kpot | 36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
Size

2.1MB
MD5

24e4837525f7ae7b21226c556ec91e2a
SHA1

a8a77d93d832a876e4b92060c8e78b2fdf4354e5
SHA256

36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c
SHA512

0ada20b80970a8ab2e9b32f383b6cf752e101df267c783a8d62d9107d828d926cedb6a2a9524f1ea21025c47f7d64bc5733b83182d6b843dd4bdee07eca7b3f9
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2v:GemTLkNdfE0pZaQH

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0005000000022975-4.dat	family_kpot
behavioral2/files/0x0008000000023309-7.dat	family_kpot
behavioral2/files/0x0009000000023304-8.dat	family_kpot
behavioral2/files/0x000800000002330a-20.dat	family_kpot
behavioral2/files/0x000800000002330c-24.dat	family_kpot
behavioral2/files/0x000700000002353c-44.dat	family_kpot
behavioral2/files/0x000700000002353e-54.dat	family_kpot
behavioral2/files/0x0007000000023540-68.dat	family_kpot
behavioral2/files/0x0007000000023549-107.dat	family_kpot
behavioral2/files/0x000700000002354e-138.dat	family_kpot
behavioral2/files/0x0007000000023554-162.dat	family_kpot
behavioral2/files/0x0007000000023553-159.dat	family_kpot
behavioral2/files/0x0007000000023552-157.dat	family_kpot
behavioral2/files/0x0007000000023551-153.dat	family_kpot
behavioral2/files/0x0007000000023550-148.dat	family_kpot
behavioral2/files/0x000700000002354f-143.dat	family_kpot
behavioral2/files/0x000700000002354d-133.dat	family_kpot
behavioral2/files/0x000700000002354c-128.dat	family_kpot
behavioral2/files/0x000700000002354b-123.dat	family_kpot
behavioral2/files/0x000700000002354a-118.dat	family_kpot
behavioral2/files/0x0007000000023548-108.dat	family_kpot
behavioral2/files/0x0007000000023547-103.dat	family_kpot
behavioral2/files/0x0007000000023546-98.dat	family_kpot
behavioral2/files/0x0007000000023545-92.dat	family_kpot
behavioral2/files/0x0007000000023544-88.dat	family_kpot
behavioral2/files/0x0007000000023543-82.dat	family_kpot
behavioral2/files/0x0007000000023542-78.dat	family_kpot
behavioral2/files/0x0007000000023541-73.dat	family_kpot
behavioral2/files/0x000700000002353f-62.dat	family_kpot
behavioral2/files/0x000700000002353d-52.dat	family_kpot
behavioral2/files/0x000800000002353b-42.dat	family_kpot
behavioral2/files/0x000d000000023397-35.dat	family_kpot
behavioral2/files/0x000800000002330d-30.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0005000000022975-4.dat	xmrig
behavioral2/files/0x0008000000023309-7.dat	xmrig
behavioral2/files/0x0009000000023304-8.dat	xmrig
behavioral2/files/0x000800000002330a-20.dat	xmrig
behavioral2/files/0x000800000002330c-24.dat	xmrig
behavioral2/files/0x000700000002353c-44.dat	xmrig
behavioral2/files/0x000700000002353e-54.dat	xmrig
behavioral2/files/0x0007000000023540-68.dat	xmrig
behavioral2/files/0x0007000000023549-107.dat	xmrig
behavioral2/files/0x000700000002354e-138.dat	xmrig
behavioral2/files/0x0007000000023554-162.dat	xmrig
behavioral2/files/0x0007000000023553-159.dat	xmrig
behavioral2/files/0x0007000000023552-157.dat	xmrig
behavioral2/files/0x0007000000023551-153.dat	xmrig
behavioral2/files/0x0007000000023550-148.dat	xmrig
behavioral2/files/0x000700000002354f-143.dat	xmrig
behavioral2/files/0x000700000002354d-133.dat	xmrig
behavioral2/files/0x000700000002354c-128.dat	xmrig
behavioral2/files/0x000700000002354b-123.dat	xmrig
behavioral2/files/0x000700000002354a-118.dat	xmrig
behavioral2/files/0x0007000000023548-108.dat	xmrig
behavioral2/files/0x0007000000023547-103.dat	xmrig
behavioral2/files/0x0007000000023546-98.dat	xmrig
behavioral2/files/0x0007000000023545-92.dat	xmrig
behavioral2/files/0x0007000000023544-88.dat	xmrig
behavioral2/files/0x0007000000023543-82.dat	xmrig
behavioral2/files/0x0007000000023542-78.dat	xmrig
behavioral2/files/0x0007000000023541-73.dat	xmrig
behavioral2/files/0x000700000002353f-62.dat	xmrig
behavioral2/files/0x000700000002353d-52.dat	xmrig
behavioral2/files/0x000800000002353b-42.dat	xmrig
behavioral2/files/0x000d000000023397-35.dat	xmrig
behavioral2/files/0x000800000002330d-30.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4816	yCOsxGq.exe
1300	DMFaMpd.exe
3908	VefeBNr.exe
1652	zuIaYjJ.exe
3652	IFfilLZ.exe
2008	lDYXXbJ.exe
2476	YCgnoXv.exe
2044	ePBBDOg.exe
2968	EtGArvJ.exe
4160	ZDdbZNF.exe
924	CcwMqDP.exe
4980	oirFTVP.exe
4700	fNrGbJJ.exe
1760	mYAtKBd.exe
3760	pyBmtDT.exe
3144	AvKAqJz.exe
2664	XXLSWGv.exe
1864	COlaOUo.exe
4440	cURcCQQ.exe
2324	wXkocje.exe
3424	uTuHEyO.exe
3544	NQOhbiR.exe
4752	RtqOlXh.exe
1160	pEDHprL.exe
4484	bDAtzcy.exe
2328	brCUAFe.exe
3376	acvUtSH.exe
1360	wNqBmnR.exe
4612	AfLscRI.exe
4768	SBXQXjl.exe
4388	ijLLtsR.exe
3312	xfDIWGB.exe
2892	QxLxWrk.exe
2104	VOJZdbz.exe
5112	dJXAovX.exe
628	Rrcyova.exe
4556	pvUkNzc.exe
2260	dAzoCqU.exe
392	OwlBECU.exe
4076	VWZHytm.exe
4348	ZsYnuqS.exe
5048	YHsgPHP.exe
4152	wDCwyHK.exe
956	SEmfOln.exe
3672	OYZDLjE.exe
4800	hqnKWQO.exe
4904	uJgkwbW.exe
524	mgFywvk.exe
4528	BVwdHfK.exe
3520	MFBaDdU.exe
3740	IQLhJzH.exe
4284	fcpGNhh.exe
5072	zbPxOTN.exe
3748	NXUAyWR.exe
5140	tTCEktT.exe
5176	AITfXlO.exe
5204	Ltoaktb.exe
5232	QFPjYqI.exe
5260	ylhjqSK.exe
5288	NTLMvVw.exe
5320	XPtjnHi.exe
5344	qgeZDWM.exe
5372	HRFnoYQ.exe
5392	ODjFLwA.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pspoHjK.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\mYAtKBd.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\hqnKWQO.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\vgfRdlG.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\dIgzqWV.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ostfTJF.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\CdPUnvr.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\gQbiizf.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\pRlKCxj.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\PCowjya.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\cYeiHvO.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\mZxgcKI.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\wyMQCDa.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\nUfGXTo.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\FDsBrzG.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ZsYnuqS.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\SEmfOln.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\InvcYry.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\rxociWg.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\XMaDOSD.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\JuTbFyO.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\svNGdXZ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\bqegfND.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\dlNRjSl.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ZDdbZNF.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\Ltoaktb.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\WpYvEHC.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\LTXaRGF.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\JJuwIbE.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ricLhwx.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\DkgQcbQ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\NlZtbcg.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\NBOOJYc.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\cUCuupE.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\JhDaIwl.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ZgudVYi.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ApZCUzc.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\ctiIvkT.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\CkZvXVQ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\xTNFlHG.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\nLqbyqy.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\Ldlfvan.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\GbFFtuV.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\neOmgDo.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\CcwMqDP.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\OoLfyrQ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\oirFTVP.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\CbXNytp.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\crgtOeA.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\JBsiPwi.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\DqPJbVy.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\GdUtkaJ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\VWZHytm.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\KFruggd.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\PzvMAgJ.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\QHftoNA.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\NvZAxRR.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\IdpjIZo.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\NFaQVwK.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\bDAtzcy.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\mRjDxPy.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\wzsBxjP.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\acwfxTa.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
File created	C:\Windows\System\AfLscRI.exe	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
Token: SeLockMemoryPrivilege	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4816	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	91
PID 4424 wrote to memory of 4816	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	91
PID 4424 wrote to memory of 1300	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	92
PID 4424 wrote to memory of 1300	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	92
PID 4424 wrote to memory of 3908	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	93
PID 4424 wrote to memory of 3908	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	93
PID 4424 wrote to memory of 1652	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	94
PID 4424 wrote to memory of 1652	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	94
PID 4424 wrote to memory of 3652	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	95
PID 4424 wrote to memory of 3652	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	95
PID 4424 wrote to memory of 2008	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	96
PID 4424 wrote to memory of 2008	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	96
PID 4424 wrote to memory of 2476	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	97
PID 4424 wrote to memory of 2476	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	97
PID 4424 wrote to memory of 2044	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	98
PID 4424 wrote to memory of 2044	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	98
PID 4424 wrote to memory of 2968	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	99
PID 4424 wrote to memory of 2968	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	99
PID 4424 wrote to memory of 4160	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	100
PID 4424 wrote to memory of 4160	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	100
PID 4424 wrote to memory of 924	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	101
PID 4424 wrote to memory of 924	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	101
PID 4424 wrote to memory of 4980	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	102
PID 4424 wrote to memory of 4980	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	102
PID 4424 wrote to memory of 4700	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	103
PID 4424 wrote to memory of 4700	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	103
PID 4424 wrote to memory of 1760	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	104
PID 4424 wrote to memory of 1760	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	104
PID 4424 wrote to memory of 3760	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	105
PID 4424 wrote to memory of 3760	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	105
PID 4424 wrote to memory of 3144	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	106
PID 4424 wrote to memory of 3144	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	106
PID 4424 wrote to memory of 2664	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	107
PID 4424 wrote to memory of 2664	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	107
PID 4424 wrote to memory of 1864	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	108
PID 4424 wrote to memory of 1864	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	108
PID 4424 wrote to memory of 4440	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	109
PID 4424 wrote to memory of 4440	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	109
PID 4424 wrote to memory of 2324	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	110
PID 4424 wrote to memory of 2324	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	110
PID 4424 wrote to memory of 3424	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	111
PID 4424 wrote to memory of 3424	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	111
PID 4424 wrote to memory of 3544	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	112
PID 4424 wrote to memory of 3544	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	112
PID 4424 wrote to memory of 4752	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	113
PID 4424 wrote to memory of 4752	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	113
PID 4424 wrote to memory of 1160	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	114
PID 4424 wrote to memory of 1160	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	114
PID 4424 wrote to memory of 4484	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	115
PID 4424 wrote to memory of 4484	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	115
PID 4424 wrote to memory of 2328	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	116
PID 4424 wrote to memory of 2328	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	116
PID 4424 wrote to memory of 3376	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	117
PID 4424 wrote to memory of 3376	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	117
PID 4424 wrote to memory of 1360	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	118
PID 4424 wrote to memory of 1360	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	118
PID 4424 wrote to memory of 4612	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	119
PID 4424 wrote to memory of 4612	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	119
PID 4424 wrote to memory of 4768	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	120
PID 4424 wrote to memory of 4768	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	120
PID 4424 wrote to memory of 4388	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	121
PID 4424 wrote to memory of 4388	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	121
PID 4424 wrote to memory of 3312	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	122
PID 4424 wrote to memory of 3312	4424	36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe	122

