xmrig | 8615de049bfed21cda29429089f35003a71ebdfc55e545d4a2735e6c2ab0ecc3

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 03:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
Size

1.5MB
MD5

5abc2ec8b91d6473124685938a86ec20
SHA1

0f80b5dc2270de5771d9d7711c182f2e702bea7c
SHA256

8615de049bfed21cda29429089f35003a71ebdfc55e545d4a2735e6c2ab0ecc3
SHA512

448607e7557af0220e56bbb09aa5a643c057976600c776e216065cb161f2b6984e96ce0211858259e7da8d67736e450c34d5f3b94df6780bc9259806c59e78c5
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwI6KQGyXVxZVMrx:GemTLkNdfE0pZat

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000900000002327a-10.dat	xmrig
behavioral2/files/0x0007000000023412-15.dat	xmrig
behavioral2/files/0x0007000000023413-20.dat	xmrig
behavioral2/files/0x0008000000023411-18.dat	xmrig
behavioral2/files/0x0007000000023414-23.dat	xmrig
behavioral2/files/0x0007000000023415-29.dat	xmrig
behavioral2/files/0x0007000000023416-34.dat	xmrig
behavioral2/files/0x0007000000023417-41.dat	xmrig
behavioral2/files/0x000800000002340f-42.dat	xmrig
behavioral2/files/0x0007000000023418-50.dat	xmrig
behavioral2/files/0x0007000000023419-55.dat	xmrig
behavioral2/files/0x000700000002341a-59.dat	xmrig
behavioral2/files/0x000700000002341b-64.dat	xmrig
behavioral2/files/0x000700000002341c-70.dat	xmrig
behavioral2/files/0x000700000002341d-74.dat	xmrig
behavioral2/files/0x000700000002341e-80.dat	xmrig
behavioral2/files/0x000700000002341f-83.dat	xmrig
behavioral2/files/0x0007000000023420-91.dat	xmrig
behavioral2/files/0x0007000000023421-92.dat	xmrig
behavioral2/files/0x0007000000023422-99.dat	xmrig
behavioral2/files/0x0007000000023423-104.dat	xmrig
behavioral2/files/0x000c000000023383-107.dat	xmrig
behavioral2/files/0x0007000000023424-110.dat	xmrig
behavioral2/files/0x0007000000023425-120.dat	xmrig
behavioral2/files/0x0007000000023426-124.dat	xmrig
behavioral2/files/0x000c0000000006c3-130.dat	xmrig
behavioral2/files/0x0007000000023428-137.dat	xmrig
behavioral2/files/0x000700000002342a-153.dat	xmrig
behavioral2/files/0x000700000002342c-162.dat	xmrig
behavioral2/files/0x000700000002342b-158.dat	xmrig
behavioral2/files/0x0007000000023429-147.dat	xmrig
behavioral2/files/0x0007000000023427-138.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	yvjMvzz.exe
1584	LJXAwTI.exe
1548	kXIdEld.exe
4268	yQWiTsT.exe
3788	GwacZpt.exe
532	iWIEoxR.exe
2604	UtWoqnS.exe
3152	BRYjOes.exe
4340	MAHLvWC.exe
540	TpEVXvs.exe
3140	GSZFbUx.exe
1932	zRwXagj.exe
3536	MWMjMuM.exe
1196	hBeLMLK.exe
3928	jmpCIrg.exe
3756	xUYgdkT.exe
4972	rzvuEpm.exe
5000	nxbGVmV.exe
3112	sVlRNvA.exe
4324	SaEgxVt.exe
1892	pczMxcT.exe
4468	QXqjeic.exe
1264	ZTsiREn.exe
4836	wEYjLxs.exe
1360	ftaVLvq.exe
1016	SVdVQJk.exe
2200	pUptmim.exe
4016	XilcwJQ.exe
648	rjTOnIc.exe
1124	pWPjlHc.exe
3492	UMiRrrR.exe
4092	lMtMaCr.exe
3452	pfLAmmi.exe
2236	vUVgTNR.exe
1608	aNZPAlf.exe
4264	oRRrtvq.exe
864	mSJvASo.exe
4880	CCVkoFL.exe
432	MQinYab.exe
4680	HTmRQWH.exe
3848	OkzvdKg.exe
3760	ThEHpcL.exe
756	zyKxVrb.exe
3308	jiYyRFX.exe
3736	ueNahXS.exe
1468	VFJaNHf.exe
4148	wjKfspV.exe
1056	dmVGcvI.exe
4192	aBIumYD.exe
3184	uYqNJdk.exe
3684	YnDfwaP.exe
3224	cHXQGLR.exe
1672	VJpxLtR.exe
228	ZVAvJRf.exe
828	FerpsvI.exe
4396	shAhRqM.exe
4712	qesMwtl.exe
3964	tzDoQmd.exe
3412	dvnbNYa.exe
5076	EPreCod.exe
1544	MbCJBKQ.exe
3472	ogZjYyh.exe
2020	yQdqKIo.exe
5104	VpUxgVj.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eNnPbBF.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\tRJjRiT.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\tNGDYqb.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\ueNahXS.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\MAHLvWC.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\IbuEPGK.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\MQinYab.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\CUwbqcT.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\rzvuEpm.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\XilcwJQ.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\xuuzCNc.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\VUXPfbx.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\zxmFGfq.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\hSJEFQO.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\sTxXFId.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\HsrjxvB.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\UtWoqnS.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\TefsAul.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\yQfHRdd.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\NtfzSak.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\pAZlNcL.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\aNZPAlf.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\jiYyRFX.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\RLCTHrj.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\QysglnJ.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\UMiRrrR.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\prIIpul.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\LJXAwTI.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\QXqjeic.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\hojbDMK.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\xGEtHie.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\ZTsiREn.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\ftaVLvq.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\vUVgTNR.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\YyAjxhC.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\pOdfJqx.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\TpEVXvs.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\DBhRBAu.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\sHBgwZi.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\HmPQRoh.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\aGwAsxj.