kpot | 83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3

Analysis

max time kernel
140s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
Size

2.2MB
MD5

e299ff3f5b0efee203e169af4cb811e7
SHA1

a834163be4b652224ca3aceba03f114513b9c045
SHA256

83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3
SHA512

a16b22bad50d3d596b31ae4b80527088f17d7d81f542e81a7d8ce955c0cbee6a2280a52ebc25189e297fa5e1004a3020ec6b2abbaa3da91b96ecb41160438d05
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2iVJo:GemTLkNdfE0pZaQv

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000500000001924a-159.dat	family_kpot
behavioral1/files/0x0005000000019244-154.dat	family_kpot
behavioral1/files/0x00050000000191f1-149.dat	family_kpot
behavioral1/files/0x00050000000191dc-144.dat	family_kpot
behavioral1/files/0x0006000000018bc8-139.dat	family_kpot
behavioral1/files/0x0005000000018712-134.dat	family_kpot
behavioral1/files/0x000500000001870f-129.dat	family_kpot
behavioral1/files/0x0005000000018701-123.dat	family_kpot
behavioral1/files/0x00050000000186f7-119.dat	family_kpot
behavioral1/files/0x0008000000018681-114.dat	family_kpot
behavioral1/files/0x0006000000018660-109.dat	family_kpot
behavioral1/files/0x000600000001756a-82.dat	family_kpot
behavioral1/files/0x00060000000174af-77.dat	family_kpot
behavioral1/files/0x00060000000175ed-103.dat	family_kpot
behavioral1/files/0x00060000000174f5-81.dat	family_kpot
behavioral1/files/0x00060000000174a8-72.dat	family_kpot
behavioral1/files/0x00060000000173de-68.dat	family_kpot
behavioral1/files/0x00060000000173c8-64.dat	family_kpot
behavioral1/files/0x00060000000173c2-60.dat	family_kpot
behavioral1/files/0x0006000000016fb3-56.dat	family_kpot
behavioral1/files/0x0031000000015f61-52.dat	family_kpot
behavioral1/files/0x0006000000016e9f-49.dat	family_kpot
behavioral1/files/0x0006000000016ddf-44.dat	family_kpot
behavioral1/files/0x0006000000016dcf-40.dat	family_kpot
behavioral1/files/0x0009000000016c65-36.dat	family_kpot
behavioral1/files/0x0007000000016c4b-33.dat	family_kpot
behavioral1/files/0x0007000000016a83-28.dat	family_kpot
behavioral1/files/0x000700000001683c-24.dat	family_kpot
behavioral1/files/0x0008000000016578-16.dat	family_kpot
behavioral1/files/0x00080000000162df-13.dat	family_kpot
behavioral1/files/0x0008000000016141-9.dat	family_kpot
behavioral1/files/0x000700000001211b-5.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000500000001924a-159.dat	xmrig
behavioral1/files/0x0005000000019244-154.dat	xmrig
behavioral1/files/0x00050000000191f1-149.dat	xmrig
behavioral1/files/0x00050000000191dc-144.dat	xmrig
behavioral1/files/0x0006000000018bc8-139.dat	xmrig
behavioral1/files/0x0005000000018712-134.dat	xmrig
behavioral1/files/0x000500000001870f-129.dat	xmrig
behavioral1/files/0x0005000000018701-123.dat	xmrig
behavioral1/files/0x00050000000186f7-119.dat	xmrig
behavioral1/files/0x0008000000018681-114.dat	xmrig
behavioral1/files/0x0006000000018660-109.dat	xmrig
behavioral1/files/0x000600000001756a-82.dat	xmrig
behavioral1/files/0x00060000000174af-77.dat	xmrig
behavioral1/files/0x00060000000175ed-103.dat	xmrig
behavioral1/files/0x00060000000174f5-81.dat	xmrig
behavioral1/files/0x00060000000174a8-72.dat	xmrig
behavioral1/files/0x00060000000173de-68.dat	xmrig
behavioral1/files/0x00060000000173c8-64.dat	xmrig
behavioral1/files/0x00060000000173c2-60.dat	xmrig
behavioral1/files/0x0006000000016fb3-56.dat	xmrig
behavioral1/files/0x0031000000015f61-52.dat	xmrig
behavioral1/files/0x0006000000016e9f-49.dat	xmrig
behavioral1/files/0x0006000000016ddf-44.dat	xmrig
behavioral1/files/0x0006000000016dcf-40.dat	xmrig
behavioral1/files/0x0009000000016c65-36.dat	xmrig
behavioral1/files/0x0007000000016c4b-33.dat	xmrig
behavioral1/files/0x0007000000016a83-28.dat	xmrig
behavioral1/files/0x000700000001683c-24.dat	xmrig
behavioral1/files/0x0008000000016578-16.dat	xmrig
behavioral1/files/0x00080000000162df-13.dat	xmrig
behavioral1/files/0x0008000000016141-9.dat	xmrig
behavioral1/files/0x000700000001211b-5.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2812	nVldYsn.exe
2732	eFYWQhC.exe
2280	PjNxXLl.exe
2584	vpnSbpD.exe
2844	TSqtOsa.exe
1776	YYweXdJ.exe
2836	gLSSgll.exe
2624	avjcoVZ.exe
2572	jaYuKRY.exe
2628	opJqJiO.exe
1052	NQvGaAP.exe
2212	nojCVmF.exe
760	zpYtzym.exe
836	wHRfJzQ.exe
2092	OrkmTbL.exe
2108	ANoBXiO.exe
2052	PNkJXmL.exe
1980	FNbLrKS.exe
1576	ENpPyJg.exe
2640	EOIczcT.exe
3024	oPolHVj.exe
3028	ZmXouNJ.exe
1152	ytqLnvG.exe
2012	izreUKe.exe
1800	RuwZaoy.exe
1488	MeyoLtE.exe
2972	nEwgCkc.exe
1636	grYBTJI.exe
2416	qlTuKjh.exe
2976	byrPbgO.exe
1120	OjHbYTG.exe
684	qvlngKQ.exe
2560	cOKaQPI.exe
2036	VdGiMfQ.exe
448	FYqBmno.exe
2188	kyuLYcu.exe
2184	wXNfTDZ.exe
1548	gobKyLB.exe
992	UJSVbSD.exe
1616	xBOwfkO.exe
1856	CUTqEgb.exe
1848	thlLxix.exe
1332	JCdDtci.exe
2352	zRbaEaM.exe
1964	IfzVDCv.exe
888	ZnxwdKF.exe
1020	uFbCSNN.exe
2400	vNeofac.exe
1940	BZzzCLC.exe
1704	nczXiUM.exe
2120	WwuYhqQ.exe
2324	ndeLcWI.exe
2664	MehYTxi.exe
2492	QCYYhhY.exe
2100	mdoJWsg.exe
1528	JTlbutL.exe
876	qcuTScS.exe
1836	TUzFcWp.exe
1648	RUzqLlx.exe
1572	HfHioLw.exe
2784	DKwrIfK.exe
2960	MsdWizO.exe
2740	aAMLWTT.exe
2604	IvgfCoB.exe

