kpot | 0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
Size

1.9MB
MD5

4d563121aef3b3eff637428e5fabddb3
SHA1

62a0afa0d5918301370ddcc07993ee03b5dcb60a
SHA256

0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece
SHA512

d0202a22e7107da40bfb146c65f41cb654db5949686a8b51cc85ea526bc7f1dfea0f24a6de904ee86b9f1118fe885b8890c16f3cb7973f679ef07e94cde5d256
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6SNasrsFCZqV:GemTLkNdfE0pZaQF

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000a000000023494-4.dat	family_kpot
behavioral2/files/0x000700000002349d-8.dat	family_kpot
behavioral2/files/0x000700000002349c-10.dat	family_kpot
behavioral2/files/0x000700000002349e-19.dat	family_kpot
behavioral2/files/0x000700000002349f-26.dat	family_kpot
behavioral2/files/0x00070000000234a1-32.dat	family_kpot
behavioral2/files/0x00070000000234a0-33.dat	family_kpot
behavioral2/files/0x00070000000234a2-39.dat	family_kpot
behavioral2/files/0x00070000000234a4-44.dat	family_kpot
behavioral2/files/0x00070000000234a5-49.dat	family_kpot
behavioral2/files/0x00070000000234a6-58.dat	family_kpot
behavioral2/files/0x00070000000234a7-60.dat	family_kpot
behavioral2/files/0x000a000000023499-67.dat	family_kpot
behavioral2/files/0x00070000000234aa-76.dat	family_kpot
behavioral2/files/0x00070000000234ac-83.dat	family_kpot
behavioral2/files/0x00070000000234ad-101.dat	family_kpot
behavioral2/files/0x00070000000234b1-110.dat	family_kpot
behavioral2/files/0x00070000000234af-120.dat	family_kpot
behavioral2/files/0x00070000000234b6-132.dat	family_kpot
behavioral2/files/0x00070000000234b5-145.dat	family_kpot
behavioral2/files/0x00070000000234b9-158.dat	family_kpot
behavioral2/files/0x00070000000234ba-160.dat	family_kpot
behavioral2/files/0x00070000000234b8-156.dat	family_kpot
behavioral2/files/0x00070000000234b4-154.dat	family_kpot
behavioral2/files/0x00070000000234b7-152.dat	family_kpot
behavioral2/files/0x00070000000234b3-147.dat	family_kpot
behavioral2/files/0x00070000000234b2-142.dat	family_kpot
behavioral2/files/0x00070000000234b0-130.dat	family_kpot
behavioral2/files/0x00070000000234ae-116.dat	family_kpot
behavioral2/files/0x00070000000234a9-93.dat	family_kpot
behavioral2/files/0x00070000000234ab-84.dat	family_kpot
behavioral2/files/0x00070000000234a8-68.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a000000023494-4.dat	xmrig
behavioral2/files/0x000700000002349d-8.dat	xmrig
behavioral2/files/0x000700000002349c-10.dat	xmrig
behavioral2/files/0x000700000002349e-19.dat	xmrig
behavioral2/files/0x000700000002349f-26.dat	xmrig
behavioral2/files/0x00070000000234a1-32.dat	xmrig
behavioral2/files/0x00070000000234a0-33.dat	xmrig
behavioral2/files/0x00070000000234a2-39.dat	xmrig
behavioral2/files/0x00070000000234a4-44.dat	xmrig
behavioral2/files/0x00070000000234a5-49.dat	xmrig
behavioral2/files/0x00070000000234a6-58.dat	xmrig
behavioral2/files/0x00070000000234a7-60.dat	xmrig
behavioral2/files/0x000a000000023499-67.dat	xmrig
behavioral2/files/0x00070000000234aa-76.dat	xmrig
behavioral2/files/0x00070000000234ac-83.dat	xmrig
behavioral2/files/0x00070000000234ad-101.dat	xmrig
behavioral2/files/0x00070000000234b1-110.dat	xmrig
behavioral2/files/0x00070000000234af-120.dat	xmrig
behavioral2/files/0x00070000000234b6-132.dat	xmrig
behavioral2/files/0x00070000000234b5-145.dat	xmrig
behavioral2/files/0x00070000000234b9-158.dat	xmrig
behavioral2/files/0x00070000000234ba-160.dat	xmrig
behavioral2/files/0x00070000000234b8-156.dat	xmrig
behavioral2/files/0x00070000000234b4-154.dat	xmrig
behavioral2/files/0x00070000000234b7-152.dat	xmrig
behavioral2/files/0x00070000000234b3-147.dat	xmrig
behavioral2/files/0x00070000000234b2-142.dat	xmrig
behavioral2/files/0x00070000000234b0-130.dat	xmrig
behavioral2/files/0x00070000000234ae-116.dat	xmrig
behavioral2/files/0x00070000000234a9-93.dat	xmrig
behavioral2/files/0x00070000000234ab-84.dat	xmrig
behavioral2/files/0x00070000000234a8-68.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3292	CQDjQLB.exe
4872	gdZpBvQ.exe
1664	mPLKTIm.exe
4852	tphBJjQ.exe
2124	Npjnusg.exe
1352	zpuaghk.exe
4376	wJjMJmu.exe
2732	vlsVhdL.exe
5068	OeEJEAv.exe
1300	KXXoZac.exe
712	neqihhk.exe
3484	IHPfBjI.exe
776	kIkvPxF.exe
3140	ntpcKOa.exe
4380	egDqeXX.exe
3152	wWqIwqQ.exe
3460	uRKkdsL.exe
4672	LRYUmbm.exe
1188	xLHpUlY.exe
1672	TyzyZuk.exe
1344	crYsXQE.exe
536	ubgIvby.exe
3472	qrlGlaJ.exe
4652	vslNOAs.exe
4468	AXqYDcT.exe
4244	BvYfPQI.exe
4436	ELXMxow.exe
3940	BYAUTMm.exe
1196	EMAcYXx.exe
3052	UfsraAa.exe
1152	mqlvOBe.exe
3676	JNxMGFg.exe
4512	bOnQmYW.exe
4536	wcPUzqo.exe
1520	qYaEBQr.exe
4824	rGhgHrY.exe
1044	sLcFWJC.exe
4068	UIVcUtZ.exe
4196	ecsbycK.exe
4232	QdHzRkF.exe
2668	WjzktEN.exe
2932	ZGKQwbW.exe
2868	XyeekPC.exe
2224	phmBnnh.exe
2544	NAuFfmV.exe
4324	orAFHlm.exe
4204	csFubWj.exe
4276	KBTchbk.exe
1940	ebuTEqz.exe
3304	oyRIvZy.exe
1320	WTWdXte.exe
4956	IUYLdec.exe
2552	enBPMjn.exe
4600	wjTRDlM.exe
3348	ZwrGnnN.exe
2844	sJQKsAf.exe
1912	lcYuMAi.exe
2284	JyzHSut.exe
2964	BLnAHTK.exe
1792	pavrffv.exe
3684	iSWMoXR.exe
3224	CacXJAM.exe
3536	SDKhtLV.exe
1428	udMZfQR.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bKdNHtv.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\VsSPmmM.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\bTvLeNo.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\LpONSBL.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\wicPEXh.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\AvpssZK.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\IvhlIFR.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\nGiNlVj.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\wjTRDlM.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\coUygHm.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\hAbISDy.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\hPxVvUX.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\lvDFJjO.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\vEFqnKa.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\XGeAcul.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\GfyruiW.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\dAkGokv.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\yTrithm.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\dlYrwXt.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\eIYsZae.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\ztitQRL.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\zpuaghk.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\CacXJAM.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\lavFRZu.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\UbSKWDA.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\SkuTlld.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\emmqktR.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\tphBJjQ.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\xLHpUlY.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\hPCjTgl.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\ngNMULM.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\kmUnjcB.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\PMpXJuU.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\PGwcHVI.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\pXAXyLS.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\qelNWVY.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\CzmRSUp.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\VtcmTHF.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\JNxMGFg.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\kmiGzTg.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\flcrnIT.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\vMuytJf.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\QAoTnyn.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\lHkQliE.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\OeEJEAv.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\TnVupPL.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\NBdJWHK.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\PitQoxB.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\rubHeHW.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\AXqYDcT.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\iSWMoXR.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\ksiHhNx.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\xhHagOT.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\HRJvHsc.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\jrvkvKo.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\AXRUizW.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\xQBXMyn.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\ErQZgxb.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\MeGVcHw.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\neqihhk.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\TyzyZuk.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\qIXfwwJ.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\HhuowZd.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
File created	C:\Windows\System\WvXHkKi.exe	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
Token: SeLockMemoryPrivilege	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3292	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	85
PID 3400 wrote to memory of 3292	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	85
PID 3400 wrote to memory of 4872	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	86
PID 3400 wrote to memory of 4872	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	86
PID 3400 wrote to memory of 1664	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	87
PID 3400 wrote to memory of 1664	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	87
PID 3400 wrote to memory of 4852	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	88
PID 3400 wrote to memory of 4852	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	88
PID 3400 wrote to memory of 2124	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	89
PID 3400 wrote to memory of 2124	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	89
PID 3400 wrote to memory of 1352	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	90
PID 3400 wrote to memory of 1352	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	90
PID 3400 wrote to memory of 4376	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	91
PID 3400 wrote to memory of 4376	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	91
PID 3400 wrote to memory of 2732	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	92
PID 3400 wrote to memory of 2732	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	92
PID 3400 wrote to memory of 5068	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	93
PID 3400 wrote to memory of 5068	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	93
PID 3400 wrote to memory of 1300	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	94
PID 3400 wrote to memory of 1300	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	94
PID 3400 wrote to memory of 712	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	95
PID 3400 wrote to memory of 712	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	95
PID 3400 wrote to memory of 3484	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	96
PID 3400 wrote to memory of 3484	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	96
PID 3400 wrote to memory of 776	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	97
PID 3400 wrote to memory of 776	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	97
PID 3400 wrote to memory of 3140	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	98
PID 3400 wrote to memory of 3140	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	98
PID 3400 wrote to memory of 4380	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	99
PID 3400 wrote to memory of 4380	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	99
PID 3400 wrote to memory of 3152	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	100
PID 3400 wrote to memory of 3152	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	100
PID 3400 wrote to memory of 3460	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	101
PID 3400 wrote to memory of 3460	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	101
PID 3400 wrote to memory of 4672	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	102
PID 3400 wrote to memory of 4672	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	102
PID 3400 wrote to memory of 1188	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	103
PID 3400 wrote to memory of 1188	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	103
PID 3400 wrote to memory of 1672	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	104
PID 3400 wrote to memory of 1672	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	104
PID 3400 wrote to memory of 1344	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	105
PID 3400 wrote to memory of 1344	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	105
PID 3400 wrote to memory of 4468	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	106
PID 3400 wrote to memory of 4468	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	106
PID 3400 wrote to memory of 536	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	107
PID 3400 wrote to memory of 536	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	107
PID 3400 wrote to memory of 3472	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	108
PID 3400 wrote to memory of 3472	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	108
PID 3400 wrote to memory of 4652	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	109
PID 3400 wrote to memory of 4652	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	109
PID 3400 wrote to memory of 4244	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	110
PID 3400 wrote to memory of 4244	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	110
PID 3400 wrote to memory of 4436	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	111
PID 3400 wrote to memory of 4436	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	111
PID 3400 wrote to memory of 3940	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	112
PID 3400 wrote to memory of 3940	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	112
PID 3400 wrote to memory of 1196	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	113
PID 3400 wrote to memory of 1196	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	113
PID 3400 wrote to memory of 3052	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	114
PID 3400 wrote to memory of 3052	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	114
PID 3400 wrote to memory of 1152	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	115
PID 3400 wrote to memory of 1152	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	115
PID 3400 wrote to memory of 3676	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	116
PID 3400 wrote to memory of 3676	3400	0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe	116