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\hBeLMLK.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\aBIumYD.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\VegBrtj.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\ZAkApWk.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\hLqatYi.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\UiMDzxO.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\rUfhUcT.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\rMsZyYr.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\gDEPDWO.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\XeQRLod.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\JKMvsZP.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\yQWiTsT.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\VpUxgVj.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\CVLWqGP.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\DopbikL.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\yvjMvzz.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\iouoOiX.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\HFOXyLa.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\xUYgdkT.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\qpaABnm.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\qSwReTM.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\ThEHpcL.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
File created	C:\Windows\System\zRwXagj.exe	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 2860	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	82
PID 4868 wrote to memory of 2860	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	82
PID 4868 wrote to memory of 1584	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	83
PID 4868 wrote to memory of 1584	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	83
PID 4868 wrote to memory of 4268	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	84
PID 4868 wrote to memory of 4268	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	84
PID 4868 wrote to memory of 1548	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	85
PID 4868 wrote to memory of 1548	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	85
PID 4868 wrote to memory of 3788	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 3788	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 532	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	87
PID 4868 wrote to memory of 532	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	87
PID 4868 wrote to memory of 2604	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 2604	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 3152	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	89
PID 4868 wrote to memory of 3152	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	89
PID 4868 wrote to memory of 4340	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 4340	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 540	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 540	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 3140	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	93
PID 4868 wrote to memory of 3140	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	93
PID 4868 wrote to memory of 1932	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	94
PID 4868 wrote to memory of 1932	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	94
PID 4868 wrote to memory of 3536	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	96
PID 4868 wrote to memory of 3536	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	96
PID 4868 wrote to memory of 1196	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 1196	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 3928	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	98
PID 4868 wrote to memory of 3928	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	98
PID 4868 wrote to memory of 3756	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 3756	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 4972	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 4972	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 5000	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	102
PID 4868 wrote to memory of 5000	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	102
PID 4868 wrote to memory of 3112	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	103
PID 4868 wrote to memory of 3112	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	103
PID 4868 wrote to memory of 4324	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	104
PID 4868 wrote to memory of 4324	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	104
PID 4868 wrote to memory of 1892	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 1892	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 4468	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	106
PID 4868 wrote to memory of 4468	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	106
PID 4868 wrote to memory of 1264	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	107
PID 4868 wrote to memory of 1264	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	107
PID 4868 wrote to memory of 4836	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	108
PID 4868 wrote to memory of 4836	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	108
PID 4868 wrote to memory of 1360	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	109
PID 4868 wrote to memory of 1360	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	109
PID 4868 wrote to memory of 1016	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	110
PID 4868 wrote to memory of 1016	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	110
PID 4868 wrote to memory of 2200	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	111
PID 4868 wrote to memory of 2200	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	111
PID 4868 wrote to memory of 4016	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	112
