRMh.exe
  C:\Windows\System\pyZoRMh.exe
  2⤵
  PID:5448
- C:\Windows\System\HLAOJgm.exe
  C:\Windows\System\HLAOJgm.exe
  2⤵
  PID:5480
- C:\Windows\System\BWCFsjI.exe
  C:\Windows\System\BWCFsjI.exe
  2⤵
  PID:5508
- C:\Windows\System\QVCLEyV.exe
  C:\Windows\System\QVCLEyV.exe
  2⤵
  PID:5536
- C:\Windows\System\KqUfIIM.exe
  C:\Windows\System\KqUfIIM.exe
  2⤵
  PID:5564
- C:\Windows\System\xnHZoNg.exe
  C:\Windows\System\xnHZoNg.exe
  2⤵
  PID:5592
- C:\Windows\System\XQIaHrh.exe
  C:\Windows\System\XQIaHrh.exe
  2⤵
  PID:5620
- C:\Windows\System\mDwkORm.exe
  C:\Windows\System\mDwkORm.exe
  2⤵
  PID:5648
- C:\Windows\System\ynsPaee.exe
  C:\Windows\System\ynsPaee.exe
  2⤵
  PID:5676
- C:\Windows\System\CbDyoEL.exe
  C:\Windows\System\CbDyoEL.exe
  2⤵
  PID:5704
- C:\Windows\System\IpsLyjd.exe
  C:\Windows\System\IpsLyjd.exe
  2⤵
  PID:5732
- C:\Windows\System\jwkpkgo.exe
  C:\Windows\System\jwkpkgo.exe
  2⤵
  PID:5760
- C:\Windows\System\FaXEzqz.exe
  C:\Windows\System\FaXEzqz.exe
  2⤵
  PID:5788
- C:\Windows\System\fyhFIkz.exe
  C:\Windows\System\fyhFIkz.exe
  2⤵
  PID:5816
- C:\Windows\System\fGCyDhK.exe
  C:\Windows\System\fGCyDhK.exe
  2⤵
  PID:5844
- C:\Windows\System\ngjNDGN.exe
  C:\Windows\System\ngjNDGN.exe
  2⤵
  PID:5872
- C:\Windows\System\IWRfMyj.exe
  C:\Windows\System\IWRfMyj.exe
  2⤵
  PID:5900
- C:\Windows\System\mqnCMkx.exe
  C:\Windows\System\mqnCMkx.exe
  2⤵
  PID:5928
- C:\Windows\System\svixYPW.exe
  C:\Windows\System\svixYPW.exe
  2⤵
  PID:5956
- C:\Windows\System\rwpkGcI.exe
  C:\Windows\System\rwpkGcI.exe
  2⤵
  PID:5984
- C:\Windows\System\fcetnin.exe
  C:\Windows\System\fcetnin.exe
  2⤵
  PID:6016
- C:\Windows\System\YpztVHy.exe
  C:\Windows\System\YpztVHy.exe
  2⤵
  PID:6040
- C:\Windows\System\CjxxXKr.exe
  C:\Windows\System\CjxxXKr.exe
  2⤵
  PID:6068
- C:\Windows\System\OxpSVYg.exe
  C:\Windows\System\OxpSVYg.exe
  2⤵
  PID:6096
- C:\Windows\System\sEkVKlW.exe
  C:\Windows\System\sEkVKlW.exe
  2⤵
  PID:6124
- C:\Windows\System\mUMlHUQ.exe
  C:\Windows\System\mUMlHUQ.exe
  2⤵
  PID:2364
- C:\Windows\System\jpJmsHM.exe
  C:\Windows\System\jpJmsHM.exe
  2⤵
  PID:3040
- C:\Windows\System\LjcxiKI.exe
  C:\Windows\System\LjcxiKI.exe
  2⤵
  PID:3992
- C:\Windows\System\vNqDlcC.exe
  C:\Windows\System\vNqDlcC.exe
  2⤵
  PID:3952
- C:\Windows\System\gsssmOP.exe
  C:\Windows\System\gsssmOP.exe
  2⤵
  PID:5132
- C:\Windows\System\MyljmjT.exe
  C:\Windows\System\MyljmjT.exe
  2⤵
  PID:5192
- C:\Windows\System\WBeBspt.exe
  C:\Windows\System\WBeBspt.exe
  2⤵
  PID:5268
- C:\Windows\System\OkSgTcp.exe
  C:\Windows\System\OkSgTcp.exe
  2⤵
  PID:5324
- C:\Windows\System\zWBJrNE.exe
  C:\Windows\System\zWBJrNE.exe
  2⤵
  PID:5384
- C:\Windows\System\yyarKdG.exe
  C:\Windows\System\yyarKdG.exe
  2⤵
  PID:5440
- C:\Windows\System\NkJyZBm.exe
  C:\Windows\System\NkJyZBm.exe
  2⤵
  PID:5500
- C:\Windows\System\ilgTZIM.exe
  C:\Windows\System\ilgTZIM.exe
  2⤵
  PID:5576
- C:\Windows\System\BSAOPII.exe
  C:\Windows\System\BSAOPII.exe
  2⤵
  PID:5632
- C:\Windows\System\BKKKMgI.exe
  C:\Windows\System\BKKKMgI.exe
  2⤵
  PID:5692
- C:\Windows\System\HbDFIWl.exe
  C:\Windows\System\HbDFIWl.exe
  2⤵
  PID:5752
- C:\Windows\System\okBJSlx.exe
  C:\Windows\System\okBJSlx.exe
  2⤵
  PID:5828
- C:\Windows\System\noNvqma.exe
  C:\Windows\System\noNvqma.exe
  2⤵
  PID:5884
- C:\Windows\System\UIPnuCn.exe
  C:\Windows\System\UIPnuCn.exe
  2⤵
  PID:5940
- C:\Windows\System\LORpJDy.exe
  C:\Windows\System\LORpJDy.exe
  2⤵
  PID:5996
- C:\Windows\System\beHmZas.exe
  C:\Windows\System\beHmZas.exe
  2⤵
  PID:6056
- C:\Windows\System\UNvkSrr.exe