C:\Users\Admin\AppData\Local\Temp\0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe
"C:\Users\Admin\AppData\Local\Temp\0238e49a7b1400903c449e1cc363c676878e2c41c50dd1dcdc21b1670ae31ece.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Windows\System\CQDjQLB.exe
  C:\Windows\System\CQDjQLB.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\gdZpBvQ.exe
  C:\Windows\System\gdZpBvQ.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\mPLKTIm.exe
  C:\Windows\System\mPLKTIm.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\tphBJjQ.exe
  C:\Windows\System\tphBJjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\Npjnusg.exe
  C:\Windows\System\Npjnusg.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\zpuaghk.exe
  C:\Windows\System\zpuaghk.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\wJjMJmu.exe
  C:\Windows\System\wJjMJmu.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\vlsVhdL.exe
  C:\Windows\System\vlsVhdL.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\OeEJEAv.exe
  C:\Windows\System\OeEJEAv.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\KXXoZac.exe
  C:\Windows\System\KXXoZac.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\neqihhk.exe
  C:\Windows\System\neqihhk.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\IHPfBjI.exe
  C:\Windows\System\IHPfBjI.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\kIkvPxF.exe
  C:\Windows\System\kIkvPxF.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ntpcKOa.exe
  C:\Windows\System\ntpcKOa.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\egDqeXX.exe
  C:\Windows\System\egDqeXX.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\wWqIwqQ.exe
  C:\Windows\System\wWqIwqQ.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\uRKkdsL.exe
  C:\Windows\System\uRKkdsL.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\LRYUmbm.exe
  C:\Windows\System\LRYUmbm.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\xLHpUlY.exe
  C:\Windows\System\xLHpUlY.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\TyzyZuk.exe
  C:\Windows\System\TyzyZuk.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\crYsXQE.exe
  C:\Windows\System\crYsXQE.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\AXqYDcT.exe
  C:\Windows\System\AXqYDcT.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\ubgIvby.exe
  C:\Windows\System\ubgIvby.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\qrlGlaJ.exe
  C:\Windows\System\qrlGlaJ.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\vslNOAs.exe
  C:\Windows\System\vslNOAs.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\BvYfPQI.exe
  C:\Windows\System\BvYfPQI.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\ELXMxow.exe
  C:\Windows\System\ELXMxow.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\BYAUTMm.exe
  C:\Windows\System\BYAUTMm.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\EMAcYXx.exe
  C:\Windows\System\EMAcYXx.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\UfsraAa.exe
  C:\Windows\System\UfsraAa.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mqlvOBe.exe
  C:\Windows\System\mqlvOBe.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\JNxMGFg.exe
  C:\Windows\System\JNxMGFg.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\bOnQmYW.exe
  C:\Windows\System\bOnQmYW.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\wcPUzqo.exe
  C:\Windows\System\wcPUzqo.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\qYaEBQr.exe
  C:\Windows\System\qYaEBQr.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\rGhgHrY.exe
  C:\Windows\System\rGhgHrY.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\sLcFWJC.exe
  C:\Windows\System\sLcFWJC.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\UIVcUtZ.exe
  C:\Windows\System\UIVcUtZ.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\ecsbycK.exe
  C:\Windows\System\ecsbycK.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\QdHzRkF.exe
  C:\Windows\System\QdHzRkF.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\WjzktEN.exe
  C:\Windows\System\WjzktEN.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ZGKQwbW.exe
  C:\Windows\System\ZGKQwbW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XyeekPC.exe
  C:\Windows\System\XyeekPC.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\phmBnnh.exe
  C:\Windows\System\phmBnnh.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\NAuFfmV.exe
  C:\Windows\System\NAuFfmV.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\orAFHlm.exe
  C:\Windows\System\orAFHlm.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\csFubWj.exe
  C:\Windows\System\csFubWj.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\KBTchbk.exe
  C:\Windows\System\KBTchbk.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\ebuTEqz.exe
  C:\Windows\System\ebuTEqz.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\oyRIvZy.exe
  C:\Windows\System\oyRIvZy.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\WTWdXte.exe
  C:\Windows\System\WTWdXte.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\IUYLdec.exe
  C:\Windows\System\IUYLdec.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\enBPMjn.exe
  C:\Windows\System\enBPMjn.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\wjTRDlM.exe
  C:\Windows\System\wjTRDlM.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\ZwrGnnN.exe
  C:\Windows\System\ZwrGnnN.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\sJQKsAf.exe