PID 4868 wrote to memory of 4016	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	112
PID 4868 wrote to memory of 648	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	113
PID 4868 wrote to memory of 648	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	113
PID 4868 wrote to memory of 1124	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	114
PID 4868 wrote to memory of 1124	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	114
PID 4868 wrote to memory of 3492	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	115
PID 4868 wrote to memory of 3492	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	115
PID 4868 wrote to memory of 4092	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	116
PID 4868 wrote to memory of 4092	4868	5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5abc2ec8b91d6473124685938a86ec20_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\System\yvjMvzz.exe
  C:\Windows\System\yvjMvzz.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\LJXAwTI.exe
  C:\Windows\System\LJXAwTI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\yQWiTsT.exe
  C:\Windows\System\yQWiTsT.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\kXIdEld.exe
  C:\Windows\System\kXIdEld.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GwacZpt.exe
  C:\Windows\System\GwacZpt.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\iWIEoxR.exe
  C:\Windows\System\iWIEoxR.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\UtWoqnS.exe
  C:\Windows\System\UtWoqnS.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\BRYjOes.exe
  C:\Windows\System\BRYjOes.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\MAHLvWC.exe
  C:\Windows\System\MAHLvWC.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\TpEVXvs.exe
  C:\Windows\System\TpEVXvs.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\GSZFbUx.exe
  C:\Windows\System\GSZFbUx.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\zRwXagj.exe
  C:\Windows\System\zRwXagj.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MWMjMuM.exe
  C:\Windows\System\MWMjMuM.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\hBeLMLK.exe
  C:\Windows\System\hBeLMLK.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\jmpCIrg.exe
  C:\Windows\System\jmpCIrg.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\xUYgdkT.exe
  C:\Windows\System\xUYgdkT.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\rzvuEpm.exe
  C:\Windows\System\rzvuEpm.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\nxbGVmV.exe
  C:\Windows\System\nxbGVmV.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\sVlRNvA.exe
  C:\Windows\System\sVlRNvA.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\SaEgxVt.exe
  C:\Windows\System\SaEgxVt.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\pczMxcT.exe
  C:\Windows\System\pczMxcT.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\QXqjeic.exe
  C:\Windows\System\QXqjeic.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\ZTsiREn.exe
  C:\Windows\System\ZTsiREn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\wEYjLxs.exe
  C:\Windows\System\wEYjLxs.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\ftaVLvq.exe
  C:\Windows\System\ftaVLvq.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\SVdVQJk.exe
  C:\Windows\System\SVdVQJk.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\pUptmim.exe
  C:\Windows\System\pUptmim.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\XilcwJQ.exe
  C:\Windows\System\XilcwJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\rjTOnIc.exe
  C:\Windows\System\rjTOnIc.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\pWPjlHc.exe
  C:\Windows\System\pWPjlHc.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\UMiRrrR.exe
  C:\Windows\System\UMiRrrR.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\lMtMaCr.exe
  C:\Windows\System\lMtMaCr.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\pfLAmmi.exe
  C:\Windows\System\pfLAmmi.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\vUVgTNR.exe
  C:\Windows\System\vUVgTNR.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\aNZPAlf.exe
  C:\Windows\System\aNZPAlf.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\oRRrtvq.exe
  C:\Windows\System\oRRrtvq.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\mSJvASo.exe
  C:\Windows\System\mSJvASo.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\CCVkoFL.exe
  C:\Windows\System\CCVkoFL.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\MQinYab.exe
  C:\Windows\System\MQinYab.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\HTmRQWH.exe
  C:\Windows\System\HTmRQWH.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\OkzvdKg.exe
  C:\Windows\System\OkzvdKg.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\ThEHpcL.exe
  C:\Windows\System\ThEHpcL.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\zyKxVrb.exe
  C:\Windows\System\zyKxVrb.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\jiYyRFX.exe
  C:\Windows\System\jiYyRFX.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\ueNahXS.exe
  C:\Windows\System\ueNahXS.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\VFJaNHf.exe
  C:\Windows\System\VFJaNHf.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\wjKfspV.exe
  C:\Windows\System\wjKfspV.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\dmVGcvI.exe
  C:\Windows\System\dmVGcvI.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\aBIumYD.exe
  C:\Windows\System\aBIumYD.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\uYqNJdk.exe
  C:\Windows\System\uYqNJdk.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\YnDfwaP.exe
  C:\Windows\System\YnDfwaP.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\cHXQGLR.exe
  C:\Windows\System\cHXQGLR.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\VJpxLtR.exe
  C:\Windows\System\VJpxLtR.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ZVAvJRf.exe
