kpot | c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
Size

1.8MB
MD5

4065e6f7f996accac763ce701c73472c
SHA1

4d4b2fa9d42fa90c32d27fb82fb217faf9454bac
SHA256

c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9
SHA512

b510c6566159c3097684abd84439652e57b09ea3e12537150446fa0306de0821e472089e87931cb538a75c39778cb635d3e78ff4e55d6ae5b769487ad39d0b3a
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYxnX:GemTLkNdfE0pZaQl

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 35 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023469-4.dat	family_kpot
behavioral2/files/0x00080000000234ca-9.dat	family_kpot
behavioral2/files/0x00070000000234ce-17.dat	family_kpot
behavioral2/files/0x00070000000234cf-19.dat	family_kpot
behavioral2/files/0x00070000000234d0-23.dat	family_kpot
behavioral2/files/0x00070000000234d2-33.dat	family_kpot
behavioral2/files/0x00070000000234d4-37.dat	family_kpot
behavioral2/files/0x00070000000234d5-42.dat	family_kpot
behavioral2/files/0x00070000000234df-117.dat	family_kpot
behavioral2/files/0x00070000000234e9-142.dat	family_kpot
behavioral2/files/0x00070000000234e8-161.dat	family_kpot
behavioral2/files/0x00070000000234e7-159.dat	family_kpot
behavioral2/files/0x00070000000234e6-157.dat	family_kpot
behavioral2/files/0x00070000000234ef-156.dat	family_kpot
behavioral2/files/0x00070000000234ee-155.dat	family_kpot
behavioral2/files/0x00070000000234ed-154.dat	family_kpot
behavioral2/files/0x00070000000234e5-152.dat	family_kpot
behavioral2/files/0x00070000000234ec-151.dat	family_kpot
behavioral2/files/0x00070000000234e4-149.dat	family_kpot
behavioral2/files/0x00070000000234eb-148.dat	family_kpot
behavioral2/files/0x00070000000234e3-146.dat	family_kpot
behavioral2/files/0x00070000000234ea-145.dat	family_kpot
behavioral2/files/0x00070000000234e2-143.dat	family_kpot
behavioral2/files/0x00070000000234e1-130.dat	family_kpot
behavioral2/files/0x00070000000234e0-129.dat	family_kpot
behavioral2/files/0x00070000000234de-104.dat	family_kpot
behavioral2/files/0x00070000000234da-101.dat	family_kpot
behavioral2/files/0x00070000000234dd-95.dat	family_kpot
behavioral2/files/0x00070000000234db-85.dat	family_kpot
behavioral2/files/0x00070000000234dc-82.dat	family_kpot
behavioral2/files/0x00070000000234d9-80.dat	family_kpot
behavioral2/files/0x00070000000234d8-78.dat	family_kpot
behavioral2/files/0x00070000000234d7-69.dat	family_kpot
behavioral2/files/0x00070000000234d6-57.dat	family_kpot
behavioral2/files/0x00070000000234d3-45.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 35 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023469-4.dat	xmrig
behavioral2/files/0x00080000000234ca-9.dat	xmrig
behavioral2/files/0x00070000000234ce-17.dat	xmrig
behavioral2/files/0x00070000000234cf-19.dat	xmrig
behavioral2/files/0x00070000000234d0-23.dat	xmrig
behavioral2/files/0x00070000000234d2-33.dat	xmrig
behavioral2/files/0x00070000000234d4-37.dat	xmrig
behavioral2/files/0x00070000000234d5-42.dat	xmrig
behavioral2/files/0x00070000000234df-117.dat	xmrig
behavioral2/files/0x00070000000234e9-142.dat	xmrig
behavioral2/files/0x00070000000234e8-161.dat	xmrig
behavioral2/files/0x00070000000234e7-159.dat	xmrig
behavioral2/files/0x00070000000234e6-157.dat	xmrig
behavioral2/files/0x00070000000234ef-156.dat	xmrig
behavioral2/files/0x00070000000234ee-155.dat	xmrig
behavioral2/files/0x00070000000234ed-154.dat	xmrig
behavioral2/files/0x00070000000234e5-152.dat	xmrig
behavioral2/files/0x00070000000234ec-151.dat	xmrig
behavioral2/files/0x00070000000234e4-149.dat	xmrig
behavioral2/files/0x00070000000234eb-148.dat	xmrig
behavioral2/files/0x00070000000234e3-146.dat	xmrig
behavioral2/files/0x00070000000234ea-145.dat	xmrig
behavioral2/files/0x00070000000234e2-143.dat	xmrig
behavioral2/files/0x00070000000234e1-130.dat	xmrig
behavioral2/files/0x00070000000234e0-129.dat	xmrig
behavioral2/files/0x00070000000234de-104.dat	xmrig
behavioral2/files/0x00070000000234da-101.dat	xmrig
behavioral2/files/0x00070000000234dd-95.dat	xmrig
behavioral2/files/0x00070000000234db-85.dat	xmrig
behavioral2/files/0x00070000000234dc-82.dat	xmrig
behavioral2/files/0x00070000000234d9-80.dat	xmrig
behavioral2/files/0x00070000000234d8-78.dat	xmrig
behavioral2/files/0x00070000000234d7-69.dat	xmrig
behavioral2/files/0x00070000000234d6-57.dat	xmrig
behavioral2/files/0x00070000000234d3-45.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4140	BMivYmC.exe
3672	ZiksclB.exe
372	BmcivGN.exe
5104	oLWvUpe.exe
1736	VXvcAsK.exe
1120	kzSpRvW.exe
3392	fHSuDaK.exe
2920	CchqSeD.exe
4976	FWBEuRU.exe
1748	Ctzgfrt.exe
3332	vjbsyKG.exe
2688	RnSwRDq.exe
4312	BCIbpoP.exe
1900	RClDpbk.exe
4084	bNoplik.exe
1148	PbILbWB.exe
2936	MHlDqbm.exe
5008	pwzdSIX.exe
2356	gJNhuXu.exe
3532	CcsBkyP.exe
3348	etFnjne.exe
1232	LbBwWaa.exe
2208	jmbZLfx.exe
4224	gOdrqQD.exe
836	ocUCHyn.exe
396	hwaxROL.exe
3524	vzsEGFx.exe
3960	ZeHrWee.exe
4792	AzxOGLV.exe
1896	lbMLOgh.exe
2480	LvujEfe.exe
4464	tkDERGG.exe
3728	ajnaECK.exe
2844	DpssraB.exe
2932	sufMAGj.exe
732	GviplGB.exe
4992	OwPcWqi.exe
2288	PckWkAO.exe
2880	EhISQYI.exe
3644	lSYiGcK.exe
2520	kjVHOdC.exe
4324	QxxwOWj.exe
4532	fGuSzdF.exe
4804	dHkKKHx.exe
2736	NCtbKSJ.exe
3276	cgSqYKj.exe
784	ODQhIsG.exe
4360	XDYuapA.exe
1988	URAveXC.exe
4660	XRwjopB.exe
548	svFFDzX.exe
4728	txdpmdk.exe
2692	OdwGrqc.exe
3352	iHXrtcC.exe
1112	ZyWJstJ.exe
1008	CRddwmw.exe
1396	eRhvFQw.exe
5080	xHvjJGS.exe
4148	VQiMUAh.exe
3552	QOubaHV.exe
320	XpAQpZe.exe
1980	XKtNZzH.exe
4624	AblLyxU.exe
2996	AUwgAKw.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XOjoGyQ.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\yUgBXuw.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\gtRJocS.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\wqzLVqt.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\dZCslme.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\MQDIQJa.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\XzMTdVd.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\hwaxROL.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\NCtbKSJ.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\xmugcLt.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\UKnpNgV.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\bqtnJPL.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\AblLyxU.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\QPnQqTF.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\etFnjne.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\tkDERGG.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\QOubaHV.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\kNnrvMt.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\FZugFQh.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\VSOZaav.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\RXmPUod.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\jcyIqbp.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\UGSlxUP.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\ORhnYvp.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\HkGoZLI.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\aVBqhZf.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\PNWJnCI.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\jsvmbcD.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\ntFvytx.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\TWpjVlU.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\sWwdVjO.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\jaxzeiL.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\dccPrqG.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\jmbZLfx.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\DpssraB.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\fGuSzdF.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\xtCpLHJ.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\GgZKOHD.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\IKZlxlp.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\mEKkswf.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\VmhHDYv.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\gSQJtKj.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\tgpUHnk.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\BMivYmC.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\gOdrqQD.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\CRddwmw.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\PeRrSCb.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\fgkdKTP.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\FdNfwFy.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\wrzTcXJ.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\fHSuDaK.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\bNoplik.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\aqXYHGZ.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\nMUUUUt.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\wnXmIyC.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\EYrmOta.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\vglNYnE.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\BuDArkn.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\KsQDLdr.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\QPvPqNF.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\yWnZznY.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\ueMntwV.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\MKOXRUb.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
File created	C:\Windows\System\svFFDzX.exe	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
Token: SeLockMemoryPrivilege	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4140	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	85
PID 2416 wrote to memory of 4140	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	85
PID 2416 wrote to memory of 3672	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	86
PID 2416 wrote to memory of 3672	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	86
PID 2416 wrote to memory of 372	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	87
PID 2416 wrote to memory of 372	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	87
PID 2416 wrote to memory of 5104	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	88
PID 2416 wrote to memory of 5104	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	88
PID 2416 wrote to memory of 1736	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	91
PID 2416 wrote to memory of 1736	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	91
PID 2416 wrote to memory of 1120	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	92
PID 2416 wrote to memory of 1120	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	92
PID 2416 wrote to memory of 3392	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	93
PID 2416 wrote to memory of 3392	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	93
PID 2416 wrote to memory of 2920	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	94
PID 2416 wrote to memory of 2920	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	94
PID 2416 wrote to memory of 4976	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	95
PID 2416 wrote to memory of 4976	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	95
PID 2416 wrote to memory of 1748	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	96
PID 2416 wrote to memory of 1748	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	96
PID 2416 wrote to memory of 3332	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	97
PID 2416 wrote to memory of 3332	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	97
PID 2416 wrote to memory of 2688	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	98
PID 2416 wrote to memory of 2688	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	98
PID 2416 wrote to memory of 4312	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	99
PID 2416 wrote to memory of 4312	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	99
PID 2416 wrote to memory of 2936	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	100
PID 2416 wrote to memory of 2936	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	100
PID 2416 wrote to memory of 1900	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	101
PID 2416 wrote to memory of 1900	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	101
PID 2416 wrote to memory of 4084	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	102
PID 2416 wrote to memory of 4084	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	102
PID 2416 wrote to memory of 1148	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	103
PID 2416 wrote to memory of 1148	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	103
PID 2416 wrote to memory of 5008	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	104
PID 2416 wrote to memory of 5008	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	104
PID 2416 wrote to memory of 2356	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	105
PID 2416 wrote to memory of 2356	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	105
PID 2416 wrote to memory of 3532	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	106
PID 2416 wrote to memory of 3532	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	106
PID 2416 wrote to memory of 3348	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	107
PID 2416 wrote to memory of 3348	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	107
PID 2416 wrote to memory of 1232	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	108
PID 2416 wrote to memory of 1232	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	108
PID 2416 wrote to memory of 2208	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	109
PID 2416 wrote to memory of 2208	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	109
PID 2416 wrote to memory of 4224	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	110
PID 2416 wrote to memory of 4224	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	110
PID 2416 wrote to memory of 836	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	111
PID 2416 wrote to memory of 836	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	111
PID 2416 wrote to memory of 396	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	112
PID 2416 wrote to memory of 396	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	112
PID 2416 wrote to memory of 3524	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	113
PID 2416 wrote to memory of 3524	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	113
PID 2416 wrote to memory of 3960	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	114
PID 2416 wrote to memory of 3960	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	114
PID 2416 wrote to memory of 4792	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	115
PID 2416 wrote to memory of 4792	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	115
PID 2416 wrote to memory of 1896	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	116
PID 2416 wrote to memory of 1896	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	116
PID 2416 wrote to memory of 2480	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	117
PID 2416 wrote to memory of 2480	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	117
PID 2416 wrote to memory of 4464	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	118
PID 2416 wrote to memory of 4464	2416	c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe	118