Loads dropped DLL 64 IoCs

pid	Process
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BORglkE.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\VtCmfIq.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\ZhRDfdo.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\ebvgdmn.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\PjNxXLl.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\vpnSbpD.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\uNQuBlH.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\AkJllPw.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\xzKkTdW.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\AwkxpBN.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\FYqBmno.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\kIlsOYt.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\pACpHwY.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\saRDXCT.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\cIoMEeE.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\UJSVbSD.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\ZnxwdKF.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\SUEMuWW.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\UmvTfIW.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\TyIRycv.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\GeQOcAL.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\wXNfTDZ.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\gByDJCP.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\miYCKFD.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\BfnuvJS.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\iKZoIGx.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\OiggNIo.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\GskZEKD.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\aurynNk.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\JUwfZDL.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\EmxfGFf.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\eOJFPkJ.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\OjHbYTG.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\CgakcLH.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\DbUUbCO.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\DLGFfRc.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\DcyDWHb.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\JXaZBpj.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\gYynpvc.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\FvqkmfX.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\hiqbpuv.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\BaTjgkz.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\sZQdWJY.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\EOIczcT.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\PiRZqxc.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\pKqIyuN.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\pUMhQWw.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\wgdkFNK.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\BAuKWVY.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\RuwZaoy.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\QCYYhhY.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\mHsqWEd.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\kLaTxle.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\eLKXEQz.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\rUSadYO.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\PMHxtLw.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\SjdiNJC.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\lftYaXO.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\wOyYmjd.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\PNkJXmL.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\Gcopats.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\IfzVDCv.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\rcrKfWJ.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
File created	C:\Windows\System\opUuYau.exe	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
Token: SeLockMemoryPrivilege	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2812	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	31
PID 2720 wrote to memory of 2812	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	31
PID 2720 wrote to memory of 2812	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	31
PID 2720 wrote to memory of 2732	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	32
PID 2720 wrote to memory of 2732	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	32
PID 2720 wrote to memory of 2732	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	32
PID 2720 wrote to memory of 2280	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	33
PID 2720 wrote to memory of 2280	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	33
PID 2720 wrote to memory of 2280	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	33
PID 2720 wrote to memory of 2584	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	34
PID 2720 wrote to memory of 2584	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	34
PID 2720 wrote to memory of 2584	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	34
PID 2720 wrote to memory of 2844	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	35
PID 2720 wrote to memory of 2844	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	35
PID 2720 wrote to memory of 2844	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	35
PID 2720 wrote to memory of 1776	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	36
PID 2720 wrote to memory of 1776	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	36
PID 2720 wrote to memory of 1776	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	36
PID 2720 wrote to memory of 2836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	37
PID 2720 wrote to memory of 2836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	37
PID 2720 wrote to memory of 2836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	37
PID 2720 wrote to memory of 2624	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	38
PID 2720 wrote to memory of 2624	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	38
PID 2720 wrote to memory of 2624	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	38
PID 2720 wrote to memory of 2572	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	39
PID 2720 wrote to memory of 2572	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	39
PID 2720 wrote to memory of 2572	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	39
PID 2720 wrote to memory of 2628	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	40
PID 2720 wrote to memory of 2628	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	40
PID 2720 wrote to memory of 2628	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	40
PID 2720 wrote to memory of 1052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	41
PID 2720 wrote to memory of 1052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	41
PID 2720 wrote to memory of 1052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	41
PID 2720 wrote to memory of 2212	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	42
PID 2720 wrote to memory of 2212	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	42
PID 2720 wrote to memory of 2212	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	42
PID 2720 wrote to memory of 760	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	43
PID 2720 wrote to memory of 760	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	43
PID 2720 wrote to memory of 760	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	43
PID 2720 wrote to memory of 836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	44
PID 2720 wrote to memory of 836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	44
PID 2720 wrote to memory of 836	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	44
PID 2720 wrote to memory of 2092	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	45
PID 2720 wrote to memory of 2092	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	45
PID 2720 wrote to memory of 2092	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	45
PID 2720 wrote to memory of 2108	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	46
PID 2720 wrote to memory of 2108	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	46
PID 2720 wrote to memory of 2108	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	46
PID 2720 wrote to memory of 2052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	47
PID 2720 wrote to memory of 2052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	47
PID 2720 wrote to memory of 2052	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	47
PID 2720 wrote to memory of 1980	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	48
PID 2720 wrote to memory of 1980	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	48
PID 2720 wrote to memory of 1980	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	48
PID 2720 wrote to memory of 1576	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	49
PID 2720 wrote to memory of 1576	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	49
PID 2720 wrote to memory of 1576	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	49
PID 2720 wrote to memory of 3024	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	50
PID 2720 wrote to memory of 3024	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	50
PID 2720 wrote to memory of 3024	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	50
PID 2720 wrote to memory of 2640	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	51
PID 2720 wrote to memory of 2640	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	51
PID 2720 wrote to memory of 2640	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	51
PID 2720 wrote to memory of 3028	2720	83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe	52

