kpot | 29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
Size

1.8MB
MD5

a804d63444742aa95c6e2b5775c095b9
SHA1

9b637941fe916ad39910590d3149a2069c9d24e4
SHA256

29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4
SHA512

806d6a58bd9d4553c92bb412f0b79718b630bf4bea51009b49b85853091a036819f64e1cf59ae3bf945d3fd28e8fa3c33b1eef527b97c757b8d4d0b07b5547ff
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FatfVi:GemTLkNdfE0pZaQM

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00080000000234f3-4.dat	family_kpot
behavioral2/files/0x00070000000234f8-18.dat	family_kpot
behavioral2/files/0x00070000000234fa-25.dat	family_kpot
behavioral2/files/0x00070000000234fd-48.dat	family_kpot
behavioral2/files/0x00070000000234fe-55.dat	family_kpot
behavioral2/files/0x0007000000023506-75.dat	family_kpot
behavioral2/files/0x0007000000023508-95.dat	family_kpot
behavioral2/files/0x000700000002350c-115.dat	family_kpot
behavioral2/files/0x000700000002350b-113.dat	family_kpot
behavioral2/files/0x000700000002350a-111.dat	family_kpot
behavioral2/files/0x0007000000023509-109.dat	family_kpot
behavioral2/files/0x0007000000023507-105.dat	family_kpot
behavioral2/files/0x0007000000023505-97.dat	family_kpot
behavioral2/files/0x0007000000023504-88.dat	family_kpot
behavioral2/files/0x0007000000023503-85.dat	family_kpot
behavioral2/files/0x0007000000023501-73.dat	family_kpot
behavioral2/files/0x0007000000023500-71.dat	family_kpot
behavioral2/files/0x00070000000234ff-66.dat	family_kpot
behavioral2/files/0x0007000000023502-76.dat	family_kpot
behavioral2/files/0x00070000000234fc-43.dat	family_kpot
behavioral2/files/0x000700000002350d-119.dat	family_kpot
behavioral2/files/0x0007000000023511-141.dat	family_kpot
behavioral2/files/0x0007000000023513-150.dat	family_kpot
behavioral2/files/0x0007000000023512-148.dat	family_kpot
behavioral2/files/0x0007000000023510-137.dat	family_kpot
behavioral2/files/0x000700000002350f-132.dat	family_kpot
behavioral2/files/0x00080000000234f4-125.dat	family_kpot
behavioral2/files/0x00070000000234fb-32.dat	family_kpot
behavioral2/files/0x0007000000023516-163.dat	family_kpot
behavioral2/files/0x0007000000023514-160.dat	family_kpot
behavioral2/files/0x0007000000023515-157.dat	family_kpot
behavioral2/files/0x00070000000234f9-20.dat	family_kpot
behavioral2/files/0x00070000000234f7-12.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x00080000000234f3-4.dat	xmrig
behavioral2/files/0x00070000000234f8-18.dat	xmrig
behavioral2/files/0x00070000000234fa-25.dat	xmrig
behavioral2/files/0x00070000000234fd-48.dat	xmrig
behavioral2/files/0x00070000000234fe-55.dat	xmrig
behavioral2/files/0x0007000000023506-75.dat	xmrig
behavioral2/files/0x0007000000023508-95.dat	xmrig
behavioral2/files/0x000700000002350c-115.dat	xmrig
behavioral2/files/0x000700000002350b-113.dat	xmrig
behavioral2/files/0x000700000002350a-111.dat	xmrig
behavioral2/files/0x0007000000023509-109.dat	xmrig
behavioral2/files/0x0007000000023507-105.dat	xmrig
behavioral2/files/0x0007000000023505-97.dat	xmrig
behavioral2/files/0x0007000000023504-88.dat	xmrig
behavioral2/files/0x0007000000023503-85.dat	xmrig
behavioral2/files/0x0007000000023501-73.dat	xmrig
behavioral2/files/0x0007000000023500-71.dat	xmrig
behavioral2/files/0x00070000000234ff-66.dat	xmrig
behavioral2/files/0x0007000000023502-76.dat	xmrig
behavioral2/files/0x00070000000234fc-43.dat	xmrig
behavioral2/files/0x000700000002350d-119.dat	xmrig
behavioral2/files/0x0007000000023511-141.dat	xmrig
behavioral2/files/0x0007000000023513-150.dat	xmrig
behavioral2/files/0x0007000000023512-148.dat	xmrig
behavioral2/files/0x0007000000023510-137.dat	xmrig
behavioral2/files/0x000700000002350f-132.dat	xmrig
behavioral2/files/0x00080000000234f4-125.dat	xmrig
behavioral2/files/0x00070000000234fb-32.dat	xmrig
behavioral2/files/0x0007000000023516-163.dat	xmrig
behavioral2/files/0x0007000000023514-160.dat	xmrig
behavioral2/files/0x0007000000023515-157.dat	xmrig
behavioral2/files/0x00070000000234f9-20.dat	xmrig
behavioral2/files/0x00070000000234f7-12.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4400	VdDnJpP.exe
3144	PzFymuc.exe
2544	wlWwLYd.exe
4908	wLOiICW.exe
3332	KDVvgwU.exe
3460	evSuEBG.exe
2512	jgAnPax.exe
4256	Barapgi.exe
4012	ZEkDcOl.exe
5072	tVwCJMh.exe
3492	llbbCOu.exe
1656	XAmdwQL.exe
3912	CMIIkXP.exe
5092	BjdGEHd.exe
224	ssXecpL.exe
432	YpBowFO.exe
1604	OvZgExm.exe
232	kFBIBjR.exe
3780	QdnvWxX.exe
4828	EigvyZc.exe
4652	HZuqYPb.exe
560	zYtJXek.exe
4428	BxRgxTF.exe
2236	WFqiHjy.exe
2920	VXSCIsW.exe
1800	GFGVChN.exe
860	tzKHtKN.exe
4996	wCNMEpv.exe
3960	MDAzMvA.exe
396	nHidCOx.exe
3988	DsBCnKk.exe
3288	AaqlsnP.exe
2300	NxONeRI.exe
3420	PMAskrw.exe
5028	KFOjJMe.exe
2900	aLzAtaE.exe
1580	ItNnJnX.exe
4272	BiqKQXJ.exe
4640	tGiFQFV.exe
5088	LsOLiaB.exe
2296	IGvCpkp.exe
1668	FjNODkA.exe
4632	kRAqpzh.exe
3700	mhusZYa.exe
4772	waghFrv.exe
4884	eeARNoB.exe
1220	sXaTUAv.exe
3916	YMOvvBM.exe
3668	osbSHYG.exe
4016	tpzmoRF.exe
3196	JFvWCbW.exe
3048	iQUitVV.exe
1060	KMJTyZm.exe
4224	AnDMxTC.exe
4488	ujRYcPg.exe
3848	uvgGMri.exe
4388	NihJJKQ.exe
3000	XvxNwLX.exe
372	QCwzfUO.exe
264	AcUPmoH.exe
2992	zgXkChP.exe
1664	rGEOEUt.exe
2340	lnOicrz.exe
3548	exSKQmt.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gtSkboz.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\EigvyZc.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\CXGvRgq.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\ncmIunh.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\uqNsdVf.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\HYuenPN.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\rOoGNuC.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\IJZsbkO.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\oyRosVq.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\YMOvvBM.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\CbfPcAf.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\vEVdlyo.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\FYsXCRK.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\GfXVAIp.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\waghFrv.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\rWrQWeX.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\JFvWCbW.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\bGziOuY.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\IqBNUCk.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\Uefvckx.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\mvBIDEy.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\yKRmmoU.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\AaqlsnP.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\BiqKQXJ.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\xUcjUEW.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\EJndHzA.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\NexuNMe.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\DfNAwTc.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\JPCvpXX.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\AuDRUBn.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\nhXjqoE.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\QdTpQEF.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\kFBIBjR.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\BxRgxTF.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\ulhIpbB.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\EdqJgdS.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\EriEdoZ.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\tVwCJMh.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\gGzxVmG.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\SVJzdqY.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\YuocHPY.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\giAUmNh.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\HZnrtKw.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\oZsCzgn.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\HMcuQmb.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\VXSCIsW.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\ujRYcPg.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\qvnIpSd.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\INXCHVQ.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\XNTqYbT.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\wLOiICW.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\tzKHtKN.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\FEoHUjL.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\ggbrRrc.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\zcKyMEr.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\CiaAgMU.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\MeNSKTy.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\xWjlytd.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\BpfmsKb.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\kZIBwQw.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\IBdlwwe.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\rBxuFil.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\htJAPwJ.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
File created	C:\Windows\System\TQpfBMM.exe	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
Token: SeLockMemoryPrivilege	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4400	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	83
PID 3084 wrote to memory of 4400	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	83
PID 3084 wrote to memory of 3144	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	84
PID 3084 wrote to memory of 3144	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	84
PID 3084 wrote to memory of 2544	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	85
PID 3084 wrote to memory of 2544	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	85
PID 3084 wrote to memory of 4908	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	86
PID 3084 wrote to memory of 4908	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	86
PID 3084 wrote to memory of 3332	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	87
PID 3084 wrote to memory of 3332	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	87
PID 3084 wrote to memory of 3460	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	88
PID 3084 wrote to memory of 3460	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	88
PID 3084 wrote to memory of 2512	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	89
PID 3084 wrote to memory of 2512	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	89
PID 3084 wrote to memory of 4256	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	90
PID 3084 wrote to memory of 4256	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	90
PID 3084 wrote to memory of 4012	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	91
PID 3084 wrote to memory of 4012	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	91
PID 3084 wrote to memory of 5072	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	92
PID 3084 wrote to memory of 5072	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	92
PID 3084 wrote to memory of 3492	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	93
PID 3084 wrote to memory of 3492	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	93
PID 3084 wrote to memory of 1656	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	94
PID 3084 wrote to memory of 1656	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	94
PID 3084 wrote to memory of 3912	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	95
PID 3084 wrote to memory of 3912	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	95
PID 3084 wrote to memory of 5092	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	96
PID 3084 wrote to memory of 5092	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	96
PID 3084 wrote to memory of 224	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	97
PID 3084 wrote to memory of 224	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	97
PID 3084 wrote to memory of 432	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	98
PID 3084 wrote to memory of 432	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	98
PID 3084 wrote to memory of 1604	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	99
PID 3084 wrote to memory of 1604	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	99
PID 3084 wrote to memory of 232	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	100
PID 3084 wrote to memory of 232	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	100
PID 3084 wrote to memory of 3780	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	101
PID 3084 wrote to memory of 3780	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	101
PID 3084 wrote to memory of 4828	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	102
PID 3084 wrote to memory of 4828	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	102
PID 3084 wrote to memory of 4652	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	103
PID 3084 wrote to memory of 4652	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	103
PID 3084 wrote to memory of 560	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	104
PID 3084 wrote to memory of 560	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	104
PID 3084 wrote to memory of 4428	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	105
PID 3084 wrote to memory of 4428	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	105
PID 3084 wrote to memory of 2236	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	106
PID 3084 wrote to memory of 2236	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	106
PID 3084 wrote to memory of 2920	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	107
PID 3084 wrote to memory of 2920	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	107
PID 3084 wrote to memory of 1800	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	108
PID 3084 wrote to memory of 1800	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	108
PID 3084 wrote to memory of 860	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	109
PID 3084 wrote to memory of 860	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	109
PID 3084 wrote to memory of 4996	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	110
PID 3084 wrote to memory of 4996	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	110
PID 3084 wrote to memory of 3960	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	111
PID 3084 wrote to memory of 3960	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	111
PID 3084 wrote to memory of 396	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	112
PID 3084 wrote to memory of 396	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	112
PID 3084 wrote to memory of 3988	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	113
PID 3084 wrote to memory of 3988	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	113
PID 3084 wrote to memory of 3288	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	114
PID 3084 wrote to memory of 3288	3084	29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe	114