C:\Users\Admin\AppData\Local\Temp\36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe
"C:\Users\Admin\AppData\Local\Temp\36bc205e01ccda40bac68c1c3e56527cb9e66d547c8b7204756e520fc52a202c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\System\yCOsxGq.exe
  C:\Windows\System\yCOsxGq.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\DMFaMpd.exe
  C:\Windows\System\DMFaMpd.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\VefeBNr.exe
  C:\Windows\System\VefeBNr.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\zuIaYjJ.exe
  C:\Windows\System\zuIaYjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\IFfilLZ.exe
  C:\Windows\System\IFfilLZ.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\lDYXXbJ.exe
  C:\Windows\System\lDYXXbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\YCgnoXv.exe
  C:\Windows\System\YCgnoXv.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ePBBDOg.exe
  C:\Windows\System\ePBBDOg.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\EtGArvJ.exe
  C:\Windows\System\EtGArvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ZDdbZNF.exe
  C:\Windows\System\ZDdbZNF.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\CcwMqDP.exe
  C:\Windows\System\CcwMqDP.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\oirFTVP.exe
  C:\Windows\System\oirFTVP.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\fNrGbJJ.exe
  C:\Windows\System\fNrGbJJ.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\mYAtKBd.exe
  C:\Windows\System\mYAtKBd.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\pyBmtDT.exe
  C:\Windows\System\pyBmtDT.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\AvKAqJz.exe
  C:\Windows\System\AvKAqJz.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\XXLSWGv.exe
  C:\Windows\System\XXLSWGv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\COlaOUo.exe
  C:\Windows\System\COlaOUo.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\cURcCQQ.exe
  C:\Windows\System\cURcCQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\wXkocje.exe
  C:\Windows\System\wXkocje.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\uTuHEyO.exe
  C:\Windows\System\uTuHEyO.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\NQOhbiR.exe
  C:\Windows\System\NQOhbiR.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\RtqOlXh.exe
  C:\Windows\System\RtqOlXh.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\pEDHprL.exe
  C:\Windows\System\pEDHprL.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\bDAtzcy.exe
  C:\Windows\System\bDAtzcy.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\brCUAFe.exe
  C:\Windows\System\brCUAFe.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\acvUtSH.exe
  C:\Windows\System\acvUtSH.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\wNqBmnR.exe
  C:\Windows\System\wNqBmnR.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\AfLscRI.exe
  C:\Windows\System\AfLscRI.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\SBXQXjl.exe
  C:\Windows\System\SBXQXjl.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\ijLLtsR.exe
  C:\Windows\System\ijLLtsR.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\xfDIWGB.exe
  C:\Windows\System\xfDIWGB.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\QxLxWrk.exe
  C:\Windows\System\QxLxWrk.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\VOJZdbz.exe
  C:\Windows\System\VOJZdbz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\dJXAovX.exe
  C:\Windows\System\dJXAovX.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\Rrcyova.exe
  C:\Windows\System\Rrcyova.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\pvUkNzc.exe
  C:\Windows\System\pvUkNzc.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\dAzoCqU.exe
  C:\Windows\System\dAzoCqU.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\OwlBECU.exe
  C:\Windows\System\OwlBECU.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\VWZHytm.exe
  C:\Windows\System\VWZHytm.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\ZsYnuqS.exe
  C:\Windows\System\ZsYnuqS.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\YHsgPHP.exe
  C:\Windows\System\YHsgPHP.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\wDCwyHK.exe
  C:\Windows\System\wDCwyHK.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\SEmfOln.exe
  C:\Windows\System\SEmfOln.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\OYZDLjE.exe
  C:\Windows\System\OYZDLjE.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\hqnKWQO.exe
  C:\Windows\System\hqnKWQO.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\uJgkwbW.exe
  C:\Windows\System\uJgkwbW.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\mgFywvk.exe
  C:\Windows\System\mgFywvk.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\BVwdHfK.exe
  C:\Windows\System\BVwdHfK.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\MFBaDdU.exe
  C:\Windows\System\MFBaDdU.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\IQLhJzH.exe
  C:\Windows\System\IQLhJzH.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\fcpGNhh.exe
  C:\Windows\System\fcpGNhh.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\zbPxOTN.exe
  C:\Windows\System\zbPxOTN.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\NXUAyWR.exe
  C:\Windows\System\NXUAyWR.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\tTCEktT.exe
  C:\Windows\System\tTCEktT.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\AITfXlO.exe
  C:\Windows\System\AITfXlO.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\Ltoaktb.exe
