Overview
overview
10Static
static
10XPloit.zip
windows7-x64
3XPloit.zip
windows10-2004-x64
1ForlornApi.dll
windows7-x64
1ForlornApi.dll
windows10-2004-x64
1ForlornInject.dll
windows7-x64
1ForlornInject.dll
windows10-2004-x64
7XPloit.deps.json
windows7-x64
3XPloit.deps.json
windows10-2004-x64
3XPloit.exe
windows7-x64
10XPloit.exe
windows10-2004-x64
10XPloit.exe
windows7-x64
10XPloit.exe
windows10-2004-x64
10main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3XPloit.pdb
windows7-x64
3XPloit.pdb
windows10-2004-x64
3XPloit.run...g.json
windows7-x64
3XPloit.run...g.json
windows10-2004-x64
3workspace/IY_FE.iy
windows7-x64
3workspace/IY_FE.iy
windows10-2004-x64
3workspace/...s.json
windows7-x64
3workspace/...s.json
windows10-2004-x64
3Resubmissions
21-12-2024 17:42
241221-v9y3xavlaz 1020-12-2024 23:19
241220-3bbtqawpat 1020-12-2024 19:29
241220-x7fjwssqdm 10Analysis
-
max time kernel
38s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
21-12-2024 17:42
Behavioral task
behavioral1
Sample
XPloit.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
XPloit.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ForlornApi.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ForlornApi.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ForlornInject.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
ForlornInject.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
XPloit.deps.json
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
XPloit.deps.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
XPloit.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
XPloit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
XPloit.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
XPloit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
main.pyc
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
main.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
XPloit.pdb
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
XPloit.pdb
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
XPloit.runtimeconfig.json
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
XPloit.runtimeconfig.json
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
workspace/IY_FE.iy
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
workspace/IY_FE.iy
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
workspace/MercurySettings.json
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
workspace/MercurySettings.json
Resource
win10v2004-20241007-en
General
-
Target
XPloit.exe
-
Size
18.6MB
-
MD5
bb2ef742beac994d93804ffd0f5e25a9
-
SHA1
ca276708b744d244b4e1dc897eb707869e681c34
-
SHA256
54a08d439e0024aaa094b8bc9360672c6d7c09d800548a72efdc3ac6a11fe151
-
SHA512
fc79e068d5953ef62d60d8741896661be482b89816e9a7430151f6040ebfd3a48df649c596903017781bfa3febc8d2460ad53f83348db740341f54a093f27122
-
SSDEEP
393216:ZbqPnLFXlrWQ8DOETgsvfG7gsNvEvpc2R20Imm3:sPLFXNWQhEiFiv2G2T3
Malware Config
Extracted
darkcomet
Sazan
127.0.0.1:1604
DC_MUTEX-R2MY49E
-
gencode
0JGDeNqTa1iX
-
install
false
-
offline_keylogger
true
-
persistence
false
Signatures
-
Darkcomet family
-
Executes dropped EXE 64 IoCs
pid Process 3008 BUILT.EXE 3040 BUILT.EXE 2900 BUILT.EXE 776 BUILT.EXE 264 BUILT.EXE 316 BUILT.EXE 2332 BUILT.EXE 1296 BUILT.EXE 2972 BUILT.EXE 2476 BUILT.EXE 4076 BUILT.EXE 2000 BUILT.EXE 480 BUILT.EXE 2632 BUILT.EXE 764 BUILT.EXE 948 BUILT.EXE 1484 BUILT.EXE 372 BUILT.EXE 3124 BUILT.EXE 2016 BUILT.EXE 3004 BUILT.EXE 2908 BUILT.EXE 4052 BUILT.EXE 3560 BUILT.EXE 2064 BUILT.EXE 1776 BUILT.EXE 3188 BUILT.EXE 824 BUILT.EXE 2896 BUILT.EXE 3132 BUILT.EXE 4040 BUILT.EXE 2308 BUILT.EXE 3664 BUILT.EXE 3524 BUILT.EXE 2928 BUILT.EXE 3668 BUILT.EXE 3020 BUILT.EXE 3192 BUILT.EXE 3296 BUILT.EXE 3052 BUILT.EXE 3584 BUILT.EXE 1836 BUILT.EXE 1200 Process not Found 3356 BUILT.EXE 4144 BUILT.EXE 4528 BUILT.EXE 4640 BUILT.EXE 4912 BUILT.EXE 1696 BUILT.EXE 2880 BUILT.EXE 756 BUILT.EXE 4520 BUILT.EXE 3448 BUILT.EXE 4720 BUILT.EXE 4232 BUILT.EXE 5032 BUILT.EXE 4620 BUILT.EXE 4616 BUILT.EXE 2444 BUILT.EXE 3768 BUILT.EXE 4664 BUILT.EXE 3376 BUILT.EXE 4172 BUILT.EXE 5064 BUILT.EXE -
Loads dropped DLL 64 IoCs
pid Process 2604 XPloit.exe 3008 BUILT.EXE 2604 XPloit.exe 2628 XPLOIT.EXE 3040 BUILT.EXE 1180 XPLOIT.EXE 580 XPLOIT.EXE 1032 XPLOIT.EXE 2536 XPLOIT.EXE 1620 XPLOIT.EXE 2508 XPLOIT.EXE 2812 XPLOIT.EXE 2972 BUILT.EXE 2000 BUILT.EXE 3652 XPLOIT.EXE 1296 BUILT.EXE 316 BUILT.EXE 2344 XPLOIT.EXE 1576 XPLOIT.EXE 2900 BUILT.EXE 480 BUILT.EXE 2320 XPLOIT.EXE 2632 BUILT.EXE 3124 BUILT.EXE 1368 XPLOIT.EXE 2332 BUILT.EXE 572 XPLOIT.EXE 2360 XPLOIT.EXE 3004 BUILT.EXE 3608 XPLOIT.EXE 1444 XPLOIT.EXE 3272 XPLOIT.EXE 3740 XPLOIT.EXE 2140 XPLOIT.EXE 3872 XPLOIT.EXE 4076 BUILT.EXE 3944 XPLOIT.EXE 264 BUILT.EXE 1776 BUILT.EXE 2956 XPLOIT.EXE 2476 BUILT.EXE 2016 BUILT.EXE 2040 XPLOIT.EXE 2928 BUILT.EXE 2044 XPLOIT.EXE 3276 XPLOIT.EXE 2984 XPLOIT.EXE 2716 XPLOIT.EXE 764 BUILT.EXE 2204 XPLOIT.EXE 2308 BUILT.EXE 3524 BUILT.EXE 1836 BUILT.EXE 1200 Process not Found 3572 XPLOIT.EXE 3292 XPLOIT.EXE 4152 XPLOIT.EXE 776 BUILT.EXE 4540 XPLOIT.EXE 4640 BUILT.EXE 4052 BUILT.EXE 1696 BUILT.EXE 4920 XPLOIT.EXE 2284 XPLOIT.EXE -