  C:\Windows\System\sJQKsAf.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\lcYuMAi.exe
  C:\Windows\System\lcYuMAi.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\JyzHSut.exe
  C:\Windows\System\JyzHSut.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\BLnAHTK.exe
  C:\Windows\System\BLnAHTK.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\pavrffv.exe
  C:\Windows\System\pavrffv.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\iSWMoXR.exe
  C:\Windows\System\iSWMoXR.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\CacXJAM.exe
  C:\Windows\System\CacXJAM.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\SDKhtLV.exe
  C:\Windows\System\SDKhtLV.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\udMZfQR.exe
  C:\Windows\System\udMZfQR.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\rGaGCsv.exe
  C:\Windows\System\rGaGCsv.exe
  2⤵
  PID:4392
- C:\Windows\System\ngNMULM.exe
  C:\Windows\System\ngNMULM.exe
  2⤵
  PID:1244
- C:\Windows\System\kmUnjcB.exe
  C:\Windows\System\kmUnjcB.exe
  2⤵
  PID:3712
- C:\Windows\System\vItgPcY.exe
  C:\Windows\System\vItgPcY.exe
  2⤵
  PID:2736
- C:\Windows\System\edoWdsQ.exe
  C:\Windows\System\edoWdsQ.exe
  2⤵
  PID:4148
- C:\Windows\System\oxydmIj.exe
  C:\Windows\System\oxydmIj.exe
  2⤵
  PID:2608
- C:\Windows\System\AQAOMCh.exe
  C:\Windows\System\AQAOMCh.exe
  2⤵
  PID:4224
- C:\Windows\System\pXAXyLS.exe
  C:\Windows\System\pXAXyLS.exe
  2⤵
  PID:1448
- C:\Windows\System\cSqCJUU.exe
  C:\Windows\System\cSqCJUU.exe
  2⤵
  PID:3736
- C:\Windows\System\EayJUjM.exe
  C:\Windows\System\EayJUjM.exe
  2⤵
  PID:2344
- C:\Windows\System\hVMZgic.exe
  C:\Windows\System\hVMZgic.exe
  2⤵
  PID:4492
- C:\Windows\System\fkYwnNd.exe
  C:\Windows\System\fkYwnNd.exe
  2⤵
  PID:4460
- C:\Windows\System\skMUrBl.exe
  C:\Windows\System\skMUrBl.exe
  2⤵
  PID:2368
- C:\Windows\System\obbIXRg.exe
  C:\Windows\System\obbIXRg.exe
  2⤵
  PID:1552
- C:\Windows\System\FYRClEM.exe
  C:\Windows\System\FYRClEM.exe
  2⤵
  PID:1136
- C:\Windows\System\gRJhFfO.exe
  C:\Windows\System\gRJhFfO.exe
  2⤵
  PID:3188
- C:\Windows\System\nZihkSO.exe
  C:\Windows\System\nZihkSO.exe
  2⤵
  PID:4336
- C:\Windows\System\FZVfBfY.exe
  C:\Windows\System\FZVfBfY.exe
  2⤵
  PID:5004
- C:\Windows\System\AFbpHum.exe
  C:\Windows\System\AFbpHum.exe
  2⤵
  PID:4676
- C:\Windows\System\hqalJvX.exe
  C:\Windows\System\hqalJvX.exe
  2⤵
  PID:1644
- C:\Windows\System\QosYByI.exe
  C:\Windows\System\QosYByI.exe
  2⤵
  PID:3912
- C:\Windows\System\YOKBNIb.exe
  C:\Windows\System\YOKBNIb.exe
  2⤵
  PID:3976
- C:\Windows\System\HaCCLpU.exe
  C:\Windows\System\HaCCLpU.exe
  2⤵
  PID:2616
- C:\Windows\System\oyrtSAF.exe
  C:\Windows\System\oyrtSAF.exe
  2⤵
  PID:2920
- C:\Windows\System\xQBXMyn.exe
  C:\Windows\System\xQBXMyn.exe
  2⤵
  PID:3704
- C:\Windows\System\vEFqnKa.exe
  C:\Windows\System\vEFqnKa.exe
  2⤵
  PID:4440
- C:\Windows\System\TPnZtiy.exe
  C:\Windows\System\TPnZtiy.exe
  2⤵
  PID:5148
- C:\Windows\System\gxuBiwo.exe
  C:\Windows\System\gxuBiwo.exe
  2⤵
  PID:5172
- C:\Windows\System\EJdSNfn.exe
  C:\Windows\System\EJdSNfn.exe
  2⤵
  PID:5208
- C:\Windows\System\lpADfoq.exe
  C:\Windows\System\lpADfoq.exe
  2⤵
  PID:5232
- C:\Windows\System\QVbmZIX.exe
  C:\Windows\System\QVbmZIX.exe
  2⤵
  PID:5256
- C:\Windows\System\UMxmOta.exe
  C:\Windows\System\UMxmOta.exe
  2⤵
  PID:5280
- C:\Windows\System\YKZGWoH.exe
  C:\Windows\System\YKZGWoH.exe
  2⤵
  PID:5300
- C:\Windows\System\VzfTobp.exe
  C:\Windows\System\VzfTobp.exe
  2⤵
  PID:5336
- C:\Windows\System\dvLmclb.exe
  C:\Windows\System\dvLmclb.exe
  2⤵
  PID:5372
- C:\Windows\System\tggOaBH.exe
  C:\Windows\System\tggOaBH.exe
  2⤵
  PID:5396
- C:\Windows\System\FSavigx.exe
  C:\Windows\System\FSavigx.exe
  2⤵
  PID:5424
- C:\Windows\System\VEYuskN.exe
  C:\Windows\System\VEYuskN.exe
  2⤵
  PID:5440
- C:\Windows\System\IAKfMiT.exe
  C:\Windows\System\IAKfMiT.exe
  2⤵
  PID:5472
- C:\Windows\System\TfPJAfR.exe
  C:\Windows\System\TfPJAfR.exe
  2⤵
  PID:5508
- C:\Windows\System\VsSPmmM.exe
  C:\Windows\System\VsSPmmM.exe
  2⤵
  PID:5540
- C:\Windows\System\qIXfwwJ.exe
  C:\Windows\System\qIXfwwJ.exe
  2⤵
  PID:5564
- C:\Windows\System\cjtTjzp.exe
  C:\Windows\System\cjtTjzp.exe
  2⤵
  PID:5596
- C:\Windows\System\vckQJqf.exe
  C:\Windows\System\vckQJqf.exe
  2⤵
  PID:5636
- C:\Windows\System\GfyruiW.exe
  C:\Windows\System\GfyruiW.exe
  2⤵
  PID:5656
- C:\Windows\System\TabzaRW.exe
  C:\Windows\System\TabzaRW.exe
  2⤵
  PID:5688
- C:\Windows\System\HQimMQn.exe
  C:\Windows\System\HQimMQn.exe
  2⤵
  PID:5712
- C:\Windows\System\BTEMiPy.exe
  C:\Windows\System\BTEMiPy.exe
  2⤵
  PID:5744
- C:\Windows\System\jGksYDS.exe
  C:\Windows\System\jGksYDS.exe
  2⤵
  PID:5772
- C:\Windows\System\XGeAcul.exe
  C:\Windows\System\XGeAcul.exe
  2⤵
  PID:5792
- C:\Windows\System\PduWbEB.exe
  C:\Windows\System\PduWbEB.exe
  2⤵
  PID:5808
- C:\Windows\System\TnVupPL.exe
  C:\Windows\System\TnVupPL.exe
  2⤵
  PID:5828
- C:\Windows\System\lGHivcC.exe
  C:\Windows\System\lGHivcC.exe
  2⤵
  PID:5856
- C:\Windows\System\MJjiTap.exe
  C:\Windows\System\MJjiTap.exe
  2⤵
  PID:5892
- C:\Windows\System\UbSKWDA.exe
  C:\Windows\System\UbSKWDA.exe
  2⤵
  PID:5924
- C:\Windows\System\GbhZzLE.exe
  C:\Windows\System\GbhZzLE.exe
  2⤵
  PID:5960
- C:\Windows\System\pwsFJsy.exe
  C:\Windows\System\pwsFJsy.exe
  2⤵
  PID:5992
- C:\Windows\System\nhnoncW.exe
  C:\Windows\System\nhnoncW.exe
  2⤵
