kpot | e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
Size

1.7MB
MD5

a140426c2a95bb7ab262e6c0c674173b
SHA1

fd8cd03e7341c33a5d7f47d6588a9f562a60433e
SHA256

e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec
SHA512

10cfb371b974be171c7e9e4e3def38ee8660ad6850293f6f772939c90f770f8e9f78df338d063032f23a98ecc5d417ff5abe1173f5a8509748d4ce8156321634
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FatK8:GemTLkNdfE0pZaQv

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 38 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023427-3.dat	family_kpot
behavioral2/files/0x000800000002347b-10.dat	family_kpot
behavioral2/files/0x000700000002347d-18.dat	family_kpot
behavioral2/files/0x000700000002347e-28.dat	family_kpot
behavioral2/files/0x0007000000023481-45.dat	family_kpot
behavioral2/files/0x0007000000023483-44.dat	family_kpot
behavioral2/files/0x0007000000023484-56.dat	family_kpot
behavioral2/files/0x0007000000023485-67.dat	family_kpot
behavioral2/files/0x0007000000023488-91.dat	family_kpot
behavioral2/files/0x000700000002348f-107.dat	family_kpot
behavioral2/files/0x0007000000023494-129.dat	family_kpot
behavioral2/files/0x000700000002349f-165.dat	family_kpot
behavioral2/files/0x0007000000023493-163.dat	family_kpot
behavioral2/files/0x000700000002349e-162.dat	family_kpot
behavioral2/files/0x000700000002349d-161.dat	family_kpot
behavioral2/files/0x000700000002349c-160.dat	family_kpot
behavioral2/files/0x000700000002349b-159.dat	family_kpot
behavioral2/files/0x0007000000023491-157.dat	family_kpot
behavioral2/files/0x000700000002349a-156.dat	family_kpot
behavioral2/files/0x0007000000023499-155.dat	family_kpot
behavioral2/files/0x0007000000023498-154.dat	family_kpot
behavioral2/files/0x0007000000023490-150.dat	family_kpot
behavioral2/files/0x0007000000023497-141.dat	family_kpot
behavioral2/files/0x000700000002348e-136.dat	family_kpot
behavioral2/files/0x0007000000023496-133.dat	family_kpot
behavioral2/files/0x0007000000023495-132.dat	family_kpot
behavioral2/files/0x0007000000023492-123.dat	family_kpot
behavioral2/files/0x000700000002348c-119.dat	family_kpot
behavioral2/files/0x000700000002348b-111.dat	family_kpot
behavioral2/files/0x000700000002348d-125.dat	family_kpot
behavioral2/files/0x000700000002348a-103.dat	family_kpot
behavioral2/files/0x0007000000023489-95.dat	family_kpot
behavioral2/files/0x0007000000023487-83.dat	family_kpot
behavioral2/files/0x0007000000023486-71.dat	family_kpot
behavioral2/files/0x0007000000023482-47.dat	family_kpot
behavioral2/files/0x0007000000023480-40.dat	family_kpot
behavioral2/files/0x000700000002347f-38.dat	family_kpot
behavioral2/files/0x000700000002347c-15.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 38 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023427-3.dat	xmrig
behavioral2/files/0x000800000002347b-10.dat	xmrig
behavioral2/files/0x000700000002347d-18.dat	xmrig
behavioral2/files/0x000700000002347e-28.dat	xmrig
behavioral2/files/0x0007000000023481-45.dat	xmrig
behavioral2/files/0x0007000000023483-44.dat	xmrig
behavioral2/files/0x0007000000023484-56.dat	xmrig
behavioral2/files/0x0007000000023485-67.dat	xmrig
behavioral2/files/0x0007000000023488-91.dat	xmrig
behavioral2/files/0x000700000002348f-107.dat	xmrig
behavioral2/files/0x0007000000023494-129.dat	xmrig
behavioral2/files/0x000700000002349f-165.dat	xmrig
behavioral2/files/0x0007000000023493-163.dat	xmrig
behavioral2/files/0x000700000002349e-162.dat	xmrig
behavioral2/files/0x000700000002349d-161.dat	xmrig
behavioral2/files/0x000700000002349c-160.dat	xmrig
behavioral2/files/0x000700000002349b-159.dat	xmrig
behavioral2/files/0x0007000000023491-157.dat	xmrig
behavioral2/files/0x000700000002349a-156.dat	xmrig
behavioral2/files/0x0007000000023499-155.dat	xmrig
behavioral2/files/0x0007000000023498-154.dat	xmrig
behavioral2/files/0x0007000000023490-150.dat	xmrig
behavioral2/files/0x0007000000023497-141.dat	xmrig
behavioral2/files/0x000700000002348e-136.dat	xmrig
behavioral2/files/0x0007000000023496-133.dat	xmrig
behavioral2/files/0x0007000000023495-132.dat	xmrig
behavioral2/files/0x0007000000023492-123.dat	xmrig
behavioral2/files/0x000700000002348c-119.dat	xmrig
behavioral2/files/0x000700000002348b-111.dat	xmrig
behavioral2/files/0x000700000002348d-125.dat	xmrig
behavioral2/files/0x000700000002348a-103.dat	xmrig
behavioral2/files/0x0007000000023489-95.dat	xmrig
behavioral2/files/0x0007000000023487-83.dat	xmrig
behavioral2/files/0x0007000000023486-71.dat	xmrig
behavioral2/files/0x0007000000023482-47.dat	xmrig
behavioral2/files/0x0007000000023480-40.dat	xmrig
behavioral2/files/0x000700000002347f-38.dat	xmrig
behavioral2/files/0x000700000002347c-15.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3632	PPpvMhi.exe
4232	anKKenz.exe
4464	UsGUbjc.exe
3612	IGTNwfN.exe
4764	bfPNTZN.exe
1500	QzvTpBI.exe
2540	jEmYfug.exe
3236	hNKhZmc.exe
4792	kRHLhAD.exe
1848	nzmjzcF.exe
4852	GKsMVmK.exe
5112	FKsVIhD.exe
1388	IODNKgW.exe
3180	iAxMTdY.exe
1224	Lmvwqlf.exe
2928	bIwmxUD.exe
2932	edMBEZw.exe
224	wsYReTZ.exe
4932	HHVCxrF.exe
4992	whgRKzc.exe
4768	NJSQnKu.exe
2956	ZMDAJYF.exe
2172	JnaMiNN.exe
1996	tFCYrgl.exe
4236	LsRbuJy.exe
4760	osKGiGF.exe
1164	hMjUtEC.exe
2720	lBRurYP.exe
4092	IjdPrTs.exe
4500	swCOqQU.exe
1552	TdtRWTC.exe
1716	rqxTWAf.exe
3096	RjqYiPI.exe
3104	mCJlzaD.exe
1400	kHprrUe.exe
2980	KyIHLYd.exe
1844	HXQkNob.exe
3544	CvxXQjH.exe
4032	cDzcKaT.exe
1016	jIQQpfz.exe
5076	gfxaNwM.exe
2352	ihVEbkt.exe
672	bfBmwAr.exe
4848	vvyEMsf.exe
2032	kqUtsSD.exe
3500	AZRMviD.exe
4484	pCMBSig.exe
940	XVmNmnq.exe
3320	DcNcjeq.exe
2768	qbocAjB.exe
1828	qngGJnc.exe
2064	WguljVJ.exe
2016	nIhXFCl.exe
3468	jqEEOqH.exe
3484	AOVdlZb.exe
3100	EsjrnDU.exe
3656	jAXUZnE.exe
4444	REetWOx.exe
4336	gzQcwes.exe
552	iDfYcBb.exe
4948	evLLUSZ.exe
1900	EZIEKVK.exe
4944	gnRDnAW.exe
1128	iXQBsUj.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vIbaqXx.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\ZMyAPXe.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\SUMZpdO.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\iDfYcBb.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\TxbhySA.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\bLSIBYw.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\oEsgOri.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\LwKRFuo.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\HXQkNob.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\GYLryjr.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\osKGiGF.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\cDzcKaT.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\qyWqnwP.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\GdoSIXM.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\LjoDoTs.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\koUdJNm.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\zxSMiKz.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\jqEEOqH.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\kBFQeym.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\YOZazXL.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\uUsTQxX.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\hhdpgBy.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\eYKLcVf.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\RHzNEdD.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\zbgcneM.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\IjdPrTs.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\UtpNBBu.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\oQRkGWa.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\ALvzxRf.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\nEMGaRF.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\JJmpvGT.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\tKFJQdP.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\nvYEpmx.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\IGTNwfN.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\EsjrnDU.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\YkqKXgA.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\AqKuNGK.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\vuaiJup.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\AZRMviD.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\CNDHfMy.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\TLfTPJs.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\Lmvwqlf.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\cNuOJCX.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\BKTorYf.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\qWFgZqm.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\lBRurYP.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\SFXAkYc.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\AdgrdzD.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\REDYpMg.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\EYuxVel.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\MCDOiDO.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\GKsMVmK.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\lgjnPRN.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\HgvzqBX.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\IjmtPBA.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\vaOCzcu.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\BnUvsSy.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\xBdoNaq.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\dvZmfHH.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\DPqacDd.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\QQWhXSk.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\bNvPPdG.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\SQVNPDn.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
File created	C:\Windows\System\oJwHGbq.exe	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
Token: SeLockMemoryPrivilege	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 3632	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	83
PID 4044 wrote to memory of 3632	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	83
PID 4044 wrote to memory of 4232	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	84
PID 4044 wrote to memory of 4232	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	84
PID 4044 wrote to memory of 4464	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	85
PID 4044 wrote to memory of 4464	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	85
PID 4044 wrote to memory of 3612	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	86
PID 4044 wrote to memory of 3612	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	86
PID 4044 wrote to memory of 4764	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	87
PID 4044 wrote to memory of 4764	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	87
PID 4044 wrote to memory of 1500	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	88
PID 4044 wrote to memory of 1500	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	88
PID 4044 wrote to memory of 2540	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	89
PID 4044 wrote to memory of 2540	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	89
PID 4044 wrote to memory of 3236	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	90
PID 4044 wrote to memory of 3236	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	90
PID 4044 wrote to memory of 4792	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	91
PID 4044 wrote to memory of 4792	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	91
PID 4044 wrote to memory of 1848	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	92
PID 4044 wrote to memory of 1848	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	92
PID 4044 wrote to memory of 4852	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	93
PID 4044 wrote to memory of 4852	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	93
PID 4044 wrote to memory of 5112	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	94
PID 4044 wrote to memory of 5112	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	94
PID 4044 wrote to memory of 1388	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	95
PID 4044 wrote to memory of 1388	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	95
PID 4044 wrote to memory of 3180	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	96
PID 4044 wrote to memory of 3180	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	96
PID 4044 wrote to memory of 1224	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	97
PID 4044 wrote to memory of 1224	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	97
PID 4044 wrote to memory of 2928	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	98
PID 4044 wrote to memory of 2928	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	98
PID 4044 wrote to memory of 2932	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	99
PID 4044 wrote to memory of 2932	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	99
PID 4044 wrote to memory of 224	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	100
PID 4044 wrote to memory of 224	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	100
PID 4044 wrote to memory of 4932	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	101
PID 4044 wrote to memory of 4932	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	101
PID 4044 wrote to memory of 4992	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	102
PID 4044 wrote to memory of 4992	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	102
PID 4044 wrote to memory of 4768	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	103
PID 4044 wrote to memory of 4768	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	103
PID 4044 wrote to memory of 2956	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	104
PID 4044 wrote to memory of 2956	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	104
PID 4044 wrote to memory of 2172	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	105
PID 4044 wrote to memory of 2172	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	105
PID 4044 wrote to memory of 1996	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	106
PID 4044 wrote to memory of 1996	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	106
PID 4044 wrote to memory of 4236	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	107
PID 4044 wrote to memory of 4236	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	107
PID 4044 wrote to memory of 4760	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	108
PID 4044 wrote to memory of 4760	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	108
PID 4044 wrote to memory of 1164	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	109
PID 4044 wrote to memory of 1164	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	109
PID 4044 wrote to memory of 2720	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	110
PID 4044 wrote to memory of 2720	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	110
PID 4044 wrote to memory of 4092	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	111
PID 4044 wrote to memory of 4092	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	111
PID 4044 wrote to memory of 4500	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	112
PID 4044 wrote to memory of 4500	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	112
PID 4044 wrote to memory of 1552	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	113
PID 4044 wrote to memory of 1552	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	113
PID 4044 wrote to memory of 1716	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	114
PID 4044 wrote to memory of 1716	4044	e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe	114