resource yara_rule behavioral11/files/0x000500000001c88e-123.dat upx behavioral11/files/0x000400000001d35f-213.dat upx behavioral11/files/0x000400000001d570-239.dat upx behavioral11/files/0x000400000001df3a-531.dat upx behavioral11/files/0x000400000001da74-352.dat upx behavioral11/files/0x0005000000020160-666.dat upx behavioral11/files/0x00040000000204c1-747.dat upx behavioral11/memory/480-952-0x000007FEF5A30000-0x000007FEF5E9E000-memory.dmp upx behavioral11/memory/1776-1495-0x000007FEF4870000-0x000007FEF4CDE000-memory.dmp upx behavioral11/memory/3524-1807-0x000007FEF3B20000-0x000007FEF3F8E000-memory.dmp upx behavioral11/memory/4232-3110-0x000007FEF2960000-0x000007FEF2DCE000-memory.dmp upx behavioral11/memory/4616-3154-0x000007FEF24F0000-0x000007FEF295E000-memory.dmp upx behavioral11/memory/3744-4101-0x000007FEF2080000-0x000007FEF24EE000-memory.dmp upx behavioral11/memory/4164-4249-0x000007FEEFF50000-0x000007FEF03BE000-memory.dmp upx behavioral11/memory/4816-4258-0x000007FEEEFE0000-0x000007FEEF44E000-memory.dmp upx behavioral11/memory/804-4535-0x000007FEEEB70000-0x000007FEEEFDE000-memory.dmp upx behavioral11/memory/1800-4563-0x000007FEEE700000-0x000007FEEEB6E000-memory.dmp upx behavioral11/memory/3744-4944-0x000007FEF2080000-0x000007FEF24EE000-memory.dmp upx behavioral11/memory/4720-3101-0x000007FEF2DD0000-0x000007FEF323E000-memory.dmp upx behavioral11/memory/1696-2496-0x000007FEF3240000-0x000007FEF36AE000-memory.dmp upx behavioral11/memory/4640-2433-0x000007FEF36B0000-0x000007FEF3B1E000-memory.dmp upx behavioral11/memory/2308-1768-0x000007FEF3F90000-0x000007FEF43FE000-memory.dmp upx behavioral11/memory/2928-1737-0x000007FEF4400000-0x000007FEF486E000-memory.dmp upx behavioral11/memory/3004-1476-0x000007FEF4CE0000-0x000007FEF514E000-memory.dmp upx behavioral11/memory/3124-983-0x000007FEF5150000-0x000007FEF55BE000-memory.dmp upx behavioral11/memory/2632-940-0x000007FEF55C0000-0x000007FEF5A2E000-memory.dmp upx behavioral11/memory/2000-918-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp upx behavioral11/files/0x000400000002056b-778.dat upx behavioral11/files/0x000400000002051e-768.dat upx behavioral11/files/0x0004000000020503-764.dat upx behavioral11/files/0x00040000000204e9-761.dat upx behavioral11/files/0x00040000000204e5-758.dat upx behavioral11/files/0x00040000000204bb-743.dat upx behavioral11/files/0x00040000000204ab-738.dat upx behavioral11/files/0x000400000002049f-735.dat upx behavioral11/files/0x0004000000020491-731.dat upx behavioral11/files/0x0004000000020487-726.dat upx behavioral11/files/0x00050000000201ce-711.dat upx behavioral11/files/0x00050000000201c0-706.dat upx behavioral11/files/0x000500000002019e-690.dat upx behavioral11/files/0x0005000000020166-669.dat upx behavioral11/files/0x000300000001fe0b-663.dat upx behavioral11/files/0x000300000001fdf7-661.dat upx behavioral11/files/0x000300000001fdd5-648.dat upx behavioral11/files/0x000300000001fdd3-643.dat upx behavioral11/files/0x000400000001e84e-610.dat upx behavioral11/files/0x000400000001e84a-609.dat upx behavioral11/files/0x000400000001dc22-407.dat upx behavioral11/files/0x000400000001dc13-400.dat upx behavioral11/files/0x000400000001dc02-396.dat upx behavioral11/files/0x000400000001dbb7-384.dat upx behavioral11/files/0x000400000001e75d-590.dat upx behavioral11/files/0x000400000001e5de-587.dat upx behavioral11/files/0x000400000001dae0-367.dat upx behavioral11/files/0x000400000001dadc-365.dat upx behavioral11/files/0x000400000001dac6-363.dat upx behavioral11/files/0x000400000001e30d-580.dat upx behavioral11/files/0x000400000001e22d-573.dat upx behavioral11/files/0x000400000001e08d-563.dat upx behavioral11/files/0x000400000001e003-559.dat upx behavioral11/files/0x000400000001ddf9-470.dat upx behavioral11/files/0x000400000001ddf3-468.dat upx behavioral11/files/0x000400000001dde9-465.dat upx behavioral11/files/0x000400000001dde7-462.dat upx -
Detects Pyinstaller 1 IoCs