C:\Users\Admin\AppData\Local\Temp\c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe
"C:\Users\Admin\AppData\Local\Temp\c84a06e755221e07d2c3944f219bddbee8e9c82bc25a351351e181cf2bc413d9.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\System\BMivYmC.exe
  C:\Windows\System\BMivYmC.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\ZiksclB.exe
  C:\Windows\System\ZiksclB.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\BmcivGN.exe
  C:\Windows\System\BmcivGN.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\oLWvUpe.exe
  C:\Windows\System\oLWvUpe.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\VXvcAsK.exe
  C:\Windows\System\VXvcAsK.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\kzSpRvW.exe
  C:\Windows\System\kzSpRvW.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\fHSuDaK.exe
  C:\Windows\System\fHSuDaK.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\CchqSeD.exe
  C:\Windows\System\CchqSeD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\FWBEuRU.exe
  C:\Windows\System\FWBEuRU.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\Ctzgfrt.exe
  C:\Windows\System\Ctzgfrt.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\vjbsyKG.exe
  C:\Windows\System\vjbsyKG.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\RnSwRDq.exe
  C:\Windows\System\RnSwRDq.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\BCIbpoP.exe
  C:\Windows\System\BCIbpoP.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\MHlDqbm.exe
  C:\Windows\System\MHlDqbm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RClDpbk.exe
  C:\Windows\System\RClDpbk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\bNoplik.exe
  C:\Windows\System\bNoplik.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\PbILbWB.exe
  C:\Windows\System\PbILbWB.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\pwzdSIX.exe
  C:\Windows\System\pwzdSIX.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\gJNhuXu.exe
  C:\Windows\System\gJNhuXu.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\CcsBkyP.exe
  C:\Windows\System\CcsBkyP.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\etFnjne.exe
  C:\Windows\System\etFnjne.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\LbBwWaa.exe
  C:\Windows\System\LbBwWaa.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\jmbZLfx.exe
  C:\Windows\System\jmbZLfx.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\gOdrqQD.exe
  C:\Windows\System\gOdrqQD.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\ocUCHyn.exe
  C:\Windows\System\ocUCHyn.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\hwaxROL.exe
  C:\Windows\System\hwaxROL.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\vzsEGFx.exe
  C:\Windows\System\vzsEGFx.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\ZeHrWee.exe
  C:\Windows\System\ZeHrWee.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\AzxOGLV.exe
  C:\Windows\System\AzxOGLV.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\lbMLOgh.exe
  C:\Windows\System\lbMLOgh.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\LvujEfe.exe
  C:\Windows\System\LvujEfe.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\tkDERGG.exe
  C:\Windows\System\tkDERGG.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\ajnaECK.exe
  C:\Windows\System\ajnaECK.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\DpssraB.exe
  C:\Windows\System\DpssraB.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\sufMAGj.exe
  C:\Windows\System\sufMAGj.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\GviplGB.exe
  C:\Windows\System\GviplGB.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\OwPcWqi.exe
  C:\Windows\System\OwPcWqi.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\PckWkAO.exe
  C:\Windows\System\PckWkAO.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\EhISQYI.exe
  C:\Windows\System\EhISQYI.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\lSYiGcK.exe
  C:\Windows\System\lSYiGcK.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\kjVHOdC.exe
  C:\Windows\System\kjVHOdC.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\QxxwOWj.exe
  C:\Windows\System\QxxwOWj.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\fGuSzdF.exe
  C:\Windows\System\fGuSzdF.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\dHkKKHx.exe
  C:\Windows\System\dHkKKHx.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\NCtbKSJ.exe
  C:\Windows\System\NCtbKSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\cgSqYKj.exe
  C:\Windows\System\cgSqYKj.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\ODQhIsG.exe
  C:\Windows\System\ODQhIsG.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\XDYuapA.exe
  C:\Windows\System\XDYuapA.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\URAveXC.exe
  C:\Windows\System\URAveXC.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XRwjopB.exe
  C:\Windows\System\XRwjopB.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\svFFDzX.exe
  C:\Windows\System\svFFDzX.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\txdpmdk.exe
  C:\Windows\System\txdpmdk.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\OdwGrqc.exe
  C:\Windows\System\OdwGrqc.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iHXrtcC.exe
  C:\Windows\System\iHXrtcC.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\ZyWJstJ.exe
  C:\Windows\System\ZyWJstJ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\CRddwmw.exe
  C:\Windows\System\CRddwmw.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\eRhvFQw.exe
  C:\Windows\System\eRhvFQw.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\xHvjJGS.exe
  C:\Windows\System\xHvjJGS.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\VQiMUAh.exe
  C:\Windows\System\VQiMUAh.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\QOubaHV.exe
  C:\Windows\System\QOubaHV.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\XpAQpZe.exe
  C:\Windows\System\XpAQpZe.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\XKtNZzH.exe
  C:\Windows\System\XKtNZzH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\AblLyxU.exe
  C:\Windows\System\AblLyxU.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\AUwgAKw.exe
  C:\Windows\System\AUwgAKw.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\KVwJgMx.exe
  C:\Windows\System\KVwJgMx.exe
  2⤵
  PID:2504
- C:\Windows\System\ygnoFju.exe
  C:\Windows\System\ygnoFju.exe
  2⤵
  PID:3512
- C:\Windows\System\TmAKfNW.exe
  C:\Windows\System\TmAKfNW.exe
  2⤵
  PID:60
- C:\Windows\System\FWqrvWn.exe
  C:\Windows\System\FWqrvWn.exe
  2⤵
  PID:4040
- C:\Windows\System\aQnSqrq.exe
  C:\Windows\System\aQnSqrq.exe
  2⤵
  PID:4044
- C:\Windows\System\kNnrvMt.exe
  C:\Windows\System\kNnrvMt.exe
  2⤵
  PID:740
- C:\Windows\System\SZFuxUM.exe
  C:\Windows\System\SZFuxUM.exe
  2⤵
  PID:4172