C:\Users\Admin\AppData\Local\Temp\29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe
"C:\Users\Admin\AppData\Local\Temp\29903035c62afd047a6cc0cbb92c014e9b82b6d6445c9d8a667f8df44d2d28c4.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\System\VdDnJpP.exe
  C:\Windows\System\VdDnJpP.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\PzFymuc.exe
  C:\Windows\System\PzFymuc.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\wlWwLYd.exe
  C:\Windows\System\wlWwLYd.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\wLOiICW.exe
  C:\Windows\System\wLOiICW.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\KDVvgwU.exe
  C:\Windows\System\KDVvgwU.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\evSuEBG.exe
  C:\Windows\System\evSuEBG.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\jgAnPax.exe
  C:\Windows\System\jgAnPax.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\Barapgi.exe
  C:\Windows\System\Barapgi.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ZEkDcOl.exe
  C:\Windows\System\ZEkDcOl.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\tVwCJMh.exe
  C:\Windows\System\tVwCJMh.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\llbbCOu.exe
  C:\Windows\System\llbbCOu.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\XAmdwQL.exe
  C:\Windows\System\XAmdwQL.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\CMIIkXP.exe
  C:\Windows\System\CMIIkXP.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\BjdGEHd.exe
  C:\Windows\System\BjdGEHd.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\ssXecpL.exe
  C:\Windows\System\ssXecpL.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\YpBowFO.exe
  C:\Windows\System\YpBowFO.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\OvZgExm.exe
  C:\Windows\System\OvZgExm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\kFBIBjR.exe
  C:\Windows\System\kFBIBjR.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\QdnvWxX.exe
  C:\Windows\System\QdnvWxX.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\EigvyZc.exe
  C:\Windows\System\EigvyZc.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\HZuqYPb.exe
  C:\Windows\System\HZuqYPb.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\zYtJXek.exe
  C:\Windows\System\zYtJXek.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\BxRgxTF.exe
  C:\Windows\System\BxRgxTF.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\WFqiHjy.exe
  C:\Windows\System\WFqiHjy.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\VXSCIsW.exe
  C:\Windows\System\VXSCIsW.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\GFGVChN.exe
  C:\Windows\System\GFGVChN.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\tzKHtKN.exe
  C:\Windows\System\tzKHtKN.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\wCNMEpv.exe
  C:\Windows\System\wCNMEpv.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\MDAzMvA.exe
  C:\Windows\System\MDAzMvA.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\nHidCOx.exe
  C:\Windows\System\nHidCOx.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\DsBCnKk.exe
  C:\Windows\System\DsBCnKk.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\AaqlsnP.exe
  C:\Windows\System\AaqlsnP.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\NxONeRI.exe
  C:\Windows\System\NxONeRI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PMAskrw.exe
  C:\Windows\System\PMAskrw.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\KFOjJMe.exe
  C:\Windows\System\KFOjJMe.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\aLzAtaE.exe
  C:\Windows\System\aLzAtaE.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ItNnJnX.exe
  C:\Windows\System\ItNnJnX.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\BiqKQXJ.exe
  C:\Windows\System\BiqKQXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\tGiFQFV.exe
  C:\Windows\System\tGiFQFV.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\LsOLiaB.exe
  C:\Windows\System\LsOLiaB.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\IGvCpkp.exe
  C:\Windows\System\IGvCpkp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\FjNODkA.exe
  C:\Windows\System\FjNODkA.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\kRAqpzh.exe
  C:\Windows\System\kRAqpzh.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\mhusZYa.exe
  C:\Windows\System\mhusZYa.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\waghFrv.exe
  C:\Windows\System\waghFrv.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\eeARNoB.exe
  C:\Windows\System\eeARNoB.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\sXaTUAv.exe
  C:\Windows\System\sXaTUAv.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\YMOvvBM.exe
  C:\Windows\System\YMOvvBM.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\osbSHYG.exe
  C:\Windows\System\osbSHYG.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\tpzmoRF.exe
  C:\Windows\System\tpzmoRF.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\JFvWCbW.exe
  C:\Windows\System\JFvWCbW.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\iQUitVV.exe
  C:\Windows\System\iQUitVV.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\KMJTyZm.exe
  C:\Windows\System\KMJTyZm.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\AnDMxTC.exe
  C:\Windows\System\AnDMxTC.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\ujRYcPg.exe
  C:\Windows\System\ujRYcPg.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\uvgGMri.exe