  PID:6016
- C:\Windows\System\flcrnIT.exe
  C:\Windows\System\flcrnIT.exe
  2⤵
  PID:6040
- C:\Windows\System\vMuytJf.exe
  C:\Windows\System\vMuytJf.exe
  2⤵
  PID:6080
- C:\Windows\System\nqOzLfv.exe
  C:\Windows\System\nqOzLfv.exe
  2⤵
  PID:6120
- C:\Windows\System\NBdJWHK.exe
  C:\Windows\System\NBdJWHK.exe
  2⤵
  PID:5156
- C:\Windows\System\MZDbxGa.exe
  C:\Windows\System\MZDbxGa.exe
  2⤵
  PID:5188
- C:\Windows\System\gWJyvrj.exe
  C:\Windows\System\gWJyvrj.exe
  2⤵
  PID:5276
- C:\Windows\System\QFLQQMw.exe
  C:\Windows\System\QFLQQMw.exe
  2⤵
  PID:5296
- C:\Windows\System\pXhTjST.exe
  C:\Windows\System\pXhTjST.exe
  2⤵
  PID:5368
- C:\Windows\System\RhxlAiK.exe
  C:\Windows\System\RhxlAiK.exe
  2⤵
  PID:5420
- C:\Windows\System\xhHagOT.exe
  C:\Windows\System\xhHagOT.exe
  2⤵
  PID:5504
- C:\Windows\System\aGHHVaF.exe
  C:\Windows\System\aGHHVaF.exe
  2⤵
  PID:5592
- C:\Windows\System\dAkGokv.exe
  C:\Windows\System\dAkGokv.exe
  2⤵
  PID:5672
- C:\Windows\System\eFucKJI.exe
  C:\Windows\System\eFucKJI.exe
  2⤵
  PID:5728
- C:\Windows\System\ilNmzkH.exe
  C:\Windows\System\ilNmzkH.exe
  2⤵
  PID:4372
- C:\Windows\System\SkuTlld.exe
  C:\Windows\System\SkuTlld.exe
  2⤵
  PID:5844
- C:\Windows\System\oaJCgnK.exe
  C:\Windows\System\oaJCgnK.exe
  2⤵
  PID:5904
- C:\Windows\System\RoydDVC.exe
  C:\Windows\System\RoydDVC.exe
  2⤵
  PID:5988
- C:\Windows\System\jYCNMPJ.exe
  C:\Windows\System\jYCNMPJ.exe
  2⤵
  PID:6064
- C:\Windows\System\bbLyMbT.exe
  C:\Windows\System\bbLyMbT.exe
  2⤵
  PID:6132
- C:\Windows\System\hAbISDy.exe
  C:\Windows\System\hAbISDy.exe
  2⤵
  PID:5244
- C:\Windows\System\YfkJErg.exe
  C:\Windows\System\YfkJErg.exe
  2⤵
  PID:5452
- C:\Windows\System\qRkovyu.exe
  C:\Windows\System\qRkovyu.exe
  2⤵
  PID:5576
- C:\Windows\System\AfQGZXY.exe
  C:\Windows\System\AfQGZXY.exe
  2⤵
  PID:5756
- C:\Windows\System\edOMcxY.exe
  C:\Windows\System\edOMcxY.exe
  2⤵
  PID:5972
- C:\Windows\System\bLHCCaq.exe
  C:\Windows\System\bLHCCaq.exe
  2⤵
  PID:6140
- C:\Windows\System\hPCjTgl.exe
  C:\Windows\System\hPCjTgl.exe
  2⤵
  PID:5324
- C:\Windows\System\uJXdoqO.exe
  C:\Windows\System\uJXdoqO.exe
  2⤵
  PID:5684
- C:\Windows\System\hHJiydY.exe
  C:\Windows\System\hHJiydY.exe
  2⤵
  PID:5708
- C:\Windows\System\ofeUJjJ.exe
  C:\Windows\System\ofeUJjJ.exe
  2⤵
  PID:368
- C:\Windows\System\cdsRfUI.exe
  C:\Windows\System\cdsRfUI.exe
  2⤵
  PID:6156
- C:\Windows\System\HhuowZd.exe
  C:\Windows\System\HhuowZd.exe
  2⤵
  PID:6180
- C:\Windows\System\YKTOAbC.exe
  C:\Windows\System\YKTOAbC.exe
  2⤵
  PID:6212
- C:\Windows\System\wIzPhtq.exe
  C:\Windows\System\wIzPhtq.exe
  2⤵
  PID:6232
- C:\Windows\System\JJeFvru.exe
  C:\Windows\System\JJeFvru.exe
  2⤵
  PID:6268
- C:\Windows\System\nRZBmAF.exe
  C:\Windows\System\nRZBmAF.exe
  2⤵
  PID:6296
- C:\Windows\System\yFBzGlt.exe
  C:\Windows\System\yFBzGlt.exe
  2⤵
  PID:6324
- C:\Windows\System\TefHPcZ.exe
  C:\Windows\System\TefHPcZ.exe
  2⤵
  PID:6352
- C:\Windows\System\pozpLjD.exe
  C:\Windows\System\pozpLjD.exe
  2⤵
  PID:6372
- C:\Windows\System\TxwTZMU.exe
  C:\Windows\System\TxwTZMU.exe
  2⤵
  PID:6400
- C:\Windows\System\TWfHtHg.exe
  C:\Windows\System\TWfHtHg.exe
  2⤵
  PID:6428
- C:\Windows\System\jSrIjcF.exe
  C:\Windows\System\jSrIjcF.exe
  2⤵
  PID:6452
- C:\Windows\System\nAdrADz.exe
  C:\Windows\System\nAdrADz.exe
  2⤵
  PID:6492
- C:\Windows\System\oZcDKht.exe
  C:\Windows\System\oZcDKht.exe
  2⤵
  PID:6524
- C:\Windows\System\vZlbyrc.exe
  C:\Windows\System\vZlbyrc.exe
  2⤵
  PID:6560
- C:\Windows\System\oPFGFgk.exe
  C:\Windows\System\oPFGFgk.exe
  2⤵
  PID:6604
- C:\Windows\System\BNDFvAL.exe
  C:\Windows\System\BNDFvAL.exe
  2⤵
  PID:6624
- C:\Windows\System\yTrithm.exe
  C:\Windows\System\yTrithm.exe
  2⤵
  PID:6656
- C:\Windows\System\dlYrwXt.exe
  C:\Windows\System\dlYrwXt.exe
  2⤵
  PID:6688
- C:\Windows\System\skRGeFd.exe
  C:\Windows\System\skRGeFd.exe
  2⤵
  PID:6712
- C:\Windows\System\NRvyZix.exe
  C:\Windows\System\NRvyZix.exe
  2⤵
  PID:6732
- C:\Windows\System\zDxNhNI.exe
  C:\Windows\System\zDxNhNI.exe
  2⤵
  PID:6780
- C:\Windows\System\eIYsZae.exe
  C:\Windows\System\eIYsZae.exe
  2⤵
  PID:6808
- C:\Windows\System\qZIkMzr.exe
  C:\Windows\System\qZIkMzr.exe
  2⤵
  PID:6828
- C:\Windows\System\TkxRcpM.exe
  C:\Windows\System\TkxRcpM.exe
  2⤵
  PID:6864
- C:\Windows\System\kbwMStc.exe
  C:\Windows\System\kbwMStc.exe
  2⤵
  PID:6892
- C:\Windows\System\qvXWBhO.exe
  C:\Windows\System\qvXWBhO.exe
  2⤵
  PID:6920
- C:\Windows\System\LnZoNQO.exe
  C:\Windows\System\LnZoNQO.exe
  2⤵
  PID:6936
- C:\Windows\System\GARgBwp.exe
  C:\Windows\System\GARgBwp.exe
  2⤵
  PID:6976
- C:\Windows\System\rtpSecr.exe
  C:\Windows\System\rtpSecr.exe
  2⤵
  PID:6996
- C:\Windows\System\FdUFeOJ.exe
  C:\Windows\System\FdUFeOJ.exe
  2⤵
  PID:7032
- C:\Windows\System\EtmZwHv.exe
  C:\Windows\System\EtmZwHv.exe
  2⤵
  PID:7048
- C:\Windows\System\kmiGzTg.exe
  C:\Windows\System\kmiGzTg.exe
  2⤵
  PID:7076
- C:\Windows\System\mbuzFJL.exe
  C:\Windows\System\mbuzFJL.exe
  2⤵
  PID:7116
- C:\Windows\System\TthPYLN.exe
  C:\Windows\System\TthPYLN.exe
  2⤵
  PID:7136
- C:\Windows\System\YheEDiG.exe
  C:\Windows\System\YheEDiG.exe
  2⤵
  PID:7164
- C:\Windows\System\NcjrFnr.exe
  C:\Windows\System\NcjrFnr.exe
  2⤵
  PID:6196
- C:\Windows\System\zDiKiJq.exe
  C:\Windows\System\zDiKiJq.exe
  2⤵
  PID:6256
- C:\Windows\System\AGTChuT.exe
  C:\Windows\System\AGTChuT.exe
  2⤵