C:\Users\Admin\AppData\Local\Temp\e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe
"C:\Users\Admin\AppData\Local\Temp\e80f9e01f9231796dfd3bdfd2e65fb89a4262c82e92a01bc5cf2f506869dd5ec.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\System\PPpvMhi.exe
  C:\Windows\System\PPpvMhi.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\anKKenz.exe
  C:\Windows\System\anKKenz.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\UsGUbjc.exe
  C:\Windows\System\UsGUbjc.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\IGTNwfN.exe
  C:\Windows\System\IGTNwfN.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\bfPNTZN.exe
  C:\Windows\System\bfPNTZN.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\QzvTpBI.exe
  C:\Windows\System\QzvTpBI.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\jEmYfug.exe
  C:\Windows\System\jEmYfug.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\hNKhZmc.exe
  C:\Windows\System\hNKhZmc.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\kRHLhAD.exe
  C:\Windows\System\kRHLhAD.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\nzmjzcF.exe
  C:\Windows\System\nzmjzcF.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\GKsMVmK.exe
  C:\Windows\System\GKsMVmK.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\FKsVIhD.exe
  C:\Windows\System\FKsVIhD.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\IODNKgW.exe
  C:\Windows\System\IODNKgW.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\iAxMTdY.exe
  C:\Windows\System\iAxMTdY.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\Lmvwqlf.exe
  C:\Windows\System\Lmvwqlf.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\bIwmxUD.exe
  C:\Windows\System\bIwmxUD.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\edMBEZw.exe
  C:\Windows\System\edMBEZw.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wsYReTZ.exe
  C:\Windows\System\wsYReTZ.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\HHVCxrF.exe
  C:\Windows\System\HHVCxrF.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\whgRKzc.exe
  C:\Windows\System\whgRKzc.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\NJSQnKu.exe
  C:\Windows\System\NJSQnKu.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\ZMDAJYF.exe
  C:\Windows\System\ZMDAJYF.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\JnaMiNN.exe
  C:\Windows\System\JnaMiNN.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\tFCYrgl.exe
  C:\Windows\System\tFCYrgl.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\LsRbuJy.exe
  C:\Windows\System\LsRbuJy.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\osKGiGF.exe
  C:\Windows\System\osKGiGF.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\hMjUtEC.exe
  C:\Windows\System\hMjUtEC.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\lBRurYP.exe
  C:\Windows\System\lBRurYP.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\IjdPrTs.exe
  C:\Windows\System\IjdPrTs.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\swCOqQU.exe
  C:\Windows\System\swCOqQU.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\TdtRWTC.exe
  C:\Windows\System\TdtRWTC.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\rqxTWAf.exe
  C:\Windows\System\rqxTWAf.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\RjqYiPI.exe
  C:\Windows\System\RjqYiPI.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\mCJlzaD.exe
  C:\Windows\System\mCJlzaD.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\kHprrUe.exe
  C:\Windows\System\kHprrUe.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\KyIHLYd.exe
  C:\Windows\System\KyIHLYd.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\HXQkNob.exe
  C:\Windows\System\HXQkNob.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\CvxXQjH.exe
  C:\Windows\System\CvxXQjH.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\cDzcKaT.exe
  C:\Windows\System\cDzcKaT.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\jIQQpfz.exe
  C:\Windows\System\jIQQpfz.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\gfxaNwM.exe
  C:\Windows\System\gfxaNwM.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\ihVEbkt.exe
  C:\Windows\System\ihVEbkt.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\bfBmwAr.exe
  C:\Windows\System\bfBmwAr.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\vvyEMsf.exe
  C:\Windows\System\vvyEMsf.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\kqUtsSD.exe
  C:\Windows\System\kqUtsSD.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\AZRMviD.exe
  C:\Windows\System\AZRMviD.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\pCMBSig.exe
  C:\Windows\System\pCMBSig.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\XVmNmnq.exe
  C:\Windows\System\XVmNmnq.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\DcNcjeq.exe
  C:\Windows\System\DcNcjeq.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\qbocAjB.exe
  C:\Windows\System\qbocAjB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qngGJnc.exe
  C:\Windows\System\qngGJnc.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\WguljVJ.exe
  C:\Windows\System\WguljVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\nIhXFCl.exe
  C:\Windows\System\nIhXFCl.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jqEEOqH.exe
  C:\Windows\System\jqEEOqH.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\AOVdlZb.exe
  C:\Windows\System\AOVdlZb.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\EsjrnDU.exe
  C:\Windows\System\EsjrnDU.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\jAXUZnE.exe
  C:\Windows\System\jAXUZnE.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\REetWOx.exe
  C:\Windows\System\REetWOx.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\gzQcwes.exe
  C:\Windows\System\gzQcwes.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\iDfYcBb.exe
  C:\Windows\System\iDfYcBb.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\evLLUSZ.exe
  C:\Windows\System\evLLUSZ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\EZIEKVK.exe
  C:\Windows\System\EZIEKVK.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\gnRDnAW.exe
  C:\Windows\System\gnRDnAW.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\iXQBsUj.exe
  C:\Windows\System\iXQBsUj.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\uqvxkFP.exe
  C:\Windows\System\uqvxkFP.exe
  2⤵
  PID:4048
- C:\Windows\System\uOWpFcp.exe
  C:\Windows\System\uOWpFcp.exe
  2⤵
  PID:3312
- C:\Windows\System\FDoMyVp.exe
  C:\Windows\System\FDoMyVp.exe
  2⤵
  PID:4508
- C:\Windows\System\IkJQNGG.exe
  C:\Windows\System\IkJQNGG.exe
  2⤵
  PID:3580
- C:\Windows\System\xLCIRhw.exe
  C:\Windows\System\xLCIRhw.exe
  2⤵
  PID:4672
- C:\Windows\System\YZfSPHK.exe
  C:\Windows\System\YZfSPHK.exe
  2⤵
  PID:2228
- C:\Windows\System\sMzRHqn.exe
  C:\Windows\System\sMzRHqn.exe
  2⤵