C:\Users\Admin\AppData\Local\Temp\83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe
"C:\Users\Admin\AppData\Local\Temp\83d35ee888822ab4d178922252adf96b5f0515180d9ab7528348b326f8069fb3.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\System\nVldYsn.exe
  C:\Windows\System\nVldYsn.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\eFYWQhC.exe
  C:\Windows\System\eFYWQhC.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\PjNxXLl.exe
  C:\Windows\System\PjNxXLl.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vpnSbpD.exe
  C:\Windows\System\vpnSbpD.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\TSqtOsa.exe
  C:\Windows\System\TSqtOsa.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\YYweXdJ.exe
  C:\Windows\System\YYweXdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\gLSSgll.exe
  C:\Windows\System\gLSSgll.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\avjcoVZ.exe
  C:\Windows\System\avjcoVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\jaYuKRY.exe
  C:\Windows\System\jaYuKRY.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\opJqJiO.exe
  C:\Windows\System\opJqJiO.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\NQvGaAP.exe
  C:\Windows\System\NQvGaAP.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\nojCVmF.exe
  C:\Windows\System\nojCVmF.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\zpYtzym.exe
  C:\Windows\System\zpYtzym.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\wHRfJzQ.exe
  C:\Windows\System\wHRfJzQ.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\OrkmTbL.exe
  C:\Windows\System\OrkmTbL.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ANoBXiO.exe
  C:\Windows\System\ANoBXiO.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\PNkJXmL.exe
  C:\Windows\System\PNkJXmL.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\FNbLrKS.exe
  C:\Windows\System\FNbLrKS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ENpPyJg.exe
  C:\Windows\System\ENpPyJg.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\oPolHVj.exe
  C:\Windows\System\oPolHVj.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\EOIczcT.exe
  C:\Windows\System\EOIczcT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ZmXouNJ.exe
  C:\Windows\System\ZmXouNJ.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ytqLnvG.exe
  C:\Windows\System\ytqLnvG.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\izreUKe.exe
  C:\Windows\System\izreUKe.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\RuwZaoy.exe
  C:\Windows\System\RuwZaoy.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\MeyoLtE.exe
  C:\Windows\System\MeyoLtE.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\nEwgCkc.exe
  C:\Windows\System\nEwgCkc.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\grYBTJI.exe
  C:\Windows\System\grYBTJI.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\qlTuKjh.exe
  C:\Windows\System\qlTuKjh.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\byrPbgO.exe
  C:\Windows\System\byrPbgO.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\OjHbYTG.exe
  C:\Windows\System\OjHbYTG.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\qvlngKQ.exe
  C:\Windows\System\qvlngKQ.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\cOKaQPI.exe
  C:\Windows\System\cOKaQPI.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\VdGiMfQ.exe
  C:\Windows\System\VdGiMfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\FYqBmno.exe
  C:\Windows\System\FYqBmno.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\kyuLYcu.exe
  C:\Windows\System\kyuLYcu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\wXNfTDZ.exe
  C:\Windows\System\wXNfTDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\gobKyLB.exe
  C:\Windows\System\gobKyLB.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\UJSVbSD.exe
  C:\Windows\System\UJSVbSD.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\xBOwfkO.exe
  C:\Windows\System\xBOwfkO.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\CUTqEgb.exe
  C:\Windows\System\CUTqEgb.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\thlLxix.exe
  C:\Windows\System\thlLxix.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\JCdDtci.exe
  C:\Windows\System\JCdDtci.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\zRbaEaM.exe
  C:\Windows\System\zRbaEaM.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\IfzVDCv.exe
  C:\Windows\System\IfzVDCv.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\ZnxwdKF.exe
  C:\Windows\System\ZnxwdKF.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\uFbCSNN.exe
  C:\Windows\System\uFbCSNN.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\vNeofac.exe
  C:\Windows\System\vNeofac.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\BZzzCLC.exe
  C:\Windows\System\BZzzCLC.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\nczXiUM.exe
  C:\Windows\System\nczXiUM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\WwuYhqQ.exe
  C:\Windows\System\WwuYhqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ndeLcWI.exe
  C:\Windows\System\ndeLcWI.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\MehYTxi.exe
  C:\Windows\System\MehYTxi.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\QCYYhhY.exe
  C:\Windows\System\QCYYhhY.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\mdoJWsg.exe
  C:\Windows\System\mdoJWsg.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\JTlbutL.exe
  C:\Windows\System\JTlbutL.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\qcuTScS.exe
  C:\Windows\System\qcuTScS.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\TUzFcWp.exe
  C:\Windows\System\TUzFcWp.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\RUzqLlx.exe
  C:\Windows\System\RUzqLlx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\HfHioLw.exe
  C:\Windows\System\HfHioLw.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\DKwrIfK.exe
  C:\Windows\System\DKwrIfK.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\MsdWizO.exe
  C:\Windows\System\MsdWizO.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\aAMLWTT.exe
  C:\Windows\System\aAMLWTT.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\IvgfCoB.exe
  C:\Windows\System\IvgfCoB.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\iSXdLPz.exe
  C:\Windows\System\iSXdLPz.exe
  2⤵
  PID:2748
- C:\Windows\System\gvCHqKS.exe
  C:\Windows\System\gvCHqKS.exe
  2⤵
  PID:2708
- C:\Windows\System\WytXngU.exe
  C:\Windows\System\WytXngU.exe
  2⤵
  PID:2948
- C:\Windows\System\TTJecDa.exe
  C:\Windows\System\TTJecDa.exe
  2⤵
  PID:2700
- C:\Windows\System\gYynpvc.exe
  C:\Windows\System\gYynpvc.exe
  2⤵
  PID:1844
- C:\Windows\System\ZhmrtXP.exe
  C:\Windows\System\ZhmrtXP.exe
  2⤵
  PID:2676
- C:\Windows\System\UFFvceD.exe
  C:\Windows\System\UFFvceD.exe
  2⤵
  PID:2484
