kpot | 28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2025, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
Size

2.0MB
MD5

4201c1980cdb75c6c827097bc6d833f9
SHA1

d33721ca841a0b59a666a21e61d3b49357b8211b
SHA256

28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08
SHA512

f2731d2646f279e9e4ed3f4112a4303fde6efdbaab1c2dff8546d8c61d174ac5054ffba6787c1903dcf1a1a68031bb39bfc059411782a58a2a027897bb510ef1
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FattzdRjoeR:GemTLkNdfE0pZaQB

Score

10^/10

kpot xmrig discovery miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000c000000023cfc-3.dat	family_kpot
behavioral2/files/0x0008000000023dee-8.dat	family_kpot
behavioral2/files/0x0007000000023def-9.dat	family_kpot
behavioral2/files/0x0007000000023df0-19.dat	family_kpot
behavioral2/files/0x0007000000023df1-25.dat	family_kpot
behavioral2/files/0x0007000000023df2-30.dat	family_kpot
behavioral2/files/0x0009000000023de9-36.dat	family_kpot
behavioral2/files/0x0007000000023df3-38.dat	family_kpot
behavioral2/files/0x0007000000023df4-44.dat	family_kpot
behavioral2/files/0x0007000000023df5-48.dat	family_kpot
behavioral2/files/0x0007000000023df6-54.dat	family_kpot
behavioral2/files/0x0007000000023df7-58.dat	family_kpot
behavioral2/files/0x0007000000023df9-66.dat	family_kpot
behavioral2/files/0x0007000000023dfa-70.dat	family_kpot
behavioral2/files/0x0007000000023df8-67.dat	family_kpot
behavioral2/files/0x0007000000023dfe-95.dat	family_kpot
behavioral2/files/0x0007000000023dfc-105.dat	family_kpot
behavioral2/files/0x0007000000023dff-113.dat	family_kpot
behavioral2/files/0x0007000000023e03-125.dat	family_kpot
behavioral2/files/0x0007000000023e04-129.dat	family_kpot
behavioral2/files/0x0007000000023e05-127.dat	family_kpot
behavioral2/files/0x0007000000023e02-121.dat	family_kpot
behavioral2/files/0x0007000000023e01-119.dat	family_kpot
behavioral2/files/0x0007000000023dfd-115.dat	family_kpot
behavioral2/files/0x0007000000023e00-107.dat	family_kpot
behavioral2/files/0x0007000000023dfb-92.dat	family_kpot
behavioral2/files/0x0007000000023e06-134.dat	family_kpot
behavioral2/files/0x0007000000023e07-139.dat	family_kpot
behavioral2/files/0x0007000000023e08-143.dat	family_kpot
behavioral2/files/0x0007000000023e09-149.dat	family_kpot
behavioral2/files/0x0007000000023e0a-155.dat	family_kpot
behavioral2/files/0x0008000000023e0b-159.dat	family_kpot

Kpot family
kpot
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000c000000023cfc-3.dat	xmrig
behavioral2/files/0x0008000000023dee-8.dat	xmrig
behavioral2/files/0x0007000000023def-9.dat	xmrig
behavioral2/files/0x0007000000023df0-19.dat	xmrig
behavioral2/files/0x0007000000023df1-25.dat	xmrig
behavioral2/files/0x0007000000023df2-30.dat	xmrig
behavioral2/files/0x0009000000023de9-36.dat	xmrig
behavioral2/files/0x0007000000023df3-38.dat	xmrig
behavioral2/files/0x0007000000023df4-44.dat	xmrig
behavioral2/files/0x0007000000023df5-48.dat	xmrig
behavioral2/files/0x0007000000023df6-54.dat	xmrig
behavioral2/files/0x0007000000023df7-58.dat	xmrig
behavioral2/files/0x0007000000023df9-66.dat	xmrig
behavioral2/files/0x0007000000023dfa-70.dat	xmrig
behavioral2/files/0x0007000000023df8-67.dat	xmrig
behavioral2/files/0x0007000000023dfe-95.dat	xmrig
behavioral2/files/0x0007000000023dfc-105.dat	xmrig
behavioral2/files/0x0007000000023dff-113.dat	xmrig
behavioral2/files/0x0007000000023e03-125.dat	xmrig
behavioral2/files/0x0007000000023e04-129.dat	xmrig
behavioral2/files/0x0007000000023e05-127.dat	xmrig
behavioral2/files/0x0007000000023e02-121.dat	xmrig
behavioral2/files/0x0007000000023e01-119.dat	xmrig
behavioral2/files/0x0007000000023dfd-115.dat	xmrig
behavioral2/files/0x0007000000023e00-107.dat	xmrig
behavioral2/files/0x0007000000023dfb-92.dat	xmrig
behavioral2/files/0x0007000000023e06-134.dat	xmrig
behavioral2/files/0x0007000000023e07-139.dat	xmrig
behavioral2/files/0x0007000000023e08-143.dat	xmrig
behavioral2/files/0x0007000000023e09-149.dat	xmrig
behavioral2/files/0x0007000000023e0a-155.dat	xmrig
behavioral2/files/0x0008000000023e0b-159.dat	xmrig

Downloads MZ/PE file 1 IoCs

flow	pid	Process
44	8852	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
2744	Zupulao.exe
2524	WXyAAID.exe
3928	tBqIcyo.exe
4944	YomPBex.exe
556	wlWLRJz.exe
2788	kgLHcSm.exe
2684	LPoYcdp.exe
2300	UDyveDh.exe
2308	ArQdGGj.exe
3500	SSbOzdl.exe
2184	vdbHZcg.exe
3692	cBYcFFx.exe
1136	reYbxfH.exe
1200	VhmlzKv.exe
4828	dNkcafb.exe
4484	ruRBWgM.exe
3664	GDaXNEh.exe
5104	mfkfnpk.exe
4792	fLhHLJq.exe
2168	qCguwTZ.exe
1312	ChKFDwQ.exe
2068	aRpRpYA.exe
840	zolTtnJ.exe
3900	bdkukKA.exe
3144	bjZHTBE.exe
1528	IAljbLu.exe
2812	JwRbRFF.exe
3680	FCUpUic.exe
3252	XadbvIB.exe
1948	mawsYjJ.exe
1820	DmfEMjY.exe
2544	OsiWptV.exe
3452	VwtTPRd.exe
4768	kTyYRAE.exe
668	StNfQJi.exe
1032	JgMOYnG.exe
4164	WpxQzuu.exe
3636	PGoUnFM.exe
3712	sriCidZ.exe
4344	TYYJMpt.exe
1656	bmgFWnw.exe
2420	EiytOIV.exe
1956	wOBtphB.exe
640	SEUWWBS.exe
736	ekeLyNS.exe
1724	FYeSybQ.exe
3460	wPRhwvd.exe
2824	gjrcSdM.exe
2204	irlWAkr.exe
2936	CJNNlit.exe
2940	iFlEthQ.exe
3540	spOrZWM.exe
3632	mRHcsSA.exe
4496	lxMAaUr.exe
2996	LHUHrcA.exe
3652	OHnKnsn.exe
2320	IKprQTr.exe
4972	CHCKTVJ.exe
5080	lyLDxpe.exe
2460	iHEGpCR.exe
3580	UFkqlbP.exe
772	VLQWixw.exe
4588	yLbpbUG.exe
1220	JCCjVqu.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Zupulao.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\ruRBWgM.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\xykUAkT.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\aWfCxcz.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\TzOemvw.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\BnXUrZT.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\yvuJAEj.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\GOHCxaM.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\fFzzQjf.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\jnrfovA.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\YHvBFMp.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\pAKrbTv.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\xOUJhmd.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\cBYcFFx.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\XadbvIB.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\OsiWptV.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\foOPIDm.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\faAVcja.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\SRcqaWx.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\DKOtQVI.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\JgMOYnG.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\VAJfTnV.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\Lqjcbzb.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\TbKpDDg.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\TiLGusK.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\GPTedyC.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\StNfQJi.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\JCCjVqu.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\ebIKyya.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\LJBdLZu.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\itceATX.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\vqarRkI.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\OxShyML.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\WXyAAID.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\CJNNlit.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\yLbpbUG.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\ZMxpRUa.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\lVqkUSO.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\lxShCpz.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\jQowRJU.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\KGVvNEh.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\ysHIUmN.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\gvbVUjl.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\RDXxFek.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\DmfEMjY.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\cIdlwlH.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\FXIkeOK.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\DGBxOXT.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\XPPfynV.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\iBBRigj.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\kgLHcSm.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\FCUpUic.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\wlWlqjx.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\MLbXTAT.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\NywbZIY.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\EkaPnpw.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\MyCtVAL.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\xifNLen.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\CdlytbN.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\WBgQmcf.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\lxMAaUr.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\OHnKnsn.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\iHEGpCR.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
File created	C:\Windows\System\wVknWGz.exe	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
7480	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
Token: SeLockMemoryPrivilege	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 2744	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	87
PID 4464 wrote to memory of 2744	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	87
PID 4464 wrote to memory of 2524	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	88
PID 4464 wrote to memory of 2524	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	88
PID 4464 wrote to memory of 3928	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	89
PID 4464 wrote to memory of 3928	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	89
PID 4464 wrote to memory of 4944	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	90
PID 4464 wrote to memory of 4944	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	90
PID 4464 wrote to memory of 556	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	91
PID 4464 wrote to memory of 556	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	91
PID 4464 wrote to memory of 2788	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	95
PID 4464 wrote to memory of 2788	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	95
PID 4464 wrote to memory of 2684	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	96
PID 4464 wrote to memory of 2684	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	96
PID 4464 wrote to memory of 2300	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	97
PID 4464 wrote to memory of 2300	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	97
PID 4464 wrote to memory of 2308	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	98
PID 4464 wrote to memory of 2308	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	98
PID 4464 wrote to memory of 3500	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	99
PID 4464 wrote to memory of 3500	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	99
PID 4464 wrote to memory of 2184	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	100
PID 4464 wrote to memory of 2184	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	100
PID 4464 wrote to memory of 3692	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	101
PID 4464 wrote to memory of 3692	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	101
PID 4464 wrote to memory of 1136	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	102
PID 4464 wrote to memory of 1136	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	102
PID 4464 wrote to memory of 1200	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	103
PID 4464 wrote to memory of 1200	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	103
PID 4464 wrote to memory of 4828	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	104
PID 4464 wrote to memory of 4828	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	104
PID 4464 wrote to memory of 4484	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	105
PID 4464 wrote to memory of 4484	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	105
PID 4464 wrote to memory of 3664	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	106
PID 4464 wrote to memory of 3664	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	106
PID 4464 wrote to memory of 5104	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	107
PID 4464 wrote to memory of 5104	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	107
PID 4464 wrote to memory of 4792	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	108
PID 4464 wrote to memory of 4792	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	108
PID 4464 wrote to memory of 2168	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	109
PID 4464 wrote to memory of 2168	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	109
PID 4464 wrote to memory of 1312	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	110
PID 4464 wrote to memory of 1312	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	110
PID 4464 wrote to memory of 2068	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	111
PID 4464 wrote to memory of 2068	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	111
PID 4464 wrote to memory of 840	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	112
PID 4464 wrote to memory of 840	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	112
PID 4464 wrote to memory of 3900	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	113
PID 4464 wrote to memory of 3900	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	113
PID 4464 wrote to memory of 3144	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	114
PID 4464 wrote to memory of 3144	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	114
PID 4464 wrote to memory of 1528	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	115
PID 4464 wrote to memory of 1528	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	115
PID 4464 wrote to memory of 2812	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	116
PID 4464 wrote to memory of 2812	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	116
PID 4464 wrote to memory of 3680	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	117
PID 4464 wrote to memory of 3680	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	117
PID 4464 wrote to memory of 3252	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	118
PID 4464 wrote to memory of 3252	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	118
PID 4464 wrote to memory of 1948	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	119
PID 4464 wrote to memory of 1948	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	119
PID 4464 wrote to memory of 1820	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	120
PID 4464 wrote to memory of 1820	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	120
PID 4464 wrote to memory of 2544	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	121
PID 4464 wrote to memory of 2544	4464	28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe	121