  PID:3116
- C:\Windows\System\bygenWt.exe
  C:\Windows\System\bygenWt.exe
  2⤵
  PID:4864
- C:\Windows\System\sRVIbOc.exe
  C:\Windows\System\sRVIbOc.exe
  2⤵
  PID:968
- C:\Windows\System\eYKLcVf.exe
  C:\Windows\System\eYKLcVf.exe
  2⤵
  PID:4980
- C:\Windows\System\fnywvAh.exe
  C:\Windows\System\fnywvAh.exe
  2⤵
  PID:4748
- C:\Windows\System\vpbpanq.exe
  C:\Windows\System\vpbpanq.exe
  2⤵
  PID:2784
- C:\Windows\System\trGTmzS.exe
  C:\Windows\System\trGTmzS.exe
  2⤵
  PID:1124
- C:\Windows\System\bezzfwM.exe
  C:\Windows\System\bezzfwM.exe
  2⤵
  PID:1560
- C:\Windows\System\siykvan.exe
  C:\Windows\System\siykvan.exe
  2⤵
  PID:3440
- C:\Windows\System\cNuOJCX.exe
  C:\Windows\System\cNuOJCX.exe
  2⤵
  PID:3200
- C:\Windows\System\NoIYDuX.exe
  C:\Windows\System\NoIYDuX.exe
  2⤵
  PID:3108
- C:\Windows\System\VFKnbtx.exe
  C:\Windows\System\VFKnbtx.exe
  2⤵
  PID:1880
- C:\Windows\System\qyWqnwP.exe
  C:\Windows\System\qyWqnwP.exe
  2⤵
  PID:1932
- C:\Windows\System\xQtNmaV.exe
  C:\Windows\System\xQtNmaV.exe
  2⤵
  PID:1312
- C:\Windows\System\SFCwoRm.exe
  C:\Windows\System\SFCwoRm.exe
  2⤵
  PID:3264
- C:\Windows\System\GdoSIXM.exe
  C:\Windows\System\GdoSIXM.exe
  2⤵
  PID:64
- C:\Windows\System\QEFNoEC.exe
  C:\Windows\System\QEFNoEC.exe
  2⤵
  PID:1692
- C:\Windows\System\rwyPXpk.exe
  C:\Windows\System\rwyPXpk.exe
  2⤵
  PID:5056
- C:\Windows\System\kBFQeym.exe
  C:\Windows\System\kBFQeym.exe
  2⤵
  PID:836
- C:\Windows\System\UtpNBBu.exe
  C:\Windows\System\UtpNBBu.exe
  2⤵
  PID:4828
- C:\Windows\System\kIMPpwA.exe
  C:\Windows\System\kIMPpwA.exe
  2⤵
  PID:2292
- C:\Windows\System\YkqKXgA.exe
  C:\Windows\System\YkqKXgA.exe
  2⤵
  PID:864
- C:\Windows\System\imjXnWG.exe
  C:\Windows\System\imjXnWG.exe
  2⤵
  PID:348
- C:\Windows\System\CjLmcOP.exe
  C:\Windows\System\CjLmcOP.exe
  2⤵
  PID:3300
- C:\Windows\System\QQWhXSk.exe
  C:\Windows\System\QQWhXSk.exe
  2⤵
  PID:2396
- C:\Windows\System\jsfABOU.exe
  C:\Windows\System\jsfABOU.exe
  2⤵
  PID:3184
- C:\Windows\System\OrNMpQH.exe
  C:\Windows\System\OrNMpQH.exe
  2⤵
  PID:244
- C:\Windows\System\RHfnfis.exe
  C:\Windows\System\RHfnfis.exe
  2⤵
  PID:3748
- C:\Windows\System\gcYFKiO.exe
  C:\Windows\System\gcYFKiO.exe
  2⤵
  PID:228
- C:\Windows\System\EMWkAho.exe
  C:\Windows\System\EMWkAho.exe
  2⤵
  PID:3244
- C:\Windows\System\CDLocNm.exe
  C:\Windows\System\CDLocNm.exe
  2⤵
  PID:4920
- C:\Windows\System\dyajlPi.exe
  C:\Windows\System\dyajlPi.exe
  2⤵
  PID:3260
- C:\Windows\System\SPXgPme.exe
  C:\Windows\System\SPXgPme.exe
  2⤵
  PID:216
- C:\Windows\System\BnUvsSy.exe
  C:\Windows\System\BnUvsSy.exe
  2⤵
  PID:4908
- C:\Windows\System\BLORNGx.exe
  C:\Windows\System\BLORNGx.exe
  2⤵
  PID:1680
- C:\Windows\System\PONsmzk.exe
  C:\Windows\System\PONsmzk.exe
  2⤵
  PID:4344
- C:\Windows\System\xEYKcHj.exe
  C:\Windows\System\xEYKcHj.exe
  2⤵
  PID:3572
- C:\Windows\System\lgjnPRN.exe
  C:\Windows\System\lgjnPRN.exe
  2⤵
  PID:4968
- C:\Windows\System\FhVqIze.exe
  C:\Windows\System\FhVqIze.exe
  2⤵
  PID:4176
- C:\Windows\System\hfbrQdD.exe
  C:\Windows\System\hfbrQdD.exe
  2⤵
  PID:2584
- C:\Windows\System\bjvbOFi.exe
  C:\Windows\System\bjvbOFi.exe
  2⤵
  PID:4900
- C:\Windows\System\RHzNEdD.exe
  C:\Windows\System\RHzNEdD.exe
  2⤵
  PID:4460
- C:\Windows\System\oQRkGWa.exe
  C:\Windows\System\oQRkGWa.exe
  2⤵
  PID:4440
- C:\Windows\System\GCItUUl.exe
  C:\Windows\System\GCItUUl.exe
  2⤵
  PID:704
- C:\Windows\System\AgTFUXR.exe
  C:\Windows\System\AgTFUXR.exe
  2⤵
  PID:5104
- C:\Windows\System\qQgXrmY.exe
  C:\Windows\System\qQgXrmY.exe
  2⤵
  PID:3176
- C:\Windows\System\xBdoNaq.exe
  C:\Windows\System\xBdoNaq.exe
  2⤵
  PID:1028
- C:\Windows\System\SFXAkYc.exe
  C:\Windows\System\SFXAkYc.exe
  2⤵
  PID:5040
- C:\Windows\System\rGXKsoE.exe
  C:\Windows\System\rGXKsoE.exe
  2⤵
  PID:3308
- C:\Windows\System\CRdpbjK.exe
  C:\Windows\System\CRdpbjK.exe
  2⤵
  PID:452
- C:\Windows\System\AnmFmMr.exe
  C:\Windows\System\AnmFmMr.exe
  2⤵
  PID:5144
- C:\Windows\System\vugdfWw.exe
  C:\Windows\System\vugdfWw.exe
  2⤵
  PID:5180
- C:\Windows\System\crmAfnr.exe
  C:\Windows\System\crmAfnr.exe
  2⤵
  PID:5212
- C:\Windows\System\lNTQdtI.exe
  C:\Windows\System\lNTQdtI.exe
  2⤵
  PID:5236
- C:\Windows\System\roKntsG.exe
  C:\Windows\System\roKntsG.exe
  2⤵
  PID:5264
- C:\Windows\System\aHQPlzN.exe
  C:\Windows\System\aHQPlzN.exe
  2⤵
  PID:5292
- C:\Windows\System\voSxcxS.exe
  C:\Windows\System\voSxcxS.exe
  2⤵
  PID:5320
- C:\Windows\System\AqKuNGK.exe
  C:\Windows\System\AqKuNGK.exe
  2⤵
  PID:5348
- C:\Windows\System\WrfnFkz.exe
  C:\Windows\System\WrfnFkz.exe
  2⤵
  PID:5364
- C:\Windows\System\tdCRNHV.exe
  C:\Windows\System\tdCRNHV.exe
  2⤵
  PID:5396
- C:\Windows\System\cGRIazt.exe
  C:\Windows\System\cGRIazt.exe
  2⤵
  PID:5432
- C:\Windows\System\EvEaqFf.exe
  C:\Windows\System\EvEaqFf.exe
  2⤵
  PID:5460
- C:\Windows\System\VvdUbXV.exe
  C:\Windows\System\VvdUbXV.exe
  2⤵
  PID:5488
- C:\Windows\System\OdBTYcz.exe
  C:\Windows\System\OdBTYcz.exe
  2⤵
  PID:5508
- C:\Windows\System\ijytOWx.exe
  C:\Windows\System\ijytOWx.exe
  2⤵
  PID:5544
- C:\Windows\System\cTKImUH.exe
  C:\Windows\System\cTKImUH.exe
  2⤵
  PID:5572
- C:\Windows\System\FEAfERs.exe
  C:\Windows\System\FEAfERs.exe
  2⤵
  PID:5600
- C:\Windows\System\UvdIBgb.exe
  C:\Windows\System\UvdIBgb.exe
  2⤵
  PID:5624
- C:\Windows\System\ThphVRt.exe
  C:\Windows\System\ThphVRt.exe
  2⤵
  PID:5648
- C:\Windows\System\tJjEjgP.exe
  C:\Windows\System\tJjEjgP.exe
  2⤵
  PID:5672
- C:\Windows\System\NslPCDT.exe
  C:\Windows\System\NslPCDT.exe
  2⤵
  PID:5712
- C:\Windows\System\gqkuKvs.exe
  C:\Windows\System\gqkuKvs.exe
  2⤵
  PID:5736
- C:\Windows\System\gkOsLHv.exe
  C:\Windows\System\gkOsLHv.exe
  2⤵
  PID:5772
- C:\Windows\System\vuaiJup.exe
  C:\Windows\System\vuaiJup.exe
  2⤵
  PID:5800
- C:\Windows\System\Zwpdaox.exe
  C:\Windows\System\Zwpdaox.exe
  2⤵
  PID:5816
- C:\Windows\System\kywywQz.exe
  C:\Windows\System\kywywQz.exe
  2⤵
  PID:5844
- C:\Windows\System\EdPDaEW.exe
  C:\Windows\System\EdPDaEW.exe
  2⤵
  PID:5880
- C:\Windows\System\bVsVtpO.exe
  C:\Windows\System\bVsVtpO.exe
  2⤵
  PID:5904
- C:\Windows\System\eiWijbM.exe
  C:\Windows\System\eiWijbM.exe
  2⤵
  PID:5932
- C:\Windows\System\AdgrdzD.exe
  C:\Windows\System\AdgrdzD.exe
  2⤵
  PID:5960
- C:\Windows\System\zbTaYLH.exe
  C:\Windows\System\zbTaYLH.exe
  2⤵
  PID:5988
- C:\Windows\System\NbtrjoB.exe
  C:\Windows\System\NbtrjoB.exe
  2⤵
  PID:6008
- C:\Windows\System\aoOIUDF.exe
  C:\Windows\System\aoOIUDF.exe
  2⤵
  PID:6040
- C:\Windows\System\gSbGkyB.exe
  C:\Windows\System\gSbGkyB.exe
  2⤵
  PID:6068
- C:\Windows\System\FEKAeGg.exe
  C:\Windows\System\FEKAeGg.exe
  2⤵
  PID:6108
- C:\Windows\System\XdlWBoJ.exe
  C:\Windows\System\XdlWBoJ.exe
  2⤵
  PID:6140