  C:\Windows\System\ZVAvJRf.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\FerpsvI.exe
  C:\Windows\System\FerpsvI.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\shAhRqM.exe
  C:\Windows\System\shAhRqM.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\qesMwtl.exe
  C:\Windows\System\qesMwtl.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\tzDoQmd.exe
  C:\Windows\System\tzDoQmd.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\dvnbNYa.exe
  C:\Windows\System\dvnbNYa.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\EPreCod.exe
  C:\Windows\System\EPreCod.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\MbCJBKQ.exe
  C:\Windows\System\MbCJBKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ogZjYyh.exe
  C:\Windows\System\ogZjYyh.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\yQdqKIo.exe
  C:\Windows\System\yQdqKIo.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\VpUxgVj.exe
  C:\Windows\System\VpUxgVj.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\ydHOXqC.exe
  C:\Windows\System\ydHOXqC.exe
  2⤵
  PID:3400
- C:\Windows\System\iouoOiX.exe
  C:\Windows\System\iouoOiX.exe
  2⤵
  PID:4628
- C:\Windows\System\EvUlUpY.exe
  C:\Windows\System\EvUlUpY.exe
  2⤵
  PID:1952
- C:\Windows\System\ygVfNRM.exe
  C:\Windows\System\ygVfNRM.exe
  2⤵
  PID:440
- C:\Windows\System\fvDxqYD.exe
  C:\Windows\System\fvDxqYD.exe
  2⤵
  PID:4656
- C:\Windows\System\gYtZmBZ.exe
  C:\Windows\System\gYtZmBZ.exe
  2⤵
  PID:3368
- C:\Windows\System\axciHAo.exe
  C:\Windows\System\axciHAo.exe
  2⤵
  PID:4940
- C:\Windows\System\pvqenrU.exe
  C:\Windows\System\pvqenrU.exe
  2⤵
  PID:4564
- C:\Windows\System\PzDqvfC.exe
  C:\Windows\System\PzDqvfC.exe
  2⤵
  PID:3232
- C:\Windows\System\vmNyjOI.exe
  C:\Windows\System\vmNyjOI.exe
  2⤵
  PID:4020
- C:\Windows\System\yiucVYw.exe
  C:\Windows\System\yiucVYw.exe
  2⤵
  PID:3792
- C:\Windows\System\sYPaZNt.exe
  C:\Windows\System\sYPaZNt.exe
  2⤵
  PID:1364
- C:\Windows\System\LOzaYfQ.exe
  C:\Windows\System\LOzaYfQ.exe
  2⤵
  PID:2612
- C:\Windows\System\ovXsqEB.exe
  C:\Windows\System\ovXsqEB.exe
  2⤵
  PID:1540
- C:\Windows\System\tpmHoJV.exe
  C:\Windows\System\tpmHoJV.exe
  2⤵
  PID:760
- C:\Windows\System\BNbBEGr.exe
  C:\Windows\System\BNbBEGr.exe
  2⤵
  PID:1984
- C:\Windows\System\GQuTHQC.exe
  C:\Windows\System\GQuTHQC.exe
  2⤵
  PID:1616
- C:\Windows\System\pxArHFN.exe
  C:\Windows\System\pxArHFN.exe
  2⤵
  PID:3612
- C:\Windows\System\MzeIoNk.exe
  C:\Windows\System\MzeIoNk.exe
  2⤵
  PID:5004
- C:\Windows\System\RITkUDX.exe
  C:\Windows\System\RITkUDX.exe
  2⤵
  PID:4160
- C:\Windows\System\prIIpul.exe
  C:\Windows\System\prIIpul.exe
  2⤵
  PID:4892
- C:\Windows\System\hXACBmI.exe
  C:\Windows\System\hXACBmI.exe
  2⤵
  PID:1864
- C:\Windows\System\fDrPWrr.exe
  C:\Windows\System\fDrPWrr.exe
  2⤵
  PID:732
- C:\Windows\System\TefsAul.exe
  C:\Windows\System\TefsAul.exe
  2⤵
  PID:5072
- C:\Windows\System\ngUBviA.exe
  C:\Windows\System\ngUBviA.exe
  2⤵
  PID:1248
- C:\Windows\System\CUwbqcT.exe
  C:\Windows\System\CUwbqcT.exe
  2⤵
  PID:3992
- C:\Windows\System\GnbClqc.exe
  C:\Windows\System\GnbClqc.exe
  2⤵
  PID:4360
- C:\Windows\System\FrVLQML.exe
  C:\Windows\System\FrVLQML.exe
  2⤵
  PID:2052
- C:\Windows\System\hojbDMK.exe
  C:\Windows\System\hojbDMK.exe
  2⤵
  PID:2584
- C:\Windows\System\NjxYYpx.exe
  C:\Windows\System\NjxYYpx.exe
  2⤵
  PID:5036
- C:\Windows\System\VegBrtj.exe
  C:\Windows\System\VegBrtj.exe
  2⤵
  PID:1192
- C:\Windows\System\XVXVMKH.exe
  C:\Windows\System\XVXVMKH.exe
  2⤵
  PID:5144
- C:\Windows\System\iBSaSph.exe
  C:\Windows\System\iBSaSph.exe
  2⤵
  PID:5176
- C:\Windows\System\zIggnyd.exe
  C:\Windows\System\zIggnyd.exe
  2⤵
  PID:5208
- C:\Windows\System\VUXPfbx.exe
  C:\Windows\System\VUXPfbx.exe
  2⤵
  PID:5232
- C:\Windows\System\KOIVAeJ.exe
  C:\Windows\System\KOIVAeJ.exe
  2⤵
  PID:5268
- C:\Windows\System\vnsiNYR.exe
  C:\Windows\System\vnsiNYR.exe
  2⤵
  PID:5292
- C:\Windows\System\sHBgwZi.exe
  C:\Windows\System\sHBgwZi.exe
  2⤵
  PID:5328
- C:\Windows\System\oJxKgGH.exe
  C:\Windows\System\oJxKgGH.exe
  2⤵
  PID:5352
- C:\Windows\System\DgHFnID.exe
  C:\Windows\System\DgHFnID.exe
  2⤵
  PID:5384
- C:\Windows\System\PFwYsRB.exe
  C:\Windows\System\PFwYsRB.exe
  2⤵
  PID:5408
- C:\Windows\System\CVLWqGP.exe
  C:\Windows\System\CVLWqGP.exe
  2⤵
  PID:5436
- C:\Windows\System\yFYTfCx.exe
  C:\Windows\System\yFYTfCx.exe
  2⤵
  PID:5464
- C:\Windows\System\vmIvUwa.exe
  C:\Windows\System\vmIvUwa.exe
  2⤵
  PID:5492
- C:\Windows\System\KCgOfde.exe
  C:\Windows\System\KCgOfde.exe
  2⤵
  PID:5520
- C:\Windows\System\ebmJuiQ.exe
  C:\Windows\System\ebmJuiQ.exe
  2⤵
  PID:5552
- C:\Windows\System\GpeTBDi.exe
  C:\Windows\System\GpeTBDi.exe
  2⤵
  PID:5576
- C:\Windows\System\IVdNYIr.exe
  C:\Windows\System\IVdNYIr.exe
  2⤵
  PID:5612
- C:\Windows\System\HFOXyLa.exe
  C:\Windows\System\HFOXyLa.exe
  2⤵
  PID:5648
- C:\Windows\System\yQfHRdd.exe
  C:\Windows\System\yQfHRdd.exe
  2⤵
  PID:5664
- C:\Windows\System\BlPKCdf.exe
  C:\Windows\System\BlPKCdf.exe
  2⤵
  PID:5692
- C:\Windows\System\rtxnTWz.exe
  C:\Windows\System\rtxnTWz.exe
  2⤵
  PID:5720
- C:\Windows\System\xGEtHie.exe
  C:\Windows\System\xGEtHie.exe
  2⤵
  PID:5748
- C:\Windows\System\aUsqhyb.exe
  C:\Windows\System\aUsqhyb.exe
  2⤵
  PID:5764
- C:\Windows\System\tmEsRFG.exe
  C:\Windows\System\tmEsRFG.exe
  2⤵
  PID:5792
- C:\Windows\System\hLqatYi.exe
  C:\Windows\System\hLqatYi.exe
  2⤵
  PID:5832
- C:\Windows\System\MiCVkyh.exe
  C:\Windows\System\MiCVkyh.exe
  2⤵
  PID:5860
- C:\Windows\System\lYMytEz.exe
  C:\Windows\System\lYMytEz.exe
  2⤵
  PID:5888
- C:\Windows\System\JwUSEnz.exe
  C:\Windows\System\JwUSEnz.exe
  2⤵
  PID:5916
- C:\Windows\System\YyAjxhC.exe
  C:\Windows\System\YyAjxhC.exe
  2⤵
  PID:5944
- C:\Windows\System\vEqfbLy.exe
  C:\Windows\System\vEqfbLy.exe
  2⤵
  PID:5968