- C:\Windows\System\HWeYfKu.exe
  C:\Windows\System\HWeYfKu.exe
  2⤵
  PID:2756
- C:\Windows\System\LYaGGYV.exe
  C:\Windows\System\LYaGGYV.exe
  2⤵
  PID:2792
- C:\Windows\System\bmAKspF.exe
  C:\Windows\System\bmAKspF.exe
  2⤵
  PID:2088
- C:\Windows\System\PYUNKlV.exe
  C:\Windows\System\PYUNKlV.exe
  2⤵
  PID:3036
- C:\Windows\System\nVVzeVQ.exe
  C:\Windows\System\nVVzeVQ.exe
  2⤵
  PID:2880
- C:\Windows\System\OiggNIo.exe
  C:\Windows\System\OiggNIo.exe
  2⤵
  PID:1264
- C:\Windows\System\gUBjaPe.exe
  C:\Windows\System\gUBjaPe.exe
  2⤵
  PID:580
- C:\Windows\System\tpNJmZg.exe
  C:\Windows\System\tpNJmZg.exe
  2⤵
  PID:2444
- C:\Windows\System\CbidrdX.exe
  C:\Windows\System\CbidrdX.exe
  2⤵
  PID:2468
- C:\Windows\System\JHrwYWK.exe
  C:\Windows\System\JHrwYWK.exe
  2⤵
  PID:2824
- C:\Windows\System\kpTDtlU.exe
  C:\Windows\System\kpTDtlU.exe
  2⤵
  PID:1500
- C:\Windows\System\hPntEPj.exe
  C:\Windows\System\hPntEPj.exe
  2⤵
  PID:1244
- C:\Windows\System\gcFwnKW.exe
  C:\Windows\System\gcFwnKW.exe
  2⤵
  PID:1476
- C:\Windows\System\RYerVdR.exe
  C:\Windows\System\RYerVdR.exe
  2⤵
  PID:2424
- C:\Windows\System\HIFvQIq.exe
  C:\Windows\System\HIFvQIq.exe
  2⤵
  PID:1992
- C:\Windows\System\lZaABPI.exe
  C:\Windows\System\lZaABPI.exe
  2⤵
  PID:1368
- C:\Windows\System\EbKZjtJ.exe
  C:\Windows\System\EbKZjtJ.exe
  2⤵
  PID:1960
- C:\Windows\System\genpUFT.exe
  C:\Windows\System\genpUFT.exe
  2⤵
  PID:1164
- C:\Windows\System\BmlUxTG.exe
  C:\Windows\System\BmlUxTG.exe
  2⤵
  PID:2244
- C:\Windows\System\bOtfGcw.exe
  C:\Windows\System\bOtfGcw.exe
  2⤵
  PID:572
- C:\Windows\System\YNLKFiD.exe
  C:\Windows\System\YNLKFiD.exe
  2⤵
  PID:2868
- C:\Windows\System\OFKALbl.exe
  C:\Windows\System\OFKALbl.exe
  2⤵
  PID:2060
- C:\Windows\System\uNdqpTg.exe
  C:\Windows\System\uNdqpTg.exe
  2⤵
  PID:1716
- C:\Windows\System\cZcIgXy.exe
  C:\Windows\System\cZcIgXy.exe
  2⤵
  PID:304
- C:\Windows\System\oWNFiBO.exe
  C:\Windows\System\oWNFiBO.exe
  2⤵
  PID:3000
- C:\Windows\System\mLXtzXk.exe
  C:\Windows\System\mLXtzXk.exe
  2⤵
  PID:1744
- C:\Windows\System\rBgqPGJ.exe
  C:\Windows\System\rBgqPGJ.exe
  2⤵
  PID:1956
- C:\Windows\System\zQWGTDh.exe
  C:\Windows\System\zQWGTDh.exe
  2⤵
  PID:2996
- C:\Windows\System\PMHxtLw.exe
  C:\Windows\System\PMHxtLw.exe
  2⤵
  PID:2856
- C:\Windows\System\KoIvJDC.exe
  C:\Windows\System\KoIvJDC.exe
  2⤵
  PID:2944
- C:\Windows\System\DpYdHOL.exe
  C:\Windows\System\DpYdHOL.exe
  2⤵
  PID:2840
- C:\Windows\System\gByDJCP.exe
  C:\Windows\System\gByDJCP.exe
  2⤵
  PID:2316
- C:\Windows\System\mpeAPPk.exe
  C:\Windows\System\mpeAPPk.exe
  2⤵
  PID:2312
- C:\Windows\System\CpazFeW.exe
  C:\Windows\System\CpazFeW.exe
  2⤵
  PID:2176
- C:\Windows\System\BOOdWiH.exe
  C:\Windows\System\BOOdWiH.exe
  2⤵
  PID:2452
- C:\Windows\System\NBRsPFz.exe
  C:\Windows\System\NBRsPFz.exe
  2⤵
  PID:1904
- C:\Windows\System\kIlsOYt.exe
  C:\Windows\System\kIlsOYt.exe
  2⤵
  PID:2232
- C:\Windows\System\ruvYVWL.exe
  C:\Windows\System\ruvYVWL.exe
  2⤵
  PID:1284
- C:\Windows\System\hyOoPWG.exe
  C:\Windows\System\hyOoPWG.exe
  2⤵
  PID:2224
- C:\Windows\System\kGAUMFX.exe
  C:\Windows\System\kGAUMFX.exe
  2⤵
  PID:1224
- C:\Windows\System\PiRZqxc.exe
  C:\Windows\System\PiRZqxc.exe
  2⤵
  PID:1316
- C:\Windows\System\xkNkDBB.exe
  C:\Windows\System\xkNkDBB.exe
  2⤵
  PID:896
- C:\Windows\System\uNQuBlH.exe
  C:\Windows\System\uNQuBlH.exe
  2⤵
  PID:1560
- C:\Windows\System\rcrKfWJ.exe
  C:\Windows\System\rcrKfWJ.exe
  2⤵
  PID:1684
- C:\Windows\System\BSJGcJM.exe
  C:\Windows\System\BSJGcJM.exe
  2⤵
  PID:952
- C:\Windows\System\uIWVjfz.exe
  C:\Windows\System\uIWVjfz.exe
  2⤵
  PID:2008
- C:\Windows\System\iYluGGN.exe
  C:\Windows\System\iYluGGN.exe
  2⤵
  PID:776
- C:\Windows\System\zXJalXg.exe
  C:\Windows\System\zXJalXg.exe
  2⤵
  PID:988
- C:\Windows\System\aAgmNer.exe
  C:\Windows\System\aAgmNer.exe
  2⤵
  PID:3076
- C:\Windows\System\CvrjVtW.exe
  C:\Windows\System\CvrjVtW.exe
  2⤵
  PID:3092
- C:\Windows\System\xwwvNEy.exe
  C:\Windows\System\xwwvNEy.exe
  2⤵
  PID:3112
- C:\Windows\System\LeGKBqV.exe
  C:\Windows\System\LeGKBqV.exe
  2⤵
  PID:3132
- C:\Windows\System\rtHnoTW.exe
  C:\Windows\System\rtHnoTW.exe
  2⤵
  PID:3152
- C:\Windows\System\rqncxiX.exe
  C:\Windows\System\rqncxiX.exe
  2⤵
  PID:3172
- C:\Windows\System\EFkmeOe.exe
  C:\Windows\System\EFkmeOe.exe
  2⤵
  PID:3192
- C:\Windows\System\OnMHtgX.exe
  C:\Windows\System\OnMHtgX.exe
  2⤵
  PID:3212
- C:\Windows\System\LkyrrHS.exe
  C:\Windows\System\LkyrrHS.exe
  2⤵
  PID:3232
- C:\Windows\System\msTDmoT.exe
  C:\Windows\System\msTDmoT.exe
  2⤵
  PID:3252
- C:\Windows\System\mHsqWEd.exe
  C:\Windows\System\mHsqWEd.exe
  2⤵
  PID:3272
- C:\Windows\System\szlwtrK.exe
  C:\Windows\System\szlwtrK.exe
  2⤵
  PID:3292
- C:\Windows\System\sJBPBzY.exe
  C:\Windows\System\sJBPBzY.exe
  2⤵
  PID:3312
- C:\Windows\System\PkiQODX.exe
  C:\Windows\System\PkiQODX.exe
  2⤵
  PID:3336
- C:\Windows\System\CmqVNXF.exe
  C:\Windows\System\CmqVNXF.exe
  2⤵
  PID:3356
- C:\Windows\System\hYiOMyx.exe
  C:\Windows\System\hYiOMyx.exe
  2⤵
  PID:3376
- C:\Windows\System\TANQLXl.exe
  C:\Windows\System\TANQLXl.exe
  2⤵
  PID:3396
- C:\Windows\System\kLaTxle.exe
  C:\Windows\System\kLaTxle.exe
  2⤵
  PID:3412
- C:\Windows\System\NrbKnAn.exe
  C:\Windows\System\NrbKnAn.exe
  2⤵
  PID:3436
- C:\Windows\System\pKqIyuN.exe
  C:\Windows\System\pKqIyuN.exe
  2⤵
  PID:3452
- C:\Windows\System\gyoJuuH.exe
  C:\Windows\System\gyoJuuH.exe
  2⤵
  PID:3468
- C:\Windows\System\suoqbyB.exe
  C:\Windows\System\suoqbyB.exe
  2⤵
  PID:3488
- C:\Windows\System\ZeEYBiI.exe
  C:\Windows\System\ZeEYBiI.exe
  2⤵
  PID:3504
- C:\Windows\System\deQyAmV.exe
  C:\Windows\System\deQyAmV.exe
  2⤵
  PID:3536
- C:\Windows\System\kDMBIjC.exe
  C:\Windows\System\kDMBIjC.exe
  2⤵
  PID:3556
- C:\Windows\System\EGgsLdV.exe
  C:\Windows\System\EGgsLdV.exe
  2⤵
  PID:3572
- C:\Windows\System\yPAZYNM.exe
  C:\Windows\System\yPAZYNM.exe
  2⤵
  PID:3596
- C:\Windows\System\OUAjfxR.exe
  C:\Windows\System\OUAjfxR.exe
  2⤵
  PID:3616
- C:\Windows\System\GyLOfyJ.exe
  C:\Windows\System\GyLOfyJ.exe
  2⤵
  PID:3636
- C:\Windows\System\opUuYau.exe
  C:\Windows\System\opUuYau.exe
  2⤵
  PID:3652
- C:\Windows\System\PiqIqOD.exe
  C:\Windows\System\PiqIqOD.exe
  2⤵
  PID:3672
- C:\Windows\System\mCpXPNX.exe
  C:\Windows\System\mCpXPNX.exe
  2⤵
  PID:3692
- C:\Windows\System\lCoUORB.exe
  C:\Windows\System\lCoUORB.exe
  2⤵
  PID:3712
- C:\Windows\System\kLBqZNZ.exe
  C:\Windows\System\kLBqZNZ.exe
  2⤵
  PID:3732
- C:\Windows\System\IBUYhdi.exe
  C:\Windows\System\IBUYhdi.exe
  2⤵
  PID:3748
- C:\Windows\System\fAOFuJO.exe
  C:\Windows\System\fAOFuJO.exe
  2⤵
  PID:3764
- C:\Windows\System\cJwPDuX.exe
  C:\Windows\System\cJwPDuX.exe
  2⤵
  PID:3788
