kpot | 4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
Size

1.7MB
MD5

af8c4931a5de02ab6b4968360e81d5e1
SHA1

fc04f22a43e6b8fa24578f644d79f07c66ebdcc1
SHA256

4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c
SHA512

0822dc10e4d19d29ea9c8da28916266bcb861cd936fd9a718e6186804cd4ed3406d2436f727d5d0d88f646b466aad5a12767befa89a0164886f94b692a59b84c
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FatZ:GemTLkNdfE0pZaQx

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000900000002345b-3.dat	family_kpot
behavioral2/files/0x00080000000234ba-9.dat	family_kpot
behavioral2/files/0x00070000000234bb-7.dat	family_kpot
behavioral2/files/0x00070000000234d9-162.dat	family_kpot
behavioral2/files/0x00070000000234d7-160.dat	family_kpot
behavioral2/files/0x00070000000234d8-157.dat	family_kpot
behavioral2/files/0x00070000000234d6-155.dat	family_kpot
behavioral2/files/0x00070000000234d5-150.dat	family_kpot
behavioral2/files/0x00070000000234d4-145.dat	family_kpot
behavioral2/files/0x00070000000234d3-140.dat	family_kpot
behavioral2/files/0x00070000000234d2-132.dat	family_kpot
behavioral2/files/0x00070000000234d1-127.dat	family_kpot
behavioral2/files/0x00070000000234d0-123.dat	family_kpot
behavioral2/files/0x00070000000234cf-117.dat	family_kpot
behavioral2/files/0x00070000000234ce-113.dat	family_kpot
behavioral2/files/0x00070000000234cd-107.dat	family_kpot
behavioral2/files/0x00070000000234cc-103.dat	family_kpot
behavioral2/files/0x00070000000234cb-97.dat	family_kpot
behavioral2/files/0x00070000000234ca-93.dat	family_kpot
behavioral2/files/0x00070000000234c9-87.dat	family_kpot
behavioral2/files/0x00070000000234c8-83.dat	family_kpot
behavioral2/files/0x00070000000234c7-77.dat	family_kpot
behavioral2/files/0x00070000000234c6-73.dat	family_kpot
behavioral2/files/0x00070000000234c5-67.dat	family_kpot
behavioral2/files/0x00070000000234c4-63.dat	family_kpot
behavioral2/files/0x00070000000234c3-57.dat	family_kpot
behavioral2/files/0x00070000000234c2-53.dat	family_kpot
behavioral2/files/0x00070000000234c1-47.dat	family_kpot
behavioral2/files/0x00070000000234c0-43.dat	family_kpot
behavioral2/files/0x00070000000234bf-35.dat	family_kpot
behavioral2/files/0x00070000000234be-30.dat	family_kpot
behavioral2/files/0x00070000000234bd-24.dat	family_kpot
behavioral2/files/0x00070000000234bc-20.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000900000002345b-3.dat	xmrig
behavioral2/files/0x00080000000234ba-9.dat	xmrig
behavioral2/files/0x00070000000234bb-7.dat	xmrig
behavioral2/files/0x00070000000234d9-162.dat	xmrig
behavioral2/files/0x00070000000234d7-160.dat	xmrig
behavioral2/files/0x00070000000234d8-157.dat	xmrig
behavioral2/files/0x00070000000234d6-155.dat	xmrig
behavioral2/files/0x00070000000234d5-150.dat	xmrig
behavioral2/files/0x00070000000234d4-145.dat	xmrig
behavioral2/files/0x00070000000234d3-140.dat	xmrig
behavioral2/files/0x00070000000234d2-132.dat	xmrig
behavioral2/files/0x00070000000234d1-127.dat	xmrig
behavioral2/files/0x00070000000234d0-123.dat	xmrig
behavioral2/files/0x00070000000234cf-117.dat	xmrig
behavioral2/files/0x00070000000234ce-113.dat	xmrig
behavioral2/files/0x00070000000234cd-107.dat	xmrig
behavioral2/files/0x00070000000234cc-103.dat	xmrig
behavioral2/files/0x00070000000234cb-97.dat	xmrig
behavioral2/files/0x00070000000234ca-93.dat	xmrig
behavioral2/files/0x00070000000234c9-87.dat	xmrig
behavioral2/files/0x00070000000234c8-83.dat	xmrig
behavioral2/files/0x00070000000234c7-77.dat	xmrig
behavioral2/files/0x00070000000234c6-73.dat	xmrig
behavioral2/files/0x00070000000234c5-67.dat	xmrig
behavioral2/files/0x00070000000234c4-63.dat	xmrig
behavioral2/files/0x00070000000234c3-57.dat	xmrig
behavioral2/files/0x00070000000234c2-53.dat	xmrig
behavioral2/files/0x00070000000234c1-47.dat	xmrig
behavioral2/files/0x00070000000234c0-43.dat	xmrig
behavioral2/files/0x00070000000234bf-35.dat	xmrig
behavioral2/files/0x00070000000234be-30.dat	xmrig
behavioral2/files/0x00070000000234bd-24.dat	xmrig
behavioral2/files/0x00070000000234bc-20.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2888	cmSvxuG.exe
1204	GoissYu.exe
3076	YlcHZRv.exe
4724	kOoaYqh.exe
2084	uqbIKie.exe
1360	zhasjqk.exe
4360	PpWauTX.exe
5088	HXKeGdI.exe
4748	NSGADJa.exe
5032	JlzHyqJ.exe
1964	WzRSInM.exe
4584	IpJWjMP.exe
3248	VhCgJiW.exe
4484	MLEyWfx.exe
4656	ruRWPjj.exe
2484	fcypLCO.exe
2716	kdegzAX.exe
464	ysawhds.exe
1592	BKRoyPE.exe
4448	DwyNLYV.exe
3724	OryYPCB.exe
3260	pZXntZt.exe
4368	FVcdzrj.exe
4012	OoahEPT.exe
228	UYaVesE.exe
4672	KgERQUV.exe
3976	mjWTxMw.exe
1716	Vzcrtxz.exe
3416	BcZfjbu.exe
4056	twSFRUh.exe
4436	DNUrgzE.exe
2768	hfxFyPJ.exe
3384	YfFjYyE.exe
1432	BKZkxbS.exe
2064	wNRqudI.exe
2868	BbKgkoG.exe
3352	IulkSwS.exe
1644	jLiTBGx.exe
4660	pLiwdKN.exe
5024	qvGzUdQ.exe
1776	UhsxatF.exe
3508	IbfrqMm.exe
1532	lLgjizL.exe
3232	XQwLuRD.exe
2760	YipSxfv.exe
4744	zMfYThH.exe
4180	OwGccLg.exe
5004	WQtNMaZ.exe
5048	tKoiZCw.exe
5044	ciPwhNa.exe
2196	gYKvcJo.exe
2428	pPVRHjy.exe
2364	OJXBOaf.exe
1884	SfigZel.exe
2020	QCIwRNw.exe
3368	twkurjV.exe
4308	PTyQGlc.exe
4560	fPdpBIL.exe
4624	eIetKBv.exe
4996	EbRmVfv.exe
3660	uQjCjVU.exe
2624	hABvVxW.exe
1580	jTteInV.exe
2388	XyOLaRZ.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PpWauTX.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\QCIwRNw.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\wniOrCE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\HnBSQEY.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\fTXQhpF.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\AeXDgLX.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\DzWxKwM.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\JtueKFE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\BKRoyPE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\gZxLyRN.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\kGWHFvq.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\bDooEwA.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\RSYMwJI.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\GCWwJPC.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\JQGFOKt.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\VPSEbPc.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\ysawhds.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\wNRqudI.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\jHBMCKK.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\VGHhgFx.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\CqjSYCC.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\pKpVQBJ.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\yrJhNku.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\kdLrZhA.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\rRZfRvO.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\yNHFzsE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\MYSlfyl.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\CXFDzBs.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\crFSUrn.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\qeNVdbu.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\WzRSInM.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\pLiwdKN.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\yqjfcGG.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\aTDKNOs.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\gYKvcJo.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\RxpbQNC.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\bFocsRv.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\fyyTygA.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\ciPwhNa.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\PTyQGlc.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\PXfXumJ.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\faGsHhD.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\BVtSdjf.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\cZwekvz.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\EATLAJZ.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\MLEyWfx.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\OoahEPT.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\jCDrPrZ.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\dKGIymD.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\vYPlsYO.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\fPtzDoA.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\vEulKLv.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\kinCuVX.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\jLiTBGx.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\aFYajpV.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\UupikTE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\zMfYThH.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\RVjQslz.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\kxAVxuc.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\achWbds.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\NHpFtCE.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\ogGyLti.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\MOcKCII.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
File created	C:\Windows\System\JcIHhjO.exe	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
Token: SeLockMemoryPrivilege	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 2888	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	83
PID 3732 wrote to memory of 2888	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	83
PID 3732 wrote to memory of 1204	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	84
PID 3732 wrote to memory of 1204	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	84
PID 3732 wrote to memory of 3076	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	85
PID 3732 wrote to memory of 3076	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	85
PID 3732 wrote to memory of 4724	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	86
PID 3732 wrote to memory of 4724	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	86
PID 3732 wrote to memory of 2084	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	88
PID 3732 wrote to memory of 2084	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	88
PID 3732 wrote to memory of 1360	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	89
PID 3732 wrote to memory of 1360	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	89
PID 3732 wrote to memory of 4360	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	90
PID 3732 wrote to memory of 4360	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	90
PID 3732 wrote to memory of 5088	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	91
PID 3732 wrote to memory of 5088	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	91
PID 3732 wrote to memory of 4748	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	92
PID 3732 wrote to memory of 4748	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	92
PID 3732 wrote to memory of 5032	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	93
PID 3732 wrote to memory of 5032	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	93
PID 3732 wrote to memory of 1964	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	94
PID 3732 wrote to memory of 1964	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	94
PID 3732 wrote to memory of 4584	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	95
PID 3732 wrote to memory of 4584	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	95
PID 3732 wrote to memory of 3248	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	96
PID 3732 wrote to memory of 3248	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	96
PID 3732 wrote to memory of 4484	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	97
PID 3732 wrote to memory of 4484	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	97
PID 3732 wrote to memory of 4656	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	98
PID 3732 wrote to memory of 4656	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	98
PID 3732 wrote to memory of 2484	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	99
PID 3732 wrote to memory of 2484	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	99
PID 3732 wrote to memory of 2716	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	100
PID 3732 wrote to memory of 2716	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	100
PID 3732 wrote to memory of 464	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	101
PID 3732 wrote to memory of 464	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	101
PID 3732 wrote to memory of 1592	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	102
PID 3732 wrote to memory of 1592	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	102
PID 3732 wrote to memory of 4448	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	103
PID 3732 wrote to memory of 4448	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	103
PID 3732 wrote to memory of 3724	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	104
PID 3732 wrote to memory of 3724	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	104
PID 3732 wrote to memory of 3260	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	105
PID 3732 wrote to memory of 3260	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	105
PID 3732 wrote to memory of 4368	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	106
PID 3732 wrote to memory of 4368	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	106
PID 3732 wrote to memory of 4012	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	107
PID 3732 wrote to memory of 4012	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	107
PID 3732 wrote to memory of 228	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	108
PID 3732 wrote to memory of 228	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	108
PID 3732 wrote to memory of 4672	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	109
PID 3732 wrote to memory of 4672	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	109
PID 3732 wrote to memory of 3976	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	110
PID 3732 wrote to memory of 3976	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	110
PID 3732 wrote to memory of 1716	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	111
PID 3732 wrote to memory of 1716	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	111
PID 3732 wrote to memory of 3416	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	112
PID 3732 wrote to memory of 3416	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	112
PID 3732 wrote to memory of 4056	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	113
PID 3732 wrote to memory of 4056	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	113
PID 3732 wrote to memory of 4436	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	114
PID 3732 wrote to memory of 4436	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	114
PID 3732 wrote to memory of 2768	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	115
PID 3732 wrote to memory of 2768	3732	4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe	115