- C:\Windows\System\qSwReTM.exe
  C:\Windows\System\qSwReTM.exe
  2⤵
  PID:6008
- C:\Windows\System\zxmFGfq.exe
  C:\Windows\System\zxmFGfq.exe
  2⤵
  PID:6036
- C:\Windows\System\rMsZyYr.exe
  C:\Windows\System\rMsZyYr.exe
  2⤵
  PID:6052
- C:\Windows\System\UeYjJsY.exe
  C:\Windows\System\UeYjJsY.exe
  2⤵
  PID:6068
- C:\Windows\System\zTStEcP.exe
  C:\Windows\System\zTStEcP.exe
  2⤵
  PID:6096
- C:\Windows\System\QalxWcO.exe
  C:\Windows\System\QalxWcO.exe
  2⤵
  PID:6124
- C:\Windows\System\NUCthIK.exe
  C:\Windows\System\NUCthIK.exe
  2⤵
  PID:5140
- C:\Windows\System\UiMDzxO.exe
  C:\Windows\System\UiMDzxO.exe
  2⤵
  PID:5188
- C:\Windows\System\rUfhUcT.exe
  C:\Windows\System\rUfhUcT.exe
  2⤵
  PID:5228
- C:\Windows\System\gDEPDWO.exe
  C:\Windows\System\gDEPDWO.exe
  2⤵
  PID:5312
- C:\Windows\System\fobWoGE.exe
  C:\Windows\System\fobWoGE.exe
  2⤵
  PID:5372
- C:\Windows\System\DBhRBAu.exe
  C:\Windows\System\DBhRBAu.exe
  2⤵
  PID:5432
- C:\Windows\System\tktXojK.exe
  C:\Windows\System\tktXojK.exe
  2⤵
  PID:5508
- C:\Windows\System\IbuEPGK.exe
  C:\Windows\System\IbuEPGK.exe
  2⤵
  PID:5588
- C:\Windows\System\rorRrWi.exe
  C:\Windows\System\rorRrWi.exe
  2⤵
  PID:5656
- C:\Windows\System\pOdfJqx.exe
  C:\Windows\System\pOdfJqx.exe
  2⤵
  PID:5704
- C:\Windows\System\cWiATgs.exe
  C:\Windows\System\cWiATgs.exe
  2⤵
  PID:5780
- C:\Windows\System\keZXWnW.exe
  C:\Windows\System\keZXWnW.exe
  2⤵
  PID:5848
- C:\Windows\System\zqYzkGF.exe
  C:\Windows\System\zqYzkGF.exe
  2⤵
  PID:5908
- C:\Windows\System\TvUbBQJ.exe
  C:\Windows\System\TvUbBQJ.exe
  2⤵
  PID:5988
- C:\Windows\System\aKUCpKP.exe
  C:\Windows\System\aKUCpKP.exe
  2⤵
  PID:6044
- C:\Windows\System\SJOncut.exe
  C:\Windows\System\SJOncut.exe
  2⤵
  PID:6080
- C:\Windows\System\NtfzSak.exe
  C:\Windows\System\NtfzSak.exe
  2⤵
  PID:6140
- C:\Windows\System\ISFnFdR.exe
  C:\Windows\System\ISFnFdR.exe
  2⤵
  PID:5164
- C:\Windows\System\fVmJxvw.exe
  C:\Windows\System\fVmJxvw.exe
  2⤵
  PID:5284
- C:\Windows\System\FQQUXHK.exe
  C:\Windows\System\FQQUXHK.exe
  2⤵
  PID:5572
- C:\Windows\System\pAZlNcL.exe
  C:\Windows\System\pAZlNcL.exe
  2⤵
  PID:5812
- C:\Windows\System\eNnPbBF.exe
  C:\Windows\System\eNnPbBF.exe
  2⤵
  PID:6032
- C:\Windows\System\RYazQKf.exe
  C:\Windows\System\RYazQKf.exe
  2⤵
  PID:5224
- C:\Windows\System\pOhYsgH.exe
  C:\Windows\System\pOhYsgH.exe
  2⤵
  PID:5504
- C:\Windows\System\XLXtrPm.exe
  C:\Windows\System\XLXtrPm.exe
  2⤵
  PID:5844
- C:\Windows\System\ONaZsLo.exe
  C:\Windows\System\ONaZsLo.exe
  2⤵
  PID:6148
- C:\Windows\System\hSJEFQO.exe
  C:\Windows\System\hSJEFQO.exe
  2⤵
  PID:6168
- C:\Windows\System\HmPQRoh.exe
  C:\Windows\System\HmPQRoh.exe
  2⤵
  PID:6216
- C:\Windows\System\MipQPEG.exe
  C:\Windows\System\MipQPEG.exe
  2⤵
  PID:6248
- C:\Windows\System\DopbikL.exe
  C:\Windows\System\DopbikL.exe
  2⤵
  PID:6276
- C:\Windows\System\aTwSnUi.exe
  C:\Windows\System\aTwSnUi.exe
  2⤵
  PID:6292
- C:\Windows\System\LrgkvXQ.exe
  C:\Windows\System\LrgkvXQ.exe
  2⤵
  PID:6324
- C:\Windows\System\tRJjRiT.exe
  C:\Windows\System\tRJjRiT.exe
  2⤵
  PID:6352
- C:\Windows\System\jcXfjwD.exe
  C:\Windows\System\jcXfjwD.exe
  2⤵
  PID:6388
- C:\Windows\System\LaOEykN.exe
  C:\Windows\System\LaOEykN.exe
  2⤵
  PID:6416
- C:\Windows\System\ZVttjBv.exe
  C:\Windows\System\ZVttjBv.exe
  2⤵
  PID:6432
- C:\Windows\System\XeQRLod.exe
  C:\Windows\System\XeQRLod.exe
  2⤵
  PID:6460
- C:\Windows\System\tfDwaYn.exe
  C:\Windows\System\tfDwaYn.exe
  2⤵
  PID:6488
- C:\Windows\System\nchSTPE.exe
  C:\Windows\System\nchSTPE.exe
  2⤵
  PID:6508
- C:\Windows\System\kcOtdTN.exe
  C:\Windows\System\kcOtdTN.exe
  2⤵
  PID:6532
- C:\Windows\System\sTxXFId.exe
  C:\Windows\System\sTxXFId.exe
  2⤵
  PID:6552
- C:\Windows\System\xuuzCNc.exe
  C:\Windows\System\xuuzCNc.exe
  2⤵
  PID:6568
- C:\Windows\System\BwxDjkd.exe
  C:\Windows\System\BwxDjkd.exe
  2⤵
  PID:6596
- C:\Windows\System\JKMvsZP.exe
  C:\Windows\System\JKMvsZP.exe
  2⤵
  PID:6624
- C:\Windows\System\JFFdEnI.exe
  C:\Windows\System\JFFdEnI.exe
  2⤵
  PID:6656
- C:\Windows\System\HsrjxvB.exe
  C:\Windows\System\HsrjxvB.exe
  2⤵
  PID:6684
- C:\Windows\System\cZjGqvA.exe
  C:\Windows\System\cZjGqvA.exe
  2⤵
  PID:6724
- C:\Windows\System\IjPKwHG.exe
  C:\Windows\System\IjPKwHG.exe
  2⤵
  PID:6756
- C:\Windows\System\rYYWhMc.exe
  C:\Windows\System\rYYWhMc.exe
  2⤵
  PID:6772
- C:\Windows\System\PXzyAgp.exe
  C:\Windows\System\PXzyAgp.exe
  2⤵
  PID:6800
- C:\Windows\System\QxikzyT.exe
  C:\Windows\System\QxikzyT.exe
  2⤵
  PID:6828
- C:\Windows\System\tNGDYqb.exe
  C:\Windows\System\tNGDYqb.exe
  2⤵
  PID:6856
- C:\Windows\System\QysglnJ.exe
  C:\Windows\System\QysglnJ.exe
  2⤵
  PID:6876
- C:\Windows\System\SUCBPDM.exe
  C:\Windows\System\SUCBPDM.exe
  2⤵
  PID:6892
- C:\Windows\System\aGwAsxj.exe
  C:\Windows\System\aGwAsxj.exe
  2⤵
  PID:6920
- C:\Windows\System\QVDvwpV.exe
  C:\Windows\System\QVDvwpV.exe
  2⤵
  PID:6956
- C:\Windows\System\RLCTHrj.exe
  C:\Windows\System\RLCTHrj.exe
  2⤵
  PID:6992
- C:\Windows\System\WldVCHZ.exe
  C:\Windows\System\WldVCHZ.exe
  2⤵
  PID:7028
- C:\Windows\System\oHsDjoj.exe
  C:\Windows\System\oHsDjoj.exe
  2⤵
  PID:7052
- C:\Windows\System\ZAkApWk.exe
  C:\Windows\System\ZAkApWk.exe
  2⤵
  PID:7088
- C:\Windows\System\PfMKOas.exe
  C:\Windows\System\PfMKOas.exe
  2⤵
  PID:7112
- C:\Windows\System\qpaABnm.exe
  C:\Windows\System\qpaABnm.exe
  2⤵
  PID:7156
- C:\Windows\System\jXJjuTG.exe
  C:\Windows\System\jXJjuTG.exe
  2⤵
  PID:6084
- C:\Windows\System\EVKOgpC.exe
  C:\Windows\System\EVKOgpC.exe
  2⤵
  PID:6224
- C:\Windows\System\QSuaMEs.exe
  C:\Windows\System\QSuaMEs.exe
  2⤵
  PID:6260
- C:\Windows\System\ndxaJZP.exe
  C:\Windows\System\ndxaJZP.exe
  2⤵
  PID:6288
- C:\Windows\System\ulQZcYm.exe
  C:\Windows\System\ulQZcYm.exe
  2⤵
  PID:6372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BRYjOes.exe