- C:\Windows\System\BORglkE.exe
  C:\Windows\System\BORglkE.exe
  2⤵
  PID:3808
- C:\Windows\System\jhVXqsC.exe
  C:\Windows\System\jhVXqsC.exe
  2⤵
  PID:3828
- C:\Windows\System\SUEMuWW.exe
  C:\Windows\System\SUEMuWW.exe
  2⤵
  PID:3844
- C:\Windows\System\SjdiNJC.exe
  C:\Windows\System\SjdiNJC.exe
  2⤵
  PID:3872
- C:\Windows\System\lhnOmGY.exe
  C:\Windows\System\lhnOmGY.exe
  2⤵
  PID:3892
- C:\Windows\System\AXeJECh.exe
  C:\Windows\System\AXeJECh.exe
  2⤵
  PID:3916
- C:\Windows\System\czHnxDM.exe
  C:\Windows\System\czHnxDM.exe
  2⤵
  PID:3936
- C:\Windows\System\KujtRAT.exe
  C:\Windows\System\KujtRAT.exe
  2⤵
  PID:3952
- C:\Windows\System\frWiUco.exe
  C:\Windows\System\frWiUco.exe
  2⤵
  PID:3972
- C:\Windows\System\XLnjbwx.exe
  C:\Windows\System\XLnjbwx.exe
  2⤵
  PID:3988
- C:\Windows\System\miYCKFD.exe
  C:\Windows\System\miYCKFD.exe
  2⤵
  PID:4012
- C:\Windows\System\xYhMnLF.exe
  C:\Windows\System\xYhMnLF.exe
  2⤵
  PID:4028
- C:\Windows\System\QKrmiaN.exe
  C:\Windows\System\QKrmiaN.exe
  2⤵
  PID:4048
- C:\Windows\System\hxjPkpb.exe
  C:\Windows\System\hxjPkpb.exe
  2⤵
  PID:4076
- C:\Windows\System\sfwYSPa.exe
  C:\Windows\System\sfwYSPa.exe
  2⤵
  PID:4092
- C:\Windows\System\eLKXEQz.exe
  C:\Windows\System\eLKXEQz.exe
  2⤵
  PID:1600
- C:\Windows\System\MrbFEzQ.exe
  C:\Windows\System\MrbFEzQ.exe
  2⤵
  PID:2696
- C:\Windows\System\HCODssi.exe
  C:\Windows\System\HCODssi.exe
  2⤵
  PID:2168
- C:\Windows\System\CACrSrE.exe
  C:\Windows\System\CACrSrE.exe
  2⤵
  PID:2712
- C:\Windows\System\eyJbhMS.exe
  C:\Windows\System\eyJbhMS.exe
  2⤵
  PID:1976
- C:\Windows\System\qOIzKpM.exe
  C:\Windows\System\qOIzKpM.exe
  2⤵
  PID:2928
- C:\Windows\System\AkJllPw.exe
  C:\Windows\System\AkJllPw.exe
  2⤵
  PID:2264
- C:\Windows\System\PWpkeHD.exe
  C:\Windows\System\PWpkeHD.exe
  2⤵
  PID:2556
- C:\Windows\System\FczubqX.exe
  C:\Windows\System\FczubqX.exe
  2⤵
  PID:2540
- C:\Windows\System\rUSadYO.exe
  C:\Windows\System\rUSadYO.exe
  2⤵
  PID:2104
- C:\Windows\System\kLMRHRS.exe
  C:\Windows\System\kLMRHRS.exe
  2⤵
  PID:408
- C:\Windows\System\wipdMBo.exe
  C:\Windows\System\wipdMBo.exe
  2⤵
  PID:3008
- C:\Windows\System\TNqQlcM.exe
  C:\Windows\System\TNqQlcM.exe
  2⤵
  PID:1400
- C:\Windows\System\PiShkYl.exe
  C:\Windows\System\PiShkYl.exe
  2⤵
  PID:948
- C:\Windows\System\KSlRTHx.exe
  C:\Windows\System\KSlRTHx.exe
  2⤵
  PID:1672
- C:\Windows\System\rPOnYPm.exe
  C:\Windows\System\rPOnYPm.exe
  2⤵
  PID:3088
- C:\Windows\System\IqJSPHn.exe
  C:\Windows\System\IqJSPHn.exe
  2⤵
  PID:3120
- C:\Windows\System\RZbNERO.exe
  C:\Windows\System\RZbNERO.exe
  2⤵
  PID:3188
- C:\Windows\System\NPhURrP.exe
  C:\Windows\System\NPhURrP.exe
  2⤵
  PID:3204
- C:\Windows\System\fSXpHgU.exe
  C:\Windows\System\fSXpHgU.exe
  2⤵
  PID:3244
- C:\Windows\System\mFwytTp.exe
  C:\Windows\System\mFwytTp.exe
  2⤵
  PID:2908
- C:\Windows\System\MCuCBxX.exe
  C:\Windows\System\MCuCBxX.exe
  2⤵
  PID:3304
- C:\Windows\System\bGCSjiV.exe
  C:\Windows\System\bGCSjiV.exe
  2⤵
  PID:3344
- C:\Windows\System\xzKkTdW.exe
  C:\Windows\System\xzKkTdW.exe
  2⤵
  PID:3364
- C:\Windows\System\GskZEKD.exe
  C:\Windows\System\GskZEKD.exe
  2⤵
  PID:3420
- C:\Windows\System\WqTlwYt.exe
  C:\Windows\System\WqTlwYt.exe
  2⤵
  PID:3428
- C:\Windows\System\pUMhQWw.exe
  C:\Windows\System\pUMhQWw.exe
  2⤵
  PID:3448
- C:\Windows\System\sfpfjIv.exe
  C:\Windows\System\sfpfjIv.exe
  2⤵
  PID:2716
- C:\Windows\System\GghYwdi.exe
  C:\Windows\System\GghYwdi.exe
  2⤵
  PID:3532
- C:\Windows\System\eutnrdQ.exe
  C:\Windows\System\eutnrdQ.exe
  2⤵
  PID:3552
- C:\Windows\System\VtCmfIq.exe
  C:\Windows\System\VtCmfIq.exe
  2⤵
  PID:3624
- C:\Windows\System\BfnuvJS.exe
  C:\Windows\System\BfnuvJS.exe
  2⤵
  PID:3568
- C:\Windows\System\zseJVar.exe
  C:\Windows\System\zseJVar.exe
  2⤵
  PID:3700
- C:\Windows\System\ZhRDfdo.exe
  C:\Windows\System\ZhRDfdo.exe
  2⤵
  PID:3680
- C:\Windows\System\PshDAwH.exe
  C:\Windows\System\PshDAwH.exe
  2⤵
  PID:3740
- C:\Windows\System\LBdMFyP.exe
  C:\Windows\System\LBdMFyP.exe
  2⤵
  PID:3780
- C:\Windows\System\FvqkmfX.exe
  C:\Windows\System\FvqkmfX.exe
  2⤵
  PID:3820
- C:\Windows\System\nJrWiHI.exe
  C:\Windows\System\nJrWiHI.exe
  2⤵
  PID:3856
- C:\Windows\System\wgdkFNK.exe
  C:\Windows\System\wgdkFNK.exe
  2⤵
  PID:3756
- C:\Windows\System\pACpHwY.exe
  C:\Windows\System\pACpHwY.exe
  2⤵
  PID:3880
- C:\Windows\System\AwkxpBN.exe
  C:\Windows\System\AwkxpBN.exe
  2⤵
  PID:3912
- C:\Windows\System\OwTJVos.exe
  C:\Windows\System\OwTJVos.exe
  2⤵
  PID:3932
- C:\Windows\System\gRIqmzt.exe
  C:\Windows\System\gRIqmzt.exe
  2⤵
  PID:3960
- C:\Windows\System\kfOzzGt.exe
  C:\Windows\System\kfOzzGt.exe
  2⤵
  PID:4064
- C:\Windows\System\BAuKWVY.exe
  C:\Windows\System\BAuKWVY.exe
  2⤵
  PID:2780
- C:\Windows\System\qRJxhXS.exe
  C:\Windows\System\qRJxhXS.exe
  2⤵
  PID:2744
- C:\Windows\System\funUCJv.exe
  C:\Windows\System\funUCJv.exe
  2⤵
  PID:3996
- C:\Windows\System\NnwMIKH.exe
  C:\Windows\System\NnwMIKH.exe
  2⤵
  PID:1752
- C:\Windows\System\Clznwhq.exe
  C:\Windows\System\Clznwhq.exe
  2⤵
  PID:1632
- C:\Windows\System\DLMpsZg.exe
  C:\Windows\System\DLMpsZg.exe
  2⤵
  PID:3064
- C:\Windows\System\UJclzFl.exe
  C:\Windows\System\UJclzFl.exe
  2⤵
  PID:2684
- C:\Windows\System\CgakcLH.exe
  C:\Windows\System\CgakcLH.exe
  2⤵
  PID:800
- C:\Windows\System\yLZPFyL.exe
  C:\Windows\System\yLZPFyL.exe
  2⤵
  PID:2356
- C:\Windows\System\dzkczQg.exe
  C:\Windows\System\dzkczQg.exe
  2⤵
  PID:2180
- C:\Windows\System\lfMUlnn.exe
  C:\Windows\System\lfMUlnn.exe
  2⤵
  PID:328
- C:\Windows\System\toTrkFB.exe
  C:\Windows\System\toTrkFB.exe
  2⤵
  PID:3104
- C:\Windows\System\vCUbQZt.exe
  C:\Windows\System\vCUbQZt.exe
  2⤵
  PID:3084
- C:\Windows\System\ThxFldZ.exe
  C:\Windows\System\ThxFldZ.exe
  2⤵
  PID:3168
- C:\Windows\System\sZQdWJY.exe
  C:\Windows\System\sZQdWJY.exe
  2⤵
  PID:3280
- C:\Windows\System\lPNUWCz.exe
  C:\Windows\System\lPNUWCz.exe
  2⤵
  PID:3200
- C:\Windows\System\kaUzNjL.exe
  C:\Windows\System\kaUzNjL.exe
  2⤵
  PID:3332
- C:\Windows\System\jILuWBB.exe
  C:\Windows\System\jILuWBB.exe
  2⤵
  PID:2692
- C:\Windows\System\DbUUbCO.exe
  C:\Windows\System\DbUUbCO.exe
  2⤵
  PID:3500
- C:\Windows\System\ujjdGir.exe
  C:\Windows\System\ujjdGir.exe
  2⤵
  PID:3484
- C:\Windows\System\BrlgkcQ.exe
  C:\Windows\System\BrlgkcQ.exe
  2⤵
  PID:3588
- C:\Windows\System\RbwPUls.exe
  C:\Windows\System\RbwPUls.exe
  2⤵
  PID:2476
- C:\Windows\System\iPIiANb.exe
  C:\Windows\System\iPIiANb.exe
  2⤵
  PID:3664
- C:\Windows\System\iTOpaga.exe
  C:\Windows\System\iTOpaga.exe
  2⤵
  PID:3704
- C:\Windows\System\ItCEWkC.exe
  C:\Windows\System\ItCEWkC.exe
  2⤵
  PID:3772
- C:\Windows\System\MWmAswX.exe
  C:\Windows\System\MWmAswX.exe
  2⤵