C:\Users\Admin\AppData\Local\Temp\4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe
"C:\Users\Admin\AppData\Local\Temp\4522a165f02e936e1d82fcb76a820d04dc166ee77cf27dd63a5b2c35e5c5f40c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\System\cmSvxuG.exe
  C:\Windows\System\cmSvxuG.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\GoissYu.exe
  C:\Windows\System\GoissYu.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\YlcHZRv.exe
  C:\Windows\System\YlcHZRv.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\kOoaYqh.exe
  C:\Windows\System\kOoaYqh.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\uqbIKie.exe
  C:\Windows\System\uqbIKie.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\zhasjqk.exe
  C:\Windows\System\zhasjqk.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\PpWauTX.exe
  C:\Windows\System\PpWauTX.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\HXKeGdI.exe
  C:\Windows\System\HXKeGdI.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\NSGADJa.exe
  C:\Windows\System\NSGADJa.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\JlzHyqJ.exe
  C:\Windows\System\JlzHyqJ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\WzRSInM.exe
  C:\Windows\System\WzRSInM.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\IpJWjMP.exe
  C:\Windows\System\IpJWjMP.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\VhCgJiW.exe
  C:\Windows\System\VhCgJiW.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\MLEyWfx.exe
  C:\Windows\System\MLEyWfx.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\ruRWPjj.exe
  C:\Windows\System\ruRWPjj.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\fcypLCO.exe
  C:\Windows\System\fcypLCO.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\kdegzAX.exe
  C:\Windows\System\kdegzAX.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ysawhds.exe
  C:\Windows\System\ysawhds.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\BKRoyPE.exe
  C:\Windows\System\BKRoyPE.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\DwyNLYV.exe
  C:\Windows\System\DwyNLYV.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\OryYPCB.exe
  C:\Windows\System\OryYPCB.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\pZXntZt.exe
  C:\Windows\System\pZXntZt.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\FVcdzrj.exe
  C:\Windows\System\FVcdzrj.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\OoahEPT.exe
  C:\Windows\System\OoahEPT.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\UYaVesE.exe
  C:\Windows\System\UYaVesE.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\KgERQUV.exe
  C:\Windows\System\KgERQUV.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\mjWTxMw.exe
  C:\Windows\System\mjWTxMw.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\Vzcrtxz.exe
  C:\Windows\System\Vzcrtxz.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\BcZfjbu.exe
  C:\Windows\System\BcZfjbu.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\twSFRUh.exe
  C:\Windows\System\twSFRUh.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\DNUrgzE.exe
  C:\Windows\System\DNUrgzE.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\hfxFyPJ.exe
  C:\Windows\System\hfxFyPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\YfFjYyE.exe
  C:\Windows\System\YfFjYyE.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\BKZkxbS.exe
  C:\Windows\System\BKZkxbS.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\wNRqudI.exe
  C:\Windows\System\wNRqudI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\BbKgkoG.exe
  C:\Windows\System\BbKgkoG.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\IulkSwS.exe
  C:\Windows\System\IulkSwS.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\jLiTBGx.exe
  C:\Windows\System\jLiTBGx.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\pLiwdKN.exe
  C:\Windows\System\pLiwdKN.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\qvGzUdQ.exe
  C:\Windows\System\qvGzUdQ.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\UhsxatF.exe
  C:\Windows\System\UhsxatF.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\IbfrqMm.exe
  C:\Windows\System\IbfrqMm.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\lLgjizL.exe
  C:\Windows\System\lLgjizL.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\XQwLuRD.exe
  C:\Windows\System\XQwLuRD.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\YipSxfv.exe
  C:\Windows\System\YipSxfv.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\zMfYThH.exe
  C:\Windows\System\zMfYThH.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\OwGccLg.exe
  C:\Windows\System\OwGccLg.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\WQtNMaZ.exe
  C:\Windows\System\WQtNMaZ.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\tKoiZCw.exe
  C:\Windows\System\tKoiZCw.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\ciPwhNa.exe
  C:\Windows\System\ciPwhNa.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\gYKvcJo.exe
  C:\Windows\System\gYKvcJo.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\pPVRHjy.exe
  C:\Windows\System\pPVRHjy.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\OJXBOaf.exe
  C:\Windows\System\OJXBOaf.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\SfigZel.exe
  C:\Windows\System\SfigZel.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\QCIwRNw.exe
  C:\Windows\System\QCIwRNw.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\twkurjV.exe