resource yara_rule behavioral11/files/0x000c00000001202c-3.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPloit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language XPLOIT.EXE -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2604 XPloit.exe Token: SeSecurityPrivilege 2604 XPloit.exe Token: SeTakeOwnershipPrivilege 2604 XPloit.exe Token: SeLoadDriverPrivilege 2604 XPloit.exe Token: SeSystemProfilePrivilege 2604 XPloit.exe Token: SeSystemtimePrivilege 2604 XPloit.exe Token: SeProfSingleProcessPrivilege 2604 XPloit.exe Token: SeIncBasePriorityPrivilege 2604 XPloit.exe Token: SeCreatePagefilePrivilege 2604 XPloit.exe Token: SeBackupPrivilege 2604 XPloit.exe Token: SeRestorePrivilege 2604 XPloit.exe Token: SeShutdownPrivilege 2604 XPloit.exe Token: SeDebugPrivilege 2604 XPloit.exe Token: SeSystemEnvironmentPrivilege 2604 XPloit.exe Token: SeChangeNotifyPrivilege 2604 XPloit.exe Token: SeRemoteShutdownPrivilege 2604 XPloit.exe Token: SeUndockPrivilege 2604 XPloit.exe Token: SeManageVolumePrivilege 2604 XPloit.exe Token: SeImpersonatePrivilege 2604 XPloit.exe Token: SeCreateGlobalPrivilege 2604 XPloit.exe Token: 33 2604 XPloit.exe Token: 34 2604 XPloit.exe Token: 35 2604 XPloit.exe Token: SeIncreaseQuotaPrivilege 2628 XPLOIT.EXE Token: SeSecurityPrivilege 2628 XPLOIT.EXE Token: SeTakeOwnershipPrivilege 2628 XPLOIT.EXE Token: SeLoadDriverPrivilege 2628 XPLOIT.EXE Token: SeSystemProfilePrivilege 2628 XPLOIT.EXE Token: SeSystemtimePrivilege 2628 XPLOIT.EXE Token: SeProfSingleProcessPrivilege 2628 XPLOIT.EXE Token: SeIncBasePriorityPrivilege 2628 XPLOIT.EXE Token: SeCreatePagefilePrivilege 2628 XPLOIT.EXE Token: SeBackupPrivilege 2628 XPLOIT.EXE Token: SeRestorePrivilege 2628 XPLOIT.EXE Token: SeShutdownPrivilege 2628 XPLOIT.EXE Token: SeDebugPrivilege 2628 XPLOIT.EXE Token: SeSystemEnvironmentPrivilege 2628 XPLOIT.EXE Token: SeChangeNotifyPrivilege 2628 XPLOIT.EXE Token: SeRemoteShutdownPrivilege 2628 XPLOIT.EXE Token: SeUndockPrivilege 2628 XPLOIT.EXE Token: SeManageVolumePrivilege 2628 XPLOIT.EXE Token: SeImpersonatePrivilege 2628 XPLOIT.EXE Token: SeCreateGlobalPrivilege 2628 XPLOIT.EXE Token: 33 2628 XPLOIT.EXE Token: 34 2628 XPLOIT.EXE Token: 35 2628 XPLOIT.EXE Token: SeIncreaseQuotaPrivilege 580 XPLOIT.EXE Token: SeSecurityPrivilege 580 XPLOIT.EXE Token: SeTakeOwnershipPrivilege 580 XPLOIT.EXE Token: SeLoadDriverPrivilege 580 XPLOIT.EXE Token: SeSystemProfilePrivilege 580 XPLOIT.EXE Token: SeSystemtimePrivilege 580 XPLOIT.EXE Token: SeProfSingleProcessPrivilege 580 XPLOIT.EXE Token: SeIncBasePriorityPrivilege 580 XPLOIT.EXE Token: SeCreatePagefilePrivilege 580 XPLOIT.EXE Token: SeBackupPrivilege 580 XPLOIT.EXE Token: SeRestorePrivilege 580 XPLOIT.EXE Token: SeShutdownPrivilege 580 XPLOIT.EXE Token: SeDebugPrivilege 580 XPLOIT.EXE Token: SeSystemEnvironmentPrivilege 580 XPLOIT.EXE Token: SeChangeNotifyPrivilege 580 XPLOIT.EXE Token: SeRemoteShutdownPrivilege 580 XPLOIT.EXE Token: SeUndockPrivilege 580 XPLOIT.EXE Token: SeManageVolumePrivilege 580 XPLOIT.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2604 XPloit.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2604 wrote to memory of 3008 2604 XPloit.exe 30 PID 2604 wrote to memory of 3008 2604 XPloit.exe 30 PID 2604 wrote to memory of 3008 2604 XPloit.exe 30 PID 2604 wrote to memory of 3008 2604 XPloit.exe 30 PID 2604 wrote to memory of 2628 2604 XPloit.exe 31 PID 2604 wrote to memory of 2628 2604 XPloit.exe 31 PID 2604 wrote to memory of 2628 2604 XPloit.exe 31 PID 2604 wrote to memory of 2628 2604 XPloit.exe 31 PID 3008 wrote to memory of 3040 3008 BUILT.EXE 32 PID 3008 wrote to memory of 3040 3008 BUILT.EXE 32 PID 3008 wrote to memory of 3040 3008 BUILT.EXE 32 PID 2604 wrote to memory of 2900 2604 XPloit.exe 33 PID 2604 wrote to memory of 2900 2604 XPloit.exe 33 PID 2604 wrote to memory of 2900 2604 XPloit.exe 33 PID 2604 wrote to memory of 2900 2604 XPloit.exe 33 PID 2628 wrote to memory of 776 2628 XPLOIT.EXE 34 PID 2628 wrote to memory of 776 2628 XPLOIT.EXE 34 PID 2628 wrote to memory of 776 2628 XPLOIT.EXE 34 PID 2628 wrote to memory of 776 2628 XPLOIT.EXE 34 PID 2604 wrote to memory of 1180 2604 XPloit.exe 35 PID 2604 wrote to memory of 1180 2604 XPloit.exe 35 PID 2604 wrote to memory of 1180 2604 XPloit.exe 35 PID 2604 wrote to memory of 1180 2604 XPloit.exe 35 PID 2628 wrote to memory of 580 2628 XPLOIT.EXE 36 PID 2628 wrote to memory of 580 2628 XPLOIT.EXE 36 PID 2628 wrote to memory of 580 2628 XPLOIT.EXE 36 PID 2628 wrote to memory of 580 2628 XPLOIT.EXE 36 PID 1180 wrote to memory of 264 1180 XPLOIT.EXE 37 PID 1180 wrote to memory of 264 1180 XPLOIT.EXE 37 PID 1180 wrote to memory of 264 1180 XPLOIT.EXE 37 PID 1180 wrote to memory of 264 1180 XPLOIT.EXE 37 PID 1180 wrote to memory of 1032 1180 XPLOIT.EXE 38 PID 1180 wrote to memory of 1032 1180 XPLOIT.EXE 38 PID 1180 wrote to memory of 1032 1180 XPLOIT.EXE 38 PID 1180 wrote to memory of 1032 1180 XPLOIT.EXE 38 PID 580 wrote to memory of 316 580 XPLOIT.EXE 39 PID 580 wrote to memory of 316 580 XPLOIT.EXE 39 PID 580 wrote to memory of 316 580 XPLOIT.EXE 39 PID 580 wrote to memory of 316 580 XPLOIT.EXE 39 PID 580 wrote to memory of 2536 580 XPLOIT.EXE 40 PID 580 wrote to memory of 2536 580 XPLOIT.EXE 40 PID 580 wrote to memory of 2536 580 XPLOIT.EXE 40 PID 580 wrote to memory of 2536 580 XPLOIT.EXE 40 PID 1032 wrote to memory of 2332 1032 XPLOIT.EXE 41 PID 1032 wrote to memory of 2332 1032 XPLOIT.EXE 41 PID 1032 