- C:\Windows\System\dpsAehT.exe
  C:\Windows\System\dpsAehT.exe
  2⤵
  PID:3708
- C:\Windows\System\SYVXvRf.exe
  C:\Windows\System\SYVXvRf.exe
  2⤵
  PID:3220
- C:\Windows\System\kSStYqL.exe
  C:\Windows\System\kSStYqL.exe
  2⤵
  PID:116
- C:\Windows\System\lzLohjg.exe
  C:\Windows\System\lzLohjg.exe
  2⤵
  PID:3600
- C:\Windows\System\GUlrPtR.exe
  C:\Windows\System\GUlrPtR.exe
  2⤵
  PID:1260
- C:\Windows\System\FZugFQh.exe
  C:\Windows\System\FZugFQh.exe
  2⤵
  PID:1372
- C:\Windows\System\ThkRkir.exe
  C:\Windows\System\ThkRkir.exe
  2⤵
  PID:512
- C:\Windows\System\jaNKFyD.exe
  C:\Windows\System\jaNKFyD.exe
  2⤵
  PID:4092
- C:\Windows\System\HtsVqhW.exe
  C:\Windows\System\HtsVqhW.exe
  2⤵
  PID:208
- C:\Windows\System\CnudcMc.exe
  C:\Windows\System\CnudcMc.exe
  2⤵
  PID:4072
- C:\Windows\System\wHGqvnC.exe
  C:\Windows\System\wHGqvnC.exe
  2⤵
  PID:2064
- C:\Windows\System\uvjcMQk.exe
  C:\Windows\System\uvjcMQk.exe
  2⤵
  PID:628
- C:\Windows\System\smfAylZ.exe
  C:\Windows\System\smfAylZ.exe
  2⤵
  PID:3280
- C:\Windows\System\QlLenKD.exe
  C:\Windows\System\QlLenKD.exe
  2⤵
  PID:2372
- C:\Windows\System\ZtPHSos.exe
  C:\Windows\System\ZtPHSos.exe
  2⤵
  PID:4864
- C:\Windows\System\WdFvnCX.exe
  C:\Windows\System\WdFvnCX.exe
  2⤵
  PID:64
- C:\Windows\System\ojInFAJ.exe
  C:\Windows\System\ojInFAJ.exe
  2⤵
  PID:1920
- C:\Windows\System\JDeOuYj.exe
  C:\Windows\System\JDeOuYj.exe
  2⤵
  PID:3632
- C:\Windows\System\ovNxjXM.exe
  C:\Windows\System\ovNxjXM.exe
  2⤵
  PID:1040
- C:\Windows\System\UQkGWji.exe
  C:\Windows\System\UQkGWji.exe
  2⤵
  PID:3840
- C:\Windows\System\OlvQXNm.exe
  C:\Windows\System\OlvQXNm.exe
  2⤵
  PID:5124
- C:\Windows\System\lDrwtpm.exe
  C:\Windows\System\lDrwtpm.exe
  2⤵
  PID:5140
- C:\Windows\System\VmhHDYv.exe
  C:\Windows\System\VmhHDYv.exe
  2⤵
  PID:5172
- C:\Windows\System\wqzLVqt.exe
  C:\Windows\System\wqzLVqt.exe
  2⤵
  PID:5192
- C:\Windows\System\iXKsFBR.exe
  C:\Windows\System\iXKsFBR.exe
  2⤵
  PID:5232
- C:\Windows\System\GJJHUOT.exe
  C:\Windows\System\GJJHUOT.exe
  2⤵
  PID:5252
- C:\Windows\System\xqxoZYo.exe
  C:\Windows\System\xqxoZYo.exe
  2⤵
  PID:5292
- C:\Windows\System\vUxxlrO.exe
  C:\Windows\System\vUxxlrO.exe
  2⤵
  PID:5316
- C:\Windows\System\OMHlxNj.exe
  C:\Windows\System\OMHlxNj.exe
  2⤵
  PID:5348
- C:\Windows\System\xtCpLHJ.exe
  C:\Windows\System\xtCpLHJ.exe
  2⤵
  PID:5364
- C:\Windows\System\WUCPbAa.exe
  C:\Windows\System\WUCPbAa.exe
  2⤵
  PID:5388
- C:\Windows\System\xmugcLt.exe
  C:\Windows\System\xmugcLt.exe
  2⤵
  PID:5416
- C:\Windows\System\YaJVLCr.exe
  C:\Windows\System\YaJVLCr.exe
  2⤵
  PID:5448
- C:\Windows\System\HMjEVys.exe
  C:\Windows\System\HMjEVys.exe
  2⤵
  PID:5480
- C:\Windows\System\cLOcevV.exe
  C:\Windows\System\cLOcevV.exe
  2⤵
  PID:5504
- C:\Windows\System\biZoirm.exe
  C:\Windows\System\biZoirm.exe
  2⤵
  PID:5528
- C:\Windows\System\cgETEdv.exe
  C:\Windows\System\cgETEdv.exe
  2⤵
  PID:5564
- C:\Windows\System\dbtNHKK.exe
  C:\Windows\System\dbtNHKK.exe
  2⤵
  PID:5592
- C:\Windows\System\CZrKAmn.exe
  C:\Windows\System\CZrKAmn.exe
  2⤵
  PID:5620
- C:\Windows\System\gVQMoJa.exe
  C:\Windows\System\gVQMoJa.exe
  2⤵
  PID:5644
- C:\Windows\System\OzwVqyu.exe
  C:\Windows\System\OzwVqyu.exe
  2⤵
  PID:5664
- C:\Windows\System\XqrpIvW.exe
  C:\Windows\System\XqrpIvW.exe
  2⤵
  PID:5700
- C:\Windows\System\aeYIOHm.exe
  C:\Windows\System\aeYIOHm.exe
  2⤵
  PID:5736
- C:\Windows\System\GgZKOHD.exe
  C:\Windows\System\GgZKOHD.exe
  2⤵
  PID:5768
- C:\Windows\System\CPIspPz.exe
  C:\Windows\System\CPIspPz.exe
  2⤵
  PID:5792
- C:\Windows\System\GxmEnuE.exe
  C:\Windows\System\GxmEnuE.exe
  2⤵
  PID:5824
- C:\Windows\System\IKZlxlp.exe
  C:\Windows\System\IKZlxlp.exe
  2⤵
  PID:5864
- C:\Windows\System\NvlJrMS.exe
  C:\Windows\System\NvlJrMS.exe
  2⤵
  PID:5896
- C:\Windows\System\aVBqhZf.exe
  C:\Windows\System\aVBqhZf.exe
  2⤵
  PID:5920
- C:\Windows\System\tSdhXeH.exe
  C:\Windows\System\tSdhXeH.exe
  2⤵
  PID:5952
- C:\Windows\System\baxlyUe.exe
  C:\Windows\System\baxlyUe.exe
  2⤵
  PID:5980
- C:\Windows\System\sxCJMsx.exe
  C:\Windows\System\sxCJMsx.exe
  2⤵
  PID:6008
- C:\Windows\System\KntCZys.exe
  C:\Windows\System\KntCZys.exe
  2⤵
  PID:6036
- C:\Windows\System\NbSalCR.exe
  C:\Windows\System\NbSalCR.exe
  2⤵
  PID:6064
- C:\Windows\System\oLQzgsw.exe
  C:\Windows\System\oLQzgsw.exe
  2⤵
  PID:6096
- C:\Windows\System\VcGPIeA.exe
  C:\Windows\System\VcGPIeA.exe
  2⤵
  PID:6128
- C:\Windows\System\kUCDTCK.exe
  C:\Windows\System\kUCDTCK.exe
  2⤵
  PID:3616
- C:\Windows\System\dtJqhyP.exe
  C:\Windows\System\dtJqhyP.exe
  2⤵
  PID:5132
- C:\Windows\System\wkdpJUH.exe
  C:\Windows\System\wkdpJUH.exe
  2⤵
  PID:5204
- C:\Windows\System\XOjoGyQ.exe
  C:\Windows\System\XOjoGyQ.exe
  2⤵
  PID:5264
- C:\Windows\System\MBrPzjC.exe
  C:\Windows\System\MBrPzjC.exe
  2⤵
  PID:5356
- C:\Windows\System\sIqPOFx.exe
  C:\Windows\System\sIqPOFx.exe
  2⤵
  PID:5412
- C:\Windows\System\nFBgPrp.exe
  C:\Windows\System\nFBgPrp.exe
  2⤵
  PID:5476
- C:\Windows\System\QJlNvHg.exe
  C:\Windows\System\QJlNvHg.exe
  2⤵
  PID:5524
- C:\Windows\System\ZbuBBWy.exe
  C:\Windows\System\ZbuBBWy.exe
  2⤵
  PID:5600
- C:\Windows\System\vglNYnE.exe
  C:\Windows\System\vglNYnE.exe
  2⤵
  PID:5684
- C:\Windows\System\eEzkwcl.exe
  C:\Windows\System\eEzkwcl.exe
  2⤵
  PID:5756
- C:\Windows\System\BgBgUyt.exe
  C:\Windows\System\BgBgUyt.exe
  2⤵
  PID:5808
- C:\Windows\System\yJXiTHb.exe
  C:\Windows\System\yJXiTHb.exe
  2⤵
  PID:5884
- C:\Windows\System\CFmKjgQ.exe
  C:\Windows\System\CFmKjgQ.exe
  2⤵
  PID:5892
- C:\Windows\System\zhfnTmm.exe
  C:\Windows\System\zhfnTmm.exe
  2⤵
  PID:6020
- C:\Windows\System\IxxYCRJ.exe
  C:\Windows\System\IxxYCRJ.exe
  2⤵
  PID:6060
- C:\Windows\System\BtXeWzU.exe
  C:\Windows\System\BtXeWzU.exe
  2⤵
  PID:6140
- C:\Windows\System\wWdDjfx.exe
  C:\Windows\System\wWdDjfx.exe
  2⤵
  PID:5248
- C:\Windows\System\vGPFnNR.exe
  C:\Windows\System\vGPFnNR.exe
  2⤵
  PID:5404
- C:\Windows\System\UKnpNgV.exe
  C:\Windows\System\UKnpNgV.exe
  2⤵
  PID:5580
- C:\Windows\System\sCzPahi.exe
  C:\Windows\System\sCzPahi.exe
  2⤵
  PID:5672
- C:\Windows\System\axQuSfr.exe
  C:\Windows\System\axQuSfr.exe
  2⤵
  PID:5928
- C:\Windows\System\PNWJnCI.exe
  C:\Windows\System\PNWJnCI.exe
  2⤵
  PID:6056
- C:\Windows\System\jSXAkaQ.exe
  C:\Windows\System\jSXAkaQ.exe
  2⤵
  PID:4836
- C:\Windows\System\NZVBQGy.exe
  C:\Windows\System\NZVBQGy.exe
  2⤵
  PID:5308
- C:\Windows\System\ivAPKKR.exe
  C:\Windows\System\ivAPKKR.exe
  2⤵
  PID:5720
- C:\Windows\System\FuXWQTJ.exe
  C:\Windows\System\FuXWQTJ.exe
  2⤵
  PID:5160
- C:\Windows\System\ZSzFNhy.exe
  C:\Windows\System\ZSzFNhy.exe
  2⤵
  PID:6048
- C:\Windows\System\iWXQVsp.exe
  C:\Windows\System\iWXQVsp.exe
  2⤵
  PID:6172