  PID:2804
- C:\Windows\System\hiqbpuv.exe
  C:\Windows\System\hiqbpuv.exe
  2⤵
  PID:2272
- C:\Windows\System\KrfSjcD.exe
  C:\Windows\System\KrfSjcD.exe
  2⤵
  PID:3908
- C:\Windows\System\ebvgdmn.exe
  C:\Windows\System\ebvgdmn.exe
  2⤵
  PID:3864
- C:\Windows\System\XirXcns.exe
  C:\Windows\System\XirXcns.exe
  2⤵
  PID:3928
- C:\Windows\System\PehDPXn.exe
  C:\Windows\System\PehDPXn.exe
  2⤵
  PID:4056
- C:\Windows\System\aurynNk.exe
  C:\Windows\System\aurynNk.exe
  2⤵
  PID:3968
- C:\Windows\System\SIoaCPc.exe
  C:\Windows\System\SIoaCPc.exe
  2⤵
  PID:2992
- C:\Windows\System\ZODFRmc.exe
  C:\Windows\System\ZODFRmc.exe
  2⤵
  PID:2596
- C:\Windows\System\azWHauu.exe
  C:\Windows\System\azWHauu.exe
  2⤵
  PID:2788
- C:\Windows\System\zuJLcAl.exe
  C:\Windows\System\zuJLcAl.exe
  2⤵
  PID:2348
- C:\Windows\System\CtOeKdA.exe
  C:\Windows\System\CtOeKdA.exe
  2⤵
  PID:2608
- C:\Windows\System\DLGFfRc.exe
  C:\Windows\System\DLGFfRc.exe
  2⤵
  PID:2968
- C:\Windows\System\saRDXCT.exe
  C:\Windows\System\saRDXCT.exe
  2⤵
  PID:1200
- C:\Windows\System\yWsdlDw.exe
  C:\Windows\System\yWsdlDw.exe
  2⤵
  PID:3264
- C:\Windows\System\VIGxgcG.exe
  C:\Windows\System\VIGxgcG.exe
  2⤵
  PID:3240
- C:\Windows\System\DcyDWHb.exe
  C:\Windows\System\DcyDWHb.exe
  2⤵
  PID:3288
- C:\Windows\System\Gcopats.exe
  C:\Windows\System\Gcopats.exe
  2⤵
  PID:3408
- C:\Windows\System\wqbRPts.exe
  C:\Windows\System\wqbRPts.exe
  2⤵
  PID:3520
- C:\Windows\System\JgYlXIO.exe
  C:\Windows\System\JgYlXIO.exe
  2⤵
  PID:3548
- C:\Windows\System\fUklnyd.exe
  C:\Windows\System\fUklnyd.exe
  2⤵
  PID:3648
- C:\Windows\System\UmvTfIW.exe
  C:\Windows\System\UmvTfIW.exe
  2⤵
  PID:3708
- C:\Windows\System\LuLlJMN.exe
  C:\Windows\System\LuLlJMN.exe
  2⤵
  PID:3728
- C:\Windows\System\oKYfqgO.exe
  C:\Windows\System\oKYfqgO.exe
  2⤵
  PID:3796
- C:\Windows\System\aOBYJLF.exe
  C:\Windows\System\aOBYJLF.exe
  2⤵
  PID:2644
- C:\Windows\System\JXaZBpj.exe
  C:\Windows\System\JXaZBpj.exe
  2⤵
  PID:2796
- C:\Windows\System\lftYaXO.exe
  C:\Windows\System\lftYaXO.exe
  2⤵
  PID:3984
- C:\Windows\System\vGinLtq.exe
  C:\Windows\System\vGinLtq.exe
  2⤵
  PID:1748
- C:\Windows\System\deJAcJt.exe
  C:\Windows\System\deJAcJt.exe
  2⤵
  PID:2612
- C:\Windows\System\rjkkJUF.exe
  C:\Windows\System\rjkkJUF.exe
  2⤵
  PID:3060
- C:\Windows\System\pEJZFQI.exe
  C:\Windows\System\pEJZFQI.exe
  2⤵
  PID:2952
- C:\Windows\System\JUwfZDL.exe
  C:\Windows\System\JUwfZDL.exe
  2⤵
  PID:2148
- C:\Windows\System\sRkZUQT.exe
  C:\Windows\System\sRkZUQT.exe
  2⤵
  PID:548
- C:\Windows\System\EnbOuav.exe
  C:\Windows\System\EnbOuav.exe
  2⤵
  PID:3140
- C:\Windows\System\IuPSDQh.exe
  C:\Windows\System\IuPSDQh.exe
  2⤵
  PID:664
- C:\Windows\System\UPruuOh.exe
  C:\Windows\System\UPruuOh.exe
  2⤵
  PID:2524
- C:\Windows\System\wOyYmjd.exe
  C:\Windows\System\wOyYmjd.exe
  2⤵
  PID:2360
- C:\Windows\System\qJQuFmy.exe
  C:\Windows\System\qJQuFmy.exe
  2⤵
  PID:2964
- C:\Windows\System\PRpEDNP.exe
  C:\Windows\System\PRpEDNP.exe
  2⤵
  PID:3352
- C:\Windows\System\UUBQgKx.exe
  C:\Windows\System\UUBQgKx.exe
  2⤵
  PID:3660
- C:\Windows\System\hfzZYwL.exe
  C:\Windows\System\hfzZYwL.exe
  2⤵
  PID:3392
- C:\Windows\System\BaTjgkz.exe
  C:\Windows\System\BaTjgkz.exe
  2⤵
  PID:3564
- C:\Windows\System\eOJFPkJ.exe
  C:\Windows\System\eOJFPkJ.exe
  2⤵
  PID:3852
- C:\Windows\System\haJIMOa.exe
  C:\Windows\System\haJIMOa.exe
  2⤵
  PID:3888
- C:\Windows\System\oispEXG.exe
  C:\Windows\System\oispEXG.exe
  2⤵
  PID:2428
- C:\Windows\System\TyIRycv.exe
  C:\Windows\System\TyIRycv.exe
  2⤵
  PID:1508
- C:\Windows\System\LIaLhHn.exe
  C:\Windows\System\LIaLhHn.exe
  2⤵
  PID:4008
- C:\Windows\System\ehBYHLf.exe
  C:\Windows\System\ehBYHLf.exe
  2⤵
  PID:2832
- C:\Windows\System\aKAocgw.exe
  C:\Windows\System\aKAocgw.exe
  2⤵
  PID:2164
- C:\Windows\System\QWGrEsn.exe
  C:\Windows\System\QWGrEsn.exe
  2⤵
  PID:2152
- C:\Windows\System\cIoMEeE.exe
  C:\Windows\System\cIoMEeE.exe
  2⤵
  PID:3180
- C:\Windows\System\dSjGeYo.exe
  C:\Windows\System\dSjGeYo.exe
  2⤵
  PID:2300
- C:\Windows\System\iewbenY.exe
  C:\Windows\System\iewbenY.exe
  2⤵
  PID:3388
- C:\Windows\System\qknawcC.exe
  C:\Windows\System\qknawcC.exe
  2⤵
  PID:3324
- C:\Windows\System\WhDvaak.exe
  C:\Windows\System\WhDvaak.exe
  2⤵
  PID:1724
- C:\Windows\System\GeQOcAL.exe
  C:\Windows\System\GeQOcAL.exe
  2⤵
  PID:2220
- C:\Windows\System\bKUIFLg.exe
  C:\Windows\System\bKUIFLg.exe
  2⤵
  PID:2820
- C:\Windows\System\NUSFrjq.exe
  C:\Windows\System\NUSFrjq.exe
  2⤵
  PID:2288
- C:\Windows\System\jibQPJe.exe
  C:\Windows\System\jibQPJe.exe
  2⤵
  PID:3580
- C:\Windows\System\JgmvUCW.exe
  C:\Windows\System\JgmvUCW.exe
  2⤵
  PID:3904
- C:\Windows\System\pOQgGLu.exe
  C:\Windows\System\pOQgGLu.exe
  2⤵
  PID:1048
- C:\Windows\System\awMcPpz.exe
  C:\Windows\System\awMcPpz.exe
  2⤵
  PID:1156
- C:\Windows\System\zHBgCEb.exe
  C:\Windows\System\zHBgCEb.exe
  2⤵
  PID:656
- C:\Windows\System\KWqUrkR.exe
  C:\Windows\System\KWqUrkR.exe
  2⤵
  PID:4100
- C:\Windows\System\seeOmiD.exe
  C:\Windows\System\seeOmiD.exe
  2⤵
  PID:4116
- C:\Windows\System\mvvVnZR.exe
  C:\Windows\System\mvvVnZR.exe
  2⤵
  PID:4132
- C:\Windows\System\gPovImC.exe
  C:\Windows\System\gPovImC.exe
  2⤵
  PID:4148
- C:\Windows\System\EmxfGFf.exe
  C:\Windows\System\EmxfGFf.exe
  2⤵
  PID:4164
- C:\Windows\System\KnMDfqT.exe
  C:\Windows\System\KnMDfqT.exe
  2⤵
  PID:4180
- C:\Windows\System\gOZqiEt.exe
  C:\Windows\System\gOZqiEt.exe
  2⤵
  PID:4196
- C:\Windows\System\ievBIvp.exe
  C:\Windows\System\ievBIvp.exe
  2⤵
  PID:4212
- C:\Windows\System\ZZjkwee.exe
  C:\Windows\System\ZZjkwee.exe
  2⤵
  PID:4228
- C:\Windows\System\hjamaKA.exe
  C:\Windows\System\hjamaKA.exe
  2⤵
  PID:4244
- C:\Windows\System\KqYkbHV.exe
  C:\Windows\System\KqYkbHV.exe
  2⤵
  PID:4260
- C:\Windows\System\ivVzhbP.exe
  C:\Windows\System\ivVzhbP.exe
  2⤵
  PID:4276
- C:\Windows\System\ykQkrBC.exe
  C:\Windows\System\ykQkrBC.exe
  2⤵
  PID:4292
- C:\Windows\System\zvtlsRw.exe
  C:\Windows\System\zvtlsRw.exe
  2⤵
  PID:4308
- C:\Windows\System\DluIwxU.exe
  C:\Windows\System\DluIwxU.exe
  2⤵
  PID:4324
- C:\Windows\System\VaHalUB.exe
  C:\Windows\System\VaHalUB.exe
  2⤵
  PID:4340
- C:\Windows\System\iKZoIGx.exe
  C:\Windows\System\iKZoIGx.exe
  2⤵
  PID:4356
- C:\Windows\System\WYluapz.exe
  C:\Windows\System\WYluapz.exe
  2⤵
  PID:4372
- C:\Windows\System\pFyIZYV.exe
  C:\Windows\System\pFyIZYV.exe
  2⤵
  PID:4388
- C:\Windows\System\kjAocJk.exe
  C:\Windows\System\kjAocJk.exe
  2⤵
  PID:4404
- C:\Windows\System\KYOfpwA.exe
  C:\Windows\System\KYOfpwA.exe
  2⤵
  PID:4420
- C:\Windows\System\cnoFjwj.exe
  C:\Windows\System\cnoFjwj.exe
  2⤵
  PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANoBXiO.exe