  C:\Windows\System\Ltoaktb.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\QFPjYqI.exe
  C:\Windows\System\QFPjYqI.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\ylhjqSK.exe
  C:\Windows\System\ylhjqSK.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\NTLMvVw.exe
  C:\Windows\System\NTLMvVw.exe
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System\XPtjnHi.exe
  C:\Windows\System\XPtjnHi.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\qgeZDWM.exe
  C:\Windows\System\qgeZDWM.exe
  2⤵
  - Executes dropped EXE
  PID:5344
- C:\Windows\System\HRFnoYQ.exe
  C:\Windows\System\HRFnoYQ.exe
  2⤵
  - Executes dropped EXE
  PID:5372
- C:\Windows\System\ODjFLwA.exe
  C:\Windows\System\ODjFLwA.exe
  2⤵
  - Executes dropped EXE
  PID:5392
- C:\Windows\System\vChGcyF.exe
  C:\Windows\System\vChGcyF.exe
  2⤵
  PID:5420
- C:\Windows\System\zyOQORy.exe
  C:\Windows\System\zyOQORy.exe
  2⤵
  PID:5444
- C:\Windows\System\orKLFyI.exe
  C:\Windows\System\orKLFyI.exe
  2⤵
  PID:5472
- C:\Windows\System\MCHKECG.exe
  C:\Windows\System\MCHKECG.exe
  2⤵
  PID:5500
- C:\Windows\System\nLqbyqy.exe
  C:\Windows\System\nLqbyqy.exe
  2⤵
  PID:5528
- C:\Windows\System\KTJpNUG.exe
  C:\Windows\System\KTJpNUG.exe
  2⤵
  PID:5556
- C:\Windows\System\GDMbjaX.exe
  C:\Windows\System\GDMbjaX.exe
  2⤵
  PID:5584
- C:\Windows\System\OLudyNi.exe
  C:\Windows\System\OLudyNi.exe
  2⤵
  PID:5612
- C:\Windows\System\GezEyBj.exe
  C:\Windows\System\GezEyBj.exe
  2⤵
  PID:5636
- C:\Windows\System\poOauqe.exe
  C:\Windows\System\poOauqe.exe
  2⤵
  PID:5664
- C:\Windows\System\JJuwIbE.exe
  C:\Windows\System\JJuwIbE.exe
  2⤵
  PID:5696
- C:\Windows\System\dYUXoQc.exe
  C:\Windows\System\dYUXoQc.exe
  2⤵
  PID:5724
- C:\Windows\System\dSotatc.exe
  C:\Windows\System\dSotatc.exe
  2⤵
  PID:5752
- C:\Windows\System\rnWbnYQ.exe
  C:\Windows\System\rnWbnYQ.exe
  2⤵
  PID:5780
- C:\Windows\System\WhVIunM.exe
  C:\Windows\System\WhVIunM.exe
  2⤵
  PID:5808
- C:\Windows\System\mZDBHZM.exe
  C:\Windows\System\mZDBHZM.exe
  2⤵
  PID:5836
- C:\Windows\System\CbXNytp.exe
  C:\Windows\System\CbXNytp.exe
  2⤵
  PID:5864
- C:\Windows\System\bhidcgn.exe
  C:\Windows\System\bhidcgn.exe
  2⤵
  PID:5892
- C:\Windows\System\OqaVfca.exe
  C:\Windows\System\OqaVfca.exe
  2⤵
  PID:5920
- C:\Windows\System\KFruggd.exe
  C:\Windows\System\KFruggd.exe
  2⤵
  PID:5948
- C:\Windows\System\qvEhIhr.exe
  C:\Windows\System\qvEhIhr.exe
  2⤵
  PID:5976
- C:\Windows\System\dfYcCcV.exe
  C:\Windows\System\dfYcCcV.exe
  2⤵
  PID:6004
- C:\Windows\System\ricLhwx.exe
  C:\Windows\System\ricLhwx.exe
  2⤵
  PID:6032
- C:\Windows\System\DYvckbv.exe
  C:\Windows\System\DYvckbv.exe
  2⤵
  PID:6060
- C:\Windows\System\JhDaIwl.exe
  C:\Windows\System\JhDaIwl.exe
  2⤵
  PID:6088
- C:\Windows\System\FVHRGbu.exe
  C:\Windows\System\FVHRGbu.exe
  2⤵
  PID:6116
- C:\Windows\System\ImiXUHs.exe
  C:\Windows\System\ImiXUHs.exe
  2⤵
  PID:4860
- C:\Windows\System\ZgudVYi.exe
  C:\Windows\System\ZgudVYi.exe
  2⤵
  PID:2344
- C:\Windows\System\vcIVvyq.exe
  C:\Windows\System\vcIVvyq.exe
  2⤵
  PID:4916
- C:\Windows\System\fFPYOTc.exe
  C:\Windows\System\fFPYOTc.exe
  2⤵
  PID:1172
- C:\Windows\System\mVAjnPR.exe
  C:\Windows\System\mVAjnPR.exe
  2⤵
  PID:3384
- C:\Windows\System\vgfRdlG.exe
  C:\Windows\System\vgfRdlG.exe
  2⤵
  PID:5152
- C:\Windows\System\YvqDBgg.exe
  C:\Windows\System\YvqDBgg.exe
  2⤵
  PID:5220
- C:\Windows\System\JuTbFyO.exe
  C:\Windows\System\JuTbFyO.exe
  2⤵
  PID:5280
- C:\Windows\System\VkXnkwf.exe
  C:\Windows\System\VkXnkwf.exe
  2⤵
  PID:5340
- C:\Windows\System\honxdht.exe
  C:\Windows\System\honxdht.exe
  2⤵
  PID:5412
- C:\Windows\System\XJuESjw.exe
  C:\Windows\System\XJuESjw.exe
  2⤵
  PID:5484
- C:\Windows\System\VZwasdK.exe
  C:\Windows\System\VZwasdK.exe
  2⤵
  PID:5544
- C:\Windows\System\mLfjldj.exe
  C:\Windows\System\mLfjldj.exe
  2⤵
  PID:5604
- C:\Windows\System\iwXwTzG.exe
  C:\Windows\System\iwXwTzG.exe
  2⤵
  PID:5680
- C:\Windows\System\JIfsTUz.exe
  C:\Windows\System\JIfsTUz.exe
  2⤵
  PID:5740
- C:\Windows\System\bxzSxFg.exe
  C:\Windows\System\bxzSxFg.exe
  2⤵
  PID:5800
- C:\Windows\System\lgPYcwP.exe
  C:\Windows\System\lgPYcwP.exe
  2⤵
  PID:5876
- C:\Windows\System\VtlrBBC.exe
  C:\Windows\System\VtlrBBC.exe
  2⤵
  PID:5936
- C:\Windows\System\ovPvMnC.exe
  C:\Windows\System\ovPvMnC.exe
  2⤵
  PID:5996
- C:\Windows\System\gYPSqXY.exe
  C:\Windows\System\gYPSqXY.exe
  2⤵
  PID:6072
- C:\Windows\System\bZMaWNY.exe
  C:\Windows\System\bZMaWNY.exe
  2⤵
  PID:6132
- C:\Windows\System\DntZRMh.exe
  C:\Windows\System\DntZRMh.exe
  2⤵
  PID:4940
- C:\Windows\System\IGAXXFF.exe
  C:\Windows\System\IGAXXFF.exe
  2⤵
  PID:1520
- C:\Windows\System\ZBHGONh.exe
  C:\Windows\System\ZBHGONh.exe
  2⤵
  PID:5252
- C:\Windows\System\Ldlfvan.exe
  C:\Windows\System\Ldlfvan.exe
  2⤵
  PID:5400
- C:\Windows\System\obHMyFZ.exe
  C:\Windows\System\obHMyFZ.exe
  2⤵
  PID:5572
- C:\Windows\System\pMEeOvb.exe
  C:\Windows\System\pMEeOvb.exe
  2⤵
  PID:6152
- C:\Windows\System\QojDZKa.exe
  C:\Windows\System\QojDZKa.exe
  2⤵
  PID:6180
- C:\Windows\System\cLefkuW.exe
  C:\Windows\System\cLefkuW.exe
  2⤵
  PID:6204
- C:\Windows\System\SrQdQIV.exe
  C:\Windows\System\SrQdQIV.exe
  2⤵
  PID:6236
- C:\Windows\System\TKRxoId.exe
  C:\Windows\System\TKRxoId.exe
  2⤵
  PID:6264
- C:\Windows\System\dIgzqWV.exe
  C:\Windows\System\dIgzqWV.exe
  2⤵
  PID:6292
- C:\Windows\System\azyhFxX.exe