- C:\Windows\System\XPSnHxL.exe
  C:\Windows\System\XPSnHxL.exe
  2⤵
  PID:6204
- C:\Windows\System\ELmCYZq.exe
  C:\Windows\System\ELmCYZq.exe
  2⤵
  PID:6224
- C:\Windows\System\sVQXruW.exe
  C:\Windows\System\sVQXruW.exe
  2⤵
  PID:6248
- C:\Windows\System\kCoBgTk.exe
  C:\Windows\System\kCoBgTk.exe
  2⤵
  PID:6280
- C:\Windows\System\aSCIqOi.exe
  C:\Windows\System\aSCIqOi.exe
  2⤵
  PID:6316
- C:\Windows\System\jsvmbcD.exe
  C:\Windows\System\jsvmbcD.exe
  2⤵
  PID:6344
- C:\Windows\System\DTxLmsG.exe
  C:\Windows\System\DTxLmsG.exe
  2⤵
  PID:6364
- C:\Windows\System\tQzpZZj.exe
  C:\Windows\System\tQzpZZj.exe
  2⤵
  PID:6388
- C:\Windows\System\aqXYHGZ.exe
  C:\Windows\System\aqXYHGZ.exe
  2⤵
  PID:6428
- C:\Windows\System\BuDArkn.exe
  C:\Windows\System\BuDArkn.exe
  2⤵
  PID:6444
- C:\Windows\System\chAZdqA.exe
  C:\Windows\System\chAZdqA.exe
  2⤵
  PID:6480
- C:\Windows\System\UuEyjTp.exe
  C:\Windows\System\UuEyjTp.exe
  2⤵
  PID:6500
- C:\Windows\System\WDRUhzA.exe
  C:\Windows\System\WDRUhzA.exe
  2⤵
  PID:6516
- C:\Windows\System\VSOZaav.exe
  C:\Windows\System\VSOZaav.exe
  2⤵
  PID:6548
- C:\Windows\System\xLusnAc.exe
  C:\Windows\System\xLusnAc.exe
  2⤵
  PID:6576
- C:\Windows\System\JEJDqHc.exe
  C:\Windows\System\JEJDqHc.exe
  2⤵
  PID:6600
- C:\Windows\System\CKSHLFn.exe
  C:\Windows\System\CKSHLFn.exe
  2⤵
  PID:6616
- C:\Windows\System\OtAxWOh.exe
  C:\Windows\System\OtAxWOh.exe
  2⤵
  PID:6656
- C:\Windows\System\lhoWdHQ.exe
  C:\Windows\System\lhoWdHQ.exe
  2⤵
  PID:6704
- C:\Windows\System\aTChWlk.exe
  C:\Windows\System\aTChWlk.exe
  2⤵
  PID:6720
- C:\Windows\System\RXmPUod.exe
  C:\Windows\System\RXmPUod.exe
  2⤵
  PID:6744
- C:\Windows\System\mEKkswf.exe
  C:\Windows\System\mEKkswf.exe
  2⤵
  PID:6776
- C:\Windows\System\dZCslme.exe
  C:\Windows\System\dZCslme.exe
  2⤵
  PID:6804
- C:\Windows\System\OtUzBBg.exe
  C:\Windows\System\OtUzBBg.exe
  2⤵
  PID:6836
- C:\Windows\System\ntFvytx.exe
  C:\Windows\System\ntFvytx.exe
  2⤵
  PID:6860
- C:\Windows\System\KsQDLdr.exe
  C:\Windows\System\KsQDLdr.exe
  2⤵
  PID:6884
- C:\Windows\System\owZIWJx.exe
  C:\Windows\System\owZIWJx.exe
  2⤵
  PID:6912
- C:\Windows\System\MJIQtyz.exe
  C:\Windows\System\MJIQtyz.exe
  2⤵
  PID:6936
- C:\Windows\System\TWpjVlU.exe
  C:\Windows\System\TWpjVlU.exe
  2⤵
  PID:6968
- C:\Windows\System\ylSBDNX.exe
  C:\Windows\System\ylSBDNX.exe
  2⤵
  PID:6992
- C:\Windows\System\UkvXqey.exe
  C:\Windows\System\UkvXqey.exe
  2⤵
  PID:7024
- C:\Windows\System\gETICqV.exe
  C:\Windows\System\gETICqV.exe
  2⤵
  PID:7060
- C:\Windows\System\TpPHZRI.exe
  C:\Windows\System\TpPHZRI.exe
  2⤵
  PID:7088
- C:\Windows\System\MQDIQJa.exe
  C:\Windows\System\MQDIQJa.exe
  2⤵
  PID:7112
- C:\Windows\System\EYrmOta.exe
  C:\Windows\System\EYrmOta.exe
  2⤵
  PID:7128
- C:\Windows\System\QPvPqNF.exe
  C:\Windows\System\QPvPqNF.exe
  2⤵
  PID:7144
- C:\Windows\System\oDXGoVn.exe
  C:\Windows\System\oDXGoVn.exe
  2⤵
  PID:5400
- C:\Windows\System\fwAcITk.exe
  C:\Windows\System\fwAcITk.exe
  2⤵
  PID:6232
- C:\Windows\System\XzMTdVd.exe
  C:\Windows\System\XzMTdVd.exe
  2⤵
  PID:6300
- C:\Windows\System\zOEywma.exe
  C:\Windows\System\zOEywma.exe
  2⤵
  PID:6380
- C:\Windows\System\HmyEJJh.exe
  C:\Windows\System\HmyEJJh.exe
  2⤵
  PID:6456
- C:\Windows\System\ZpONoJI.exe
  C:\Windows\System\ZpONoJI.exe
  2⤵
  PID:6496
- C:\Windows\System\xoFgzvt.exe
  C:\Windows\System\xoFgzvt.exe
  2⤵
  PID:6612
- C:\Windows\System\yqirqSC.exe
  C:\Windows\System\yqirqSC.exe
  2⤵
  PID:6632
- C:\Windows\System\vPybzoQ.exe
  C:\Windows\System\vPybzoQ.exe
  2⤵
  PID:6740
- C:\Windows\System\WraQHlb.exe
  C:\Windows\System\WraQHlb.exe
  2⤵
  PID:6824
- C:\Windows\System\NlFXJUz.exe
  C:\Windows\System\NlFXJUz.exe
  2⤵
  PID:6792
- C:\Windows\System\yItUwpn.exe
  C:\Windows\System\yItUwpn.exe
  2⤵
  PID:6908
- C:\Windows\System\gSQJtKj.exe
  C:\Windows\System\gSQJtKj.exe
  2⤵
  PID:6980
- C:\Windows\System\pAVIjzg.exe
  C:\Windows\System\pAVIjzg.exe
  2⤵
  PID:7076
- C:\Windows\System\xaZyImo.exe
  C:\Windows\System\xaZyImo.exe
  2⤵
  PID:7136
- C:\Windows\System\sWwdVjO.exe
  C:\Windows\System\sWwdVjO.exe
  2⤵
  PID:6192
- C:\Windows\System\yUgBXuw.exe
  C:\Windows\System\yUgBXuw.exe
  2⤵
  PID:6292
- C:\Windows\System\fSGFuVo.exe
  C:\Windows\System\fSGFuVo.exe
  2⤵
  PID:6584
- C:\Windows\System\MFWUxCu.exe
  C:\Windows\System\MFWUxCu.exe
  2⤵
  PID:6568
- C:\Windows\System\cEHpGVM.exe
  C:\Windows\System\cEHpGVM.exe
  2⤵
  PID:6768
- C:\Windows\System\tRjlhjk.exe
  C:\Windows\System\tRjlhjk.exe
  2⤵
  PID:6952
- C:\Windows\System\EggHJVi.exe
  C:\Windows\System\EggHJVi.exe
  2⤵
  PID:7056
- C:\Windows\System\wpdNmzG.exe
  C:\Windows\System\wpdNmzG.exe
  2⤵
  PID:6468
- C:\Windows\System\vMtARuw.exe
  C:\Windows\System\vMtARuw.exe
  2⤵
  PID:6556
- C:\Windows\System\pjqCQVl.exe
  C:\Windows\System\pjqCQVl.exe
  2⤵
  PID:6928
- C:\Windows\System\jKjwPlm.exe
  C:\Windows\System\jKjwPlm.exe
  2⤵
  PID:5680
- C:\Windows\System\MNbuLgP.exe
  C:\Windows\System\MNbuLgP.exe
  2⤵
  PID:6664
- C:\Windows\System\lVEUsXZ.exe
  C:\Windows\System\lVEUsXZ.exe
  2⤵
  PID:7184
- C:\Windows\System\eQkcsDc.exe
  C:\Windows\System\eQkcsDc.exe
  2⤵
  PID:7216
- C:\Windows\System\yWnZznY.exe
  C:\Windows\System\yWnZznY.exe
  2⤵
  PID:7232
- C:\Windows\System\rihaeGI.exe
  C:\Windows\System\rihaeGI.exe
  2⤵
  PID:7260
- C:\Windows\System\LmjUhnr.exe
  C:\Windows\System\LmjUhnr.exe
  2⤵
  PID:7292
- C:\Windows\System\oKcYFPq.exe
  C:\Windows\System\oKcYFPq.exe
  2⤵
  PID:7328
- C:\Windows\System\HykCsaK.exe
  C:\Windows\System\HykCsaK.exe
  2⤵
  PID:7356
- C:\Windows\System\QPnQqTF.exe
  C:\Windows\System\QPnQqTF.exe
  2⤵
  PID:7372
- C:\Windows\System\XiYorVR.exe
  C:\Windows\System\XiYorVR.exe
  2⤵
  PID:7412
- C:\Windows\System\jcyIqbp.exe
  C:\Windows\System\jcyIqbp.exe
  2⤵
  PID:7444
- C:\Windows\System\eWtpxKj.exe
  C:\Windows\System\eWtpxKj.exe
  2⤵
  PID:7468
- C:\Windows\System\LghaYul.exe
  C:\Windows\System\LghaYul.exe
  2⤵
  PID:7496
- C:\Windows\System\CzdFrau.exe
  C:\Windows\System\CzdFrau.exe
  2⤵
  PID:7524
- C:\Windows\System\rtnTjNP.exe
  C:\Windows\System\rtnTjNP.exe
  2⤵
  PID:7564
- C:\Windows\System\HJZwYER.exe
  C:\Windows\System\HJZwYER.exe
  2⤵
  PID:7596
- C:\Windows\System\gtRJocS.exe
  C:\Windows\System\gtRJocS.exe
  2⤵
  PID:7620
- C:\Windows\System\PeRrSCb.exe
  C:\Windows\System\PeRrSCb.exe
  2⤵
  PID:7636
- C:\Windows\System\BtZkeiw.exe
  C:\Windows\System\BtZkeiw.exe
  2⤵
  PID:7652
- C:\Windows\System\KPUkNbW.exe
  C:\Windows\System\KPUkNbW.exe
  2⤵
  PID:7668
- C:\Windows\System\xUAAkKJ.exe
  C:\Windows\System\xUAAkKJ.exe
  2⤵
  PID:7684
- C:\Windows\System\zsaGUXu.exe
  C:\Windows\System\zsaGUXu.exe
  2⤵
  PID:7700
- C:\Windows\System\GqhIENp.exe
  C:\Windows\System\GqhIENp.exe
  2⤵
