kpot | d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9

Analysis

max time kernel
116s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2024 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
Size

1.8MB
MD5

a9b488379a0f9bdf13dc624bfebcbff0
SHA1

bdab5b05b48f6a685d99d7952b8e8cb7c2346c27
SHA256

d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9
SHA512

4829300aabf6c893902fce7426c3518844529adf70e1c82c54bf2bb7e2f8f1a0284403ad41c4c1d495a3206df351515de7e4c7ea60abb6ebcd15296f9dcfaca2
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/Fattzk2:GemTLkNdfE0pZaQB

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

Processes:

resource	yara_rule
C:\Windows\System\adDpyEw.exe	family_kpot
C:\Windows\System\WSbgahR.exe	family_kpot
C:\Windows\System\hHpjMUE.exe	family_kpot
C:\Windows\System\YjyZouE.exe	family_kpot
C:\Windows\System\YkwkswT.exe	family_kpot
C:\Windows\System\yxOgkBk.exe	family_kpot
C:\Windows\System\qeArtjf.exe	family_kpot
C:\Windows\System\QRGBCYm.exe	family_kpot
C:\Windows\System\wqGPwuS.exe	family_kpot
C:\Windows\System\kYkrjSS.exe	family_kpot
C:\Windows\System\RABHlLO.exe	family_kpot
C:\Windows\System\cYlFgak.exe	family_kpot
C:\Windows\System\GbnFjCa.exe	family_kpot
C:\Windows\System\KnbjKuL.exe	family_kpot
C:\Windows\System\RHPGLWr.exe	family_kpot
C:\Windows\System\wdukdjL.exe	family_kpot
C:\Windows\System\lDSLcwK.exe	family_kpot
C:\Windows\System\wfCTTjr.exe	family_kpot
C:\Windows\System\FOWOLIp.exe	family_kpot
C:\Windows\System\ZFsehQD.exe	family_kpot
C:\Windows\System\DBdkHeN.exe	family_kpot
C:\Windows\System\NAfELLD.exe	family_kpot
C:\Windows\System\AhMHxzg.exe	family_kpot
C:\Windows\System\wzDPFTS.exe	family_kpot
C:\Windows\System\ALMLxwv.exe	family_kpot
C:\Windows\System\ijIPiUg.exe	family_kpot
C:\Windows\System\WAcnsit.exe	family_kpot
C:\Windows\System\tBVhDBj.exe	family_kpot
C:\Windows\System\lGWOryS.exe	family_kpot
C:\Windows\System\SwtFrGL.exe	family_kpot
C:\Windows\System\edsASGU.exe	family_kpot
C:\Windows\System\JujraVV.exe	family_kpot
C:\Windows\System\yOyjNJM.exe	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

Processes:

resource	yara_rule
C:\Windows\System\adDpyEw.exe	xmrig
C:\Windows\System\WSbgahR.exe	xmrig
C:\Windows\System\hHpjMUE.exe	xmrig
C:\Windows\System\YjyZouE.exe	xmrig
C:\Windows\System\YkwkswT.exe	xmrig
C:\Windows\System\yxOgkBk.exe	xmrig
C:\Windows\System\qeArtjf.exe	xmrig
C:\Windows\System\QRGBCYm.exe	xmrig
C:\Windows\System\wqGPwuS.exe	xmrig
C:\Windows\System\kYkrjSS.exe	xmrig
C:\Windows\System\RABHlLO.exe	xmrig
C:\Windows\System\cYlFgak.exe	xmrig
C:\Windows\System\GbnFjCa.exe	xmrig
C:\Windows\System\KnbjKuL.exe	xmrig
C:\Windows\System\RHPGLWr.exe	xmrig
C:\Windows\System\wdukdjL.exe	xmrig
C:\Windows\System\lDSLcwK.exe	xmrig
C:\Windows\System\wfCTTjr.exe	xmrig
C:\Windows\System\FOWOLIp.exe	xmrig
C:\Windows\System\ZFsehQD.exe	xmrig
C:\Windows\System\DBdkHeN.exe	xmrig
C:\Windows\System\NAfELLD.exe	xmrig
C:\Windows\System\AhMHxzg.exe	xmrig
C:\Windows\System\wzDPFTS.exe	xmrig
C:\Windows\System\ALMLxwv.exe	xmrig
C:\Windows\System\ijIPiUg.exe	xmrig
C:\Windows\System\WAcnsit.exe	xmrig
C:\Windows\System\tBVhDBj.exe	xmrig
C:\Windows\System\lGWOryS.exe	xmrig
C:\Windows\System\SwtFrGL.exe	xmrig
C:\Windows\System\edsASGU.exe	xmrig
C:\Windows\System\JujraVV.exe	xmrig
C:\Windows\System\yOyjNJM.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

hHpjMUE.exeadDpyEw.exeWSbgahR.exeYjyZouE.exeYkwkswT.exeyxOgkBk.exeyOyjNJM.exeJujraVV.exeQRGBCYm.exeqeArtjf.exeedsASGU.exeSwtFrGL.exelGWOryS.exetBVhDBj.exeWAcnsit.exeijIPiUg.exeALMLxwv.exewzDPFTS.exeAhMHxzg.exeNAfELLD.exeDBdkHeN.exeZFsehQD.exeFOWOLIp.exewfCTTjr.exelDSLcwK.exewdukdjL.exeRHPGLWr.exeKnbjKuL.exeGbnFjCa.execYlFgak.exekYkrjSS.exeRABHlLO.exewqGPwuS.exejtvZQDT.exeHdwlzqg.exeOfCLDOA.exenWXjapH.exeZjXUvgp.exeJSyYKJA.exeoNEuXvb.exezkskgLd.exelPlrZzI.exeihwwhIT.exeoAJTQIV.exebEVjoHO.exedGyfSVa.exeYivnZIk.exeokBnGcP.exegZAVPUv.exebhRtmFe.exeEHcQYfn.exeKonhovJ.exeKdTOtIq.exeuuYJnVp.exepCQStZm.exeBYcypTh.exeuzFqkcn.exeurhRYDJ.exeKoZYkUK.exeiFiSFdT.exeOccmngy.exepgbxwlX.exeHxjlGKH.exebvUlgBe.exe

pid	process
1048	hHpjMUE.exe
1732	adDpyEw.exe
5048	WSbgahR.exe
408	YjyZouE.exe
3184	YkwkswT.exe
3252	yxOgkBk.exe
4284	yOyjNJM.exe
1208	JujraVV.exe
2616	QRGBCYm.exe
4352	qeArtjf.exe
3976	edsASGU.exe
752	SwtFrGL.exe
1328	lGWOryS.exe
928	tBVhDBj.exe
1508	WAcnsit.exe
3064	ijIPiUg.exe
384	ALMLxwv.exe
1576	wzDPFTS.exe
3208	AhMHxzg.exe
1992	NAfELLD.exe
1476	DBdkHeN.exe
3264	ZFsehQD.exe
1204	FOWOLIp.exe
4964	wfCTTjr.exe
2420	lDSLcwK.exe
2772	wdukdjL.exe
4528	RHPGLWr.exe
4900	KnbjKuL.exe
4788	GbnFjCa.exe
2080	cYlFgak.exe
2528	kYkrjSS.exe
4448	RABHlLO.exe
3296	wqGPwuS.exe
1788	jtvZQDT.exe
4992	Hdwlzqg.exe
4340	OfCLDOA.exe
780	nWXjapH.exe
4188	ZjXUvgp.exe
4464	JSyYKJA.exe
2548	oNEuXvb.exe
924	zkskgLd.exe
636	lPlrZzI.exe
3024	ihwwhIT.exe
336	oAJTQIV.exe
4584	bEVjoHO.exe
4544	dGyfSVa.exe
4548	YivnZIk.exe
4416	okBnGcP.exe
2896	gZAVPUv.exe
4032	bhRtmFe.exe
1588	EHcQYfn.exe
3680	KonhovJ.exe
4832	KdTOtIq.exe
5028	uuYJnVp.exe
784	pCQStZm.exe
5040	BYcypTh.exe
3460	uzFqkcn.exe
3880	urhRYDJ.exe
1504	KoZYkUK.exe
2608	iFiSFdT.exe
5144	Occmngy.exe
5168	pgbxwlX.exe
5196	HxjlGKH.exe
5232	bvUlgBe.exe