- C:\Windows\System\mdoZkHR.exe
  C:\Windows\System\mdoZkHR.exe
  2⤵
  PID:4072
- C:\Windows\System\wUqlcYS.exe
  C:\Windows\System\wUqlcYS.exe
  2⤵
  PID:5152
- C:\Windows\System\pqzQwNt.exe
  C:\Windows\System\pqzQwNt.exe
  2⤵
  PID:5248
- C:\Windows\System\mPBRRlw.exe
  C:\Windows\System\mPBRRlw.exe
  2⤵
  PID:5336
- C:\Windows\System\xNdAiNN.exe
  C:\Windows\System\xNdAiNN.exe
  2⤵
  PID:5392
- C:\Windows\System\jtVOoUf.exe
  C:\Windows\System\jtVOoUf.exe
  2⤵
  PID:5448
- C:\Windows\System\TxbhySA.exe
  C:\Windows\System\TxbhySA.exe
  2⤵
  PID:5528
- C:\Windows\System\fsaTLyS.exe
  C:\Windows\System\fsaTLyS.exe
  2⤵
  PID:5584
- C:\Windows\System\bLSIBYw.exe
  C:\Windows\System\bLSIBYw.exe
  2⤵
  PID:5644
- C:\Windows\System\ZmoSBep.exe
  C:\Windows\System\ZmoSBep.exe
  2⤵
  PID:5692
- C:\Windows\System\MJknLvn.exe
  C:\Windows\System\MJknLvn.exe
  2⤵
  PID:5788
- C:\Windows\System\BKTorYf.exe
  C:\Windows\System\BKTorYf.exe
  2⤵
  PID:5836
- C:\Windows\System\eoUYvtU.exe
  C:\Windows\System\eoUYvtU.exe
  2⤵
  PID:5892
- C:\Windows\System\GxQaujN.exe
  C:\Windows\System\GxQaujN.exe
  2⤵
  PID:5972
- C:\Windows\System\CNSkxFc.exe
  C:\Windows\System\CNSkxFc.exe
  2⤵
  PID:6076
- C:\Windows\System\MkauBCC.exe
  C:\Windows\System\MkauBCC.exe
  2⤵
  PID:6100
- C:\Windows\System\IAqgobZ.exe
  C:\Windows\System\IAqgobZ.exe
  2⤵
  PID:5128
- C:\Windows\System\qKeZMQf.exe
  C:\Windows\System\qKeZMQf.exe
  2⤵
  PID:5312
- C:\Windows\System\jishqQj.exe
  C:\Windows\System\jishqQj.exe
  2⤵
  PID:5424
- C:\Windows\System\aAQiSmB.exe
  C:\Windows\System\aAQiSmB.exe
  2⤵
  PID:5616
- C:\Windows\System\bNvPPdG.exe
  C:\Windows\System\bNvPPdG.exe
  2⤵
  PID:5684
- C:\Windows\System\clLyqju.exe
  C:\Windows\System\clLyqju.exe
  2⤵
  PID:5944
- C:\Windows\System\JJmpvGT.exe
  C:\Windows\System\JJmpvGT.exe
  2⤵
  PID:6088
- C:\Windows\System\yOPYlPu.exe
  C:\Windows\System\yOPYlPu.exe
  2⤵
  PID:5204
- C:\Windows\System\bmlGuxR.exe
  C:\Windows\System\bmlGuxR.exe
  2⤵
  PID:5536
- C:\Windows\System\GVDPYxV.exe
  C:\Windows\System\GVDPYxV.exe
  2⤵
  PID:6056
- C:\Windows\System\vIbaqXx.exe
  C:\Windows\System\vIbaqXx.exe
  2⤵
  PID:5516
- C:\Windows\System\bOzgLpR.exe
  C:\Windows\System\bOzgLpR.exe
  2⤵
  PID:5256
- C:\Windows\System\GCCESqy.exe
  C:\Windows\System\GCCESqy.exe
  2⤵
  PID:5524
- C:\Windows\System\oPOyBQP.exe
  C:\Windows\System\oPOyBQP.exe
  2⤵
  PID:6180
- C:\Windows\System\TznyyqY.exe
  C:\Windows\System\TznyyqY.exe
  2⤵
  PID:6196
- C:\Windows\System\FdsnNaQ.exe
  C:\Windows\System\FdsnNaQ.exe
  2⤵
  PID:6228
- C:\Windows\System\DREDOwg.exe
  C:\Windows\System\DREDOwg.exe
  2⤵
  PID:6252
- C:\Windows\System\YfWSjVD.exe
  C:\Windows\System\YfWSjVD.exe
  2⤵
  PID:6288
- C:\Windows\System\CKVOIKN.exe
  C:\Windows\System\CKVOIKN.exe
  2⤵
  PID:6328
- C:\Windows\System\kUrFEny.exe
  C:\Windows\System\kUrFEny.exe
  2⤵
  PID:6352
- C:\Windows\System\iqgLaQH.exe
  C:\Windows\System\iqgLaQH.exe
  2⤵
  PID:6368
- C:\Windows\System\apRPWNW.exe
  C:\Windows\System\apRPWNW.exe
  2⤵
  PID:6396
- C:\Windows\System\BpeenWl.exe
  C:\Windows\System\BpeenWl.exe
  2⤵
  PID:6416
- C:\Windows\System\sMRPYgX.exe
  C:\Windows\System\sMRPYgX.exe
  2⤵
  PID:6456
- C:\Windows\System\YrXtmHn.exe
  C:\Windows\System\YrXtmHn.exe
  2⤵
  PID:6480
- C:\Windows\System\zbgcneM.exe
  C:\Windows\System\zbgcneM.exe
  2⤵
  PID:6508
- C:\Windows\System\ZMyAPXe.exe
  C:\Windows\System\ZMyAPXe.exe
  2⤵
  PID:6528
- C:\Windows\System\HgvzqBX.exe
  C:\Windows\System\HgvzqBX.exe
  2⤵
  PID:6556
- C:\Windows\System\SQVNPDn.exe
  C:\Windows\System\SQVNPDn.exe
  2⤵
  PID:6592
- C:\Windows\System\AJEHEqg.exe
  C:\Windows\System\AJEHEqg.exe
  2⤵
  PID:6636
- C:\Windows\System\BWrQtgg.exe
  C:\Windows\System\BWrQtgg.exe
  2⤵
  PID:6660
- C:\Windows\System\EslWuhB.exe
  C:\Windows\System\EslWuhB.exe
  2⤵
  PID:6676
- C:\Windows\System\XeYnCim.exe
  C:\Windows\System\XeYnCim.exe
  2⤵
  PID:6716
- C:\Windows\System\xtmzDbX.exe
  C:\Windows\System\xtmzDbX.exe
  2⤵
  PID:6744
- C:\Windows\System\uowSuwO.exe
  C:\Windows\System\uowSuwO.exe
  2⤵
  PID:6776
- C:\Windows\System\REDYpMg.exe
  C:\Windows\System\REDYpMg.exe
  2⤵
  PID:6800
- C:\Windows\System\SjPWbZf.exe
  C:\Windows\System\SjPWbZf.exe
  2⤵
  PID:6820
- C:\Windows\System\yUVNaKL.exe
  C:\Windows\System\yUVNaKL.exe
  2⤵
  PID:6848
- C:\Windows\System\MZgWCao.exe
  C:\Windows\System\MZgWCao.exe
  2⤵
  PID:6872
- C:\Windows\System\yQozfku.exe
  C:\Windows\System\yQozfku.exe
  2⤵
  PID:6904
- C:\Windows\System\MnJYKHE.exe
  C:\Windows\System\MnJYKHE.exe
  2⤵
  PID:6924
- C:\Windows\System\qWFgZqm.exe
  C:\Windows\System\qWFgZqm.exe
  2⤵
  PID:6952
- C:\Windows\System\PtFWHaA.exe
  C:\Windows\System\PtFWHaA.exe
  2⤵
  PID:6984
- C:\Windows\System\tKFJQdP.exe
  C:\Windows\System\tKFJQdP.exe
  2⤵
  PID:7012
- C:\Windows\System\VBdPKYf.exe
  C:\Windows\System\VBdPKYf.exe
  2⤵
  PID:7048
- C:\Windows\System\qnlQMZC.exe
  C:\Windows\System\qnlQMZC.exe
  2⤵
  PID:7072
- C:\Windows\System\BBfmbaK.exe
  C:\Windows\System\BBfmbaK.exe
  2⤵
  PID:7100
- C:\Windows\System\vgJNiJt.exe
  C:\Windows\System\vgJNiJt.exe
  2⤵
  PID:7132
- C:\Windows\System\dkcwOeK.exe
  C:\Windows\System\dkcwOeK.exe
  2⤵
  PID:7156
- C:\Windows\System\LPuAHvQ.exe
  C:\Windows\System\LPuAHvQ.exe
  2⤵
  PID:6188
- C:\Windows\System\CNDHfMy.exe
  C:\Windows\System\CNDHfMy.exe
  2⤵
  PID:6276
- C:\Windows\System\UCCkurQ.exe
  C:\Windows\System\UCCkurQ.exe
  2⤵
  PID:6360
- C:\Windows\System\TpruhPT.exe
  C:\Windows\System\TpruhPT.exe
  2⤵
  PID:6404
- C:\Windows\System\MWCKddv.exe
  C:\Windows\System\MWCKddv.exe
  2⤵
  PID:6448
- C:\Windows\System\IjmtPBA.exe
  C:\Windows\System\IjmtPBA.exe
  2⤵
  PID:6568
- C:\Windows\System\pjIdJbk.exe
  C:\Windows\System\pjIdJbk.exe
  2⤵
  PID:6604
- C:\Windows\System\zTMGiZP.exe
  C:\Windows\System\zTMGiZP.exe
  2⤵
  PID:6648
- C:\Windows\System\hmtpsOT.exe
  C:\Windows\System\hmtpsOT.exe
  2⤵
  PID:6764
- C:\Windows\System\TAMmibd.exe
  C:\Windows\System\TAMmibd.exe
  2⤵
  PID:6856
- C:\Windows\System\vaOCzcu.exe
  C:\Windows\System\vaOCzcu.exe
  2⤵
  PID:6892
- C:\Windows\System\fArukPE.exe
  C:\Windows\System\fArukPE.exe
  2⤵
  PID:6920
- C:\Windows\System\AbDBaRX.exe
  C:\Windows\System\AbDBaRX.exe
  2⤵
  PID:6980
- C:\Windows\System\OnEzzlf.exe
  C:\Windows\System\OnEzzlf.exe
  2⤵
  PID:7124
- C:\Windows\System\TBPgOwH.exe
  C:\Windows\System\TBPgOwH.exe
  2⤵
  PID:7144
- C:\Windows\System\qAioZYf.exe
  C:\Windows\System\qAioZYf.exe
  2⤵
  PID:6300
- C:\Windows\System\QULVjYu.exe
  C:\Windows\System\QULVjYu.exe
  2⤵
  PID:6472
- C:\Windows\System\CPDdTLw.exe
  C:\Windows\System\CPDdTLw.exe
  2⤵
  PID:6544
- C:\Windows\System\tycYZWd.exe
  C:\Windows\System\tycYZWd.exe
  2⤵
  PID:6668
- C:\Windows\System\atiZoBe.exe
  C:\Windows\System\atiZoBe.exe
  2⤵