  PID:7732
- C:\Windows\System\fyDpkjA.exe
  C:\Windows\System\fyDpkjA.exe
  2⤵
  PID:7760
- C:\Windows\System\lWWXKse.exe
  C:\Windows\System\lWWXKse.exe
  2⤵
  PID:7788
- C:\Windows\System\FRHlOvI.exe
  C:\Windows\System\FRHlOvI.exe
  2⤵
  PID:7812
- C:\Windows\System\RCDEzyO.exe
  C:\Windows\System\RCDEzyO.exe
  2⤵
  PID:7832
- C:\Windows\System\yInYhfm.exe
  C:\Windows\System\yInYhfm.exe
  2⤵
  PID:7864
- C:\Windows\System\jaxzeiL.exe
  C:\Windows\System\jaxzeiL.exe
  2⤵
  PID:7884
- C:\Windows\System\fucVIav.exe
  C:\Windows\System\fucVIav.exe
  2⤵
  PID:7920
- C:\Windows\System\ItCVVYX.exe
  C:\Windows\System\ItCVVYX.exe
  2⤵
  PID:7952
- C:\Windows\System\DZhrqEw.exe
  C:\Windows\System\DZhrqEw.exe
  2⤵
  PID:7992
- C:\Windows\System\BXjucfK.exe
  C:\Windows\System\BXjucfK.exe
  2⤵
  PID:8020
- C:\Windows\System\xjFigOJ.exe
  C:\Windows\System\xjFigOJ.exe
  2⤵
  PID:8048
- C:\Windows\System\DEeVYLn.exe
  C:\Windows\System\DEeVYLn.exe
  2⤵
  PID:8084
- C:\Windows\System\UGSlxUP.exe
  C:\Windows\System\UGSlxUP.exe
  2⤵
  PID:8120
- C:\Windows\System\PvMlCnS.exe
  C:\Windows\System\PvMlCnS.exe
  2⤵
  PID:8148
- C:\Windows\System\GctdTzI.exe
  C:\Windows\System\GctdTzI.exe
  2⤵
  PID:8176
- C:\Windows\System\KURqnFx.exe
  C:\Windows\System\KURqnFx.exe
  2⤵
  PID:7224
- C:\Windows\System\QwqsrJe.exe
  C:\Windows\System\QwqsrJe.exe
  2⤵
  PID:7252
- C:\Windows\System\thXQuQT.exe
  C:\Windows\System\thXQuQT.exe
  2⤵
  PID:7312
- C:\Windows\System\ZxMOaYB.exe
  C:\Windows\System\ZxMOaYB.exe
  2⤵
  PID:7396
- C:\Windows\System\nMUUUUt.exe
  C:\Windows\System\nMUUUUt.exe
  2⤵
  PID:7452
- C:\Windows\System\CPUNqxN.exe
  C:\Windows\System\CPUNqxN.exe
  2⤵
  PID:7480
- C:\Windows\System\ORhnYvp.exe
  C:\Windows\System\ORhnYvp.exe
  2⤵
  PID:7536
- C:\Windows\System\UNguDQy.exe
  C:\Windows\System\UNguDQy.exe
  2⤵
  PID:7644
- C:\Windows\System\SQeVvHZ.exe
  C:\Windows\System\SQeVvHZ.exe
  2⤵
  PID:7692
- C:\Windows\System\ODLuRYF.exe
  C:\Windows\System\ODLuRYF.exe
  2⤵
  PID:6688
- C:\Windows\System\WrnrOFN.exe
  C:\Windows\System\WrnrOFN.exe
  2⤵
  PID:7856
- C:\Windows\System\cSoWiMl.exe
  C:\Windows\System\cSoWiMl.exe
  2⤵
  PID:7892
- C:\Windows\System\vDdfdyi.exe
  C:\Windows\System\vDdfdyi.exe
  2⤵
  PID:7880
- C:\Windows\System\uhsNkUf.exe
  C:\Windows\System\uhsNkUf.exe
  2⤵
  PID:8104
- C:\Windows\System\QyFIXPe.exe
  C:\Windows\System\QyFIXPe.exe
  2⤵
  PID:8144
- C:\Windows\System\YDrJjPY.exe
  C:\Windows\System\YDrJjPY.exe
  2⤵
  PID:6712
- C:\Windows\System\zZniwpO.exe
  C:\Windows\System\zZniwpO.exe
  2⤵
  PID:7384
- C:\Windows\System\VPbvcbr.exe
  C:\Windows\System\VPbvcbr.exe
  2⤵
  PID:7488
- C:\Windows\System\ldfVkno.exe
  C:\Windows\System\ldfVkno.exe
  2⤵
  PID:7664
- C:\Windows\System\DiebsiI.exe
  C:\Windows\System\DiebsiI.exe
  2⤵
  PID:7784
- C:\Windows\System\JuAQiSl.exe
  C:\Windows\System\JuAQiSl.exe
  2⤵
  PID:7988
- C:\Windows\System\QxLgwlz.exe
  C:\Windows\System\QxLgwlz.exe
  2⤵
  PID:8096
- C:\Windows\System\EHbFhEn.exe
  C:\Windows\System\EHbFhEn.exe
  2⤵
  PID:7344
- C:\Windows\System\DjKxmFK.exe
  C:\Windows\System\DjKxmFK.exe
  2⤵
  PID:7612
- C:\Windows\System\UFwKihu.exe
  C:\Windows\System\UFwKihu.exe
  2⤵
  PID:8012
- C:\Windows\System\yXUAieD.exe
  C:\Windows\System\yXUAieD.exe
  2⤵
  PID:7740
- C:\Windows\System\HkGoZLI.exe
  C:\Windows\System\HkGoZLI.exe
  2⤵
  PID:8212
- C:\Windows\System\AIkQZYE.exe
  C:\Windows\System\AIkQZYE.exe
  2⤵
  PID:8244
- C:\Windows\System\ueMntwV.exe
  C:\Windows\System\ueMntwV.exe
  2⤵
  PID:8260
- C:\Windows\System\vQggKqg.exe
  C:\Windows\System\vQggKqg.exe
  2⤵
  PID:8288
- C:\Windows\System\ZKakDwV.exe
  C:\Windows\System\ZKakDwV.exe
  2⤵
  PID:8324
- C:\Windows\System\EbtZauu.exe
  C:\Windows\System\EbtZauu.exe
  2⤵
  PID:8352
- C:\Windows\System\pAvUSlt.exe
  C:\Windows\System\pAvUSlt.exe
  2⤵
  PID:8384
- C:\Windows\System\MpHnEcO.exe
  C:\Windows\System\MpHnEcO.exe
  2⤵
  PID:8408
- C:\Windows\System\evrZRsh.exe
  C:\Windows\System\evrZRsh.exe
  2⤵
  PID:8428
- C:\Windows\System\VXVLWzJ.exe
  C:\Windows\System\VXVLWzJ.exe
  2⤵
  PID:8464
- C:\Windows\System\umEqArt.exe
  C:\Windows\System\umEqArt.exe
  2⤵
  PID:8492
- C:\Windows\System\ryntPXx.exe
  C:\Windows\System\ryntPXx.exe
  2⤵
  PID:8520
- C:\Windows\System\loLCnyk.exe
  C:\Windows\System\loLCnyk.exe
  2⤵
  PID:8540
- C:\Windows\System\RUQRZsA.exe
  C:\Windows\System\RUQRZsA.exe
  2⤵
  PID:8572
- C:\Windows\System\MKOXRUb.exe
  C:\Windows\System\MKOXRUb.exe
  2⤵
  PID:8616
- C:\Windows\System\zhlJyYf.exe
  C:\Windows\System\zhlJyYf.exe
  2⤵
  PID:8632
- C:\Windows\System\EMbAtGQ.exe
  C:\Windows\System\EMbAtGQ.exe
  2⤵
  PID:8660
- C:\Windows\System\XHCDyts.exe
  C:\Windows\System\XHCDyts.exe
  2⤵
  PID:8680
- C:\Windows\System\FFrioWh.exe
  C:\Windows\System\FFrioWh.exe
  2⤵
  PID:8708
- C:\Windows\System\BwFKRpU.exe
  C:\Windows\System\BwFKRpU.exe
  2⤵
  PID:8736
- C:\Windows\System\kttmABn.exe
  C:\Windows\System\kttmABn.exe
  2⤵
  PID:8772
- C:\Windows\System\KeklCrY.exe
  C:\Windows\System\KeklCrY.exe
  2⤵
  PID:8812
- C:\Windows\System\fgkdKTP.exe
  C:\Windows\System\fgkdKTP.exe
  2⤵
  PID:8836
- C:\Windows\System\FdNfwFy.exe
  C:\Windows\System\FdNfwFy.exe
  2⤵
  PID:8856
- C:\Windows\System\jdsYrUF.exe
  C:\Windows\System\jdsYrUF.exe
  2⤵
  PID:8884
- C:\Windows\System\wrzTcXJ.exe
  C:\Windows\System\wrzTcXJ.exe
  2⤵
  PID:8900
- C:\Windows\System\wnXmIyC.exe
  C:\Windows\System\wnXmIyC.exe
  2⤵
  PID:8928
- C:\Windows\System\intmVJs.exe
  C:\Windows\System\intmVJs.exe
  2⤵
  PID:8968
- C:\Windows\System\RsBtAve.exe
  C:\Windows\System\RsBtAve.exe
  2⤵
  PID:9000
- C:\Windows\System\zsrSiAi.exe
  C:\Windows\System\zsrSiAi.exe
  2⤵
  PID:9028
- C:\Windows\System\VGmeegU.exe
  C:\Windows\System\VGmeegU.exe
  2⤵
  PID:9052
- C:\Windows\System\wupeIya.exe
  C:\Windows\System\wupeIya.exe
  2⤵
  PID:9084
- C:\Windows\System\bqtnJPL.exe
  C:\Windows\System\bqtnJPL.exe
  2⤵
  PID:9104
- C:\Windows\System\dccPrqG.exe
  C:\Windows\System\dccPrqG.exe
  2⤵
  PID:9140
- C:\Windows\System\IMjgqTS.exe
  C:\Windows\System\IMjgqTS.exe
  2⤵
  PID:9164
- C:\Windows\System\nQRNruy.exe
  C:\Windows\System\nQRNruy.exe
  2⤵
  PID:9196
- C:\Windows\System\tgpUHnk.exe
  C:\Windows\System\tgpUHnk.exe
  2⤵
  PID:7280
- C:\Windows\System\VROFHng.exe
  C:\Windows\System\VROFHng.exe
  2⤵
  PID:8252
- C:\Windows\System\fDUqcVx.exe
  C:\Windows\System\fDUqcVx.exe
  2⤵
  PID:8312
- C:\Windows\System\lZiSQuX.exe
  C:\Windows\System\lZiSQuX.exe
  2⤵
  PID:8376
- C:\Windows\System\bUFXLZY.exe
  C:\Windows\System\bUFXLZY.exe
  2⤵
  PID:8424
- C:\Windows\System\KXxglAa.exe
  C:\Windows\System\KXxglAa.exe
  2⤵
  PID:8512
- C:\Windows\System\MOVFaBp.exe
  C:\Windows\System\MOVFaBp.exe
  2⤵
  PID:8560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AzxOGLV.exe