wrote to memory of 2332 1032 XPLOIT.EXE 41 PID 1032 wrote to memory of 2332 1032 XPLOIT.EXE 41 PID 1032 wrote to memory of 1620 1032 XPLOIT.EXE 42 PID 1032 wrote to memory of 1620 1032 XPLOIT.EXE 42 PID 1032 wrote to memory of 1620 1032 XPLOIT.EXE 42 PID 1032 wrote to memory of 1620 1032 XPLOIT.EXE 42 PID 2536 wrote to memory of 1296 2536 XPLOIT.EXE 43 PID 2536 wrote to memory of 1296 2536 XPLOIT.EXE 43 PID 2536 wrote to memory of 1296 2536 XPLOIT.EXE 43 PID 2536 wrote to memory of 1296 2536 XPLOIT.EXE 43 PID 2536 wrote to memory of 2508 2536 XPLOIT.EXE 623 PID 2536 wrote to memory of 2508 2536 XPLOIT.EXE 623 PID 2536 wrote to memory of 2508 2536 XPLOIT.EXE 623 PID 2536 wrote to memory of 2508 2536 XPLOIT.EXE 623 PID 1620 wrote to memory of 2972 1620 XPLOIT.EXE 45 PID 1620 wrote to memory of 2972 1620 XPLOIT.EXE 45 PID 1620 wrote to memory of 2972 1620 XPLOIT.EXE 45 PID 1620 wrote to memory of 2972 1620 XPLOIT.EXE 45 PID 1620 wrote to memory of 2812 1620 XPLOIT.EXE 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\XPloit.exe"C:\Users\Admin\AppData\Local\Temp\XPloit.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3040
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:776 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4640
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:580 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:316 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2632
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1296 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:480
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3524
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"6⤵
- Loads dropped DLL
PID:3652 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"7⤵
- Executes dropped EXE
PID:948 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"8⤵PID:3308
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"7⤵
- Loads dropped DLL
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"9⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2928
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"8⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"9⤵
- Executes dropped EXE
PID:3664 -
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"10⤵PID:3744
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"9⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"10⤵PID:1860
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"11⤵PID:3540
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"10⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"11⤵PID:5252
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"12⤵PID:5996
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"11⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"12⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"13⤵PID:544
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"12⤵PID:2812
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"13⤵PID:5592
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"14⤵PID:4016
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"13⤵PID:5704
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"14⤵PID:4772
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"15⤵PID:2504
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"14⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"15⤵PID:4712
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"16⤵PID:3880
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"15⤵PID:2992
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"16⤵PID:2536
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"17⤵PID:3032
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"16⤵PID:5568
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"17⤵PID:4216
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"18⤵PID:5756
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"17⤵PID:5268
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"18⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"19⤵PID:3528
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"18⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"19⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"20⤵PID:5708
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"19⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"20⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"21⤵PID:3304
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"20⤵PID:2300
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"21⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"22⤵PID:3076
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"21⤵PID:5672
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"22⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"23⤵PID:5256
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"22⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"23⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"24⤵PID:5624
