kpot | cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
Size

1.8MB
MD5

a2b294096941b7bc5c7e9b70c31d996b
SHA1

2fb8d30bc782d4fedc432aace4e6fae07a04080c
SHA256

cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79
SHA512

468a48201fe89b7ee5efffaf593252e824b9b5ea485e9ed8386388c3ddd371301162e47c1bc27145214676aea3b93dddff274e5e9de45bdd3a15cf853b468675
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FatSi:GemTLkNdfE0pZaQH

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

Processes:

resource	yara_rule
C:\Windows\System\rEaoOVK.exe	family_kpot
C:\Windows\System\ANMkbWR.exe	family_kpot
C:\Windows\System\sTKDMwi.exe	family_kpot
C:\Windows\System\EpaHUXa.exe	family_kpot
C:\Windows\System\FMZxJsZ.exe	family_kpot
C:\Windows\System\OYuuMXl.exe	family_kpot
C:\Windows\System\putYiOQ.exe	family_kpot
C:\Windows\System\DmQLlXp.exe	family_kpot
C:\Windows\System\LKZaKxS.exe	family_kpot
C:\Windows\System\losxrGO.exe	family_kpot
C:\Windows\System\mXalpDi.exe	family_kpot
C:\Windows\System\GRWPinL.exe	family_kpot
C:\Windows\System\hYZcIXT.exe	family_kpot
C:\Windows\System\EJrXkbM.exe	family_kpot
C:\Windows\System\iTLHZCe.exe	family_kpot
C:\Windows\System\TjlKCeH.exe	family_kpot
C:\Windows\System\XawRxoe.exe	family_kpot
C:\Windows\System\lSNCclA.exe	family_kpot
C:\Windows\System\bAPALUG.exe	family_kpot
C:\Windows\System\BYynXdQ.exe	family_kpot
C:\Windows\System\ZMCdlql.exe	family_kpot
C:\Windows\System\sFpdNHn.exe	family_kpot
C:\Windows\System\EYlFDZg.exe	family_kpot
C:\Windows\System\NVxKzgx.exe	family_kpot
C:\Windows\System\hsEtdWs.exe	family_kpot
C:\Windows\System\OGuBIoY.exe	family_kpot
C:\Windows\System\xYXsVRt.exe	family_kpot
C:\Windows\System\mIesFjD.exe	family_kpot
C:\Windows\System\LuleMwV.exe	family_kpot
C:\Windows\System\mTCXCkD.exe	family_kpot
C:\Windows\System\ObWhwrn.exe	family_kpot
C:\Windows\System\QjqWXKF.exe	family_kpot
C:\Windows\System\WAvydOE.exe	family_kpot

Kpot family
kpot
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

Processes:

resource	yara_rule
C:\Windows\System\rEaoOVK.exe	xmrig
C:\Windows\System\ANMkbWR.exe	xmrig
C:\Windows\System\sTKDMwi.exe	xmrig
C:\Windows\System\EpaHUXa.exe	xmrig
C:\Windows\System\FMZxJsZ.exe	xmrig
C:\Windows\System\OYuuMXl.exe	xmrig
C:\Windows\System\putYiOQ.exe	xmrig
C:\Windows\System\DmQLlXp.exe	xmrig
C:\Windows\System\LKZaKxS.exe	xmrig
C:\Windows\System\losxrGO.exe	xmrig
C:\Windows\System\mXalpDi.exe	xmrig
C:\Windows\System\GRWPinL.exe	xmrig
C:\Windows\System\hYZcIXT.exe	xmrig
C:\Windows\System\EJrXkbM.exe	xmrig
C:\Windows\System\iTLHZCe.exe	xmrig
C:\Windows\System\TjlKCeH.exe	xmrig
C:\Windows\System\XawRxoe.exe	xmrig
C:\Windows\System\lSNCclA.exe	xmrig
C:\Windows\System\bAPALUG.exe	xmrig
C:\Windows\System\BYynXdQ.exe	xmrig
C:\Windows\System\ZMCdlql.exe	xmrig
C:\Windows\System\sFpdNHn.exe	xmrig
C:\Windows\System\EYlFDZg.exe	xmrig
C:\Windows\System\NVxKzgx.exe	xmrig
C:\Windows\System\hsEtdWs.exe	xmrig
C:\Windows\System\OGuBIoY.exe	xmrig
C:\Windows\System\xYXsVRt.exe	xmrig
C:\Windows\System\mIesFjD.exe	xmrig
C:\Windows\System\LuleMwV.exe	xmrig
C:\Windows\System\mTCXCkD.exe	xmrig
C:\Windows\System\ObWhwrn.exe	xmrig
C:\Windows\System\QjqWXKF.exe	xmrig
C:\Windows\System\WAvydOE.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

rEaoOVK.exesTKDMwi.exeANMkbWR.exeEpaHUXa.exeFMZxJsZ.exeOYuuMXl.exeputYiOQ.exeDmQLlXp.exeWAvydOE.exeLKZaKxS.exelosxrGO.exeQjqWXKF.exeObWhwrn.exemTCXCkD.exemXalpDi.exeLuleMwV.exemIesFjD.exexYXsVRt.exeOGuBIoY.exehsEtdWs.exeNVxKzgx.exeEYlFDZg.exeGRWPinL.exesFpdNHn.exeZMCdlql.exeBYynXdQ.exebAPALUG.exelSNCclA.exehYZcIXT.exeXawRxoe.exeTjlKCeH.exeEJrXkbM.exeiTLHZCe.exePkKyqTA.exeJiwkWfL.exeyBZxfQW.exeDKHBvKT.exeHUjXeBb.exeIUZKDfg.exemlnwIlm.exeBTUNahj.exeYRkxXRp.exeoSVbMla.exelbGZgpa.exeeyOphZM.exeZkxANrN.exeTPtuGAP.exeNpKuaUM.exeCcOaxEl.exelRoldbT.exerXkmhJv.exeUYykKDO.exeDCNOEUg.exebtNdXmq.exeFYUBbXm.exesIVDKnL.exeKqbWbfa.exeYZfFJeD.exeZNJtnYC.exewlkirKy.exefzJBqcb.exeevoyHfg.exeJbyDwip.exehTODGmE.exe

pid	process
4560	rEaoOVK.exe
2288	sTKDMwi.exe
428	ANMkbWR.exe
2360	EpaHUXa.exe
5068	FMZxJsZ.exe
4616	OYuuMXl.exe
1640	putYiOQ.exe
3424	DmQLlXp.exe
232	WAvydOE.exe
5100	LKZaKxS.exe
2304	losxrGO.exe
3760	QjqWXKF.exe
3196	ObWhwrn.exe
5108	mTCXCkD.exe
1084	mXalpDi.exe
5064	LuleMwV.exe
2088	mIesFjD.exe
4336	xYXsVRt.exe
3972	OGuBIoY.exe
2440	hsEtdWs.exe
5088	NVxKzgx.exe
2084	EYlFDZg.exe
676	GRWPinL.exe
4240	sFpdNHn.exe
3604	ZMCdlql.exe
764	BYynXdQ.exe
4072	bAPALUG.exe
3088	lSNCclA.exe
1208	hYZcIXT.exe
4808	XawRxoe.exe
2096	TjlKCeH.exe
1068	EJrXkbM.exe
4672	iTLHZCe.exe
3004	PkKyqTA.exe
4828	JiwkWfL.exe
368	yBZxfQW.exe
4456	DKHBvKT.exe
2804	HUjXeBb.exe
4400	IUZKDfg.exe
3728	mlnwIlm.exe
2140	BTUNahj.exe
1000	YRkxXRp.exe
1172	oSVbMla.exe
4716	lbGZgpa.exe
772	eyOphZM.exe
1896	ZkxANrN.exe
1528	TPtuGAP.exe
2580	NpKuaUM.exe
4908	CcOaxEl.exe
2612	lRoldbT.exe
2364	rXkmhJv.exe
3260	UYykKDO.exe
384	DCNOEUg.exe
1348	btNdXmq.exe
932	FYUBbXm.exe
2632	sIVDKnL.exe
5080	KqbWbfa.exe
4584	YZfFJeD.exe
736	ZNJtnYC.exe
4052	wlkirKy.exe
4312	fzJBqcb.exe
3932	evoyHfg.exe
1752	JbyDwip.exe
920	hTODGmE.exe