Drops file in Windows directory 64 IoCs

Processes:

d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe

description	ioc	process
File created	C:\Windows\System\wKASjjr.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\fWdMVAd.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\FOWOLIp.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\bvUlgBe.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\qQEdIUg.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\kJvYeaB.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\kYEripZ.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\WtLFOsy.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\qWYzfPW.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\kYkrjSS.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\YivnZIk.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\xaHFLkJ.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\YXrLpTC.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\xCHsGfv.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\VzLWbHi.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\AhMHxzg.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\uzFqkcn.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\zdOyJxu.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\NIUwnUb.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\iHnPaQx.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\ZFsehQD.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\zqDvUrb.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\mGuLemU.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\kwYhJKE.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\biyxBKP.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\fzscpZH.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\XFZPyco.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\QRccLEC.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\NAfELLD.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\jXnaTWM.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\dPZrWHi.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\aVSQIRo.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\JSyYKJA.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\lGWOryS.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\DgqZDeC.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\udBzTqW.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\YjyZouE.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\HSswrGX.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\OdgEwFf.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\MbcqNLk.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\JlunTwG.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\oOkdaJe.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\RHPGLWr.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\bhRtmFe.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\EHcQYfn.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\yVBspWh.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\adDpyEw.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\zRCqzNF.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\ChtAkGX.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\GApWULx.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\JVjCMlo.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\Dcbxqok.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\LUzInEc.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\lMmYmvD.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\gPZevPL.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\hQjaxGj.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\PWUvPdt.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\PChjoRh.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\Hdwlzqg.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\sZRnCNq.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\vtLIJOq.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\LDVTzyD.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\CtJymwc.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
File created	C:\Windows\System\HOVnmmF.exe	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe

description	pid	process
Token: SeLockMemoryPrivilege	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
Token: SeLockMemoryPrivilege	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe

description	pid	process	target process
PID 4436 wrote to memory of 1048	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	hHpjMUE.exe
PID 4436 wrote to memory of 1048	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	hHpjMUE.exe
PID 4436 wrote to memory of 1732	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	adDpyEw.exe
PID 4436 wrote to memory of 1732	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	adDpyEw.exe
PID 4436 wrote to memory of 5048	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	WSbgahR.exe
PID 4436 wrote to memory of 5048	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	WSbgahR.exe
PID 4436 wrote to memory of 408	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	YjyZouE.exe
PID 4436 wrote to memory of 408	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	YjyZouE.exe
PID 4436 wrote to memory of 3184	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	YkwkswT.exe
PID 4436 wrote to memory of 3184	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	YkwkswT.exe
PID 4436 wrote to memory of 3252	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	yxOgkBk.exe
PID 4436 wrote to memory of 3252	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	yxOgkBk.exe
PID 4436 wrote to memory of 4284	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	yOyjNJM.exe
PID 4436 wrote to memory of 4284	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	yOyjNJM.exe
PID 4436 wrote to memory of 1208	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	JujraVV.exe
PID 4436 wrote to memory of 1208	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	JujraVV.exe
PID 4436 wrote to memory of 2616	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	QRGBCYm.exe
PID 4436 wrote to memory of 2616	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	QRGBCYm.exe
PID 4436 wrote to memory of 4352	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	qeArtjf.exe
PID 4436 wrote to memory of 4352	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	qeArtjf.exe
PID 4436 wrote to memory of 3976	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	edsASGU.exe
PID 4436 wrote to memory of 3976	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	edsASGU.exe
PID 4436 wrote to memory of 752	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	SwtFrGL.exe
PID 4436 wrote to memory of 752	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	SwtFrGL.exe
PID 4436 wrote to memory of 1328	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	lGWOryS.exe
PID 4436 wrote to memory of 1328	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	lGWOryS.exe
PID 4436 wrote to memory of 928	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	tBVhDBj.exe
PID 4436 wrote to memory of 928	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	tBVhDBj.exe
PID 4436 wrote to memory of 1508	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	WAcnsit.exe
PID 4436 wrote to memory of 1508	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	WAcnsit.exe
PID 4436 wrote to memory of 3064	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ijIPiUg.exe
PID 4436 wrote to memory of 3064	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ijIPiUg.exe
PID 4436 wrote to memory of 384	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ALMLxwv.exe
PID 4436 wrote to memory of 384	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ALMLxwv.exe
PID 4436 wrote to memory of 1576	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wzDPFTS.exe
PID 4436 wrote to memory of 1576	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wzDPFTS.exe
PID 4436 wrote to memory of 3208	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	AhMHxzg.exe
PID 4436 wrote to memory of 3208	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	AhMHxzg.exe
PID 4436 wrote to memory of 1992	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	NAfELLD.exe
PID 4436 wrote to memory of 1992	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	NAfELLD.exe
PID 4436 wrote to memory of 1476	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	DBdkHeN.exe
PID 4436 wrote to memory of 1476	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	DBdkHeN.exe
PID 4436 wrote to memory of 3264	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ZFsehQD.exe
PID 4436 wrote to memory of 3264	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	ZFsehQD.exe
PID 4436 wrote to memory of 1204	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	FOWOLIp.exe
PID 4436 wrote to memory of 1204	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	FOWOLIp.exe
PID 4436 wrote to memory of 4964	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wfCTTjr.exe
PID 4436 wrote to memory of 4964	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wfCTTjr.exe
PID 4436 wrote to memory of 2420	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	lDSLcwK.exe
PID 4436 wrote to memory of 2420	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	lDSLcwK.exe
PID 4436 wrote to memory of 2772	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wdukdjL.exe
PID 4436 wrote to memory of 2772	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	wdukdjL.exe
PID 4436 wrote to memory of 4528	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	RHPGLWr.exe
PID 4436 wrote to memory of 4528	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	RHPGLWr.exe
PID 4436 wrote to memory of 4900	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	KnbjKuL.exe
PID 4436 wrote to memory of 4900	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	KnbjKuL.exe
PID 4436 wrote to memory of 4788	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	GbnFjCa.exe
PID 4436 wrote to memory of 4788	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	GbnFjCa.exe
PID 4436 wrote to memory of 2080	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	cYlFgak.exe
PID 4436 wrote to memory of 2080	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	cYlFgak.exe
PID 4436 wrote to memory of 2528	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	kYkrjSS.exe
PID 4436 wrote to memory of 2528	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	kYkrjSS.exe
PID 4436 wrote to memory of 4448	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	RABHlLO.exe
PID 4436 wrote to memory of 4448	4436	d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe	RABHlLO.exe