  PID:6864
- C:\Windows\System\atKgwIA.exe
  C:\Windows\System\atKgwIA.exe
  2⤵
  PID:7080
- C:\Windows\System\dvZmfHH.exe
  C:\Windows\System\dvZmfHH.exe
  2⤵
  PID:6324
- C:\Windows\System\DWAwuFA.exe
  C:\Windows\System\DWAwuFA.exe
  2⤵
  PID:6812
- C:\Windows\System\eHkhjdF.exe
  C:\Windows\System\eHkhjdF.exe
  2⤵
  PID:6968
- C:\Windows\System\SExZQTl.exe
  C:\Windows\System\SExZQTl.exe
  2⤵
  PID:6516
- C:\Windows\System\DohNanZ.exe
  C:\Windows\System\DohNanZ.exe
  2⤵
  PID:7188
- C:\Windows\System\mQcoQJq.exe
  C:\Windows\System\mQcoQJq.exe
  2⤵
  PID:7208
- C:\Windows\System\ZCkXgrk.exe
  C:\Windows\System\ZCkXgrk.exe
  2⤵
  PID:7236
- C:\Windows\System\HEMNHsN.exe
  C:\Windows\System\HEMNHsN.exe
  2⤵
  PID:7268
- C:\Windows\System\oEsgOri.exe
  C:\Windows\System\oEsgOri.exe
  2⤵
  PID:7296
- C:\Windows\System\mPzaTKw.exe
  C:\Windows\System\mPzaTKw.exe
  2⤵
  PID:7316
- C:\Windows\System\JrXooOE.exe
  C:\Windows\System\JrXooOE.exe
  2⤵
  PID:7344
- C:\Windows\System\zVVPfkh.exe
  C:\Windows\System\zVVPfkh.exe
  2⤵
  PID:7384
- C:\Windows\System\GzlKabA.exe
  C:\Windows\System\GzlKabA.exe
  2⤵
  PID:7408
- C:\Windows\System\XfhwftX.exe
  C:\Windows\System\XfhwftX.exe
  2⤵
  PID:7428
- C:\Windows\System\jzfvgLT.exe
  C:\Windows\System\jzfvgLT.exe
  2⤵
  PID:7452
- C:\Windows\System\KMwCzsd.exe
  C:\Windows\System\KMwCzsd.exe
  2⤵
  PID:7472
- C:\Windows\System\CpKKknI.exe
  C:\Windows\System\CpKKknI.exe
  2⤵
  PID:7508
- C:\Windows\System\GYLryjr.exe
  C:\Windows\System\GYLryjr.exe
  2⤵
  PID:7532
- C:\Windows\System\xTJfNRb.exe
  C:\Windows\System\xTJfNRb.exe
  2⤵
  PID:7560
- C:\Windows\System\CbWcVjw.exe
  C:\Windows\System\CbWcVjw.exe
  2⤵
  PID:7580
- C:\Windows\System\YOZazXL.exe
  C:\Windows\System\YOZazXL.exe
  2⤵
  PID:7596
- C:\Windows\System\ZmYEmQc.exe
  C:\Windows\System\ZmYEmQc.exe
  2⤵
  PID:7628
- C:\Windows\System\ALvzxRf.exe
  C:\Windows\System\ALvzxRf.exe
  2⤵
  PID:7664
- C:\Windows\System\rjvyylX.exe
  C:\Windows\System\rjvyylX.exe
  2⤵
  PID:7692
- C:\Windows\System\uUsTQxX.exe
  C:\Windows\System\uUsTQxX.exe
  2⤵
  PID:7716
- C:\Windows\System\UsUrsfO.exe
  C:\Windows\System\UsUrsfO.exe
  2⤵
  PID:7744
- C:\Windows\System\QnCxMTe.exe
  C:\Windows\System\QnCxMTe.exe
  2⤵
  PID:7764
- C:\Windows\System\YWikfGn.exe
  C:\Windows\System\YWikfGn.exe
  2⤵
  PID:7792
- C:\Windows\System\sTYkTdx.exe
  C:\Windows\System\sTYkTdx.exe
  2⤵
  PID:7824
- C:\Windows\System\NCXjWoF.exe
  C:\Windows\System\NCXjWoF.exe
  2⤵
  PID:7852
- C:\Windows\System\TTcVCLw.exe
  C:\Windows\System\TTcVCLw.exe
  2⤵
  PID:7884
- C:\Windows\System\btKCEOg.exe
  C:\Windows\System\btKCEOg.exe
  2⤵
  PID:7916
- C:\Windows\System\XoYBuFH.exe
  C:\Windows\System\XoYBuFH.exe
  2⤵
  PID:7940
- C:\Windows\System\mZmVjAV.exe
  C:\Windows\System\mZmVjAV.exe
  2⤵
  PID:7980
- C:\Windows\System\RJskhkF.exe
  C:\Windows\System\RJskhkF.exe
  2⤵
  PID:8008
- C:\Windows\System\IKHPwik.exe
  C:\Windows\System\IKHPwik.exe
  2⤵
  PID:8028
- C:\Windows\System\LwKRFuo.exe
  C:\Windows\System\LwKRFuo.exe
  2⤵
  PID:8052
- C:\Windows\System\MmUQRVv.exe
  C:\Windows\System\MmUQRVv.exe
  2⤵
  PID:8076
- C:\Windows\System\EYuxVel.exe
  C:\Windows\System\EYuxVel.exe
  2⤵
  PID:8112
- C:\Windows\System\ntnGBGM.exe
  C:\Windows\System\ntnGBGM.exe
  2⤵
  PID:8140
- C:\Windows\System\slPUZdF.exe
  C:\Windows\System\slPUZdF.exe
  2⤵
  PID:8160
- C:\Windows\System\chnLeRd.exe
  C:\Windows\System\chnLeRd.exe
  2⤵
  PID:8188
- C:\Windows\System\rcsgIUd.exe
  C:\Windows\System\rcsgIUd.exe
  2⤵
  PID:7196
- C:\Windows\System\SUMZpdO.exe
  C:\Windows\System\SUMZpdO.exe
  2⤵
  PID:7284
- C:\Windows\System\sHYotrT.exe
  C:\Windows\System\sHYotrT.exe
  2⤵
  PID:7332
- C:\Windows\System\AcHkLTT.exe
  C:\Windows\System\AcHkLTT.exe
  2⤵
  PID:7400
- C:\Windows\System\TLfTPJs.exe
  C:\Windows\System\TLfTPJs.exe
  2⤵
  PID:7496
- C:\Windows\System\HMnjSfl.exe
  C:\Windows\System\HMnjSfl.exe
  2⤵
  PID:7520
- C:\Windows\System\DQUrQRN.exe
  C:\Windows\System\DQUrQRN.exe
  2⤵
  PID:7592
- C:\Windows\System\hQjLKxm.exe
  C:\Windows\System\hQjLKxm.exe
  2⤵
  PID:7680
- C:\Windows\System\qfuFUwL.exe
  C:\Windows\System\qfuFUwL.exe
  2⤵
  PID:7780
- C:\Windows\System\qPzmRqW.exe
  C:\Windows\System\qPzmRqW.exe
  2⤵
  PID:7876
- C:\Windows\System\DyRwvvG.exe
  C:\Windows\System\DyRwvvG.exe
  2⤵
  PID:7964
- C:\Windows\System\hhdpgBy.exe
  C:\Windows\System\hhdpgBy.exe
  2⤵
  PID:7952
- C:\Windows\System\dKcHTGz.exe
  C:\Windows\System\dKcHTGz.exe
  2⤵
  PID:8000
- C:\Windows\System\YdJOHqm.exe
  C:\Windows\System\YdJOHqm.exe
  2⤵
  PID:8132
- C:\Windows\System\YNZDpXg.exe
  C:\Windows\System\YNZDpXg.exe
  2⤵
  PID:8180
- C:\Windows\System\XtVwBNc.exe
  C:\Windows\System\XtVwBNc.exe
  2⤵
  PID:7308
- C:\Windows\System\SLiQPsy.exe
  C:\Windows\System\SLiQPsy.exe
  2⤵
  PID:7280
- C:\Windows\System\DPqacDd.exe
  C:\Windows\System\DPqacDd.exe
  2⤵
  PID:7516
- C:\Windows\System\PnjsMXJ.exe
  C:\Windows\System\PnjsMXJ.exe
  2⤵
  PID:7740
- C:\Windows\System\TIQHIPz.exe
  C:\Windows\System\TIQHIPz.exe
  2⤵
  PID:7848
- C:\Windows\System\dfQmDVt.exe
  C:\Windows\System\dfQmDVt.exe
  2⤵
  PID:8044
- C:\Windows\System\uUFsPfQ.exe
  C:\Windows\System\uUFsPfQ.exe
  2⤵
  PID:8072
- C:\Windows\System\TMPUcuJ.exe
  C:\Windows\System\TMPUcuJ.exe
  2⤵
  PID:7480
- C:\Windows\System\BgjrlKe.exe
  C:\Windows\System\BgjrlKe.exe
  2⤵
  PID:7800
- C:\Windows\System\dwPNVYP.exe
  C:\Windows\System\dwPNVYP.exe
  2⤵
  PID:7928
- C:\Windows\System\nEMGaRF.exe
  C:\Windows\System\nEMGaRF.exe
  2⤵
  PID:7684
- C:\Windows\System\nvYEpmx.exe
  C:\Windows\System\nvYEpmx.exe
  2⤵
  PID:8200
- C:\Windows\System\QlApyHN.exe
  C:\Windows\System\QlApyHN.exe
  2⤵
  PID:8228
- C:\Windows\System\koUdJNm.exe
  C:\Windows\System\koUdJNm.exe
  2⤵
  PID:8260
- C:\Windows\System\xRFkeGM.exe
  C:\Windows\System\xRFkeGM.exe
  2⤵
  PID:8276
- C:\Windows\System\oJwHGbq.exe
  C:\Windows\System\oJwHGbq.exe
  2⤵
  PID:8308
- C:\Windows\System\LjoDoTs.exe
  C:\Windows\System\LjoDoTs.exe
  2⤵
  PID:8336
- C:\Windows\System\iYlXfPV.exe
  C:\Windows\System\iYlXfPV.exe
  2⤵
  PID:8368
- C:\Windows\System\zxSMiKz.exe
  C:\Windows\System\zxSMiKz.exe
  2⤵
  PID:8388
- C:\Windows\System\qWLhXNj.exe
  C:\Windows\System\qWLhXNj.exe
  2⤵
  PID:8416
- C:\Windows\System\sGGxqqe.exe
  C:\Windows\System\sGGxqqe.exe
  2⤵
  PID:8448
- C:\Windows\System\VSwmWri.exe
  C:\Windows\System\VSwmWri.exe
  2⤵
  PID:8484
- C:\Windows\System\BkaaBmO.exe
  C:\Windows\System\BkaaBmO.exe
  2⤵
  PID:8508
- C:\Windows\System\VwTeBHc.exe
  C:\Windows\System\VwTeBHc.exe
  2⤵
  PID:8544
- C:\Windows\System\MCDOiDO.exe
  C:\Windows\System\MCDOiDO.exe
  2⤵
  PID:8576
- C:\Windows\System\STzTFyc.exe
  C:\Windows\System\STzTFyc.exe
  2⤵
  PID:8604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CvxXQjH.exe