Filesize
1.5MB

MD5
fd6882553a2c994a342c3ba287a7f2f1

SHA1
7cd5f83f64c8340601f99e8e70d0689190509555

SHA256
d72306e8d609119b1c87c59aed90f99001521c757145883908a4bf1b567f636e

SHA512
b174449d0e7c728304549aa7b10642e69ea697114cbbf37132cd53bf237c8b6eeaca34e7d023e472e90c19a70b51a55321fe3feca74573f1c1f4460c1650fed7

Download Submit
C:\Windows\System\GSZFbUx.exe

Filesize
1.5MB

MD5
e9cb9ea31bc9011f451fc1dea78dbeab

SHA1
c2ed8729637e47b960f5bfcb825c97372f0c634e

SHA256
b8308c5da6f05d2c06c190000ed9f57f5f48d94c50fc1a0bbcb8e48bac573116

SHA512
a7ce631c7c820dd9830d17151565a5cd761a3af84672313e7df3c2e47433a05ad65d23718c311be4447a1c9b04cddf3b8773dc052498e81379b82ff496755bbd

Download Submit
C:\Windows\System\GwacZpt.exe

Filesize
1.5MB

MD5
0c8cb34af6a8a41c0594fe17aa6088c8

SHA1
806a4ac627682128a02794764c5a25262d536746

SHA256
d372f3756fedd11fbf4c0748b15633907dde430752310366e455755a46a90ca2

SHA512
467ab21590e76ca0238a774ccb8a4e0b2200d408ffeb3fd1074105567e0c22cf7341d4c647168000b0568fe52c49bf4dbb4c7da4f9d7929965115b08323e79ca

Download Submit
C:\Windows\System\LJXAwTI.exe

Filesize
1.5MB

MD5
eac8ca88913b4d451af88499c60e9a48

SHA1
daf63cd7156f677c8c47a27c3c29004246990ee0

SHA256
c3e0123c9b004fb83bb66e04363f61c7173bba6ef14807051f128b65724440e1

SHA512
ba50f4937d5f7af462527e19d445a42207dba4f6075c15cc4af071d914bbbb10ddc8621cf1e55e0e6ee887980aa6f423807b782ffe6e99069a0abf2286900fbe

Download Submit
C:\Windows\System\MAHLvWC.exe

Filesize
1.5MB

MD5
8bed1de7016989460b5d896175103a92

SHA1
2b4007fdc1d2c349db6d54d63378795cf934f999

SHA256
bd4702596432522b3012162159bf5e8949e607440fe87856e977073b520810d9

SHA512
ceefca8a42d2b96830aae4a66b11b7314b7ba177e43e2334b0b35dfc7ebad7303f0e67cdd3ccba43488d1b625b69e565f3648901da3b867c4aba738cf619c884

Download Submit
C:\Windows\System\MWMjMuM.exe

Filesize
1.5MB

MD5
ff24b75fa7b5b13e0567713507ee024f

SHA1
0902679420e2d8b9d27e51882c0f119b3f9cddbf

SHA256
771e888a36e4ed0bc138e489957956317c23beb9ef71358be66d62e9e1d5f5e4

SHA512
43fd83641125b51c34b4a2c6e7940ab9e4245d1ea8054d533491a8815e612dae853dc262555319d33d2091776b5b0d592f44e1764090f59d24c42e76f7db404b

Download Submit
C:\Windows\System\QXqjeic.exe

Filesize
1.5MB

MD5
7b96a0227ea2abfe0e2e503290edd0f3

SHA1
5f404c80b81991bb065af4ea12d53b543b0b76b1

SHA256
63d776fcab5e2dcb339f433bdf1ab1db49b807166130391a79f3b9d602e6757b

SHA512
bf568c73e2d01a389d8469092ea49e78272a08889f7fbb5ed433894460a8a730e9a23e835987e8625298fd1509fd1e97c7804bded3fd5ae01d4a4ebef904b924

Download Submit
C:\Windows\System\SVdVQJk.exe

Filesize
1.5MB

MD5
a5d1d1b95ec6c62ca13f070231758a56

SHA1
3c7f734fdacc8120ccf4ee14855a03947fd90d6f

SHA256
45a5a884b3430d9121a0e0585571ea206d907e93927120cf0c0f3c9d7b618d63

SHA512
89c4c4d7168828d49e2468c97bcd3fb31b524a49e0d0b6b3d53da7bacdc0479011872447375bb80bce002a503139c15d59f9d5f5f11b02ee165466794a12e373

Download Submit
C:\Windows\System\SaEgxVt.exe

Filesize
1.5MB

MD5
e907873d8a01c1719026dd4e537f79e2

SHA1
53972a5a201e4ebd29be1c42479303f5503116eb

SHA256
ad348ec30d6ed9260d32ca0dd5b8866ebe726216ec2e46c167ec01b830b091ba

SHA512
35e7e7a6383c86f42745777b4a0e5f61f393b8d36c71f08051dd33d49d41055902686cd70e330d8991609b726a745c96f806bfbce0e90d6f021f5bd3a7c01b22

Download Submit
C:\Windows\System\TpEVXvs.exe

Filesize
1.5MB

MD5
ef96684130cd440d3a924b4915da80bc

SHA1
86b3740d8df11902a6e1396bc5b2b65fa2cb970a

SHA256
163c2479e0d7c553e2d45686d4314dd802cbccc4c6204f981b318e20f42e9626

SHA512
17d5c9f7184862fa9b61d2afaf8193bc73d904a4afc0b65d7117237a62a1d1fe2d23705bffd5700a58ccce6be8892e9232f2d0fef27b78c07b1fcd74c7b7cdaf