  C:\Windows\System\twkurjV.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\PTyQGlc.exe
  C:\Windows\System\PTyQGlc.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\fPdpBIL.exe
  C:\Windows\System\fPdpBIL.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\eIetKBv.exe
  C:\Windows\System\eIetKBv.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\EbRmVfv.exe
  C:\Windows\System\EbRmVfv.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\uQjCjVU.exe
  C:\Windows\System\uQjCjVU.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\hABvVxW.exe
  C:\Windows\System\hABvVxW.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\jTteInV.exe
  C:\Windows\System\jTteInV.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\XyOLaRZ.exe
  C:\Windows\System\XyOLaRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\kdLrZhA.exe
  C:\Windows\System\kdLrZhA.exe
  2⤵
  PID:1920
- C:\Windows\System\DHtIOZn.exe
  C:\Windows\System\DHtIOZn.exe
  2⤵
  PID:324
- C:\Windows\System\ercRQQO.exe
  C:\Windows\System\ercRQQO.exe
  2⤵
  PID:2560
- C:\Windows\System\AvAmaMK.exe
  C:\Windows\System\AvAmaMK.exe
  2⤵
  PID:4404
- C:\Windows\System\fUVbaaK.exe
  C:\Windows\System\fUVbaaK.exe
  2⤵
  PID:3852
- C:\Windows\System\mSRHYFg.exe
  C:\Windows\System\mSRHYFg.exe
  2⤵
  PID:4536
- C:\Windows\System\likBpRt.exe
  C:\Windows\System\likBpRt.exe
  2⤵
  PID:1696
- C:\Windows\System\evCTVRn.exe
  C:\Windows\System\evCTVRn.exe
  2⤵
  PID:4272
- C:\Windows\System\RVjQslz.exe
  C:\Windows\System\RVjQslz.exe
  2⤵
  PID:2772
- C:\Windows\System\bwierrt.exe
  C:\Windows\System\bwierrt.exe
  2⤵
  PID:824
- C:\Windows\System\wAErgwy.exe
  C:\Windows\System\wAErgwy.exe
  2⤵
  PID:4296
- C:\Windows\System\kAmcKsv.exe
  C:\Windows\System\kAmcKsv.exe
  2⤵
  PID:2440
- C:\Windows\System\RMGCGHw.exe
  C:\Windows\System\RMGCGHw.exe
  2⤵
  PID:4980
- C:\Windows\System\yUCYnFQ.exe
  C:\Windows\System\yUCYnFQ.exe
  2⤵
  PID:4036
- C:\Windows\System\rRZfRvO.exe
  C:\Windows\System\rRZfRvO.exe
  2⤵
  PID:4472
- C:\Windows\System\RHHjiiG.exe
  C:\Windows\System\RHHjiiG.exe
  2⤵
  PID:2200
- C:\Windows\System\gyHKmzl.exe
  C:\Windows\System\gyHKmzl.exe
  2⤵
  PID:3212
- C:\Windows\System\qFwfEBv.exe
  C:\Windows\System\qFwfEBv.exe
  2⤵
  PID:1664
- C:\Windows\System\nqfSsQT.exe
  C:\Windows\System\nqfSsQT.exe
  2⤵
  PID:408
- C:\Windows\System\JVFFibL.exe
  C:\Windows\System\JVFFibL.exe
  2⤵
  PID:1128
- C:\Windows\System\RHHEbpW.exe
  C:\Windows\System\RHHEbpW.exe
  2⤵
  PID:2124
- C:\Windows\System\YJbwJHh.exe
  C:\Windows\System\YJbwJHh.exe
  2⤵
  PID:3972
- C:\Windows\System\gZxLyRN.exe
  C:\Windows\System\gZxLyRN.exe
  2⤵
  PID:4900
- C:\Windows\System\NHpFtCE.exe
  C:\Windows\System\NHpFtCE.exe
  2⤵
  PID:3016
- C:\Windows\System\ZSkfzza.exe
  C:\Windows\System\ZSkfzza.exe
  2⤵
  PID:2764
- C:\Windows\System\BPPCKiR.exe
  C:\Windows\System\BPPCKiR.exe
  2⤵
  PID:1440
- C:\Windows\System\UcasIhx.exe
  C:\Windows\System\UcasIhx.exe
  2⤵
  PID:3104
- C:\Windows\System\zleHEQr.exe
  C:\Windows\System\zleHEQr.exe
  2⤵
  PID:2508
- C:\Windows\System\jddPtwd.exe
  C:\Windows\System\jddPtwd.exe
  2⤵
  PID:3960
- C:\Windows\System\oceKKWo.exe
  C:\Windows\System\oceKKWo.exe
  2⤵
  PID:4568
- C:\Windows\System\bSNadSz.exe
  C:\Windows\System\bSNadSz.exe
  2⤵
  PID:5148
- C:\Windows\System\ytYpxtx.exe
  C:\Windows\System\ytYpxtx.exe
  2⤵
  PID:5176
- C:\Windows\System\DoFIcei.exe
  C:\Windows\System\DoFIcei.exe
  2⤵
  PID:5204
- C:\Windows\System\aFYajpV.exe
  C:\Windows\System\aFYajpV.exe
  2⤵
  PID:5232
- C:\Windows\System\RYZWatZ.exe
  C:\Windows\System\RYZWatZ.exe
  2⤵
  PID:5260
- C:\Windows\System\wniOrCE.exe
  C:\Windows\System\wniOrCE.exe
  2⤵
  PID:5288
- C:\Windows\System\WyGDtuu.exe
  C:\Windows\System\WyGDtuu.exe
  2⤵
  PID:5316
- C:\Windows\System\kDpwSlq.exe
  C:\Windows\System\kDpwSlq.exe
  2⤵
  PID:5344
- C:\Windows\System\YhCietu.exe
  C:\Windows\System\YhCietu.exe
  2⤵
  PID:5372
- C:\Windows\System\KzbngOB.exe
  C:\Windows\System\KzbngOB.exe
  2⤵
  PID:5400
- C:\Windows\System\VoXlVPV.exe
  C:\Windows\System\VoXlVPV.exe
  2⤵
  PID:5428
- C:\Windows\System\REQqJoa.exe
  C:\Windows\System\REQqJoa.exe
  2⤵
  PID:5456
- C:\Windows\System\dRScyuI.exe
  C:\Windows\System\dRScyuI.exe
  2⤵
  PID:5488
- C:\Windows\System\oMSkjzJ.exe
  C:\Windows\System\oMSkjzJ.exe
  2⤵
  PID:5512
- C:\Windows\System\ogGyLti.exe
  C:\Windows\System\ogGyLti.exe
  2⤵
  PID:5540
- C:\Windows\System\yNHFzsE.exe
  C:\Windows\System\yNHFzsE.exe
  2⤵
  PID:5568
- C:\Windows\System\FJyuCbF.exe
  C:\Windows\System\FJyuCbF.exe
  2⤵
  PID:5592
- C:\Windows\System\KWIYedY.exe
  C:\Windows\System\KWIYedY.exe
  2⤵
  PID:5624
- C:\Windows\System\ZKZFrwa.exe
  C:\Windows\System\ZKZFrwa.exe
  2⤵
  PID:5652
- C:\Windows\System\sAWpZWj.exe
  C:\Windows\System\sAWpZWj.exe
  2⤵
  PID:5680
- C:\Windows\System\vLEgPSp.exe
  C:\Windows\System\vLEgPSp.exe
  2⤵
  PID:5708
- C:\Windows\System\PXfXumJ.exe
  C:\Windows\System\PXfXumJ.exe
  2⤵
  PID:5736
- C:\Windows\System\evGJVzM.exe
  C:\Windows\System\evGJVzM.exe
  2⤵
  PID:5764
- C:\Windows\System\kGWHFvq.exe
  C:\Windows\System\kGWHFvq.exe
  2⤵
  PID:5792
- C:\Windows\System\dzydCpJ.exe
  C:\Windows\System\dzydCpJ.exe
  2⤵
  PID:5820
- C:\Windows\System\bDooEwA.exe
  C:\Windows\System\bDooEwA.exe
  2⤵
  PID:5848
- C:\Windows\System\OBiCZyl.exe
  C:\Windows\System\OBiCZyl.exe
  2⤵
  PID:5876
- C:\Windows\System\zUWbPdK.exe
  C:\Windows\System\zUWbPdK.exe
  2⤵
  PID:5904