Filesize
1.7MB

MD5
341b46f95a3322e0125ce4e25f0b97bd

SHA1
db6d32c730b1c796502ce987a7655c83a9cd891a

SHA256
4c39493963183f8fe19ca34581413a1838adbf277c0d3f5195f75cfab1025aeb

SHA512
cf4527bbb25267631b29e1f9502724769ef556bac6b170c9644b332ac21f0c8a3f7aea22947a70fedc245a8ad6c6cc397cdd8a6bd4b53b2d0cccff7abe91a2e6

Download Submit
C:\Windows\System\FKsVIhD.exe

Filesize
1.7MB

MD5
5da8f52a85fef7188cd7d21111902aaf

SHA1
2a4ef24b78253e103dd3d5e76e10510d7ca86d66

SHA256
1333f30976dbbb09c5e9207209f1884eb880721ae9a25cbedf3e6460d8bce72c

SHA512
712da455e792e909c7a02ffd57267ee25061a8c78572ed3c9ebbf48089cbdd66608a9c8a53a7437854f3cd5a6ea2270a4b3742e06f91708b2a3a1be4bff63542

Download Submit
C:\Windows\System\GKsMVmK.exe

Filesize
1.7MB

MD5
bf98fc0d57c732bd545adede2d13afb0

SHA1
f9a2334dcaf2be26f0df2cdcca1f890448ee6659

SHA256
921fdced3f90cef0c66565da279d434953fa06eae58e8c357e0fd30b718aa7a7

SHA512
fd0466cc66f4cbbe10c393062664a0ec33f616f89f04463edf4db15076f4f8026bd8fadc3ea81729d851bad45892d5dff408e801b3745bb0809fdf81d3a5fc61

Download Submit
C:\Windows\System\HHVCxrF.exe

Filesize
1.7MB

MD5
e0a181754afe03005056172d338d3388

SHA1
e2740afbf29a3580efbcf60c43d9f58300852795

SHA256
539da41512d959af3f81cdedfbef65a9bce993aaa8cba4cbfafb6d7c706c9e7c

SHA512
fc5ae46786cad4db20a503e75f8ca40a6c8d52dd9cd6eb73b48eecda64c6480516b46713c3f656679888a4f3982eb3299fff51bc0e877443afddd9cb34c3d911

Download Submit
C:\Windows\System\HXQkNob.exe

Filesize
1.7MB

MD5
404860639092da64759f55fb0814b7e2

SHA1
d1c5efb11dcbba66dbb1e57fccd134ab097bed75

SHA256
497de955da446993fe9190d541a373a2aa82280ad9a667993a7d6fb602931934

SHA512
b7bfdedb404c39cfcf64601ae3961ee398f324a5eb7add63d939383a20ee5a3beb6f895329c54128179372165f7e6474f63f04a19ca29185b0fd988f8c8bd09a

Download Submit
C:\Windows\System\IGTNwfN.exe

Filesize
1.7MB

MD5
bc695ec40be80acbccb3e27689c8f1cb

SHA1
6518ced61969af837cecc7c307546e6190a134db

SHA256
8dd5c9802b35cd0ad4ab331fb690ec1d511499b6ac4b8265f78296f81757365d

SHA512
3daeadebf1aaa76cc843346e115ac2a0105e1e69a13ba266ed1065d772b6e09eaf4baadda765a170b86ac502f820ae9161d4bb9a655fce0030170472693dbdcd