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"23⤵PID:4900
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"24⤵PID:5748
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"25⤵PID:5528
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"24⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"25⤵PID:5576
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"26⤵PID:2556
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"25⤵PID:4592
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"26⤵PID:1616
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"27⤵PID:5200
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"26⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"27⤵PID:5168
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"28⤵PID:3656
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"27⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"28⤵PID:1648
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"29⤵PID:4972
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"28⤵PID:480
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"29⤵PID:5648
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"30⤵PID:2416
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"29⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"30⤵PID:5808
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"31⤵PID:5744
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"30⤵PID:3316
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"31⤵PID:3920
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"32⤵PID:2300
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"31⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"32⤵PID:4156
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"33⤵PID:6132
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"32⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"33⤵PID:4248
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"34⤵PID:2992
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"33⤵PID:3476
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"34⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"35⤵PID:2272
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"34⤵PID:1532
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"35⤵PID:1628
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"36⤵PID:2356
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"35⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"36⤵PID:5464
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"37⤵PID:2028
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"36⤵PID:3236
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"37⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"38⤵PID:4388
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"37⤵PID:4688
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"38⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"39⤵PID:4480
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"38⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"39⤵PID:5724
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"40⤵PID:3872
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"39⤵PID:2852
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"40⤵PID:5004
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"41⤵PID:1920
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"40⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"41⤵PID:5596
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"42⤵PID:3568
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"41⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"42⤵PID:3392
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"43⤵PID:2852
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"42⤵PID:5688
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"43⤵PID:5712
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"44⤵PID:4352
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"43⤵PID:4884
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"44⤵PID:3520
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"45⤵PID:1924
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"44⤵PID:5468
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"45⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"46⤵PID:1044
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"45⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"46⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"47⤵PID:6668
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"46⤵PID:4100
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"47⤵PID:644
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"48⤵PID:6412
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"47⤵PID:3704
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"48⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"49⤵PID:6348