  C:\Windows\System\UNvkSrr.exe
  2⤵
  PID:6116
- C:\Windows\System\kcAaonP.exe
  C:\Windows\System\kcAaonP.exe
  2⤵
  PID:1460
- C:\Windows\System\rlLCMzx.exe
  C:\Windows\System\rlLCMzx.exe
  2⤵
  PID:2252
- C:\Windows\System\bOQuRoB.exe
  C:\Windows\System\bOQuRoB.exe
  2⤵
  PID:5164
- C:\Windows\System\DdoxSmv.exe
  C:\Windows\System\DdoxSmv.exe
  2⤵
  PID:5300
- C:\Windows\System\qzsIkOL.exe
  C:\Windows\System\qzsIkOL.exe
  2⤵
  PID:5468
- C:\Windows\System\wLguZFe.exe
  C:\Windows\System\wLguZFe.exe
  2⤵
  PID:5604
- C:\Windows\System\pVvMAPc.exe
  C:\Windows\System\pVvMAPc.exe
  2⤵
  PID:5744
- C:\Windows\System\kUVYqzD.exe
  C:\Windows\System\kUVYqzD.exe
  2⤵
  PID:3600
- C:\Windows\System\kAMzSJf.exe
  C:\Windows\System\kAMzSJf.exe
  2⤵
  PID:4008
- C:\Windows\System\FbBquRs.exe
  C:\Windows\System\FbBquRs.exe
  2⤵
  PID:6112
- C:\Windows\System\NOJRvbR.exe
  C:\Windows\System\NOJRvbR.exe
  2⤵
  PID:2136
- C:\Windows\System\ryZOPLG.exe
  C:\Windows\System\ryZOPLG.exe
  2⤵
  PID:1480
- C:\Windows\System\tEwvoji.exe
  C:\Windows\System\tEwvoji.exe
  2⤵
  PID:5412
- C:\Windows\System\QOfcijQ.exe
  C:\Windows\System\QOfcijQ.exe
  2⤵
  PID:1268
- C:\Windows\System\gKciTvQ.exe
  C:\Windows\System\gKciTvQ.exe
  2⤵
  PID:3416
- C:\Windows\System\mmkvORM.exe
  C:\Windows\System\mmkvORM.exe
  2⤵
  PID:6080
- C:\Windows\System\ItkOpAg.exe
  C:\Windows\System\ItkOpAg.exe
  2⤵
  PID:1764
- C:\Windows\System\kjuLkLx.exe
  C:\Windows\System\kjuLkLx.exe
  2⤵
  PID:4604
- C:\Windows\System\XJoXVFn.exe
  C:\Windows\System\XJoXVFn.exe
  2⤵
  PID:3968
- C:\Windows\System\HJCxZdb.exe
  C:\Windows\System\HJCxZdb.exe
  2⤵
  PID:4760
- C:\Windows\System\uZpKANp.exe
  C:\Windows\System\uZpKANp.exe
  2⤵
  PID:5044
- C:\Windows\System\IMsKhIk.exe
  C:\Windows\System\IMsKhIk.exe
  2⤵
  PID:2060
- C:\Windows\System\KKKprlq.exe
  C:\Windows\System\KKKprlq.exe
  2⤵
  PID:6172
- C:\Windows\System\WLcMMuE.exe
  C:\Windows\System\WLcMMuE.exe
  2⤵
  PID:6208
- C:\Windows\System\nigtQTQ.exe
  C:\Windows\System\nigtQTQ.exe
  2⤵
  PID:6236
- C:\Windows\System\mODqxit.exe
  C:\Windows\System\mODqxit.exe
  2⤵
  PID:6268
- C:\Windows\System\eVbiert.exe
  C:\Windows\System\eVbiert.exe
  2⤵
  PID:6284
- C:\Windows\System\dHoxxlg.exe
  C:\Windows\System\dHoxxlg.exe
  2⤵
  PID:6324
- C:\Windows\System\DSSXBvA.exe
  C:\Windows\System\DSSXBvA.exe
  2⤵
  PID:6340
- C:\Windows\System\QgBOsFD.exe
  C:\Windows\System\QgBOsFD.exe
  2⤵
  PID:6376
- C:\Windows\System\zVHfyIU.exe
  C:\Windows\System\zVHfyIU.exe
  2⤵
  PID:6412
- C:\Windows\System\ESplqWW.exe
  C:\Windows\System\ESplqWW.exe
  2⤵
  PID:6440
- C:\Windows\System\LfdQPBs.exe
  C:\Windows\System\LfdQPBs.exe
  2⤵
  PID:6472
- C:\Windows\System\Vthbmic.exe
  C:\Windows\System\Vthbmic.exe
  2⤵
  PID:6492
- C:\Windows\System\mGmWgyb.exe
  C:\Windows\System\mGmWgyb.exe
  2⤵
  PID:6520
- C:\Windows\System\niIraat.exe
  C:\Windows\System\niIraat.exe
  2⤵
  PID:6548
- C:\Windows\System\USVyRqP.exe
  C:\Windows\System\USVyRqP.exe
  2⤵
  PID:6564
- C:\Windows\System\NTAYoli.exe
  C:\Windows\System\NTAYoli.exe
  2⤵
  PID:6596
- C:\Windows\System\BDDekNt.exe
  C:\Windows\System\BDDekNt.exe
  2⤵
  PID:6636
- C:\Windows\System\jmcSnAF.exe
  C:\Windows\System\jmcSnAF.exe
  2⤵
  PID:6676
- C:\Windows\System\jyFyXGt.exe
  C:\Windows\System\jyFyXGt.exe
  2⤵
  PID:6700
- C:\Windows\System\gkbgtiO.exe
  C:\Windows\System\gkbgtiO.exe
  2⤵
  PID:6716
- C:\Windows\System\dLFoLpc.exe
  C:\Windows\System\dLFoLpc.exe
  2⤵
  PID:6744
- C:\Windows\System\eDtfLVc.exe
  C:\Windows\System\eDtfLVc.exe
  2⤵
  PID:6772
- C:\Windows\System\CnAEkDx.exe