- C:\Windows\System\KKspQxz.exe
  C:\Windows\System\KKspQxz.exe
  2⤵
  PID:5932
- C:\Windows\System\ylwdCxS.exe
  C:\Windows\System\ylwdCxS.exe
  2⤵
  PID:5960
- C:\Windows\System\dCjTOCt.exe
  C:\Windows\System\dCjTOCt.exe
  2⤵
  PID:5988
- C:\Windows\System\qhfLgEo.exe
  C:\Windows\System\qhfLgEo.exe
  2⤵
  PID:6016
- C:\Windows\System\nHymRKw.exe
  C:\Windows\System\nHymRKw.exe
  2⤵
  PID:6044
- C:\Windows\System\FlADFCt.exe
  C:\Windows\System\FlADFCt.exe
  2⤵
  PID:6072
- C:\Windows\System\CdLGZsH.exe
  C:\Windows\System\CdLGZsH.exe
  2⤵
  PID:6100
- C:\Windows\System\gZlaWfA.exe
  C:\Windows\System\gZlaWfA.exe
  2⤵
  PID:6128
- C:\Windows\System\LKxoINh.exe
  C:\Windows\System\LKxoINh.exe
  2⤵
  PID:1340
- C:\Windows\System\zZAJJuE.exe
  C:\Windows\System\zZAJJuE.exe
  2⤵
  PID:2968
- C:\Windows\System\HFVLrIa.exe
  C:\Windows\System\HFVLrIa.exe
  2⤵
  PID:4812
- C:\Windows\System\zVoZamy.exe
  C:\Windows\System\zVoZamy.exe
  2⤵
  PID:4708
- C:\Windows\System\RQmjAHR.exe
  C:\Windows\System\RQmjAHR.exe
  2⤵
  PID:912
- C:\Windows\System\ROXZWTi.exe
  C:\Windows\System\ROXZWTi.exe
  2⤵
  PID:768
- C:\Windows\System\rxHLVgG.exe
  C:\Windows\System\rxHLVgG.exe
  2⤵
  PID:2788
- C:\Windows\System\FHBBtZM.exe
  C:\Windows\System\FHBBtZM.exe
  2⤵
  PID:5196
- C:\Windows\System\HUNBziq.exe
  C:\Windows\System\HUNBziq.exe
  2⤵
  PID:5252
- C:\Windows\System\GQxEpLx.exe
  C:\Windows\System\GQxEpLx.exe
  2⤵
  PID:5328
- C:\Windows\System\RSYMwJI.exe
  C:\Windows\System\RSYMwJI.exe
  2⤵
  PID:5388
- C:\Windows\System\yasglus.exe
  C:\Windows\System\yasglus.exe
  2⤵
  PID:5448
- C:\Windows\System\NpJnjnj.exe
  C:\Windows\System\NpJnjnj.exe
  2⤵
  PID:5528
- C:\Windows\System\fPtzDoA.exe
  C:\Windows\System\fPtzDoA.exe
  2⤵
  PID:5588
- C:\Windows\System\fBsSxRj.exe
  C:\Windows\System\fBsSxRj.exe
  2⤵
  PID:5640
- C:\Windows\System\uvfSVHe.exe
  C:\Windows\System\uvfSVHe.exe
  2⤵
  PID:5700
- C:\Windows\System\KFdxJeh.exe
  C:\Windows\System\KFdxJeh.exe
  2⤵
  PID:5756
- C:\Windows\System\GAvnGSz.exe
  C:\Windows\System\GAvnGSz.exe
  2⤵
  PID:5832
- C:\Windows\System\DCttBRD.exe
  C:\Windows\System\DCttBRD.exe
  2⤵
  PID:5888
- C:\Windows\System\GCWwJPC.exe
  C:\Windows\System\GCWwJPC.exe
  2⤵
  PID:5924
- C:\Windows\System\SDYkBvN.exe
  C:\Windows\System\SDYkBvN.exe
  2⤵
  PID:6000
- C:\Windows\System\TJSNQfY.exe
  C:\Windows\System\TJSNQfY.exe
  2⤵
  PID:6060
- C:\Windows\System\hVCVweZ.exe
  C:\Windows\System\hVCVweZ.exe
  2⤵
  PID:6120
- C:\Windows\System\faGsHhD.exe
  C:\Windows\System\faGsHhD.exe
  2⤵
  PID:2112
- C:\Windows\System\rsalaUQ.exe
  C:\Windows\System\rsalaUQ.exe
  2⤵
  PID:4612
- C:\Windows\System\esXKEsM.exe
  C:\Windows\System\esXKEsM.exe
  2⤵
  PID:5160
- C:\Windows\System\LKKTZGX.exe
  C:\Windows\System\LKKTZGX.exe
  2⤵
  PID:5304
- C:\Windows\System\ZpelfXV.exe
  C:\Windows\System\ZpelfXV.exe
  2⤵
  PID:5444
- C:\Windows\System\aReXbdL.exe
  C:\Windows\System\aReXbdL.exe
  2⤵
  PID:5556
- C:\Windows\System\SeNyXFM.exe
  C:\Windows\System\SeNyXFM.exe
  2⤵
  PID:5692
- C:\Windows\System\AvVAQdy.exe
  C:\Windows\System\AvVAQdy.exe
  2⤵
  PID:5808
- C:\Windows\System\HnBSQEY.exe
  C:\Windows\System\HnBSQEY.exe
  2⤵
  PID:4736
- C:\Windows\System\jCDrPrZ.exe
  C:\Windows\System\jCDrPrZ.exe
  2⤵
  PID:6036
- C:\Windows\System\BVtSdjf.exe
  C:\Windows\System\BVtSdjf.exe
  2⤵
  PID:6168
- C:\Windows\System\pWYXxjV.exe
  C:\Windows\System\pWYXxjV.exe
  2⤵
  PID:6196
- C:\Windows\System\shjzzuY.exe
  C:\Windows\System\shjzzuY.exe
  2⤵
  PID:6224
- C:\Windows\System\JUNvLxI.exe
  C:\Windows\System\JUNvLxI.exe
  2⤵
  PID:6252
- C:\Windows\System\ZuETnkZ.exe
  C:\Windows\System\ZuETnkZ.exe
  2⤵
  PID:6284
- C:\Windows\System\FJsaEsC.exe
  C:\Windows\System\FJsaEsC.exe
  2⤵
  PID:6316
- C:\Windows\System\JQGFOKt.exe
  C:\Windows\System\JQGFOKt.exe
  2⤵
  PID:6344
- C:\Windows\System\NzluQsg.exe
  C:\Windows\System\NzluQsg.exe
  2⤵
  PID:6372
- C:\Windows\System\GJCPFkt.exe
  C:\Windows\System\GJCPFkt.exe
  2⤵
  PID:6400
- C:\Windows\System\MOcKCII.exe
  C:\Windows\System\MOcKCII.exe
  2⤵
  PID:6428
- C:\Windows\System\vEulKLv.exe
  C:\Windows\System\vEulKLv.exe
  2⤵
  PID:6456
- C:\Windows\System\nFVqsjy.exe
  C:\Windows\System\nFVqsjy.exe
  2⤵
  PID:6484
- C:\Windows\System\jHBMCKK.exe
  C:\Windows\System\jHBMCKK.exe
  2⤵
  PID:6512
- C:\Windows\System\PHlDyaN.exe
  C:\Windows\System\PHlDyaN.exe
  2⤵
  PID:6540
- C:\Windows\System\gBmDXIP.exe
  C:\Windows\System\gBmDXIP.exe
  2⤵
  PID:6560
- C:\Windows\System\VGHhgFx.exe
  C:\Windows\System\VGHhgFx.exe
  2⤵
  PID:6588
- C:\Windows\System\jFpDqJx.exe
  C:\Windows\System\jFpDqJx.exe
  2⤵
  PID:6616
- C:\Windows\System\PoaWnmf.exe
  C:\Windows\System\PoaWnmf.exe
  2⤵
  PID:6644
- C:\Windows\System\puAgiAH.exe
  C:\Windows\System\puAgiAH.exe
  2⤵
  PID:6672
- C:\Windows\System\jaDFTMw.exe
  C:\Windows\System\jaDFTMw.exe
  2⤵
  PID:6700
- C:\Windows\System\RxpbQNC.exe
  C:\Windows\System\RxpbQNC.exe
  2⤵
  PID:6728
- C:\Windows\System\fCFDELG.exe
  C:\Windows\System\fCFDELG.exe
  2⤵
  PID:6760
- C:\Windows\System\MMkWDSj.exe
  C:\Windows\System\MMkWDSj.exe
  2⤵
  PID:6788
- C:\Windows\System\iErbsPX.exe
  C:\Windows\System\iErbsPX.exe
  2⤵
  PID:6816
- C:\Windows\System\yqjfcGG.exe
  C:\Windows\System\yqjfcGG.exe
  2⤵
  PID:6844
- C:\Windows\System\MrJmzxF.exe
  C:\Windows\System\MrJmzxF.exe
  2⤵
  PID:6872
- C:\Windows\System\kPLyMjX.exe
  C:\Windows\System\kPLyMjX.exe
  2⤵