C:\Users\Admin\AppData\Local\Temp\28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe
"C:\Users\Admin\AppData\Local\Temp\28136b05fba087543326e751f170aa0196af8ef9a7088457124a89c794a06b08.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Windows\System\Zupulao.exe
  C:\Windows\System\Zupulao.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\WXyAAID.exe
  C:\Windows\System\WXyAAID.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\tBqIcyo.exe
  C:\Windows\System\tBqIcyo.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\YomPBex.exe
  C:\Windows\System\YomPBex.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\wlWLRJz.exe
  C:\Windows\System\wlWLRJz.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\kgLHcSm.exe
  C:\Windows\System\kgLHcSm.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LPoYcdp.exe
  C:\Windows\System\LPoYcdp.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\UDyveDh.exe
  C:\Windows\System\UDyveDh.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ArQdGGj.exe
  C:\Windows\System\ArQdGGj.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\SSbOzdl.exe
  C:\Windows\System\SSbOzdl.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\vdbHZcg.exe
  C:\Windows\System\vdbHZcg.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\cBYcFFx.exe
  C:\Windows\System\cBYcFFx.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\reYbxfH.exe
  C:\Windows\System\reYbxfH.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\VhmlzKv.exe
  C:\Windows\System\VhmlzKv.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\dNkcafb.exe
  C:\Windows\System\dNkcafb.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\ruRBWgM.exe
  C:\Windows\System\ruRBWgM.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\GDaXNEh.exe
  C:\Windows\System\GDaXNEh.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\mfkfnpk.exe
  C:\Windows\System\mfkfnpk.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\fLhHLJq.exe
  C:\Windows\System\fLhHLJq.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\qCguwTZ.exe
  C:\Windows\System\qCguwTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ChKFDwQ.exe
  C:\Windows\System\ChKFDwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\aRpRpYA.exe
  C:\Windows\System\aRpRpYA.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\zolTtnJ.exe
  C:\Windows\System\zolTtnJ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\bdkukKA.exe
  C:\Windows\System\bdkukKA.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\bjZHTBE.exe
  C:\Windows\System\bjZHTBE.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\IAljbLu.exe
  C:\Windows\System\IAljbLu.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\JwRbRFF.exe
  C:\Windows\System\JwRbRFF.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FCUpUic.exe
  C:\Windows\System\FCUpUic.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\XadbvIB.exe
  C:\Windows\System\XadbvIB.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\mawsYjJ.exe
  C:\Windows\System\mawsYjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\DmfEMjY.exe
  C:\Windows\System\DmfEMjY.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\OsiWptV.exe
  C:\Windows\System\OsiWptV.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\VwtTPRd.exe
  C:\Windows\System\VwtTPRd.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\kTyYRAE.exe
  C:\Windows\System\kTyYRAE.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\StNfQJi.exe
  C:\Windows\System\StNfQJi.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\JgMOYnG.exe
  C:\Windows\System\JgMOYnG.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\WpxQzuu.exe
  C:\Windows\System\WpxQzuu.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\PGoUnFM.exe
  C:\Windows\System\PGoUnFM.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\sriCidZ.exe
  C:\Windows\System\sriCidZ.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\TYYJMpt.exe
  C:\Windows\System\TYYJMpt.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\EiytOIV.exe
  C:\Windows\System\EiytOIV.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\bmgFWnw.exe
  C:\Windows\System\bmgFWnw.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\SEUWWBS.exe
  C:\Windows\System\SEUWWBS.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\wOBtphB.exe
  C:\Windows\System\wOBtphB.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ekeLyNS.exe
  C:\Windows\System\ekeLyNS.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\FYeSybQ.exe
  C:\Windows\System\FYeSybQ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\wPRhwvd.exe
  C:\Windows\System\wPRhwvd.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\gjrcSdM.exe
  C:\Windows\System\gjrcSdM.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\irlWAkr.exe
  C:\Windows\System\irlWAkr.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\CJNNlit.exe
  C:\Windows\System\CJNNlit.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\iFlEthQ.exe
  C:\Windows\System\iFlEthQ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\spOrZWM.exe
  C:\Windows\System\spOrZWM.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\mRHcsSA.exe
  C:\Windows\System\mRHcsSA.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\lxMAaUr.exe
  C:\Windows\System\lxMAaUr.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\LHUHrcA.exe
  C:\Windows\System\LHUHrcA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\OHnKnsn.exe