  C:\Windows\System\CnAEkDx.exe
  2⤵
  PID:6800
- C:\Windows\System\RnqGChN.exe
  C:\Windows\System\RnqGChN.exe
  2⤵
  PID:6816
- C:\Windows\System\MgTauVb.exe
  C:\Windows\System\MgTauVb.exe
  2⤵
  PID:6848
- C:\Windows\System\AHdCrSG.exe
  C:\Windows\System\AHdCrSG.exe
  2⤵
  PID:6884
- C:\Windows\System\JfbOMSM.exe
  C:\Windows\System\JfbOMSM.exe
  2⤵
  PID:6912
- C:\Windows\System\ZdiOUpm.exe
  C:\Windows\System\ZdiOUpm.exe
  2⤵
  PID:6936
- C:\Windows\System\ORyZiwV.exe
  C:\Windows\System\ORyZiwV.exe
  2⤵
  PID:6952
- C:\Windows\System\PCpicVp.exe
  C:\Windows\System\PCpicVp.exe
  2⤵
  PID:6972
- C:\Windows\System\hthBcgg.exe
  C:\Windows\System\hthBcgg.exe
  2⤵
  PID:7000
- C:\Windows\System\NRmETgN.exe
  C:\Windows\System\NRmETgN.exe
  2⤵
  PID:7024
- C:\Windows\System\TZWxKHP.exe
  C:\Windows\System\TZWxKHP.exe
  2⤵
  PID:7068
- C:\Windows\System\RDCTCSu.exe
  C:\Windows\System\RDCTCSu.exe
  2⤵
  PID:7100
- C:\Windows\System\TVPSRGF.exe
  C:\Windows\System\TVPSRGF.exe
  2⤵
  PID:7136
- C:\Windows\System\EmCcpIB.exe
  C:\Windows\System\EmCcpIB.exe
  2⤵
  PID:7164
- C:\Windows\System\zVbOXDn.exe
  C:\Windows\System\zVbOXDn.exe
  2⤵
  PID:6168
- C:\Windows\System\HQKuhwo.exe
  C:\Windows\System\HQKuhwo.exe
  2⤵
  PID:6248
- C:\Windows\System\uWDNKhF.exe
  C:\Windows\System\uWDNKhF.exe
  2⤵
  PID:6316
- C:\Windows\System\OXjUUmu.exe
  C:\Windows\System\OXjUUmu.exe
  2⤵
  PID:6364
- C:\Windows\System\MnmvwjY.exe
  C:\Windows\System\MnmvwjY.exe
  2⤵
  PID:6436
- C:\Windows\System\RJuUldd.exe
  C:\Windows\System\RJuUldd.exe
  2⤵
  PID:6532
- C:\Windows\System\EkGcpjx.exe
  C:\Windows\System\EkGcpjx.exe
  2⤵
  PID:6576
- C:\Windows\System\xYejmKK.exe
  C:\Windows\System\xYejmKK.exe
  2⤵
  PID:6628
- C:\Windows\System\zyBPpSX.exe
  C:\Windows\System\zyBPpSX.exe
  2⤵
  PID:6736
- C:\Windows\System\QXncsHa.exe
  C:\Windows\System\QXncsHa.exe
  2⤵
  PID:6792
- C:\Windows\System\yqrpArh.exe
  C:\Windows\System\yqrpArh.exe
  2⤵
  PID:6836
- C:\Windows\System\SuflkiM.exe
  C:\Windows\System\SuflkiM.exe
  2⤵
  PID:6932
- C:\Windows\System\YUotXmj.exe
  C:\Windows\System\YUotXmj.exe
  2⤵
  PID:6988
- C:\Windows\System\ZPfbkSY.exe
  C:\Windows\System\ZPfbkSY.exe
  2⤵
  PID:7048
- C:\Windows\System\UhAOifn.exe
  C:\Windows\System\UhAOifn.exe
  2⤵
  PID:7128
- C:\Windows\System\MSWolgA.exe
  C:\Windows\System\MSWolgA.exe
  2⤵
  PID:7148
- C:\Windows\System\KMxwGjj.exe
  C:\Windows\System\KMxwGjj.exe
  2⤵
  PID:6312
- C:\Windows\System\sNNQhGr.exe
  C:\Windows\System\sNNQhGr.exe
  2⤵
  PID:6408
- C:\Windows\System\bQlLxzm.exe
  C:\Windows\System\bQlLxzm.exe
  2⤵
  PID:6560
- C:\Windows\System\IiqWuda.exe
  C:\Windows\System\IiqWuda.exe
  2⤵
  PID:6760
- C:\Windows\System\DnyTpSk.exe
  C:\Windows\System\DnyTpSk.exe
  2⤵
  PID:6896
- C:\Windows\System\OYLdJJL.exe
  C:\Windows\System\OYLdJJL.exe
  2⤵
  PID:7016
- C:\Windows\System\WtUxoXB.exe
  C:\Windows\System\WtUxoXB.exe
  2⤵
  PID:6228
- C:\Windows\System\CIjuMDt.exe
  C:\Windows\System\CIjuMDt.exe
  2⤵
  PID:6480
- C:\Windows\System\ZPhuDDA.exe
  C:\Windows\System\ZPhuDDA.exe
  2⤵
  PID:6868
- C:\Windows\System\GAJlbhn.exe
  C:\Windows\System\GAJlbhn.exe
  2⤵
  PID:6336
- C:\Windows\System\jhREkpg.exe
  C:\Windows\System\jhREkpg.exe
  2⤵
  PID:6708
- C:\Windows\System\RxngYve.exe
  C:\Windows\System\RxngYve.exe
  2⤵
  PID:6924
- C:\Windows\System\tmUfmRK.exe
  C:\Windows\System\tmUfmRK.exe
  2⤵
  PID:7196
- C:\Windows\System\cxnOqun.exe
  C:\Windows\System\cxnOqun.exe
  2⤵
  PID:7228
- C:\Windows\System\PKmzInC.exe
  C:\Windows\System\PKmzInC.exe
  2⤵
  PID:7268
- C:\Windows\System\tOJNUlq.exe
  C:\Windows\System\tOJNUlq.exe