  C:\Windows\System\azyhFxX.exe
  2⤵
  PID:6320
- C:\Windows\System\ApZCUzc.exe
  C:\Windows\System\ApZCUzc.exe
  2⤵
  PID:6348
- C:\Windows\System\GrXBAHG.exe
  C:\Windows\System\GrXBAHG.exe
  2⤵
  PID:6376
- C:\Windows\System\EfAPJya.exe
  C:\Windows\System\EfAPJya.exe
  2⤵
  PID:6404
- C:\Windows\System\ecGuXKC.exe
  C:\Windows\System\ecGuXKC.exe
  2⤵
  PID:6432
- C:\Windows\System\UACZOsp.exe
  C:\Windows\System\UACZOsp.exe
  2⤵
  PID:6460
- C:\Windows\System\PCowjya.exe
  C:\Windows\System\PCowjya.exe
  2⤵
  PID:6488
- C:\Windows\System\QhyDHvr.exe
  C:\Windows\System\QhyDHvr.exe
  2⤵
  PID:6516
- C:\Windows\System\lcjjzZS.exe
  C:\Windows\System\lcjjzZS.exe
  2⤵
  PID:6544
- C:\Windows\System\vRPhCmG.exe
  C:\Windows\System\vRPhCmG.exe
  2⤵
  PID:6572
- C:\Windows\System\DZYdHTX.exe
  C:\Windows\System\DZYdHTX.exe
  2⤵
  PID:6600
- C:\Windows\System\CZzngqA.exe
  C:\Windows\System\CZzngqA.exe
  2⤵
  PID:6628
- C:\Windows\System\TewtPuN.exe
  C:\Windows\System\TewtPuN.exe
  2⤵
  PID:6656
- C:\Windows\System\svNGdXZ.exe
  C:\Windows\System\svNGdXZ.exe
  2⤵
  PID:6684
- C:\Windows\System\PykqKLb.exe
  C:\Windows\System\PykqKLb.exe
  2⤵
  PID:6716
- C:\Windows\System\mdRPTJs.exe
  C:\Windows\System\mdRPTJs.exe
  2⤵
  PID:6740
- C:\Windows\System\NWCLGpG.exe
  C:\Windows\System\NWCLGpG.exe
  2⤵
  PID:6768
- C:\Windows\System\ZtVhltq.exe
  C:\Windows\System\ZtVhltq.exe
  2⤵
  PID:6796
- C:\Windows\System\YsoClko.exe
  C:\Windows\System\YsoClko.exe
  2⤵
  PID:6824
- C:\Windows\System\nhNFBvB.exe
  C:\Windows\System\nhNFBvB.exe
  2⤵
  PID:6852
- C:\Windows\System\zyBygzs.exe
  C:\Windows\System\zyBygzs.exe
  2⤵
  PID:6880
- C:\Windows\System\OoLfyrQ.exe
  C:\Windows\System\OoLfyrQ.exe
  2⤵
  PID:6908
- C:\Windows\System\xODoCZy.exe
  C:\Windows\System\xODoCZy.exe
  2⤵
  PID:6936
- C:\Windows\System\WrMahfi.exe
  C:\Windows\System\WrMahfi.exe
  2⤵
  PID:6964
- C:\Windows\System\CKQEXuL.exe
  C:\Windows\System\CKQEXuL.exe
  2⤵
  PID:6992
- C:\Windows\System\CVFwqKW.exe
  C:\Windows\System\CVFwqKW.exe
  2⤵
  PID:7020
- C:\Windows\System\GFkcfCl.exe
  C:\Windows\System\GFkcfCl.exe
  2⤵
  PID:7048
- C:\Windows\System\zFPPyFP.exe
  C:\Windows\System\zFPPyFP.exe
  2⤵
  PID:7076
- C:\Windows\System\ctiIvkT.exe
  C:\Windows\System\ctiIvkT.exe
  2⤵
  PID:7104
- C:\Windows\System\CkZvXVQ.exe
  C:\Windows\System\CkZvXVQ.exe
  2⤵
  PID:7132
- C:\Windows\System\BVvrOTC.exe
  C:\Windows\System\BVvrOTC.exe
  2⤵
  PID:7160
- C:\Windows\System\FkitkUb.exe
  C:\Windows\System\FkitkUb.exe
  2⤵
  PID:5792
- C:\Windows\System\KgyAqrI.exe
  C:\Windows\System\KgyAqrI.exe
  2⤵
  PID:5964
- C:\Windows\System\tOlRxxB.exe
  C:\Windows\System\tOlRxxB.exe
  2⤵
  PID:6104
- C:\Windows\System\rePXxeg.exe
  C:\Windows\System\rePXxeg.exe
  2⤵
  PID:4376
- C:\Windows\System\mrYYCHy.exe
  C:\Windows\System\mrYYCHy.exe
  2⤵
  PID:5512
- C:\Windows\System\RedCLQM.exe
  C:\Windows\System\RedCLQM.exe
  2⤵
  PID:6172
- C:\Windows\System\LCyosjY.exe
  C:\Windows\System\LCyosjY.exe
  2⤵
  PID:6248
- C:\Windows\System\XHBJFuC.exe
  C:\Windows\System\XHBJFuC.exe
  2⤵
  PID:6308
- C:\Windows\System\PzvMAgJ.exe
  C:\Windows\System\PzvMAgJ.exe
  2⤵
  PID:6372
- C:\Windows\System\abpTwre.exe
  C:\Windows\System\abpTwre.exe
  2⤵
  PID:6444
- C:\Windows\System\IYScgjZ.exe
  C:\Windows\System\IYScgjZ.exe
  2⤵
  PID:6504
- C:\Windows\System\igvaueh.exe
  C:\Windows\System\igvaueh.exe
  2⤵
  PID:6560
- C:\Windows\System\ostfTJF.exe
  C:\Windows\System\ostfTJF.exe
  2⤵
  PID:6620
- C:\Windows\System\dpAHzlc.exe
  C:\Windows\System\dpAHzlc.exe
  2⤵
  PID:6696
- C:\Windows\System\ErLnjkL.exe
  C:\Windows\System\ErLnjkL.exe
  2⤵
  PID:6756
- C:\Windows\System\jLupKLe.exe
  C:\Windows\System\jLupKLe.exe
  2⤵
  PID:6816
- C:\Windows\System\XCleJBu.exe
  C:\Windows\System\XCleJBu.exe
  2⤵
  PID:6872
- C:\Windows\System\EumxFAZ.exe
  C:\Windows\System\EumxFAZ.exe
  2⤵
  PID:6928
- C:\Windows\System\TBoulCU.exe
  C:\Windows\System\TBoulCU.exe
  2⤵
  PID:7004
- C:\Windows\System\QHftoNA.exe
  C:\Windows\System\QHftoNA.exe
  2⤵
  PID:7060
- C:\Windows\System\hlYZuTc.exe
  C:\Windows\System\hlYZuTc.exe
  2⤵
  PID:7120
- C:\Windows\System\DkgQcbQ.exe
  C:\Windows\System\DkgQcbQ.exe
  2⤵
  PID:5768
- C:\Windows\System\WpYvEHC.exe
  C:\Windows\System\WpYvEHC.exe
  2⤵
  PID:1044
- C:\Windows\System\GrYKAfH.exe
  C:\Windows\System\GrYKAfH.exe
  2⤵
  PID:5656
- C:\Windows\System\InvcYry.exe
  C:\Windows\System\InvcYry.exe
  2⤵
  PID:6284
- C:\Windows\System\bnMzxkS.exe
  C:\Windows\System\bnMzxkS.exe
  2⤵
  PID:3656
- C:\Windows\System\sIyWAFn.exe
  C:\Windows\System\sIyWAFn.exe
  2⤵
  PID:400
- C:\Windows\System\EmjkIxJ.exe
  C:\Windows\System\EmjkIxJ.exe
  2⤵
  PID:6724
- C:\Windows\System\GbFFtuV.exe
  C:\Windows\System\GbFFtuV.exe
  2⤵
  PID:6844
- C:\Windows\System\neOmgDo.exe
  C:\Windows\System\neOmgDo.exe
  2⤵
  PID:6956
- C:\Windows\System\mpUVImz.exe
  C:\Windows\System\mpUVImz.exe
  2⤵
  PID:7040
- C:\Windows\System\danUMVJ.exe
  C:\Windows\System\danUMVJ.exe
  2⤵
  PID:752
- C:\Windows\System\oHyxHEi.exe
  C:\Windows\System\oHyxHEi.exe
  2⤵
  PID:7188
- C:\Windows\System\DWOcjCU.exe
  C:\Windows\System\DWOcjCU.exe
  2⤵
  PID:7216
- C:\Windows\System\pOeEbom.exe
  C:\Windows\System\pOeEbom.exe
  2⤵
  PID:7248
- C:\Windows\System\TjnPQqG.exe
  C:\Windows\System\TjnPQqG.exe
  2⤵
  PID:7272
- C:\Windows\System\CdPUnvr.exe
  C:\Windows\System\CdPUnvr.exe
  2⤵
  PID:7300
- C:\Windows\System\JnTpDli.exe
  C:\Windows\System\JnTpDli.exe