  PID:6900
- C:\Windows\System\tEqtKJF.exe
  C:\Windows\System\tEqtKJF.exe
  2⤵
  PID:6928
- C:\Windows\System\HYvgNhk.exe
  C:\Windows\System\HYvgNhk.exe
  2⤵
  PID:6956
- C:\Windows\System\eDSYFTb.exe
  C:\Windows\System\eDSYFTb.exe
  2⤵
  PID:6984
- C:\Windows\System\VPSEbPc.exe
  C:\Windows\System\VPSEbPc.exe
  2⤵
  PID:7012
- C:\Windows\System\JQwPnPb.exe
  C:\Windows\System\JQwPnPb.exe
  2⤵
  PID:7040
- C:\Windows\System\TuOzULs.exe
  C:\Windows\System\TuOzULs.exe
  2⤵
  PID:7068
- C:\Windows\System\nvRHPLE.exe
  C:\Windows\System\nvRHPLE.exe
  2⤵
  PID:7096
- C:\Windows\System\eOhKbAd.exe
  C:\Windows\System\eOhKbAd.exe
  2⤵
  PID:7124
- C:\Windows\System\zgnPrQR.exe
  C:\Windows\System\zgnPrQR.exe
  2⤵
  PID:3600
- C:\Windows\System\dKGIymD.exe
  C:\Windows\System\dKGIymD.exe
  2⤵
  PID:5248
- C:\Windows\System\nHGQiHV.exe
  C:\Windows\System\nHGQiHV.exe
  2⤵
  PID:5868
- C:\Windows\System\sVGoBif.exe
  C:\Windows\System\sVGoBif.exe
  2⤵
  PID:6156
- C:\Windows\System\doOEAvi.exe
  C:\Windows\System\doOEAvi.exe
  2⤵
  PID:6212
- C:\Windows\System\uyvfNmD.exe
  C:\Windows\System\uyvfNmD.exe
  2⤵
  PID:5076
- C:\Windows\System\FoOqVWU.exe
  C:\Windows\System\FoOqVWU.exe
  2⤵
  PID:6332
- C:\Windows\System\INBoiDp.exe
  C:\Windows\System\INBoiDp.exe
  2⤵
  PID:6392
- C:\Windows\System\tzAxWjd.exe
  C:\Windows\System\tzAxWjd.exe
  2⤵
  PID:6424
- C:\Windows\System\FZsfTfW.exe
  C:\Windows\System\FZsfTfW.exe
  2⤵
  PID:6472
- C:\Windows\System\cZwekvz.exe
  C:\Windows\System\cZwekvz.exe
  2⤵
  PID:6528
- C:\Windows\System\qcgPcWn.exe
  C:\Windows\System\qcgPcWn.exe
  2⤵
  PID:4456
- C:\Windows\System\ksVQbNz.exe
  C:\Windows\System\ksVQbNz.exe
  2⤵
  PID:6628
- C:\Windows\System\xhRMmsf.exe
  C:\Windows\System\xhRMmsf.exe
  2⤵
  PID:6688
- C:\Windows\System\dJkyVjm.exe
  C:\Windows\System\dJkyVjm.exe
  2⤵
  PID:6744
- C:\Windows\System\xtYKWwI.exe
  C:\Windows\System\xtYKWwI.exe
  2⤵
  PID:6772
- C:\Windows\System\eOOzgoC.exe
  C:\Windows\System\eOOzgoC.exe
  2⤵
  PID:6808
- C:\Windows\System\aTDKNOs.exe
  C:\Windows\System\aTDKNOs.exe
  2⤵
  PID:952
- C:\Windows\System\fTXQhpF.exe
  C:\Windows\System\fTXQhpF.exe
  2⤵
  PID:764
- C:\Windows\System\BgjLiKc.exe
  C:\Windows\System\BgjLiKc.exe
  2⤵
  PID:4072
- C:\Windows\System\RDQPttT.exe
  C:\Windows\System\RDQPttT.exe
  2⤵
  PID:7004
- C:\Windows\System\XSTHvXD.exe
  C:\Windows\System\XSTHvXD.exe
  2⤵
  PID:2004
- C:\Windows\System\ynkoDhp.exe
  C:\Windows\System\ynkoDhp.exe
  2⤵
  PID:1760
- C:\Windows\System\JcIHhjO.exe
  C:\Windows\System\JcIHhjO.exe
  2⤵
  PID:2552
- C:\Windows\System\rBhXQDh.exe
  C:\Windows\System\rBhXQDh.exe
  2⤵
  PID:7136
- C:\Windows\System\uHyPfff.exe
  C:\Windows\System\uHyPfff.exe
  2⤵
  PID:3300
- C:\Windows\System\cILrcTH.exe
  C:\Windows\System\cILrcTH.exe
  2⤵
  PID:2948
- C:\Windows\System\RFnuLMh.exe
  C:\Windows\System\RFnuLMh.exe
  2⤵
  PID:5364
- C:\Windows\System\MYSlfyl.exe
  C:\Windows\System\MYSlfyl.exe
  2⤵
  PID:4088
- C:\Windows\System\ZsHFsRD.exe
  C:\Windows\System\ZsHFsRD.exe
  2⤵
  PID:6308
- C:\Windows\System\bFocsRv.exe
  C:\Windows\System\bFocsRv.exe
  2⤵
  PID:6536
- C:\Windows\System\agURpEg.exe
  C:\Windows\System\agURpEg.exe
  2⤵
  PID:6572
- C:\Windows\System\klrDosb.exe
  C:\Windows\System\klrDosb.exe
  2⤵
  PID:6716
- C:\Windows\System\BVfoncs.exe
  C:\Windows\System\BVfoncs.exe
  2⤵
  PID:1536
- C:\Windows\System\CXFDzBs.exe
  C:\Windows\System\CXFDzBs.exe
  2⤵
  PID:1892
- C:\Windows\System\pABFmFv.exe
  C:\Windows\System\pABFmFv.exe
  2⤵
  PID:4696
- C:\Windows\System\qlIFjbw.exe
  C:\Windows\System\qlIFjbw.exe
  2⤵
  PID:1852
- C:\Windows\System\PraJWdW.exe
  C:\Windows\System\PraJWdW.exe
  2⤵
  PID:7112
- C:\Windows\System\EATLAJZ.exe
  C:\Windows\System\EATLAJZ.exe
  2⤵
  PID:5224
- C:\Windows\System\SNksmln.exe
  C:\Windows\System\SNksmln.exe
  2⤵
  PID:6368
- C:\Windows\System\iVAebOl.exe
  C:\Windows\System\iVAebOl.exe
  2⤵
  PID:6508
- C:\Windows\System\PvDcFws.exe
  C:\Windows\System\PvDcFws.exe
  2⤵
  PID:6944
- C:\Windows\System\fqgDNDZ.exe
  C:\Windows\System\fqgDNDZ.exe
  2⤵
  PID:7108
- C:\Windows\System\NSnxYcW.exe
  C:\Windows\System\NSnxYcW.exe
  2⤵
  PID:2752
- C:\Windows\System\ExrfIyk.exe
  C:\Windows\System\ExrfIyk.exe
  2⤵
  PID:6916
- C:\Windows\System\dsGNSzC.exe
  C:\Windows\System\dsGNSzC.exe
  2⤵
  PID:1944
- C:\Windows\System\bxgMeDy.exe
  C:\Windows\System\bxgMeDy.exe
  2⤵
  PID:7188
- C:\Windows\System\TYSbGwy.exe
  C:\Windows\System\TYSbGwy.exe
  2⤵
  PID:7228
- C:\Windows\System\AeXDgLX.exe
  C:\Windows\System\AeXDgLX.exe
  2⤵
  PID:7256
- C:\Windows\System\sTvKOxH.exe
  C:\Windows\System\sTvKOxH.exe
  2⤵
  PID:7280
- C:\Windows\System\RsoKjgw.exe
  C:\Windows\System\RsoKjgw.exe
  2⤵
  PID:7300
- C:\Windows\System\kxAVxuc.exe
  C:\Windows\System\kxAVxuc.exe
  2⤵
  PID:7336
- C:\Windows\System\nGnNXeZ.exe
  C:\Windows\System\nGnNXeZ.exe
  2⤵
  PID:7356
- C:\Windows\System\RsYYZWb.exe
  C:\Windows\System\RsYYZWb.exe
  2⤵
  PID:7384
- C:\Windows\System\zgrdymE.exe
  C:\Windows\System\zgrdymE.exe
  2⤵
  PID:7424
- C:\Windows\System\lrMjjdD.exe
  C:\Windows\System\lrMjjdD.exe
  2⤵
  PID:7452
- C:\Windows\System\crFSUrn.exe
  C:\Windows\System\crFSUrn.exe
  2⤵
  PID:7468
- C:\Windows\System\CqjSYCC.exe
  C:\Windows\System\CqjSYCC.exe
  2⤵
  PID:7488
- C:\Windows\System\xKwMxlJ.exe
  C:\Windows\System\xKwMxlJ.exe
  2⤵
  PID:7536
- C:\Windows\System\uNBmPwD.exe
  C:\Windows\System\uNBmPwD.exe
  2⤵