  2⤵
  PID:7288
- C:\Windows\System\qNoPpVz.exe
  C:\Windows\System\qNoPpVz.exe
  2⤵
  PID:7312
- C:\Windows\System\anSBHXm.exe
  C:\Windows\System\anSBHXm.exe
  2⤵
  PID:7332
- C:\Windows\System\QKXkYtN.exe
  C:\Windows\System\QKXkYtN.exe
  2⤵
  PID:7368
- C:\Windows\System\CmDqSuB.exe
  C:\Windows\System\CmDqSuB.exe
  2⤵
  PID:7396
- C:\Windows\System\ncbnAQX.exe
  C:\Windows\System\ncbnAQX.exe
  2⤵
  PID:7416
- C:\Windows\System\dFigOUA.exe
  C:\Windows\System\dFigOUA.exe
  2⤵
  PID:7452
- C:\Windows\System\bXCROhG.exe
  C:\Windows\System\bXCROhG.exe
  2⤵
  PID:7468
- C:\Windows\System\SPOmpjk.exe
  C:\Windows\System\SPOmpjk.exe
  2⤵
  PID:7520
- C:\Windows\System\obktbBG.exe
  C:\Windows\System\obktbBG.exe
  2⤵
  PID:7536
- C:\Windows\System\vrkpYhr.exe
  C:\Windows\System\vrkpYhr.exe
  2⤵
  PID:7568
- C:\Windows\System\OgjPgsJ.exe
  C:\Windows\System\OgjPgsJ.exe
  2⤵
  PID:7588
- C:\Windows\System\XACvlCz.exe
  C:\Windows\System\XACvlCz.exe
  2⤵
  PID:7616
- C:\Windows\System\lmIItGx.exe
  C:\Windows\System\lmIItGx.exe
  2⤵
  PID:7648
- C:\Windows\System\vqmqQBQ.exe
  C:\Windows\System\vqmqQBQ.exe
  2⤵
  PID:7684
- C:\Windows\System\mgKSeSQ.exe
  C:\Windows\System\mgKSeSQ.exe
  2⤵
  PID:7712
- C:\Windows\System\kmwbqSP.exe
  C:\Windows\System\kmwbqSP.exe
  2⤵
  PID:7732
- C:\Windows\System\awBSjdl.exe
  C:\Windows\System\awBSjdl.exe
  2⤵
  PID:7760
- C:\Windows\System\xKhueJu.exe
  C:\Windows\System\xKhueJu.exe
  2⤵
  PID:7788
- C:\Windows\System\EyHkBao.exe
  C:\Windows\System\EyHkBao.exe
  2⤵
  PID:7816
- C:\Windows\System\OhKZFdR.exe
  C:\Windows\System\OhKZFdR.exe
  2⤵
  PID:7848
- C:\Windows\System\TIbWIPm.exe
  C:\Windows\System\TIbWIPm.exe
  2⤵
  PID:7884
- C:\Windows\System\hovszhB.exe
  C:\Windows\System\hovszhB.exe
  2⤵
  PID:7908
- C:\Windows\System\CbzwNGQ.exe
  C:\Windows\System\CbzwNGQ.exe
  2⤵
  PID:7928
- C:\Windows\System\asRzYol.exe
  C:\Windows\System\asRzYol.exe
  2⤵
  PID:7968
- C:\Windows\System\bkrFAPo.exe
  C:\Windows\System\bkrFAPo.exe
  2⤵
  PID:7984
- C:\Windows\System\hKOdegX.exe
  C:\Windows\System\hKOdegX.exe
  2⤵
  PID:8016
- C:\Windows\System\DxcnvZs.exe
  C:\Windows\System\DxcnvZs.exe
  2⤵
  PID:8052
- C:\Windows\System\zRQiXSv.exe
  C:\Windows\System\zRQiXSv.exe
  2⤵
  PID:8072
- C:\Windows\System\rhAEfrA.exe
  C:\Windows\System\rhAEfrA.exe
  2⤵
  PID:8096
- C:\Windows\System\VLiTIJv.exe
  C:\Windows\System\VLiTIJv.exe
  2⤵
  PID:8136
- C:\Windows\System\WqOWcMF.exe
  C:\Windows\System\WqOWcMF.exe
  2⤵
  PID:8164
- C:\Windows\System\wyMQmgv.exe
  C:\Windows\System\wyMQmgv.exe
  2⤵
  PID:7096
- C:\Windows\System\EpPzrcx.exe
  C:\Windows\System\EpPzrcx.exe
  2⤵
  PID:7180
- C:\Windows\System\WUfKtHL.exe
  C:\Windows\System\WUfKtHL.exe
  2⤵
  PID:7296
- C:\Windows\System\HJmtVus.exe
  C:\Windows\System\HJmtVus.exe
  2⤵
  PID:7328
- C:\Windows\System\KKSpVta.exe
  C:\Windows\System\KKSpVta.exe
  2⤵
  PID:7404
- C:\Windows\System\oZYSTap.exe
  C:\Windows\System\oZYSTap.exe
  2⤵
  PID:7488
- C:\Windows\System\XnmGekO.exe
  C:\Windows\System\XnmGekO.exe
  2⤵
  PID:7560
- C:\Windows\System\hueIpku.exe
  C:\Windows\System\hueIpku.exe
  2⤵
  PID:7640
- C:\Windows\System\NwFVCvJ.exe
  C:\Windows\System\NwFVCvJ.exe
  2⤵
  PID:7680
- C:\Windows\System\DBcvjIo.exe
  C:\Windows\System\DBcvjIo.exe
  2⤵
  PID:7772
- C:\Windows\System\rdlVLaP.exe
  C:\Windows\System\rdlVLaP.exe
  2⤵
  PID:7804
- C:\Windows\System\eBZrsBT.exe
  C:\Windows\System\eBZrsBT.exe
  2⤵
  PID:7856
- C:\Windows\System\MuroysZ.exe
  C:\Windows\System\MuroysZ.exe
  2⤵
  PID:7868
- C:\Windows\System\xAVHetD.exe
  C:\Windows\System\xAVHetD.exe