  C:\Windows\System\OHnKnsn.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\IKprQTr.exe
  C:\Windows\System\IKprQTr.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\CHCKTVJ.exe
  C:\Windows\System\CHCKTVJ.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\lyLDxpe.exe
  C:\Windows\System\lyLDxpe.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\iHEGpCR.exe
  C:\Windows\System\iHEGpCR.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\UFkqlbP.exe
  C:\Windows\System\UFkqlbP.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\VLQWixw.exe
  C:\Windows\System\VLQWixw.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\yLbpbUG.exe
  C:\Windows\System\yLbpbUG.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\JCCjVqu.exe
  C:\Windows\System\JCCjVqu.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\WHDvTcB.exe
  C:\Windows\System\WHDvTcB.exe
  2⤵
  PID:1860
- C:\Windows\System\SUMWFLw.exe
  C:\Windows\System\SUMWFLw.exe
  2⤵
  PID:4212
- C:\Windows\System\SnTrfZD.exe
  C:\Windows\System\SnTrfZD.exe
  2⤵
  PID:3412
- C:\Windows\System\rkccJvu.exe
  C:\Windows\System\rkccJvu.exe
  2⤵
  PID:1108
- C:\Windows\System\pziKclj.exe
  C:\Windows\System\pziKclj.exe
  2⤵
  PID:4900
- C:\Windows\System\wlWlqjx.exe
  C:\Windows\System\wlWlqjx.exe
  2⤵
  PID:4380
- C:\Windows\System\qaoDKCO.exe
  C:\Windows\System\qaoDKCO.exe
  2⤵
  PID:2200
- C:\Windows\System\WCDeoOq.exe
  C:\Windows\System\WCDeoOq.exe
  2⤵
  PID:2692
- C:\Windows\System\OjGCpaC.exe
  C:\Windows\System\OjGCpaC.exe
  2⤵
  PID:1140
- C:\Windows\System\sNvlhgr.exe
  C:\Windows\System\sNvlhgr.exe
  2⤵
  PID:4260
- C:\Windows\System\KlfCarN.exe
  C:\Windows\System\KlfCarN.exe
  2⤵
  PID:5044
- C:\Windows\System\RjDMmIm.exe
  C:\Windows\System\RjDMmIm.exe
  2⤵
  PID:4760
- C:\Windows\System\thCBVCo.exe
  C:\Windows\System\thCBVCo.exe
  2⤵
  PID:2572
- C:\Windows\System\kIIuJkH.exe
  C:\Windows\System\kIIuJkH.exe
  2⤵
  PID:2376
- C:\Windows\System\rxGucgg.exe
  C:\Windows\System\rxGucgg.exe
  2⤵
  PID:2304
- C:\Windows\System\NcoqIlR.exe
  C:\Windows\System\NcoqIlR.exe
  2⤵
  PID:2392
- C:\Windows\System\bejZwiJ.exe
  C:\Windows\System\bejZwiJ.exe
  2⤵
  PID:3204
- C:\Windows\System\foOPIDm.exe
  C:\Windows\System\foOPIDm.exe
  2⤵
  PID:2532
- C:\Windows\System\yvuJAEj.exe
  C:\Windows\System\yvuJAEj.exe
  2⤵
  PID:4940
- C:\Windows\System\Cevxmyk.exe
  C:\Windows\System\Cevxmyk.exe
  2⤵
  PID:1100
- C:\Windows\System\myXVVin.exe
  C:\Windows\System\myXVVin.exe
  2⤵
  PID:4236
- C:\Windows\System\VcnLrxC.exe
  C:\Windows\System\VcnLrxC.exe
  2⤵
  PID:1648
- C:\Windows\System\PDhwMNq.exe
  C:\Windows\System\PDhwMNq.exe
  2⤵
  PID:1164
- C:\Windows\System\NIFDqcl.exe
  C:\Windows\System\NIFDqcl.exe
  2⤵
  PID:1480
- C:\Windows\System\xifNLen.exe
  C:\Windows\System\xifNLen.exe
  2⤵
  PID:624
- C:\Windows\System\CdlytbN.exe
  C:\Windows\System\CdlytbN.exe
  2⤵
  PID:2108
- C:\Windows\System\ZMxpRUa.exe
  C:\Windows\System\ZMxpRUa.exe
  2⤵
  PID:4360
- C:\Windows\System\ebIKyya.exe
  C:\Windows\System\ebIKyya.exe
  2⤵
  PID:5028
- C:\Windows\System\lVqkUSO.exe
  C:\Windows\System\lVqkUSO.exe
  2⤵
  PID:5072
- C:\Windows\System\eQxureF.exe
  C:\Windows\System\eQxureF.exe
  2⤵
  PID:1808
- C:\Windows\System\YQsBBUU.exe
  C:\Windows\System\YQsBBUU.exe
  2⤵
  PID:5140
- C:\Windows\System\HdMkLwR.exe
  C:\Windows\System\HdMkLwR.exe
  2⤵
  PID:5160
- C:\Windows\System\mLLrjSS.exe
  C:\Windows\System\mLLrjSS.exe
  2⤵
  PID:5192
- C:\Windows\System\HbURUPr.exe
  C:\Windows\System\HbURUPr.exe
  2⤵
  PID:5216
- C:\Windows\System\opKcyzG.exe
  C:\Windows\System\opKcyzG.exe
  2⤵
  PID:5244
- C:\Windows\System\MRhllzV.exe
  C:\Windows\System\MRhllzV.exe
  2⤵
  PID:5276
- C:\Windows\System\yArwTMd.exe
  C:\Windows\System\yArwTMd.exe
  2⤵
  PID:5320
- C:\Windows\System\HBKdnMn.exe
  C:\Windows\System\HBKdnMn.exe
  2⤵
  PID:5356
- C:\Windows\System\GOHCxaM.exe
  C:\Windows\System\GOHCxaM.exe
  2⤵
  PID:5384
- C:\Windows\System\qJuywXQ.exe
  C:\Windows\System\qJuywXQ.exe
  2⤵
  PID:5420
- C:\Windows\System\MmdvpwT.exe
  C:\Windows\System\MmdvpwT.exe
  2⤵
  PID:5448
- C:\Windows\System\UNyksMB.exe
  C:\Windows\System\UNyksMB.exe
  2⤵
  PID:5476
- C:\Windows\System\psbyFKa.exe
  C:\Windows\System\psbyFKa.exe
  2⤵
  PID:5504
- C:\Windows\System\PfSBWZV.exe
  C:\Windows\System\PfSBWZV.exe
  2⤵
  PID:5536
- C:\Windows\System\CBdsdUF.exe
  C:\Windows\System\CBdsdUF.exe
  2⤵
  PID:5560
- C:\Windows\System\zqZjEFe.exe
  C:\Windows\System\zqZjEFe.exe
  2⤵
  PID:5596
- C:\Windows\System\uhPEEim.exe
  C:\Windows\System\uhPEEim.exe
  2⤵
  PID:5616
- C:\Windows\System\KGVvNEh.exe
  C:\Windows\System\KGVvNEh.exe
  2⤵
  PID:5644
- C:\Windows\System\cIdlwlH.exe
  C:\Windows\System\cIdlwlH.exe
  2⤵
  PID:5672
- C:\Windows\System\lZyoozT.exe
  C:\Windows\System\lZyoozT.exe
  2⤵
  PID:5700
- C:\Windows\System\PjMCxYG.exe
  C:\Windows\System\PjMCxYG.exe
  2⤵
  PID:5728
- C:\Windows\System\xykUAkT.exe
  C:\Windows\System\xykUAkT.exe
  2⤵
  PID:5756
- C:\Windows\System\qfulLNG.exe
  C:\Windows\System\qfulLNG.exe
  2⤵
  PID:5776
- C:\Windows\System\hdlAiER.exe
  C:\Windows\System\hdlAiER.exe
  2⤵
  PID:5804
- C:\Windows\System\KQRdOKP.exe
  C:\Windows\System\KQRdOKP.exe
  2⤵
  PID:5828
- C:\Windows\System\mgQmshJ.exe
  C:\Windows\System\mgQmshJ.exe
  2⤵
  PID:5860
- C:\Windows\System\YFVycIU.exe
  C:\Windows\System\YFVycIU.exe
  2⤵
  PID:5892
- C:\Windows\System\UUlWymX.exe
  C:\Windows\System\UUlWymX.exe