  2⤵
  PID:7328
- C:\Windows\System\WenrYUT.exe
  C:\Windows\System\WenrYUT.exe
  2⤵
  PID:7356
- C:\Windows\System\dHvxIyN.exe
  C:\Windows\System\dHvxIyN.exe
  2⤵
  PID:7384
- C:\Windows\System\acfoLYw.exe
  C:\Windows\System\acfoLYw.exe
  2⤵
  PID:7412
- C:\Windows\System\mqaUoYr.exe
  C:\Windows\System\mqaUoYr.exe
  2⤵
  PID:7440
- C:\Windows\System\yiqsNbc.exe
  C:\Windows\System\yiqsNbc.exe
  2⤵
  PID:7468
- C:\Windows\System\gQbiizf.exe
  C:\Windows\System\gQbiizf.exe
  2⤵
  PID:7492
- C:\Windows\System\xisEvAR.exe
  C:\Windows\System\xisEvAR.exe
  2⤵
  PID:7524
- C:\Windows\System\rDYovKR.exe
  C:\Windows\System\rDYovKR.exe
  2⤵
  PID:7552
- C:\Windows\System\LoZKezL.exe
  C:\Windows\System\LoZKezL.exe
  2⤵
  PID:7580
- C:\Windows\System\nMZdHPN.exe
  C:\Windows\System\nMZdHPN.exe
  2⤵
  PID:7608
- C:\Windows\System\cYeiHvO.exe
  C:\Windows\System\cYeiHvO.exe
  2⤵
  PID:7636
- C:\Windows\System\bosrqaU.exe
  C:\Windows\System\bosrqaU.exe
  2⤵
  PID:7664
- C:\Windows\System\NUaXMmb.exe
  C:\Windows\System\NUaXMmb.exe
  2⤵
  PID:7692
- C:\Windows\System\QWxMqlh.exe
  C:\Windows\System\QWxMqlh.exe
  2⤵
  PID:7720
- C:\Windows\System\GpAGUPs.exe
  C:\Windows\System\GpAGUPs.exe
  2⤵
  PID:7748
- C:\Windows\System\KeJMDQd.exe
  C:\Windows\System\KeJMDQd.exe
  2⤵
  PID:7776
- C:\Windows\System\HjYYpAx.exe
  C:\Windows\System\HjYYpAx.exe
  2⤵
  PID:7804
- C:\Windows\System\qoDWwew.exe
  C:\Windows\System\qoDWwew.exe
  2⤵
  PID:7832
- C:\Windows\System\NvZAxRR.exe
  C:\Windows\System\NvZAxRR.exe
  2⤵
  PID:7860
- C:\Windows\System\bKtITzh.exe
  C:\Windows\System\bKtITzh.exe
  2⤵
  PID:7888
- C:\Windows\System\eQgWcdp.exe
  C:\Windows\System\eQgWcdp.exe
  2⤵
  PID:7916
- C:\Windows\System\DLWFxFD.exe
  C:\Windows\System\DLWFxFD.exe
  2⤵
  PID:8008
- C:\Windows\System\NlZtbcg.exe
  C:\Windows\System\NlZtbcg.exe
  2⤵
  PID:8032
- C:\Windows\System\crgtOeA.exe
  C:\Windows\System\crgtOeA.exe
  2⤵
  PID:8092
- C:\Windows\System\mZxgcKI.exe
  C:\Windows\System\mZxgcKI.exe
  2⤵
  PID:8132
- C:\Windows\System\FwSLqAR.exe
  C:\Windows\System\FwSLqAR.exe
  2⤵
  PID:8152
- C:\Windows\System\OHQGQfk.exe
  C:\Windows\System\OHQGQfk.exe
  2⤵
  PID:8176
- C:\Windows\System\OsZCTdh.exe
  C:\Windows\System\OsZCTdh.exe
  2⤵
  PID:5336
- C:\Windows\System\wyMQCDa.exe
  C:\Windows\System\wyMQCDa.exe
  2⤵
  PID:6392
- C:\Windows\System\JBsiPwi.exe
  C:\Windows\System\JBsiPwi.exe
  2⤵
  PID:6612
- C:\Windows\System\lgtcgpW.exe
  C:\Windows\System\lgtcgpW.exe
  2⤵
  PID:4224
- C:\Windows\System\vqGoTxV.exe
  C:\Windows\System\vqGoTxV.exe
  2⤵
  PID:3056
- C:\Windows\System\McSRxDq.exe
  C:\Windows\System\McSRxDq.exe
  2⤵
  PID:2284
- C:\Windows\System\yKsCONe.exe
  C:\Windows\System\yKsCONe.exe
  2⤵
  PID:7264
- C:\Windows\System\NBOOJYc.exe
  C:\Windows\System\NBOOJYc.exe
  2⤵
  PID:7348
- C:\Windows\System\ADdNbAy.exe
  C:\Windows\System\ADdNbAy.exe
  2⤵
  PID:7396
- C:\Windows\System\mvujzyY.exe
  C:\Windows\System\mvujzyY.exe
  2⤵
  PID:4000
- C:\Windows\System\xTNFlHG.exe
  C:\Windows\System\xTNFlHG.exe
  2⤵
  PID:4492
- C:\Windows\System\fSPsQWP.exe
  C:\Windows\System\fSPsQWP.exe
  2⤵
  PID:4004
- C:\Windows\System\bqegfND.exe
  C:\Windows\System\bqegfND.exe
  2⤵
  PID:2740
- C:\Windows\System\kaEHygX.exe
  C:\Windows\System\kaEHygX.exe
  2⤵
  PID:3772
- C:\Windows\System\dFxFdHg.exe
  C:\Windows\System\dFxFdHg.exe
  2⤵
  PID:7684
- C:\Windows\System\IdpjIZo.exe
  C:\Windows\System\IdpjIZo.exe
  2⤵
  PID:7736
- C:\Windows\System\wVEQlqD.exe
  C:\Windows\System\wVEQlqD.exe
  2⤵
  PID:7764
- C:\Windows\System\nUfGXTo.exe
  C:\Windows\System\nUfGXTo.exe
  2⤵
  PID:7820
- C:\Windows\System\UkigrKO.exe
  C:\Windows\System\UkigrKO.exe
  2⤵
  PID:7872
- C:\Windows\System\CQhEgPP.exe
  C:\Windows\System\CQhEgPP.exe
  2⤵
  PID:7876
- C:\Windows\System\KlcKgPD.exe
  C:\Windows\System\KlcKgPD.exe
  2⤵
  PID:7900
- C:\Windows\System\pRlKCxj.exe
  C:\Windows\System\pRlKCxj.exe
  2⤵
  PID:7928
- C:\Windows\System\bpoEfSK.exe
  C:\Windows\System\bpoEfSK.exe
  2⤵
  PID:1088
- C:\Windows\System\cUZzuMQ.exe
  C:\Windows\System\cUZzuMQ.exe
  2⤵
  PID:4996
- C:\Windows\System\NFaQVwK.exe
  C:\Windows\System\NFaQVwK.exe
  2⤵
  PID:2100
- C:\Windows\System\rxociWg.exe
  C:\Windows\System\rxociWg.exe
  2⤵
  PID:8024
- C:\Windows\System\UhgzuyX.exe
  C:\Windows\System\UhgzuyX.exe
  2⤵
  PID:8064
- C:\Windows\System\gwLHbLa.exe
  C:\Windows\System\gwLHbLa.exe
  2⤵
  PID:8144
- C:\Windows\System\IoGYKAT.exe
  C:\Windows\System\IoGYKAT.exe
  2⤵
  PID:6480
- C:\Windows\System\ShhnzWy.exe
  C:\Windows\System\ShhnzWy.exe
  2⤵
  PID:4564
- C:\Windows\System\GYEeiVb.exe
  C:\Windows\System\GYEeiVb.exe
  2⤵
  PID:7320
- C:\Windows\System\DqPJbVy.exe
  C:\Windows\System\DqPJbVy.exe
  2⤵
  PID:7376
- C:\Windows\System\GdUtkaJ.exe
  C:\Windows\System\GdUtkaJ.exe
  2⤵
  PID:7512
- C:\Windows\System\qVbRCnu.exe
  C:\Windows\System\qVbRCnu.exe
  2⤵
  PID:7676
- C:\Windows\System\pspoHjK.exe
  C:\Windows\System\pspoHjK.exe
  2⤵
  PID:3592
- C:\Windows\System\udCGDIe.exe
  C:\Windows\System\udCGDIe.exe
  2⤵
  PID:3032
- C:\Windows\System\XkdwoIE.exe
  C:\Windows\System\XkdwoIE.exe
  2⤵
  PID:444
- C:\Windows\System\OxayBGt.exe
  C:\Windows\System\OxayBGt.exe
  2⤵
  PID:3456
- C:\Windows\System\TASOWva.exe
  C:\Windows\System\TASOWva.exe
  2⤵
  PID:4428
- C:\Windows\System\dIHzTvZ.exe
  C:\Windows\System\dIHzTvZ.exe
  2⤵
  PID:6044
- C:\Windows\System\xcnWpJN.exe
  C:\Windows\System\xcnWpJN.exe
  2⤵
  PID:7256