Download Submit
C:\Windows\System\IODNKgW.exe

Filesize
1.7MB

MD5
8e7166a65198096d2d02ab7d671da080

SHA1
317d1a3c541de49b406796935736d33fad82bfe7

SHA256
bcdb6f0d01376677e99da2d6a7e14d7bc4fe3c4595b90ab9dce1f0f8e4cbe0e9

SHA512
ddb04182c35a2b3baab35d7750ac7de5646c63ceba10723eeada6fef08cca1a408ece9c657b00427989982bf0990cb5392efc2e23db3f1d1964330f6ed0c5a12

Download Submit
C:\Windows\System\IjdPrTs.exe

Filesize
1.7MB

MD5
70809727a7cd7fb44664450995e0c717

SHA1
2f2d4e0d5e749aa178f46e1cc3111b7b6745e6db

SHA256
7d6b94fea451cd3e40c9b5733e6e087cacbef42e1a22109059d827a9d6b45a6e

SHA512
4ff3bf31cc7851d5b0c8a1d4c17407e023ba76ad4e6390481de0d3c0698ce2be4c831c25e4967e1bc7feed317da156e58f7f93f199c2c7485ffeb33fba986faf

Download Submit
C:\Windows\System\JnaMiNN.exe

Filesize
1.7MB

MD5
6d496f8c07913df07ee4adebccd01365

SHA1
202a130a65cab2b041aa96c440d60752e23d278b

SHA256
5e4b92e65a864b547f35f3f2352a40bbdf3b80775670cc04536de2f4509f837c

SHA512
12135604f07f61ce24ada6fba593f2c89b09213e45138171b2092d4ea93a6fa65f5b5f38ca152004cbc125af6973c88734fcac86d98ddfb1b09e82efdf404ef8

Download Submit
C:\Windows\System\KyIHLYd.exe

Filesize
1.7MB

MD5
6a4fa96db65b5a14c67d496e0323e015

SHA1
3a50e81e7777e734e3dc71beadfb05dc4c8ef830

SHA256
e8a0344da01e4a8572be1709f26b0cdb20ffd2cf22aac0c8d9664d4100c28585

SHA512
4389cb058a9093c6e3688686aff272024d93d08d1cec7dacac048bd075bd9ce1f18697227da40ffea08e8e4e5a8f2456f7b7be2448fb500039b9f0ef8d0c694e

Download Submit
C:\Windows\System\Lmvwqlf.exe

Filesize
1.7MB

MD5
fb7d292a289a635f9809f81d4eb4d489

SHA1
d498cdc9b9045c06154fb693c2f19b0542e6db29

SHA256
97c5bdd0543f4eb2bc834364903f036313225774eac9e36053d7c6a62417d4d0

SHA512
fc4d3e5a35d7137957da269fa3e5924336eb2455d0e2d938d41d180ce4638e77bdb18de680f8c9e3e145c2bb559ddb5cb826b7b53548e34b087956ce040aaac6

Download Submit
C:\Windows\System\LsRbuJy.exe

Filesize
1.7MB

MD5
590148d30cf7a98fbda03067f59d29e8

SHA1
1e1a3fd8d06821a2410aab6739385fe56e3cfc3c

SHA256
c50185a55b7069887ad21235dd72c53af812d5e68e27d6306e0345db1e69f8d7

SHA512
24daef51b445f5f7a0ccdb8b250d90488834a34eae16c28e417866894dc3eae2c053f83b0a0740ab73f2a96a8786f65066f7e6d09ab3f5457e77ab88d84d7bdb

Download Submit
C:\Windows\System\NJSQnKu.exe

Filesize
1.7MB

MD5
9a542ebb21952e942b82cb3bcddea7b8

SHA1
3fbf9cc2b8c212a66941407ef18d4bc5b1d1726d

SHA256
980ab202f3a442bb9f88d8c071a189a5bd963d566ed223050c2cd31b0ceb110f

SHA512
26bc6473a54bb64139b60ee2ff8e8a2e4dcf36c3926886a01d2876130b6e2573974c5cba0bf00517d341342381aeef8ad6dd07bcb2ecad4ba9596363e1f48b43

Download Submit
C:\Windows\System\PPpvMhi.exe

Filesize
1.7MB

MD5
df1ab80e746b3e5c58d9dd1293a7d9e3

SHA1
e4fda9fcdb6a111fa1a16e6f3f005e1520f0f67f

SHA256
321a9b61fa79a891010e029c559e372eac38417978858402e6f56cb2d299f53c

SHA512
a66b42a088a3278bf18f77e74041bd615a64fba7cce9276f878d98dc0c9be909fe7d35fbe350e80785210938c4d808ccb0f3980ab133790d6cfb46d2b8ffe206

Download Submit
C:\Windows\System\QzvTpBI.exe

Filesize
1.7MB

MD5
56f853de2b92d735a07dff72140205a7

SHA1
eb1a5e904fe75d1536c2c1973428e96a115f78fd

SHA256
b30f05f06ad4c919b52bab0fef107cecf1a7a4d026a08a100f60f3b33a70ada5

SHA512
8eed99f50b31a461fcc59890563041d3c3a2df7dfd6a9dcb3851048d9a9d7ea03f6bfa6874a908138c92c9d87a93e4b0618aa87725fe86e0f0b42ff907b8b91c

Download Submit
C:\Windows\System\RjqYiPI.exe

Filesize
1.7MB

MD5
31f4d3c23b7de613b33359db8006ae25

SHA1
d876400ff5bbaf5d9db1746c9edce0d98b43dd67

SHA256
c4d61b190e8d70787fdec888a284ef1c6e98b4c65d9930296cb38c680c7ef7a5

SHA512
2030e578fd05edca1408b719d95ccf24a0a746644dce1a2ae3858eaffcf9c066a5a8613a564ab40df2e5edce7d48f2423079c4d6ad8c55dc82305fed2edcc48c

Download Submit
C:\Windows\System\TdtRWTC.exe

Filesize
1.7MB

MD5
59063fe6fd5a11b1530512c50b9be738

SHA1
c550aefbdb9b7629a2fda3ff07ebe63d02076d5d

SHA256
4ccd0a56be2ee23d363c3769281dd927f6658916d4622ed5e6ddb8c885cd8fc7

SHA512
5548efd39b59100640209b5b60a5edb6271d3b5228f9da503225381420b8602e0d054cd07ee8e9352ab7ab192d297a5e128ff698d3491b91c208b03d1d547c89

Download Submit
C:\Windows\System\UsGUbjc.exe

Filesize
1.7MB

MD5
42feb6ac2964fa2cbbb097f635f9a460

SHA1
2429fd3a60962fa35eab8bdc35910cc390c2b6af

SHA256
f2908e30467bb07bbcb85e22cbb20c5f33880eb7cb8ae75dab3216ebccbd6878

SHA512
e837459446adbcb16ac6acfc5c92e57aa6a264da9fd91826268cd06bb667722aeada44c49a359af4afb74fb234295ee1c7ca65da7d978e96f5aee343ce535e38

Download Submit
C:\Windows\System\ZMDAJYF.exe

Filesize
1.7MB

MD5
48db03ad5af9b0e26a970756cd35e861

SHA1
e57953ad9ea2fceacef8d8660245ea9338d5400a

SHA256
1f7953ac83c6a8d41727dd59efea5fa73b404e7df872ce547e0928c938fabaa4

SHA512
bbd51ba4f4465be7c74b5545bcdfb773d66e4e27e67e879116f8a11cabc81fce6d684661fdba399c00c6e90c8413d8d2c69c93545b6395a1c29439790a6a6e45

Download Submit
C:\Windows\System\anKKenz.exe

Filesize
1.7MB

MD5
86b30c040efe12bcb2a335db6b9ad83e

SHA1
1a22fd197869f098d7a9cf1ff4a457a7246475e4

SHA256
7a15044c1436ffa79b51f0faa1c374bc223f054d29c899308c7385c0dda9dc14

SHA512
79802fd45d9f164da4156e4b5ca6c5f295ac289703f17d94fc71e29bfd50a16a3f5ef96406b7c2b7c4a8fdffb4d82c49413a1d9d185bd10ff0726846eabe49b3

Download Submit
C:\Windows\System\bIwmxUD.exe

Filesize
1.7MB

MD5
a9c23c6b62b6dce3bf9b60e1ad940766

SHA1
db2595e926d31d7051ba42f14cb81fde6bfa44e4

SHA256
940dc319ecb9d1d46775b8db64d800f4327a5c4c9980ef95a8d8f71a609aaaa6

SHA512
b723593607c04465091d9cc6b8b70f89c2711c775adae76bf5960b70c942419365132839d2014e070a44cb9c80405c33d218f99652cab40b1404ddfee0810d0e

Download Submit
C:\Windows\System\bfPNTZN.exe

Filesize
1.7MB

MD5
29b249b00ebf8cbc384ce32a524ba42c

SHA1
43edad333736cb4c27bc277bef28023e6c2a23f8

SHA256
73448e1603d0ad81a07acdef06275fff27c12c1ca650879120d3cce870cc2123

SHA512
62cf4a0c742e1d93f366c9c64fee89637655ddea7ccece3a80bef8f2d7b55d47a06f6b291a26ea36223ec1bd3ad99610beea491ff103bbce9f0aa76b9c4915e2