  2⤵
  PID:5916
- C:\Windows\System\BvOudyf.exe
  C:\Windows\System\BvOudyf.exe
  2⤵
  PID:5948
- C:\Windows\System\VAJfTnV.exe
  C:\Windows\System\VAJfTnV.exe
  2⤵
  PID:5980
- C:\Windows\System\zXZNoxB.exe
  C:\Windows\System\zXZNoxB.exe
  2⤵
  PID:6012
- C:\Windows\System\EoTExNj.exe
  C:\Windows\System\EoTExNj.exe
  2⤵
  PID:6040
- C:\Windows\System\QiPpaPz.exe
  C:\Windows\System\QiPpaPz.exe
  2⤵
  PID:6056
- C:\Windows\System\arifjvN.exe
  C:\Windows\System\arifjvN.exe
  2⤵
  PID:6084
- C:\Windows\System\JAchJTK.exe
  C:\Windows\System\JAchJTK.exe
  2⤵
  PID:6112
- C:\Windows\System\HCLyvAk.exe
  C:\Windows\System\HCLyvAk.exe
  2⤵
  PID:6140
- C:\Windows\System\KekbkSk.exe
  C:\Windows\System\KekbkSk.exe
  2⤵
  PID:5172
- C:\Windows\System\jHFJsVh.exe
  C:\Windows\System\jHFJsVh.exe
  2⤵
  PID:5148
- C:\Windows\System\hXiPBvZ.exe
  C:\Windows\System\hXiPBvZ.exe
  2⤵
  PID:5288
- C:\Windows\System\RJQswxk.exe
  C:\Windows\System\RJQswxk.exe
  2⤵
  PID:5304
- C:\Windows\System\zpTMFIz.exe
  C:\Windows\System\zpTMFIz.exe
  2⤵
  PID:5312
- C:\Windows\System\buNvzsC.exe
  C:\Windows\System\buNvzsC.exe
  2⤵
  PID:5412
- C:\Windows\System\FWLvEnO.exe
  C:\Windows\System\FWLvEnO.exe
  2⤵
  PID:5440
- C:\Windows\System\hqwOcPs.exe
  C:\Windows\System\hqwOcPs.exe
  2⤵
  PID:5524
- C:\Windows\System\RxIjeuF.exe
  C:\Windows\System\RxIjeuF.exe
  2⤵
  PID:5604
- C:\Windows\System\LoqswcJ.exe
  C:\Windows\System\LoqswcJ.exe
  2⤵
  PID:5656
- C:\Windows\System\astpoos.exe
  C:\Windows\System\astpoos.exe
  2⤵
  PID:5724
- C:\Windows\System\ZFNYfzA.exe
  C:\Windows\System\ZFNYfzA.exe
  2⤵
  PID:5784
- C:\Windows\System\ysHIUmN.exe
  C:\Windows\System\ysHIUmN.exe
  2⤵
  PID:5840
- C:\Windows\System\ugEyfFh.exe
  C:\Windows\System\ugEyfFh.exe
  2⤵
  PID:5900
- C:\Windows\System\dkDLlxO.exe
  C:\Windows\System\dkDLlxO.exe
  2⤵
  PID:5932
- C:\Windows\System\zHHRaPJ.exe
  C:\Windows\System\zHHRaPJ.exe
  2⤵
  PID:6008
- C:\Windows\System\wJFHgvW.exe
  C:\Windows\System\wJFHgvW.exe
  2⤵
  PID:6068
- C:\Windows\System\EIZkLjT.exe
  C:\Windows\System\EIZkLjT.exe
  2⤵
  PID:5136
- C:\Windows\System\plZDdSU.exe
  C:\Windows\System\plZDdSU.exe
  2⤵
  PID:5232
- C:\Windows\System\ZiTKhzZ.exe
  C:\Windows\System\ZiTKhzZ.exe
  2⤵
  PID:5332
- C:\Windows\System\AEAZQws.exe
  C:\Windows\System\AEAZQws.exe
  2⤵
  PID:4936
- C:\Windows\System\GwOqRVA.exe
  C:\Windows\System\GwOqRVA.exe
  2⤵
  PID:5584
- C:\Windows\System\pkvkvRP.exe
  C:\Windows\System\pkvkvRP.exe
  2⤵
  PID:5688
- C:\Windows\System\cqaemii.exe
  C:\Windows\System\cqaemii.exe
  2⤵
  PID:5848
- C:\Windows\System\ZOjChqP.exe
  C:\Windows\System\ZOjChqP.exe
  2⤵
  PID:6032
- C:\Windows\System\sCGfkXs.exe
  C:\Windows\System\sCGfkXs.exe
  2⤵
  PID:1224
- C:\Windows\System\nBsmyvt.exe
  C:\Windows\System\nBsmyvt.exe
  2⤵
  PID:5580
- C:\Windows\System\zIqUNSK.exe
  C:\Windows\System\zIqUNSK.exe
  2⤵
  PID:5696
- C:\Windows\System\rdfDyKY.exe
  C:\Windows\System\rdfDyKY.exe
  2⤵
  PID:5552
- C:\Windows\System\XQGVCqX.exe
  C:\Windows\System\XQGVCqX.exe
  2⤵
  PID:5992
- C:\Windows\System\OtzSyXE.exe
  C:\Windows\System\OtzSyXE.exe
  2⤵
  PID:6164
- C:\Windows\System\NwjYVwV.exe
  C:\Windows\System\NwjYVwV.exe
  2⤵
  PID:6200
- C:\Windows\System\DrUoqgt.exe
  C:\Windows\System\DrUoqgt.exe
  2⤵
  PID:6228
- C:\Windows\System\VJmIWkz.exe
  C:\Windows\System\VJmIWkz.exe
  2⤵
  PID:6260
- C:\Windows\System\uMBydUH.exe
  C:\Windows\System\uMBydUH.exe
  2⤵
  PID:6276
- C:\Windows\System\hijRXRv.exe
  C:\Windows\System\hijRXRv.exe
  2⤵
  PID:6308
- C:\Windows\System\FUjzDko.exe
  C:\Windows\System\FUjzDko.exe
  2⤵
  PID:6344
- C:\Windows\System\BwBiuNV.exe
  C:\Windows\System\BwBiuNV.exe
  2⤵
  PID:6372
- C:\Windows\System\uVYUbyB.exe
  C:\Windows\System\uVYUbyB.exe
  2⤵
  PID:6388
- C:\Windows\System\NeCWQFZ.exe
  C:\Windows\System\NeCWQFZ.exe
  2⤵
  PID:6416
- C:\Windows\System\jxLUZqV.exe
  C:\Windows\System\jxLUZqV.exe
  2⤵
  PID:6448
- C:\Windows\System\kUuRjhB.exe
  C:\Windows\System\kUuRjhB.exe
  2⤵
  PID:6476
- C:\Windows\System\FXIkeOK.exe
  C:\Windows\System\FXIkeOK.exe
  2⤵
  PID:6496
- C:\Windows\System\mDvUJZN.exe
  C:\Windows\System\mDvUJZN.exe
  2⤵
  PID:6520
- C:\Windows\System\maHEWWw.exe
  C:\Windows\System\maHEWWw.exe
  2⤵
  PID:6556
- C:\Windows\System\bWDXCaI.exe
  C:\Windows\System\bWDXCaI.exe
  2⤵
  PID:6576
- C:\Windows\System\bHYNzHA.exe
  C:\Windows\System\bHYNzHA.exe
  2⤵
  PID:6608
- C:\Windows\System\jmACBHA.exe
  C:\Windows\System\jmACBHA.exe
  2⤵
  PID:6640
- C:\Windows\System\LzeSXiz.exe
  C:\Windows\System\LzeSXiz.exe
  2⤵
  PID:6676
- C:\Windows\System\DGBxOXT.exe
  C:\Windows\System\DGBxOXT.exe
  2⤵
  PID:6692
- C:\Windows\System\hzPQony.exe
  C:\Windows\System\hzPQony.exe
  2⤵
  PID:6712
- C:\Windows\System\OFJdpoA.exe
  C:\Windows\System\OFJdpoA.exe
  2⤵
  PID:6736
- C:\Windows\System\yBVOBab.exe
  C:\Windows\System\yBVOBab.exe
  2⤵
  PID:6756
- C:\Windows\System\tvmgOGS.exe
  C:\Windows\System\tvmgOGS.exe
  2⤵
  PID:6792
- C:\Windows\System\Lqjcbzb.exe
  C:\Windows\System\Lqjcbzb.exe
  2⤵
  PID:6828
- C:\Windows\System\yOFHkGA.exe
  C:\Windows\System\yOFHkGA.exe
  2⤵
  PID:6860
- C:\Windows\System\BluIKVO.exe
  C:\Windows\System\BluIKVO.exe
  2⤵
  PID:6896
- C:\Windows\System\bzBUpoq.exe
  C:\Windows\System\bzBUpoq.exe
  2⤵
  PID:6936
- C:\Windows\System\DdfTuWm.exe
  C:\Windows\System\DdfTuWm.exe
  2⤵
  PID:6968
- C:\Windows\System\DABzLda.exe