  C:\Windows\System\uvgGMri.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\NihJJKQ.exe
  C:\Windows\System\NihJJKQ.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\XvxNwLX.exe
  C:\Windows\System\XvxNwLX.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QCwzfUO.exe
  C:\Windows\System\QCwzfUO.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\AcUPmoH.exe
  C:\Windows\System\AcUPmoH.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\zgXkChP.exe
  C:\Windows\System\zgXkChP.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\rGEOEUt.exe
  C:\Windows\System\rGEOEUt.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\lnOicrz.exe
  C:\Windows\System\lnOicrz.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\exSKQmt.exe
  C:\Windows\System\exSKQmt.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\bjmAjsJ.exe
  C:\Windows\System\bjmAjsJ.exe
  2⤵
  PID:3640
- C:\Windows\System\rLKUhIF.exe
  C:\Windows\System\rLKUhIF.exe
  2⤵
  PID:3504
- C:\Windows\System\oIUmhrZ.exe
  C:\Windows\System\oIUmhrZ.exe
  2⤵
  PID:1048
- C:\Windows\System\ryFrVaM.exe
  C:\Windows\System\ryFrVaM.exe
  2⤵
  PID:768
- C:\Windows\System\BpfmsKb.exe
  C:\Windows\System\BpfmsKb.exe
  2⤵
  PID:2944
- C:\Windows\System\WvmLFvG.exe
  C:\Windows\System\WvmLFvG.exe
  2⤵
  PID:2404
- C:\Windows\System\AuDRUBn.exe
  C:\Windows\System\AuDRUBn.exe
  2⤵
  PID:3112
- C:\Windows\System\IwyfEqk.exe
  C:\Windows\System\IwyfEqk.exe
  2⤵
  PID:1756
- C:\Windows\System\ZQknUbc.exe
  C:\Windows\System\ZQknUbc.exe
  2⤵
  PID:4624
- C:\Windows\System\vdnrZNy.exe
  C:\Windows\System\vdnrZNy.exe
  2⤵
  PID:3840
- C:\Windows\System\bGziOuY.exe
  C:\Windows\System\bGziOuY.exe
  2⤵
  PID:4796
- C:\Windows\System\yrkKGeK.exe
  C:\Windows\System\yrkKGeK.exe
  2⤵
  PID:2660
- C:\Windows\System\CbfPcAf.exe
  C:\Windows\System\CbfPcAf.exe
  2⤵
  PID:2676
- C:\Windows\System\GcIRfJa.exe
  C:\Windows\System\GcIRfJa.exe
  2⤵
  PID:2316
- C:\Windows\System\XrAmlMc.exe
  C:\Windows\System\XrAmlMc.exe
  2⤵
  PID:3956
- C:\Windows\System\qvnIpSd.exe
  C:\Windows\System\qvnIpSd.exe
  2⤵
  PID:1324
- C:\Windows\System\OduhQgE.exe
  C:\Windows\System\OduhQgE.exe
  2⤵
  PID:4040
- C:\Windows\System\gNePLuJ.exe
  C:\Windows\System\gNePLuJ.exe
  2⤵
  PID:5024
- C:\Windows\System\rWrQWeX.exe
  C:\Windows\System\rWrQWeX.exe
  2⤵
  PID:2644
- C:\Windows\System\YqSzSmT.exe
  C:\Windows\System\YqSzSmT.exe
  2⤵
  PID:4468
- C:\Windows\System\PaXNvRb.exe
  C:\Windows\System\PaXNvRb.exe
  2⤵
  PID:4572
- C:\Windows\System\hXySyFA.exe
  C:\Windows\System\hXySyFA.exe
  2⤵
  PID:3444
- C:\Windows\System\ykyQkvv.exe
  C:\Windows\System\ykyQkvv.exe
  2⤵
  PID:3864
- C:\Windows\System\OblHROq.exe
  C:\Windows\System\OblHROq.exe
  2⤵
  PID:4992
- C:\Windows\System\aoToDSH.exe
  C:\Windows\System\aoToDSH.exe
  2⤵
  PID:5016
- C:\Windows\System\GCqwHop.exe
  C:\Windows\System\GCqwHop.exe
  2⤵
  PID:1360
- C:\Windows\System\BCGIhPq.exe
  C:\Windows\System\BCGIhPq.exe
  2⤵
  PID:4476
- C:\Windows\System\OFNPhTv.exe
  C:\Windows\System\OFNPhTv.exe
  2⤵
  PID:1940
- C:\Windows\System\NqGXslC.exe
  C:\Windows\System\NqGXslC.exe
  2⤵
  PID:2616
- C:\Windows\System\wZsGale.exe
  C:\Windows\System\wZsGale.exe
  2⤵
  PID:4552
- C:\Windows\System\AWPOhAk.exe
  C:\Windows\System\AWPOhAk.exe
  2⤵
  PID:1648
- C:\Windows\System\TfjtRHe.exe
  C:\Windows\System\TfjtRHe.exe
  2⤵
  PID:3168
- C:\Windows\System\iMqihbM.exe
  C:\Windows\System\iMqihbM.exe
  2⤵
  PID:2152
- C:\Windows\System\nNLncwM.exe
  C:\Windows\System\nNLncwM.exe
  2⤵
  PID:4620
- C:\Windows\System\WauCtaV.exe
  C:\Windows\System\WauCtaV.exe
  2⤵
  PID:1056
- C:\Windows\System\abKpSUz.exe
  C:\Windows\System\abKpSUz.exe
  2⤵
  PID:3812
- C:\Windows\System\VTTklTm.exe
  C:\Windows\System\VTTklTm.exe
  2⤵
  PID:2216
- C:\Windows\System\IPWjSje.exe
  C:\Windows\System\IPWjSje.exe
  2⤵
  PID:4840
- C:\Windows\System\koTBEMm.exe
  C:\Windows\System\koTBEMm.exe
  2⤵
  PID:2348
- C:\Windows\System\ncmIunh.exe
  C:\Windows\System\ncmIunh.exe
  2⤵
  PID:2948
- C:\Windows\System\uqNsdVf.exe
  C:\Windows\System\uqNsdVf.exe
  2⤵
  PID:2560
- C:\Windows\System\pgDaTeZ.exe
  C:\Windows\System\pgDaTeZ.exe
  2⤵
  PID:4816
- C:\Windows\System\BuTsEzc.exe
  C:\Windows\System\BuTsEzc.exe
  2⤵
  PID:1484
- C:\Windows\System\qPCrXCc.exe
  C:\Windows\System\qPCrXCc.exe
  2⤵
  PID:2116
- C:\Windows\System\YIchnUN.exe
  C:\Windows\System\YIchnUN.exe
  2⤵
  PID:764
- C:\Windows\System\xGWeWyB.exe
  C:\Windows\System\xGWeWyB.exe
  2⤵
  PID:5060
- C:\Windows\System\Snjbqxp.exe
  C:\Windows\System\Snjbqxp.exe
  2⤵
  PID:5132
- C:\Windows\System\qCvFobH.exe
  C:\Windows\System\qCvFobH.exe
  2⤵
  PID:5148
- C:\Windows\System\cXHHXmx.exe
  C:\Windows\System\cXHHXmx.exe
  2⤵
  PID:5188
- C:\Windows\System\WWtmgvX.exe
  C:\Windows\System\WWtmgvX.exe
  2⤵
  PID:5216
- C:\Windows\System\kZIBwQw.exe
  C:\Windows\System\kZIBwQw.exe
  2⤵
  PID:5244
- C:\Windows\System\CmGOtoO.exe
  C:\Windows\System\CmGOtoO.exe
  2⤵
  PID:5276
- C:\Windows\System\IBdlwwe.exe
  C:\Windows\System\IBdlwwe.exe
  2⤵
  PID:5308
- C:\Windows\System\losSIMD.exe
  C:\Windows\System\losSIMD.exe
  2⤵
  PID:5340
- C:\Windows\System\JREyGAV.exe
  C:\Windows\System\JREyGAV.exe
  2⤵
  PID:5384
- C:\Windows\System\vPIRgpr.exe
  C:\Windows\System\vPIRgpr.exe
  2⤵
  PID:5408
- C:\Windows\System\PyFNTof.exe
  C:\Windows\System\PyFNTof.exe
  2⤵
  PID:5448
- C:\Windows\System\FEoHUjL.exe
  C:\Windows\System\FEoHUjL.exe
  2⤵
  PID:5480