  PID:6344
- C:\Windows\System\ztitQRL.exe
  C:\Windows\System\ztitQRL.exe
  2⤵
  PID:6420
- C:\Windows\System\IIJrwcW.exe
  C:\Windows\System\IIJrwcW.exe
  2⤵
  PID:6476
- C:\Windows\System\PitQoxB.exe
  C:\Windows\System\PitQoxB.exe
  2⤵
  PID:6572
- C:\Windows\System\ZuJAmSS.exe
  C:\Windows\System\ZuJAmSS.exe
  2⤵
  PID:6636
- C:\Windows\System\sESYJGI.exe
  C:\Windows\System\sESYJGI.exe
  2⤵
  PID:4136
- C:\Windows\System\QZuerhO.exe
  C:\Windows\System\QZuerhO.exe
  2⤵
  PID:6760
- C:\Windows\System\kjrpxJI.exe
  C:\Windows\System\kjrpxJI.exe
  2⤵
  PID:6836
- C:\Windows\System\coUygHm.exe
  C:\Windows\System\coUygHm.exe
  2⤵
  PID:6916
- C:\Windows\System\LpONSBL.exe
  C:\Windows\System\LpONSBL.exe
  2⤵
  PID:6992
- C:\Windows\System\tnkqpaB.exe
  C:\Windows\System\tnkqpaB.exe
  2⤵
  PID:7040
- C:\Windows\System\NVQHASp.exe
  C:\Windows\System\NVQHASp.exe
  2⤵
  PID:7104
- C:\Windows\System\rpgFUll.exe
  C:\Windows\System\rpgFUll.exe
  2⤵
  PID:6172
- C:\Windows\System\UnPiLCV.exe
  C:\Windows\System\UnPiLCV.exe
  2⤵
  PID:6308
- C:\Windows\System\EyqYDFV.exe
  C:\Windows\System\EyqYDFV.exe
  2⤵
  PID:6484
- C:\Windows\System\BXvtZyN.exe
  C:\Windows\System\BXvtZyN.exe
  2⤵
  PID:6664
- C:\Windows\System\KqFCXGT.exe
  C:\Windows\System\KqFCXGT.exe
  2⤵
  PID:6824
- C:\Windows\System\UfZPEdc.exe
  C:\Windows\System\UfZPEdc.exe
  2⤵
  PID:6960
- C:\Windows\System\QpDIpAI.exe
  C:\Windows\System\QpDIpAI.exe
  2⤵
  PID:6148
- C:\Windows\System\pHWhMZu.exe
  C:\Windows\System\pHWhMZu.exe
  2⤵
  PID:6368
- C:\Windows\System\emmqktR.exe
  C:\Windows\System\emmqktR.exe
  2⤵
  PID:6748
- C:\Windows\System\PdqElnE.exe
  C:\Windows\System\PdqElnE.exe
  2⤵
  PID:4284
- C:\Windows\System\ErQZgxb.exe
  C:\Windows\System\ErQZgxb.exe
  2⤵
  PID:1900
- C:\Windows\System\cyXoHpV.exe
  C:\Windows\System\cyXoHpV.exe
  2⤵
  PID:6416
- C:\Windows\System\qelNWVY.exe
  C:\Windows\System\qelNWVY.exe
  2⤵
  PID:7088
- C:\Windows\System\eWvAyNN.exe
  C:\Windows\System\eWvAyNN.exe
  2⤵
  PID:6512
- C:\Windows\System\PMpXJuU.exe
  C:\Windows\System\PMpXJuU.exe
  2⤵
  PID:7184
- C:\Windows\System\yxBrIUv.exe
  C:\Windows\System\yxBrIUv.exe
  2⤵
  PID:7200
- C:\Windows\System\bTvLeNo.exe
  C:\Windows\System\bTvLeNo.exe
  2⤵
  PID:7232
- C:\Windows\System\oamOSvj.exe
  C:\Windows\System\oamOSvj.exe
  2⤵
  PID:7276
- C:\Windows\System\NujsTXI.exe
  C:\Windows\System\NujsTXI.exe
  2⤵
  PID:7300
- C:\Windows\System\QCleTPS.exe
  C:\Windows\System\QCleTPS.exe
  2⤵
  PID:7336
- C:\Windows\System\oDMdNOw.exe
  C:\Windows\System\oDMdNOw.exe
  2⤵
  PID:7380
- C:\Windows\System\KtMMsPy.exe
  C:\Windows\System\KtMMsPy.exe
  2⤵
  PID:7404
- C:\Windows\System\BDOdIiZ.exe
  C:\Windows\System\BDOdIiZ.exe
  2⤵
  PID:7440
- C:\Windows\System\dVSvydt.exe
  C:\Windows\System\dVSvydt.exe
  2⤵
  PID:7472
- C:\Windows\System\dyWNrcB.exe
  C:\Windows\System\dyWNrcB.exe
  2⤵
  PID:7496
- C:\Windows\System\PGwcHVI.exe
  C:\Windows\System\PGwcHVI.exe
  2⤵
  PID:7536
- C:\Windows\System\WvXHkKi.exe
  C:\Windows\System\WvXHkKi.exe
  2⤵
  PID:7568
- C:\Windows\System\WEBnKQP.exe
  C:\Windows\System\WEBnKQP.exe
  2⤵
  PID:7604
- C:\Windows\System\yxTPQzP.exe
  C:\Windows\System\yxTPQzP.exe
  2⤵
  PID:7640
- C:\Windows\System\QbZIMql.exe
  C:\Windows\System\QbZIMql.exe
  2⤵
  PID:7676
- C:\Windows\System\NvfpHky.exe
  C:\Windows\System\NvfpHky.exe
  2⤵
  PID:7704
- C:\Windows\System\HRJvHsc.exe
  C:\Windows\System\HRJvHsc.exe
  2⤵
  PID:7732
- C:\Windows\System\fTtFdIj.exe
  C:\Windows\System\fTtFdIj.exe
  2⤵
  PID:7760
- C:\Windows\System\vdoNeBL.exe
  C:\Windows\System\vdoNeBL.exe
  2⤵
  PID:7788
- C:\Windows\System\QAoTnyn.exe
  C:\Windows\System\QAoTnyn.exe
  2⤵
  PID:7816
- C:\Windows\System\lHkQliE.exe
  C:\Windows\System\lHkQliE.exe
  2⤵
  PID:7844
- C:\Windows\System\CTqUFjp.exe
  C:\Windows\System\CTqUFjp.exe
  2⤵
  PID:7872
- C:\Windows\System\PdrFONH.exe
  C:\Windows\System\PdrFONH.exe
  2⤵
  PID:7904
- C:\Windows\System\sSCgCiV.exe
  C:\Windows\System\sSCgCiV.exe
  2⤵
  PID:7936
- C:\Windows\System\WCOfXGO.exe
  C:\Windows\System\WCOfXGO.exe
  2⤵
  PID:7964
- C:\Windows\System\jrvkvKo.exe
  C:\Windows\System\jrvkvKo.exe
  2⤵
  PID:7988
- C:\Windows\System\xKFPfbo.exe
  C:\Windows\System\xKFPfbo.exe
  2⤵
  PID:8016
- C:\Windows\System\bKdNHtv.exe
  C:\Windows\System\bKdNHtv.exe
  2⤵
  PID:8044
- C:\Windows\System\ksiHhNx.exe
  C:\Windows\System\ksiHhNx.exe
  2⤵
  PID:8072
- C:\Windows\System\LnfALTJ.exe
  C:\Windows\System\LnfALTJ.exe
  2⤵
  PID:8100
- C:\Windows\System\wicPEXh.exe
  C:\Windows\System\wicPEXh.exe
  2⤵
  PID:8128
- C:\Windows\System\YVjUjKI.exe
  C:\Windows\System\YVjUjKI.exe
  2⤵
  PID:8156
- C:\Windows\System\zQScEab.exe
  C:\Windows\System\zQScEab.exe
  2⤵
  PID:8188
- C:\Windows\System\JwoXqRS.exe
  C:\Windows\System\JwoXqRS.exe
  2⤵
  PID:7212
- C:\Windows\System\XMPmNXO.exe
  C:\Windows\System\XMPmNXO.exe
  2⤵
  PID:7312
- C:\Windows\System\AvpssZK.exe
  C:\Windows\System\AvpssZK.exe
  2⤵
  PID:7332
- C:\Windows\System\SUivOmg.exe
  C:\Windows\System\SUivOmg.exe
  2⤵
  PID:7412
- C:\Windows\System\VdHJSoM.exe
  C:\Windows\System\VdHJSoM.exe
  2⤵
  PID:7524
- C:\Windows\System\rnKxGIQ.exe
  C:\Windows\System\rnKxGIQ.exe
  2⤵
  PID:7564
- C:\Windows\System\LKKCifj.exe
  C:\Windows\System\LKKCifj.exe
  2⤵
  PID:7648
- C:\Windows\System\GpeoGVx.exe
  C:\Windows\System\GpeoGVx.exe
  2⤵
  PID:7720
- C:\Windows\System\PeYGzRU.exe
  C:\Windows\System\PeYGzRU.exe
  2⤵