  C:\Windows\System\DABzLda.exe
  2⤵
  PID:6996
- C:\Windows\System\rZqBlkI.exe
  C:\Windows\System\rZqBlkI.exe
  2⤵
  PID:7028
- C:\Windows\System\qOzULCv.exe
  C:\Windows\System\qOzULCv.exe
  2⤵
  PID:7048
- C:\Windows\System\RPYHTfQ.exe
  C:\Windows\System\RPYHTfQ.exe
  2⤵
  PID:7068
- C:\Windows\System\XRKUudL.exe
  C:\Windows\System\XRKUudL.exe
  2⤵
  PID:7104
- C:\Windows\System\SeCOrfE.exe
  C:\Windows\System\SeCOrfE.exe
  2⤵
  PID:7136
- C:\Windows\System\VxkmOBE.exe
  C:\Windows\System\VxkmOBE.exe
  2⤵
  PID:6148
- C:\Windows\System\RAqhndG.exe
  C:\Windows\System\RAqhndG.exe
  2⤵
  PID:6176
- C:\Windows\System\YUwKFAA.exe
  C:\Windows\System\YUwKFAA.exe
  2⤵
  PID:6248
- C:\Windows\System\tiIYWjF.exe
  C:\Windows\System\tiIYWjF.exe
  2⤵
  PID:6324
- C:\Windows\System\ofUtcVc.exe
  C:\Windows\System\ofUtcVc.exe
  2⤵
  PID:6404
- C:\Windows\System\CZvtqZf.exe
  C:\Windows\System\CZvtqZf.exe
  2⤵
  PID:6492
- C:\Windows\System\uHCdUpr.exe
  C:\Windows\System\uHCdUpr.exe
  2⤵
  PID:6508
- C:\Windows\System\LjeKPbX.exe
  C:\Windows\System\LjeKPbX.exe
  2⤵
  PID:6584
- C:\Windows\System\qEDYJlL.exe
  C:\Windows\System\qEDYJlL.exe
  2⤵
  PID:6628
- C:\Windows\System\PNUXHdO.exe
  C:\Windows\System\PNUXHdO.exe
  2⤵
  PID:6752
- C:\Windows\System\faAVcja.exe
  C:\Windows\System\faAVcja.exe
  2⤵
  PID:6788
- C:\Windows\System\aWfCxcz.exe
  C:\Windows\System\aWfCxcz.exe
  2⤵
  PID:6816
- C:\Windows\System\PYprFtn.exe
  C:\Windows\System\PYprFtn.exe
  2⤵
  PID:6888
- C:\Windows\System\NGlErNP.exe
  C:\Windows\System\NGlErNP.exe
  2⤵
  PID:6964
- C:\Windows\System\TzOemvw.exe
  C:\Windows\System\TzOemvw.exe
  2⤵
  PID:7040
- C:\Windows\System\OXAqlMk.exe
  C:\Windows\System\OXAqlMk.exe
  2⤵
  PID:7076
- C:\Windows\System\XudPzlT.exe
  C:\Windows\System\XudPzlT.exe
  2⤵
  PID:5800
- C:\Windows\System\Qdccfqo.exe
  C:\Windows\System\Qdccfqo.exe
  2⤵
  PID:6272
- C:\Windows\System\TbKpDDg.exe
  C:\Windows\System\TbKpDDg.exe
  2⤵
  PID:6472
- C:\Windows\System\jwpaCgC.exe
  C:\Windows\System\jwpaCgC.exe
  2⤵
  PID:6768
- C:\Windows\System\WBgQmcf.exe
  C:\Windows\System\WBgQmcf.exe
  2⤵
  PID:6724
- C:\Windows\System\alPKWMb.exe
  C:\Windows\System\alPKWMb.exe
  2⤵
  PID:6992
- C:\Windows\System\mVQVsTS.exe
  C:\Windows\System\mVQVsTS.exe
  2⤵
  PID:6504
- C:\Windows\System\QtYpsLC.exe
  C:\Windows\System\QtYpsLC.exe
  2⤵
  PID:6636
- C:\Windows\System\lxShCpz.exe
  C:\Windows\System\lxShCpz.exe
  2⤵
  PID:6604
- C:\Windows\System\MLbXTAT.exe
  C:\Windows\System\MLbXTAT.exe
  2⤵
  PID:7176
- C:\Windows\System\JYlrPHU.exe
  C:\Windows\System\JYlrPHU.exe
  2⤵
  PID:7208
- C:\Windows\System\LJBdLZu.exe
  C:\Windows\System\LJBdLZu.exe
  2⤵
  PID:7236
- C:\Windows\System\rLlUKfp.exe
  C:\Windows\System\rLlUKfp.exe
  2⤵
  PID:7256
- C:\Windows\System\XSaaSGD.exe
  C:\Windows\System\XSaaSGD.exe
  2⤵
  PID:7296
- C:\Windows\System\LGHVbgB.exe
  C:\Windows\System\LGHVbgB.exe
  2⤵
  PID:7328
- C:\Windows\System\NFSFLMb.exe
  C:\Windows\System\NFSFLMb.exe
  2⤵
  PID:7360
- C:\Windows\System\wVknWGz.exe
  C:\Windows\System\wVknWGz.exe
  2⤵
  PID:7392
- C:\Windows\System\itceATX.exe
  C:\Windows\System\itceATX.exe
  2⤵
  PID:7408
- C:\Windows\System\VTXCmTc.exe
  C:\Windows\System\VTXCmTc.exe
  2⤵
  PID:7444
- C:\Windows\System\qZWLYAU.exe
  C:\Windows\System\qZWLYAU.exe
  2⤵
  PID:7464
- C:\Windows\System\EDUAyVt.exe
  C:\Windows\System\EDUAyVt.exe
  2⤵
  PID:7496
- C:\Windows\System\huFFlUb.exe
  C:\Windows\System\huFFlUb.exe
  2⤵
  PID:7528
- C:\Windows\System\qUBOpQE.exe
  C:\Windows\System\qUBOpQE.exe
  2⤵
  PID:7552
- C:\Windows\System\BnXUrZT.exe
  C:\Windows\System\BnXUrZT.exe
  2⤵
  PID:7596
- C:\Windows\System\aTZlgqX.exe
  C:\Windows\System\aTZlgqX.exe
  2⤵
  PID:7632
- C:\Windows\System\gvbVUjl.exe
  C:\Windows\System\gvbVUjl.exe
  2⤵
  PID:7672
- C:\Windows\System\TbMCiRN.exe
  C:\Windows\System\TbMCiRN.exe
  2⤵
  PID:7688
- C:\Windows\System\TeuolID.exe
  C:\Windows\System\TeuolID.exe
  2⤵
  PID:7716
- C:\Windows\System\EmqNAPG.exe
  C:\Windows\System\EmqNAPG.exe
  2⤵
  PID:7744
- C:\Windows\System\fWdNjyW.exe
  C:\Windows\System\fWdNjyW.exe
  2⤵
  PID:7772
- C:\Windows\System\lQHtgKc.exe
  C:\Windows\System\lQHtgKc.exe
  2⤵
  PID:7804
- C:\Windows\System\TwedjDe.exe
  C:\Windows\System\TwedjDe.exe
  2⤵
  PID:7820
- C:\Windows\System\oxsetnE.exe
  C:\Windows\System\oxsetnE.exe
  2⤵
  PID:7848
- C:\Windows\System\vXQyusJ.exe
  C:\Windows\System\vXQyusJ.exe
  2⤵
  PID:7876
- C:\Windows\System\RDXxFek.exe
  C:\Windows\System\RDXxFek.exe
  2⤵
  PID:7904
- C:\Windows\System\fFzzQjf.exe
  C:\Windows\System\fFzzQjf.exe
  2⤵
  PID:7932
- C:\Windows\System\zqgheZK.exe
  C:\Windows\System\zqgheZK.exe
  2⤵
  PID:7960
- C:\Windows\System\XPPfynV.exe
  C:\Windows\System\XPPfynV.exe
  2⤵
  PID:7992
- C:\Windows\System\khRXWFv.exe
  C:\Windows\System\khRXWFv.exe
  2⤵
  PID:8024
- C:\Windows\System\gxeYmoV.exe
  C:\Windows\System\gxeYmoV.exe
  2⤵
  PID:8056
- C:\Windows\System\GVrpvfr.exe
  C:\Windows\System\GVrpvfr.exe
  2⤵
  PID:8076
- C:\Windows\System\CtWrNNd.exe
  C:\Windows\System\CtWrNNd.exe
  2⤵
  PID:8112
- C:\Windows\System\hfBpFrq.exe
  C:\Windows\System\hfBpFrq.exe
  2⤵
  PID:8132
- C:\Windows\System\MGbJHOC.exe
  C:\Windows\System\MGbJHOC.exe
  2⤵
  PID:8148
- C:\Windows\System\qrQgwtc.exe
  C:\Windows\System\qrQgwtc.exe
  2⤵
  PID:8168
- C:\Windows\System\LWCMUkz.exe
  C:\Windows\System\LWCMUkz.exe
  2⤵
  PID:8188
- C:\Windows\System\uqScnVR.exe