Drops file in Windows directory 64 IoCs

Processes:

cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe

description	ioc	process
File created	C:\Windows\System\AkAvhgt.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\ZhbUhrB.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\oSVbMla.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\iiGeYkb.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\YRzrPmU.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\TkIhHAM.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\pwPInSH.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\cNnNcwS.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\DdoZOjx.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\hCIUaRg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\lSNCclA.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\QPidOuY.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\stsoSdu.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\vUAFVNU.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\WbAdXSp.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\rXkmhJv.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\pqVUANh.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\oukyWKs.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\lNPgMuu.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\rHrFCVG.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\FwGqpQg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\rRsxCFw.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\uaiPYhi.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\NVxKzgx.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\DCNOEUg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\HjbmqDc.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\kqQWfjA.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\MdfJBBH.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\DKHBvKT.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\CsrmaMv.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\rkKmZqi.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\BqRNFiV.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\TPtuGAP.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\SLuLYnr.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\HBvdQaG.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\LGHxamY.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\bAPALUG.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\ZkxANrN.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\SFPxVzD.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\SxpjedP.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\CMjYzcu.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\xhGSLPH.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\QjqWXKF.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\IUZKDfg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\evoyHfg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\BTUNahj.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\LjTGDiR.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\fynGxWi.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\YRkxXRp.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\HVFveUo.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\NbMESqs.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\HxGyRMR.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\wrhBpqa.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\EpaHUXa.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\ObWhwrn.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\mIesFjD.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\RBtzEhu.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\XskmLPm.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\vkRLugL.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\ItjxbUx.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\KIeNUNg.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\OYuuMXl.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\lRoldbT.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
File created	C:\Windows\System\tAQCbTk.exe	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe

description	pid	process
Token: SeLockMemoryPrivilege	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
Token: SeLockMemoryPrivilege	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe

description	pid	process	target process
PID 4508 wrote to memory of 4560	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	rEaoOVK.exe
PID 4508 wrote to memory of 4560	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	rEaoOVK.exe
PID 4508 wrote to memory of 2288	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	sTKDMwi.exe
PID 4508 wrote to memory of 2288	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	sTKDMwi.exe
PID 4508 wrote to memory of 428	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ANMkbWR.exe
PID 4508 wrote to memory of 428	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ANMkbWR.exe
PID 4508 wrote to memory of 2360	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EpaHUXa.exe
PID 4508 wrote to memory of 2360	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EpaHUXa.exe
PID 4508 wrote to memory of 5068	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	FMZxJsZ.exe
PID 4508 wrote to memory of 5068	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	FMZxJsZ.exe
PID 4508 wrote to memory of 4616	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	OYuuMXl.exe
PID 4508 wrote to memory of 4616	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	OYuuMXl.exe
PID 4508 wrote to memory of 1640	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	putYiOQ.exe
PID 4508 wrote to memory of 1640	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	putYiOQ.exe
PID 4508 wrote to memory of 3424	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	DmQLlXp.exe
PID 4508 wrote to memory of 3424	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	DmQLlXp.exe
PID 4508 wrote to memory of 232	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	WAvydOE.exe
PID 4508 wrote to memory of 232	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	WAvydOE.exe
PID 4508 wrote to memory of 5100	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	LKZaKxS.exe
PID 4508 wrote to memory of 5100	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	LKZaKxS.exe
PID 4508 wrote to memory of 2304	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	losxrGO.exe
PID 4508 wrote to memory of 2304	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	losxrGO.exe
PID 4508 wrote to memory of 3760	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	QjqWXKF.exe
PID 4508 wrote to memory of 3760	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	QjqWXKF.exe
PID 4508 wrote to memory of 3196	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ObWhwrn.exe
PID 4508 wrote to memory of 3196	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ObWhwrn.exe
PID 4508 wrote to memory of 5108	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mTCXCkD.exe
PID 4508 wrote to memory of 5108	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mTCXCkD.exe
PID 4508 wrote to memory of 1084	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mXalpDi.exe
PID 4508 wrote to memory of 1084	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mXalpDi.exe
PID 4508 wrote to memory of 5064	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	LuleMwV.exe
PID 4508 wrote to memory of 5064	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	LuleMwV.exe
PID 4508 wrote to memory of 2088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mIesFjD.exe
PID 4508 wrote to memory of 2088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	mIesFjD.exe
PID 4508 wrote to memory of 4336	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	xYXsVRt.exe
PID 4508 wrote to memory of 4336	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	xYXsVRt.exe
PID 4508 wrote to memory of 3972	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	OGuBIoY.exe
PID 4508 wrote to memory of 3972	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	OGuBIoY.exe
PID 4508 wrote to memory of 2440	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	hsEtdWs.exe
PID 4508 wrote to memory of 2440	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	hsEtdWs.exe
PID 4508 wrote to memory of 5088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	NVxKzgx.exe
PID 4508 wrote to memory of 5088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	NVxKzgx.exe
PID 4508 wrote to memory of 2084	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EYlFDZg.exe
PID 4508 wrote to memory of 2084	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EYlFDZg.exe
PID 4508 wrote to memory of 676	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	GRWPinL.exe
PID 4508 wrote to memory of 676	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	GRWPinL.exe
PID 4508 wrote to memory of 4240	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	sFpdNHn.exe
PID 4508 wrote to memory of 4240	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	sFpdNHn.exe
PID 4508 wrote to memory of 3604	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ZMCdlql.exe
PID 4508 wrote to memory of 3604	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	ZMCdlql.exe
PID 4508 wrote to memory of 764	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	BYynXdQ.exe
PID 4508 wrote to memory of 764	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	BYynXdQ.exe
PID 4508 wrote to memory of 4072	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	bAPALUG.exe
PID 4508 wrote to memory of 4072	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	bAPALUG.exe
PID 4508 wrote to memory of 3088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	lSNCclA.exe
PID 4508 wrote to memory of 3088	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	lSNCclA.exe
PID 4508 wrote to memory of 1208	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	hYZcIXT.exe
PID 4508 wrote to memory of 1208	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	hYZcIXT.exe
PID 4508 wrote to memory of 4808	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	XawRxoe.exe
PID 4508 wrote to memory of 4808	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	XawRxoe.exe
PID 4508 wrote to memory of 2096	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	TjlKCeH.exe
PID 4508 wrote to memory of 2096	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	TjlKCeH.exe
PID 4508 wrote to memory of 1068	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EJrXkbM.exe
PID 4508 wrote to memory of 1068	4508	cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe	EJrXkbM.exe