  2⤵
  PID:7980
- C:\Windows\System\QQSgYxh.exe
  C:\Windows\System\QQSgYxh.exe
  2⤵
  PID:8024
- C:\Windows\System\gfbjgVv.exe
  C:\Windows\System\gfbjgVv.exe
  2⤵
  PID:8120
- C:\Windows\System\lFMEANB.exe
  C:\Windows\System\lFMEANB.exe
  2⤵
  PID:8176
- C:\Windows\System\wwQODsT.exe
  C:\Windows\System\wwQODsT.exe
  2⤵
  PID:7356
- C:\Windows\System\wIhIrzC.exe
  C:\Windows\System\wIhIrzC.exe
  2⤵
  PID:7464
- C:\Windows\System\ZZyhpok.exe
  C:\Windows\System\ZZyhpok.exe
  2⤵
  PID:7600
- C:\Windows\System\UpnvMmM.exe
  C:\Windows\System\UpnvMmM.exe
  2⤵
  PID:7744
- C:\Windows\System\OZcGLgC.exe
  C:\Windows\System\OZcGLgC.exe
  2⤵
  PID:7876
- C:\Windows\System\TEsHOwt.exe
  C:\Windows\System\TEsHOwt.exe
  2⤵
  PID:8080
- C:\Windows\System\oorTyWx.exe
  C:\Windows\System\oorTyWx.exe
  2⤵
  PID:8184
- C:\Windows\System\LFgOsoS.exe
  C:\Windows\System\LFgOsoS.exe
  2⤵
  PID:7548
- C:\Windows\System\gnbcMVV.exe
  C:\Windows\System\gnbcMVV.exe
  2⤵
  PID:7800
- C:\Windows\System\MWHuBWI.exe
  C:\Windows\System\MWHuBWI.exe
  2⤵
  PID:7380
- C:\Windows\System\uxAzFXY.exe
  C:\Windows\System\uxAzFXY.exe
  2⤵
  PID:7976
- C:\Windows\System\KIYedJM.exe
  C:\Windows\System\KIYedJM.exe
  2⤵
  PID:8212
- C:\Windows\System\imSXJeM.exe
  C:\Windows\System\imSXJeM.exe
  2⤵
  PID:8240
- C:\Windows\System\alYMrLR.exe
  C:\Windows\System\alYMrLR.exe
  2⤵
  PID:8272
- C:\Windows\System\MQCYjnh.exe
  C:\Windows\System\MQCYjnh.exe
  2⤵
  PID:8312
- C:\Windows\System\eOgKXaR.exe
  C:\Windows\System\eOgKXaR.exe
  2⤵
  PID:8340
- C:\Windows\System\WcXsqyJ.exe
  C:\Windows\System\WcXsqyJ.exe
  2⤵
  PID:8368
- C:\Windows\System\ePOOdLK.exe
  C:\Windows\System\ePOOdLK.exe
  2⤵
  PID:8396
- C:\Windows\System\wzIStVr.exe
  C:\Windows\System\wzIStVr.exe
  2⤵
  PID:8424
- C:\Windows\System\wPDhnHK.exe
  C:\Windows\System\wPDhnHK.exe
  2⤵
  PID:8452
- C:\Windows\System\qYHAceP.exe
  C:\Windows\System\qYHAceP.exe
  2⤵
  PID:8468
- C:\Windows\System\XmZuNjl.exe
  C:\Windows\System\XmZuNjl.exe
  2⤵
  PID:8500
- C:\Windows\System\UEJOnab.exe
  C:\Windows\System\UEJOnab.exe
  2⤵
  PID:8536
- C:\Windows\System\NQjrhby.exe
  C:\Windows\System\NQjrhby.exe
  2⤵
  PID:8552
- C:\Windows\System\HnrGkJt.exe
  C:\Windows\System\HnrGkJt.exe
  2⤵
  PID:8572
- C:\Windows\System\VXIBEnf.exe
  C:\Windows\System\VXIBEnf.exe
  2⤵
  PID:8600
- C:\Windows\System\ejVdnTt.exe
  C:\Windows\System\ejVdnTt.exe
  2⤵
  PID:8648
- C:\Windows\System\hYdFswk.exe
  C:\Windows\System\hYdFswk.exe
  2⤵
  PID:8676
- C:\Windows\System\kFtvzJG.exe
  C:\Windows\System\kFtvzJG.exe
  2⤵
  PID:8704
- C:\Windows\System\zsSVrOn.exe
  C:\Windows\System\zsSVrOn.exe
  2⤵
  PID:8732
- C:\Windows\System\MMylfmm.exe
  C:\Windows\System\MMylfmm.exe
  2⤵
  PID:8748
- C:\Windows\System\DlRzgZl.exe
  C:\Windows\System\DlRzgZl.exe
  2⤵
  PID:8780
- C:\Windows\System\snWXqWy.exe
  C:\Windows\System\snWXqWy.exe
  2⤵
  PID:8816
- C:\Windows\System\WlRuHXm.exe
  C:\Windows\System\WlRuHXm.exe
  2⤵
  PID:8844
- C:\Windows\System\JACUqip.exe
  C:\Windows\System\JACUqip.exe
  2⤵
  PID:8864
- C:\Windows\System\RVsgWwE.exe
  C:\Windows\System\RVsgWwE.exe
  2⤵
  PID:8888
- C:\Windows\System\orPnTIv.exe
  C:\Windows\System\orPnTIv.exe
  2⤵
  PID:8928
- C:\Windows\System\OISRapY.exe
  C:\Windows\System\OISRapY.exe
  2⤵
  PID:8956
- C:\Windows\System\JpExkVR.exe
  C:\Windows\System\JpExkVR.exe
  2⤵
  PID:8984
- C:\Windows\System\qwoSBEh.exe
  C:\Windows\System\qwoSBEh.exe
  2⤵
  PID:9008
- C:\Windows\System\QNepQvj.exe
  C:\Windows\System\QNepQvj.exe
  2⤵
  PID:9032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AuiKOUq.exe