Filesize
2.2MB

MD5
de18f4756c5b454ae978de9845531ed7

SHA1
6db44d7e6ff22356121100d50102b8d661a684bf

SHA256
c3e73b5771427365a4de98b6a54f68f958bc05644733a50b02012688ac8381bd

SHA512
9f7773693e11e6efc8ce41b711216e20c5ff27462ab6f287b35150b65cf7ea62952c34e1b4789651686e51978ac25ef6d4fa556a2ff9485d37bc4764d14c735d

Download Submit
C:\Windows\system\ENpPyJg.exe

Filesize
2.2MB

MD5
e902e887b3c8943fdb2c7733565a6517

SHA1
84d6127ac5a08256cb6cd60744dadf43f60d1b62

SHA256
d5b16803c8c7bac60398add47bfb3643abcc373068dc5aca00ab1db41ada71f0

SHA512
0e0186f059fe46b42f8999ddfba1e5ea934e80d796ee0bb6aa203322fec5e1baa85be57f361683c6e4e8f44bb466862b011acfbba3203ca1f96e0bdda9cf24b0

Download Submit
C:\Windows\system\EOIczcT.exe

Filesize
2.2MB

MD5
6a8c0525ef3586a139f8c74707a4a1f0

SHA1
fba8e4d61613d01cdd22715e5db267e12f03293f

SHA256
f63d15bcf1bb121f7f49c10e6f34abc8238e1665e824202197fecaa3e277bc82

SHA512
cbaed90299e8a8d0ec5775dda394e4c4d61847bf27b596fa838df921b8f79ec0eca0186edf7a809c01b8f8ea0f5bae17319f052e0bee49446518cb38f0599220

Download Submit
C:\Windows\system\FNbLrKS.exe

Filesize
2.2MB

MD5
4ff36f93066dfa5d8301a333d3ea1dc0

SHA1
f196892b9ef68d9d64ad2a43d13bb89dadff26ea

SHA256
4481e3aa250f4bb62f9781ea155f068c1655312bf2107ea6e080810757c091e2

SHA512
d6d4a5652730fdea07d369ddaf5c1bcae96732d5b030853ce2261d6144fd70c7f0cdc5561ee5a362947a358183f9a67b4e8f6a67435b8fbdf19bedab71ac9e7f

Download Submit
C:\Windows\system\MeyoLtE.exe

Filesize
2.2MB

MD5
a59fb3f7340d1c8c5dba7026c1105586

SHA1
c900ae8728cf6102353b5bd4eb82013fbbfaafde

SHA256
ccef42e7c9f1cc657d18b11f06bfbd89f1809cabe22688758bbdb0d5edd6f16a

SHA512
b2f9bf5dc19884b86791698c596a1813c4948996ec2a87b3bf45c9ff4c510418c9253feca2786bb0ec6f54eda9772ad26dad0de98c99c10fa2717673594fdc82

Download Submit
C:\Windows\system\NQvGaAP.exe

Filesize
2.2MB

MD5
592516793f47a38887b93ee40106f1c4

SHA1
b75ee35e406af9d057a8da8279373328ec83a80b

SHA256
73c764381dc9d920b8c930a0de6e78d231d506c37ef0dee87f53ede3c3109e50

SHA512
cf0e9498f1d4b0c441f77f40e8792cc5fe84d59fbf71df813432ffb388f198849d30135d31c109d14a294250f3951479440afc81cc385eb8f23722b3c525dbe2

Download Submit
C:\Windows\system\OjHbYTG.exe

Filesize
2.2MB

MD5
512c53aa5d9b83eda23414431661a10f

SHA1
aea83a9a99c9c17e0f0feb0a492d64fbc3604384

SHA256
323ff40abffb1d70265905d3f62dde1129256dfb06b0854706ad5a567e2c31b1

SHA512
45e997bb3ca4c0ef2fbe7ba4458e51a58b82fc9cf10a9b4ae507e69e627ec97fe72bd2e97d6134a68bcbd2320475efd3fa408c5b27903c88db95646335a491cb

Download Submit
C:\Windows\system\OrkmTbL.exe

Filesize
2.2MB

MD5
b288b044d3466f4cf74a979539a7ae90

SHA1
ab0fd6755e2b3b90477150d2199c386a6e2065ee

SHA256
19bf4c2facc86253fa731d98370b12851025ea0db0a52a579fa1532be70d7e1d

SHA512
c6556a5aa4990eed21793aaba1a24adc7dd8ed6fdd8b1e799ce312aba5a5643715498445719f7d5ce3e95890e784db5c55d8ccf6254c682d8492f33694f96c8e

Download Submit
C:\Windows\system\PNkJXmL.exe

Filesize
2.2MB

MD5
653eba576dfed9d11fb537e15037d786

SHA1
eaa2c0b52d784705ec9496921bfb18fcc6060a44

SHA256
5f8531195eee9ff8c0691247cd418ef3075aba74104309d2a71c3b1d53bfd79f

SHA512
67bb8d9bae49896540858d2d69603dd41a144a854cd4abfe6974a84f705904e1fd66cc552193f8d685f9ee50ddd00989f8c80af688efbe04d779f01f14bd8122

Download Submit
C:\Windows\system\PjNxXLl.exe

Filesize
2.2MB

MD5
679746bfa205fbcc448e15fc1596525d

SHA1
af534170ab9e12806ccd25fbaf66d1672686afbc

SHA256
4a319231f36ada458bfd989fb2a4e6ba168127ca0136ad7e7a94a81281a24e2e

SHA512
8706fd9aabffd75293e8871627e42c0d23398ebc33ede4123a9c12405ea38234e1da28a6d1cd9b4db323688f72cb3d8e5b299a475732bd556a6ba1f6a341c850

Download Submit
C:\Windows\system\RuwZaoy.exe

Filesize
2.2MB

MD5
d5b1f3186d60297f8b132102b63f5906

SHA1
9f63d020eb6facc7537e5c332794ac86ede1b3c1

SHA256
045ae5325ddea21c965e470affdbd0401d26b450a28a7ff22bbb13cdde775317

SHA512
f535dfbb957724ed9a22c90734fb988e88b1663aab21287388f34f4da63b99ac1f3f9fc155e1a4361c5ffd39597dbcb0f33336cd3275ad872c19f20c5ca9e66b

Download Submit
C:\Windows\system\TSqtOsa.exe

Filesize
2.2MB

MD5
5ce00b4e0fdcd7b8005624b4a7a04d6a

SHA1
a22765a206cb84d8623e75b4aaa0dd73f0b87cad

SHA256
cd3db852a98b0b7b85d64dd4d95506872d573f6bb820a252b1afa86366d42a97

SHA512
eb1591e9b1098ccce9394d14b1b185c81e0d63a19c082859b3d9d81582de5024cc374e05705159f82a8a568ce6152cbb3761aba9a16e80916ba5fc45427a941f

Download Submit
C:\Windows\system\YYweXdJ.exe

Filesize
2.2MB

MD5
ffb8748d644dcedef84cec3f298d959a

SHA1
0dd0b653bca87fd96e2946decbe1ff465c11486a

SHA256
9a51a88318fca675717fbe49ad6e7fbca6550cefa67a45124a908eeea3ef2ee8

SHA512
e7d428215a8d078be2e6941a5dddb85fd1f1aad1eed07daca65eb48a3aafa4677887e24bcd62fb3285a9059c54d6d557f63228c9511d2479e5049fc720a43bb4

Download Submit
C:\Windows\system\ZmXouNJ.exe

Filesize
2.2MB

MD5
48a0285093c5cfc85fac7ebbe21dc359

SHA1
07e7eb3bb354f8885e48de68293c5dba8a5e3841

SHA256
51b3ccfbdcb948b988aaca2aa8f99ffa092dba246f8561791537142bfbb2c596

SHA512
22b2befa3d89434f610e86d23258b7ffdaa47992eee1bf5d42063f978f1abca50b441ceffbb1f651b78cc8b74fd5cdd7bf3823ba689d882f22942d4d3f0249bf

Download Submit
C:\Windows\system\avjcoVZ.exe

Filesize
2.2MB

MD5
6b568759b6895e7a4e2460dcf5e2c284

SHA1
8be49ee78053e261c664bca1d510339a2d8543a4

SHA256
ef4176c84b67c6757dfedc923678d16c98098dae44a15537bdc420e377a5776b

SHA512
4b6bb5163af94d4951c7c04c2153363a75a7162c92449625e72c4814030fff4f6bc04a2f088eac8eda3f2ce3800404f104576fc7627f76902b9b496954477aa8

Download Submit
C:\Windows\system\byrPbgO.exe

Filesize
2.2MB

MD5
f918721674ab8d696ac80e2d46635b05

SHA1
02930f264c9e81b23d612a626967709470773e68

SHA256
adc1a82f56bfed2f4383752df867d1ea940a5a3ea9b435bab308a552ef6889d0

SHA512
cd4ff149e429efc2b48e17bca5c6ebc807bc014e5ad7506d4e9faefadbe413b9ca985196a2d467a3783e90902f697b8aa82ad5f98784657c25d93a4d53985506

Download Submit
C:\Windows\system\eFYWQhC.exe

Filesize
2.2MB

MD5
9c20b6aff9f7cb2debd4c4345ae43b00

SHA1
ddbfef8489f17d87ed8ef6462f4f9b6978cdff3b

SHA256
99e4e8974a30872b2235b5cdef987cd8ee98403d160b07ae938518dc52ee863d

SHA512
07d710f869aeb76c725360b2aecefc8b77305d0f414cc1d0d683ab36f8ea0417d055175f5b7e9365e9db2fb109b422f1873ce5a557cf9ae0da841362c6627486