C:\Users\Admin\AppData\Local\Temp\cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe
"C:\Users\Admin\AppData\Local\Temp\cfe97455a08c6675f198b77a0cd43741d1e1cd3126bffac2b78ea3f96f974b79.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\System\rEaoOVK.exe
  C:\Windows\System\rEaoOVK.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\sTKDMwi.exe
  C:\Windows\System\sTKDMwi.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ANMkbWR.exe
  C:\Windows\System\ANMkbWR.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\EpaHUXa.exe
  C:\Windows\System\EpaHUXa.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\FMZxJsZ.exe
  C:\Windows\System\FMZxJsZ.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\OYuuMXl.exe
  C:\Windows\System\OYuuMXl.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\putYiOQ.exe
  C:\Windows\System\putYiOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\DmQLlXp.exe
  C:\Windows\System\DmQLlXp.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\WAvydOE.exe
  C:\Windows\System\WAvydOE.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\LKZaKxS.exe
  C:\Windows\System\LKZaKxS.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\losxrGO.exe
  C:\Windows\System\losxrGO.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\QjqWXKF.exe
  C:\Windows\System\QjqWXKF.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\ObWhwrn.exe
  C:\Windows\System\ObWhwrn.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\mTCXCkD.exe
  C:\Windows\System\mTCXCkD.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\mXalpDi.exe
  C:\Windows\System\mXalpDi.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\LuleMwV.exe
  C:\Windows\System\LuleMwV.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\mIesFjD.exe
  C:\Windows\System\mIesFjD.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\xYXsVRt.exe
  C:\Windows\System\xYXsVRt.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\OGuBIoY.exe
  C:\Windows\System\OGuBIoY.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\hsEtdWs.exe
  C:\Windows\System\hsEtdWs.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\NVxKzgx.exe
  C:\Windows\System\NVxKzgx.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\EYlFDZg.exe
  C:\Windows\System\EYlFDZg.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GRWPinL.exe
  C:\Windows\System\GRWPinL.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\sFpdNHn.exe
  C:\Windows\System\sFpdNHn.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\ZMCdlql.exe
  C:\Windows\System\ZMCdlql.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\BYynXdQ.exe
  C:\Windows\System\BYynXdQ.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\bAPALUG.exe
  C:\Windows\System\bAPALUG.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\lSNCclA.exe
  C:\Windows\System\lSNCclA.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\hYZcIXT.exe
  C:\Windows\System\hYZcIXT.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\XawRxoe.exe
  C:\Windows\System\XawRxoe.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\TjlKCeH.exe
  C:\Windows\System\TjlKCeH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\EJrXkbM.exe
  C:\Windows\System\EJrXkbM.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\iTLHZCe.exe
  C:\Windows\System\iTLHZCe.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\PkKyqTA.exe
  C:\Windows\System\PkKyqTA.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\JiwkWfL.exe
  C:\Windows\System\JiwkWfL.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\yBZxfQW.exe
  C:\Windows\System\yBZxfQW.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\DKHBvKT.exe
  C:\Windows\System\DKHBvKT.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\HUjXeBb.exe
  C:\Windows\System\HUjXeBb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\IUZKDfg.exe
  C:\Windows\System\IUZKDfg.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\mlnwIlm.exe
  C:\Windows\System\mlnwIlm.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\BTUNahj.exe
  C:\Windows\System\BTUNahj.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\YRkxXRp.exe
  C:\Windows\System\YRkxXRp.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\oSVbMla.exe
  C:\Windows\System\oSVbMla.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\lbGZgpa.exe
  C:\Windows\System\lbGZgpa.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\eyOphZM.exe
  C:\Windows\System\eyOphZM.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ZkxANrN.exe
  C:\Windows\System\ZkxANrN.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\TPtuGAP.exe
  C:\Windows\System\TPtuGAP.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\NpKuaUM.exe
  C:\Windows\System\NpKuaUM.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\CcOaxEl.exe
  C:\Windows\System\CcOaxEl.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\lRoldbT.exe
  C:\Windows\System\lRoldbT.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\rXkmhJv.exe
  C:\Windows\System\rXkmhJv.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\UYykKDO.exe
  C:\Windows\System\UYykKDO.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\DCNOEUg.exe
  C:\Windows\System\DCNOEUg.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\btNdXmq.exe
  C:\Windows\System\btNdXmq.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\FYUBbXm.exe
  C:\Windows\System\FYUBbXm.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\sIVDKnL.exe
  C:\Windows\System\sIVDKnL.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\KqbWbfa.exe
  C:\Windows\System\KqbWbfa.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\YZfFJeD.exe
  C:\Windows\System\YZfFJeD.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\ZNJtnYC.exe
  C:\Windows\System\ZNJtnYC.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\wlkirKy.exe
  C:\Windows\System\wlkirKy.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\fzJBqcb.exe
  C:\Windows\System\fzJBqcb.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\evoyHfg.exe
  C:\Windows\System\evoyHfg.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\JbyDwip.exe
  C:\Windows\System\JbyDwip.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\hTODGmE.exe
  C:\Windows\System\hTODGmE.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\VFPpjPO.exe
  C:\Windows\System\VFPpjPO.exe
  2⤵
  PID:1788
- C:\Windows\System\epxgNNP.exe
  C:\Windows\System\epxgNNP.exe
  2⤵
  PID:3796
- C:\Windows\System\TCjzmfF.exe
  C:\Windows\System\TCjzmfF.exe
  2⤵
  PID:4460
- C:\Windows\System\GqysNsl.exe
  C:\Windows\System\GqysNsl.exe
  2⤵
  PID:3544
- C:\Windows\System\IvIWtVQ.exe
  C:\Windows\System\IvIWtVQ.exe
  2⤵
  PID:5144
- C:\Windows\System\BazzNrv.exe
  C:\Windows\System\BazzNrv.exe
  2⤵
  PID:5168
- C:\Windows\System\hWsMezC.exe
  C:\Windows\System\hWsMezC.exe
  2⤵
  PID:5196