Filesize
2.0MB

MD5
0163735d6c458d943fcea75b5e41cb7f

SHA1
8e39468b64172244c64ee50350ae0e0240955770

SHA256
1701155d28da86f2e26c888982809cc35c26bf178f0dd475956549c9d4190ac5

SHA512
f4baf1b3d1066ba127aaf2ffdba7793271cafe27a408fdc98faea3eb33ce5a8575a42e0725fb19c48a268c13e86269dcffd734d4183e71b7fab41b39e957b56b

Download Submit
C:\Windows\System\BPObuvp.exe

Filesize
2.0MB

MD5
b5d840fbe3f18f123f4d1c18d9064e15

SHA1
3f139ec43b6defdb7b305f66b4538e0876779503

SHA256
dfc4830760d488e55c945f34723786537a6a880d764637ec93fc2c83e0e2c809

SHA512
5172945d126a8d3cb7a40a8f1cc20ef3a94b2e75a29ac3b3613caf5e159b06f27d59f446bc25c0be0aead0653b54d03cfd67eec6930a02b41ca9cfc621ab21ea

Download Submit
C:\Windows\System\EKRWdjE.exe

Filesize
2.0MB

MD5
1e8f422ef7b74f47b023d5ef5ad70bf3

SHA1
50b207ad2ace3ab4b0673330c1e6fa9b9576a090

SHA256
888f51ac9456ef9eaf42bb24c81b39fa0e4648eb68ba09a4ab3026c3d67e5212

SHA512
50ca67d75f88ceafa7dfcf05a824ea1f29f023fe006796c8f38ae9cc0f3b8576dd0e6180532acf34945b18e29060004d5046cc5ef6c95a619a6570399428fa25

Download Submit
C:\Windows\System\EQEGBZF.exe

Filesize
2.0MB

MD5
2e902a56cb9ff657ffabcf8c2aa87440

SHA1
58458f387b9ffa38ab32609938f6913f732a43a6

SHA256
7d1fdb860600d86f8dec36878b82e6d77c0c789ed4a6840b57c862f597b986de

SHA512
2999ad92e81c8ceabaa9d4e76d3be7876db26e8877f61a7aa1b9e514a81959cc5253ba0813486934f6e069d5c6d4baa35629b6df096caf29a74f3a20aca54337

Download Submit
C:\Windows\System\IBGWbFo.exe

Filesize
2.0MB

MD5
d8a4be9e3e4c0d47b423cd8313ee91dd

SHA1
98396ca9671cdc8af4cc674c4ba4bd5b4fef63c8

SHA256
78c5e070e12d4909e9be01f38a0fea9c2a0428a13c184d69d82dda9554b07956

SHA512
5534ba32bf793c616edef5d41914a8d9870c8b0347a15c87993fd1ef679a0489789d9370451f9910f5c463eb804ff7bb008d3793413e27ab88ceb443d36dcebb

Download Submit
C:\Windows\System\IlQXBJx.exe

Filesize
2.0MB

MD5
8be0e3a8435f5d6e595d7bc28f2cf951

SHA1
c5db3f4371dbedb4cd72cecc86e75268a511ac29

SHA256
d9dd78d19b428dfd6bc9c9194e516fc0d9a0938731adacb2dafe8eb6bb44d3e2

SHA512
ee3884ac2a7c908c53fbe1bb9cbc9c0639603561192be2ac26f185fb9acd01242a9e2e9d44caeb4b74ce90be27647de05e7c9c388a5ea6245ef222d1842fe26a

Download Submit
C:\Windows\System\KxLJOPO.exe

Filesize
2.0MB

MD5
ef4957b9840f155574f901e2de4d51ce

SHA1
92b96a28e8fafd5b42e68e46564f0c51fd5c5441

SHA256
c1234e8605630691f6a742ac79cbf770288b5119ed846170baab3bddb6ea02f8

SHA512
005f1e5aa3df2406a22cba87c83f9828c863c428be02e4bf599ee995dc8d690cdc6e2d1201966fba2409317eb31dfb99514989f89a7cfce7000e95afdc48f2be

Download Submit
C:\Windows\System\MqgWKVi.exe

Filesize
2.0MB

MD5
1e1228f59ae4fc40d7b1e3f041ac3fdf

SHA1
291329a805bbb02adc72a5ce9631589d3e1aef62

SHA256
77b838f66b82683b97a352869a9a621e274991a5f058867088471f8f5d3ee0bc

SHA512
13b1aa9687f93913814bfa703b10f3beb2202a674f924b9dcbfd2d70abe4db0792859b10653cd1e5e0093666e4dd5baf1eb62b5e1bf7a947327e59677fc99d4c

Download Submit
C:\Windows\System\OohOsPv.exe

Filesize
2.0MB

MD5
0d864147faed42ccac6118a812de8322

SHA1
d2f75a172c87b8929e89561cbc415e7f3cc7ceaf

SHA256
01777cb4bb6b4904c9c90d2b68cae5280d58c236885168361253491d248e854c

SHA512
b31b9d6bff271dc6d152f9bb3c508b178b4a9ce16dfbd5aca098f12cf12e5c8a42f29289b190005af156628c623c3af5f5877b256909ae9e907368a00f2ed124

Download Submit
C:\Windows\System\SGumjxY.exe

Filesize
2.0MB

MD5
cad5bd0bba97dec8fd3ff06c348955e3

SHA1
699b231c9d273dff336084462f9f6c43bff85b93

SHA256
8b45df43e6a47c1357bb7418c720df84005fdbbfbceb65c9087e64eb260d72ec

SHA512
aa1d88c9d599f58058896b1c2bf97dfc929b13bc135317baebda15bc17381d5c5af20ed995ebc7f4195de964cb9b762bed87f26b7d023f9feee2a0bc22899a56

Download Submit
C:\Windows\System\TahNrqK.exe

Filesize
2.0MB

MD5
3f666e9220e4335f6d7cd31198ea7047

SHA1
7e6cad80633575bc5fdf8ae8683eeb38634b4604

SHA256
31e38f85f19a237488edf0108c4a0294de446e00edacb30aa4b2685ded5e309a

SHA512
5a18e5399489cbb92429e19b32653686e479c8bbf91f19700ceb4a55b5044ffba37a4410fe2865470b02c5d8f7812a816134342a86ebf891b5d011867e41e615

Download Submit
C:\Windows\System\UwhztWY.exe

Filesize
2.0MB

MD5
8a779c1be39126838d1f9f5d22c96d61

SHA1
5455bfd6af3cc186bbb15cc5d4dae94796237d60

SHA256
ecdd9e1acdf1664f56a424be267a411f5016a69a0787d258a0dbc91e37c83cb3

SHA512
db0957edcc0585d1c428d3f94c4cf3a226940dc1233d59bffb78af3e9d42d3e271897ac3444500edd92c1b660807a8c2fa6d9b382f737845ab660b5e25c73851