C:\Users\Admin\AppData\Local\Temp\d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe
"C:\Users\Admin\AppData\Local\Temp\d595038d90a3d16775ab67e8696c00a72e718bf0833cd43bf5bac386ceed0ac9N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\System\hHpjMUE.exe
  C:\Windows\System\hHpjMUE.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\adDpyEw.exe
  C:\Windows\System\adDpyEw.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\WSbgahR.exe
  C:\Windows\System\WSbgahR.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\YjyZouE.exe
  C:\Windows\System\YjyZouE.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\YkwkswT.exe
  C:\Windows\System\YkwkswT.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\yxOgkBk.exe
  C:\Windows\System\yxOgkBk.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\yOyjNJM.exe
  C:\Windows\System\yOyjNJM.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\JujraVV.exe
  C:\Windows\System\JujraVV.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\QRGBCYm.exe
  C:\Windows\System\QRGBCYm.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\qeArtjf.exe
  C:\Windows\System\qeArtjf.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\edsASGU.exe
  C:\Windows\System\edsASGU.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\SwtFrGL.exe
  C:\Windows\System\SwtFrGL.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\lGWOryS.exe
  C:\Windows\System\lGWOryS.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\tBVhDBj.exe
  C:\Windows\System\tBVhDBj.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\WAcnsit.exe
  C:\Windows\System\WAcnsit.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\ijIPiUg.exe
  C:\Windows\System\ijIPiUg.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ALMLxwv.exe
  C:\Windows\System\ALMLxwv.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\wzDPFTS.exe
  C:\Windows\System\wzDPFTS.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\AhMHxzg.exe
  C:\Windows\System\AhMHxzg.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\NAfELLD.exe
  C:\Windows\System\NAfELLD.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\DBdkHeN.exe
  C:\Windows\System\DBdkHeN.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\ZFsehQD.exe
  C:\Windows\System\ZFsehQD.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\FOWOLIp.exe
  C:\Windows\System\FOWOLIp.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\wfCTTjr.exe
  C:\Windows\System\wfCTTjr.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\lDSLcwK.exe
  C:\Windows\System\lDSLcwK.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wdukdjL.exe
  C:\Windows\System\wdukdjL.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RHPGLWr.exe
  C:\Windows\System\RHPGLWr.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\KnbjKuL.exe
  C:\Windows\System\KnbjKuL.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\GbnFjCa.exe
  C:\Windows\System\GbnFjCa.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\cYlFgak.exe
  C:\Windows\System\cYlFgak.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\kYkrjSS.exe
  C:\Windows\System\kYkrjSS.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\RABHlLO.exe
  C:\Windows\System\RABHlLO.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\wqGPwuS.exe
  C:\Windows\System\wqGPwuS.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\jtvZQDT.exe
  C:\Windows\System\jtvZQDT.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\Hdwlzqg.exe
  C:\Windows\System\Hdwlzqg.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\OfCLDOA.exe
  C:\Windows\System\OfCLDOA.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\nWXjapH.exe
  C:\Windows\System\nWXjapH.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\ZjXUvgp.exe
  C:\Windows\System\ZjXUvgp.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\JSyYKJA.exe
  C:\Windows\System\JSyYKJA.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\oNEuXvb.exe
  C:\Windows\System\oNEuXvb.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\zkskgLd.exe
  C:\Windows\System\zkskgLd.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\lPlrZzI.exe
  C:\Windows\System\lPlrZzI.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\ihwwhIT.exe
  C:\Windows\System\ihwwhIT.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\oAJTQIV.exe
  C:\Windows\System\oAJTQIV.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\bEVjoHO.exe
  C:\Windows\System\bEVjoHO.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\dGyfSVa.exe
  C:\Windows\System\dGyfSVa.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\YivnZIk.exe
  C:\Windows\System\YivnZIk.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\okBnGcP.exe
  C:\Windows\System\okBnGcP.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\gZAVPUv.exe
  C:\Windows\System\gZAVPUv.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\bhRtmFe.exe
  C:\Windows\System\bhRtmFe.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\EHcQYfn.exe
  C:\Windows\System\EHcQYfn.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\KonhovJ.exe
  C:\Windows\System\KonhovJ.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\KdTOtIq.exe
  C:\Windows\System\KdTOtIq.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\uuYJnVp.exe
  C:\Windows\System\uuYJnVp.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\pCQStZm.exe
  C:\Windows\System\pCQStZm.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\BYcypTh.exe
  C:\Windows\System\BYcypTh.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\uzFqkcn.exe
  C:\Windows\System\uzFqkcn.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\urhRYDJ.exe
  C:\Windows\System\urhRYDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\KoZYkUK.exe
  C:\Windows\System\KoZYkUK.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\iFiSFdT.exe
  C:\Windows\System\iFiSFdT.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\Occmngy.exe
  C:\Windows\System\Occmngy.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\pgbxwlX.exe
  C:\Windows\System\pgbxwlX.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\HxjlGKH.exe
  C:\Windows\System\HxjlGKH.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\bvUlgBe.exe
  C:\Windows\System\bvUlgBe.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\fdCRkBg.exe
  C:\Windows\System\fdCRkBg.exe
  2⤵
  PID:5260
- C:\Windows\System\FiPIYjj.exe
  C:\Windows\System\FiPIYjj.exe
  2⤵
  PID:5284
- C:\Windows\System\ZBlKQOT.exe
  C:\Windows\System\ZBlKQOT.exe
  2⤵
  PID:5316
- C:\Windows\System\JOZFSQv.exe
  C:\Windows\System\JOZFSQv.exe
  2⤵
  PID:5340
- C:\Windows\System\zdOyJxu.exe
  C:\Windows\System\zdOyJxu.exe
  2⤵
  PID:5368
- C:\Windows\System\AAUGEtx.exe
  C:\Windows\System\AAUGEtx.exe
  2⤵
  PID:5396
- C:\Windows\System\wMkZfAL.exe
  C:\Windows\System\wMkZfAL.exe
  2⤵
  PID:5424
- C:\Windows\System\eXnzLbg.exe