  PID:7556
- C:\Windows\System\adbvkbr.exe
  C:\Windows\System\adbvkbr.exe
  2⤵
  PID:7592
- C:\Windows\System\Cjozagk.exe
  C:\Windows\System\Cjozagk.exe
  2⤵
  PID:7620
- C:\Windows\System\MkjQFQK.exe
  C:\Windows\System\MkjQFQK.exe
  2⤵
  PID:7648
- C:\Windows\System\ncOZkdV.exe
  C:\Windows\System\ncOZkdV.exe
  2⤵
  PID:7676
- C:\Windows\System\kinCuVX.exe
  C:\Windows\System\kinCuVX.exe
  2⤵
  PID:7704
- C:\Windows\System\lsRbLbo.exe
  C:\Windows\System\lsRbLbo.exe
  2⤵
  PID:7744
- C:\Windows\System\tCYHXOS.exe
  C:\Windows\System\tCYHXOS.exe
  2⤵
  PID:7772
- C:\Windows\System\qDItIUZ.exe
  C:\Windows\System\qDItIUZ.exe
  2⤵
  PID:7788
- C:\Windows\System\jbQXDMd.exe
  C:\Windows\System\jbQXDMd.exe
  2⤵
  PID:7824
- C:\Windows\System\MNwUVRi.exe
  C:\Windows\System\MNwUVRi.exe
  2⤵
  PID:7880
- C:\Windows\System\SuWZsPr.exe
  C:\Windows\System\SuWZsPr.exe
  2⤵
  PID:7912
- C:\Windows\System\UupikTE.exe
  C:\Windows\System\UupikTE.exe
  2⤵
  PID:7928
- C:\Windows\System\sveBAGU.exe
  C:\Windows\System\sveBAGU.exe
  2⤵
  PID:7956
- C:\Windows\System\EYkzQkX.exe
  C:\Windows\System\EYkzQkX.exe
  2⤵
  PID:7988
- C:\Windows\System\XbPnToD.exe
  C:\Windows\System\XbPnToD.exe
  2⤵
  PID:8012
- C:\Windows\System\bMOHOjo.exe
  C:\Windows\System\bMOHOjo.exe
  2⤵
  PID:8040
- C:\Windows\System\neSgbnT.exe
  C:\Windows\System\neSgbnT.exe
  2⤵
  PID:8068
- C:\Windows\System\SXtsuSB.exe
  C:\Windows\System\SXtsuSB.exe
  2⤵
  PID:8096
- C:\Windows\System\oEoIIOx.exe
  C:\Windows\System\oEoIIOx.exe
  2⤵
  PID:8124
- C:\Windows\System\fyyTygA.exe
  C:\Windows\System\fyyTygA.exe
  2⤵
  PID:8140
- C:\Windows\System\brktzhQ.exe
  C:\Windows\System\brktzhQ.exe
  2⤵
  PID:8168
- C:\Windows\System\IZirkCm.exe
  C:\Windows\System\IZirkCm.exe
  2⤵
  PID:8188
- C:\Windows\System\DFLbPYO.exe
  C:\Windows\System\DFLbPYO.exe
  2⤵
  PID:2688
- C:\Windows\System\YOdzXgM.exe
  C:\Windows\System\YOdzXgM.exe
  2⤵
  PID:7220
- C:\Windows\System\rLOtavV.exe
  C:\Windows\System\rLOtavV.exe
  2⤵
  PID:7288
- C:\Windows\System\PQmvfNb.exe
  C:\Windows\System\PQmvfNb.exe
  2⤵
  PID:7460
- C:\Windows\System\tQXhALC.exe
  C:\Windows\System\tQXhALC.exe
  2⤵
  PID:7524
- C:\Windows\System\Ppqjnwp.exe
  C:\Windows\System\Ppqjnwp.exe
  2⤵
  PID:7588
- C:\Windows\System\uPcBJdv.exe
  C:\Windows\System\uPcBJdv.exe
  2⤵
  PID:7668
- C:\Windows\System\OjhJBeZ.exe
  C:\Windows\System\OjhJBeZ.exe
  2⤵
  PID:7716
- C:\Windows\System\pKpVQBJ.exe
  C:\Windows\System\pKpVQBJ.exe
  2⤵
  PID:7784
- C:\Windows\System\SzxjMLi.exe
  C:\Windows\System\SzxjMLi.exe
  2⤵
  PID:7864
- C:\Windows\System\uxqLBCX.exe
  C:\Windows\System\uxqLBCX.exe
  2⤵
  PID:7920
- C:\Windows\System\achWbds.exe
  C:\Windows\System\achWbds.exe
  2⤵
  PID:8004
- C:\Windows\System\aHMNZhZ.exe
  C:\Windows\System\aHMNZhZ.exe
  2⤵
  PID:8052
- C:\Windows\System\XdIqKRs.exe
  C:\Windows\System\XdIqKRs.exe
  2⤵
  PID:8132
- C:\Windows\System\RzpxVLw.exe
  C:\Windows\System\RzpxVLw.exe
  2⤵
  PID:4228
- C:\Windows\System\wnTqiOv.exe
  C:\Windows\System\wnTqiOv.exe
  2⤵
  PID:7296
- C:\Windows\System\hoZeixb.exe
  C:\Windows\System\hoZeixb.exe
  2⤵
  PID:7404
- C:\Windows\System\esheXmY.exe
  C:\Windows\System\esheXmY.exe
  2⤵
  PID:7616
- C:\Windows\System\qeNVdbu.exe
  C:\Windows\System\qeNVdbu.exe
  2⤵
  PID:7688
- C:\Windows\System\yfhSwJg.exe
  C:\Windows\System\yfhSwJg.exe
  2⤵
  PID:8024
- C:\Windows\System\JKXdQgy.exe
  C:\Windows\System\JKXdQgy.exe
  2⤵
  PID:8108
- C:\Windows\System\DzWxKwM.exe
  C:\Windows\System\DzWxKwM.exe
  2⤵
  PID:7292
- C:\Windows\System\jEdYNpg.exe
  C:\Windows\System\jEdYNpg.exe
  2⤵
  PID:7740
- C:\Windows\System\TrtZpPc.exe
  C:\Windows\System\TrtZpPc.exe
  2⤵
  PID:8060
- C:\Windows\System\wLLOkoq.exe
  C:\Windows\System\wLLOkoq.exe
  2⤵
  PID:7924
- C:\Windows\System\tqlMLeh.exe
  C:\Windows\System\tqlMLeh.exe
  2⤵
  PID:8212
- C:\Windows\System\yrJhNku.exe
  C:\Windows\System\yrJhNku.exe
  2⤵
  PID:8240
- C:\Windows\System\JtueKFE.exe
  C:\Windows\System\JtueKFE.exe
  2⤵
  PID:8268
- C:\Windows\System\ImvWjdQ.exe
  C:\Windows\System\ImvWjdQ.exe
  2⤵
  PID:8296
- C:\Windows\System\gbPOrQe.exe
  C:\Windows\System\gbPOrQe.exe
  2⤵
  PID:8336
- C:\Windows\System\zwmYlCA.exe
  C:\Windows\System\zwmYlCA.exe
  2⤵
  PID:8364
- C:\Windows\System\vEbGuSr.exe
  C:\Windows\System\vEbGuSr.exe
  2⤵
  PID:8388
- C:\Windows\System\qANXjcs.exe
  C:\Windows\System\qANXjcs.exe
  2⤵
  PID:8408
- C:\Windows\System\lYwltvk.exe
  C:\Windows\System\lYwltvk.exe
  2⤵
  PID:8448
- C:\Windows\System\LLdULPC.exe
  C:\Windows\System\LLdULPC.exe
  2⤵
  PID:8480
- C:\Windows\System\iLlvPvB.exe
  C:\Windows\System\iLlvPvB.exe
  2⤵
  PID:8508
- C:\Windows\System\vYPlsYO.exe
  C:\Windows\System\vYPlsYO.exe
  2⤵
  PID:8536
- C:\Windows\System\XUvPHfo.exe
  C:\Windows\System\XUvPHfo.exe
  2⤵
  PID:8568
- C:\Windows\System\CIzBJBK.exe
  C:\Windows\System\CIzBJBK.exe
  2⤵
  PID:8596
- C:\Windows\System\wsEMuof.exe
  C:\Windows\System\wsEMuof.exe
  2⤵
  PID:8624
- C:\Windows\System\hLxmBTL.exe
  C:\Windows\System\hLxmBTL.exe
  2⤵
  PID:8648
- C:\Windows\System\giwlmjF.exe
  C:\Windows\System\giwlmjF.exe
  2⤵
  PID:8668
- C:\Windows\System\YTsQXwn.exe
  C:\Windows\System\YTsQXwn.exe
  2⤵
  PID:8696
- C:\Windows\System\ObBGtJu.exe
  C:\Windows\System\ObBGtJu.exe
  2⤵
  PID:8736
- C:\Windows\System\hIquJzH.exe
  C:\Windows\System\hIquJzH.exe
  2⤵
  PID:8764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BKRoyPE.exe