- C:\Windows\System\qhkbXqc.exe
  C:\Windows\System\qhkbXqc.exe
  2⤵
  PID:5508
- C:\Windows\System\APTYKzG.exe
  C:\Windows\System\APTYKzG.exe
  2⤵
  PID:5544
- C:\Windows\System\sFilbuw.exe
  C:\Windows\System\sFilbuw.exe
  2⤵
  PID:5580
- C:\Windows\System\GfXVAIp.exe
  C:\Windows\System\GfXVAIp.exe
  2⤵
  PID:5612
- C:\Windows\System\ercDHwB.exe
  C:\Windows\System\ercDHwB.exe
  2⤵
  PID:5636
- C:\Windows\System\DfNAwTc.exe
  C:\Windows\System\DfNAwTc.exe
  2⤵
  PID:5664
- C:\Windows\System\IzxojMd.exe
  C:\Windows\System\IzxojMd.exe
  2⤵
  PID:5696
- C:\Windows\System\DTOTaxU.exe
  C:\Windows\System\DTOTaxU.exe
  2⤵
  PID:5724
- C:\Windows\System\toVyXRt.exe
  C:\Windows\System\toVyXRt.exe
  2⤵
  PID:5756
- C:\Windows\System\yfkHPVs.exe
  C:\Windows\System\yfkHPVs.exe
  2⤵
  PID:5792
- C:\Windows\System\VwIeMqm.exe
  C:\Windows\System\VwIeMqm.exe
  2⤵
  PID:5820
- C:\Windows\System\UauPHKF.exe
  C:\Windows\System\UauPHKF.exe
  2⤵
  PID:5848
- C:\Windows\System\lPeXDOv.exe
  C:\Windows\System\lPeXDOv.exe
  2⤵
  PID:5876
- C:\Windows\System\gGzxVmG.exe
  C:\Windows\System\gGzxVmG.exe
  2⤵
  PID:5924
- C:\Windows\System\JPrGmQi.exe
  C:\Windows\System\JPrGmQi.exe
  2⤵
  PID:5952
- C:\Windows\System\CaDugdq.exe
  C:\Windows\System\CaDugdq.exe
  2⤵
  PID:5980
- C:\Windows\System\OVtSRkL.exe
  C:\Windows\System\OVtSRkL.exe
  2⤵
  PID:6016
- C:\Windows\System\nhXjqoE.exe
  C:\Windows\System\nhXjqoE.exe
  2⤵
  PID:6048
- C:\Windows\System\zrgPogw.exe
  C:\Windows\System\zrgPogw.exe
  2⤵
  PID:6076
- C:\Windows\System\zEkgGIt.exe
  C:\Windows\System\zEkgGIt.exe
  2⤵
  PID:6100
- C:\Windows\System\hohporr.exe
  C:\Windows\System\hohporr.exe
  2⤵
  PID:6140
- C:\Windows\System\WFjZGFr.exe
  C:\Windows\System\WFjZGFr.exe
  2⤵
  PID:5204
- C:\Windows\System\aRuHgxz.exe
  C:\Windows\System\aRuHgxz.exe
  2⤵
  PID:5260
- C:\Windows\System\ulhIpbB.exe
  C:\Windows\System\ulhIpbB.exe
  2⤵
  PID:5336
- C:\Windows\System\kcmHyLU.exe
  C:\Windows\System\kcmHyLU.exe
  2⤵
  PID:5440
- C:\Windows\System\gygufMl.exe
  C:\Windows\System\gygufMl.exe
  2⤵
  PID:5524
- C:\Windows\System\jIiuttr.exe
  C:\Windows\System\jIiuttr.exe
  2⤵
  PID:5608
- C:\Windows\System\KBsQxUK.exe
  C:\Windows\System\KBsQxUK.exe
  2⤵
  PID:5676
- C:\Windows\System\mNfUMRL.exe
  C:\Windows\System\mNfUMRL.exe
  2⤵
  PID:5748
- C:\Windows\System\HdxzSXG.exe
  C:\Windows\System\HdxzSXG.exe
  2⤵
  PID:5808
- C:\Windows\System\JvNRTYJ.exe
  C:\Windows\System\JvNRTYJ.exe
  2⤵
  PID:5884
- C:\Windows\System\DQflfpJ.exe
  C:\Windows\System\DQflfpJ.exe
  2⤵
  PID:5948
- C:\Windows\System\SVJzdqY.exe
  C:\Windows\System\SVJzdqY.exe
  2⤵
  PID:6008
- C:\Windows\System\HYuenPN.exe
  C:\Windows\System\HYuenPN.exe
  2⤵
  PID:6060
- C:\Windows\System\vSnNbWE.exe
  C:\Windows\System\vSnNbWE.exe
  2⤵
  PID:5140
- C:\Windows\System\EiqDEZq.exe
  C:\Windows\System\EiqDEZq.exe
  2⤵
  PID:5200
- C:\Windows\System\JPCvpXX.exe
  C:\Windows\System\JPCvpXX.exe
  2⤵
  PID:5464
- C:\Windows\System\rBxuFil.exe
  C:\Windows\System\rBxuFil.exe
  2⤵
  PID:5492
- C:\Windows\System\PuFyFZx.exe
  C:\Windows\System\PuFyFZx.exe
  2⤵
  PID:5780
- C:\Windows\System\IgPjDUY.exe
  C:\Windows\System\IgPjDUY.exe
  2⤵
  PID:6024
- C:\Windows\System\gUEyUHf.exe
  C:\Windows\System\gUEyUHf.exe
  2⤵
  PID:5176
- C:\Windows\System\IqBNUCk.exe
  C:\Windows\System\IqBNUCk.exe
  2⤵
  PID:6148
- C:\Windows\System\Uefvckx.exe
  C:\Windows\System\Uefvckx.exe
  2⤵
  PID:6164
- C:\Windows\System\CXGvRgq.exe
  C:\Windows\System\CXGvRgq.exe
  2⤵
  PID:6188
- C:\Windows\System\OUMtpBF.exe
  C:\Windows\System\OUMtpBF.exe
  2⤵
  PID:6204
- C:\Windows\System\vdoLlvN.exe
  C:\Windows\System\vdoLlvN.exe
  2⤵
  PID:6232
- C:\Windows\System\nwTtxmo.exe
  C:\Windows\System\nwTtxmo.exe
  2⤵
  PID:6260
- C:\Windows\System\vJfrFzG.exe
  C:\Windows\System\vJfrFzG.exe
  2⤵
  PID:6296
- C:\Windows\System\axkAbnO.exe
  C:\Windows\System\axkAbnO.exe
  2⤵
  PID:6328
- C:\Windows\System\dEPyBsY.exe
  C:\Windows\System\dEPyBsY.exe
  2⤵
  PID:6360
- C:\Windows\System\COGKYjM.exe
  C:\Windows\System\COGKYjM.exe
  2⤵
  PID:6388
- C:\Windows\System\refOYNA.exe
  C:\Windows\System\refOYNA.exe
  2⤵
  PID:6420
- C:\Windows\System\rOoGNuC.exe
  C:\Windows\System\rOoGNuC.exe
  2⤵
  PID:6448
- C:\Windows\System\AJmZYnx.exe
  C:\Windows\System\AJmZYnx.exe
  2⤵
  PID:6484
- C:\Windows\System\LQHUMpG.exe
  C:\Windows\System\LQHUMpG.exe
  2⤵
  PID:6504
- C:\Windows\System\htJAPwJ.exe
  C:\Windows\System\htJAPwJ.exe
  2⤵
  PID:6528
- C:\Windows\System\hFckBnf.exe
  C:\Windows\System\hFckBnf.exe
  2⤵
  PID:6552
- C:\Windows\System\ZCoNjFx.exe
  C:\Windows\System\ZCoNjFx.exe
  2⤵
  PID:6584
- C:\Windows\System\fXrUOii.exe
  C:\Windows\System\fXrUOii.exe
  2⤵
  PID:6620
- C:\Windows\System\WfZfMVm.exe
  C:\Windows\System\WfZfMVm.exe
  2⤵
  PID:6648
- C:\Windows\System\DxzQcuN.exe
  C:\Windows\System\DxzQcuN.exe
  2⤵
  PID:6692
- C:\Windows\System\UbhFXtq.exe
  C:\Windows\System\UbhFXtq.exe
  2⤵
  PID:6736
- C:\Windows\System\shYIqOU.exe
  C:\Windows\System\shYIqOU.exe
  2⤵
  PID:6768
- C:\Windows\System\RzQLsGT.exe
  C:\Windows\System\RzQLsGT.exe
  2⤵
  PID:6792
- C:\Windows\System\KNxpmby.exe
  C:\Windows\System\KNxpmby.exe
  2⤵
  PID:6816
- C:\Windows\System\qICJCbz.exe
  C:\Windows\System\qICJCbz.exe
  2⤵
  PID:6848
- C:\Windows\System\HccrkGk.exe
  C:\Windows\System\HccrkGk.exe
  2⤵
  PID:6876
- C:\Windows\System\rXnbEQc.exe
  C:\Windows\System\rXnbEQc.exe
  2⤵