- C:\Windows\System\HjbmqDc.exe
  C:\Windows\System\HjbmqDc.exe
  2⤵
  PID:5228
- C:\Windows\System\xaVRjdK.exe
  C:\Windows\System\xaVRjdK.exe
  2⤵
  PID:5252
- C:\Windows\System\OEHbVNg.exe
  C:\Windows\System\OEHbVNg.exe
  2⤵
  PID:5280
- C:\Windows\System\vZQDAmg.exe
  C:\Windows\System\vZQDAmg.exe
  2⤵
  PID:5308
- C:\Windows\System\tAQCbTk.exe
  C:\Windows\System\tAQCbTk.exe
  2⤵
  PID:5336
- C:\Windows\System\jlgjCOA.exe
  C:\Windows\System\jlgjCOA.exe
  2⤵
  PID:5368
- C:\Windows\System\lHDtILf.exe
  C:\Windows\System\lHDtILf.exe
  2⤵
  PID:5396
- C:\Windows\System\NisxNyU.exe
  C:\Windows\System\NisxNyU.exe
  2⤵
  PID:5420
- C:\Windows\System\ENiaeVs.exe
  C:\Windows\System\ENiaeVs.exe
  2⤵
  PID:5448
- C:\Windows\System\sDjxTvA.exe
  C:\Windows\System\sDjxTvA.exe
  2⤵
  PID:5476
- C:\Windows\System\IHLpMBi.exe
  C:\Windows\System\IHLpMBi.exe
  2⤵
  PID:5508
- C:\Windows\System\VrrNmDL.exe
  C:\Windows\System\VrrNmDL.exe
  2⤵
  PID:5532
- C:\Windows\System\FVFFRKh.exe
  C:\Windows\System\FVFFRKh.exe
  2⤵
  PID:5560
- C:\Windows\System\FsWVnYs.exe
  C:\Windows\System\FsWVnYs.exe
  2⤵
  PID:5588
- C:\Windows\System\AqRPBSK.exe
  C:\Windows\System\AqRPBSK.exe
  2⤵
  PID:5616
- C:\Windows\System\wVKEEhi.exe
  C:\Windows\System\wVKEEhi.exe
  2⤵
  PID:5648
- C:\Windows\System\MrsrsOi.exe
  C:\Windows\System\MrsrsOi.exe
  2⤵
  PID:5676
- C:\Windows\System\JJdmlXV.exe
  C:\Windows\System\JJdmlXV.exe
  2⤵
  PID:5704
- C:\Windows\System\ytuUQdM.exe
  C:\Windows\System\ytuUQdM.exe
  2⤵
  PID:5728
- C:\Windows\System\kAfefli.exe
  C:\Windows\System\kAfefli.exe
  2⤵
  PID:5804
- C:\Windows\System\grLbyIw.exe
  C:\Windows\System\grLbyIw.exe
  2⤵
  PID:5820
- C:\Windows\System\LjTGDiR.exe
  C:\Windows\System\LjTGDiR.exe
  2⤵
  PID:5836
- C:\Windows\System\TFJCUVP.exe
  C:\Windows\System\TFJCUVP.exe
  2⤵
  PID:5852
- C:\Windows\System\iBGPeCa.exe
  C:\Windows\System\iBGPeCa.exe
  2⤵
  PID:5880
- C:\Windows\System\lQLxnLX.exe
  C:\Windows\System\lQLxnLX.exe
  2⤵
  PID:5912
- C:\Windows\System\KDOPZwV.exe
  C:\Windows\System\KDOPZwV.exe
  2⤵
  PID:5940
- C:\Windows\System\RncJkhQ.exe
  C:\Windows\System\RncJkhQ.exe
  2⤵
  PID:5964
- C:\Windows\System\pDiwqJa.exe
  C:\Windows\System\pDiwqJa.exe
  2⤵
  PID:5992
- C:\Windows\System\npJTjhT.exe
  C:\Windows\System\npJTjhT.exe
  2⤵
  PID:6020
- C:\Windows\System\QPidOuY.exe
  C:\Windows\System\QPidOuY.exe
  2⤵
  PID:6052
- C:\Windows\System\xLNoPtT.exe
  C:\Windows\System\xLNoPtT.exe
  2⤵
  PID:6076
- C:\Windows\System\lNPgMuu.exe
  C:\Windows\System\lNPgMuu.exe
  2⤵
  PID:6104
- C:\Windows\System\ZzkwTyz.exe
  C:\Windows\System\ZzkwTyz.exe
  2⤵
  PID:6132
- C:\Windows\System\QaxiCeO.exe
  C:\Windows\System\QaxiCeO.exe
  2⤵
  PID:4080
- C:\Windows\System\hyWlYgI.exe
  C:\Windows\System\hyWlYgI.exe
  2⤵
  PID:3756
- C:\Windows\System\pqVUANh.exe
  C:\Windows\System\pqVUANh.exe
  2⤵
  PID:212
- C:\Windows\System\PCbmZkF.exe
  C:\Windows\System\PCbmZkF.exe
  2⤵
  PID:4704
- C:\Windows\System\HguRjmI.exe
  C:\Windows\System\HguRjmI.exe
  2⤵
  PID:912
- C:\Windows\System\xIgYUIZ.exe
  C:\Windows\System\xIgYUIZ.exe
  2⤵
  PID:5124
- C:\Windows\System\dRAmZXr.exe
  C:\Windows\System\dRAmZXr.exe
  2⤵
  PID:5156
- C:\Windows\System\TfbBPdl.exe
  C:\Windows\System\TfbBPdl.exe
  2⤵
  PID:5216
- C:\Windows\System\TixjiAn.exe
  C:\Windows\System\TixjiAn.exe
  2⤵
  PID:5300
- C:\Windows\System\sgWXFcA.exe
  C:\Windows\System\sgWXFcA.exe
  2⤵
  PID:5384
- C:\Windows\System\xUAAkOV.exe
  C:\Windows\System\xUAAkOV.exe
  2⤵
  PID:5444
- C:\Windows\System\YtIRaIB.exe
  C:\Windows\System\YtIRaIB.exe
  2⤵
  PID:5516
- C:\Windows\System\IXrgzrY.exe
  C:\Windows\System\IXrgzrY.exe
  2⤵
  PID:1248
- C:\Windows\System\RvHQJgz.exe
  C:\Windows\System\RvHQJgz.exe
  2⤵
  PID:5632
- C:\Windows\System\vhXYqhh.exe
  C:\Windows\System\vhXYqhh.exe
  2⤵
  PID:5692
- C:\Windows\System\YHvGyUF.exe
  C:\Windows\System\YHvGyUF.exe
  2⤵
  PID:5744
- C:\Windows\System\mFpNJOr.exe
  C:\Windows\System\mFpNJOr.exe
  2⤵
  PID:5816
- C:\Windows\System\HkjRFmj.exe
  C:\Windows\System\HkjRFmj.exe
  2⤵
  PID:5892
- C:\Windows\System\jDaPBVX.exe
  C:\Windows\System\jDaPBVX.exe
  2⤵
  PID:5956
- C:\Windows\System\LIFRqUa.exe
  C:\Windows\System\LIFRqUa.exe
  2⤵
  PID:6012
- C:\Windows\System\FiutWAI.exe
  C:\Windows\System\FiutWAI.exe
  2⤵
  PID:6088
- C:\Windows\System\zzMkkHJ.exe
  C:\Windows\System\zzMkkHJ.exe
  2⤵
  PID:4904
- C:\Windows\System\zcpPkWG.exe
  C:\Windows\System\zcpPkWG.exe
  2⤵
  PID:1820
- C:\Windows\System\DxSEXVU.exe
  C:\Windows\System\DxSEXVU.exe
  2⤵
  PID:3612
- C:\Windows\System\gwvmUeH.exe
  C:\Windows\System\gwvmUeH.exe
  2⤵
  PID:5248
- C:\Windows\System\LJVwcgm.exe
  C:\Windows\System\LJVwcgm.exe
  2⤵
  PID:5356
- C:\Windows\System\vNTMSTf.exe
  C:\Windows\System\vNTMSTf.exe
  2⤵
  PID:5544
- C:\Windows\System\KSLCayQ.exe
  C:\Windows\System\KSLCayQ.exe
  2⤵
  PID:5664
- C:\Windows\System\rHrFCVG.exe
  C:\Windows\System\rHrFCVG.exe
  2⤵
  PID:5812
- C:\Windows\System\FpiNyEK.exe
  C:\Windows\System\FpiNyEK.exe
  2⤵
  PID:5932
- C:\Windows\System\HVFveUo.exe
  C:\Windows\System\HVFveUo.exe
  2⤵
  PID:6148
- C:\Windows\System\ihjPhew.exe
  C:\Windows\System\ihjPhew.exe
  2⤵
  PID:6176
- C:\Windows\System\ZOtUZUa.exe
  C:\Windows\System\ZOtUZUa.exe
  2⤵
  PID:6204
- C:\Windows\System\FwGqpQg.exe
  C:\Windows\System\FwGqpQg.exe
  2⤵
  PID:6232
- C:\Windows\System\lHEywJZ.exe
  C:\Windows\System\lHEywJZ.exe
  2⤵
  PID:6260
- C:\Windows\System\rRsxCFw.exe
  C:\Windows\System\rRsxCFw.exe
  2⤵
  PID:6288
- C:\Windows\System\IDjMVcs.exe
  C:\Windows\System\IDjMVcs.exe
  2⤵
  PID:6316
- C:\Windows\System\WFdgNbg.exe
  C:\Windows\System\WFdgNbg.exe
  2⤵
  PID:6344
- C:\Windows\System\ucsxASo.exe
  C:\Windows\System\ucsxASo.exe
  2⤵
  PID:6372
- C:\Windows\System\stsoSdu.exe
  C:\Windows\System\stsoSdu.exe
  2⤵
  PID:6400
- C:\Windows\System\DxbvMjo.exe
  C:\Windows\System\DxbvMjo.exe
  2⤵
  PID:6428
- C:\Windows\System\SUzggwS.exe
  C:\Windows\System\SUzggwS.exe
  2⤵
  PID:6456
- C:\Windows\System\XEVLRdo.exe
  C:\Windows\System\XEVLRdo.exe
  2⤵
  PID:6484
- C:\Windows\System\AyUqsYm.exe
  C:\Windows\System\AyUqsYm.exe
  2⤵
  PID:6512
- C:\Windows\System\jwdLFPa.exe
  C:\Windows\System\jwdLFPa.exe
  2⤵
  PID:6540
- C:\Windows\System\FTwOLAB.exe
  C:\Windows\System\FTwOLAB.exe
  2⤵
  PID:6568
- C:\Windows\System\fIsuixx.exe
  C:\Windows\System\fIsuixx.exe
  2⤵
  PID:6596
- C:\Windows\System\YDgIgNw.exe
  C:\Windows\System\YDgIgNw.exe
  2⤵
  PID:6620
- C:\Windows\System\uaiPYhi.exe
  C:\Windows\System\uaiPYhi.exe
  2⤵
  PID:6652
- C:\Windows\System\XOyUKJu.exe
  C:\Windows\System\XOyUKJu.exe
  2⤵
  PID:6680
- C:\Windows\System\cUVKNJl.exe
  C:\Windows\System\cUVKNJl.exe
  2⤵
  PID:6708
- C:\Windows\System\TkIhHAM.exe
  C:\Windows\System\TkIhHAM.exe
  2⤵