Filesize
1.7MB

MD5
cb57ee2a6f75688f74bbac04d70e54f7

SHA1
81f7b6767135a4571b6da3eda89b0b205ed2c907

SHA256
46dcf43c63e9c984c652cf924339a527d3c9b8f6d9ebcb8e88cc42137db70b2d

SHA512
f55eba709cd519b1883ed616f8f19f981ba89a95cb686539fd25394fc1da9e4a3f01e84978e64b0335f2caddb5ce8571ebac2226ed2dbd59bee4728b81993b0d

Download Submit
C:\Windows\System\BcZfjbu.exe

Filesize
1.7MB

MD5
9fb7c02a1c471010e6c9d7ca8a867f55

SHA1
2546195643c7f1ebd0ff201025d9f374acccd61e

SHA256
0d09d4e50e88bee105230a13e209ecacf28abfdc727ee8049ae8f67863cf3296

SHA512
95a08b61e70e67d0d577445d89c04470a17ac76858420691ce493de7852b5d79a81e3c57aa25e109129426ca2b8949ad68e656081c319f7f1292c31160ef62b6

Download Submit
C:\Windows\System\DNUrgzE.exe

Filesize
1.7MB

MD5
1c9beb20687b4f9de8e9c509c4d98fb8

SHA1
fe447d21afd02d7488542dab6a0c70aef566152f

SHA256
f5181fe784fc64046edc2bb61fc6470fc19151171303c07c46b5030f9b36a649

SHA512
0887a23d7bdaf02be83538eb73f8fb24b0c333a6e190e43c0f74774f1e7b438890f4343d147a9222190364c9a006629fe32f6060413bb08fec6c0a5218b47e48

Download Submit
C:\Windows\System\DwyNLYV.exe

Filesize
1.7MB

MD5
b8e4fbb0048896239b0117fad5cf1afd

SHA1
21c894898e391dfc24235ef939968028a288e11a

SHA256
207f77b695b14c5392e0e27d538af113a392ef7bc69f3f12ea9062156a83fc36

SHA512
01f470852bd500d59f8a58aeb0932b940981e8ca02f4b23ab6acb1023a98a122b4873e45b3d67f978ac9bb086ed5acef740c4ff2ed4cfaa0adb976a3752683ff

Download Submit
C:\Windows\System\FVcdzrj.exe

Filesize
1.7MB

MD5
fd3ba383f7293f0b4d21b495c7b0ed3e

SHA1
04a5fd24b5d6eb7e914ce931e00f87c46899f288

SHA256
91a4eff635103477d1e01235534bdbdcef872ba30afd3fd933692444e788f506

SHA512
fac14dc464af4d68ada0c7cd55c062818d0a2f093c03bd43565072071770aadb78f0fa0b7f206da03fe065cf45113eced1852b09f94a50ad5441b82a4be8750d

Download Submit
C:\Windows\System\GoissYu.exe

Filesize
1.7MB

MD5
3124528f549fc84343adc504733091c9

SHA1
043e15307b0339fc6b5b86d521ffbef04ad4f141

SHA256
d8d6119c9b434ffd1403d8e9a5340704e3bcf354bfb6cb79524a97aeb439e56c

SHA512
9668315a3478aaeab47cda3c0c83060005479e4e7b297b8754b10537ae4537cc2db0b9b7f252784eb61908ab1d3833aa32b3485a25afb94d7f633990f95dc90e

Download Submit
C:\Windows\System\HXKeGdI.exe

Filesize
1.7MB

MD5
166f1180c81142055a22eaa6de4b8d73

SHA1
78e64cd80a1837f369cdc7985a916a4a49a0d202

SHA256
dacf4b4f5fe3b9b46d145bdb85b5e978e001b76c977400bb3cd8cbcdbbfa39da

SHA512
bee734d66733fff395de395d2699d5ed790513bb9b0b96d9a395b935b943da87e51e7a595b74e8d0cefa0ea9669f5c1dd541a82b6732cb7d6faf0d9ea1ac6f64

Download Submit
C:\Windows\System\IpJWjMP.exe

Filesize
1.7MB

MD5
608ee51c25e88ff6e005313df92e9844

SHA1
4259c51e8239a12530e73b2e69a941559a855867

SHA256
d46fa60fc38dd27934c2e50c2175ece3aa40f1abd87bc2ea9eed3a277aa56d6c

SHA512
13e9e2fa7d0fcddb59dda51ce546b8c4ab429fd5444629106982b3b130a4d9f49a43a014693caaa32f5f923ff6839aff7a2a0be1af05ad4f135a05505d26c8fe

Download Submit
C:\Windows\System\JlzHyqJ.exe

Filesize
1.7MB

MD5
270de62090e2a1064ffcede488cb783e

SHA1
a333c4a854b973bf07cb1a3fdc89bdfc21040c76

SHA256
85c482c8a41e675354430ed543db46cc15b6203ebfea806fb9e1e6af6d8ec00a

SHA512
7533389b277338be8ebd307bea83bd5cfa9a78ee53c99bca525b9d04a5d671d8b7c80b601272008cbd4094d9fccb8e5bdde152d2bc6db61f4c919e1d568f9c1f

Download Submit
C:\Windows\System\KgERQUV.exe

Filesize
1.7MB

MD5
8f0b786b305dbbeabb15efe85c3e32f6

SHA1
5844418c279a224fa9ce6fa01358ea1bdef4c2e5

SHA256
e6ce0f7c1311c81e8ca5ec6099951bc93541e277bf9e12ac2ff6d860f49c373b

SHA512
851b981775dfed77db0d867b2c70ed825d984035cd3c0129d9bb12a06cd20db6f7831863acab37dd0899de44b771c78ce1ee1b0ee6e8e14dd29f192f81fd7025

Download Submit
C:\Windows\System\MLEyWfx.exe

Filesize
1.7MB

MD5
1d32aecc8a9cddaf40523b6bb30b66d3

SHA1
7347bde67334cf326187433dc283f889faa4e686

SHA256
49a9be28e8e159affe9da0780e11a414ac3a6875864c036a7500737997607d05

SHA512
4b4aa0f61aa9bf18fcacf26b24d5d2bbf42d388eb29842b34425908ec512e162c6e574cc2eb6132e639649a258b57d70dccd59cab93635383d462814312ca37c

Download Submit
C:\Windows\System\NSGADJa.exe

Filesize
1.7MB

MD5
6b84c5a9742cc3fd8bf262b9aa7c724f

SHA1
ef857bbd8a181ba21c9470f88c6a3e9ea6800f64

SHA256
68904542557dbec5780af6e555cef7b91139f3160d6fdba207162eb4fd3a3bd4

SHA512
20b3bb76c53378d0e2140926b590d6c019db9c74817c76a1651f464a225e89f7512bc4d9da6bef148f6914334e9f623bcdb3af6e2737c7468de2f0bd86c8ad4a

Download Submit
C:\Windows\System\OoahEPT.exe

Filesize
1.7MB

MD5
63db6e192f510ea6c950c33d5043d42b

SHA1
ac6f2d4f922043238e9e9b4485ca89341bc26381

SHA256
2985fb954d2d938faf1914aeacec390a6048beaa2a38682482596c986612e189

SHA512
40d78ccbd8b44c4c281e609b567db79ae51a47dfd47b4f830d8fe86828887714cfb9f472cee9f614379fde509e982ecebe69e326bb9f6a66d9eb866282c75c87

Download Submit
C:\Windows\System\OryYPCB.exe

Filesize
1.7MB

MD5
74fa692635d2ae37ea239541d384ba0b

SHA1
a7f47c8a87c2f3cd87433d09c5000c8cd2e1782a

SHA256
b07ea02f62750140912c85a696bff9e1c089e2e3c6a9df41f15777420530f0b9

SHA512
b2191ef7305e8b295a5475d6b7548847af4c9611c1d8a99c6b1d82a8f32d73e5c95834fa0e2a63553fb90ab055c8b1d0e43a32223aaeeda4652743311115df19

Download Submit
C:\Windows\System\PpWauTX.exe

Filesize
1.7MB

MD5
c0e535533e7dcfbd736b73787a4bb1dd

SHA1
67f5e06464116fee9b2c72de697a9a1cae094944

SHA256
e21e3acc400e277acf140e0b56941419d0ed40d8520436a72b8aad337846e7d3

SHA512
40862b3edb7790b94ff522bb497a7326b926b3293e61036260fb3327469f3e0c1b0e6140ddfefe331890c666eceb84c148a06b4fd22ea3828d604f785f6fce19

Download Submit
C:\Windows\System\UYaVesE.exe

Filesize
1.7MB

MD5
14a253c852599a47c7a7211a2aa0ca6b

SHA1
59d00b256b5e6d552856e0d05cb0fa80996101a0

SHA256
0c880b847bdc576002ca223c3784a14ba785e2e58871c841ccd4a431b2fb8f8b

SHA512
5bb59e012c7f44ff0d5de12aff1b242a05de07f6f31581f467437cd8229c4adb16f01302550db44a91ac338808fd6c5c1f848749181e76364cfca75facbce90c

Download Submit
C:\Windows\System\VhCgJiW.exe

Filesize
1.7MB

MD5
96cef4dbec9659213712ce99e234a8a6

SHA1
4d7abe9c7437bbe3e80476cb2269f2f9aaa7392d

SHA256
62e60e4bea54df6111daba8b4d772d5cc9b5486fa0722af33a3d7fe9f6c3a03d

SHA512
8011d98ed20f5bec8fa071a26459f111997b788a145fadfffb92104f2f21317629ded5bd6e28272124b6054b86add1ccf5d2dc0d9df34e79a316b752268fbdd4

Download Submit
C:\Windows\System\Vzcrtxz.exe

Filesize
1.7MB

MD5
fdcd66746a80090fa8eb0212d741861e

SHA1
b9301523f2f4969671d48a76ae5bc31b1be68054

SHA256
d5d2b8d60bc3b9aa961adbec65391a378a70c82b768778e7efae907670d06116

SHA512
929c9a2d4273f531f30bde32c5eb24844bcb7c7f83138673a9eeb9c177adca7775735bf93ef4dc6a56dc7d6f189344251a251f0c216b58b318185d02a4e1c8e1