Download Submit
C:\Windows\system\gLSSgll.exe

Filesize
2.2MB

MD5
a5645fbaccba14ed2618f59f758257b9

SHA1
e2bbac011ed3f1ab10043cb3d4b07369dca9e695

SHA256
fae1fb5cd795c2988b0ec27ddb91fb43f7c56d543451109f9c3944c2ef07dbf1

SHA512
d0c1a2fa0fede4f2d33d3cae17070cf222b505cb7f492d46f3ab62997d174b9655c453edaf22b5419709d9d270572123291463adaadc44c72aa291f6bff47bac

Download Submit
C:\Windows\system\grYBTJI.exe

Filesize
2.2MB

MD5
3bf82060635e14ae8da4fc11cb2bbd41

SHA1
ee72fa19194e60d038a25a5a34bb7ca71911458f

SHA256
1d6000565a960f2ec409a4bf7a6168ed0d01e0a40cd24837a2bfb62477effd1a

SHA512
36f94edd2f42a311911fd3c60f5f232e6bf657e4266c8bba0ce3a10de827b62b61ff172e6084f1a84e93285ced25fd8524c3b841e6c5a852da262445f72fffad

Download Submit
C:\Windows\system\izreUKe.exe

Filesize
2.2MB

MD5
6163ee8b4deb756f45af8a199094cd32

SHA1
cbb7b3725e4fb26885bca5e6b05c61b7b60929bc

SHA256
77c656529299f1f2ccfc4742697421b116eb31faac5db97b0f780fe227f198e5

SHA512
cdee986beea611df0acac1fc1a49a35a1587c4229f72c9f0dc5757baa5d537ada15a9e5c5117f0e4a9fad512967323b574dba464a1b0e89acd044e552dddb219

Download Submit
C:\Windows\system\jaYuKRY.exe

Filesize
2.2MB

MD5
c91b5c833169264e24a70ee921487018

SHA1
2a1314272cbcefd280f9c06f201492f3dc4cdab5

SHA256
80c8b7845224d3698ab4ae56ac5604214afa1d92461bedda9a5a4c0d87d4af37

SHA512
6a9836cc5140be08212fed741d91691b788a3d26b24842db3577f56090583aef41c3300c2dbab1eab781330f53fc9b8ab591dd299308ef47ff4be7c72d91ed6c

Download Submit
C:\Windows\system\nEwgCkc.exe

Filesize
2.2MB

MD5
5858ef4d256f873d7e3eac68478e8b7a

SHA1
ee0279ae4f47303817b97f472943618a78dd34f9

SHA256
837005e2531e2e096316e588fed6b1f79acab1ec928df5834beb5d879edeb225

SHA512
36c896f967ce3f21a5004fd250510eaaaa7f777dfc32939bd2285912893ee774d5773f16b2672da3cc51fa286c342bf9f3be7a8c2498230b7bb7b12e26f0ee6e

Download Submit
C:\Windows\system\nVldYsn.exe

Filesize
2.2MB

MD5
13691486e81dbcdd4458f44ac34cba2b

SHA1
f713c4e831ae2d7a665a22696ceac90b4cc8e55e

SHA256
29de9fe993163354d92c77a216fff7343553b4c74e19b4868d3874d994b2bf01

SHA512
6eb790e0651a3d8deb277624c0cdc47ee0fff17af8079798ce2f1abdbda1639ab0d024197ff8b7acc57699240f0143ea8ae84676845622f8730283ba3270dfb5

Download Submit
C:\Windows\system\nojCVmF.exe

Filesize
2.2MB

MD5
f421d16491bf029ef1cd8b67d30f9b54

SHA1
013bdf4136b1a999f11a38efe1e416598204c26c

SHA256
2fdb5af068085b516a9ef44add78bc48f277bacbf8db8522668854a7fee8b375

SHA512
dcd383311d141d94cff98183490c10c370c1dec3222116808408d9a565cee3e8484c86d9b9395d15ac499cf35c1ac07629b13ad207d83ce0c6ba615548c1f929

Download Submit
C:\Windows\system\opJqJiO.exe

Filesize
2.2MB

MD5
47927a5031eaf313b64fd0df58236e4f

SHA1
d61dbee4e5fb6821337903358af5c84026cdffb8

SHA256
a70680d131cbbb432f883f2badcbd64024e08f0901d3447670a05892046da8cc

SHA512
ba42da480975552ee63883a3bdd4e66a28552872186eef36ef099a013d7c6b7beb9b554cce0ef52a87dc00271e82d7b520d1764c730c5d2af3d5d106ece159f9

Download Submit
C:\Windows\system\qlTuKjh.exe

Filesize
2.2MB

MD5
bad743c24322c5dc5e7de41889aa9e34

SHA1
41e04cffe40eb1f61ffcd21d377cfae38b79f7d6

SHA256
65139a5037239fdba64d622edac322c9716b46dcfb67ef2f8d342c2fc8338b58

SHA512
7c7dfd48225fd56bd37cf31c24b6c78e1ce5a5902ae69327e76fffff7a29e9968128f5df054f8628598e921a9f00b3663140f2216132d88f2919b4d0971a1f9c

Download Submit
C:\Windows\system\qvlngKQ.exe

Filesize
2.2MB

MD5
bc26de80b8136013e5fcd2d967fb1320

SHA1
58d8802a65088f708f1c4b35fde55801d7692e24

SHA256
7f050cc262c375ce1403fab40b1e4ee0315d255a431295a570ab67788845fbc1

SHA512
ab848b7e52fd20908bd12e85ecd75bdd78ceaf56de82f71db36d99eaa2c1c6164a093ff9ce9a6acd6fc8ceb2da38018afb825ea2e93f202441b357ef9e5ff4b4

Download Submit
C:\Windows\system\vpnSbpD.exe

Filesize
2.2MB

MD5
907b291bcf4c0ea4100a338e9cf381d8

SHA1
4b8f17f4674a84b7c1cb8b56cbfe7b14fd2c0cda

SHA256
743749364364b07a6577d7fdfa9bdcc78fa1ed3ca294fe21a006cd5b148d24f9

SHA512
da626b9b31d75c3a16aad76ccf212af33e175a8714c1cafe5b581a2bb88e3b9431ca5339ba499fb5b2f52ba64f1efb6e205f5114d33ccc0f096d30d8a50918e2

Download Submit
C:\Windows\system\wHRfJzQ.exe

Filesize
2.2MB

MD5
849dc6d8dab9c8e3fab4bc1f1fbfe11f

SHA1
1bde121fe43babdf6cda6cc0f91df1d943230d29

SHA256
6f2f1ed1c2361c8ea8f8b5462fba198dce6e677788b96bb27d49dd04c4786e87

SHA512
43be92113b8f9c09c9f46a20a9a87ee9e16d75f82fb42e1de59587327439322627d771c4676b14ff3a7fb4c7f971503976417025c81e8947f9c46d434abe860a

Download Submit
C:\Windows\system\ytqLnvG.exe

Filesize
2.2MB

MD5
18b941b473b589168127c039c39105a3

SHA1
ac119d4a1e0f61dc30acd821b5720f874f8a0a55

SHA256
2f77a0ba4f4a0dcbce7db1b1bffb817be98965aae2930be690b30b755bfe3658

SHA512
2ca95be9dfa359569e32302cb202009949eaedeccdfd088ef87b3e4cb3383cf1369e445a9d34c3a3b5386eb169afc5450e90a6b0b8ab2e3adfaae59c8eac4a39

Download Submit
C:\Windows\system\zpYtzym.exe

Filesize
2.2MB

MD5
ebfe4a38d6a004f2217cebb772bbeb6d

SHA1
92aaece15b2cb16ee0f582352dacaa89548e9adf

SHA256
ba08378fdf99518d7296cb84a5faf728e2dca5105a190ad1361f4874c9b5aec6

SHA512
8619f7189a75056639d624cc187e005cfbb5c0666d9671302ffca09db86f2387e00b56a7e9ab1bd6e56e5378435a2fe1d480fbd25295f424fd27e370e31d8581

Download Submit
\Windows\system\oPolHVj.exe

Filesize
2.2MB

MD5
3933eccf01423d8625eeed3cfb7e8aeb

SHA1
2a59b55c218a0dbbd232470857d138cecf46f659

SHA256
a29adabab8b11110ebc52307ac47aa47b747dda6c4ce5bfeb9163931b314d811

SHA512
fb1acb684a96559101cf6658d5f04c9e5b87f73a707f3e8ec55bd6a9d40ce2c944e94ba1558899af19ece05a69261e7255f8ae5d66a47fa7c26b2579e30c6456

Download Submit
memory/2720-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download