  PID:6736
- C:\Windows\System\UTFDQUB.exe
  C:\Windows\System\UTFDQUB.exe
  2⤵
  PID:6764
- C:\Windows\System\NvBKnoV.exe
  C:\Windows\System\NvBKnoV.exe
  2⤵
  PID:6792
- C:\Windows\System\PGygivZ.exe
  C:\Windows\System\PGygivZ.exe
  2⤵
  PID:6820
- C:\Windows\System\MJMNDFU.exe
  C:\Windows\System\MJMNDFU.exe
  2⤵
  PID:6848
- C:\Windows\System\cfvAmQE.exe
  C:\Windows\System\cfvAmQE.exe
  2⤵
  PID:6876
- C:\Windows\System\SPmNsqT.exe
  C:\Windows\System\SPmNsqT.exe
  2⤵
  PID:6904
- C:\Windows\System\kqQWfjA.exe
  C:\Windows\System\kqQWfjA.exe
  2⤵
  PID:6932
- C:\Windows\System\ZcstkYp.exe
  C:\Windows\System\ZcstkYp.exe
  2⤵
  PID:6960
- C:\Windows\System\JOqjOmv.exe
  C:\Windows\System\JOqjOmv.exe
  2⤵
  PID:6988
- C:\Windows\System\AkiaMLo.exe
  C:\Windows\System\AkiaMLo.exe
  2⤵
  PID:7016
- C:\Windows\System\oukyWKs.exe
  C:\Windows\System\oukyWKs.exe
  2⤵
  PID:7044
- C:\Windows\System\whmiqvb.exe
  C:\Windows\System\whmiqvb.exe
  2⤵
  PID:7072
- C:\Windows\System\RxtrlYa.exe
  C:\Windows\System\RxtrlYa.exe
  2⤵
  PID:7100
- C:\Windows\System\GMBXzjS.exe
  C:\Windows\System\GMBXzjS.exe
  2⤵
  PID:7128
- C:\Windows\System\hTKXOjY.exe
  C:\Windows\System\hTKXOjY.exe
  2⤵
  PID:7156
- C:\Windows\System\aAWzSxh.exe
  C:\Windows\System\aAWzSxh.exe
  2⤵
  PID:376
- C:\Windows\System\kzLfzVP.exe
  C:\Windows\System\kzLfzVP.exe
  2⤵
  PID:5208
- C:\Windows\System\WUOxvnO.exe
  C:\Windows\System\WUOxvnO.exe
  2⤵
  PID:5600
- C:\Windows\System\QflWYzd.exe
  C:\Windows\System\QflWYzd.exe
  2⤵
  PID:5920
- C:\Windows\System\tdteagj.exe
  C:\Windows\System\tdteagj.exe
  2⤵
  PID:6164
- C:\Windows\System\toFJjZf.exe
  C:\Windows\System\toFJjZf.exe
  2⤵
  PID:6672
- C:\Windows\System\SxpjedP.exe
  C:\Windows\System\SxpjedP.exe
  2⤵
  PID:6728
- C:\Windows\System\faQvZpp.exe
  C:\Windows\System\faQvZpp.exe
  2⤵
  PID:6776
- C:\Windows\System\BqRNFiV.exe
  C:\Windows\System\BqRNFiV.exe
  2⤵
  PID:6808
- C:\Windows\System\sCiFQOP.exe
  C:\Windows\System\sCiFQOP.exe
  2⤵
  PID:6864
- C:\Windows\System\tTjqvLE.exe
  C:\Windows\System\tTjqvLE.exe
  2⤵
  PID:6924
- C:\Windows\System\wZREeDh.exe
  C:\Windows\System\wZREeDh.exe
  2⤵
  PID:7000
- C:\Windows\System\UzxIbda.exe
  C:\Windows\System\UzxIbda.exe
  2⤵
  PID:7032
- C:\Windows\System\oTtkaXc.exe
  C:\Windows\System\oTtkaXc.exe
  2⤵
  PID:7064
- C:\Windows\System\pwPInSH.exe
  C:\Windows\System\pwPInSH.exe
  2⤵
  PID:7092
- C:\Windows\System\xWIimML.exe
  C:\Windows\System\xWIimML.exe
  2⤵
  PID:7148
- C:\Windows\System\ouhxFWf.exe
  C:\Windows\System\ouhxFWf.exe
  2⤵
  PID:5720
- C:\Windows\System\iiGeYkb.exe
  C:\Windows\System\iiGeYkb.exe
  2⤵
  PID:3448
- C:\Windows\System\WjbvFcD.exe
  C:\Windows\System\WjbvFcD.exe
  2⤵
  PID:2172
- C:\Windows\System\DZOgUUb.exe
  C:\Windows\System\DZOgUUb.exe
  2⤵
  PID:1252
- C:\Windows\System\lcsIGjL.exe
  C:\Windows\System\lcsIGjL.exe
  2⤵
  PID:1028
- C:\Windows\System\sHdLIzI.exe
  C:\Windows\System\sHdLIzI.exe
  2⤵
  PID:2324
- C:\Windows\System\YRGZIuQ.exe
  C:\Windows\System\YRGZIuQ.exe
  2⤵
  PID:4220
- C:\Windows\System\qIgyYCc.exe
  C:\Windows\System\qIgyYCc.exe
  2⤵
  PID:1532
- C:\Windows\System\wtYQaNs.exe
  C:\Windows\System\wtYQaNs.exe
  2⤵
  PID:4924
- C:\Windows\System\CsrmaMv.exe
  C:\Windows\System\CsrmaMv.exe
  2⤵
  PID:5784
- C:\Windows\System\nuYXSSm.exe
  C:\Windows\System\nuYXSSm.exe
  2⤵
  PID:6252
- C:\Windows\System\nTJLxCT.exe
  C:\Windows\System\nTJLxCT.exe
  2⤵
  PID:6328
- C:\Windows\System\IIDuWkw.exe
  C:\Windows\System\IIDuWkw.exe
  2⤵
  PID:6360
- C:\Windows\System\mGAfCJq.exe
  C:\Windows\System\mGAfCJq.exe
  2⤵
  PID:1464
- C:\Windows\System\nBRzLOI.exe
  C:\Windows\System\nBRzLOI.exe
  2⤵
  PID:6640
- C:\Windows\System\DutEUzl.exe
  C:\Windows\System\DutEUzl.exe
  2⤵
  PID:6556
- C:\Windows\System\nEallgE.exe
  C:\Windows\System\nEallgE.exe
  2⤵
  PID:6500
- C:\Windows\System\sbSAmGW.exe
  C:\Windows\System\sbSAmGW.exe
  2⤵
  PID:6468
- C:\Windows\System\wKLPqVR.exe
  C:\Windows\System\wKLPqVR.exe
  2⤵
  PID:6392
- C:\Windows\System\QZLxSfb.exe
  C:\Windows\System\QZLxSfb.exe
  2⤵
  PID:6784
- C:\Windows\System\XqPgXgS.exe
  C:\Windows\System\XqPgXgS.exe
  2⤵
  PID:3224
- C:\Windows\System\wXNFZJW.exe
  C:\Windows\System\wXNFZJW.exe
  2⤵
  PID:3168
- C:\Windows\System\wRsuKLB.exe
  C:\Windows\System\wRsuKLB.exe
  2⤵
  PID:6980
- C:\Windows\System\NbMESqs.exe
  C:\Windows\System\NbMESqs.exe
  2⤵
  PID:3596
- C:\Windows\System\YRzrPmU.exe
  C:\Windows\System\YRzrPmU.exe
  2⤵
  PID:6120
- C:\Windows\System\OxkuodC.exe
  C:\Windows\System\OxkuodC.exe
  2⤵
  PID:5132
- C:\Windows\System\fvKtsXZ.exe
  C:\Windows\System\fvKtsXZ.exe
  2⤵
  PID:2600
- C:\Windows\System\otxwjup.exe
  C:\Windows\System\otxwjup.exe
  2⤵
  PID:3976
- C:\Windows\System\gjAeujA.exe
  C:\Windows\System\gjAeujA.exe
  2⤵
  PID:6220
- C:\Windows\System\ZFicXoH.exe
  C:\Windows\System\ZFicXoH.exe
  2⤵
  PID:3204
- C:\Windows\System\jNOpqgP.exe
  C:\Windows\System\jNOpqgP.exe
  2⤵
  PID:6636
- C:\Windows\System\cNnNcwS.exe
  C:\Windows\System\cNnNcwS.exe
  2⤵
  PID:6524
- C:\Windows\System\VjXmzae.exe
  C:\Windows\System\VjXmzae.exe
  2⤵
  PID:6840
- C:\Windows\System\KspSyBQ.exe
  C:\Windows\System\KspSyBQ.exe
  2⤵
  PID:4820
- C:\Windows\System\ZgbrSXg.exe
  C:\Windows\System\ZgbrSXg.exe
  2⤵
  PID:5352
- C:\Windows\System\iqgRGxp.exe
  C:\Windows\System\iqgRGxp.exe
  2⤵
  PID:808
- C:\Windows\System\oaisFjE.exe
  C:\Windows\System\oaisFjE.exe
  2⤵
  PID:3328
- C:\Windows\System\MdfJBBH.exe
  C:\Windows\System\MdfJBBH.exe
  2⤵
  PID:7004
- C:\Windows\System\bnZwRmF.exe
  C:\Windows\System\bnZwRmF.exe
  2⤵
  PID:6040
- C:\Windows\System\XGnmdoY.exe
  C:\Windows\System\XGnmdoY.exe
  2⤵
  PID:2284
- C:\Windows\System\SLuLYnr.exe
  C:\Windows\System\SLuLYnr.exe
  2⤵
  PID:7176
- C:\Windows\System\VJaPIhN.exe
  C:\Windows\System\VJaPIhN.exe
  2⤵
  PID:7192
- C:\Windows\System\RBtzEhu.exe
  C:\Windows\System\RBtzEhu.exe
  2⤵
  PID:7220
- C:\Windows\System\IpgvrPs.exe
  C:\Windows\System\IpgvrPs.exe
  2⤵
  PID:7248
- C:\Windows\System\fxRasiC.exe
  C:\Windows\System\fxRasiC.exe
  2⤵
  PID:7276
- C:\Windows\System\cOAQIfe.exe
  C:\Windows\System\cOAQIfe.exe
  2⤵
  PID:7316
- C:\Windows\System\iHhjIda.exe
  C:\Windows\System\iHhjIda.exe
  2⤵
  PID:7340
- C:\Windows\System\IAbXKJR.exe
  C:\Windows\System\IAbXKJR.exe
  2⤵
  PID:7368
- C:\Windows\System\DdoZOjx.exe
  C:\Windows\System\DdoZOjx.exe
  2⤵
  PID:7408
- C:\Windows\System\AkAvhgt.exe
  C:\Windows\System\AkAvhgt.exe
  2⤵
  PID:7436
- C:\Windows\System\JfDCRvg.exe
  C:\Windows\System\JfDCRvg.exe
  2⤵
  PID:7452
- C:\Windows\System\VcmqCBX.exe
  C:\Windows\System\VcmqCBX.exe
  2⤵
  PID:7492
- C:\Windows\System\CFkpCjl.exe
  C:\Windows\System\CFkpCjl.exe
  2⤵
  PID:7512
- C:\Windows\System\xVRrUbK.exe
  C:\Windows\System\xVRrUbK.exe
  2⤵