Download Submit
C:\Windows\System\UzuIwQL.exe

Filesize
2.0MB

MD5
c26d2a6068d4bcccd514f8ddb138ac44

SHA1
478011a6422c37a28813187d17a2fe22c03fcb4d

SHA256
26db26c4f59bb8b00e7451daf6bcd90527eaddc67ff23ca314d7a6b5ea509535

SHA512
046b7e6c8d75fb0bd235e488656385dabee72886209c6430068a0ce9ce210169c0dc475882fec71fcf56a05b37070a3e71e4be51549e35fcf60f216bad128464

Download Submit
C:\Windows\System\WNIiqqG.exe

Filesize
2.0MB

MD5
8f6064ddbd5e02bb67091098f5f8856c

SHA1
862e3c5a191d20a41067929e78116a4f6e9a69e6

SHA256
8d691b4b237eeed037bc46649db551a9580e0ce2655fb33f0745af0df57704c2

SHA512
e06902c50b4cf4fc53c2e320b93aac6c268c1507423a42d9604cf98b42bec4d9eda136b2f9f18983159ad5e4b08ceacfe4bd89384ed0cd31d9275aba8721cc6f

Download Submit
C:\Windows\System\WVnkjSb.exe

Filesize
2.0MB

MD5
2abe7e07b5e2d6cd5e12d51546ca7856

SHA1
d9d8821c3b314bbebeef7f14e96b8d05032e31f5

SHA256
8291b04325fba710f5576ed4f81eefce31021295ba72630af21370684bfe1410

SHA512
f89aced7f05f766be29d2c5a6c3745eec1821e74f705481a5276a6b2f68f14b0c5bcb07afd4e99f4172d156d91e4248ea31b4dcc243404881b81eb4d18191cc7

Download Submit
C:\Windows\System\ZHzRmtR.exe

Filesize
2.0MB

MD5
0d1c764a9600808a987a6b627401459c

SHA1
0d5f3e896b4b8b0f5449438706ec212b4c940099

SHA256
61dc2e6fa990e18183e1b9a78ae5389a88ad1283a9f7c235f0cd0c5d4f937ae0

SHA512
acff9578ef176fe4fa54b63ad045edc7251ddfb4f1c9e2db3e075a168e8560c3bce052972e637695397397aebef9d29c3910885e2d09d7bb9ec88a4553bcd288

Download Submit
C:\Windows\System\ZMdUfAM.exe

Filesize
2.0MB

MD5
bdff7c7b22417c043298f25cc31f4bc1

SHA1
13e74ed2421aea134af36063d30124debed10241

SHA256
f013102cfeb00c2d2e87178114feb565fa93c8c3f8aa4fc64acd619f5a46aac9

SHA512
c1cc27e83b27e910a6f4bc0a0b486d40fd44049d83991c3073830c705dbba5cd41d572724700f085f1c34aff28c7ed4bc9e44b4049ca424b1a3eb08a6904015a

Download Submit
C:\Windows\System\csEVOHs.exe

Filesize
2.0MB

MD5
f205bea07b9f7e503ccd221d2b881e11

SHA1
886dd15ca5eaecb86934a1f4eab1c81f6263dc2f

SHA256
baf7c84ced6e286ea8c9b3fc3573f9b1ee342446ca6e6c284360f97b7b07f703

SHA512
db9c2fab23ae5730a5b582bd57a7d01ae3f4fae9cf1834720e69b9178d1e91cf537ac444459c9635c848b77999bff9f982af87f01556eb791044059ad24f5974

Download Submit
C:\Windows\System\fTMtNHG.exe

Filesize
2.0MB

MD5
af8f38c861b3d226283685d9dcd63ec5

SHA1
582f95748b819c0f24351fc4fa178547e5d4e03a

SHA256
7cb65430059e90cf279b2b4c5f91de04a86c30af0a8afc1454f15132fbcc44d3

SHA512
7c3bc12e083bb9bbdd40fa2b5a99f6e2911df0c195602b373e7d3c5608ba09d9ed63eab57c532f8576722b038dbb279b7a45494cc8b95fdfd08d479580e00c23

Download Submit
C:\Windows\System\hYZvKyB.exe

Filesize
2.0MB

MD5
bc194feabfdff64df6022cba4dd7d0e0

SHA1
f09b6073fbfec0af119b326bc87ffae45c0fe3f3

SHA256
e692ed298b4458678b80718cf0ce9e1ad03b66645a2baad90caed4ee39d69fa3

SHA512
71bfe4cfe066b015efe157b20d1ae37d2d3f0d14ae3fd4e4979d2b054736303078155be952758772e3bddb6414f3cb8da61a842213b49d763ae01e9c2c1f3a91

Download Submit
C:\Windows\System\iFXUnBY.exe

Filesize
2.0MB

MD5
be8940afd1eaabcba31dc00f5a128ead

SHA1
3387d6744e1c664e71e0b81a6274463c5c1a4f2d

SHA256
8d916855004d3b9f22c5bba4056976e8ce44accf0a8a9c2a2e8db6c5b2cdae03

SHA512
99c6dbdc9414e2d098fac2f6a14cf72f7849b8de38ad29fef6bf9ecc921c70d5582adf0d74050204b6a1ba09428e9349ac65d2ecaebeb91df70e8ddc145c0bfc

Download Submit
C:\Windows\System\iqAMsiw.exe

Filesize
2.0MB

MD5
65fbb8b03741c08144218ee66826c399

SHA1
75b912e7de105a33ef7b81694eed04e3a0a4ef25

SHA256
b8be84b7dba7b06a3e3b007eafa8d82ed556f9546d7d7d38e6a2955b9ebe6107

SHA512
884afec24b7078de2a31e54e01aebc1a8bf679c349775508262b6e867094476dd1c694a808a69eadb1fac1bcafeb17cf2c1d8376fa37de3701a75aebee85ff2b