  C:\Windows\System\eXnzLbg.exe
  2⤵
  PID:5460
- C:\Windows\System\EbjMMcB.exe
  C:\Windows\System\EbjMMcB.exe
  2⤵
  PID:5480
- C:\Windows\System\aRcwoIs.exe
  C:\Windows\System\aRcwoIs.exe
  2⤵
  PID:5508
- C:\Windows\System\hOYHEZp.exe
  C:\Windows\System\hOYHEZp.exe
  2⤵
  PID:5536
- C:\Windows\System\SqEVcyH.exe
  C:\Windows\System\SqEVcyH.exe
  2⤵
  PID:5560
- C:\Windows\System\NIUwnUb.exe
  C:\Windows\System\NIUwnUb.exe
  2⤵
  PID:5588
- C:\Windows\System\zqDvUrb.exe
  C:\Windows\System\zqDvUrb.exe
  2⤵
  PID:5616
- C:\Windows\System\sZRnCNq.exe
  C:\Windows\System\sZRnCNq.exe
  2⤵
  PID:5644
- C:\Windows\System\VwfnMuQ.exe
  C:\Windows\System\VwfnMuQ.exe
  2⤵
  PID:5672
- C:\Windows\System\zdmPTjk.exe
  C:\Windows\System\zdmPTjk.exe
  2⤵
  PID:5700
- C:\Windows\System\AWEmNfT.exe
  C:\Windows\System\AWEmNfT.exe
  2⤵
  PID:5728
- C:\Windows\System\nUaKwsx.exe
  C:\Windows\System\nUaKwsx.exe
  2⤵
  PID:5756
- C:\Windows\System\yVBspWh.exe
  C:\Windows\System\yVBspWh.exe
  2⤵
  PID:5784
- C:\Windows\System\Sojplrl.exe
  C:\Windows\System\Sojplrl.exe
  2⤵
  PID:5812
- C:\Windows\System\McKCDKq.exe
  C:\Windows\System\McKCDKq.exe
  2⤵
  PID:5840
- C:\Windows\System\CGGncln.exe
  C:\Windows\System\CGGncln.exe
  2⤵
  PID:5868
- C:\Windows\System\HCzomyQ.exe
  C:\Windows\System\HCzomyQ.exe
  2⤵
  PID:5896
- C:\Windows\System\rKqFcvA.exe
  C:\Windows\System\rKqFcvA.exe
  2⤵
  PID:5928
- C:\Windows\System\TEkyviX.exe
  C:\Windows\System\TEkyviX.exe
  2⤵
  PID:5956
- C:\Windows\System\ufdmATq.exe
  C:\Windows\System\ufdmATq.exe
  2⤵
  PID:5984
- C:\Windows\System\djffGGF.exe
  C:\Windows\System\djffGGF.exe
  2⤵
  PID:6012
- C:\Windows\System\ZECwFUN.exe
  C:\Windows\System\ZECwFUN.exe
  2⤵
  PID:6036
- C:\Windows\System\xedqXDm.exe
  C:\Windows\System\xedqXDm.exe
  2⤵
  PID:6064
- C:\Windows\System\eAmxvTM.exe
  C:\Windows\System\eAmxvTM.exe
  2⤵
  PID:6092
- C:\Windows\System\gCDmUVm.exe
  C:\Windows\System\gCDmUVm.exe
  2⤵
  PID:6120
- C:\Windows\System\TyiQSem.exe
  C:\Windows\System\TyiQSem.exe
  2⤵
  PID:312
- C:\Windows\System\jQvfZSA.exe
  C:\Windows\System\jQvfZSA.exe
  2⤵
  PID:2144
- C:\Windows\System\IyvKsrG.exe
  C:\Windows\System\IyvKsrG.exe
  2⤵
  PID:4704
- C:\Windows\System\MAlJyzH.exe
  C:\Windows\System\MAlJyzH.exe
  2⤵
  PID:3096
- C:\Windows\System\ukgekYF.exe
  C:\Windows\System\ukgekYF.exe
  2⤵
  PID:1680
- C:\Windows\System\bXgkBLW.exe
  C:\Windows\System\bXgkBLW.exe
  2⤵
  PID:5164
- C:\Windows\System\GApWULx.exe
  C:\Windows\System\GApWULx.exe
  2⤵
  PID:5220
- C:\Windows\System\DEUCadn.exe
  C:\Windows\System\DEUCadn.exe
  2⤵
  PID:5280
- C:\Windows\System\eRDrRTe.exe
  C:\Windows\System\eRDrRTe.exe
  2⤵
  PID:5356
- C:\Windows\System\pLbNlCZ.exe
  C:\Windows\System\pLbNlCZ.exe
  2⤵
  PID:5416
- C:\Windows\System\sHakbdi.exe
  C:\Windows\System\sHakbdi.exe
  2⤵
  PID:5476
- C:\Windows\System\TuRTZRz.exe
  C:\Windows\System\TuRTZRz.exe
  2⤵
  PID:5548
- C:\Windows\System\xaHFLkJ.exe
  C:\Windows\System\xaHFLkJ.exe
  2⤵
  PID:5608
- C:\Windows\System\CuhJrEw.exe
  C:\Windows\System\CuhJrEw.exe
  2⤵
  PID:5688
- C:\Windows\System\qAAxNmZ.exe
  C:\Windows\System\qAAxNmZ.exe
  2⤵
  PID:5744
- C:\Windows\System\GSioJQO.exe
  C:\Windows\System\GSioJQO.exe
  2⤵
  PID:5804
- C:\Windows\System\hZZnauM.exe
  C:\Windows\System\hZZnauM.exe
  2⤵
  PID:5864
- C:\Windows\System\ZWugsss.exe
  C:\Windows\System\ZWugsss.exe
  2⤵
  PID:5916
- C:\Windows\System\tMCDend.exe
  C:\Windows\System\tMCDend.exe
  2⤵
  PID:5976
- C:\Windows\System\kmFvIQL.exe
  C:\Windows\System\kmFvIQL.exe
  2⤵
  PID:6032
- C:\Windows\System\RZkYgut.exe
  C:\Windows\System\RZkYgut.exe
  2⤵
  PID:6108
- C:\Windows\System\mGuLemU.exe
  C:\Windows\System\mGuLemU.exe
  2⤵
  PID:600
- C:\Windows\System\UNladgR.exe
  C:\Windows\System\UNladgR.exe
  2⤵
  PID:1316
- C:\Windows\System\yRKCnJP.exe
  C:\Windows\System\yRKCnJP.exe
  2⤵
  PID:5524
- C:\Windows\System\XtelhPr.exe
  C:\Windows\System\XtelhPr.exe
  2⤵
  PID:5716
- C:\Windows\System\QSRZzMQ.exe
  C:\Windows\System\QSRZzMQ.exe
  2⤵
  PID:5892
- C:\Windows\System\UFtBOjc.exe
  C:\Windows\System\UFtBOjc.exe
  2⤵
  PID:6004
- C:\Windows\System\kwYhJKE.exe
  C:\Windows\System\kwYhJKE.exe
  2⤵
  PID:6084
- C:\Windows\System\CYHQbqj.exe
  C:\Windows\System\CYHQbqj.exe
  2⤵
  PID:5132
- C:\Windows\System\wKASjjr.exe
  C:\Windows\System\wKASjjr.exe
  2⤵
  PID:1432
- C:\Windows\System\SqQucmF.exe
  C:\Windows\System\SqQucmF.exe
  2⤵
  PID:1132
- C:\Windows\System\CBtmlgu.exe
  C:\Windows\System\CBtmlgu.exe
  2⤵
  PID:440
- C:\Windows\System\PKxnwjY.exe
  C:\Windows\System\PKxnwjY.exe
  2⤵
  PID:1212
- C:\Windows\System\fLoNXZK.exe
  C:\Windows\System\fLoNXZK.exe
  2⤵
  PID:1436
- C:\Windows\System\MdQBQDq.exe
  C:\Windows\System\MdQBQDq.exe
  2⤵
  PID:184
- C:\Windows\System\UIQBXnH.exe
  C:\Windows\System\UIQBXnH.exe
  2⤵
  PID:4476
- C:\Windows\System\MAhdfJo.exe
  C:\Windows\System\MAhdfJo.exe
  2⤵
  PID:5332
- C:\Windows\System\HSswrGX.exe
  C:\Windows\System\HSswrGX.exe
  2⤵
  PID:4272
- C:\Windows\System\baBuAvD.exe
  C:\Windows\System\baBuAvD.exe
  2⤵
  PID:1528
- C:\Windows\System\HUbSlxZ.exe
  C:\Windows\System\HUbSlxZ.exe
  2⤵
  PID:348
- C:\Windows\System\JbYfVtF.exe
  C:\Windows\System\JbYfVtF.exe
  2⤵
  PID:3756
- C:\Windows\System\ZKwiVxf.exe
  C:\Windows\System\ZKwiVxf.exe
  2⤵
  PID:516
- C:\Windows\System\LUzInEc.exe
  C:\Windows\System\LUzInEc.exe
  2⤵
  PID:6080
- C:\Windows\System\ssBRhwf.exe
  C:\Windows\System\ssBRhwf.exe
  2⤵
  PID:920
- C:\Windows\System\eQHFwhL.exe
  C:\Windows\System\eQHFwhL.exe
  2⤵
  PID:5520
- C:\Windows\System\DODtAWb.exe
  C:\Windows\System\DODtAWb.exe
  2⤵
  PID:6152
- C:\Windows\System\rohbzmj.exe
  C:\Windows\System\rohbzmj.exe
  2⤵
  PID:6180
- C:\Windows\System\maSlwLG.exe
  C:\Windows\System\maSlwLG.exe
  2⤵
  PID:6208
- C:\Windows\System\IyGrBTC.exe
  C:\Windows\System\IyGrBTC.exe
  2⤵
  PID:6224
- C:\Windows\System\kSujHjX.exe
  C:\Windows\System\kSujHjX.exe
  2⤵
  PID:6264
- C:\Windows\System\qQEdIUg.exe
  C:\Windows\System\qQEdIUg.exe
  2⤵
  PID:6280
- C:\Windows\System\UtXoWNE.exe
  C:\Windows\System\UtXoWNE.exe
  2⤵
  PID:6320
- C:\Windows\System\lMmYmvD.exe
  C:\Windows\System\lMmYmvD.exe
  2⤵
  PID:6348
- C:\Windows\System\JVjCMlo.exe
  C:\Windows\System\JVjCMlo.exe
  2⤵
  PID:6364
- C:\Windows\System\UoxAxcd.exe
  C:\Windows\System\UoxAxcd.exe
  2⤵
  PID:6392
- C:\Windows\System\SewnKcn.exe
  C:\Windows\System\SewnKcn.exe
  2⤵
  PID:6432
- C:\Windows\System\eDQsZLt.exe
  C:\Windows\System\eDQsZLt.exe
  2⤵
  PID:6452
- C:\Windows\System\uICSANN.exe
  C:\Windows\System\uICSANN.exe
  2⤵
  PID:6488
- C:\Windows\System\HhnZzDH.exe
  C:\Windows\System\HhnZzDH.exe
  2⤵
  PID:6516
- C:\Windows\System\NZKaevn.exe
  C:\Windows\System\NZKaevn.exe
  2⤵
  PID:6544
- C:\Windows\System\biyxBKP.exe
  C:\Windows\System\biyxBKP.exe