  PID:7536
- C:\Windows\System\wUopIdN.exe
  C:\Windows\System\wUopIdN.exe
  2⤵
  PID:7580
- C:\Windows\System\dBFxvzc.exe
  C:\Windows\System\dBFxvzc.exe
  2⤵
  PID:7596
- C:\Windows\System\oRdqYpV.exe
  C:\Windows\System\oRdqYpV.exe
  2⤵
  PID:7624
- C:\Windows\System\QeVQijp.exe
  C:\Windows\System\QeVQijp.exe
  2⤵
  PID:7652
- C:\Windows\System\yHulkHK.exe
  C:\Windows\System\yHulkHK.exe
  2⤵
  PID:7680
- C:\Windows\System\dQxwtSW.exe
  C:\Windows\System\dQxwtSW.exe
  2⤵
  PID:7708
- C:\Windows\System\kgXHOIi.exe
  C:\Windows\System\kgXHOIi.exe
  2⤵
  PID:7748
- C:\Windows\System\YcUDLkB.exe
  C:\Windows\System\YcUDLkB.exe
  2⤵
  PID:7776
- C:\Windows\System\DOYdyUF.exe
  C:\Windows\System\DOYdyUF.exe
  2⤵
  PID:7800
- C:\Windows\System\fWWfUDm.exe
  C:\Windows\System\fWWfUDm.exe
  2⤵
  PID:7820
- C:\Windows\System\WbAdXSp.exe
  C:\Windows\System\WbAdXSp.exe
  2⤵
  PID:7860
- C:\Windows\System\XskmLPm.exe
  C:\Windows\System\XskmLPm.exe
  2⤵
  PID:7876
- C:\Windows\System\OqgWliq.exe
  C:\Windows\System\OqgWliq.exe
  2⤵
  PID:7892
- C:\Windows\System\lEqpjfN.exe
  C:\Windows\System\lEqpjfN.exe
  2⤵
  PID:7920
- C:\Windows\System\mDylnlM.exe
  C:\Windows\System\mDylnlM.exe
  2⤵
  PID:7952
- C:\Windows\System\CMjYzcu.exe
  C:\Windows\System\CMjYzcu.exe
  2⤵
  PID:7992
- C:\Windows\System\ZuPJeYt.exe
  C:\Windows\System\ZuPJeYt.exe
  2⤵
  PID:8016
- C:\Windows\System\EwNTLIQ.exe
  C:\Windows\System\EwNTLIQ.exe
  2⤵
  PID:8044
- C:\Windows\System\PvrVlOo.exe
  C:\Windows\System\PvrVlOo.exe
  2⤵
  PID:8072
- C:\Windows\System\YGrOeDW.exe
  C:\Windows\System\YGrOeDW.exe
  2⤵
  PID:8088
- C:\Windows\System\DKBcyBe.exe
  C:\Windows\System\DKBcyBe.exe
  2⤵
  PID:8120
- C:\Windows\System\YAEbsqH.exe
  C:\Windows\System\YAEbsqH.exe
  2⤵
  PID:8160
- C:\Windows\System\TAAzIJi.exe
  C:\Windows\System\TAAzIJi.exe
  2⤵
  PID:8188
- C:\Windows\System\xhGSLPH.exe
  C:\Windows\System\xhGSLPH.exe
  2⤵
  PID:7204
- C:\Windows\System\VudPOPR.exe
  C:\Windows\System\VudPOPR.exe
  2⤵
  PID:7244
- C:\Windows\System\QOvcnpj.exe
  C:\Windows\System\QOvcnpj.exe
  2⤵
  PID:7328
- C:\Windows\System\FnUgXsN.exe
  C:\Windows\System\FnUgXsN.exe
  2⤵
  PID:7400
- C:\Windows\System\cwxJJiP.exe
  C:\Windows\System\cwxJJiP.exe
  2⤵
  PID:7468
- C:\Windows\System\rHTmyDj.exe
  C:\Windows\System\rHTmyDj.exe
  2⤵
  PID:7572
- C:\Windows\System\oSVlYFE.exe
  C:\Windows\System\oSVlYFE.exe
  2⤵
  PID:7592
- C:\Windows\System\OomyGKR.exe
  C:\Windows\System\OomyGKR.exe
  2⤵
  PID:7692
- C:\Windows\System\zzibxEw.exe
  C:\Windows\System\zzibxEw.exe
  2⤵
  PID:7740
- C:\Windows\System\esdhJse.exe
  C:\Windows\System\esdhJse.exe
  2⤵
  PID:7812
- C:\Windows\System\fynGxWi.exe
  C:\Windows\System\fynGxWi.exe
  2⤵
  PID:7904
- C:\Windows\System\dUHwCOX.exe
  C:\Windows\System\dUHwCOX.exe
  2⤵
  PID:7932
- C:\Windows\System\MIHwVyB.exe
  C:\Windows\System\MIHwVyB.exe
  2⤵
  PID:8028
- C:\Windows\System\XiOkJgt.exe
  C:\Windows\System\XiOkJgt.exe
  2⤵
  PID:8084
- C:\Windows\System\vuppsgK.exe
  C:\Windows\System\vuppsgK.exe
  2⤵
  PID:8108
- C:\Windows\System\vkRLugL.exe
  C:\Windows\System\vkRLugL.exe
  2⤵
  PID:7268
- C:\Windows\System\mUYJCMJ.exe
  C:\Windows\System\mUYJCMJ.exe
  2⤵
  PID:7308
- C:\Windows\System\HBvdQaG.exe
  C:\Windows\System\HBvdQaG.exe
  2⤵
  PID:7528
- C:\Windows\System\rkKmZqi.exe
  C:\Windows\System\rkKmZqi.exe
  2⤵
  PID:7644
- C:\Windows\System\seFgAcA.exe
  C:\Windows\System\seFgAcA.exe
  2⤵
  PID:7768
- C:\Windows\System\mSBPPtV.exe
  C:\Windows\System\mSBPPtV.exe
  2⤵
  PID:7912
- C:\Windows\System\GcwIYkD.exe
  C:\Windows\System\GcwIYkD.exe
  2⤵
  PID:8032
- C:\Windows\System\HxGyRMR.exe
  C:\Windows\System\HxGyRMR.exe
  2⤵
  PID:7296
- C:\Windows\System\jUQJYYK.exe
  C:\Windows\System\jUQJYYK.exe
  2⤵
  PID:7704
- C:\Windows\System\VOFiJPX.exe
  C:\Windows\System\VOFiJPX.exe
  2⤵
  PID:7988
- C:\Windows\System\flsZkZd.exe
  C:\Windows\System\flsZkZd.exe
  2⤵
  PID:7848
- C:\Windows\System\KvOQekv.exe
  C:\Windows\System\KvOQekv.exe
  2⤵
  PID:8204
- C:\Windows\System\ItjxbUx.exe
  C:\Windows\System\ItjxbUx.exe
  2⤵
  PID:8228
- C:\Windows\System\RuCSYXW.exe
  C:\Windows\System\RuCSYXW.exe
  2⤵
  PID:8244
- C:\Windows\System\wZzBcVt.exe
  C:\Windows\System\wZzBcVt.exe
  2⤵
  PID:8276
- C:\Windows\System\KIeNUNg.exe
  C:\Windows\System\KIeNUNg.exe
  2⤵
  PID:8300
- C:\Windows\System\hCIUaRg.exe
  C:\Windows\System\hCIUaRg.exe
  2⤵
  PID:8336
- C:\Windows\System\orxtTgX.exe
  C:\Windows\System\orxtTgX.exe
  2⤵
  PID:8356
- C:\Windows\System\qDNKSlx.exe
  C:\Windows\System\qDNKSlx.exe
  2⤵
  PID:8388
- C:\Windows\System\PjdjTGg.exe
  C:\Windows\System\PjdjTGg.exe
  2⤵
  PID:8424
- C:\Windows\System\JuNvTtv.exe
  C:\Windows\System\JuNvTtv.exe
  2⤵
  PID:8460
- C:\Windows\System\jxyVtLt.exe
  C:\Windows\System\jxyVtLt.exe
  2⤵
  PID:8480
- C:\Windows\System\qZXzgoe.exe
  C:\Windows\System\qZXzgoe.exe
  2⤵
  PID:8508
- C:\Windows\System\sLEOUDe.exe
  C:\Windows\System\sLEOUDe.exe
  2⤵
  PID:8548
- C:\Windows\System\jJcOYVV.exe
  C:\Windows\System\jJcOYVV.exe
  2⤵
  PID:8572
- C:\Windows\System\SFPxVzD.exe
  C:\Windows\System\SFPxVzD.exe
  2⤵
  PID:8604
- C:\Windows\System\RDragom.exe
  C:\Windows\System\RDragom.exe
  2⤵
  PID:8632
- C:\Windows\System\fWrcyZy.exe
  C:\Windows\System\fWrcyZy.exe
  2⤵
  PID:8652
- C:\Windows\System\oDbLCpu.exe
  C:\Windows\System\oDbLCpu.exe
  2⤵
  PID:8676
- C:\Windows\System\gfZUGAJ.exe
  C:\Windows\System\gfZUGAJ.exe
  2⤵
  PID:8712
- C:\Windows\System\ZhbUhrB.exe
  C:\Windows\System\ZhbUhrB.exe
  2⤵
  PID:8732
- C:\Windows\System\ZvAQonv.exe
  C:\Windows\System\ZvAQonv.exe
  2⤵
  PID:8772
- C:\Windows\System\LGHxamY.exe
  C:\Windows\System\LGHxamY.exe
  2⤵
  PID:8800
- C:\Windows\System\StGqkvb.exe
  C:\Windows\System\StGqkvb.exe
  2⤵
  PID:8828
- C:\Windows\System\hgBsqWW.exe
  C:\Windows\System\hgBsqWW.exe
  2⤵
  PID:8844
- C:\Windows\System\kjhTfRf.exe
  C:\Windows\System\kjhTfRf.exe
  2⤵
  PID:8872
- C:\Windows\System\OzBQlzT.exe
  C:\Windows\System\OzBQlzT.exe
  2⤵
  PID:8896
- C:\Windows\System\obuUIVO.exe
  C:\Windows\System\obuUIVO.exe
  2⤵
  PID:8924
- C:\Windows\System\wrhBpqa.exe
  C:\Windows\System\wrhBpqa.exe
  2⤵
  PID:8960
- C:\Windows\System\UXQHGHo.exe
  C:\Windows\System\UXQHGHo.exe
  2⤵
  PID:8988
- C:\Windows\System\vUAFVNU.exe
  C:\Windows\System\vUAFVNU.exe
  2⤵
  PID:9004
- C:\Windows\System\SZaZfzg.exe
  C:\Windows\System\SZaZfzg.exe
  2⤵
  PID:9028
- C:\Windows\System\hJRXmNE.exe
  C:\Windows\System\hJRXmNE.exe
  2⤵
  PID:9052
- C:\Windows\System\bGPfcay.exe
  C:\Windows\System\bGPfcay.exe
  2⤵
  PID:9100
- C:\Windows\System\kQFcZHe.exe
  C:\Windows\System\kQFcZHe.exe
  2⤵
  PID:9116
- C:\Windows\System\ydEflEg.exe
  C:\Windows\System\ydEflEg.exe
  2⤵
  PID:9132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ANMkbWR.exe