  C:\Windows\System\uqScnVR.exe
  2⤵
  PID:6252
- C:\Windows\System\SIhjvvv.exe
  C:\Windows\System\SIhjvvv.exe
  2⤵
  PID:7224
- C:\Windows\System\ZOirpio.exe
  C:\Windows\System\ZOirpio.exe
  2⤵
  PID:7252
- C:\Windows\System\tZniray.exe
  C:\Windows\System\tZniray.exe
  2⤵
  PID:7348
- C:\Windows\System\sejdmQV.exe
  C:\Windows\System\sejdmQV.exe
  2⤵
  PID:7460
- C:\Windows\System\hfAsIjc.exe
  C:\Windows\System\hfAsIjc.exe
  2⤵
  PID:7548
- C:\Windows\System\AFACCpO.exe
  C:\Windows\System\AFACCpO.exe
  2⤵
  PID:7576
- C:\Windows\System\IuhKEoM.exe
  C:\Windows\System\IuhKEoM.exe
  2⤵
  PID:7652
- C:\Windows\System\SRcqaWx.exe
  C:\Windows\System\SRcqaWx.exe
  2⤵
  PID:7708
- C:\Windows\System\NywbZIY.exe
  C:\Windows\System\NywbZIY.exe
  2⤵
  PID:7768
- C:\Windows\System\kbrktXb.exe
  C:\Windows\System\kbrktXb.exe
  2⤵
  PID:7832
- C:\Windows\System\oggYdiD.exe
  C:\Windows\System\oggYdiD.exe
  2⤵
  PID:7888
- C:\Windows\System\vqarRkI.exe
  C:\Windows\System\vqarRkI.exe
  2⤵
  PID:7944
- C:\Windows\System\hIhQlgO.exe
  C:\Windows\System\hIhQlgO.exe
  2⤵
  PID:8036
- C:\Windows\System\IdqiDAl.exe
  C:\Windows\System\IdqiDAl.exe
  2⤵
  PID:8100
- C:\Windows\System\OCKygXN.exe
  C:\Windows\System\OCKygXN.exe
  2⤵
  PID:6836
- C:\Windows\System\PINkkqh.exe
  C:\Windows\System\PINkkqh.exe
  2⤵
  PID:7356
- C:\Windows\System\MXUvzZE.exe
  C:\Windows\System\MXUvzZE.exe
  2⤵
  PID:7164
- C:\Windows\System\UjkGTnc.exe
  C:\Windows\System\UjkGTnc.exe
  2⤵
  PID:7572
- C:\Windows\System\TiLGusK.exe
  C:\Windows\System\TiLGusK.exe
  2⤵
  PID:7648
- C:\Windows\System\jnrfovA.exe
  C:\Windows\System\jnrfovA.exe
  2⤵
  PID:7740
- C:\Windows\System\jQowRJU.exe
  C:\Windows\System\jQowRJU.exe
  2⤵
  PID:7840
- C:\Windows\System\LbDvpTP.exe
  C:\Windows\System\LbDvpTP.exe
  2⤵
  PID:8120
- C:\Windows\System\hJlJBIF.exe
  C:\Windows\System\hJlJBIF.exe
  2⤵
  PID:7312
- C:\Windows\System\vlStHIV.exe
  C:\Windows\System\vlStHIV.exe
  2⤵
  PID:7684
- C:\Windows\System\ndblEjb.exe
  C:\Windows\System\ndblEjb.exe
  2⤵
  PID:7760
- C:\Windows\System\CLWqMVX.exe
  C:\Windows\System\CLWqMVX.exe
  2⤵
  PID:7172
- C:\Windows\System\wJCesjs.exe
  C:\Windows\System\wJCesjs.exe
  2⤵
  PID:8204
- C:\Windows\System\eKyVJii.exe
  C:\Windows\System\eKyVJii.exe
  2⤵
  PID:8236
- C:\Windows\System\EkaPnpw.exe
  C:\Windows\System\EkaPnpw.exe
  2⤵
  PID:8268
- C:\Windows\System\TcwBpod.exe
  C:\Windows\System\TcwBpod.exe
  2⤵
  PID:8296
- C:\Windows\System\GPTedyC.exe
  C:\Windows\System\GPTedyC.exe
  2⤵
  PID:8360
- C:\Windows\System\FdvsrYI.exe
  C:\Windows\System\FdvsrYI.exe
  2⤵
  PID:8376
- C:\Windows\System\iBBRigj.exe
  C:\Windows\System\iBBRigj.exe
  2⤵
  PID:8404
- C:\Windows\System\EQGWiBD.exe
  C:\Windows\System\EQGWiBD.exe
  2⤵
  PID:8420
- C:\Windows\System\pEoXoWy.exe
  C:\Windows\System\pEoXoWy.exe
  2⤵
  PID:8448
- C:\Windows\System\CnhTJiN.exe
  C:\Windows\System\CnhTJiN.exe
  2⤵
  PID:8476
- C:\Windows\System\FdfLukp.exe
  C:\Windows\System\FdfLukp.exe
  2⤵
  PID:8508
- C:\Windows\System\OEEgjFT.exe
  C:\Windows\System\OEEgjFT.exe
  2⤵
  PID:8536
- C:\Windows\System\vHUvPEb.exe
  C:\Windows\System\vHUvPEb.exe
  2⤵
  PID:8568
- C:\Windows\System\KXKdUzO.exe
  C:\Windows\System\KXKdUzO.exe
  2⤵
  PID:8588
- C:\Windows\System\LuLGGLj.exe
  C:\Windows\System\LuLGGLj.exe
  2⤵
  PID:8616
- C:\Windows\System\DKOtQVI.exe
  C:\Windows\System\DKOtQVI.exe
  2⤵
  PID:8644
- C:\Windows\System\XsEkUPn.exe
  C:\Windows\System\XsEkUPn.exe
  2⤵
  PID:8672
- C:\Windows\System\mancDHF.exe
  C:\Windows\System\mancDHF.exe
  2⤵
  PID:8704
- C:\Windows\System\fNPlXKO.exe
  C:\Windows\System\fNPlXKO.exe
  2⤵
  PID:8732
- C:\Windows\System\EsaeMHL.exe
  C:\Windows\System\EsaeMHL.exe
  2⤵
  PID:8764
- C:\Windows\System\tRilNKc.exe
  C:\Windows\System\tRilNKc.exe
  2⤵
  PID:8796
- C:\Windows\System\qcyXopf.exe
  C:\Windows\System\qcyXopf.exe
  2⤵
  PID:8824
- C:\Windows\System\mHixZTQ.exe
  C:\Windows\System\mHixZTQ.exe
  2⤵
  PID:8840
- C:\Windows\System\pYzrjBZ.exe
  C:\Windows\System\pYzrjBZ.exe
  2⤵
  PID:8872
- C:\Windows\System\OxShyML.exe
  C:\Windows\System\OxShyML.exe
  2⤵
  PID:8896
- C:\Windows\System\CJYWvOQ.exe
  C:\Windows\System\CJYWvOQ.exe
  2⤵
  PID:8916
- C:\Windows\System\yNUougs.exe
  C:\Windows\System\yNUougs.exe
  2⤵
  PID:8952
- C:\Windows\System\djnbofs.exe
  C:\Windows\System\djnbofs.exe
  2⤵
  PID:8972
- C:\Windows\System\YHvBFMp.exe
  C:\Windows\System\YHvBFMp.exe
  2⤵
  PID:9004
- C:\Windows\System\pmlkDoN.exe
  C:\Windows\System\pmlkDoN.exe
  2⤵
  PID:9032
- C:\Windows\System\eRPCnmm.exe
  C:\Windows\System\eRPCnmm.exe
  2⤵
  PID:9064
- C:\Windows\System\WPPfETd.exe
  C:\Windows\System\WPPfETd.exe
  2⤵
  PID:9092
- C:\Windows\System\MyCtVAL.exe
  C:\Windows\System\MyCtVAL.exe
  2⤵
  PID:9120
- C:\Windows\System\AtwMnWv.exe
  C:\Windows\System\AtwMnWv.exe
  2⤵
  PID:9148
- C:\Windows\System\jDzxxIY.exe
  C:\Windows\System\jDzxxIY.exe
  2⤵
  PID:9176
- C:\Windows\System\pAKrbTv.exe
  C:\Windows\System\pAKrbTv.exe
  2⤵
  PID:9196
- C:\Windows\System\TwHmwHG.exe
  C:\Windows\System\TwHmwHG.exe
  2⤵
  PID:8196
- C:\Windows\System\aIqyqIV.exe
  C:\Windows\System\aIqyqIV.exe
  2⤵
  PID:8292
- C:\Windows\System\xOUJhmd.exe
  C:\Windows\System\xOUJhmd.exe
  2⤵
  PID:8320
- C:\Windows\System\SaDsDDU.exe
  C:\Windows\System\SaDsDDU.exe
  2⤵
  PID:8416
- C:\Windows\System\kchRQuR.exe
  C:\Windows\System\kchRQuR.exe
  2⤵
  PID:8460