  PID:6900
- C:\Windows\System\idvnYmw.exe
  C:\Windows\System\idvnYmw.exe
  2⤵
  PID:6936
- C:\Windows\System\iRvILMT.exe
  C:\Windows\System\iRvILMT.exe
  2⤵
  PID:6960
- C:\Windows\System\UKdIDpr.exe
  C:\Windows\System\UKdIDpr.exe
  2⤵
  PID:6984
- C:\Windows\System\pITwvkO.exe
  C:\Windows\System\pITwvkO.exe
  2⤵
  PID:7012
- C:\Windows\System\nMhTctu.exe
  C:\Windows\System\nMhTctu.exe
  2⤵
  PID:7044
- C:\Windows\System\ozzrWaL.exe
  C:\Windows\System\ozzrWaL.exe
  2⤵
  PID:7072
- C:\Windows\System\GPXoWJx.exe
  C:\Windows\System\GPXoWJx.exe
  2⤵
  PID:7088
- C:\Windows\System\dnvLrOV.exe
  C:\Windows\System\dnvLrOV.exe
  2⤵
  PID:7124
- C:\Windows\System\ByxBaiI.exe
  C:\Windows\System\ByxBaiI.exe
  2⤵
  PID:7156
- C:\Windows\System\FBesuFs.exe
  C:\Windows\System\FBesuFs.exe
  2⤵
  PID:6136
- C:\Windows\System\UJjNhxK.exe
  C:\Windows\System\UJjNhxK.exe
  2⤵
  PID:5572
- C:\Windows\System\iYvaPLT.exe
  C:\Windows\System\iYvaPLT.exe
  2⤵
  PID:6180
- C:\Windows\System\mvBIDEy.exe
  C:\Windows\System\mvBIDEy.exe
  2⤵
  PID:6256
- C:\Windows\System\nBWcjTL.exe
  C:\Windows\System\nBWcjTL.exe
  2⤵
  PID:6316
- C:\Windows\System\VAfxHrM.exe
  C:\Windows\System\VAfxHrM.exe
  2⤵
  PID:6468
- C:\Windows\System\zPEqDPC.exe
  C:\Windows\System\zPEqDPC.exe
  2⤵
  PID:6496
- C:\Windows\System\iIOsQyh.exe
  C:\Windows\System\iIOsQyh.exe
  2⤵
  PID:6576
- C:\Windows\System\nstHyid.exe
  C:\Windows\System\nstHyid.exe
  2⤵
  PID:6608
- C:\Windows\System\gsbAOCJ.exe
  C:\Windows\System\gsbAOCJ.exe
  2⤵
  PID:6716
- C:\Windows\System\RuKilOJ.exe
  C:\Windows\System\RuKilOJ.exe
  2⤵
  PID:5164
- C:\Windows\System\NLKoQBU.exe
  C:\Windows\System\NLKoQBU.exe
  2⤵
  PID:6808
- C:\Windows\System\OLKhtLB.exe
  C:\Windows\System\OLKhtLB.exe
  2⤵
  PID:6832
- C:\Windows\System\YuocHPY.exe
  C:\Windows\System\YuocHPY.exe
  2⤵
  PID:6948
- C:\Windows\System\WiJxCDO.exe
  C:\Windows\System\WiJxCDO.exe
  2⤵
  PID:6952
- C:\Windows\System\CxIYOfe.exe
  C:\Windows\System\CxIYOfe.exe
  2⤵
  PID:7108
- C:\Windows\System\ZwQsLne.exe
  C:\Windows\System\ZwQsLne.exe
  2⤵
  PID:7100
- C:\Windows\System\gxrKASx.exe
  C:\Windows\System\gxrKASx.exe
  2⤵
  PID:7164
- C:\Windows\System\uPboKtx.exe
  C:\Windows\System\uPboKtx.exe
  2⤵
  PID:6280
- C:\Windows\System\IJZsbkO.exe
  C:\Windows\System\IJZsbkO.exe
  2⤵
  PID:6376
- C:\Windows\System\EJndHzA.exe
  C:\Windows\System\EJndHzA.exe
  2⤵
  PID:6460
- C:\Windows\System\irRMyNX.exe
  C:\Windows\System\irRMyNX.exe
  2⤵
  PID:6664
- C:\Windows\System\ERjLjCg.exe
  C:\Windows\System\ERjLjCg.exe
  2⤵
  PID:6928
- C:\Windows\System\wmwTSPw.exe
  C:\Windows\System\wmwTSPw.exe
  2⤵
  PID:7004
- C:\Windows\System\crGlfEd.exe
  C:\Windows\System\crGlfEd.exe
  2⤵
  PID:6248
- C:\Windows\System\yKRmmoU.exe
  C:\Windows\System\yKRmmoU.exe
  2⤵
  PID:6228
- C:\Windows\System\uzSBafg.exe
  C:\Windows\System\uzSBafg.exe
  2⤵
  PID:6756
- C:\Windows\System\efQwKOW.exe
  C:\Windows\System\efQwKOW.exe
  2⤵
  PID:6784
- C:\Windows\System\JrAxgBA.exe
  C:\Windows\System\JrAxgBA.exe
  2⤵
  PID:7204
- C:\Windows\System\giAUmNh.exe
  C:\Windows\System\giAUmNh.exe
  2⤵
  PID:7232
- C:\Windows\System\HZnrtKw.exe
  C:\Windows\System\HZnrtKw.exe
  2⤵
  PID:7252
- C:\Windows\System\sKpIeSC.exe
  C:\Windows\System\sKpIeSC.exe
  2⤵
  PID:7284
- C:\Windows\System\oyRosVq.exe
  C:\Windows\System\oyRosVq.exe
  2⤵
  PID:7316
- C:\Windows\System\oZsCzgn.exe
  C:\Windows\System\oZsCzgn.exe
  2⤵
  PID:7344
- C:\Windows\System\ijxXnLv.exe
  C:\Windows\System\ijxXnLv.exe
  2⤵
  PID:7376
- C:\Windows\System\EYrxshJ.exe
  C:\Windows\System\EYrxshJ.exe
  2⤵
  PID:7404
- C:\Windows\System\LEQZAfH.exe
  C:\Windows\System\LEQZAfH.exe
  2⤵
  PID:7444
- C:\Windows\System\EdqJgdS.exe
  C:\Windows\System\EdqJgdS.exe
  2⤵
  PID:7464
- C:\Windows\System\hrRertg.exe
  C:\Windows\System\hrRertg.exe
  2⤵
  PID:7492
- C:\Windows\System\YXKxFgI.exe
  C:\Windows\System\YXKxFgI.exe
  2⤵
  PID:7528
- C:\Windows\System\HMcuQmb.exe
  C:\Windows\System\HMcuQmb.exe
  2⤵
  PID:7556
- C:\Windows\System\VAgRDoB.exe
  C:\Windows\System\VAgRDoB.exe
  2⤵
  PID:7584
- C:\Windows\System\ggbrRrc.exe
  C:\Windows\System\ggbrRrc.exe
  2⤵
  PID:7616
- C:\Windows\System\reNWBRx.exe
  C:\Windows\System\reNWBRx.exe
  2⤵
  PID:7640
- C:\Windows\System\TteweWe.exe
  C:\Windows\System\TteweWe.exe
  2⤵
  PID:7668
- C:\Windows\System\veglXuf.exe
  C:\Windows\System\veglXuf.exe
  2⤵
  PID:7700
- C:\Windows\System\ORfoqDX.exe
  C:\Windows\System\ORfoqDX.exe
  2⤵
  PID:7720
- C:\Windows\System\ccihJcW.exe
  C:\Windows\System\ccihJcW.exe
  2⤵
  PID:7748
- C:\Windows\System\TQpfBMM.exe
  C:\Windows\System\TQpfBMM.exe
  2⤵
  PID:7784
- C:\Windows\System\lXIvuxs.exe
  C:\Windows\System\lXIvuxs.exe
  2⤵
  PID:7820
- C:\Windows\System\eCrhjbv.exe
  C:\Windows\System\eCrhjbv.exe
  2⤵
  PID:7844
- C:\Windows\System\XJxYJPv.exe
  C:\Windows\System\XJxYJPv.exe
  2⤵
  PID:7868
- C:\Windows\System\IsFmovy.exe
  C:\Windows\System\IsFmovy.exe
  2⤵
  PID:7896
- C:\Windows\System\zDXPkJx.exe
  C:\Windows\System\zDXPkJx.exe
  2⤵
  PID:7924
- C:\Windows\System\IBjFqxt.exe
  C:\Windows\System\IBjFqxt.exe
  2⤵
  PID:7944
- C:\Windows\System\NexuNMe.exe
  C:\Windows\System\NexuNMe.exe
  2⤵
  PID:7980
- C:\Windows\System\GHXCBer.exe
  C:\Windows\System\GHXCBer.exe
  2⤵
  PID:7996
- C:\Windows\System\rsBfRTA.exe
  C:\Windows\System\rsBfRTA.exe
  2⤵
  PID:8020
- C:\Windows\System\INXCHVQ.exe
  C:\Windows\System\INXCHVQ.exe
  2⤵