Filesize
1.8MB

MD5
214f6d77cf7585cf0021f389a868c2c9

SHA1
80dd1556c11b7407bb8a103b5aabf44cd1d69f4b

SHA256
95f452350f95bc142f433353466c83370a3081f8d88a2e38743a63165f5f48b5

SHA512
b4384d9303b086a3a26927a3e6027c252bf5520b7d980b27062ecd75ecbc9457a5ef89bbf34b731903c2663fde7aa0431394e9fcb764acdc3230dd63ef9e3889

Download Submit
C:\Windows\System\BYynXdQ.exe

Filesize
1.8MB

MD5
ba8814bb69d14614fad8209548d01e22

SHA1
9fb9c06e61c84209b66deca8228a6316e47d1f73

SHA256
07708c30356cc23720609597655ecec06382328016790624d4f6cba2c361bc34

SHA512
8486f2baa0703072d1e13a0801b3eeaaa527a8af26bf11cd27ba6309a1ea43717eb43a6ed83926453b83648b84e5bdad32eeff4b66712e0f847242e68a703b16

Download Submit
C:\Windows\System\DmQLlXp.exe

Filesize
1.8MB

MD5
21c3fb77004c0104586494910f4dd834

SHA1
2d965c31dfdee563d726e8b9379ec61bbdf8eb0a

SHA256
129fd8f8e93451eff0d72a935e114cf1da033fc96eb13841e1a614a15dc995d7

SHA512
bed48352b5982002e5f547cd5632fd5dbf513ba9cfccbe430036a0848f868be38a682b3aee01b34a95b1899c3d962db368974af7a0cccfc6bce931c03481e71b

Download Submit
C:\Windows\System\EJrXkbM.exe

Filesize
1.8MB

MD5
7a567a00c2a1e11f55e6b5eeb56af071

SHA1
46901a291e3e66a3a11de5fc0bb44494215ecb1f

SHA256
b05a5fbd14b6e6706483ad2ef698dc62f0558c7babb25b75bca54eb2c48216dd

SHA512
04392952e95695d0072560b4317dbea28f82433b7701505607baff23988cdb1569fa827adbdd6aee8813d6af3b25fc05f8a0e2ae9c14eb6ac58c0c14c04e730a

Download Submit
C:\Windows\System\EYlFDZg.exe

Filesize
1.8MB

MD5
74c3c4a8d965f6a75cab5ff8392477c2

SHA1
f5783c6ba65e47812a823de75b7ea9a15e1fc1a5

SHA256
5c51d23294de2699070005ad824abda2b0bb6d904ff0f6dc1e3c8e305d88bbdc

SHA512
24432c2cb7d5533085f854c141d7f468f04dd8ecf4f3dcd931cd341e3320ee3b8b7c853e3985aa7b680d1136f2dd7748b481684e25ba5dbbaff351fc956bd6eb

Download Submit
C:\Windows\System\EpaHUXa.exe

Filesize
1.8MB

MD5
1a220dc4724e968affb09c56c4d429a2

SHA1
ea98c0484b1df89d9ab38a4a1e547ecc0142179e

SHA256
1d32ce77732b32cadfa225de4e9d428dd47f604e0b3f23c56fb319abfc5b0706

SHA512
dfd39de064e349a689ab442af7f66d9680f16aca49aa484fb0d6c3fa6a13b22d1547fcd914d7907f358b7469a1c08964d5d20139e5bb3f8f1cd85b05b966b936

Download Submit
C:\Windows\System\FMZxJsZ.exe

Filesize
1.8MB

MD5
f3d4d2db47ba2412f3db337c597cfa7a

SHA1
0eef2f32d6817b8b23f9b88c7a92a590d7e40469

SHA256
6be7fd9ed1215ff730f3fe8c938d0123b2e017daf82a3f7523d87f169889a7f2

SHA512
c02cbb90be6fa36c0febc05a4df9e56199cd0345ffab3190d17d11ba63aaa9ef6a2e050efda292c8f171e71bae5213bb0d26991947f2f009ea71287f7767f46a

Download Submit
C:\Windows\System\GRWPinL.exe

Filesize
1.8MB

MD5
8ea9d9f9c5553a24ec584e314f25ba8e

SHA1
572198c2d6b827e66a6da00dda93cc5d47806dd5

SHA256
009a740e642cf7997ec79a8feec337287c4cf6d554742b6098146064163b3c82

SHA512
b6a295d238b5981e0e2114f62b7bc6dae6c29b09400bc8801bd3859aa4f1517031cc604618ba52e4045d9651fd842f562f2bacbc1fb1fcfa273caaa27babf37a

Download Submit
C:\Windows\System\LKZaKxS.exe

Filesize
1.8MB

MD5
0af40ffe0a0865390ed83a8201ffd017

SHA1
57b550db5e527e6e838115add262c3e67dd6b6a4

SHA256
3db07e02ebcb117dc680e011f2f8866ac50f9dfa6c1d17f8a2737e80e7eeffd5

SHA512
5abd1490532d9649e58cb78936d2529348b6081e67bf23435075965579101c31f1f29f7f08f3bcabf434f63452e73b586e8564cc910773054654b47a53d0616c

Download Submit
C:\Windows\System\LuleMwV.exe

Filesize
1.8MB

MD5
1997e6dbc36c6b8450a85c84cdf6cfc0

SHA1
d32c29aeb96028198cb28e103b1f201bcbd46e67

SHA256
30c0b42001ade334de74c4230f5aa0adadd97bc6772dd749c8b70324873cdd2a

SHA512
c74f59ed29903f4b0c4fc0b3d62e82f72dfdbf8215ea0562eb5b56ea46979acd8bfd7569f1d670afbf401fb181b26e9260c8d15d862b4adb6ef64688d382ab1a

Download Submit
C:\Windows\System\NVxKzgx.exe

Filesize
1.8MB

MD5
6cfa7802295325b3183d01de33288c62

SHA1
164562703647e3d69ad12f0a2f529cd3cbdf0ca8

SHA256
8d1b4ccf0854f94b797dd46432726ce862f253498fa9ac9643fff50347718357

SHA512
831db4d938ad726d500542589b7a4201621c0caea5c4e98f65bfef41bd206d8711bd50260be6e8fc84fa849a578660b7b1c379a170503724a07a9a444b8aa19c

Download Submit
C:\Windows\System\OGuBIoY.exe

Filesize
1.8MB

MD5
5c050d88c083c19f10e47a02a7f2b295

SHA1
e7ea23ca9f017094559c39d457b3b6b142434a5b

SHA256
8cdcab3a394a2328c4e4e7e4db47012ba325695936452a61d92f9c406e9e8769

SHA512
429148e91432ffc943f34ee98053351187635d2167e5822f9b26fed1ec190fc779bacdc4ddf081a0b49cf128b4392056c8cd6f89ee52ffdc317d86b28edb17bd

Download Submit
C:\Windows\System\OYuuMXl.exe

Filesize
1.8MB

MD5
ef490a0615bf8af135355bcf531f7f79

SHA1
42fa1089de612907617d97bfa610225596339e5d

SHA256
43c45eed35b9e923775f8f928a03a857a8814685797370e0d06507cda4e125ee

SHA512
ba017c77621fb146821a715b3c9ddd35e83da80ec0585bd54abea7f59b292f62bbceca7c6e9247c0dc8f771dd5c3d3462f885e8156eed04c41b3b1b717f19d9f

Download Submit
C:\Windows\System\ObWhwrn.exe

Filesize
1.8MB

MD5
3b3ff6780d7efc9a2ce077b1d88f83d9

SHA1
5acf5c6ba1b8a401e589765d068fd4c609a03ebb

SHA256
56653cf05f01fe24e4781112e520465b89f1d657e56053e5c381160139fe6ec5

SHA512
6c9a3610b0e5ff6eb28362d967c2b5b69f398244c93deaf879628aad4ece9fc84336b2fc1b8d51a04394b4392179fef989ab60ba3f082015f9eb92eacbbafa3e

Download Submit
C:\Windows\System\QjqWXKF.exe

Filesize
1.8MB

MD5
6b165eb62596e51670ea5ac664f7a384

SHA1
4c97efcf290b6ec795613134c8100546ae267ec5

SHA256
7bd3e3897cf580f837613ff60644759417415b1d5c3d063719c1271718996f0a

SHA512
795cb461d62ce70ac7f97fb2a14d24c9e5f1a2275eaa0da8d889b308ad575e4b8b1315184cb4521253569ea20c330472256584d01e4040fcbc6d0aec37b86fe1

Download Submit
C:\Windows\System\TjlKCeH.exe

Filesize
1.8MB

MD5
68fb69467465c556869a371f5cc60c48

SHA1
acfe8d5e42cc5d46e67033ecb64bd61ae7518641

SHA256
a825942b9246536afa580e201a7feabadba134eab7425f1abf8b21d92b199d8a

SHA512
7418430f3fdb11ad655f24272b311a6a1384ad9a2327f48dfbfc1c3aba5053cbb27f129d3a29bce5d9f960464cac372868c2f5a492fee9e93f7b82a357652632

Download Submit
C:\Windows\System\WAvydOE.exe

Filesize
1.8MB

MD5
b88a2d5310613732e5550981ddd4d1c1

SHA1
4bb56f6d073e25d4008d2670134494a725033a59

SHA256
24be1460ac6752f1d3a3929b775c3660ce7b84b335c5c871a41ea6244dceba70

SHA512
e85fe0ef9585921218197c7907eed6993d26dbcf68f10524df2e0fc91e14c279a4292b39d7fed6df64d0bc6fe4ae38121504b6f0617a48f28acc86eb82783e14