Download Submit
C:\Windows\System\jZaGyey.exe

Filesize
2.0MB

MD5
c004b7bc242116cea88a9af868c578b6

SHA1
cafb6a06a9a85c37075d4f08175419594916f7f7

SHA256
b710721b7d1bb08b6e0bf21df46bc7d039865699e4e4eee122da7618994febd9

SHA512
c56445fa5b5b6770ec03f067fec961efeaf10ad9bf84c36d7b99584eb3e5888d3f57318fdeb518ba46fed5961214370bdc396c50354241efff052e99b0c2a16f

Download Submit
C:\Windows\System\jwadnLS.exe

Filesize
2.0MB

MD5
5400ba0f4b702dd31f127241da66713a

SHA1
de8efb208c634370e25749efa77fca38a570262e

SHA256
5468041c560e2344f2baf9894db51bead8e4f7d5e8dd8dfeb545d656905eb7d3

SHA512
d1df3254ae078e3e8d2723dadf27e84ff805f42f4a41d9f7094b487015509aa1a2f117951ad612e331623c43a8ef5b4bc3fb862e0c6e1e7ba4f3cbaadcd45104

Download Submit
C:\Windows\System\kGORbfP.exe

Filesize
2.0MB

MD5
99eafdba5ed4223c331c963a3eb82f64

SHA1
96ff68124c603ddf797beea24af7a055d9331306

SHA256
bd765384b637af53998c7d763ea074a57c1c4cd66fa9cd2ca21de65760ec1ebc

SHA512
9f33995523e085801015688009bcad9bfadd34670eb08f3eca259a75ad5ff2b6c5fb81ab0e71f8d90c97c4dc13126e46f527c9d8e0f8026e582f549de3e6806f

Download Submit
C:\Windows\System\kTOmmKp.exe

Filesize
2.0MB

MD5
9b5c893ba0574e862a1cc0ca42a0f4ef

SHA1
212349bdc1ef303960cfeb5996a5462a63ba0569

SHA256
bb5bdd91e60b2c2edec0c7a79fa20faea9892972fb16879e5b2362cf53680230

SHA512
bea6f42864fc04c3be85a55185a6d6bcd5cddea2972ba5e3999b20d6d9aff1c3c9d6de90ae604247a37064cd83f801b5cf0436de5ac1d5e2d146b0ef7d0e0401

Download Submit
C:\Windows\System\kYfAOYx.exe

Filesize
2.0MB

MD5
886b59e0dbe47f15e2fae94a236c390a

SHA1
1f8602d79d43c522f51d8239e224ad1575312e5a

SHA256
eeeca1e15831314952b305dbfd0b3fb87af5fa6fa2beced7047e8a857b93b3a8

SHA512
89f094e773af1a2eea578366c25348f17748f8acd7d01b3ef68728520067e7f50eef73e0ff0fb3c4d3548e9eed5505d323d22d158be65cb7ac55a893747d0a48

Download Submit
C:\Windows\System\kjBgIJL.exe

Filesize
2.0MB

MD5
62f5802cb089f12637e2fa2f9ee04ced

SHA1
313d950106c23882f8483f0c29e8e818d16fa907

SHA256
316330633d6122d10a7ec9e462fe9df2d23d84c65a86fac345527464ee7e0b85

SHA512
0680429ac1c443b4a20f9f098214c366944e293fbd466e0ef0106c2c347bfc1d437af0bdd4b711036e0fda67dbbfcb64e29b998f83b09957aee77f233ed5402a

Download Submit
C:\Windows\System\lKEQNfO.exe

Filesize
2.0MB

MD5
5218cbc54a4599432c71353fb5cc67d0

SHA1
14f57793c2f0d3cb554732e976e89c405a09279c

SHA256
22779dfb0a504d01ea0389e6898f600c1dfb11c57c1bffcab1300ac87e9a61dd

SHA512
a2fd0d63984c765d242a140d117d7b28c0febc8f72ae50398b7ef10b4d4db53acba408b5b448dfa41869467195c7d3b40d00ed1a93e8ff54ffb0a2c82a577489

Download Submit
C:\Windows\System\mLoNQdU.exe

Filesize
2.0MB

MD5
98c0253b78f1f632fe41025b591e6f31

SHA1
49a4402b36d02be21777d8a40a8be479475ed6b6

SHA256
5d7b8b5df0a7fbcd52e689a3605d34a53f1912a2d393d7b5c9baf1b8ef1bfae5

SHA512
df64a1ed29dafd589a3d70b15ceb4cd3aac9c2fd3eda11033e31283cb5d9a711e885c68c41dc572ca1e322a91b9733534c835b59e3555b5b1e91006b345799a3

Download Submit
C:\Windows\System\qLWiRlM.exe

Filesize
2.0MB

MD5
acb79e2de2b88887d4a73f3ce40883fd

SHA1
49f189997303b44fb51f23e4661987ace30efd8f

SHA256
bc5ecb90ce1b3e61ade5b50a43c0c93b16f64661ccd82725234d44a7f2a58518

SHA512
f9539c785097ebafb1223b3e893c8fce814d1f901342129fc16248884a46a148eef4221c236005c9b49e99e9548697c19efeb0863b1b4502b8a0e55f325eefab

Download Submit
C:\Windows\System\vjElfFp.exe

Filesize
2.0MB

MD5
ad4556a4823e50bb5b288251ba1a6aeb

SHA1
ab8dfbe3832fa467d60da5ea22864e4e42ecbafb

SHA256
d7cf05005b30ed7dd5adcafc9be3966b20ce815a27a6a0c4fbaea1ea88cf96d4

SHA512
bf6f4927ea0f4f4d80cb1430598e88cfcd515929ec29e2aea77b1b765fc16f07227407c14def2d8a190314cac0cb8f57f447846d473fa3b7a50da8c8c5b9a561

Download Submit
C:\Windows\System\zNLrESl.exe

Filesize
2.0MB

MD5
ad52fc14e1320d640c0703faf95d8dad

SHA1
b06969862052ebf784a77d165b3a8f5ab51d9f8e

SHA256
8ea6d7c9bed22e334299a8cfb6876cb560bd20fa7571976420821613c7afbf36

SHA512
b613b78e2e4711cb28844938f03f6a342ab1027ac7aa8fa6b90525582e577d4ea275eaf3104a9aa83e6d3c9e38ba1054db24f0408b1ef3c33c72f2a8f2e54fae

Download Submit
memory/1004-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download