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"48⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"49⤵PID:2948
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"50⤵PID:7140
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"49⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"50⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"51⤵PID:6260
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"50⤵PID:2508
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"51⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"52⤵PID:6164
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"51⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"52⤵PID:4908
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"53⤵PID:6156
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"52⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"53⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"54⤵PID:2588
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"53⤵PID:5212
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"54⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"55⤵PID:7076
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"54⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"55⤵PID:1916
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"56⤵PID:6484
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"55⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"56⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"57⤵PID:3256
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"56⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"57⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"58⤵PID:1128
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"57⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"58⤵PID:6656
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"59⤵PID:6840
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"58⤵PID:6676
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"59⤵PID:6424
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"60⤵PID:6776
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"59⤵PID:6636
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"60⤵PID:6372
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"61⤵PID:6916
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"60⤵PID:6732
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"61⤵PID:6284
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"62⤵PID:7016
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"61⤵PID:6544
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"62⤵PID:6216
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"63⤵PID:7360
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"62⤵PID:3088
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"63⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"64⤵PID:7388
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"63⤵PID:6932
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"64⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"65⤵PID:6500
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"64⤵PID:6296
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"65⤵PID:4152
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"66⤵PID:7328
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"65⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"66⤵PID:7100
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"67⤵PID:6340
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"66⤵PID:6556
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"67⤵PID:6336
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"68⤵PID:8080
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"67⤵PID:6832
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"68⤵PID:6168
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"69⤵PID:7340
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"68⤵PID:3256
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"69⤵PID:6588
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"70⤵PID:6576
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"69⤵PID:6636
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"70⤵PID:6520
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"71⤵PID:7056
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"70⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"71⤵PID:6320
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"72⤵PID:2928
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"71⤵PID:6456
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"72⤵PID:6920
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"73⤵PID:8108
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"72⤵PID:5716
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"73⤵PID:6364
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"74⤵PID:7724