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzY2RjlEQzUtQTA4Qy00RDk0LTg5OTctNkNCMTZDMDNCQkM5fSIgdXNlcmlkPSJ7NzE0MzdFRDktMjM5Mi00OTc5LUE3NDMtQjkxNDVEMEFGNjRDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzFBNEJCODctMTAwMS00MEUyLUFFNDMtMkY2RUU2MEI2RUQ1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5ODUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODQ0NDQzNjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTU5NjI1MTEyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:7480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArQdGGj.exe

Filesize
2.0MB

MD5
31dd40e4ea10a43b91578bac080deeca

SHA1
6fffb655c0bb3a4f32e8274493a1d2a6eb9c951a

SHA256
c99c2918bd1c32b6d654a93cbda9bf2d0ad2c4300645e0f6f40e59fa9e462902

SHA512
c9e289b365b477b03720ef7a176d5cb7f8d0ce24f4dbd94297f4ffe1333f08c48ebcc99f09ea3f4c6b572e55b1aa307d2fb67fe4f68e4352af532650085abf26

Download Submit
C:\Windows\System\ChKFDwQ.exe

Filesize
2.1MB

MD5
9f85d743cd61d75fd4e7ba7a0646af18

SHA1
02ce2135854081c5419ec9ff48d7a415c235d0b0

SHA256
8f36e24435627ba5b5f7dead737250e8ff8167b25cd7a700c0ac2457ec889be0

SHA512
247775c60a1c8edad55b2455fe2173793cc7e8761e6aea8ca3a9feb2d764397138c45361ba1c04c0778328ef7779949b43e89d6a2627848d6b77a8c330e78160

Download Submit
C:\Windows\System\DmfEMjY.exe

Filesize
2.1MB

MD5
546aa1a1cfd42a8056579ac428bcb098

SHA1
b28d40bc655398e55d7dea769bf17aba33957d79

SHA256
6e31fa3f2a53a3cd9466cac7f64010e4324407989951d93595d4a1742a2403c4

SHA512
1e459f323c85fe0d34cc62881670c7b8c5240f91f596f7e59ec1ecfca0a732e84f3c1a28df828388c3a7ebffc8825e736e0724bbd9271af837ccb83a3c2a6ff4

Download Submit
C:\Windows\System\FCUpUic.exe

Filesize
2.1MB

MD5
88d4173e3771eb2a926e18d6279663c4

SHA1
d829ddb34b75583fac55410abd0fd5be5babc7f5

SHA256
1715efc8a1a2b61fe2399f16e5e5cdf5457278baaa21ea074210dd5eacaa4266

SHA512
90541717a163a338813628df0e3c24e66f196a52ef6c1fc339bfd13e3a9acb4ef4fe813a39385ad2765abf0113f3569f895626742eadadbd01f49dd33f6edc0b

Download Submit
C:\Windows\System\GDaXNEh.exe

Filesize
2.1MB

MD5
53d479b3244159a2d6c83bc05544e3ec

SHA1
06471bec907147621ca48327a1826f07d08d004b

SHA256
c739270f9532b8fc65964fbc7804dc3cfe171dba09cb94961ef3310dfde26707

SHA512
e25a6c36a7eb91612303144ea24434832f0ee44df52962db6a12fae93c5a2d123b5409ec7ba3dd0d79bf4b2d95be7a296ed52487de17b3c7a801727c57a3fb0a

Download Submit
C:\Windows\System\IAljbLu.exe

Filesize
2.1MB

MD5
4c66e0fdefc5440566453f48f782ebe5

SHA1
df1b09258a2588dc938a2f9c4c40d16bbce4e477

SHA256
a65bb02ab9bb78c0a308ed8d4bb0bccc5b9a6ccd5a4ee1f2d6dda39fe731fbbc

SHA512
e06d7e4881ba72900fa18bcd3782a06c0b248988bc13f85e14dad41b1203ace318fbce1a00dbf3eac56fe2bc00a2bc5fd4590766895d79aa4b4aeee6cfb8a187

Download Submit
C:\Windows\System\JwRbRFF.exe

Filesize
2.1MB

MD5
d95a5d92aa67d04df489f21ecb550388

SHA1
4a1ad0ae01f3ae3938d4d7ea08a635618bc81b21

SHA256
fd1de5990fc27b745811c00b6b459185933a8fb135c5e6034d6f59a9dc892c28

SHA512
f638a51ddc2c2a5e1770edff1a8b311af708e6e1c9090f22d7b1b025ac3454d0dd1eeba8614e4142f4dad19895bde74b48b9a2f89a927de31f5c72c16d6958d5

Download Submit
C:\Windows\System\LPoYcdp.exe

Filesize
2.0MB

MD5
9e68b524d1dca30950091588b0ea7ebd

SHA1
bd543289fee1d27ab27070bbe5a0e7132e8deef0

SHA256
f5e8216df69f6d471400d5e135dab53077b5b1b4d8b4c2e68537dbf9d1a77767

SHA512
e144b73a126d9361f1db81f175be4ba935c9cc7a81c0f39d61a04c06fa5ef104693477086ca9511ce727cfc053c88a05b142517e036ccfe48f5a5ce454d632a3

Download Submit
C:\Windows\System\OsiWptV.exe

Filesize
2.1MB

MD5
a31198e59a56759cf23a9a90b4d6a510

SHA1
8047347ce8ae081f6d9955057db135eb873c18a9

SHA256
686388837bd2cfe7ab1d9b327936cdb924bbcb8537bd9570d5f15fdae8a0ad71

SHA512
1db097684c06778fc41c17ec8fc02b1b695d4a0b90290499659c64a2f5111b89c84f035d997be27872caaff9a6d39758ae26c3196eca5036ebc438222107e4e2

Download Submit
C:\Windows\System\SSbOzdl.exe

Filesize
2.0MB

MD5
4650537239d5bda129934576a35d791f

SHA1
6e8d84f31a3ec153145db648e6d92eeb1a30f447

SHA256
2669069a2a486b7ffa96330881d3ba4672473a8b7118bbcbb4813701fe1d13e9

SHA512
5d6bba3145a33e69a6142fc87629387d11b2e78eeaa2c37fd9ef579d2f22cd0d89b4bef2d6797d4e298230b8040c6a5693b17a27a4501bb2a043ab2e63bcc658

Download Submit
C:\Windows\System\UDyveDh.exe

Filesize
2.0MB

MD5
2d50d9f7af1a2ca99dc2813c811c7dce

SHA1
9addd23d1b0c7137e18ce57c066dbc9b52a03332

SHA256
fa42f03b9851191b74e78c082bafdc8b4d2e02a75ef177e5d76bc64f671b128b

SHA512
09e62e5462283a05f4e7edd38e24bdb5fa7d6d2006710994e976756f357d6cfb9300fde7ef048030037b2b581c21f2f25b511801d5445bf0f8256c2d3354c232

Download Submit
C:\Windows\System\VhmlzKv.exe

Filesize
2.0MB

MD5
893d0226cf78a1900368aaf6a7ef7d48

SHA1
b2d9a5c5702da7aeb3bd7c2d21e1a1bbfc3d81df

SHA256
942aca5a5b28194eb7d9a611577b274f080e04dfecfd1e8e76d38595f0c9a5c2

SHA512
69c13e4f77901c1d19ab6d4c6b7cb9f961d18d2a769947c9aa782c570f4c8bcc8b170254d565a724709c0234fd4b0054829d2be4ae792bc9f161b9cea2f771b4

Download Submit
C:\Windows\System\WXyAAID.exe

Filesize
2.0MB

MD5
47f4c9b786e8aedc2bfc42c0476bdc0c

SHA1
76855accdab86685acdeafdd508a7e7efd1f9986

SHA256
3ad73abdbd3aa2be5f1d8aac4731b0a63ea1bc7a791a48b80fcc752d8ce0eeee

SHA512
b9eabf54717efd6a64656c4925c9c3ada21623d1a7cfd15f87f92ea3d71a32257534fb62adbbf2df1e7a18f66faa466adeda511b2d7876707bbe85c63e970581

Download Submit
C:\Windows\System\XadbvIB.exe

Filesize
2.1MB

MD5
355be8bdd2f8a7b5d49874472794fc1d

SHA1
e3cde60204fe8ffe669bce618adfc63ce6c28790

SHA256
cd21a2c5ac8e77713d4076b77112c328a78a4f746899213144e3bd515c7de806

SHA512
8630cbfc68e916d55a7c6c29d99fe91eb90028b9bfddb1c8ef0554b97aa1355e22a489ffa548308d8ba6b5301fa34c1a952ca0b3761ab4ee3d266dd7f5ff1f59

Download Submit
C:\Windows\System\YomPBex.exe

Filesize
2.0MB

MD5
6937c460e087250c7d801b80cc5b71de

SHA1
df401ec0ae87e7f2a439bafb545bd1f225f13307

SHA256
56f42df400b2b9732bba226ffdd8569aa69ebe0492c5c58262e913a1727a9901

SHA512
c0f49c54258d0677a95b96b9063c358b1904ee4dc5bf4fe7658d70b4a1e0584d8aa1675af41b4164564b84d816dd4ea93b4abf168e8632fc1c10492f48ee2233

Download Submit
C:\Windows\System\Zupulao.exe

Filesize
2.0MB

MD5
48386eec9ce63e5f0adceb7331a4068c

SHA1
9caeddb6562565dee6bdaad404e44586423068c2

SHA256
7a50b2bf0780e8fdec1b3a00db888da8da25e4453fc4217e3bf82787e5c728e3

SHA512
5eef783181999da5143fa1dc8a549043d7d774b5538bf7ee4236fc3ce00bb5fd1f1b059285c6aff0ac8bedc5c86ac17980a49906ada987a203f1686d744e5197