  PID:8052
- C:\Windows\System\CNyOErG.exe
  C:\Windows\System\CNyOErG.exe
  2⤵
  PID:8072
- C:\Windows\System\IqqDePf.exe
  C:\Windows\System\IqqDePf.exe
  2⤵
  PID:8108
- C:\Windows\System\ArkoEPw.exe
  C:\Windows\System\ArkoEPw.exe
  2⤵
  PID:8140
- C:\Windows\System\SSDnbeQ.exe
  C:\Windows\System\SSDnbeQ.exe
  2⤵
  PID:8168
- C:\Windows\System\wscrOIl.exe
  C:\Windows\System\wscrOIl.exe
  2⤵
  PID:6980
- C:\Windows\System\fcopGrG.exe
  C:\Windows\System\fcopGrG.exe
  2⤵
  PID:7064
- C:\Windows\System\OVroNnE.exe
  C:\Windows\System\OVroNnE.exe
  2⤵
  PID:7192
- C:\Windows\System\jqUgccw.exe
  C:\Windows\System\jqUgccw.exe
  2⤵
  PID:7332
- C:\Windows\System\DnboQIk.exe
  C:\Windows\System\DnboQIk.exe
  2⤵
  PID:7384
- C:\Windows\System\vEVdlyo.exe
  C:\Windows\System\vEVdlyo.exe
  2⤵
  PID:7428
- C:\Windows\System\QdTpQEF.exe
  C:\Windows\System\QdTpQEF.exe
  2⤵
  PID:7472
- C:\Windows\System\pgPQhHJ.exe
  C:\Windows\System\pgPQhHJ.exe
  2⤵
  PID:7572
- C:\Windows\System\CCLjszg.exe
  C:\Windows\System\CCLjszg.exe
  2⤵
  PID:7632
- C:\Windows\System\JsqXZnc.exe
  C:\Windows\System\JsqXZnc.exe
  2⤵
  PID:7684
- C:\Windows\System\SBPkRLx.exe
  C:\Windows\System\SBPkRLx.exe
  2⤵
  PID:7716
- C:\Windows\System\djRapxx.exe
  C:\Windows\System\djRapxx.exe
  2⤵
  PID:7840
- C:\Windows\System\HmpKuGN.exe
  C:\Windows\System\HmpKuGN.exe
  2⤵
  PID:7904
- C:\Windows\System\MQoYRKj.exe
  C:\Windows\System\MQoYRKj.exe
  2⤵
  PID:7988
- C:\Windows\System\LNDMLVE.exe
  C:\Windows\System\LNDMLVE.exe
  2⤵
  PID:8040
- C:\Windows\System\uJLVsAh.exe
  C:\Windows\System\uJLVsAh.exe
  2⤵
  PID:8128
- C:\Windows\System\JsFXIpC.exe
  C:\Windows\System\JsFXIpC.exe
  2⤵
  PID:6176
- C:\Windows\System\JcdGzxW.exe
  C:\Windows\System\JcdGzxW.exe
  2⤵
  PID:6348
- C:\Windows\System\WitTOSc.exe
  C:\Windows\System\WitTOSc.exe
  2⤵
  PID:7360
- C:\Windows\System\tKschzF.exe
  C:\Windows\System\tKschzF.exe
  2⤵
  PID:7452
- C:\Windows\System\zWAeBVL.exe
  C:\Windows\System\zWAeBVL.exe
  2⤵
  PID:7688
- C:\Windows\System\nowbfDC.exe
  C:\Windows\System\nowbfDC.exe
  2⤵
  PID:7864
- C:\Windows\System\CUiJfze.exe
  C:\Windows\System\CUiJfze.exe
  2⤵
  PID:8016
- C:\Windows\System\aflrzDM.exe
  C:\Windows\System\aflrzDM.exe
  2⤵
  PID:6748
- C:\Windows\System\zcKyMEr.exe
  C:\Windows\System\zcKyMEr.exe
  2⤵
  PID:7880
- C:\Windows\System\miRKFkg.exe
  C:\Windows\System\miRKFkg.exe
  2⤵
  PID:7940
- C:\Windows\System\VdURIky.exe
  C:\Windows\System\VdURIky.exe
  2⤵
  PID:8224
- C:\Windows\System\tunQrgh.exe
  C:\Windows\System\tunQrgh.exe
  2⤵
  PID:8252
- C:\Windows\System\CiaAgMU.exe
  C:\Windows\System\CiaAgMU.exe
  2⤵
  PID:8272
- C:\Windows\System\OAQxhgV.exe
  C:\Windows\System\OAQxhgV.exe
  2⤵
  PID:8300
- C:\Windows\System\wOALzQo.exe
  C:\Windows\System\wOALzQo.exe
  2⤵
  PID:8320
- C:\Windows\System\neUTiNj.exe
  C:\Windows\System\neUTiNj.exe
  2⤵
  PID:8340
- C:\Windows\System\EriEdoZ.exe
  C:\Windows\System\EriEdoZ.exe
  2⤵
  PID:8376
- C:\Windows\System\LDziJzS.exe
  C:\Windows\System\LDziJzS.exe
  2⤵
  PID:8404
- C:\Windows\System\gNKblfw.exe
  C:\Windows\System\gNKblfw.exe
  2⤵
  PID:8444
- C:\Windows\System\ZNirBtY.exe
  C:\Windows\System\ZNirBtY.exe
  2⤵
  PID:8460
- C:\Windows\System\YgAXdBU.exe
  C:\Windows\System\YgAXdBU.exe
  2⤵
  PID:8488
- C:\Windows\System\cCljRzz.exe
  C:\Windows\System\cCljRzz.exe
  2⤵
  PID:8528
- C:\Windows\System\QUMZTep.exe
  C:\Windows\System\QUMZTep.exe
  2⤵
  PID:8548
- C:\Windows\System\RMPWkxG.exe
  C:\Windows\System\RMPWkxG.exe
  2⤵
  PID:8576
- C:\Windows\System\PPPLerF.exe
  C:\Windows\System\PPPLerF.exe
  2⤵
  PID:8608
- C:\Windows\System\oIDRyIG.exe
  C:\Windows\System\oIDRyIG.exe
  2⤵
  PID:8628
- C:\Windows\System\vqFJqQS.exe
  C:\Windows\System\vqFJqQS.exe
  2⤵
  PID:8648
- C:\Windows\System\FYsXCRK.exe
  C:\Windows\System\FYsXCRK.exe
  2⤵
  PID:8680
- C:\Windows\System\awldgKk.exe
  C:\Windows\System\awldgKk.exe
  2⤵
  PID:8708
- C:\Windows\System\lnMOmnh.exe
  C:\Windows\System\lnMOmnh.exe
  2⤵
  PID:8744
- C:\Windows\System\gtSkboz.exe
  C:\Windows\System\gtSkboz.exe
  2⤵
  PID:8768
- C:\Windows\System\JytsYGH.exe
  C:\Windows\System\JytsYGH.exe
  2⤵
  PID:8792
- C:\Windows\System\MeNSKTy.exe
  C:\Windows\System\MeNSKTy.exe
  2⤵
  PID:8816
- C:\Windows\System\DGfmveS.exe
  C:\Windows\System\DGfmveS.exe
  2⤵
  PID:8836
- C:\Windows\System\kfQCORJ.exe
  C:\Windows\System\kfQCORJ.exe
  2⤵
  PID:8868
- C:\Windows\System\ANAgZLr.exe
  C:\Windows\System\ANAgZLr.exe
  2⤵
  PID:8888
- C:\Windows\System\xWjlytd.exe
  C:\Windows\System\xWjlytd.exe
  2⤵
  PID:8932
- C:\Windows\System\NnIGHsb.exe
  C:\Windows\System\NnIGHsb.exe
  2⤵
  PID:8960
- C:\Windows\System\ILxpfGO.exe
  C:\Windows\System\ILxpfGO.exe
  2⤵
  PID:8988
- C:\Windows\System\djXnwLg.exe
  C:\Windows\System\djXnwLg.exe
  2⤵
  PID:9016
- C:\Windows\System\XNTqYbT.exe
  C:\Windows\System\XNTqYbT.exe
  2⤵
  PID:9048
- C:\Windows\System\iOBRzYa.exe
  C:\Windows\System\iOBRzYa.exe
  2⤵
  PID:9072
- C:\Windows\System\xUcjUEW.exe
  C:\Windows\System\xUcjUEW.exe
  2⤵
  PID:9112
- C:\Windows\System\bDZeSOK.exe
  C:\Windows\System\bDZeSOK.exe
  2⤵
  PID:9160
- C:\Windows\System\CjJGnRL.exe
  C:\Windows\System\CjJGnRL.exe
  2⤵
  PID:9180
- C:\Windows\System\gAxqTcy.exe
  C:\Windows\System\gAxqTcy.exe
  2⤵
  PID:9204
- C:\Windows\System\UjrRcPQ.exe
  C:\Windows\System\UjrRcPQ.exe
  2⤵
  PID:8008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AaqlsnP.exe