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"73⤵PID:6716
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"74⤵PID:6376
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"75⤵PID:8112
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"74⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"75⤵PID:7008
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"76⤵PID:7520
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"75⤵PID:7132
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"76⤵PID:3732
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"77⤵PID:2736
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"76⤵PID:6360
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"77⤵PID:8152
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"78⤵PID:6584
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"77⤵PID:6964
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"78⤵PID:7528
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"79⤵PID:8088
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"78⤵PID:7536
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"79⤵PID:7768
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"80⤵PID:2820
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"79⤵PID:8044
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"80⤵PID:6740
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"81⤵PID:6392
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"80⤵PID:7924
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"81⤵PID:7040
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"82⤵PID:7712
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"81⤵PID:7672
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"82⤵PID:7296
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"83⤵PID:4080
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"82⤵PID:7308
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"83⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"84⤵PID:7920
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"83⤵PID:7480
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"84⤵PID:7072
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"85⤵PID:1604
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"84⤵PID:6544
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"85⤵PID:7540
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"86⤵PID:7848
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"85⤵PID:7536
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"86⤵PID:7324
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"87⤵PID:8120
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"86⤵PID:7588
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"87⤵PID:7900
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"88⤵PID:7972
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"87⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"88⤵PID:6264
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"89⤵PID:1824
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"88⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"89⤵PID:6196
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"90⤵PID:7352
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"89⤵PID:7180
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"90⤵PID:3860
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"91⤵PID:8836
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"90⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"91⤵PID:8000
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"92⤵PID:9008
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"91⤵PID:7940
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"92⤵PID:6452
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"93⤵PID:9176
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"92⤵PID:7344
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"93⤵PID:392
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"94⤵PID:8568
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"93⤵PID:7224
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"94⤵PID:6324
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"95⤵PID:8400
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"94⤵PID:7628
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"95⤵PID:7980
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"96⤵PID:8948
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"95⤵PID:7180
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"96⤵PID:7472
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"97⤵PID:8880
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"96⤵PID:8176
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"97⤵PID:8060
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"98⤵PID:8324
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"97⤵PID:7848
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"98⤵PID:6688