Filesize
1.8MB

MD5
ef067315b38b63a1721b0964e460c837

SHA1
f487adeaab4e3206c9f000ebd819387418523bef

SHA256
8c05543b36e44c2e225f74a832fc945812e49e73f7e895d2b6282d82ea90b61c

SHA512
d196dfa10d42994b2c87c58711b3db9462b4baa11fba863b947a910986aecd18add3cca3d48a92deb69cd526996d25dd87e44c8e12bfa459b9b2a63fbb20cdd2

Download Submit
C:\Windows\System\BCIbpoP.exe

Filesize
1.8MB

MD5
2d59c405f30cd6cffd0287b1c0a16e7b

SHA1
1c49e9981b5ba89d44abef045e5c4135dc363da6

SHA256
cecf775d72afe64bbf47506c85b83b1b8cdbe24b81572a3e77c6236960a199fd

SHA512
9eb6556a3f8b10e19b446dd3e5adac716571f1032947b6d1490b5049ae6b4d295a04491863fc926123e8796d33647dd4c1ad6501e6408387ba2acef1427ef337

Download Submit
C:\Windows\System\BMivYmC.exe

Filesize
1.8MB

MD5
6146cef08fca863dcaef0d91e2456a18

SHA1
1509aecc6e30195a7a2e0c3b9d59153c65c16dcd

SHA256
0e440012fffa6fd3a56f58a6f23a014c60fed7c814b9c74ae3d9f3d5b2a9300b

SHA512
696b1aed3e4b1717a6e57c1a88359e868ab62a3a59781563f55e33b3ce5cab9fa4cf31504b375502a60f6e429392dfcda516cfa96d5fbac6c99e4c3c9c3f5934

Download Submit
C:\Windows\System\BmcivGN.exe

Filesize
1.8MB

MD5
074f32767526c139cdaf0c8fb8853c08

SHA1
cbe15096fb3539407cdb1c9142f727faa266c1a3

SHA256
63aec83b6667d52b619a890708932562a1240df879b97b4a2c13972ec8d37aeb

SHA512
954d507366a66fd0d8e00314cb6767be4a80bd99c4ddac82c79360df2c324abf41b822f5d42b5c44c1cab8e2f210d4c07621138707750286e5d1b38c704e1c03