Filesize
1.8MB

MD5
acf5f2e222c2d40740168af4b2995723

SHA1
7963b0a02bf07d07864b000b9c07452fead090df

SHA256
48fd0c9fbaea9839610f89f74d8b7ffb2a9fb8132cd7f03cce1bfd0dba399005

SHA512
23850b342ff22ea70644172b11f203b2cb02821c4af0427652287729d68e687fc0246a34ef6c3cc33fa2f118db41fd7b9f154609710c11bd24b79bcdb01239de

Download Submit
C:\Windows\System\Barapgi.exe

Filesize
1.8MB

MD5
0ef9a5cba526651b1fef71a6e3d1e386

SHA1
5621819eacdb8375257e86e1cd4f995eb8b64d1e

SHA256
75929d1b6dbc419abcc8f4e627831eb0a456fb80f120f0cf54aa7812a48337d3

SHA512
d207ad6d1173c3b6dd274ff5f337a90382bbaf34fbf5d6b1dd345223af806e9f1b3c392f36692be090a7f325035544c492f2269d84e4c4ed4a8fce604f40a0c5

Download Submit
C:\Windows\System\BjdGEHd.exe

Filesize
1.8MB

MD5
6fcc111e9e0b1cdbe2f97fa9f8aba107

SHA1
e0aaec1453557d37101df6ac0461e978e7e2be2d

SHA256
fc2d8caead87181e3e46c11fe446570fa70f5356d1e9106c2387c786a934ffe2

SHA512
0947f0a8a1aa643bb05f8adefdfedc147d0f8aa3e710a96acd7a43e733825409db70b5fc705ffe1378ab815ab0352e4a7b845450de2df39ca1bae132bc589fb5

Download Submit
C:\Windows\System\BxRgxTF.exe

Filesize
1.8MB

MD5
aab1c15b7e567e9c7585223a1b48289f

SHA1
690c7b3eab25a0617a002c05f6f5646d254ce844

SHA256
85df62ef985ae623db2dac99450ddb332ddaab20e117fc8796f3e5601a1634e3

SHA512
7499f235f4eb2d97d060bab4c5077421a8710eb2a31123cb36bc3fec352af2c851a53baf8ddea475cfaf20880816c5f8e952823a7dff01b9708d3c8278c6c522

Download Submit
C:\Windows\System\CMIIkXP.exe

Filesize
1.8MB

MD5
c7741b9aa66578e053aa236cd94365d0

SHA1
392dfd43ba2983d13e8a7928157201e457697f46

SHA256
edd54d6654be19dbd3f63226496516d8bb6791a2ddb69d817269c136a255f2de

SHA512
6dadf61989b60e88bf169df4e4a8fe162a4b62028654ebee06fea9cdbf12693023094fd37ba0f225bd89be297f75397331ff15e4ba8616584c38eb78c017936d

Download Submit
C:\Windows\System\DsBCnKk.exe

Filesize
1.8MB

MD5
21db67c01d327471b9e403fed65d64f5

SHA1
2b8d3148e6ef58dfae8b605049d78b9beeb5fd26

SHA256
d8eb9b1196f8aabcd19bb2aaf2b757fcfdf34499a32431fe7e8fefe8d2b8bf8a

SHA512
c621bebc16074f5f316e6167ed10e2663337a36d17208c43357070ec0e77343f6918b882fc294fc207350b44482c770b31a5eb1696ff4926b8b926a77acf7c5e

Download Submit
C:\Windows\System\EigvyZc.exe

Filesize
1.8MB

MD5
c0500b37133106470ae98c81aec951fb

SHA1
87ece23d55d75bc4dddad76bd006600d5b1116cf

SHA256
11f6deda289054352f11e0224eb7d225ce22b9c3b3e5252fe458e4feb5f9ddb4

SHA512
395879d85d0b75cf92e0ecef709f573481ff12659ea4e983a47a1052163c3e7acd0bb7541beee78c0b574b8eb5be288910b7007044d3403ef383db66818ef558

Download Submit
C:\Windows\System\GFGVChN.exe

Filesize
1.8MB

MD5
252b9e4c2d2d62756648101964ad1c52

SHA1
ad1b05254577ca4c1e52427aa60df51aa4f68838

SHA256
540b7bc80e909a0640a34d7cecf8c812d1e2d47c683ddf52d266b4f290029cfc

SHA512
fcdc2b96f09bba16f57352c3ab76db89848e176da65f4fc1da40b679280f759d8bdb9e672666a13d2d854af9880c070fba3fe7586cbda5abda4aa5648874a678

Download Submit
C:\Windows\System\HZuqYPb.exe

Filesize
1.8MB

MD5
67291fcb2804c83a73218331fb008399

SHA1
91e6581da6ce373ea92ee1eb27d15a3ff2c6f0f1

SHA256
64484b3f01bd194019c0795ab83e3afb57f3ba1d7759bf37b7971503b602925f

SHA512
2c00a54d8817a61a34e776de4d8b8549f303a39a4d4631dc29a3fbcda7f7da7a12b34c74a2021ab89937faea98125ad02d4c538667feacc34a76d2bd6a401475

Download Submit
C:\Windows\System\KDVvgwU.exe

Filesize
1.8MB

MD5
1b50e85103e7f1c6b00e335ab41d2a10

SHA1
792348a478918a8d4e7e5e9de7b59cedd9bbd951

SHA256
149cc07a70c51a4e2fa2036443c19f57595bc83afd639a1c26bddd183a93b195

SHA512
fbb9c228e283212c4c327dcf2ed6341becb6dd2071ce8c99aa482b6076e290ea23e35ef48bd9e6f027f2157a016f3c785c207ffc3af2d692cb58583f5cbd4218

Download Submit
C:\Windows\System\MDAzMvA.exe

Filesize
1.8MB

MD5
9bd059a3dcf28d5efdb143ea0514563f

SHA1
193ece6ae5014b2a8476eb9d10336fa0fb093fb2

SHA256
dbf44f4da44b64b9d468ffd16ed8dbdb4371d8719a0218583e8891c0c002d4c2

SHA512
07aadca683930ea65869020704db1993f1d3c068e6dc73769c5e0f1cdbba76565ac8aa04685b53a6e99ef13fb6091b81e084d3b221c81431eaa1d628f740ab53

Download Submit
C:\Windows\System\NxONeRI.exe

Filesize
1.8MB

MD5
5f64d5dcdd753898fddaed308b6fcc65

SHA1
9ca2b16e7de50792b1ebaee5b334ef932be3fe3d

SHA256
375b3277e16e5694a47ae6af2ad4137f590fd3a3e32345e8b6db81558cea9aae

SHA512
8c84ae775feda4b8736cd6ff867d7f643eddaa20bfec27b6a8a5621976e550ab3a9097a2fef90b3cf8282c406ac0a0ad6302ee15e35769116dc2aea346834797

Download Submit
C:\Windows\System\OvZgExm.exe

Filesize
1.8MB

MD5
3fc08e6831ae36ba01a1510192f65c9d

SHA1
413ac67d2e895cf773f2a846f62e71be215c08c6

SHA256
00f75062f6cb381e2c2da257173a606000a300591b33d6fedec9ee95d7973416

SHA512
8d776c624d61b776143ccd7e12e41365a18381657addffd1f5f702eba3a7c9832579ce85b52dfd681715d795539b09581f70b86fb6383ef1b4f2af8d2789d458

Download Submit
C:\Windows\System\PzFymuc.exe

Filesize
1.8MB

MD5
2abaa06c67bae96df004ad44ce52d3d3

SHA1
ad44e64bd9b4dcaf33c3b822bab5f7f08a250426

SHA256
6d86d410f01e51ca53ecd1a5dadfadf8670897ded7c5f69272d48daefa82804c

SHA512
8ef68a65742e464d6b0276ae1de8c51a35fb75c2dbd28eba5a8153f12e01ea91f8730bdbd2eed1b2c4ac543c2831d52f571978e5200b68bfd9ca93bac9d66908

Download Submit
C:\Windows\System\QdnvWxX.exe

Filesize
1.8MB

MD5
47539f8c07fd84443e16a9020934fbba

SHA1
7524d32f317335e80845dd64794e2db85a430701

SHA256
192e3153719a8b3d53364af1b6339c28277154a0726ec62fd234ec1eb7d14ff4

SHA512
c0dc49f6bc582858b4016a76e2ae64b7f1a5a4a5f70f52f84ffebc4b8622a633e1e1f147319fa9708b15d02c5b5a0cca68c2f0763027d80ac3171706dbbe0afd

Download Submit
C:\Windows\System\VXSCIsW.exe

Filesize
1.8MB

MD5
15337286178825f1559591bff2795d71

SHA1
43c8e86039f19b8d61974214ee9b0f53449f6237

SHA256
2e174982c4e5b97bf80a7baa90172ba88ce5abb918650e3c5277799e9cfbd76b

SHA512
6f9d49a10c1b158e9e3446217f8a833053ddb8c30406578d12568b31b64cf0b0a6348f750f4baa55bd305539fa05835511128e58fd64cd847a07532faf761a53

Download Submit
C:\Windows\System\VdDnJpP.exe

Filesize
1.8MB

MD5
d44e441a7dca0b907e9e98e6c6c861f2

SHA1
fab19478ff5aa366af4989e38f400ac5bf317c87

SHA256
958cb820bbadb7c934df3ebd50e2fef9927599c70b484588153519d732ad3196

SHA512
16ffedc291da7495a16fe3e299744c9ce4e88b854688479e5d8d877a7bf521be0d16aad4b633a6d630900ffa3a71f6067caf59b6c259d0313af4efd20af40d49

Download Submit
C:\Windows\System\WFqiHjy.exe

Filesize
1.8MB

MD5
18820a14590ef26d097177d2bd4228f7

SHA1
b5734168445355c0d16b596401ad11e10837ed85

SHA256
d1b7cda8ed0178b7a43b1dbba783dff0118168b8039537cd17b83ffee6a212a9

SHA512
5ff0603587c85217d6bc8524c6b26e583eb21bae44b77d7ab14376b0055a7e23308577684234af0d4cab2df36f852a9f4159e00cd1735ab1ba4e40bd7141b9a3