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"99⤵PID:8416
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"98⤵PID:7192
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"99⤵PID:7944
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"100⤵PID:6596
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"99⤵PID:7452
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"100⤵PID:6244
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"101⤵PID:8684
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"100⤵PID:8148
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"101⤵PID:6472
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"102⤵PID:9144
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"101⤵PID:7780
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"102⤵PID:7440
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"103⤵PID:9212
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"102⤵PID:7796
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"103⤵PID:8528
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"104⤵PID:8244
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"103⤵PID:8700
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"104⤵PID:8420
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"105⤵PID:6796
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"104⤵PID:7896
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"105⤵PID:8588
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"106⤵PID:8232
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"105⤵PID:8904
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"106⤵PID:8724
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"107⤵PID:1808
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"106⤵PID:7424
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"107⤵PID:8812
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"108⤵PID:6024
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"107⤵PID:9088
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"108⤵PID:8964
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"109⤵PID:6120
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"108⤵PID:8320
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"109⤵PID:8212
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"110⤵PID:5972
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"109⤵PID:9212
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"110⤵PID:8660
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"111⤵PID:8384
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"110⤵PID:9044
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"111⤵PID:8292
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"112⤵PID:9268
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"111⤵PID:8616
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"112⤵PID:9076
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"113⤵PID:9620
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"112⤵PID:156
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"113⤵PID:8392
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"114⤵PID:10140
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"113⤵PID:8572
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"114⤵PID:8396
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"115⤵PID:10204
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"114⤵PID:8676
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"115⤵PID:8976
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"116⤵PID:10056
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"115⤵PID:8716
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"116⤵PID:7424
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"117⤵PID:9364
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"116⤵PID:8796
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"117⤵PID:8896
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"118⤵PID:9824
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"117⤵PID:9068
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"118⤵PID:8764
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"119⤵PID:9624
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"118⤵PID:9072
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"119⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"120⤵PID:9388
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"119⤵PID:8584
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"120⤵PID:8456
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"121⤵PID:9848
-
-
-
C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"C:\Users\Admin\AppData\Local\Temp\XPLOIT.EXE"120⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"121⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"C:\Users\Admin\AppData\Local\Temp\BUILT.EXE"122⤵PID:3548
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-