  PID:7784
- C:\Windows\System\lImgDMo.exe
  C:\Windows\System\lImgDMo.exe
  2⤵
  PID:7840
- C:\Windows\System\faASFvZ.exe
  C:\Windows\System\faASFvZ.exe
  2⤵
  PID:7916
- C:\Windows\System\FYuxGPp.exe
  C:\Windows\System\FYuxGPp.exe
  2⤵
  PID:7984
- C:\Windows\System\frZiOzp.exe
  C:\Windows\System\frZiOzp.exe
  2⤵
  PID:8056
- C:\Windows\System\lavFRZu.exe
  C:\Windows\System\lavFRZu.exe
  2⤵
  PID:8124
- C:\Windows\System\TxAPXyS.exe
  C:\Windows\System\TxAPXyS.exe
  2⤵
  PID:8180
- C:\Windows\System\UrXKZnV.exe
  C:\Windows\System\UrXKZnV.exe
  2⤵
  PID:7292
- C:\Windows\System\gNnyFum.exe
  C:\Windows\System\gNnyFum.exe
  2⤵
  PID:7520
- C:\Windows\System\KugUPJi.exe
  C:\Windows\System\KugUPJi.exe
  2⤵
  PID:7672
- C:\Windows\System\ZqMrJfk.exe
  C:\Windows\System\ZqMrJfk.exe
  2⤵
  PID:7812
- C:\Windows\System\BTdNPwi.exe
  C:\Windows\System\BTdNPwi.exe
  2⤵
  PID:7980
- C:\Windows\System\VjEcThM.exe
  C:\Windows\System\VjEcThM.exe
  2⤵
  PID:8092
- C:\Windows\System\ZSjEAvE.exe
  C:\Windows\System\ZSjEAvE.exe
  2⤵
  PID:7328
- C:\Windows\System\MwVRXHf.exe
  C:\Windows\System\MwVRXHf.exe
  2⤵
  PID:7752
- C:\Windows\System\LpHMvab.exe
  C:\Windows\System\LpHMvab.exe
  2⤵
  PID:8112
- C:\Windows\System\MeGVcHw.exe
  C:\Windows\System\MeGVcHw.exe
  2⤵
  PID:7952
- C:\Windows\System\DotMJnb.exe
  C:\Windows\System\DotMJnb.exe
  2⤵
  PID:7216
- C:\Windows\System\VtcmTHF.exe
  C:\Windows\System\VtcmTHF.exe
  2⤵
  PID:8220
- C:\Windows\System\TLuXrRW.exe
  C:\Windows\System\TLuXrRW.exe
  2⤵
  PID:8248
- C:\Windows\System\MwHTsGz.exe
  C:\Windows\System\MwHTsGz.exe
  2⤵
  PID:8276
- C:\Windows\System\sXOMqjW.exe
  C:\Windows\System\sXOMqjW.exe
  2⤵
  PID:8304
- C:\Windows\System\IvhlIFR.exe
  C:\Windows\System\IvhlIFR.exe
  2⤵
  PID:8332
- C:\Windows\System\pbxqqPh.exe
  C:\Windows\System\pbxqqPh.exe
  2⤵
  PID:8360
- C:\Windows\System\xNMqcuP.exe
  C:\Windows\System\xNMqcuP.exe
  2⤵
  PID:8388
- C:\Windows\System\mfcjMLP.exe
  C:\Windows\System\mfcjMLP.exe
  2⤵
  PID:8416
- C:\Windows\System\rubHeHW.exe
  C:\Windows\System\rubHeHW.exe
  2⤵
  PID:8444
- C:\Windows\System\UPFrCNo.exe
  C:\Windows\System\UPFrCNo.exe
  2⤵
  PID:8472
- C:\Windows\System\iwdHdqr.exe
  C:\Windows\System\iwdHdqr.exe
  2⤵
  PID:8500
- C:\Windows\System\eqnsLaS.exe
  C:\Windows\System\eqnsLaS.exe
  2⤵
  PID:8528
- C:\Windows\System\YTEOeAQ.exe
  C:\Windows\System\YTEOeAQ.exe
  2⤵
  PID:8556
- C:\Windows\System\JXpXayq.exe
  C:\Windows\System\JXpXayq.exe
  2⤵
  PID:8584
- C:\Windows\System\ZNRfiQz.exe
  C:\Windows\System\ZNRfiQz.exe
  2⤵
  PID:8612
- C:\Windows\System\GpgNnxw.exe
  C:\Windows\System\GpgNnxw.exe
  2⤵
  PID:8640
- C:\Windows\System\Srrnrsc.exe
  C:\Windows\System\Srrnrsc.exe
  2⤵
  PID:8668
- C:\Windows\System\azyJTli.exe
  C:\Windows\System\azyJTli.exe
  2⤵
  PID:8696
- C:\Windows\System\JTbyILO.exe
  C:\Windows\System\JTbyILO.exe
  2⤵
  PID:8724
- C:\Windows\System\QasuyAV.exe
  C:\Windows\System\QasuyAV.exe
  2⤵
  PID:8752
- C:\Windows\System\xZyHIVP.exe
  C:\Windows\System\xZyHIVP.exe
  2⤵
  PID:8780
- C:\Windows\System\BkVwfLi.exe
  C:\Windows\System\BkVwfLi.exe
  2⤵
  PID:8808
- C:\Windows\System\sUhAifP.exe
  C:\Windows\System\sUhAifP.exe
  2⤵
  PID:8836
- C:\Windows\System\oGqijnL.exe
  C:\Windows\System\oGqijnL.exe
  2⤵
  PID:8864
- C:\Windows\System\PhSHwCY.exe
  C:\Windows\System\PhSHwCY.exe
  2⤵
  PID:8892
- C:\Windows\System\zHbdJpp.exe
  C:\Windows\System\zHbdJpp.exe
  2⤵
  PID:8920
- C:\Windows\System\qJundkc.exe
  C:\Windows\System\qJundkc.exe
  2⤵
  PID:8948
- C:\Windows\System\UKxuSLW.exe
  C:\Windows\System\UKxuSLW.exe
  2⤵
  PID:8976
- C:\Windows\System\zYeLpYn.exe
  C:\Windows\System\zYeLpYn.exe
  2⤵
  PID:8992
- C:\Windows\System\hPxVvUX.exe
  C:\Windows\System\hPxVvUX.exe
  2⤵
  PID:9020
- C:\Windows\System\HffUqhP.exe
  C:\Windows\System\HffUqhP.exe
  2⤵
  PID:9048
- C:\Windows\System\VcfTtcM.exe
  C:\Windows\System\VcfTtcM.exe
  2⤵
  PID:9076
- C:\Windows\System\vvESkqV.exe
  C:\Windows\System\vvESkqV.exe
  2⤵
  PID:9104
- C:\Windows\System\HDvBehl.exe
  C:\Windows\System\HDvBehl.exe
  2⤵
  PID:9144
- C:\Windows\System\KMcGyvg.exe
  C:\Windows\System\KMcGyvg.exe
  2⤵
  PID:9160
- C:\Windows\System\UgswbPD.exe
  C:\Windows\System\UgswbPD.exe
  2⤵
  PID:9176
- C:\Windows\System\LIrCUTz.exe
  C:\Windows\System\LIrCUTz.exe
  2⤵
  PID:9196
- C:\Windows\System\lvDFJjO.exe
  C:\Windows\System\lvDFJjO.exe
  2⤵
  PID:8216
- C:\Windows\System\fYGExdw.exe
  C:\Windows\System\fYGExdw.exe
  2⤵
  PID:8288
- C:\Windows\System\ljPtHSs.exe
  C:\Windows\System\ljPtHSs.exe
  2⤵
  PID:8356
- C:\Windows\System\AXRUizW.exe
  C:\Windows\System\AXRUizW.exe
  2⤵
  PID:8436
- C:\Windows\System\nxGBfoq.exe
  C:\Windows\System\nxGBfoq.exe
  2⤵
  PID:8540
- C:\Windows\System\lvpFuTN.exe
  C:\Windows\System\lvpFuTN.exe
  2⤵
  PID:8596
- C:\Windows\System\TDosCgo.exe
  C:\Windows\System\TDosCgo.exe
  2⤵
  PID:8636
- C:\Windows\System\BUdyQAV.exe
  C:\Windows\System\BUdyQAV.exe
  2⤵
  PID:8720
- C:\Windows\System\SDvHcSO.exe
  C:\Windows\System\SDvHcSO.exe
  2⤵
  PID:8792
- C:\Windows\System\lNDMMyH.exe
  C:\Windows\System\lNDMMyH.exe
  2⤵
  PID:8860
- C:\Windows\System\CzmRSUp.exe
  C:\Windows\System\CzmRSUp.exe
  2⤵
  PID:8936
- C:\Windows\System\nGiNlVj.exe
  C:\Windows\System\nGiNlVj.exe
  2⤵
  PID:8972
- C:\Windows\System\BONJLfv.exe
  C:\Windows\System\BONJLfv.exe
  2⤵
  PID:9040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AXqYDcT.exe