Download Submit
C:\Windows\System\CchqSeD.exe

Filesize
1.8MB

MD5
7b76595d58e6e9f9f09977c50e4e7b1a

SHA1
d587b4376f70336415d9c8228251f6e835aebaec

SHA256
00182da4cf8ca0dcd3674f3858b5c862c5fb22ca700f38cb9e27529e3bb162f4

SHA512
ad6e0cb5a0dac8b0f002d9f33cc341f422fa192e49ca3327bd87a53bce5e44d52a84f773ae0c356607fa8c66930be249dd2b4ed703208098915a6ebf4ecf6324

Download Submit
C:\Windows\System\CcsBkyP.exe

Filesize
1.8MB

MD5
4135d84a2fa450913e4f07b87b768402

SHA1
fec0124b2c1ba3fc65be4b5c33e6bf3d2be50726

SHA256
ef7aeab6da48008b20a2eadb47932761bac0397443df95731642f5b2de7af1a3

SHA512
2400bea74854eb18a6121ea778d53c547e6f9e6bf7f9df68e2e2b7e96a051e3cc4c45ecf7847ed422f75a913abe44e8537d57f40c58cb59417b5825fb4495cdf

Download Submit
C:\Windows\System\Ctzgfrt.exe

Filesize
1.8MB

MD5
a5e291b94ec82149649dcf3828fb5449

SHA1
5aebec8f28ef4fda8a10a72e63cc685e8c300c17

SHA256
43a8cfc730bb70f73801ffeb0b260a249f8f0f40ca32564fe91652b76eeea31d

SHA512
a0ee9b6873ef8852256c21a748f739e1b0491992037be49a26440a45dbdcdbafb94aa8cfd5d510818adced85b4ecabe92411dffb08743076e78bf5d41b4215c8

Download Submit
C:\Windows\System\DpssraB.exe

Filesize
1.8MB

MD5
65d305289cd0e832656815921dcc3791

SHA1
7a55fd1822543617ae1cecd203d8e22966842f7f

SHA256
0df42deccf3307223768452a764e1989bfbe33e0327aa26484e3e071b7a94ff1

SHA512
b315a853a7ef4b437ee8447c5e746d8797bfa1ec2c5329fe200c52a50afa839150cc1e5fbac16b43a8a678e60184dbfefda1eab7a080fcfb8d65392f46c80928

Download Submit
C:\Windows\System\FWBEuRU.exe

Filesize
1.8MB

MD5
86b6f623d5e9025790b2def492e88c02

SHA1
f24fc1c9733f14a7905ab00890c21ddcb0ffc4f8

SHA256
dfcbc767b9b74b15b85b22e408561a7659efb4d79e0f06863e88d690847a5336

SHA512
1ce5d64acfe173869e1b35edd4a07cd25b6892c0a836415fb25431b9210bc8cdfd436cb9f6254f4c3f6f5023dc0e24b3238216842554c785c0ba1808377440c6

Download Submit
C:\Windows\System\LbBwWaa.exe

Filesize
1.8MB

MD5
591d9d4382cce784ec2c6346859c5462

SHA1
211d7632a282ec8155b2eac2d3033006b83ac805

SHA256
c00fc5023661ec751e94ff2c2f12d06894419dc1e54ccd26c0f01335f3e91ed4

SHA512
63e4128875bb43cc35a68b418f3215082692f9f304233da46a745d2bcacd710deac89624e2e4a24dc5e7b64ff12a76540f55c7b293ec9be1395035baeffea5fe

Download Submit
C:\Windows\System\LvujEfe.exe

Filesize
1.8MB

MD5
8f8143462af4471ed81c91b03f3309e0

SHA1
b45abe558b751f6b771bc3be4570337806a9b1ea

SHA256
834508e201b8d30a8a44a3aadfc64bb2479c51d59b1d4145e811abbe6262375f

SHA512
bde8bbdd73a4016ee586e018b16ce73d91140a4c2ff6e6d139f2402d491631fe0c78bd53ffa0e5fbbbcf00b7efae1f916537f6cdb48ed120f86c2c58e564c61f

Download Submit
C:\Windows\System\MHlDqbm.exe

Filesize
1.8MB

MD5
5d8190c7d8b61260990f5a2ec240169b

SHA1
557f458dd60b3d051e80b64529c0261b61eb0c72

SHA256
c9768dc88aeb08da0d11804fbd89f0599589143b8d61a1abbb30b293febe1988

SHA512
efa9fed964cbbddd80c21a6a9fb648dedbe5cb00e6009c656340007cb55c563ac5a42a3f2c98211f9859cad60cc5486e724a40688ec6f3df763d68ef89c2b22c

Download Submit
C:\Windows\System\PbILbWB.exe

Filesize
1.8MB

MD5
db8bdcbd3991358c324da4492f7d2354

SHA1
53b3cdd228013d379a67d96894de9e2b6cdfdfa2

SHA256
59e265f7ebb5a4ed2af4fe4a68c6618ebfcf361ee1e59f8e064d5a8f693d6b67

SHA512
a201c7464e2900d0a64647e12b1acc10cb7deab5f83f839c24e1e1da2fd7a636cd50205b7feb7af23c0e28ebefcb040806817554da05cd17f0d6e3a48100ea39

Download Submit
C:\Windows\System\RClDpbk.exe

Filesize
1.8MB

MD5
4bbfff6b8c9a902a402351b990c507bf

SHA1
237dd3afcf648f26b19a52bcf5ccc2e3e16e85c3

SHA256
41422a2d7c2ac1fcb967276e4d03228b4e6e54748427387cedee6737b0474ba0

SHA512
29b7b82e948bc2b38379c3ea0c2dd3f97214a663991a559b90298059a5b7bb3ac1c1c3a4bf6b67429765561d036ddb31e5591aafa63b1032df51c73cd2b8ae5f

Download Submit
C:\Windows\System\RnSwRDq.exe

Filesize
1.8MB

MD5
8212f92b055e887aefe2e68d7fc76e0d

SHA1
2bedb62d3048d3f553d9f1cf76528788a5042aab

SHA256
ff22ca3d5acadb1def121745a585b6765f9f9db39f0e5be3ba993793aed53d9e

SHA512
e535696cadd98a6e22000c37531739071704bb4d480f74aeaf10462db80fb7bfb570f2e341ec5e3c8cea94d7ecaded5d907b7bd83cd2f0b7ded9254a9037d94b

Download Submit
C:\Windows\System\VXvcAsK.exe

Filesize
1.8MB

MD5
59fdd97f8d1191bed539ec672baa0ea9

SHA1
36d2f059993af54eb8192402ec9c0731d504a804

SHA256
4c174e24effd2d0d47ddd0c6afc1ab92ac03bbfe6fe39f7c4fc0ee167fa6ec94

SHA512
f87cab0247a035e8fcc8a2f8fa5f68608103cf98a5a87f4c2a025bc07e1f130da997522ecb8e51cba9f321982e8c3ae8dd9ea185d57958120c35cf3c1b0bb360

Download Submit
C:\Windows\System\ZeHrWee.exe

Filesize
1.8MB

MD5
36939dfd9c3a7565cad67cf627a14416

SHA1
e6e6f9415be5d6872c57e10e3ffd94c058db9372

SHA256
bb8557d5c311e16fa5f7e78a349ad15572e1a4e00026fc0b5d5fe47c40a409a3

SHA512
0e2ebbe474f466f3535c1b02b0b2262a7f595c77ea06775b74d3d5e5bed449ca75740d92c3c56f287548b95fab6bff8126550e333373109149afdccc815bf939

Download Submit
C:\Windows\System\ZiksclB.exe

Filesize
1.8MB

MD5
55253458a15bf1ddb97bc9b530397198

SHA1
47b954bc77af916be1681765e90029ea1d79d252

SHA256
9a3087fa96ad8726332f12fafb49fcdd18b974103079676776f68e5678580c2a

SHA512
0584d392fc92253d40c22a624cd600f7734e5f28d2b63416852fdb9a457688d746ca2df1e81a40408a55ede665bcf4a1e36835d27008a267710867ea4aa23325

Download Submit
C:\Windows\System\ajnaECK.exe

Filesize
1.8MB

MD5
91ddc7ec12b6b9c28a16cb85fa086c71

SHA1
6eb455cfd1817bef2818c4f79bbd7e47fdecb7a7

SHA256
3d06b96aa0c43becd8ab52e77c93fd97aa3fb36086aa5365fa8dc485aa5be5bf

SHA512
4bce6fd1f207bc3f19cf372f4bd46327bccf5640760b23d5ba449fd03a90a12625aac66cda3635682bfb59e4f683cccbc23f9deecb742b4cf817a8a6847f6d9b

Download Submit
C:\Windows\System\bNoplik.exe

Filesize
1.8MB

MD5
563303a1a84db21f2a68413fdd83fa72

SHA1
172203bc51d45abea8a9bea10aeeb3a3dd38b97b

SHA256
cc08cc6647424196dbe3994fe8d3087a654cca3498920d7f15543f14f3619105

SHA512
cdf3f6b7e8b8f992f22f06ce662a84b84617ef940f4b5a6a361e7730b68b10b9cc4617b0adea262efd60f7a75e819454d3a94a993d5623715335afaea38dd5bc