  2⤵
  PID:6572
- C:\Windows\System\Dvfjiyk.exe
  C:\Windows\System\Dvfjiyk.exe
  2⤵
  PID:6592
- C:\Windows\System\PjKvieO.exe
  C:\Windows\System\PjKvieO.exe
  2⤵
  PID:6624
- C:\Windows\System\vtLIJOq.exe
  C:\Windows\System\vtLIJOq.exe
  2⤵
  PID:6652
- C:\Windows\System\kgNszqT.exe
  C:\Windows\System\kgNszqT.exe
  2⤵
  PID:6672
- C:\Windows\System\zssTWYw.exe
  C:\Windows\System\zssTWYw.exe
  2⤵
  PID:6712
- C:\Windows\System\RJiUefH.exe
  C:\Windows\System\RJiUefH.exe
  2⤵
  PID:6728
- C:\Windows\System\sYPrhxr.exe
  C:\Windows\System\sYPrhxr.exe
  2⤵
  PID:6768
- C:\Windows\System\LDVTzyD.exe
  C:\Windows\System\LDVTzyD.exe
  2⤵
  PID:6788
- C:\Windows\System\kHQgqzc.exe
  C:\Windows\System\kHQgqzc.exe
  2⤵
  PID:6812
- C:\Windows\System\ceHjRob.exe
  C:\Windows\System\ceHjRob.exe
  2⤵
  PID:6840
- C:\Windows\System\KYZDrCi.exe
  C:\Windows\System\KYZDrCi.exe
  2⤵
  PID:6868
- C:\Windows\System\CtJymwc.exe
  C:\Windows\System\CtJymwc.exe
  2⤵
  PID:6908
- C:\Windows\System\EUuJfkY.exe
  C:\Windows\System\EUuJfkY.exe
  2⤵
  PID:6936
- C:\Windows\System\KCUnzNU.exe
  C:\Windows\System\KCUnzNU.exe
  2⤵
  PID:6964
- C:\Windows\System\YXrLpTC.exe
  C:\Windows\System\YXrLpTC.exe
  2⤵
  PID:6992
- C:\Windows\System\TkSkflW.exe
  C:\Windows\System\TkSkflW.exe
  2⤵
  PID:7020
- C:\Windows\System\FCHvbbH.exe
  C:\Windows\System\FCHvbbH.exe
  2⤵
  PID:7044
- C:\Windows\System\OdgEwFf.exe
  C:\Windows\System\OdgEwFf.exe
  2⤵
  PID:7064
- C:\Windows\System\QhjrxyM.exe
  C:\Windows\System\QhjrxyM.exe
  2⤵
  PID:7092
- C:\Windows\System\HjomeBW.exe
  C:\Windows\System\HjomeBW.exe
  2⤵
  PID:7132
- C:\Windows\System\WpdgQDp.exe
  C:\Windows\System\WpdgQDp.exe
  2⤵
  PID:7160
- C:\Windows\System\urosdOa.exe
  C:\Windows\System\urosdOa.exe
  2⤵
  PID:6164
- C:\Windows\System\DgqZDeC.exe
  C:\Windows\System\DgqZDeC.exe
  2⤵
  PID:6220
- C:\Windows\System\LdFZVoz.exe
  C:\Windows\System\LdFZVoz.exe
  2⤵
  PID:6260
- C:\Windows\System\vlWVFID.exe
  C:\Windows\System\vlWVFID.exe
  2⤵
  PID:6380
- C:\Windows\System\dPZrWHi.exe
  C:\Windows\System\dPZrWHi.exe
  2⤵
  PID:6460
- C:\Windows\System\KcPkePj.exe
  C:\Windows\System\KcPkePj.exe
  2⤵
  PID:6508
- C:\Windows\System\tCRXsgj.exe
  C:\Windows\System\tCRXsgj.exe
  2⤵
  PID:2796
- C:\Windows\System\nWSyxUu.exe
  C:\Windows\System\nWSyxUu.exe
  2⤵
  PID:4664
- C:\Windows\System\krJtWRt.exe
  C:\Windows\System\krJtWRt.exe
  2⤵
  PID:6632
- C:\Windows\System\DCohUvk.exe
  C:\Windows\System\DCohUvk.exe
  2⤵
  PID:6708
- C:\Windows\System\SoPMqvu.exe
  C:\Windows\System\SoPMqvu.exe
  2⤵
  PID:6740
- C:\Windows\System\lmkbySM.exe
  C:\Windows\System\lmkbySM.exe
  2⤵
  PID:6824
- C:\Windows\System\MbcqNLk.exe
  C:\Windows\System\MbcqNLk.exe
  2⤵
  PID:6860
- C:\Windows\System\kJvYeaB.exe
  C:\Windows\System\kJvYeaB.exe
  2⤵
  PID:6904
- C:\Windows\System\AOfqjHx.exe
  C:\Windows\System\AOfqjHx.exe
  2⤵
  PID:6976
- C:\Windows\System\wmNEDbu.exe
  C:\Windows\System\wmNEDbu.exe
  2⤵
  PID:7108
- C:\Windows\System\LSULWzF.exe
  C:\Windows\System\LSULWzF.exe
  2⤵
  PID:7140
- C:\Windows\System\dKFawAT.exe
  C:\Windows\System\dKFawAT.exe
  2⤵
  PID:6196
- C:\Windows\System\uXczUpd.exe
  C:\Windows\System\uXczUpd.exe
  2⤵
  PID:6424
- C:\Windows\System\sGXuOQS.exe
  C:\Windows\System\sGXuOQS.exe
  2⤵
  PID:6528
- C:\Windows\System\oPpUWMj.exe
  C:\Windows\System\oPpUWMj.exe
  2⤵
  PID:6668
- C:\Windows\System\bXEagxa.exe
  C:\Windows\System\bXEagxa.exe
  2⤵
  PID:6784
- C:\Windows\System\oTPbmPV.exe
  C:\Windows\System\oTPbmPV.exe
  2⤵
  PID:6960
- C:\Windows\System\FfJjvAC.exe
  C:\Windows\System\FfJjvAC.exe
  2⤵
  PID:7148
- C:\Windows\System\pUgTspl.exe
  C:\Windows\System\pUgTspl.exe
  2⤵
  PID:6244
- C:\Windows\System\sIlNxrE.exe
  C:\Windows\System\sIlNxrE.exe
  2⤵
  PID:6720
- C:\Windows\System\JlunTwG.exe
  C:\Windows\System\JlunTwG.exe
  2⤵
  PID:7112
- C:\Windows\System\MujXLnw.exe
  C:\Windows\System\MujXLnw.exe
  2⤵
  PID:7036
- C:\Windows\System\HTAkgPB.exe
  C:\Windows\System\HTAkgPB.exe
  2⤵
  PID:7172
- C:\Windows\System\QdyNxDT.exe
  C:\Windows\System\QdyNxDT.exe
  2⤵
  PID:7208
- C:\Windows\System\LNgcGtw.exe
  C:\Windows\System\LNgcGtw.exe
  2⤵
  PID:7236
- C:\Windows\System\kDlnmhW.exe
  C:\Windows\System\kDlnmhW.exe
  2⤵
  PID:7264
- C:\Windows\System\VBfhaiy.exe
  C:\Windows\System\VBfhaiy.exe
  2⤵
  PID:7292
- C:\Windows\System\IYWVTGX.exe
  C:\Windows\System\IYWVTGX.exe
  2⤵
  PID:7320
- C:\Windows\System\AZyKrOM.exe
  C:\Windows\System\AZyKrOM.exe
  2⤵
  PID:7340
- C:\Windows\System\rOjWFmY.exe
  C:\Windows\System\rOjWFmY.exe
  2⤵
  PID:7380
- C:\Windows\System\jKyodsU.exe
  C:\Windows\System\jKyodsU.exe
  2⤵
  PID:7408
- C:\Windows\System\cnToMec.exe
  C:\Windows\System\cnToMec.exe
  2⤵
  PID:7436
- C:\Windows\System\okNughU.exe
  C:\Windows\System\okNughU.exe
  2⤵
  PID:7464
- C:\Windows\System\QktlWye.exe
  C:\Windows\System\QktlWye.exe
  2⤵
  PID:7492
- C:\Windows\System\gPZevPL.exe
  C:\Windows\System\gPZevPL.exe
  2⤵
  PID:7520
- C:\Windows\System\TGPJdtL.exe
  C:\Windows\System\TGPJdtL.exe
  2⤵
  PID:7544
- C:\Windows\System\xCHsGfv.exe
  C:\Windows\System\xCHsGfv.exe
  2⤵
  PID:7564
- C:\Windows\System\fzscpZH.exe
  C:\Windows\System\fzscpZH.exe
  2⤵
  PID:7592
- C:\Windows\System\haeqRqp.exe
  C:\Windows\System\haeqRqp.exe
  2⤵
  PID:7628
- C:\Windows\System\ueHXMqf.exe
  C:\Windows\System\ueHXMqf.exe
  2⤵
  PID:7644
- C:\Windows\System\mWSMMoI.exe
  C:\Windows\System\mWSMMoI.exe
  2⤵
  PID:7676
- C:\Windows\System\PduFmyK.exe
  C:\Windows\System\PduFmyK.exe
  2⤵
  PID:7696
- C:\Windows\System\hgWdDzr.exe
  C:\Windows\System\hgWdDzr.exe
  2⤵
  PID:7720
- C:\Windows\System\qvjVccz.exe
  C:\Windows\System\qvjVccz.exe
  2⤵
  PID:7748
- C:\Windows\System\hQjaxGj.exe
  C:\Windows\System\hQjaxGj.exe
  2⤵
  PID:7800
- C:\Windows\System\RdmhHQb.exe
  C:\Windows\System\RdmhHQb.exe
  2⤵
  PID:7820
- C:\Windows\System\oOkdaJe.exe
  C:\Windows\System\oOkdaJe.exe
  2⤵
  PID:7848
- C:\Windows\System\sJWLFOY.exe
  C:\Windows\System\sJWLFOY.exe
  2⤵
  PID:7872
- C:\Windows\System\zRJtjrX.exe
  C:\Windows\System\zRJtjrX.exe
  2⤵
  PID:7912
- C:\Windows\System\HOVnmmF.exe
  C:\Windows\System\HOVnmmF.exe
  2⤵
  PID:7940
- C:\Windows\System\LiLnpUR.exe
  C:\Windows\System\LiLnpUR.exe
  2⤵
  PID:7956
- C:\Windows\System\bbkIpvl.exe
  C:\Windows\System\bbkIpvl.exe
  2⤵
  PID:7996
- C:\Windows\System\JMGmkUi.exe
  C:\Windows\System\JMGmkUi.exe
  2⤵
  PID:8016
- C:\Windows\System\dtXtiMa.exe
  C:\Windows\System\dtXtiMa.exe
  2⤵
  PID:8048
- C:\Windows\System\zRCqzNF.exe
  C:\Windows\System\zRCqzNF.exe
  2⤵
  PID:8080
- C:\Windows\System\BcdkzgQ.exe
  C:\Windows\System\BcdkzgQ.exe
  2⤵
  PID:8100
- C:\Windows\System\aVSQIRo.exe
  C:\Windows\System\aVSQIRo.exe
  2⤵
  PID:8120
- C:\Windows\System\kYEripZ.exe
  C:\Windows\System\kYEripZ.exe
  2⤵
  PID:8180