Download Submit
C:\Windows\System\XAmdwQL.exe

Filesize
1.8MB

MD5
a2793e18b3826d21f5f50b4450292d3a

SHA1
14d177fe689f3d52db1b39a50a0104b9ad1b4be7

SHA256
e52fbd15189d2522d6c608e2467631995a60eadbbbd28dd6126b7ae64e2d9bf0

SHA512
f4837610b66fbe5fe7e9998335296e2df6a1af79ccefdbe233754aadfe9c20ddf1378041d1b744e6fccb04c0c29b80aaa93182a8dbe10708e274639cf6234289

Download Submit
C:\Windows\System\YpBowFO.exe

Filesize
1.8MB

MD5
88a3480ff71e214895a1bf3b468f7d24

SHA1
1763272ce633860bd440f359bc202c1ac88db6c0

SHA256
64cde350c2af6f4a4abb09a7c96ba9d63172dac23621b92e2c268026aea949e9

SHA512
8bc339935817ead4597cdc5ce2c1c8f12063a648e77a078ca1c0b9d308f93554b141fc09f7e11d7f97f953c84673d5521d318e58a0df28b4f1a591ab7da0952f

Download Submit
C:\Windows\System\ZEkDcOl.exe

Filesize
1.8MB

MD5
4222ae2ef63acc7c4ace266ff52e1ff3

SHA1
853cf6e03e53218241449699ec4b00019999e1bb

SHA256
b61f9f499aede49dc7e31aee93de570d336e8eb3132bb317f96bf4bf3e6f92a0

SHA512
4e6f820b6e7b9449a01149e3efd0a5a07e5280395bf3af08b68e6703bdb395c0141c355a282b3b36a34b7cbe711874eb1526e1c1711a84f7e26999b7edc91c12

Download Submit
C:\Windows\System\evSuEBG.exe

Filesize
1.8MB

MD5
31f705ea80bed462d9172dea595bd86c

SHA1
b505776e953949d7dda787112ea31cff6a9ce7b6

SHA256
5ba98658573605673be80485ac08860b6168dd86c21d5169737f72c7f946f5a5

SHA512
9541b5d38e7f93bda598d68b62e149cedc1481c72d15927a0dae929eaf38a62adcf984e0080d6370bdbbad40d9f603750452d2fd00aa123db9f7c99f598d2d46

Download Submit
C:\Windows\System\jgAnPax.exe

Filesize
1.8MB

MD5
52a3eaf9a14cc80099e140ee024a3247

SHA1
06f0012af5fa58b023fcf754260aa8a4afd2a581

SHA256
50e4e88e68994c7621a6b6a7ab56cc8ff6e6084a169fb4ca50ae26cac00cd480

SHA512
6e9a3a99d0ccbc0ed5362f2c8243c2d990f6da318f47203906dc82c55fd264ad85553e341e404ca6896c6ec82aacb72d9735eae38b3ae36583542ba7778173d8

Download Submit
C:\Windows\System\kFBIBjR.exe

Filesize
1.8MB

MD5
83ceace85fc6a97adddccd85a4073f7e

SHA1
5177dc9e1dad7042ce87b71a3330faa26e465bc6

SHA256
cffe0522911d4467ed17903705bc1077107f8915f4313decc818b3a9c50ccb2a

SHA512
3a405e381ec9dbeca904286251410dcf9a978c5043d472e78a4acc08fe34a02591e9ab466b209ffcc9bc45830ba65df41db3ec199029ced3bebb2ad978808f9e

Download Submit
C:\Windows\System\llbbCOu.exe

Filesize
1.8MB

MD5
873a667037fa327b4d5328849e887c84

SHA1
004fe66029796aeb79e477d33bc9afda531190fc

SHA256
d3a0da745063cce1c23f3411358db1da5e18a81d58c9ef487cf5fd468db62635

SHA512
f29343a31d77bccc0f5df2c9cf3d4d83118b102e0d3c8938ce9070d47f5a918b90278257cd0d1f90d6c3776439a96c26c1f1e6cb1cea525aed61c7deda1460cc

Download Submit
C:\Windows\System\nHidCOx.exe

Filesize
1.8MB

MD5
d3caf6c07fb8b140db16547dd775f748

SHA1
f5df88639d9ab75c2db7dcbc140ccc7ba560ab9e

SHA256
4942329978796c51fffe1a9743cfd4ac436adc49b84fcb001c36120bb969709a

SHA512
57ae62d828f9428f5c5e5928797ae91beb15f17dde0a5efb74ebeb64e02ab3dda1cbca1295909a7d1db6743e4f2604bce5971fc415ec44eb35d509d4a6bdf915

Download Submit
C:\Windows\System\ssXecpL.exe

Filesize
1.8MB

MD5
ea6adeeb013cd1dcf6ff700cccabe478

SHA1
7a188c3c6905ea58617b9bfcc588439a06a595a8

SHA256
75a2bb61b6907565385ef6e5abebce8444ff47d6acd83adf7d55908e3ab7fae8

SHA512
bd982a4babdc6d7f2775f203f3927f5640b195300175ca80773ef8eb8344d393da1ac446177fd442e146cdf35a12e4bdcae8e636d56627a2d3b006a912526396

Download Submit
C:\Windows\System\tVwCJMh.exe

Filesize
1.8MB

MD5
90ad8cd800f9367bab184c3bd286af7e

SHA1
32dc83971f45e653c15dd1636e000e390fadc9f3

SHA256
9d10e9a27a08be1bacbc8d53589f17e17906ec752d49b801886d4d41419d2719

SHA512
d4addeec91ecb762d8b6fad0559fbfd9ed96d49b3cbdc8173b33b655e5cfbbe2cd584efda22e8e3a9d374621d080a164b6d30f9a5e06dfc8a93970d2ddda2989

Download Submit
C:\Windows\System\tzKHtKN.exe

Filesize
1.8MB

MD5
222943020651bbeb1a6e7ebac3d366ae

SHA1
99b212d1a42751f32a45eca613b62ce55a066015

SHA256
1bb591d94261fc3de6f52c293864ea96f43a56e740d72d937f85ce431878b8e4

SHA512
f0365038bea31c0f7f8384350dc472275fa92af7ef6ffeb579c32ba6b9ed61a6dee5257c086b29d20945a5dd10cd26a3b1d88a644d7dd4e244a6f3d50c521373

Download Submit
C:\Windows\System\wCNMEpv.exe

Filesize
1.8MB

MD5
abcb502d8cbcdeb5b61d10f6a403d3bc

SHA1
3e95195c276fd64e6559c1e4cae5161243b139b5

SHA256
06e8161710ab59559359fdbdab750f83ec1a0781fd61a95b0f521a4497bd07fd

SHA512
a7676022be8587482a357c01798b7d05a00b71a9be64fa35c569300ca5340b17abd4e74d7d384f0322e11a027cca97f9aefe7ad8bbac47a29c4031759a31ec03

Download Submit
C:\Windows\System\wLOiICW.exe

Filesize
1.8MB

MD5
0793a539d881754ef3cf1435d0d862ee

SHA1
5a94d4f22e4def57c09c8dcc39599d8df30c7e97

SHA256
e0f86bde63ba98154e16be83fbab4b68d97ccb34fb815bb7e0a5f061b9b50b6c

SHA512
f0c948b7c8b51f91982e2971f50cac0a5dfb34187cad1f353128a87643712a31285531bd63bded5231d4df604dbe10f5bd76fa92aa9cb65bfd4edf7f40b5d370

Download Submit
C:\Windows\System\wlWwLYd.exe

Filesize
1.8MB

MD5
624d38600a279d5eb53c34b3bea87238

SHA1
94134412d26a343f80c16787b1ba9b46c2d2fa36

SHA256
69c61ddf8db09ee0302f03b4776f40b29102499a5c2e50ee870be2cdb0fe1d6d

SHA512
883adcee787e6fb241245d40370a4281bd65fa5d4c149a42bd10b58dd881064a242f70e99fc273f1d3083b2a6d74beafa5bf640e9c1f6ed691c7e085510a9dc6

Download Submit
C:\Windows\System\zYtJXek.exe

Filesize
1.8MB

MD5
0861cb8b18996edf85a28cb7ea0b868e

SHA1
321163f7a16633197f312f10ba72a5b7247070d7

SHA256
80ea76fa849f7620d5c337d7e3d2b2a39c9e97867d1d07ada8efa6e3fcbe52a3

SHA512
d90aabb571b71ba876969a4d145b90c4a8d7a37bcb0f7ae677c644a7b2f3f683cedb7d2123dc15254589b191aa1ec39e43b53c8b07885c6d33df5772144906a2

Download Submit
memory/3084-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download