Download Submit
C:\Windows\System\WzRSInM.exe

Filesize
1.7MB

MD5
f9190edbc91d9fdddcf372605623932e

SHA1
d99f201ed743909319a54c5be8a4936533031008

SHA256
6c835fda2122d5e5f802fdc53f9abdcb55f73c0068c40a8bcae6b4abf942deb6

SHA512
5f0e06b3d3d8e4a7c7b5e549ae93b3334e1ba6631bb3c5379c8834919596ce4453cfbed654430ca1b5adee297c5b285fb0684895b735e39dc1ffafc55a152775

Download Submit
C:\Windows\System\YfFjYyE.exe

Filesize
1.7MB

MD5
18d184724d343de16ee8f91e00fba7f8

SHA1
43fda63120985727a7eee3ff33f303447ed98723

SHA256
51dc4b5b896ca4a0178beb7620f188badf65a56883c0bba115f2bb13e985b457

SHA512
746ae552091dea91eaecea1caff2745d7e752bfa432520522feb2fe35d1349b7952d0dfccf5a454b7f439daa905969c591e38d01e4bce456bc472498ac790f68

Download Submit
C:\Windows\System\YlcHZRv.exe

Filesize
1.7MB

MD5
6a17a41ffc859e672e130bcd8e056859

SHA1
b66ed3650f1b1b3aebfaa6c43919b0f09cdfe8db

SHA256
0f50ea453dec39d56ba03cd6415850a9fe7e6cf5edc3340d74b4307098bfbfb6

SHA512
e569a71b7cc63e559384097c55dee227689fda36791d3200474f19c6a77f5167312ccd22442bee7ee5e4fd764b43ef540972efb1ecec441c4cad56664c0185c4

Download Submit
C:\Windows\System\cmSvxuG.exe

Filesize
1.7MB

MD5
876f963e578493522483b7b82e1477ca

SHA1
8da5e792c93ea85c99f5346eeee751de6de42a5c

SHA256
342756437beefaf9b2a46d7b5c2534dd79db84805463ffa6fb6e1758db2cbf26

SHA512
155e5225190447e2db93a48276011c9619e6e7fc7fb9cb98312d8262d44a07839e0dcdf16687332f4c574e8e9378e7ab2defe4dd1d5f20c0def3f075ef5e7630

Download Submit
C:\Windows\System\fcypLCO.exe

Filesize
1.7MB

MD5
824a025ed112d411b32ac08626474f87

SHA1
97299ee2116bb6cb6dbed2003ae95b30fa92eaf2

SHA256
afa621a692128e7374c3058c3c078038d78a9c5bb2f448a613f6c8466ce721e3

SHA512
1ec9a9d2102debdf743ea058596bae8e39fba8f40b1bdf2c8bcf9e69972a41bc83ee4bcca45beab4a1978ab9c3cee6bd181a14164fa114cf488d7f8bfedfa6b4

Download Submit
C:\Windows\System\hfxFyPJ.exe

Filesize
1.7MB

MD5
68b263ac710ad4e69df17e51f3ca519a

SHA1
067e89b4fc8500b358dcdc830ea0af5ad2efc231

SHA256
11ec274a7304ac43a9fd8149e24ace4a39b1656395b29c2f76384efa0fdb37f8

SHA512
6ed24cadc805040e236361beeef0e44f042744ed79a7f3840e1b8e6acc4785eca9c22ad608f28c8fb9c887e030ebb023bb587d6d31ae2b099e3ee413cf25261f

Download Submit
C:\Windows\System\kOoaYqh.exe

Filesize
1.7MB

MD5
34e78d65fa4134f25f3330d27d787314

SHA1
dbe6fbdd6eff0308fe43a85d3c97a7c92d95b047

SHA256
95a04d639d08ba959b90b1c7d6f95cc78128c8ac529a2cd9896df123976b4868

SHA512
3612b3b5719b88959fa104592c4c121b80790fe63d97ca57287797eda3b8062b0a6d0a3076b44f91dedad2b6d5199c52897aacc0e5bf063dd19458cd2bf47ba9

Download Submit
C:\Windows\System\kdegzAX.exe

Filesize
1.7MB

MD5
e10ffec81af616e07534b824d50ceed8

SHA1
6b3479a849eb8a946059794bce495b895e9a7f6c

SHA256
512342533d25b76ccc9b2300abe41515f7f11b8645a09d190853d8e46d30e067

SHA512
d151d7fd2a04416c941f530c4419768483e9889f48e440b0f9ddf1d0c95b6708a0c590e0a1586c76e57de972dbb9ba3b60ae5c6d79e2d8c99b0439a40405f844

Download Submit
C:\Windows\System\mjWTxMw.exe

Filesize
1.7MB

MD5
0cc68513bca450ee782597eeebc86083

SHA1
d780d015d11630d32a817869aaf8444375bb7708

SHA256
e60b75f3d4b90f5c766381b9f872fa7ca88a69e670f88ac5a04babe25f69e93d

SHA512
a7fa721fbfd7bcacd6c0c0617c74a5f52a6188a89aa2cefa16fe5353063c97d3a5e61d20f9429f0bd7683a1b5143b9bb0d4264d2f804948a8d704c5f36227f8b

Download Submit
C:\Windows\System\pZXntZt.exe

Filesize
1.7MB

MD5
89cf22196f6342cc59c396d5d1ea223d

SHA1
a06fef3d815409d07506a340ae7e9b069ffa3bd0

SHA256
c2ded8989cc7f9cfd00ca5845b05dfffe4f489de93ed4b07e08d5623c8cb6be0

SHA512
72d90e5c1f60e1005d03f33d42b0e79cceddd856a1ded6b29a27df879c83db141c379e1f454f48e92e4d99f8bd95c1f117b1e0a783f169ac9656a1d0460e29a8

Download Submit
C:\Windows\System\ruRWPjj.exe

Filesize
1.7MB

MD5
ea5a70bf856c80da4683b4a0e7637eae

SHA1
34ac78a461008c6f4d68ece8cb526e8354a9707d

SHA256
b7ad12df75a5589a3ad53b67e4ad9d7e45c2c651a79aee828c3265bb6d9da668

SHA512
5aa3138ca34878e5a9a338de09acca7e49cba2df0f47f24d9d6ea7c9b081cdc20a750249afad8517030853b079ed63ab54f12888b4c333506c3f34c8f6d854a9

Download Submit
C:\Windows\System\twSFRUh.exe

Filesize
1.7MB

MD5
530dddf6eb56f8e5109e8225274e44de

SHA1
d7af153140f11d5a0c16c07c9776add874761b13

SHA256
b6671e25672228240dd5ff08c5f4a03011d5cef21f6365394fa55cc14f1cdb3b

SHA512
07dca2cd3a26b79b88641a9d6c4b8ce62ecf6bbc322badcc4243085de4c28d8bdde20d13f2942fff3e269bc86f0714f4cde3f9ebb87b02245bbc4bb7781cdaab

Download Submit
C:\Windows\System\uqbIKie.exe

Filesize
1.7MB

MD5
ad78053aa8856d3fc7cccdadfb4698f9

SHA1
3a05aeba96eb6052a666d92eedc443b8e1ad46bf

SHA256
8199e9bdbc353cc3f37bdbeaafdd55ec883ace279b0c36f538d462a881854646

SHA512
ab9376743c2ce3c7e34f8fe9488e34aad6250374d4575abc92484e8cd7e4a97af3a0a11ddd4fe8f0a3b8d2db465c2d1b347a2882ce37010c7f27da27713e0ab0

Download Submit
C:\Windows\System\ysawhds.exe

Filesize
1.7MB

MD5
388425c427a90df2fc5731c77a3d7a14

SHA1
bbdd9a42f1c4e9b90ce8128a8f599b1a23682014

SHA256
0f342ec6d7109b1478dfece1df8854c5d4a6f859a262f60ae7decf9bf782c4c4

SHA512
b76fabdd2c4cbda775c22fe7f9167146e31adbb7863e6a1db6a6476829083b3d6d737b314a97297043c861d06fdff831e3f4785aa24c912856ee759133d8ca95

Download Submit
C:\Windows\System\zhasjqk.exe

Filesize
1.7MB

MD5
d0a575121c19967030833d3f0fa480ea

SHA1
3de526440f1f3ba4c3ea78899cfe643f7e139f3d

SHA256
69860096c81c06a8e9fa14a29f228422047f6d71d67bac9f18caa158a820660e

SHA512
62ec1d1ea940607ec50c650aa8afa607b3d7d8f2810a217ff54e1306eb84bb6c66691598988faa537816eec276ef764aea20f46e595cc2941d5b77ce9294b9f0

Download Submit
memory/3732-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download