Download Submit
C:\Windows\System\aRpRpYA.exe

Filesize
2.1MB

MD5
2071a879684f1c0b2acd8731f6bc11c1

SHA1
b20ecb8adf5898dcb4607ef1e1c2fd3cfb2a8c63

SHA256
e235841a6d4127674616155c90e9365b4b3e4d20d3271a99460d914b0f115938

SHA512
bda4d3e5e2282f1c5b0268a54ed104cee4deb0ecfd441a1d98d1351797e9d492bb1949dfe221c1ee9f3ccb39a333f6a77222d14d0062d30d77a3ee9601c7ebed

Download Submit
C:\Windows\System\bdkukKA.exe

Filesize
2.1MB

MD5
5a040cc002ac31335363f6536a26947c

SHA1
8456735858308023da3c99e7f6224af6472d59fa

SHA256
696ee16b1fefd823ee3032fd9e0e76c8b857d186d85d7d6f95b9a6d602880ce8

SHA512
290ca8f8a76708d01083911043d560adcbf3375314add66e204722a2148f00b9359bf7c0bbbd3f905738e8ad53eae60ed7502570b75e51ec29accb8b2505f142

Download Submit
C:\Windows\System\bjZHTBE.exe

Filesize
2.1MB

MD5
0bf56e8a615b69d312a8a3ade2578296

SHA1
2da2d5ee2565e4cc7a0263cb9c958737a63083f9

SHA256
eed0d62316537e84455a8d1ef8a1e721951663e1aa3b542bb2c764cd2f86295d

SHA512
6a17e79d7a154c8b5988b699d2f8c41936a6e9784d9b451556275463020a31c147e85645d2f0aa6d07922894f3920138aef010b9fd87b970ffdd22a77ebd666b

Download Submit
C:\Windows\System\cBYcFFx.exe

Filesize
2.0MB

MD5
064e4a8723d0c51ef1c1c4693c33acb6

SHA1
9fdb59451683bac8d52745cf709e0de3ef31531a

SHA256
909d350f5c87d651e9a7b80ff0e9e2795904550daf7de1d6da4d761fddd484ba

SHA512
23ae05d07c34cce943b1ecab063a6325c06192749b8a37a4e29d6e43f7d0713946e413063a9c57a0bc1f28cccd790e77a355cf786409794a6447c2712fd1385a

Download Submit
C:\Windows\System\dNkcafb.exe

Filesize
2.1MB

MD5
491a2fa37d48b3dca1b358b8780dd5c8

SHA1
a3dd0e5c9076be9e325a3413dccc5b6b55fcad93

SHA256
92332fb18225d05f0d54b2befd02c21797f2ed33a720aa5ad5b5eca0ff894856

SHA512
0a740685dfcb765d89ed1f84d3c55d190d6ac62ea4c8d9dd034ce1509fbd25a2b0cae52e427541e8fe180e03b009da3b7e6250ef71e3fba37555e502e4e1cc60

Download Submit
C:\Windows\System\fLhHLJq.exe

Filesize
2.1MB

MD5
f3ed4018bee944148cc5a36042734558

SHA1
fd04c03f2899bdb72fbdb6be40f46e9d47de7000

SHA256
e26b68e92029a4eb7039c5370e370ccc56e61c896052500c11d4d6694d803430

SHA512
a61057addb102b14f6daf79bbca7607c11d5ea54ce68fa4adc91c5e3cff07d4ac4b3a0ce0dc26082879ac1494f66849f988c29337d5b59f2c72e1a15e862acac

Download Submit
C:\Windows\System\kgLHcSm.exe

Filesize
2.0MB

MD5
4f1e1053b37cb82848bdcb8fd76a9138

SHA1
d6ec9433704f06ad4c08a347ad757af7b569c1af

SHA256
631384f8e715cc2fa0085db1506d488f056907554bf7253fbe3d9469af83688b

SHA512
443626ea7939bf99be9982d0ec80da2436c48321c471a348cfbd60465fd326e55839ea3660abfa75c89d0f075dc5da1bae72302e505adca09a52df4053cd11b4

Download Submit
C:\Windows\System\mawsYjJ.exe

Filesize
2.1MB

MD5
3f42853ac37bae83b6798aaa20469d17

SHA1
b70e575e91535f37252879ea3d270d7d4224dbf7

SHA256
78f2277afc9bb6a15f8d2233495a741f06469d97a0b2dc2fcf6776613e220f19

SHA512
e85c3527c6d1d865321f07de6eb515eab110aa2c0ba25f3bfef0ff9db1ebb725b74751fa4a2f8c9eb6f48e12a68a97472791da4c9b738504c984957f01dc417a

Download Submit
C:\Windows\System\mfkfnpk.exe

Filesize
2.1MB

MD5
69c0cc5fa1fb08c4b0e4694d14db3eff

SHA1
97b357a24d28c74f1fb54f213a345da5eca90daa

SHA256
13b9d101a36ab06b70751bca44fb404c2ead09bca1e366197e6f9949a1b0da7d

SHA512
5db71dd3a2ed12876e0ac2d2fbec522dab145043423b22d9483e1e5b4f450d11fe391745e33a393566d58fae1e0294f30e4a48f66e3add66f93f69b158163d39

Download Submit
C:\Windows\System\qCguwTZ.exe

Filesize
2.1MB

MD5
05ec0f93e217361c3c3bcee910a85fe8

SHA1
a306d60bc0598120149c1ed6790d9d55a5acc191

SHA256
5ad3f0fc2ee3bb69912e125386818e584a38db93a7582609c6a3c09a0d27e73a

SHA512
a5fa4d7c7ae343194dc608c28fde5cc7f8ebfa6ce5e75b9e3b40ffd9d84f2b99f8d3a78954e3c196c774b77bd303207e5c9c51a1473c4c8286f4874c1871c4bc

Download Submit
C:\Windows\System\reYbxfH.exe

Filesize
2.0MB

MD5
d0809334074cc6e8d7ffb039f616fa3c

SHA1
ff72e4af9585b5026c2cdac8007262255ac7a9e4

SHA256
3dccd785e4bd66c2fe70003618357987c2d0186001da75755b1125f7550edf99

SHA512
e8f9b5a4ad1f0e235b957acf034febc5fabc9ffdd0d35d5ed087c2478b101db5f441621113199ec7e1eebb9495e7927a704066989454e24391211044737b77ac

Download Submit
C:\Windows\System\ruRBWgM.exe

Filesize
2.1MB

MD5
072d8775d89984291a5efeae98be3dda

SHA1
ea8dd427926208d63c1373fa4a488aa7ddc92506

SHA256
6726c05147a5e5780476ce310f48e24101dacab875f58d07fdd5193b99c03345

SHA512
8ca1707fac6aac0d067a3409e8c9f8b4ec798106730eeb1de5c7cb31d92c8055b33b9c41ace515de64d20b06c0dce04e94ca8011b75b64a63eb5824190098267

Download Submit
C:\Windows\System\tBqIcyo.exe

Filesize
2.0MB

MD5
c4b860e0a1797c5fbe4900741539ae48

SHA1
a8d2089ef75c7338e1c73bfd91723f9fa96a14ac

SHA256
5b00468b8fd4cba26c9b8e0718781ead42bf566b6904d8c3ac899396488f72d7

SHA512
8f5806f251105559e208bc10689ccb6cc7e78ec48867a317bdd10ad05c29eb9f81865f65f9371c4843b92e0b513b2a04800868d20f87a8488c4e6a36b6cc42b0

Download Submit
C:\Windows\System\vdbHZcg.exe

Filesize
2.0MB

MD5
c80bcef58170b3e55bef09bfb7a30b5f

SHA1
5562ac1a6b1f5a55554e41f15725fe5ff41df6cb

SHA256
8664d738557ca71768dbc580481a6e40d78e51cda8de6e2d7447fa99679f2258

SHA512
d309f396ae7c5c6248f7646cb277fe8c62c7355e43e9bc55dae41f67660f376532bf140db5eebc8313368b9742c6a88e418ad2db922ee41c5afda0e8136fd491

Download Submit
C:\Windows\System\wlWLRJz.exe

Filesize
2.0MB

MD5
e7f205036e74af3772bb5a48acd5419d

SHA1
311b4b466ca16533c958f2876015dc128139595a

SHA256
1469d66fa05182a9bc96d64dd2767d862886caf4056505701f8aa01cb6725960

SHA512
96abee957caad5b366400adab6fea2004e02ad74c1e64350fa62cef4a4dfc4c72f62696d17a882f962405ef67ffe75b40cc6cbaab9b97eecb4e2460f5a5ea093

Download Submit
C:\Windows\System\zolTtnJ.exe

Filesize
2.1MB

MD5
e3769fa0954d396d7ff47a4835453713

SHA1
e00e922ce90e57aaa7366de0729287e681104569

SHA256
b4b00bcc21b80c8e5fb684feb94794bc09449b8cdcdf04ed7baddacb19e9499a

SHA512
c3a6d516fe93d9518e9b185262d05fa95dffba117c85c3f7e32c42d659ae8236229e57f8d0474f818ca398eb016214378f38168d88f21ee910ac2edc5e794a51

Download Submit
memory/4464-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download