Download Submit
C:\Windows\System\UMiRrrR.exe

Filesize
1.5MB

MD5
f70667eb68635c8979d0af30020bf400

SHA1
2a6fb6742e240c9ddc7f04abb734c3a137bef729

SHA256
9d6fd373d09dda2575c817fd9b6b859b04b4d07d07b9c803f09cb746e302a7b5

SHA512
6ce469c1e35da914ceb03a8dd1dd0f0aaa8308fdb7b5e1f01da69d69133d4ce264ac4879dc16b7cfffbbc7c5ca2b260807120d6a49c3e4860bc7fdfcccdaf805

Download Submit
C:\Windows\System\UtWoqnS.exe

Filesize
1.5MB

MD5
e7dc7f473272111c9463e97571d0eb9f

SHA1
7447c67a72b71212026d81bba953f72629d01397

SHA256
af97666c4bdc4bea4c54c7a937728c14371549c528e93311bd9a01b168babfc4

SHA512
34b7f118d39becd6c0e23ed11864700be52caefd6aabacbaf7e4e58c354688139bfcb752ea395459e7eae0ad932e6c0c2d859f6adea577a105038bd0667854ef

Download Submit
C:\Windows\System\XilcwJQ.exe

Filesize
1.5MB

MD5
12a9870d10d55945335fcd94b132b835

SHA1
1d0b8a59628f6b8704209407f302c97388e0836f

SHA256
16f4c17cdb6a707f5a78700b8353e47d5e694d2b92694bda83977691335316f3

SHA512
2bc4a835e3b5431c08cd70478565c0688a1da4233d9bfdd0c18ea142e9098742ac387b6241d8802e9a90e74013e165ed787a7a2331c89149182c1e4f49fcfb14

Download Submit
C:\Windows\System\ZTsiREn.exe

Filesize
1.5MB

MD5
76a6a465102a8f8d299772c6b2d2e032

SHA1
6332603cd21f6c52a5190d83f635d6d9f568d16b

SHA256
80483f62804122c000c52b0c69af063f6ccefcd4e92b1686bca6d11d3cea8c9c

SHA512
18374fdeb3af3e82564d01dc112f9dbcc44c848d1cf983d88e32421c2c076b231494465652a1964e11eb504d936b96ddbf5ea0474f8db75e80748d4104614d68

Download Submit
C:\Windows\System\ftaVLvq.exe

Filesize
1.5MB

MD5
2d0afec6b252ea0524d65e548c747698

SHA1
6d137b38a5beb33a9c0eabb37c84dd2e8690b653

SHA256
850d13e9c2a629647a6a7f13b1f2fb5a64183b8c50a8ffd4d372dd942ae6709e

SHA512
c4e6b7607b5bc78dd7099edc0e0932165a75096c6c6742d866bf8a1a33f05393b184b3bb901fc388f8d87f556b036e1a4a5d091b4770904f05a2ba5db19fbaf0

Download Submit
C:\Windows\System\hBeLMLK.exe

Filesize
1.5MB

MD5
c792cede5bd5bbc8a61bf2718cc2b476

SHA1
0fb9d1859ebf3bda3d733e0a30134a46a7a46d72

SHA256
4db620b7ca8c1922142a4e655b2692d99bd4d9575935f86ccd19fbdcb63735a1

SHA512
03f1fdd51247e80232e4cb484ea25e6aab93fe4637cc36b60cf9944830e8c9341bd5e896ca9977e5a423b99642a79a4ad5dc610dc1333a065004a202058a1641

Download Submit
C:\Windows\System\iWIEoxR.exe

Filesize
1.5MB

MD5
99cf7d4353e38f7b043c7c65daf37ba5

SHA1
2e81e1ef8a8722949337c524bfd99bb887774896

SHA256
be0e8c100380489abf51e414937b18e3c446d7b96ce3a6517f4cb8478d42bcc1

SHA512
0f96016df96f99fd3b132d6870668c565ef15c9428c2f0e1f30ed5bbbfc2199753490f3725f0260d519ea27f4fd72062e0cdff4b1b5896b891e649610b331f55

Download Submit
C:\Windows\System\jmpCIrg.exe

Filesize
1.5MB

MD5
cdf7c251862c4033dee49044e8121d8b

SHA1
7bbafd0f687bbf3bb2a0f3d37ffacfe61a660bfc

SHA256
939cc7768720979d4708788b61715f6260473a3ff24311c6a6bee19854980fb8

SHA512
d0d04044a81ac3782412e54e187836e78ea022e66acfe2a58383f6f44972c904fb5029309d0637dc3cc3465424a3f33316f1ca3cf7c9a5e868c8c7f546b6358c

Download Submit
C:\Windows\System\kXIdEld.exe

Filesize
1.5MB

MD5
e99e42f4774c76ec8f49b52742e5d9c8

SHA1
7f2e7baf76925efe5e088402b3b3b5b7788584e1

SHA256
96f92c3c0b43dadbf09c52b4aa0b4e200f425f40c347b6ab621bca4f3851c651

SHA512
a38749e46477571e4c331d4a2e999c650d4e72c511b960ca60199f2c53026bfbb50ac78573770b73552a59384410f2707fa62d4ee002e0613240d17bb475e0a2

Download Submit
C:\Windows\System\lMtMaCr.exe

Filesize
1.5MB

MD5
61626e7ed9667b3845a24662b1861e60

SHA1
f131c3a72110c9be2e1073816e5caf57bbd4c1b8

SHA256
1fb968d75ccb1e7d78afa6251fa41c3aa897d96c0e32eb3bd7d15f5525a28b96

SHA512
1fadca7876f2bfa20012ecbaf49c39d483726c7c70d84d844374fb5116be8ca5b992ac7b798f0b3d8f6ab69d0c889b7938caf1cf52ac8ad24db71a7db5f053b4

Download Submit
C:\Windows\System\nxbGVmV.exe

Filesize
1.5MB

MD5
1c005318f82349db1dc422b38c35fd2c

SHA1
b764cfcc98168961dd1c176ed9a2098b8f89ad12

SHA256
2fe03ae5206f239c99128db81312b40b6d16c0bd6842a91ee214ea10484bd281

SHA512
a9b6c97564081f0fabcdec8f6dae049cb29cada02c58d06255a983d4a23144f0c02924f003b02df7ff1e2bba7ac763574ab3b908c0e993eee8ed60a1084974ad