- C:\Windows\System\QOCihor.exe
  C:\Windows\System\QOCihor.exe
  2⤵
  PID:7628
- C:\Windows\System\uYBExaI.exe
  C:\Windows\System\uYBExaI.exe
  2⤵
  PID:7816
- C:\Windows\System\DNuNQPg.exe
  C:\Windows\System\DNuNQPg.exe
  2⤵
  PID:8000
- C:\Windows\System\PvQeZzL.exe
  C:\Windows\System\PvQeZzL.exe
  2⤵
  PID:8128
- C:\Windows\System\DlUifGS.exe
  C:\Windows\System\DlUifGS.exe
  2⤵
  PID:7288
- C:\Windows\System\mRjDxPy.exe
  C:\Windows\System\mRjDxPy.exe
  2⤵
  PID:7208
- C:\Windows\System\AeBGODI.exe
  C:\Windows\System\AeBGODI.exe
  2⤵
  PID:1808
- C:\Windows\System\NrUAOFK.exe
  C:\Windows\System\NrUAOFK.exe
  2⤵
  PID:1152
- C:\Windows\System\vawkYfy.exe
  C:\Windows\System\vawkYfy.exe
  2⤵
  PID:8220
- C:\Windows\System\BZxsXOt.exe
  C:\Windows\System\BZxsXOt.exe
  2⤵
  PID:8240
- C:\Windows\System\MMWzRIB.exe
  C:\Windows\System\MMWzRIB.exe
  2⤵
  PID:8276
- C:\Windows\System\dlNRjSl.exe
  C:\Windows\System\dlNRjSl.exe
  2⤵
  PID:8308
- C:\Windows\System\FDsBrzG.exe
  C:\Windows\System\FDsBrzG.exe
  2⤵
  PID:8332
- C:\Windows\System\DkrgLbl.exe
  C:\Windows\System\DkrgLbl.exe
  2⤵
  PID:8376
- C:\Windows\System\hrBUMZx.exe
  C:\Windows\System\hrBUMZx.exe
  2⤵
  PID:8400
- C:\Windows\System\hCkuBzq.exe
  C:\Windows\System\hCkuBzq.exe
  2⤵
  PID:8416
- C:\Windows\System\kSLrHpb.exe
  C:\Windows\System\kSLrHpb.exe
  2⤵
  PID:8452
- C:\Windows\System\qiaPjXp.exe
  C:\Windows\System\qiaPjXp.exe
  2⤵
  PID:8484
- C:\Windows\System\acwfxTa.exe
  C:\Windows\System\acwfxTa.exe
  2⤵
  PID:8500
- C:\Windows\System\bMydbQz.exe
  C:\Windows\System\bMydbQz.exe
  2⤵
  PID:8516
- C:\Windows\System\LTXaRGF.exe
  C:\Windows\System\LTXaRGF.exe
  2⤵
  PID:8556
- C:\Windows\System\UCtzClK.exe
  C:\Windows\System\UCtzClK.exe
  2⤵
  PID:8584
- C:\Windows\System\XXTocxF.exe
  C:\Windows\System\XXTocxF.exe
  2⤵
  PID:8612
- C:\Windows\System\vTyyALO.exe
  C:\Windows\System\vTyyALO.exe
  2⤵
  PID:8652
- C:\Windows\System\aQsLAiW.exe
  C:\Windows\System\aQsLAiW.exe
  2⤵
  PID:8672
- C:\Windows\System\DULUzZJ.exe
  C:\Windows\System\DULUzZJ.exe
  2⤵
  PID:8720
- C:\Windows\System\XMaDOSD.exe
  C:\Windows\System\XMaDOSD.exe
  2⤵
  PID:8744
- C:\Windows\System\lAHjFnE.exe
  C:\Windows\System\lAHjFnE.exe
  2⤵
  PID:8776
- C:\Windows\System\XvQTibw.exe
  C:\Windows\System\XvQTibw.exe
  2⤵
  PID:8804
- C:\Windows\System\TYEStRY.exe
  C:\Windows\System\TYEStRY.exe
  2⤵
  PID:8832
- C:\Windows\System\VXiNiaz.exe
  C:\Windows\System\VXiNiaz.exe
  2⤵
  PID:8848
- C:\Windows\System\nEkIRBV.exe
  C:\Windows\System\nEkIRBV.exe
  2⤵
  PID:8888
- C:\Windows\System\LsqhYth.exe
  C:\Windows\System\LsqhYth.exe
  2⤵
  PID:8916
- C:\Windows\System\ejySPDr.exe
  C:\Windows\System\ejySPDr.exe
  2⤵
  PID:8944
- C:\Windows\System\wzsBxjP.exe
  C:\Windows\System\wzsBxjP.exe
  2⤵
  PID:8960
- C:\Windows\System\ceRETaE.exe
  C:\Windows\System\ceRETaE.exe
  2⤵
  PID:9000
- C:\Windows\System\cmEEVmA.exe
  C:\Windows\System\cmEEVmA.exe
  2⤵
  PID:9020
- C:\Windows\System\SJplmXH.exe
  C:\Windows\System\SJplmXH.exe
  2⤵
  PID:9048
- C:\Windows\System\yUYiXau.exe
  C:\Windows\System\yUYiXau.exe
  2⤵
  PID:9072
- C:\Windows\System\WMPMIjh.exe
  C:\Windows\System\WMPMIjh.exe
  2⤵
  PID:9100
- C:\Windows\System\rezJxFy.exe
  C:\Windows\System\rezJxFy.exe
  2⤵
  PID:9140
- C:\Windows\System\ShigaRg.exe
  C:\Windows\System\ShigaRg.exe
  2⤵
  PID:9168
- C:\Windows\System\mXNPDVT.exe
  C:\Windows\System\mXNPDVT.exe
  2⤵
  PID:9192
- C:\Windows\System\EVQbVjs.exe
  C:\Windows\System\EVQbVjs.exe
  2⤵
  PID:9208
- C:\Windows\System\VpQyASg.exe
  C:\Windows\System\VpQyASg.exe
  2⤵
  PID:7152
- C:\Windows\System\jzYpGms.exe
  C:\Windows\System\jzYpGms.exe
  2⤵
  PID:8228
- C:\Windows\System\ljpIrTB.exe
  C:\Windows\System\ljpIrTB.exe
  2⤵
  PID:8372
- C:\Windows\System\vIurtfe.exe
  C:\Windows\System\vIurtfe.exe
  2⤵
  PID:8388
- C:\Windows\System\dQvpeAy.exe
  C:\Windows\System\dQvpeAy.exe
  2⤵
  PID:8540
- C:\Windows\System\ZEHQPVl.exe
  C:\Windows\System\ZEHQPVl.exe
  2⤵
  PID:8536
- C:\Windows\System\QdiQGMS.exe
  C:\Windows\System\QdiQGMS.exe
  2⤵
  PID:8640
- C:\Windows\System\RcSydXt.exe
  C:\Windows\System\RcSydXt.exe
  2⤵
  PID:8700
- C:\Windows\System\sVAiNVp.exe
  C:\Windows\System\sVAiNVp.exe
  2⤵
  PID:8760
- C:\Windows\System\vFSsFbT.exe
  C:\Windows\System\vFSsFbT.exe
  2⤵
  PID:8792
- C:\Windows\System\PzGyfJc.exe
  C:\Windows\System\PzGyfJc.exe
  2⤵
  PID:8912
- C:\Windows\System\BaXYcYi.exe
  C:\Windows\System\BaXYcYi.exe
  2⤵
  PID:8980
- C:\Windows\System\WXleDOp.exe
  C:\Windows\System\WXleDOp.exe
  2⤵
  PID:9056
- C:\Windows\System\oVtiZzG.exe
  C:\Windows\System\oVtiZzG.exe
  2⤵
  PID:9116
- C:\Windows\System\uwwWhXj.exe
  C:\Windows\System\uwwWhXj.exe
  2⤵
  PID:9184
- C:\Windows\System\cUCuupE.exe
  C:\Windows\System\cUCuupE.exe
  2⤵
  PID:9188
- C:\Windows\System\rgUvpSj.exe
  C:\Windows\System\rgUvpSj.exe
  2⤵
  PID:8236
- C:\Windows\System\BjRjglt.exe
  C:\Windows\System\BjRjglt.exe
  2⤵
  PID:8432
- C:\Windows\System\dhxclJK.exe
  C:\Windows\System\dhxclJK.exe
  2⤵
  PID:8668
- C:\Windows\System\hrSrIoj.exe
  C:\Windows\System\hrSrIoj.exe
  2⤵
  PID:8772
- C:\Windows\System\lBuIGCF.exe
  C:\Windows\System\lBuIGCF.exe
  2⤵
  PID:9008
- C:\Windows\System\FwgXHnR.exe
  C:\Windows\System\FwgXHnR.exe
  2⤵
  PID:9156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3668,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8
1⤵
PID:7980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfLscRI.exe