- C:\Windows\System\iHnPaQx.exe
  C:\Windows\System\iHnPaQx.exe
  2⤵
  PID:7204
- C:\Windows\System\sdJbaFS.exe
  C:\Windows\System\sdJbaFS.exe
  2⤵
  PID:7256
- C:\Windows\System\qLzvkZg.exe
  C:\Windows\System\qLzvkZg.exe
  2⤵
  PID:7312
- C:\Windows\System\eXFTwjj.exe
  C:\Windows\System\eXFTwjj.exe
  2⤵
  PID:7392
- C:\Windows\System\PVvwSsP.exe
  C:\Windows\System\PVvwSsP.exe
  2⤵
  PID:7456
- C:\Windows\System\CguYHQO.exe
  C:\Windows\System\CguYHQO.exe
  2⤵
  PID:7516
- C:\Windows\System\VDftMCg.exe
  C:\Windows\System\VDftMCg.exe
  2⤵
  PID:7552
- C:\Windows\System\VzLWbHi.exe
  C:\Windows\System\VzLWbHi.exe
  2⤵
  PID:7660
- C:\Windows\System\NOODbus.exe
  C:\Windows\System\NOODbus.exe
  2⤵
  PID:7736
- C:\Windows\System\QzXQHeK.exe
  C:\Windows\System\QzXQHeK.exe
  2⤵
  PID:7708
- C:\Windows\System\SiYWiAL.exe
  C:\Windows\System\SiYWiAL.exe
  2⤵
  PID:7812
- C:\Windows\System\UWWUwyF.exe
  C:\Windows\System\UWWUwyF.exe
  2⤵
  PID:7924
- C:\Windows\System\azHnROz.exe
  C:\Windows\System\azHnROz.exe
  2⤵
  PID:7980
- C:\Windows\System\XHxRGMi.exe
  C:\Windows\System\XHxRGMi.exe
  2⤵
  PID:8064
- C:\Windows\System\AhAMabH.exe
  C:\Windows\System\AhAMabH.exe
  2⤵
  PID:8144
- C:\Windows\System\WtLFOsy.exe
  C:\Windows\System\WtLFOsy.exe
  2⤵
  PID:7188
- C:\Windows\System\VosHtuW.exe
  C:\Windows\System\VosHtuW.exe
  2⤵
  PID:7248
- C:\Windows\System\faBmlNc.exe
  C:\Windows\System\faBmlNc.exe
  2⤵
  PID:7356
- C:\Windows\System\zkYwKbQ.exe
  C:\Windows\System\zkYwKbQ.exe
  2⤵
  PID:7428
- C:\Windows\System\fWdMVAd.exe
  C:\Windows\System\fWdMVAd.exe
  2⤵
  PID:7712
- C:\Windows\System\jXnaTWM.exe
  C:\Windows\System\jXnaTWM.exe
  2⤵
  PID:7856
- C:\Windows\System\PLCheFY.exe
  C:\Windows\System\PLCheFY.exe
  2⤵
  PID:7948
- C:\Windows\System\EKlGmae.exe
  C:\Windows\System\EKlGmae.exe
  2⤵
  PID:8168
- C:\Windows\System\keiCMfH.exe
  C:\Windows\System\keiCMfH.exe
  2⤵
  PID:6484
- C:\Windows\System\mcdteGp.exe
  C:\Windows\System\mcdteGp.exe
  2⤵
  PID:7580
- C:\Windows\System\lInqxTO.exe
  C:\Windows\System\lInqxTO.exe
  2⤵
  PID:7528
- C:\Windows\System\ZQOMvkr.exe
  C:\Windows\System\ZQOMvkr.exe
  2⤵
  PID:8116
- C:\Windows\System\LMUVLAl.exe
  C:\Windows\System\LMUVLAl.exe
  2⤵
  PID:8220
- C:\Windows\System\ChtAkGX.exe
  C:\Windows\System\ChtAkGX.exe
  2⤵
  PID:8264
- C:\Windows\System\RKqAPKj.exe
  C:\Windows\System\RKqAPKj.exe
  2⤵
  PID:8280
- C:\Windows\System\odWcOQr.exe
  C:\Windows\System\odWcOQr.exe
  2⤵
  PID:8296
- C:\Windows\System\DFgIWXX.exe
  C:\Windows\System\DFgIWXX.exe
  2⤵
  PID:8320
- C:\Windows\System\TbKjVMH.exe
  C:\Windows\System\TbKjVMH.exe
  2⤵
  PID:8340
- C:\Windows\System\qWVJbcf.exe
  C:\Windows\System\qWVJbcf.exe
  2⤵
  PID:8376
- C:\Windows\System\STimTAk.exe
  C:\Windows\System\STimTAk.exe
  2⤵
  PID:8444
- C:\Windows\System\XFZPyco.exe
  C:\Windows\System\XFZPyco.exe
  2⤵
  PID:8472
- C:\Windows\System\ovCFlZr.exe
  C:\Windows\System\ovCFlZr.exe
  2⤵
  PID:8500
- C:\Windows\System\CRFPoGR.exe
  C:\Windows\System\CRFPoGR.exe
  2⤵
  PID:8516
- C:\Windows\System\TPIgsvT.exe
  C:\Windows\System\TPIgsvT.exe
  2⤵
  PID:8548
- C:\Windows\System\ySZBtDW.exe
  C:\Windows\System\ySZBtDW.exe
  2⤵
  PID:8572
- C:\Windows\System\wDcIxRW.exe
  C:\Windows\System\wDcIxRW.exe
  2⤵
  PID:8600
- C:\Windows\System\DPvRIpe.exe
  C:\Windows\System\DPvRIpe.exe
  2⤵
  PID:8616
- C:\Windows\System\KOsqlWy.exe
  C:\Windows\System\KOsqlWy.exe
  2⤵
  PID:8644
- C:\Windows\System\YfLBvqy.exe
  C:\Windows\System\YfLBvqy.exe
  2⤵
  PID:8672
- C:\Windows\System\oXwZzrN.exe
  C:\Windows\System\oXwZzrN.exe
  2⤵
  PID:8700
- C:\Windows\System\jjXBsxk.exe
  C:\Windows\System\jjXBsxk.exe
  2⤵
  PID:8736
- C:\Windows\System\mjmlsDK.exe
  C:\Windows\System\mjmlsDK.exe
  2⤵
  PID:8768
- C:\Windows\System\mvhNbuK.exe
  C:\Windows\System\mvhNbuK.exe
  2⤵
  PID:8800
- C:\Windows\System\tRzcQSJ.exe
  C:\Windows\System\tRzcQSJ.exe
  2⤵
  PID:8828
- C:\Windows\System\RNGMDUk.exe
  C:\Windows\System\RNGMDUk.exe
  2⤵
  PID:8860
- C:\Windows\System\OxxkUyV.exe
  C:\Windows\System\OxxkUyV.exe
  2⤵
  PID:8876
- C:\Windows\System\tmvlXCG.exe
  C:\Windows\System\tmvlXCG.exe
  2⤵
  PID:8916
- C:\Windows\System\qWYzfPW.exe
  C:\Windows\System\qWYzfPW.exe
  2⤵
  PID:8940
- C:\Windows\System\JcElZFg.exe
  C:\Windows\System\JcElZFg.exe
  2⤵
  PID:8980
- C:\Windows\System\HrwVvjy.exe
  C:\Windows\System\HrwVvjy.exe
  2⤵
  PID:9000
- C:\Windows\System\udBzTqW.exe
  C:\Windows\System\udBzTqW.exe
  2⤵
  PID:9040
- C:\Windows\System\kjelgfN.exe
  C:\Windows\System\kjelgfN.exe
  2⤵
  PID:9060
- C:\Windows\System\jrsspTR.exe
  C:\Windows\System\jrsspTR.exe
  2⤵
  PID:9088
- C:\Windows\System\SteGEnN.exe
  C:\Windows\System\SteGEnN.exe
  2⤵
  PID:9112
- C:\Windows\System\HnyDRSi.exe
  C:\Windows\System\HnyDRSi.exe
  2⤵
  PID:9152
- C:\Windows\System\qpKVRuI.exe
  C:\Windows\System\qpKVRuI.exe
  2⤵
  PID:9180
- C:\Windows\System\WxIHOVk.exe
  C:\Windows\System\WxIHOVk.exe
  2⤵
  PID:9208
- C:\Windows\System\ENXXjqD.exe
  C:\Windows\System\ENXXjqD.exe
  2⤵
  PID:7420
- C:\Windows\System\RxjXqKP.exe
  C:\Windows\System\RxjXqKP.exe
  2⤵
  PID:8216
- C:\Windows\System\yYfxkeH.exe
  C:\Windows\System\yYfxkeH.exe
  2⤵
  PID:8288
- C:\Windows\System\mVSiQWa.exe
  C:\Windows\System\mVSiQWa.exe
  2⤵
  PID:8316
- C:\Windows\System\ItmUgwD.exe
  C:\Windows\System\ItmUgwD.exe
  2⤵
  PID:8368
- C:\Windows\System\Dcbxqok.exe
  C:\Windows\System\Dcbxqok.exe
  2⤵
  PID:8484
- C:\Windows\System\rplBNhI.exe
  C:\Windows\System\rplBNhI.exe
  2⤵
  PID:8584
- C:\Windows\System\OcZmmgA.exe
  C:\Windows\System\OcZmmgA.exe
  2⤵
  PID:8612
- C:\Windows\System\PWUvPdt.exe
  C:\Windows\System\PWUvPdt.exe
  2⤵
  PID:8660
- C:\Windows\System\PChjoRh.exe
  C:\Windows\System\PChjoRh.exe
  2⤵
  PID:8756
- C:\Windows\System\BukjCWW.exe
  C:\Windows\System\BukjCWW.exe
  2⤵
  PID:8780
- C:\Windows\System\LzooSeU.exe
  C:\Windows\System\LzooSeU.exe
  2⤵
  PID:8888
- C:\Windows\System\RdRyQvY.exe
  C:\Windows\System\RdRyQvY.exe
  2⤵
  PID:8936
- C:\Windows\System\IlTtmDj.exe
  C:\Windows\System\IlTtmDj.exe
  2⤵
  PID:9016
- C:\Windows\System\PugvKBX.exe
  C:\Windows\System\PugvKBX.exe
  2⤵
  PID:9056
- C:\Windows\System\QRccLEC.exe
  C:\Windows\System\QRccLEC.exe
  2⤵
  PID:9100
- C:\Windows\System\QMHXwQF.exe
  C:\Windows\System\QMHXwQF.exe
  2⤵
  PID:9200
- C:\Windows\System\jKGwmcU.exe
  C:\Windows\System\jKGwmcU.exe
  2⤵
  PID:8256
- C:\Windows\System\LHJxyll.exe
  C:\Windows\System\LHJxyll.exe
  2⤵
  PID:8352
- C:\Windows\System\XyjaFIB.exe
  C:\Windows\System\XyjaFIB.exe
  2⤵
  PID:8460
- C:\Windows\System\gCdqKdi.exe
  C:\Windows\System\gCdqKdi.exe
  2⤵
  PID:8588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1284,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:8
1⤵
PID:9084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ALMLxwv.exe