Download Submit
C:\Windows\System\pUptmim.exe

Filesize
1.5MB

MD5
6c43fd8e1e0b93457aadfc33ea1b4673

SHA1
dc83dbe0a5a2cc20a24fb657244d1bf28b950907

SHA256
dacd739f53be982f599f51798a905c6ed8e5a3a4b437d3b9dce5a4f8e96c0597

SHA512
c55f73276af67e613234181c0079eaf7032bc09ce3c1d6f902fa6465d7ccba4f84e1da16432e6fc664fc72c736e73b8f2a7d9189e604f85808307c0b337be3db

Download Submit
C:\Windows\System\pWPjlHc.exe

Filesize
1.5MB

MD5
3230f1eb177b9eb379e093d1cac349de

SHA1
4b2089b9b693857d3bfb13742f002c4bdd48111c

SHA256
0e8339cd38735933a5552dd35f641e8cdc8db53fec67b42e37300eecd26ea974

SHA512
9ecd6c45249b2df49b6764314c0a3d2559e58557313c44b540a82ddd62a8f5530bd4660911de3a9b03ba50ed59d5d802a1975a50376d61c6005544a22bf3f55f

Download Submit
C:\Windows\System\pczMxcT.exe

Filesize
1.5MB

MD5
2b26e6cd5c90f1fca78668d544057be1

SHA1
7eb039544744ec5954ac3e9e8e388762d5dd032a

SHA256
08487283cc6445fbca588294a681dacaec055c2f77e55c528bb19d6002749e16

SHA512
ebd5e6c79c1357c2b9de84c320c1ba02d6019908b8caae6be1328acdcf5427ec5ba7a92a6878fef4108a09a79fb8d1d984d6ca63cb2d9ccb5dd0155182bfece0

Download Submit
C:\Windows\System\rjTOnIc.exe

Filesize
1.5MB

MD5
57850cb9b22a6f99ec6993a622f3fc2e

SHA1
9976d0b1cda59119e279dbb977619b4a66747146

SHA256
869adfb6c8ee120e0d3928932a8f631b0735d0d27780103f895ced46bf360b24

SHA512
d1bd85bfff0db9d619ca3df82e3b4a7a2eb53a2a7cead5f8f3dd1e33a2367c00ec3130f1984780e2439e55ca7c1e04fcae6f2c4c7ea787df1a50fdd23a2716bb

Download Submit
C:\Windows\System\rzvuEpm.exe

Filesize
1.5MB

MD5
c2824ce3eae70ce72a502d9a038315c0

SHA1
58fab241399f868e07dd07197a16f98bf29e8537

SHA256
29fdda61ac06a8ecfa580da7db4574505390984a900e03c71862ff9807e7ddcb

SHA512
fc69159dc6ca34f3ce0a5b677b76c99420beee404400846d6a3075361f7dce020e2e9899ef0f54930b3ab00a1caf1f3cb6651d26c6dc35be1358216ab6b2db03

Download Submit
C:\Windows\System\sVlRNvA.exe

Filesize
1.5MB

MD5
ec0e09a8ff84908bc8fb41483258c200

SHA1
1cd870126f5fa048abbd5b5cd95a1645d65ea015

SHA256
b6701c9a900132604d2c16b03bf15fb6ddc43798a360d9dd10c6fd2667d45674

SHA512
29c4f4147608af914be17a328610e518ac289515f2827562ce6fe82f6efda2adccc70dc8160a9bffef427a942f1bc08d48450e982e467db294270f54a8f27a0a

Download Submit
C:\Windows\System\wEYjLxs.exe

Filesize
1.5MB

MD5
18688ca8f04f277cac436b8e5383ceb9

SHA1
a04154b10c01653748af2c8b97f7e1f50778b53c

SHA256
f654dbf9b35c8572acbf1090be748f688a45066466c7e8afa05ecec4f65943db

SHA512
5e0b9e89be33d938ff10cdbc0b78c640d8e226a0d36d6d5de7e83ed716bb3976547d145f0c60efeae05d40465d07e890dec26e99a21ba1bcbb18687c81ec87ae

Download Submit
C:\Windows\System\xUYgdkT.exe

Filesize
1.5MB

MD5
054a4a2669ab12c960bcea4420c9ddbd

SHA1
42231a112f7a6ff81c89bf554598a71b458b6ba3

SHA256
069a5528ad20871e82a79cba7469d36338a270c002f54445b9fcc38c99cc620c

SHA512
129b38a3bb9d34a915f3623d081fb7db88d9236a59b06010387528fc33973287a9dafe0d6c2c83c7675429d0b8dc92cdade13b08f133ee81cbf5057c54edf203

Download Submit
C:\Windows\System\yQWiTsT.exe

Filesize
1.5MB

MD5
45c81f127efdbde52d5977b24aee4260

SHA1
99ff35deaecbfcd797abcae017bd73e986ed2c8b

SHA256
0955ca1be3bbcdf1a61c471806b03a3f3b6572796a892eb67021a6274a0888b5

SHA512
8d718296a10dc4a98b19ccf743eee86d3552980b1660e5f52548ab2943a389e60b01b285eef1e786ed3d869e76fe6f0890341b74445c7d53765c56f2d99f73de

Download Submit
C:\Windows\System\yvjMvzz.exe

Filesize
1.5MB

MD5
d5ba1d8072453c892ee488192135d2e6

SHA1
7054086909f9da0bdc90fcf0144545ab05d2afd0

SHA256
e6f7f78e6f25dbedc7e5b74e5f1b6aa54a52ca76d6affe126bbb498a39f7b2b0

SHA512
ef350fa45ff692a69fde8fe4ef129187ef2d72e684eaf4f8f7f0c78b021cf0de0790c32d892cb1bc61eb4ddfef140f3d3790d454a67739a563857795b6ebb113

Download Submit
C:\Windows\System\zRwXagj.exe

Filesize
1.5MB

MD5
75ab678694afdcc0cb8def715d29b35f

SHA1
8a3046c31911375a456eaf2a59a3f2e3299f5dfd

SHA256
da2530a56fb968e8c92de1ccae5afbb73c14905e9585790aa646025fa9a71a05

SHA512
958221947c67a44236b4193270e5c4bff0f2323338d6e3082801a3a1b188d34126c408309b6d682934a6dc164bfcf40c4789ec6ed51c977e0945fcddee264947

Download Submit
memory/4868-0-0x000002051E730000-0x000002051E740000-memory.dmp

Filesize
64KB

Download