Filesize
2.1MB

MD5
ac5a0f39b962e19847c55ff7ee449f1e

SHA1
e812334bfba5380c709cb36653d6e2cbffd1bb86

SHA256
ea17ffb11d781d9ffe8d2cf757ae872496e504c08d223e468435430c5137764e

SHA512
f3cd908be02f774ea57243d8668955ac86ea6cf5edfe9b3d0a17f7296bcbf042a3a780bf6206da272deabc2562364dc047d38c451c1593446595812daf613fa3

Download Submit
C:\Windows\System\AvKAqJz.exe

Filesize
2.1MB

MD5
2dc1c82da96ce4908761d1b2f278cdbd

SHA1
00f46ee2629cddf17b3bd3ecb66fe6e827b59429

SHA256
44b5f760b85ed8f1fee3a421968c6a346e4a097d20b4ddcd779afa6461ecee48

SHA512
aa2c156d3852c48dce7ec7cd62ccd94d2f8c34a54dee934bc3018d3bc766016573fc9fbe2ddfcc145fe668521c35530646cd256fa2b6ff190b08cc1f8a4b3ad9

Download Submit
C:\Windows\System\COlaOUo.exe

Filesize
2.1MB

MD5
0aace2ae25b21f538388cb31c14f8bd2

SHA1
636414176805e5d00d4490d437071ad78f468389

SHA256
7c0cbf8f14f1ec77f99e302b5ac22dcce68c702dd65d2bafbc54094e7eb3fdae

SHA512
2253eaec32ea740d5a3271ebdda3890bb42b2d12466f8d9b33bde4331b16c0c77e8bc403b7cf7fb1758cdf9661873a89a7ba8f2040548cb1060f4e21a31d08f5

Download Submit
C:\Windows\System\CcwMqDP.exe

Filesize
2.1MB

MD5
96e820211ef0e61cc82a56a98251a3bb

SHA1
5c9ca5c76cdd6838e2b145a2d14d023af259705b

SHA256
91f565031340fbd31f90e09b7898552c4d8ab8b0e522a2b269e9249eaa1b4599

SHA512
50d2377c9acf97d004a1176fb7dc49124b0ecdc0030f6bec34ffadd48c102004af2b8061c5d65809a66a59da07bf697f73b980fc3b1d809bfb0855ff7ccd637f

Download Submit
C:\Windows\System\DMFaMpd.exe

Filesize
2.1MB

MD5
bedb8c9cbd787f1af7e2e162005af008

SHA1
4d535ceda041a8e593865430d8b2018f10b34370

SHA256
5be1a333bef5a7f6c740965a73d5e47ad06c0474a34ace38bc398d8c98eff239

SHA512
8cd55399ec6546f9d48190929cfba770fc7f921247c2da15a61005a37f07e3c57bed13c2fa8d5384fb4596ad4efe948be98a49658c2fca1c1ab875a09a552d7f

Download Submit
C:\Windows\System\EtGArvJ.exe

Filesize
2.1MB

MD5
f783867c9ed18f4cbb2a22e314142e5e

SHA1
f216ebdd70836146813d3da67b6826004da9a592

SHA256
e970268c27294b86d1b87727f6c3290d2c90032cfa13ec3618e288c4476ee36e

SHA512
a71304590ff6f58a6c66ece1183c2556d107e8a860fa5ae0d3c122d896454033d2ca3845bd576c7ec80578314e4ea4ad513686c363ceacc274a02d5a660a45ad

Download Submit
C:\Windows\System\IFfilLZ.exe

Filesize
2.1MB

MD5
698a1236b09cfb55af9d4a65ff65aa98

SHA1
d9f87353b56a4cf41eb8b7e8abcf1d1f53b5788d

SHA256
9d357e4d12f34d662c98f235507c7b11147c5293aa63eae7f66f07171779acf6

SHA512
1345e58c57cadffbda475775e91c29bfd911368bdd358e7b81f8983d6b9af0ee3af7e06e5963ccd80a5f3a544c4bac6ef3a1a7240a22c4fec9ee0151b9fb750b

Download Submit
C:\Windows\System\NQOhbiR.exe

Filesize
2.1MB

MD5
d1ce3851778f6570b7217e7716853ba2

SHA1
c6c6eb676f8aede0b03182d9b2a9ef86f31c29c5

SHA256
979a789ca8a8f57d11fabc82a17c6afae6ad37a4bfcd411eec55a7ddf8e66dee

SHA512
d7e0ac3b061a1d91e2576ff8c8fdca9c56b1486f5182ad3d8cf1c3f5e5dbeb1e503727bcf596bd746c2dea955248ebb44fb4193dd1d73351c44a6b3cc1eb0c82

Download Submit
C:\Windows\System\QxLxWrk.exe

Filesize
2.1MB

MD5
1328b8a8426d02c11495c12a335dda28

SHA1
4b62248c3397481bbdde7a0aef106583262be675

SHA256
f35beab7a695888bd1868040634c457b8208c71dc8e00bf2accf6be434e5888a

SHA512
729dc1498f6b547915de1573a90695e294377f659d164c02bf6a3861b64dec8324fbafc1ca58b79d7a64691fdbd64f24c26285e35d06ddc6634e201cee155517

Download Submit
C:\Windows\System\RtqOlXh.exe

Filesize
2.1MB

MD5
cde42d23a9a4416168d1e49f12fe4a00

SHA1
b4639513a93669a76986fa419c3bbf5412956396

SHA256
1dcd7706f6d202931b46c7e44d2861a649e3a47abc6a55cce6b3fb452af5d7bf

SHA512
7ab1e260b2016aad1e6c1d99cb9bff927df4767b697b23eb357f431690b6fd55f96b6aa005214eb335ae95818e10c5680247c1e5ee6d2ded456dd3f9ef6ea178

Download Submit
C:\Windows\System\SBXQXjl.exe

Filesize
2.1MB

MD5
6cb20b45cbbb20989e199335bc6897e3

SHA1
8ef10616fffb5c610efad597ad10add33f7f807e

SHA256
2e75a8988f46addef3e58515ceb033864aed54ae66740418abd2ecf065254425

SHA512
1571c501afd486d0894fa24b9d00a3752afc6abb8117e93363a3dcf3507cb7a84c9d09fdd38093ef50683e8697fba6879814015f0306941ddd4b2514a401cde0

Download Submit
C:\Windows\System\VefeBNr.exe

Filesize
2.1MB

MD5
9a2b2521b76f97b21b957a45acf40d21

SHA1
b2aa69a6ecfe97b6836d3f7c280abe588659464f

SHA256
066ed233149c23f5b0418cb18a58257e12d291d3c65da60530a5edac24858df9

SHA512
3f5fb8451366557f9b48d0391e50cc42cb473efa7f81a7c05ed0007544a93ead0b746585c4bf6f3413a946268501c9dff64c168fb8ebb86e7c0ec6fe765a85bb

Download Submit
C:\Windows\System\XXLSWGv.exe

Filesize
2.1MB

MD5
ab134ef33338b2d48ba40a9da05cfb9c

SHA1
13b882469a68ca1aacce29428443aebc02f9efbe

SHA256
da72dbd06c9b93dee32bb4376b48bad1821f371d6459bf8cc443882bbd7c2e58

SHA512
0d3853a1504403ec739670fc10103cd53eb8ff1b5fe3faefb3d32aeacc6ce76bd21895ade225f38d2ae96d7f6bfad03a8dfb8f79156861474c6c5eaa4c49d322

Download Submit
C:\Windows\System\YCgnoXv.exe

Filesize
2.1MB

MD5
4de72a0ec6f704c6e197146446cf09a7

SHA1
a29f4f601e12c8bdda9f6a16dca0f0b478441165

SHA256
0f5f9f5535783b3eac94fec16a4f7c4e49faf744504f93c2f2b564135b5fe218

SHA512
b9b58ca01df0b1f39b5fbcac8f741624a6d6051d6bab596c39a403841a81e4e39da84f978fee9cb640c457b75e196ebe4bd429c8cf368bb85658358476be58aa

Download Submit
C:\Windows\System\ZDdbZNF.exe

Filesize
2.1MB

MD5
8e30042b2754939bee6aeb570839e11c

SHA1
859084a41daec18b7aa08cd76ba95bdc530be3c0

SHA256
925ff782225807ac9db613a7a475a92b39af5e7f4f2ce4a732f240702e2b3ced

SHA512
0bf114a0dd82daaf716a84b50385c5abd76a29a925ac6d2756460626b4c4e7896184accbd58f30045c7059f3c340bf428afc1ed801c6c0b1ab24f4f751b316d3

Download Submit
C:\Windows\System\acvUtSH.exe

Filesize
2.1MB

MD5
82acfeaebc06d1f3aa98d826c5816065

SHA1
a9a46015bdf4f7572c37e66bf8c57ad4920a3691

SHA256
7de0fa623478ab2d37985fa5d90685db65caa1d6ef4b0ba99ecede429f662c81

SHA512
bfa6e70de9cd526cba4fd2297ca9cc8192c6ef0ee88d031010fcbb858a30ce375170c3021ed03aef8f882d0ea6ba930941730ed86be0ecb976265f80e0cb2a63

Download Submit
C:\Windows\System\bDAtzcy.exe

Filesize
2.1MB

MD5
33c564acd1dd39d8fdfffdba6b9a6ecc

SHA1
09bece997cb99654dfe4ccfc22ff783950d6bdaf

SHA256
38e64326abefa0e63ca3fed154247dd5cfa4e528b44b097ddbf2a23a913bb61d

SHA512
d478cfae2f0f544402279a91b1ee6f5660094a737c8ea16337eb8dcef9902d06c177d42a1e9ab1497291b3fa745d56f9d7b52fc0d678befc6c42d97fc46a6995

Download Submit
C:\Windows\System\brCUAFe.exe

Filesize
2.1MB

MD5
cd8e95aea51dd5d70d7a3a52be76421f

SHA1
c28e196b7514e876336fd45c10f57c4b2dc249fd

SHA256
ca44c1624c3089082fab0eb2652406bbf58e4d49272d82abdfa314aec90fd257

SHA512
7bf8fbd46e67252ead7df1b47718c9ced3c762593b1047b970e4724267e282524149edc1b9cf7142e80d6cf8fcdc740de8f9b60015ea89cef2e65c8a11e4a1e7