Filesize
1.8MB

MD5
20e11d58bddfcd3a784fe75ad9240962

SHA1
052b0a2cf2ef5dfdc2bbc0a5385633d419e73487

SHA256
b1ffb2ae43883e95811687d4631878cb44fa36f402f74df53243554a741dc61e

SHA512
e5a46b860e4a43c3c9ec6aec16761d7b1215cbace9461c7b1b70724337c3ddb247b1923af73669b3eb2ae9227fd61850fefeb617d384f1c6ac564c52eb7ae981

Download Submit
C:\Windows\System\AhMHxzg.exe

Filesize
1.8MB

MD5
136cc8311698e55aed9e2a7cb547d239

SHA1
4a4557fdd6114c01bdc2bf8687951234ec7d2b4e

SHA256
267ec3d9fa694780aa262d1eb4258f2b025aa5e3f4a5f75ccb24f380cb0c9c57

SHA512
0ac44f75dc3075fb10d6ffff4f6c624ef29f5b896f1758ad4d1cf065f7259371e38e7ecf0410cbda3547de05196b4aa04cc62714d0ce1fad3c6ebedbf5d001e9

Download Submit
C:\Windows\System\DBdkHeN.exe

Filesize
1.8MB

MD5
121143ec8e3bd2d2055d0abbaf2f1dcc

SHA1
6457ec44a71902cd102870cb439fde60d632a78d

SHA256
8815c2cc1c5b88b186e82c6216f39fc4c03d9752c3845914178d844780d103bf

SHA512
ecd48e560a346dda53fa9d08b7cacbc54649a9c6dd94a43e9480623c106e3da6cbb53ba825c348bcff70a20544e12771a7a01fcb8cf781425f795b810b93a1d9

Download Submit
C:\Windows\System\FOWOLIp.exe

Filesize
1.8MB

MD5
50c17c2bf5fc9d4057d1decde3aac71b

SHA1
d28f87352e42c31e11252aa8d430387d4b4720da

SHA256
1be9229c85de74210a16eb8d540e047a43ef33f42e75929826335adbb4132d48

SHA512
14ea05de2fdaff049a7aca7e71938c0361fc473214520466df544fcb0b33dcc7a0843a680d84b9527b979a80deadca5d2790aa5c10813f2bd48ce30254f47cea

Download Submit
C:\Windows\System\GbnFjCa.exe

Filesize
1.8MB

MD5
957fc6359f7115a7a56ce8897485dc2c

SHA1
0e5e044981f97b55d67bc26b599c5429a4af8198

SHA256
8b39ad15049099c8caf206d721e7a317405b04be999e7c35790a7cbaf4667b69

SHA512
75cf04969cae634b23b74f7487da8ba48e11b212f52445520cb4e1129cf51dc96c4d82903665337adcb102d4723dded86a1c6c6be9ef0ac49439570318b7d352

Download Submit
C:\Windows\System\JujraVV.exe

Filesize
1.8MB

MD5
e27e1f2af296bfa03316a8d9cdcf5990

SHA1
04114c2e6a9bc0b69d80c4ffdc7381d075db9c0d

SHA256
f322b57a85ef4b3ce05e4afe10ce9c5f72f381e367c39199d5a81a7d690b0366

SHA512
b85da5fa500f3a07ce0a15e3a36d90ab6198513ac8f514f7930691a728dfa19f4de81da5b60881b852d3a7c3d7e9be404ba3c9f37a461be44444b68703b40f6c

Download Submit
C:\Windows\System\KnbjKuL.exe

Filesize
1.8MB

MD5
5ad4bbb1da7ea9a2e901c7e4832b6fde

SHA1
7cf41eec7025ef07ef1a97aeddf5b05a95e07c43

SHA256
6207269086a9a1dc14c00b660f6923ed45fc3d9fd90feb52fca5ca1496ea3c03

SHA512
0411673bb6851262063b5562ded0aebd4362df2848a1dbec2d69d70859b14e65bf527d911bf7ae0eb9c5cb8f449d39348c1752b8705e1bfde5da3477f70f7852

Download Submit
C:\Windows\System\NAfELLD.exe

Filesize
1.8MB

MD5
e49680802ffd2d310c180c628a933c67

SHA1
8b8f590b09e15478412cbe78eceac6dcbd0fc3c6

SHA256
8b6f0ad0cd72f80207f08fca232052e71850ab1c54c56bf588bf9bfa63b01c01

SHA512
26cf7be5348457f12d5097c0642bb579c2db088e7876e09bcab8b59faf551fc32d99513b7012e2e59009f905e87986f45fa1543b61e5d2560fc528ece4a7c4f8

Download Submit
C:\Windows\System\QRGBCYm.exe

Filesize
1.8MB

MD5
31848dc890fbbbc8cb33e2d5116497f3

SHA1
04f3ae9eb52a046fff8f113ec0c26461174a1f72

SHA256
adadc3acf403498b2014adf4de4277e5f6b053b660cdcee259bebeadcc135dbf

SHA512
a2e2f509ee4537dc0f9661fa5c731a5e3f543bbd60d85bb1990a75283d3f3809e580d85e7a35dfeccab4d976ffb3f82e4fd114da1c7ba489b2b537daf0b777d5

Download Submit
C:\Windows\System\RABHlLO.exe

Filesize
1.8MB

MD5
352010eddfc979a7cc8acf422443a047

SHA1
ae2e19fce65e09a58e259164af781832a7b6f267

SHA256
c1cbe4934dc7f2507def59ae5af6379c9ac7b5288ff965517be3b4c28b91efba

SHA512
4f4b9990f6e555888750f9c0135fc32d67c9dd47246cb9de3a8350154508e08ad2602eea724839cc050e82b22f8e81d5e2115f12a1d45c290526497a5c974273

Download Submit
C:\Windows\System\RHPGLWr.exe

Filesize
1.8MB

MD5
fa69bc6cbbda11e1a5b351589840039e

SHA1
2b6624f0607a6cee507c91eb427c18f20d232ef2

SHA256
a118e9e8684bc1287f6008accf2f6d3ab1272ce61c920f22cc869778b7adba60

SHA512
39c10775cdbbc63174b600e294eb03866ab53611617026b4a4479c1d525bbc1d500b2d2661cab7de62d4a0d4ef20f78dcfc7c5e2c9b275748fe9a4b017fafb38

Download Submit
C:\Windows\System\SwtFrGL.exe

Filesize
1.8MB

MD5
b4235e9d4b43ff46f8ab8389ed1c5c22

SHA1
4a77433d001f38718b5f999a1b6f6cbf4ab5a96f

SHA256
f7129e3e01ab7888e83bc48fcf8a712ff2d7cfbb9116f9a21d3b5811da6c3002

SHA512
19747f0543ea508933a9cb9e3a0ea8f531e06949dceb41b5c49b94902012c43e29deedd1f2e5255e1d8342c03294d26df0f809202acee9563b7c65782ec09c30

Download Submit
C:\Windows\System\WAcnsit.exe

Filesize
1.8MB

MD5
4c2e38efc2e4d856d8001a4f74221a9f

SHA1
c7bac7f2132ce4bc7dee87fe243ea6742db87749

SHA256
b3a16096a3484199ff658a2ee32264fb2a4c3ac2edcace7a3ba993fe62b5a6e4

SHA512
3202d63c120d4aa2030ffbacf9542fd3dc2925d2b5c6986abef130102203ddfcd691ee0a4c12ce361c799dccc84f653bca9ecb06d3a2ee9a82db695c593a94db

Download Submit
C:\Windows\System\WSbgahR.exe

Filesize
1.8MB

MD5
7a79f989385ad34305320154d6f4bed7

SHA1
95f63522ff8ad494509526e35db49f74bf2a0864

SHA256
a2c7b1aaf740868c61c406a79ae9fd39396bee7942ae5bed40dfa1de1ca0e6d6

SHA512
503208fbc01ea2060c13b12b1bab78249bf98f95c52f93adec7279dfaadfb055b1281f1d235a8f075be683ed6aaf42e9e12fd7578b04b94dd96682e8d40976a2

Download Submit
C:\Windows\System\YjyZouE.exe

Filesize
1.8MB

MD5
3d194e7af38b18bb5e0b355ac0b21c58

SHA1
260f4d786c9ae7d3759f3fc57185947920291df7

SHA256
897d4763c9dc392a085a4fb2ea23e485576577a54c2853a19790e90143f68dc7

SHA512
060b1d0089f75608117a38e25552a76c019d741d3c8e251074e3e2f383045ae461774762275a78ec0da5ed27b50a0ef506a53c485347e90dc93eb222f0fbc3a6

Download Submit
C:\Windows\System\YkwkswT.exe

Filesize
1.8MB

MD5
7c51bd69886340d40b1cad458ad81592

SHA1
c1dca91f5add21f418fed3db305cdad0704d2627

SHA256
3f0b7ab43421ca16cc4f48c3f5880ee97d9e55022369ae2ccaffc19041a8ba59

SHA512
d1dc09ecdb468c712ab6dc4dfc72e1b7902e26557ef2802566e45e58ec6006dd26ae1777f50c49f747121190cb8d25c9bb0bd8036fcf17ee4f37d9f28158bf98

Download Submit
C:\Windows\System\ZFsehQD.exe

Filesize
1.8MB

MD5
72a36604617b1e18ba2f794a2687e170

SHA1
d93df8bf881734937c033f3a20083543f55e56be

SHA256
0df13f65fc0775a5fd2cc7c511c635e392059c964d719cff2fb4a3dd81bcf481

SHA512
ea060d3dda67040437671e48fb5ff2367d9ad7517128f4c6830a212ba6bb98a6951dc9dbd7d015c09bb1906e9e5bcb378d686b0c8538808eaf4fc2cb29a9e876