Filesize
1.9MB

MD5
48853b4660a00859f55a204b6037978a

SHA1
f664ea432808449b45e818206ad2176a882b9ed7

SHA256
ffe7e16039751bc40273c39c78ff89272e8847f332be2db950de99977f9dcf2f

SHA512
f26ff8d0524242ee911a09e2d13cd33c29d26e8fd65ddb10bb4aca8fd216474c71db121b9e421ebb53d5710d147cf1ed46655a85c4a9ba9ada6f75afededb626

Download Submit
C:\Windows\System\BYAUTMm.exe

Filesize
1.9MB

MD5
fe12b9117120169ce1727d5ddbfb66ad

SHA1
bb47bc3637319f5130909b92727c3186318e272d

SHA256
f046a052c7aed3fc7089fae02453e74a8420ad1bca3af6317270c0c360fa1652

SHA512
ab877d4548939426e52bf5bfaaef4cf37362cb0fa8da94f5c627334b12102f7c229252221488ab41a7bfea05ee443adb91e14cc0295dcee586428d6539aa6941

Download Submit
C:\Windows\System\BvYfPQI.exe

Filesize
1.9MB

MD5
a466ec6028f8eae9e4e509919eab805c

SHA1
71cb8270bb62c7914fbb0054785e9c7ae7e33a84

SHA256
bbb6cb184f6bfe3ffdbe44a192b54fd5052bf88dede3fc2c2bc0310230df83ff

SHA512
d67e5a9307dafef12d406615c0068e5f462f65aedef918bb468399888d88c11a0fcc0b4d52ca0812b94067a5d5477cdb2f2d7df0062ea74e72092e46dc6cb97d

Download Submit
C:\Windows\System\CQDjQLB.exe

Filesize
1.9MB

MD5
75289cf2afd4cd2b12184b7ff0a58f80

SHA1
1cbad3b905f3fff8ecebf9b388cbc5ee0bede9ba

SHA256
ec2cf5cab98390c07685c845ba04588f33f2b6e28850c8fc2437cdc6aa2672f2

SHA512
0a99033d70885c886972df6bec480bf25a5c356e05ee09539b1303bf253a95bcdbb9ec35a712fa0b9f342970d6e7a988c8d43570cfa000b2835cd4e14912f4c9

Download Submit
C:\Windows\System\ELXMxow.exe

Filesize
1.9MB

MD5
ec8f140060063f2479def085a946eae0

SHA1
c8689884086ad725ac1d0930981f605924ddb238

SHA256
3dcad025fe7300b68ebd169fc14297e7b6278aaa7f1ee3e0c2b733c79e5dbc1d

SHA512
6f94bd41b8177a75b9862010f2a8cf38cd352d523514917be8c68c00ba1e35f24932465f5d8a6ebad2729a9bb277357e09d92f2514ffb093b2b2df7c310c8d8a

Download Submit
C:\Windows\System\EMAcYXx.exe

Filesize
1.9MB

MD5
87bfc6845ab1aaf7213d379f935a9d45

SHA1
2a3436d623100e2daf4ac85ec5cc57a1eefe65eb

SHA256
5ef312bbc4359b9872a62dea2ea111abf39987c76ecbf501c2a18773efb163b3

SHA512
f70a12ebeb398e66f87a21ef054974c5ae76f0e846567bb582e8fc020cd705a7291a9cccf464cc2bea140038d9ceab38951afbc48234a010382d60ba8cb5571a

Download Submit
C:\Windows\System\IHPfBjI.exe

Filesize
1.9MB

MD5
e1e0233edca650a9b81171b6b42eb301

SHA1
2350a5093d7ce338783fcbf7246615b56c780ca3

SHA256
18c6470360aaf0a15d70f6c366bcfe08de17064866eb02e606de9879a1fd79d5

SHA512
844ddc9981e46649844469137f966f726360375e55a4a627092b179af85b54652b61a4cc6d23f74d1885c96fcfe5afeff8dc75916fca2de3e9cdc679c2b0d4d0

Download Submit
C:\Windows\System\JNxMGFg.exe

Filesize
1.9MB

MD5
c2f9e3c6fb6c6bab400fbe85cf338fdc

SHA1
0d95ba9b05d347bd2744059d09219c606e2ac584

SHA256
88995b0d175b1264fac3df262fa7983bcb09685f23436c6af1a629ee40e52cc1

SHA512
f09936665406f3c25faf8889db749dae55369c03a500269891b8ac5980efa9d63b9b35b6856f49f08fa4577b8165ac7800e1e7f90e22d021be6c5b56043828ba

Download Submit
C:\Windows\System\KXXoZac.exe

Filesize
1.9MB

MD5
5f305cf75e89ae327621712043d3a042

SHA1
c80811c0faed800ac0841c9ac27eda3206a029e3

SHA256
86b1e5c15607cc6122c20fdb9968456c34fd3e77ac7f6ecbf947f5961784020b

SHA512
6c00e695483f7c2dc5ff1f6584e9c127f784bd99e0e3d27857a0f05d22d7dcec770e6d9058499648158cffb2b69d9c47332a8870a41c33e102dbed60347b3fba

Download Submit
C:\Windows\System\LRYUmbm.exe

Filesize
1.9MB

MD5
f5025f7d3a9aecc7811acafde4d35f16

SHA1
a69c22ea43756db8cb134890298435159342dcef

SHA256
9dc61227d85f9f1399d9f2ecd9db3c75e71ade51d23afde6e3b9a0d34bdb18a9

SHA512
7025fc5eef54c8ae382ffcb7a08a627fc4f07a2d5828cdb565a8bec43edf95f70c07df864883e9b084a1cf977eb26383dd33caa3fcfc70da28860f8d104191e9

Download Submit
C:\Windows\System\Npjnusg.exe

Filesize
1.9MB

MD5
7ba7f277876afb1638714abb18a99250

SHA1
518f1998fe9842516b451486d5d4e2bdcd7b4409

SHA256
fe46f72ff0201d548f2a55b3c48caeecd584b4ecde0e1a9c87bc5ed8edb9d8e6

SHA512
06f3a0f36028b00d455f19c29c1dd6ad84b65fba35844a263c0619582ae28828403b4b61761d08c57a63654c14f08b49400f3f6458fca0559630479ea1befeba

Download Submit
C:\Windows\System\OeEJEAv.exe

Filesize
1.9MB

MD5
e787aec9e2763527e4f8e2a190ee6a01

SHA1
40362aa431f89eb95955702df8db60ffca7d0d92

SHA256
4e019acf8d6ca64723ad11fb65897a5207a2e2a59d5275df444004cd70c4c1e8

SHA512
e330f1147e888c9ec9fd35343f5656531e18d04081e8e4426e74b5d158c476f3fc881e0935aaa67bea06a11210dca7610d239ef1fcc0edd98b552eea0e5a3ef3

Download Submit
C:\Windows\System\TyzyZuk.exe

Filesize
1.9MB

MD5
6aedc4cdda1619639c6f364fd78d3cd5

SHA1
ea43f22001f1d2c9885f222c5b0dada5c169f684

SHA256
0d0388872aace284c8c8319399f8134ade6cc282e70c22193dcfb9bd1371fe97

SHA512
4945bee130b6bf4e8b9d7e99e4094d56e02dc26ce4ad09fe757dc1686fc48c7dc901469c05083a1699818bc8f3ad5748a17f7b4a642d2d6c713d267def0730ea

Download Submit
C:\Windows\System\UfsraAa.exe

Filesize
1.9MB

MD5
df38f1b06b95805339fc58cfeb29fb61

SHA1
d0420db6b8208286e0f50256545cd516cd1acddc

SHA256
80362c27643ccd9255db1f2b6e989141863a2c88ce54963f2735a8fae0809a00

SHA512
bae523604c9003191e62cc139cfa62ae708d01a885fa9e218546b333024f20c9d9b431f911c0d1899c992f426d6a86966d000129306daae84b428b66e2e1aec7

Download Submit
C:\Windows\System\crYsXQE.exe

Filesize
1.9MB

MD5
5455d11a702a40fd8cc64cb7aca55754

SHA1
255a757d2b180e607a84d4fad2c9cf127bf04b67

SHA256
935acbbd079dbb3c29d663e1ddd0dd1dbd8684045aca52c007e0c669ba352ace

SHA512
ed28d6e0fca779134cd27ffafc85d88f4db4febf2ae0d02167ac912a1c7b5da14d2d6ad258212f6485de94f269548ced2cb647e11670932871296b168370c24f

Download Submit
C:\Windows\System\egDqeXX.exe

Filesize
1.9MB

MD5
95058c5c15f95e885b8ae9cdd0dd3f59

SHA1
cbc743dc601c8351351a7b932a4221b7f021d02b

SHA256
ef6700fefcc244295b5d25edf43b3fc9054fe2cec59ec21d6bfa8aed04d0f7db

SHA512
df53181a5c6594de6e41cb3ab3fd73d76ee34073f2d5fbacb58d8b7045fca30ac046ffeb1a97836d81a9b24e45006ce61c391b84ced1c2708b482fca31f35e2c

Download Submit
C:\Windows\System\gdZpBvQ.exe

Filesize
1.9MB

MD5
1acc85dbe1fc8e0520909c3a92a7133c

SHA1
3141e0c6cc163b591bdfc53b21ec96d0abf87469

SHA256
3a1561b158e7e69fde07b9c351b24581bb2a1e07023255db2b0cbaa13f4faf9c

SHA512
9018a9682e25c1d1ebefa3d712e407ec202d2f690f8ca70e9bb7247bd72b00d3176a5b7b47cd103cc2d82a00d9d56825c6022c6167fc7fe21253cb45604a552e