Download Submit
C:\Windows\System\etFnjne.exe

Filesize
1.8MB

MD5
475803eae7c0571ac7656f2af92a1885

SHA1
3ab4605ea1873af896857191ba90d4af48df12b1

SHA256
fc578f7822e4db44596fa7504f029d7671c1a6ed02c67a1edd3a1d593d8133a4

SHA512
80b45b9b957beb06cdd90313f2e3610ef64b5442b0a1d849bbd1a020331e47f6fb25ec2ee30d5e1b4f2deee03be57ff584b0d50f0cbd0c49ec0abe138a0cde52

Download Submit
C:\Windows\System\fHSuDaK.exe

Filesize
1.8MB

MD5
4d0b3e4349bbd349a3a5d5e3488e5265

SHA1
3b9c7ef37ab5992bfc6365bd28eff9c3425d1041

SHA256
1a0389bbf21f1f9fb9fd0724b03706fb7abeabff582fc93483435563128fefb0

SHA512
6938b48e6666cefa07f53bdf824eb6768212dffd42fc490a2e62889e0516b2a2225c7ea2ade6dc61cff8265ec3f20aec87c57d6ebe5ce9cef34ba3dfd2c2baf3

Download Submit
C:\Windows\System\gJNhuXu.exe

Filesize
1.8MB

MD5
550ba39b4aa8dab015bbe782d6e495ad

SHA1
96afa19e16ec5c4c6825400dfed765a0bf5f5ae1

SHA256
7c7d76f8e998715e7a0d0c849ebb8281917bfe4a6ccd8ab482d3c3c1575a2176

SHA512
2bac1d7d5b7783b394a8f58a6a3170fd779d4d627772e389c51f8659348f8847e53385fa2eacc32e6d2a9070f43ecb9cf55bcf8e1ebe3d6ff68b60644424f3bb

Download Submit
C:\Windows\System\gOdrqQD.exe

Filesize
1.8MB

MD5
e865e22ed1274ac41b980c021727c78b

SHA1
3a3ff43a645c31d86404dd9c321d29371917a5a6

SHA256
b6356b26c074e249c66eec75083d374bb2c24ae75e65b8f79f7ac31eb898e851

SHA512
e449bf4b25b18da52641e1edc31a7dacd9199adbec441a6761dff7da7da5b3dcd33592cd19d736eba5e913889c7c31e4788308a319931aca0cd2a60e32344a28

Download Submit
C:\Windows\System\hwaxROL.exe

Filesize
1.8MB

MD5
72f06dca14a1dfcf959ae3eb9c39073b

SHA1
463df9c3f8da79b3279637420562e2db8f84773d

SHA256
1f4d229bdb01e246b11c74bbfa95f048fb6c7f7dea086147d40a5ad4933f619a

SHA512
e3206e738e040066010a5163ede9e7112559f7e529b083206d48a44379fd63bd1b7c3a6859f601f5de846ae3e849d48e4822a8a91fbfd14137625dd6eb8353c8

Download Submit
C:\Windows\System\jmbZLfx.exe

Filesize
1.8MB

MD5
b960f5767b9e8258c5941b98b4ed4c51

SHA1
9464a2b9cff99243186ec7f4a2728063ab864334

SHA256
b52f8ae9c8fab41cbced007c7228743d7e12fb8d69f21a1dce26386ba18ec427

SHA512
6f79f1a6e07f2089fefa6156199815c2249364d42716e3f6266b81f409fe908b391755dd00f570e6ecd3418a41d0d2079f6036251cd452b2904a933cea3630fe

Download Submit
C:\Windows\System\kzSpRvW.exe

Filesize
1.8MB

MD5
cef1fe932e3cda242e6448b613248617

SHA1
1ecbfcef0ebd1801b9e53b156fb96744a46c5881

SHA256
68b4bfddd8b8329bc104701c20dfaae085c62127a24c2842bdc0a6bd650c3280

SHA512
4664ef02b80eb825e49a2dcb11057081b896e6d4e659c2ea5367be9ad4bf1a8c478cd9027a6baddf231a4a34bfadf214a5bed52ba517783ce21b3a2d9fffa164

Download Submit
C:\Windows\System\lbMLOgh.exe

Filesize
1.8MB

MD5
c9ade0f2c506474d1c2aafec37920892

SHA1
621bf8a70b0bb63d0a5a199dbcda01309ed70119

SHA256
d4351426ace3f01ad2dd8f3d8672dcbdd508f3c3364608abd69f77d0ca0a967f

SHA512
f593c585cc3fb681b055208a02a96a416796542ff9dd7eae3abe6bfe5b8cac8c56ab677df45e7dc0714709eee2ded436796e74585dfa9a62cbee3fd1c2072a77

Download Submit
C:\Windows\System\oLWvUpe.exe

Filesize
1.8MB

MD5
8d6fdffe9b8e57a12f2533cc9c8273f4

SHA1
aa2fca1f09a2ae03ab705d8e2196ea6f4c8e3cc4

SHA256
3b230f1d259f2d36017610ee0a46776640ee94da7e7b30362a5b4211031e61ff

SHA512
5b336eaabca24443a9afd1659b8bcc1cb311205de6e10c05b92d23220ac906ce1109fca63403167481d8bdcacaf386eff1df3ebfb161bd3fa36af739f5d1e2a2

Download Submit
C:\Windows\System\ocUCHyn.exe

Filesize
1.8MB

MD5
472cbaaf0637ab4600a30cdf465a4d69

SHA1
b2808a77cea8e6479b2cd07fdc89d012a58e87c7

SHA256
8821911be106d486f6b32c3aca1e5c6ab74cc231bfd5958a6a438dfaf8defc5d

SHA512
221a6d58c034b298a7e3546db6ce8cc1cd40e3778beff9f88aabf4099aa31afdc2bc70c38a51b4eca20cd853ff54ea404a9895715476121a579d0d56ee11f5df

Download Submit
C:\Windows\System\pwzdSIX.exe

Filesize
1.8MB

MD5
e9b3a8f9b77bddc03e56bd17c6ba2c0b

SHA1
95ab6e881e2b3e782f745516fbbf3cf8ef083909

SHA256
3d0b25467f90cfcc32201e21a5d10a4d4301803c84415f1c5ce326edf4c2ca57

SHA512
e85ecf7affbaa98f02c91c4b8d08a1ae247da67cddbdbd6d1be2a698e5d8aca699d44048a5b7cc8d75dca0ce00f8c2c932dfb3dfe17717dd68581e8bcbf0dc02

Download Submit
C:\Windows\System\sufMAGj.exe

Filesize
1.8MB

MD5
1b41211e4f574a87c284c35ba0b9b864

SHA1
bdc8741b09bb10ae3014b1bc67666d398600f1c9

SHA256
704ff3ae185949e5fe643c85a823c2ad8aa9ae2dd04715002a9b8a9f0ffe61b2

SHA512
8c5fa7fb2fc340124c9c6a25763e84b9ab44ae649371f5b47bf9a4e82b23eb45c0ae3ed0dbccd5c3e2b2d9c87b128f8418751db523919a15a70f1e88eeec505d

Download Submit
C:\Windows\System\tkDERGG.exe

Filesize
1.8MB

MD5
5b554aedb4921f88eff51eb1a744f127

SHA1
bb89873399583601fff40d85bb8c6b469d02ac7e

SHA256
ad137d6f7ceb8030465a314639716f9fb0ee61a005effcf7bb54f3e4f00ee8d1

SHA512
5c4776b1a0d06ff2b50b4f35630e39c9b81a11e0dc8329cd91071d58999e1ea20061ccdee76773a4dedb2586a14cbd03b726677eaf43a6d7359ad53466029c3b

Download Submit
C:\Windows\System\vjbsyKG.exe

Filesize
1.8MB

MD5
0204e0769ab9b1fdd91f3444cbf579c6

SHA1
cbfdfe733d558e25b93688404733b3e24482baa1

SHA256
b1d5206de59a91456f1b5590c2bcaf81f1b1ee79ae9c3e872c9752c861a29e8d

SHA512
cccf9a8b8bfbf422f7ec4b49a9ede83bffad4d7253cd94c12f759d576511211c7421bcdbb571ae62ad69f833cd77ffa82861ba406ccb7a6a6ff48ca1762ea250

Download Submit
C:\Windows\System\vzsEGFx.exe

Filesize
1.8MB

MD5
c113514234ff9dbf66cb5d44e37389fa

SHA1
e8fd850b573ada85c2f22a8afd1c942c801e511d

SHA256
2a9e48353d85d688a9a5e3b9ed5e7a678949e469cf63955465ab06287b0a7a43

SHA512
a524cb41bc16bc8a89d7b0a897a05034e39ab544bbaef1b3cbf7a60b3222b452673d6ade1d294c75cdd4be304b1886f3a7a3e5cc732a4a83dbb499c76eb7fba4

Download Submit
memory/2416-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download