Download Submit
C:\Windows\System\adDpyEw.exe

Filesize
1.8MB

MD5
45752375d6d440a5a173cb64d7467598

SHA1
3388fd3ffa78660feec706406bed30b1fe519b90

SHA256
9067e5e41782b718929055fed89b4a02e6fe7c349d47c0d8b037d12186bb9383

SHA512
f0c740f15637b3500eedc3f2903760d7a3f527514b8c2cf79b9ecef0257f131896d4c584ec06c13e308701fda103362012f003b6080c65901a00ca6f2768216e

Download Submit
C:\Windows\System\cYlFgak.exe

Filesize
1.8MB

MD5
6a7d7377a5d3776362b0d55574b21bc5

SHA1
df016d21bd5075f9521dd242a9343e35a8e9fbb8

SHA256
4a0eb2fb962d100d52b72a63146d4839f51931c79e5e4807db05b40294097580

SHA512
9fed9fa49c3af72390065ceb8c61dc5e8ee1e707039cfa90ae1b77e91e266e2efdbda0a3494cf08ceac717411a0fae47bb945c1dfb0134351de4388b76c390bd

Download Submit
C:\Windows\System\edsASGU.exe

Filesize
1.8MB

MD5
fd518245023f6809f8501e0faf24a088

SHA1
137190baefa358ea73fa76e72cff17923c5a639d

SHA256
d4b0485f573547e9e061e56e8153802eb35f8a888508fa57805ca2c81f8817de

SHA512
bbaca8f0966fb76de8c7e10d77ab95eadfb0243dc8c65049202a8af53376daeba2f1bb0eb00125088c7219af19c96caaeb29ab8b61725953e651f2dbbca69b1e

Download Submit
C:\Windows\System\hHpjMUE.exe

Filesize
1.8MB

MD5
e5346c34787e573a114925fe69e62683

SHA1
902cda6fcf7cd6dd97e9aad8b80782709bc18677

SHA256
e54476464865f93e6918f007eb8f253a2d1ac8b789f1f700f63a885b1574220f

SHA512
4381c3199a7e05d1e173529c764398b255552b84776f2e14d1b77a57cd40b22cc2841b0c3814e027679024df956337ccae37e569de95eb2b19a55402feb0bd15

Download Submit
C:\Windows\System\ijIPiUg.exe

Filesize
1.8MB

MD5
c9fb8071b81ddfa1ed18311fe6b41757

SHA1
057aae74aecc017861982ed050485dad1c2119b4

SHA256
66d898a6610a8f320ef78a73ed29964261b4070da4cec1770fd524b5f185d3dc

SHA512
a1e907729396dee33b5241962275b289b302c02b0489f0dbb6e5cc0b4ba104ed90bf5df082be2232e89fcaedc2fccd174f7ff426c571f3c3567ce5f15c070f46

Download Submit
C:\Windows\System\kYkrjSS.exe

Filesize
1.8MB

MD5
3b624d93f770621e5d26816bf836cfd1

SHA1
271364db268b37dd1c9e07046842738d47d5b2cd

SHA256
5262e138e11eed3f3c24434aa85ed793a7b02eceb26fdb8874e5d47d62dc477e

SHA512
0525bf384c94b5473f6a53e7c155506b9587d542433d8765a3b113b9d98e045979305a7fcf33f50c6c1f8faa537d0eb8ad015c3f8bf7d6a2b121f1ae8934707f

Download Submit
C:\Windows\System\lDSLcwK.exe

Filesize
1.8MB

MD5
fdbaab1b722ab1488336457e83844e87

SHA1
b8814e053a844bf7f0cefcb0a8c36a86194968a7

SHA256
ca8c1041afadcb5c9822e747073a3ebc4c55c46487a18b2587898e141d569745

SHA512
78edc53faefe460befd42e99db2e55451edb456e087c602b4b154cea73d999e075cdb8799f69afe02eab68d9ce350deb7a3c2060d47e03015327c8359a72eeff

Download Submit
C:\Windows\System\lGWOryS.exe

Filesize
1.8MB

MD5
7ad85ba526a8aa811aa345359bad826c

SHA1
c703d805b9cfa54170f08714a4a20bdda13dd55c

SHA256
1766fd25aeb3c3b21914b2bbe520cdbe09fd649e844dd63f42eb83e42674f247

SHA512
b6da459bc08752fb8e758cabdf3aaf967cdd8767e81b869487c7ff04addd43603996c282f0c9a829352844a6ee9df46ac2fe671914488156ee26f9257256ab13

Download Submit
C:\Windows\System\qeArtjf.exe

Filesize
1.8MB

MD5
378e55c7f13726c3432b13fd3cd83298

SHA1
923da9546b0eee555cf7a4050a3266f863a99fd1

SHA256
28923bf611cc4fbfe7826d467b4e0365a467bb2807af4737f9d2bd4f2db224f4

SHA512
e653b1d90109e9b888a1ce8b8e3729f0f0b006abc1c04d9859e1cb6d41d579562aaf10a5658de9e52aa65f87071c0112f22ed76b395e623c331fbf3404a18fec

Download Submit
C:\Windows\System\tBVhDBj.exe

Filesize
1.8MB

MD5
4afc9190a00e3845983bb5f9d6d0500d

SHA1
b5e148e23d7126222ad1795e2ecab5e1f6614f5c

SHA256
2006aad6751f1a06139fad76f8bc3c04ff6efae61850407b388bc688a049606d

SHA512
a6f21462ac07f1beb7d0227150ea5ee43d4c6f6ce07a52aba094746553ae12f48f3cae4bf7b166067359474c1366afc6e37a83ee521f4e924c548fc3a3a4cbc1

Download Submit
C:\Windows\System\wdukdjL.exe

Filesize
1.8MB

MD5
8bbee5ba24a412cb47b79b1dbf956fe0

SHA1
8301eb767c602f7d8366cb3d3d97ff7f60ed3cec

SHA256
6c5381cc68bc690d6e08a4563c0795b3a9261190d57098506cf97fbf12920ca6

SHA512
b90f48f3bdb5b39beafa95d4975839560fd0fc46fc26b8aaf33714563a358a96ca625e2a63338292f5a8c97c07dc91b8fa11e3ac58b5b81dbee243d5994a798e

Download Submit
C:\Windows\System\wfCTTjr.exe

Filesize
1.8MB

MD5
16e4d567ab93ec66a4ddac11384cd15c

SHA1
480ec33c3c740e7d0762c211a86ba37368670803

SHA256
748a1050bfe782e27c9df83b92d811bb49e7bf2ce1e1a742ce6db5ef8b6115f7

SHA512
f1a071af0bcda29c9c4290f00e644964bd2f99bd1a3dd3075bd1fcba3b24300f014abe247a6221e8a7e670947bf37dcb388a90ab0ef8e8b2560c88a5ce964174

Download Submit
C:\Windows\System\wqGPwuS.exe

Filesize
1.8MB

MD5
01136d079794b9ecb4181000cfe47e45

SHA1
dcd40c9349a041c66df44a676c74a56244fff3d9

SHA256
0bfaa4eccd9e21858a3c347e1944beb166743b417653cdd387ed1241b1ea4e33

SHA512
d68a453236f434fc844b2ddba814d71362ddc95a2fdec0987f14d163eadd45940f4db7873397ef507b59918f69fadd11a091f1bc78537386f200e678ab60c005

Download Submit
C:\Windows\System\wzDPFTS.exe

Filesize
1.8MB

MD5
f1d5b17e22f940d648975a587f9bc485

SHA1
ff8af91956fae30eb0b9171e61d7dda12e50c608

SHA256
fc69c9fa7e0fa70d3df62581f534056661e4e9c0c155c9271b79e9d0594accb4

SHA512
481509124fe0a5957c2852ee04b0e70a5dfadde5bc6c98c84e725a0f9f4f946af664d5edbc517e1cebc037fec57e2ef889a67e22d17d2e00f98682f60612e50c

Download Submit
C:\Windows\System\yOyjNJM.exe

Filesize
1.8MB

MD5
99e3fed5887050c0842b41c87c16caae

SHA1
b1be4f2413b5672b2e3d162e6d30dd8e934f3ea4

SHA256
5b0d02964ac63bfc54379d49a805d20c9879408262bd492e1141284e277ad251

SHA512
e9a1988ccd8a86da39d36299435ff3b2f29413aff74df9beb9ec5e53bbf302c5bb4a80a1f392a02f63ece6b8634c8a58e86f75f309b7a29547d48669ff0e2ccf

Download Submit
C:\Windows\System\yxOgkBk.exe

Filesize
1.8MB

MD5
91bcf6dc49468bd409101245272b8afb

SHA1
39be8f9634089a3af081339c2aad0087b9776151

SHA256
b5c607ec09c85250a683d6b1abeaa8b3bd643b82facc99715fad634894da828c

SHA512
d4b3a5ae50e071fa93bc9d1d7377d3f6ce5fb34c605f38d40b0fa6f7b8f18cd7708593065663068625ae23105733ba0eb2fa3d36451a8eed3e511568687740be

Download Submit
memory/4436-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download