Download Submit
C:\Windows\System\kIkvPxF.exe

Filesize
1.9MB

MD5
be9bc7fced57da4f5d2d4cd447673618

SHA1
d9daad7645f0f8485db05e3d31d45ecd3d72205a

SHA256
ab93f64a0b189c6a6c73c236e4472a07c4d22e059e68a9fa19422e23aa99c00d

SHA512
cc6d91a8e137ba323bc3ea550be113f436d26716dd7023e24f2fef156676afcf3afc2e68a828cc396cabfda176f58bc57deeeb49a155832ac617fae1844c18d1

Download Submit
C:\Windows\System\mPLKTIm.exe

Filesize
1.9MB

MD5
0b2a8096faa31f9c34172d304a3be660

SHA1
8789706ceb8b1d5812c065bb4a5908949b4aac19

SHA256
a89f5ccf6269dcdbcaec4474b2ac11b969fd2ec41faa6ec94f0e18800c7245eb

SHA512
4e731175458c237e36c36a8303095521c8a818e5161f36bbd1a939d84b7e22a743e714943186aa5495c4225e33279193047859ee6f0862e331690b98ffb11a1f

Download Submit
C:\Windows\System\mqlvOBe.exe

Filesize
1.9MB

MD5
843d43d2e058ffb24bdba2f7db29bc0f

SHA1
2a4aa2d87bd617550be129bf23a4a1609f7c3897

SHA256
2417bc31527e13b14859a5ff1f256980e4c6c87631996b46f3778dd2c4e25a69

SHA512
b81643762f543479e0ebbbcf64bd7f12001b0ec80c3b7400922e810c54176feed0a1349f7b8493ff195a81480cfd56a81a80a792d2b79e069a23232c8226ac5b

Download Submit
C:\Windows\System\neqihhk.exe

Filesize
1.9MB

MD5
15038a03f8fb39360af72071afa1006c

SHA1
cb67910a69cf06bd0b49b1a23ab32dff17f8dbb4

SHA256
19a50e1273216fc1a87667551fe3e1a9098db75a11090ba295bde9de8c13f8fe

SHA512
1d6433be6f140ebd7631a21f07d751ec0aa07e1e3e6c2ef6b4f8db5a3b8a116c98d42b1b6a7e0650cd67e1281ff81b817e932321d6f58a7d6b880020ae7ad808

Download Submit
C:\Windows\System\ntpcKOa.exe

Filesize
1.9MB

MD5
9bcae84c924af7a561fa93e94bc6f694

SHA1
660a586679ce5776f1931bc2c63f50759f5a2d42

SHA256
dfa3317103b420967fec5a1187f48fca13e48ffb3fcdb6d23711a4c4451bde08

SHA512
d4fec9768b7876115c21576c497c2ceb85411c908f006d1c7a078acb5e45297dc60149cb4b1394a97f0f2bb2951b6371410b2e3238dea7718a64f18d2c30345b

Download Submit
C:\Windows\System\qrlGlaJ.exe

Filesize
1.9MB

MD5
35459baf160d78f64c2c3dd45ab49cbe

SHA1
bc15c3cbd6c43a87d43a07c2137425c799149ce0

SHA256
21c0859369394eac454715ed94017e9918c5bfe9628945f9faadac113a0e14c5

SHA512
9b1cb75fccba238fa5271e171070d02ac4d798a32f892fad0bcf52d4108600b1b44ddfe500126f67cd9b4e6587faf0ad4a9aa86314146057b8a0a6f5a6500fa3

Download Submit
C:\Windows\System\tphBJjQ.exe

Filesize
1.9MB

MD5
d6ef5707069e68529724d3f105762bfe

SHA1
7f876e4ce633b4821826b539968b4c39e547514d

SHA256
2bf346d2c976079a476e9756fae2cc9892767b959f511cd35b4a3df95fca0f7a

SHA512
f9f9eed9de7a5777d24e43e1f62c25c30dd5d4cdaa19db33d3dee1d4c5923a7b84038d23fad7b31dd9097604e29fe6c2ebc4fba0752b0d7cf6049643989d647e

Download Submit
C:\Windows\System\uRKkdsL.exe

Filesize
1.9MB

MD5
19562f111928459ed3168edfcda3c347

SHA1
3c3f103bee002430f07de2aa0a3d9349cbdc691e

SHA256
8487bced058d4b3b79d663830cc4e89ddf3e12fd2e096073df0e86abd069d532

SHA512
4eb7eed003602be61f7fd848fdb8809e5dcf72b31c0beb0aeb2e522f57a388ea626984d22e837c55834fe2e6ef663e1b54b81c313985f1b2f0284ac750441300

Download Submit
C:\Windows\System\ubgIvby.exe

Filesize
1.9MB

MD5
030a328a9a1c0257dd7719e87d55e4e0

SHA1
c23f1221b6b10f18ce9e7ebc36e38c2838d409f4

SHA256
9814df4407b9e6b489dce26ce2b360ec07f76139068086ee7aaaf981a894bc9d

SHA512
4b81ca4310c27d99c1b54dd0827565b9f1fa1d8b0a6eb702fd39c7aed71ad6a97409db2554c6bdc9692055d43b0b5039b15ed3226d9661476caffa2affd3e260

Download Submit
C:\Windows\System\vlsVhdL.exe

Filesize
1.9MB

MD5
5c955ad30f14599eb62fbe899ea89535

SHA1
239563243d7d41f705ada04e2cd4a9e4e3ad5707

SHA256
03bc0aaf85d808e9febd4c4a1df70c268070a424928d2dbac139b67e79cfde9e

SHA512
bad0a9785e5cc9828c28a7dd1969739386c7440a1d59e36d5032c9744d1e7648038500687e7b0e263a55eb169898b10b890d36bc6173a9926d4bd5bf0d5d6c9a

Download Submit
C:\Windows\System\vslNOAs.exe

Filesize
1.9MB

MD5
d9500c57bcd4ac3d544b7c34be19999c

SHA1
7487be2d095b862a66c087011563144c257f401b

SHA256
8be068a0253e733e4b98602fdcaaacd0a484bb67da7d1f5e45522282913109d3

SHA512
350b1ee54d2af35b54dd4f1960ff1d9cec8b62faa5aeb86d2bb95932cfcf5460de86284fc9f3152f9270647b46269f75250dc75b0da8228655a9f7d6e90c1f95

Download Submit
C:\Windows\System\wJjMJmu.exe

Filesize
1.9MB

MD5
552afb1057e2342c28023f1b0612cfc8

SHA1
bb10f9051814de5ef93e6f367926e5e3fac25852

SHA256
2820e024739699a1447c0551c112145d94586eb4889a62a3dc00195ed80cfa4b

SHA512
bde151ec374a55d84f072ec431a17b3de5288503a0a91aed123add28c5a30933e4282a1def95b55d840693ad4d9cc7355641d3a864bf7e63c1c86f3b2dbc95cc

Download Submit
C:\Windows\System\wWqIwqQ.exe

Filesize
1.9MB

MD5
e0105f94d2d4328415d15cb33edd53c5

SHA1
a543b48be0efa6d6e37afa6903d406ab9c940f42

SHA256
c9e8528425c47387c92630c93f3a8b402521bcb0eb7eaa850ca7e46129f549de

SHA512
8a997af26cd4774945c6d64493343a0870ac512946cffaa0b58a555b6fdddeba56aac5dc50b14aec94e3fc5c7a90c7cc9beb77a251fa34a7d5d13e933f0be3f5

Download Submit
C:\Windows\System\xLHpUlY.exe

Filesize
1.9MB

MD5
161bc4f6b1cd462859191e3b64dfef5c

SHA1
7c7f1ad60bf82de2b23d5528d30322746ac253c4

SHA256
099d1dc3f5d59842e7b53c2ad77747d26c3dd69b6c448c87accae3616b4c90ad

SHA512
0a3dae0c5d06ee5fe99184a51c84a75383d7bd813c766b1331253bd2b83b8e1d1142f8e4e7b2dacb217c629304ce6331492a4a5fcb6d23f76b0ac820d50a40d2

Download Submit
C:\Windows\System\zpuaghk.exe

Filesize
1.9MB

MD5
65359f7673c0ccb067ac45f85310cf69

SHA1
f966aab5433390407e8102acd330690e974478d5

SHA256
3ea1d206c96bd87142df5b07657e83114ca9da878ffc11258ae9773c34a2be8d

SHA512
18980f821bbab08e8406951e15da6d713801368a25a10d4874ffb6bf101eb7709968702d347751f963c1c6bb4e77a189bfa105cd00c175ed3f80cdb4bcc46db7

Download Submit
memory/3400-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download