Download Submit
C:\Windows\System\edMBEZw.exe

Filesize
1.7MB

MD5
de15b34910c6042cbee196d548dc94ea

SHA1
d98376ffd4945cea4c3aabb2ee23c0e5984ea9ee

SHA256
a05c1ade11afa5d58ba7087296c492ab4f3eb677a0f7f5aefa10fa313d160856

SHA512
7d5095f5d670ed05b9ad2e60ef0cc3402acd05df86debcce7bb90a49c90335eed382cbc9f57e956f8483583880b1ff447b02ba86b6fdd025702e1665162ec382

Download Submit
C:\Windows\System\hMjUtEC.exe

Filesize
1.7MB

MD5
bf0a39936a99e018728bbb96d8377036

SHA1
2baa7f1f9d70ea1ef5c2cf4774cace020d3b4be4

SHA256
a91f2b0d6d256784ebd521c320b0f8c732c9df99758c95794ed0a9323097f449

SHA512
b3d949c1d74da270934694e70058c466095b148d0955a57f97c7b5d2df1cc81c619cee3a067994291614b9561f577e404c475a31d920f1dc3fc5c1bf642efba2

Download Submit
C:\Windows\System\hNKhZmc.exe

Filesize
1.7MB

MD5
4d1fe5a2c5ac0d7f269f8288f2c6cf9e

SHA1
485cd50339383286c0cb1727b65555e8b129474f

SHA256
9053782c8805948eefb23ab33aa36e6695f8686a32c0dd9d6893d3bef605e86e

SHA512
d6a49231e368b19aa0e3435794ed44dd0c25626a386d063ce92ee75278d247de1471f9d68d5cbc00e63373e97ef9c2b437931786dc7bafbddc3e742c877a13b4

Download Submit
C:\Windows\System\iAxMTdY.exe

Filesize
1.7MB

MD5
a3066331d93acd495d241584063e03ff

SHA1
954bfc446498c613341738246fc408223a197831

SHA256
eb1cbd98472ef5d4a3a0a3acfc0546929bec96c9a4cc1715f795d6f3b8613077

SHA512
7279151f57abfba7f304ef71bcbb22b58d012a326cc95743c3da5173acc0c4450ebb0a4621948a7aaae33fa86a1f5cae38adc330c83964d3f292a5d712459ef6

Download Submit
C:\Windows\System\jEmYfug.exe

Filesize
1.7MB

MD5
cde7b5cec5e423873b52bbd0a06c6dd7

SHA1
9b558071f2472336a75d9b596209d58fca25431b

SHA256
973a4537e01f6e63700f9fab3736495067ab55ad219d0f64815ddd9c7ea58c40

SHA512
2e4918732c00a51147a195d6b10db2fa1a94e882bdef535c74aa4d6ad06156ec481865e882c167e55009721c602ef7f90ec22e06d2809b98ea67dbf10b670013

Download Submit
C:\Windows\System\kHprrUe.exe

Filesize
1.7MB

MD5
2365d3af578c4cc997d710b3955dfa9d

SHA1
82719463e11a611772d4e12c867a398e7a388bc8

SHA256
50c936fe8090cdd1d370399b2fb44def74348f5c70edc9d782602c32671c16cf

SHA512
bf1eaa7f1e9c81f5cf5a979b9d3627c91658593d607d06c0027231561e076adaec28d9bada684ddb5fe7c8dbc062ee1e83ef0a1c793eecbd8508f2f27002b373

Download Submit
C:\Windows\System\kRHLhAD.exe

Filesize
1.7MB

MD5
882135bc1261682866f72a3de6f53ac2

SHA1
48746201d5ca0eb04ec934d08aad63248412aa16

SHA256
f4f3916a39cfae63a2bdd83eb5cdc7b11a03c1bff3ff877ecd153816bbe7bd17

SHA512
b17c01a55a6e8e63e9dba060342d03bb3fb58b8137c8c06fd2a5682e8747c671b30729c43acf756e3a8777d842397d76fdf217bb18941d8e0b94d97bb12f5a9f

Download Submit
C:\Windows\System\lBRurYP.exe

Filesize
1.7MB

MD5
74de7477e972b5acec652b1e90ddfa0e

SHA1
13e481af16962d031b6f4fe5ee9888db667ed5e6

SHA256
07b45ae5ca61b3f0086a41df8980a4524c42849ff01bd776d200eedcef433ce7

SHA512
9358212365e4606b31e15f4d99d18d6e1c56e3b109f1ead9a4c670b54650582d226a0a4d654aad6632838a2c36bb0591560f2dbcf3f971e4446f286ef8d66d3d

Download Submit
C:\Windows\System\mCJlzaD.exe

Filesize
1.7MB

MD5
65ede3100eb25e7af6cd1fa83841ccce

SHA1
5a04b4ac69c77103feda1173afc689bbb211ae37

SHA256
d2705dc7fcfd06b50465252d71ef2fd95e8e8221cb14dbbabcdefe7b2c1073cd

SHA512
f74fa266fd9a7402959925f94f65b6e62d3ae416a690e441bf2f3bf0c2a9dd59f7650e331e4b453a9959c8942301acf50d7aef44d7f45ddc70a252187819b8b9

Download Submit
C:\Windows\System\nzmjzcF.exe

Filesize
1.7MB

MD5
99a3fcc6e8ce0f0340fef026bf8c26a0

SHA1
dc10b8623eca8628b501dfad3b9821f6b7c2c275

SHA256
7de32a9f622e12d62fb871302c888d7ec11df29d4c48c7809a5f9ff7b144ea3d

SHA512
7d28a2a3f5bd00eb0d0b15dc297c9f6b0955fd2a779fce3a185b51264f3f6af0017110c0619d407b836ac6e29812a85d2c576ef8423ee25cc23be26ab66a46dd

Download Submit
C:\Windows\System\osKGiGF.exe

Filesize
1.7MB

MD5
a5f3f147a84356d8d8ce4d6e0ec1d839

SHA1
28ef3767efdc392f8c822181e20662bbcb8ccec6

SHA256
914afd58149558e76669f91fa6d39547e61601cb169e6c15189f92cfee06d99d

SHA512
8656d5586f9323efdc2ce7fbc5b00dab3bb28559c27448c85be45100809e25555516fe1399c5681b47cd55275b961e97812330a16d4b106179aed47bc61d246e

Download Submit
C:\Windows\System\rqxTWAf.exe

Filesize
1.7MB

MD5
c105fecae87f656d4ab6501bf2744744

SHA1
16548732024fe4e47a7b7725c7ab14b2bc549cfb

SHA256
a3b0c8755efe43f1724df3bf4f572c35bd6e70cd6f4bf6b5872f930edfb5bac8

SHA512
b89fb80b8d69edd150a46a453bd7e423a16e150f006676cf280612a39637f56396e784d06e11eae728bd8a858da7f1e38df0555a3b5b6ce43b6cbfffcd4c2c3e

Download Submit
C:\Windows\System\swCOqQU.exe

Filesize
1.7MB

MD5
5103f762e1a9b5d2bc0814532ecbed42

SHA1
993587502727bb2c866468836bc7d5bcf5ae5f30

SHA256
a73e605c9d69d9370139ad69877a52ae92849410abd10fcd9a737ca311c44179

SHA512
cc2e8bf99fb42cd79573caba78295834f74fba3db7bbe30da6bcc6a8cb88eae51d452cc32beb1a2aff3e45294e7cbc63fdf23ad128310902fab775571b7e6f23

Download Submit
C:\Windows\System\tFCYrgl.exe

Filesize
1.7MB

MD5
d4590911fddf47c17c6713cd3930cddb

SHA1
c9d78fd1a27dfea20cf99d8eaff217126cc933a0

SHA256
3aad6772268d8523134298bbbff1ecbaa031af5f4587f8233f98c644d8297514

SHA512
801f6670d39b19c912df99f65674685ec062a05ab53b166bb252c3dbe825607bdc201bc50cdc1354521392531ef83f31cb2706bae82b3d234694a9d1c11dcf35

Download Submit
C:\Windows\System\whgRKzc.exe

Filesize
1.7MB

MD5
ae676424ac2fb702e30fa390ddaf58a7

SHA1
81d832fb68dea2bd900ef2c81696f51e56f5653f

SHA256
c4f76b6061e59c1cb42c5750a37a3b8bb2bc69ed3ca1d563090a0be6088f2744

SHA512
39c96c0af556d0db15b065dc2d424b5c3c20dc0b128651a9eb16edfae0bc2a59a7b6319bd1747c99686f66e2405c9837d78be2a44915e8005acda4a1b52ee1ff

Download Submit
C:\Windows\System\wsYReTZ.exe

Filesize
1.7MB

MD5
305718da2558120ab76710552b5de02d

SHA1
20c2659fb95bf54012fb3904aa82e96551277687

SHA256
cd3ce81cf6f9e9fde7678511a4b52f8ce91dd6228a44fd0bea9becd70f218956

SHA512
23f7cafccfac4351565b2f7919b7e0095ce32c21441bb50c412e6e3661b77f7cff9265a6e9058a52ae17354f796da4b14e7d8e1767f3490808827fa3c1632b8a

Download Submit
memory/4044-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download