Download Submit
C:\Windows\System\cURcCQQ.exe

Filesize
2.1MB

MD5
59e56ba741212e85a3f0241fb71d0a30

SHA1
8378f54dfa573b79a7b7ed2d576f737835dd2605

SHA256
03712f9a8586f8e215105446388b73cbfc85f3918c87c4c2564ea58d48456eb3

SHA512
04a7ab60568f4046981c0ef953cb0209ba55dcddb9db46d709c9411db111910c06fb0a2083efb18e9f20fb460e5df2ab8e3fedc8c751d9a09779ed5eee840fde

Download Submit
C:\Windows\System\ePBBDOg.exe

Filesize
2.1MB

MD5
b717967375ca85b32965808f3cbe2fe7

SHA1
214dd87563fc4b5745b9c9428f680b1305f614b5

SHA256
987e1138cb6202a726f43d96dff0127b7e4f2d7d1ad5bf916a60fbea8af035bf

SHA512
e4ced9eaf5e15e8e597b7c299987680cde5cb2b7d717caf7b0f4db154a103517422a8432eabbf0672e05e19565e1a3db6e75d4428d7f71deeac3e7be38611a28

Download Submit
C:\Windows\System\fNrGbJJ.exe

Filesize
2.1MB

MD5
3851b2ceb141c9dad11378d16b1a1510

SHA1
4d018a371e656ebd7259b7d1dcf679309516939e

SHA256
60e9044fb26a0fd487ae9f90a558ab73e045c0e1f097cc4a36c0927dec0c10a8

SHA512
d7fbbdce8b9c57ecb20676bd11bc5dc82b9059b0305d4d8ca482bbe64fc86c42b10926e734cee0a6344e29ab5c8b2ef646b4eab44dd5410d57aa1b41563742c0

Download Submit
C:\Windows\System\ijLLtsR.exe

Filesize
2.1MB

MD5
a2e51c81869abe7b8c252f4998298854

SHA1
f61dbbb8cc85b26afc2ed74e5befbab486d3cf27

SHA256
b4206fd562a7ed22e2b57d60348c7982a9e6cceb77b19868a47cc65b216a9270

SHA512
8735afb794bad1b4ba4a03901a9abaa6f7f0b5dfcc9f316fed78c3c7d01a6888ce07f49f78fbdbb1ad88f555afc5948f5f1d2d2649c75e792ef658b8ee75035b

Download Submit
C:\Windows\System\lDYXXbJ.exe

Filesize
2.1MB

MD5
393bed97ea80cd5e58190175703c1c7e

SHA1
ca131d46de832935388a047a33d2882ac31cac37

SHA256
cb9339caf4a94767c5e2ed213d4b843de3eae5eb7ff913499efd25e467161a11

SHA512
1ad81851c3d85421a3a97038163805b7698e50bcb72b1fe73283408b356136a506ec3fa25919f50258fc5252c3eb2e94b981e9d41f3bf4ad4efbfd1be95986ed

Download Submit
C:\Windows\System\mYAtKBd.exe

Filesize
2.1MB

MD5
79de23f0555bd0932f4ba78495e34399

SHA1
2668c993bef1ba7ff128e5371fc70edceb0b2260

SHA256
43fc424513eac4764e5d05a0de308ebad550becb5e0498eb3825824efa4b61e9

SHA512
0d0f13e30c204c062d6b723e2c4301f9b7ff6e67d38798c8df97cb25c65749b75be41e14bc0e5797cf50814528dca37137baf4c8b2fcb98b651dd3b622c0951e

Download Submit
C:\Windows\System\oirFTVP.exe

Filesize
2.1MB

MD5
5434ef9b5d8d42714f9f0c2734db1e15

SHA1
d5435c200c6b79aba91596ee32b4f94ec41cf244

SHA256
d8bada16facfbcda594f6009b71e99017ac72994f86ef080f3881a9cf13074e8

SHA512
088bf37a6041b1fa27cf6d2944f8ffbbc33e864fc38b1754a9bb0b63b43b6d35151210a0b955880b0ac9d750e580a2a4525ba03f41c639a9e9562a810aa359dd

Download Submit
C:\Windows\System\pEDHprL.exe

Filesize
2.1MB

MD5
d46503e58846920d7db2ffd4c5925512

SHA1
9e29c8573ed4269ceaa7a3a57aa87f9dd2c5779a

SHA256
fe8f8b29225c5d220d5e716f948d7334d4d0b60cc4b5d22b817cca818fb8fc5c

SHA512
aa1bf55f3961c7909f46adb580b2a4f4dc6c4bb2a16a72c554491fedebab875592270436698eb6bd1cb1bf6ef4cf432c315245b3a34f3fd398ef051bcadc4316

Download Submit
C:\Windows\System\pyBmtDT.exe

Filesize
2.1MB

MD5
137910ee4a0af46782bb1ec0db322365

SHA1
5f42e0a0384b45370d1269ace958894abbdefa2b

SHA256
e10b1d165750dfc8b94b67df743ef46b21671b0af8a11d40f136232c4606f071

SHA512
3640ea6e78dd168066080147515187d4c10116d782c4f7705e2ef8a095bb3b74e3f451b96782f99d28613b8158462d9778954e873cd8403dda03a1c712ec7705

Download Submit
C:\Windows\System\uTuHEyO.exe

Filesize
2.1MB

MD5
2dde4fd976dfd34e2cf7ffd0542b4445

SHA1
9fd65e3ba1c7e6385b6e9871e4e82437342e19ef

SHA256
8676aec61683e37c4f44c12ae203db4b87fffd4a191925950b96c15ecd65ed23

SHA512
64b9bc8827224711900f358838334a9b42ed4a2e9622c1414a562202388e677cc1401188ae150538562d79c07ea12d0fedfcdcba8f3f2359cdf4bf52026ce1cd

Download Submit
C:\Windows\System\wNqBmnR.exe

Filesize
2.1MB

MD5
1b327bd538c8afee730e4f95ae9dd405

SHA1
0ba7ae5034a6f759572508218148d40fef07a26b

SHA256
cb2e736d00944aaf8b9919210cb00fccd045f26558c8f0db7dfde726907dd3bd

SHA512
eecb3a98ecfd63883e1eeb2a34c5230bc7db01a033aef42bbb409cfadba052a37c3187eea822cfe2a7659ddc471c38532025b1dcc1c32a8dbe1d85d6f241b5ab

Download Submit
C:\Windows\System\wXkocje.exe

Filesize
2.1MB

MD5
2d7841169486e3b778da03e2f5f99778

SHA1
8a0cf663c6f43089ba8348971870ca7a1131e57b

SHA256
cb289032ffe100a0672878ac3115327d56943e725c1b21e8b3e3758836af0fea

SHA512
3b85293305815874dd2e965a1844f0bdb4e271779c8628ff26671ecb8342a5e3f6a7e205bf87f4f92b0fbd05ba049e36f60d33edc3462b00698a9ec91dd1cc93

Download Submit
C:\Windows\System\xfDIWGB.exe

Filesize
2.1MB

MD5
b94b64531a08ed2789f790502b7d3e61

SHA1
5f3549847a2b6ad390d4a6f49386e13bd05115fb

SHA256
5b8ab6bc3e6ab3bb36b9c42f0668d564417f10a72a4b22b20b38d480d99ec5e3

SHA512
6428c2788a424a09d9bed2a4ca7e4d1d49f24e13e052c0b4e3d49b21a6f3fc368dc577e4df3344e0bf2edf9406a60d18859310136b6a19d5ef0bbd364d5d5530

Download Submit
C:\Windows\System\yCOsxGq.exe

Filesize
2.1MB

MD5
f68d93be891b04586d1caa71add63f22

SHA1
c2eb3a4ac4337056a10dfc4566c03f3b035c811b

SHA256
63512a39f114d33e47b41bdff5e5a57ba66e2e23d0865582c4c01270ab6d4e10

SHA512
fed995a5f1f854f2f6aca7bf9e3cbb62a752ba941f1cf8ba1491bc274625228dbaffb83d06f1e7a45fb2364d3d5563a80ffe30c45a6616720b821e1c8ebaf437

Download Submit
C:\Windows\System\zuIaYjJ.exe

Filesize
2.1MB

MD5
296964cca5b4c1a2abd8a91b86cad03e

SHA1
1e5b8eba32bac320454eb2e8b1b3b9d3f6804bb9

SHA256
fcbb3df25e9d6a8792953f166ba777fcdb1a8037fdac67923945bf8e693d0619

SHA512
ab382df0a3fa33a06fe6405b1938c119e9900ced4758da94926770c1d0332a7315d4054758c9ef1714a6bf4166a75acde4f22e17f5fc0de092a688cc39f7e614

Download Submit
memory/4424-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download