Download Submit
C:\Windows\System\XawRxoe.exe

Filesize
1.8MB

MD5
dd06c816f0065d79920ab10d54ce5c5d

SHA1
83682a8d8139b17d5d0a2c0b170ad6a9b79c812d

SHA256
614536071e97062b0b99f25add5415c4d6f30f7a18e6e0d726643b5517285ece

SHA512
807149c13ebef90eb816b0f8eaafcf1a1a9f10bda31dd0cf12ffe7aa4a3efcadd27ad896ff1bdfebfc115de7d63c810a9ed8b76985edac0fd1bcb2d56a7f0a7f

Download Submit
C:\Windows\System\ZMCdlql.exe

Filesize
1.8MB

MD5
d8dba1c40a2f513329978617e5e458aa

SHA1
f239f3684bb9bb9e503026013f3d393cc54625ba

SHA256
bf13ff50d3a78dd366f1bd95421e006c02eac184318c45f04e539fc82934f35c

SHA512
61a5e6cd7e24356058f627af0be185f61f2825f688b332055d5a6e7501ea5acfb2c950c8e91bdb582b9f2b276757b060275797c08b5bdc2f1f82441738026bec

Download Submit
C:\Windows\System\bAPALUG.exe

Filesize
1.8MB

MD5
2f8275acd987a948c1ecff9378c0be37

SHA1
dc8e4e37dc3ceecd8d70f442dc06340a7c2e7b8e

SHA256
1cd301d5ad7378653ea0e2f5d07198ce47fb5b76b44d3db1a69d0980819b37b1

SHA512
8b05beb83cc29288cbd2665dbe84350582e5bdad5b1056c6cdb09c9225b73c314997a98e76cb5e11e9e3556fd11d349e1e3714dce4ddc1b7ab5af77f417cf68b

Download Submit
C:\Windows\System\hYZcIXT.exe

Filesize
1.8MB

MD5
57998d8b8d563a512e65bfb8e98f688b

SHA1
4c9c0a4cb2848e9dc0f6e8fc72f5bdf3e7f2db57

SHA256
cfe15a754acca745870b02070ff8a84ec6ed4b6b48dbb72ea203e5228c8f9c2e

SHA512
531698f315795c3826c2cee80cf3a4cb6b603b09af6395cabf773466d3a617a9afca3ce6bd0a798f4df0c5bee643c952fd0a6b8418f7a6afca2c3ffc7022f8a3

Download Submit
C:\Windows\System\hsEtdWs.exe

Filesize
1.8MB

MD5
f1669d04f0c438fd750421016cb0c3f0

SHA1
a786c5d776281d7dbf2ad0326c3472752c2d248c

SHA256
3892592f20f7682c57bfecdd71b7822b14e90990a210e44335966f2305c9ebf1

SHA512
9d03672d511d8734316cf276b22feebe2978fe902da3a724f47edcf5d3ff4a1d5e6d42e4c72837bca7b373c9e5c309415f8d1a74a2c7a604d6472a09cfb49278

Download Submit
C:\Windows\System\iTLHZCe.exe

Filesize
1.8MB

MD5
dffa0177ab40df7d3e33a3b4dc0157a2

SHA1
546ed2f31ad0cdd1790a300939632d8298f2d399

SHA256
ca9b91187d12e103a0bb9bd3ce4231d6d0693ba70a9476f8f66e7815cf3caa73

SHA512
164adfc1f398ed9af0bd831dc422d421f371f032b99f0c2da7a2ca7d52f6f7c8305a28a06cdab1ba30d9f5103cb4c9835918996fd3464b0b6e5330d5ce6c449d

Download Submit
C:\Windows\System\lSNCclA.exe

Filesize
1.8MB

MD5
e03de124a1d45dcf3e4a55c5655a585d

SHA1
5cbe8bdfb399e825364959cdc96a84ffb627bf17

SHA256
077762c8c74dca32c48ddad4be0045906066173ac29474aa2a9c0aa289187fe5

SHA512
df6f3a16d89139265c21c1cb05339a2e2d88eee0454afd3bbe9222c20ae0b1dd228e5c9d0cc8a3c4ae1b9cc2ccacf635a90ca5c022a69be9f9aa2110ce60d6f1

Download Submit
C:\Windows\System\losxrGO.exe

Filesize
1.8MB

MD5
6fd3c68bf3d28332e64ba174de1cb2ff

SHA1
900cb019b3e4f9d49ce1ff5bdb91eaae32207445

SHA256
32e0d928d28df880a82685e0997626b1c4a8b22747da36fe0ca93dd68ea110e0

SHA512
2cb28cef0b8e0a6aadd4fb2c05d7e7a16872acef153249c291d5aa40d5185ca6108ed40f151a353cf5147a0b2a9d338f61be2487e157b69944b47c7a0b76ef00

Download Submit
C:\Windows\System\mIesFjD.exe

Filesize
1.8MB

MD5
8b0cbdb2281abc91073f0a903bd24be2

SHA1
130476b247f7bcdaa1a822d6c4d1e1707dc0a448

SHA256
0cd0a8333080a26e4d67cc3f072054e988851de29c0f48ba7cfb05cf15bb8fb6

SHA512
6d8977f0ec24ec644b61f8fbe2042eb3d0779ed54ccff91f1cf517251b354ce13fea5443ef039c95cd2a28ac9ba3a31c1a7f7b9e205aaefa51b7175408f942a2

Download Submit
C:\Windows\System\mTCXCkD.exe

Filesize
1.8MB

MD5
92710994bf6f1d317958254afa883cd3

SHA1
a03d7b32d09274c215f9adfa565a79c8f037e925

SHA256
e60e15f1d6fedf7c4ccb46dd3d60f8f045a4fb4e08fe4064ce58f76b07573dc6

SHA512
85ca688be70e971db5478fe9f3ea3d644545fb75676e2ba2d295de25218ef5cd9fc1147db40cc6c290ddceb1ff5c983aad2239b99ad3b82ab3bf98343522a70e

Download Submit
C:\Windows\System\mXalpDi.exe

Filesize
1.8MB

MD5
7367f147d3681aeda30501956c41fef0

SHA1
2379ee8da918e4805f96325234bff8e6f6d610d1

SHA256
ae0a605f53be12bad1ef6cf84156f58f8c4a40e475015bcebd736e640123fc14

SHA512
dcb52bfa466a2201ff4dba36d364a1747e26a9d36f1fb8fe0563d8178f2486f84dabe3a0dd53ba05a62ddb073bd00836207f1d5af23fa3b3b64a4762c9582611

Download Submit
C:\Windows\System\putYiOQ.exe

Filesize
1.8MB

MD5
3c05fd55302c385a3c76afd12329e472

SHA1
3c0dbc9bf9a70e244a0cfbeea1b002e9850734db

SHA256
702ad5b9ca78ec24a62ef8c17732b9158aa6b200a18528de809d3f0e4e78ac67

SHA512
8c5495b4d09fd8807fd851aa263da3a66843c772b9ccdc533afe17d49d3461f26f142228b968fb560929e09c72145af3b68899843320449db38b6f856f4b592a

Download Submit
C:\Windows\System\rEaoOVK.exe

Filesize
1.8MB

MD5
4db9264c0b82eece9ecfe720976292ff

SHA1
0f2c0ab4b92800f870292eb09f1357c4f243503c

SHA256
c28acba66e064033df713a381a3757b6cdee5935d5bd0997d98c1b0a06e606fd

SHA512
4c731213846b21cd34cf6261df84a212a70c3bf21e107b85c4173931db70b74837eae54ce2f4d3eee61d286e5682267fe7065409a51ee9bc08f27bf481b22d94

Download Submit
C:\Windows\System\sFpdNHn.exe

Filesize
1.8MB

MD5
5290bca93c296ff01697c55b0401d85e

SHA1
3010c6dbb8b9ded558959591cce15af46e143368

SHA256
8de4bb59301375f2ca7c0a46840e6e5f5ce3711c635f50fd621c478d9bd0eddd

SHA512
53f31f40dfbdfcb0bdece2920294541ea6ec681d3693937bc78ef19a80b3cf81c2d53c3804a0784c3edd023a9f340a4f2aa8c92927b46434d3ec111548f0a2ad

Download Submit
C:\Windows\System\sTKDMwi.exe

Filesize
1.8MB

MD5
559fc5c6d5bf9028456e7042fce4bf95

SHA1
4fff56e922ec2a8e5e08bae8498229609cb22cae

SHA256
f4ab689d195e58e89d6c48800f90c598757a14c7915ac4d5fd79f1b2b2a00463

SHA512
16bfc2968cb7753d6609a7b65493605047b2faf3517bf56b4d23b9c8180ef00304c8ba74ebc8708796d8669913ac1fa5a6a9c9bbf195e0c25e472dfc99b1a968

Download Submit
C:\Windows\System\xYXsVRt.exe

Filesize
1.8MB

MD5
38683a54324313ea40cc91c7641e1d62

SHA1
a56d2da86bdb4dbd28fd0570ab85370c371b0447

SHA256
ff4e86dce4aeea5ef4395f5827c58ee855cac66fe784f21c87721fa013c1827c

SHA512
86a22de590c37246080e6d9552295a1bd0b4730e9635909fcd804a9b7cae76ed118235792a02df49e2dbf1023adc16da833101232f21751c6ee865ab8a6226d1

Download Submit
memory/4508-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download