xmrig | 61a04024bf9cab968cf5c91867ae2198ea09b75d5d3af81140a5d4de670f784d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
Size

1.3MB
MD5

87c363ba3d4924c3cf654c8769f9bce0
SHA1

a988358ec984d0e8f0b461f614d02161d93231e6
SHA256

61a04024bf9cab968cf5c91867ae2198ea09b75d5d3af81140a5d4de670f784d
SHA512

4ee268f7d71df14d2ddecc40ef9d985a47e0e14fd75c0e04929d24c1105f462759314e9a9cdcf1f93cf7dd869dfa8016ae2b49362e472aa61b3d5fd00e7a28a3
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkTT7UudBW9VFIkN8:GezaTF8FcNkNdfE0pZ9oztFwI6KDFf+

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000700000002328e-4.dat	xmrig
behavioral2/files/0x0007000000023402-7.dat	xmrig
behavioral2/files/0x00080000000233fe-8.dat	xmrig
behavioral2/files/0x0007000000023403-17.dat	xmrig
behavioral2/files/0x0007000000023404-23.dat	xmrig
behavioral2/files/0x0007000000023405-29.dat	xmrig
behavioral2/files/0x0007000000023406-35.dat	xmrig
behavioral2/files/0x0007000000023407-41.dat	xmrig
behavioral2/files/0x0007000000023408-45.dat	xmrig
behavioral2/files/0x00080000000233ff-49.dat	xmrig
behavioral2/files/0x0007000000023409-53.dat	xmrig
behavioral2/files/0x000700000002340b-58.dat	xmrig
behavioral2/files/0x000700000002340c-64.dat	xmrig
behavioral2/files/0x000700000002340d-69.dat	xmrig
behavioral2/files/0x000700000002340f-77.dat	xmrig
behavioral2/files/0x0007000000023412-87.dat	xmrig
behavioral2/files/0x0007000000023414-96.dat	xmrig
behavioral2/files/0x0007000000023413-95.dat	xmrig
behavioral2/files/0x0007000000023411-93.dat	xmrig
behavioral2/files/0x000700000002340e-90.dat	xmrig
behavioral2/files/0x0007000000023410-97.dat	xmrig
behavioral2/files/0x0007000000023415-111.dat	xmrig
behavioral2/files/0x0007000000023416-115.dat	xmrig
behavioral2/files/0x0007000000023417-119.dat	xmrig
behavioral2/files/0x0007000000023418-124.dat	xmrig
behavioral2/files/0x0007000000023419-128.dat	xmrig
behavioral2/files/0x000700000002341a-132.dat	xmrig
behavioral2/files/0x000700000002341b-142.dat	xmrig
behavioral2/files/0x0007000000023420-165.dat	xmrig
behavioral2/files/0x000700000002341f-162.dat	xmrig
behavioral2/files/0x000700000002341e-157.dat	xmrig
behavioral2/files/0x000700000002341d-150.dat	xmrig
behavioral2/files/0x000700000002341c-148.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1976	hMVnuda.exe
2544	cSgrFlN.exe
2380	uLZYhyE.exe
220	JxjCdIG.exe
1100	LZpSFXI.exe
5096	opKJSPd.exe
640	tHrsmyx.exe
448	EXZpaXV.exe
3492	oakhhYZ.exe
2108	tVGFVte.exe
1660	soZEzkj.exe
184	hGQJXmF.exe
1440	RfrXQYL.exe
2680	lpBvkfH.exe
1448	pNQVSFS.exe
208	fVtKPwe.exe
5036	hNNdpCI.exe
3232	ZJAzFOd.exe
1764	rzXgJvz.exe
4848	AsqlelI.exe
4540	leNKxec.exe
2864	tEUQHoi.exe
1728	PePUZpw.exe
1444	RFKWnES.exe
3256	FDiBmQg.exe
1624	bffyLna.exe
400	ZfuQAWz.exe
2800	kEPWWLs.exe
644	NWjyvbL.exe
4552	eHURqvg.exe
4184	FhySjmx.exe
3780	iJgNijy.exe
2424	BwMszJg.exe
5012	cZTXyex.exe
3800	ZIDwGpj.exe
3892	tcSFzgo.exe
3744	qBjxcqg.exe
1000	JRQzxTf.exe
3356	FZODgAT.exe
2040	ZPPbWBR.exe
4476	WeAElxW.exe
404	rZzCpPk.exe
3848	KEtcQue.exe
1320	wsIOIBJ.exe
3552	RYBhAtH.exe
4492	SHjifZk.exe
4432	FqCPVCZ.exe
1776	MrMdfJo.exe
4440	hrSITNX.exe
932	JzLbBQd.exe
3884	WKqiGXS.exe
2712	esfekXK.exe
4392	WSelWCy.exe
3104	lhutoxd.exe
5028	svEOAjq.exe
2168	SqGBFGl.exe
4960	PJXtkJL.exe
2416	wTvktjP.exe
2216	yXseDRN.exe
2264	rzYBNeG.exe
3052	lukVqNo.exe
4164	QUFUSDl.exe
1872	DPidHlr.exe
1428	DoGupDV.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FDiBmQg.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\eJcAQaa.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\tNqWKoK.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\bYXVRnz.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\zdntdwH.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\WPFhXrg.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\bjnAoXu.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\RiQGeTh.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\yekjyvm.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\fjMjnew.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\TqeXTFi.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\fVtKPwe.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\cSgrFlN.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\BuoHnTk.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\XUQnLOq.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\roqPJNY.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\JRQzxTf.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\kNZDrUT.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\rzXgJvz.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\lGqJiKP.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\ZfuQAWz.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\ItPyzDh.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\RfrXQYL.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\UbMEAOy.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\WIRQxbP.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\edXdHAb.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\xWtMKSs.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\IOPwDoI.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\QmORLMR.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\mvzkVCa.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\lhutoxd.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\NXGyxUg.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\EDicAgX.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\EGmXfsU.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\FhySjmx.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\FqCPVCZ.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\DoGupDV.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\muSsjJG.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\RYoYnBE.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\abDYWPk.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\FZODgAT.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\CChzDyP.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\wTvktjP.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\lLAvUGy.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\SGaWhEA.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\eIECTID.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\MrMdfJo.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\mhLLnYz.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\yjMyNOx.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\XDXMjFa.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\hVNNIns.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\esfekXK.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\jTTXcbG.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\qBjxcqg.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\mjWpXNK.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\vRxTldQ.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\kEPWWLs.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\FmsUqnz.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\zSnftTA.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\pXCvhpO.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\QzqibII.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\zOHFekC.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\EXZpaXV.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
File created	C:\Windows\System\NWjyvbL.exe	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1976	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	83
PID 4888 wrote to memory of 1976	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	83
PID 4888 wrote to memory of 2544	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	84
PID 4888 wrote to memory of 2544	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	84
PID 4888 wrote to memory of 2380	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	85
PID 4888 wrote to memory of 2380	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	85
PID 4888 wrote to memory of 220	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	86
PID 4888 wrote to memory of 220	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	86
PID 4888 wrote to memory of 1100	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	87
PID 4888 wrote to memory of 1100	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	87
PID 4888 wrote to memory of 5096	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	88
PID 4888 wrote to memory of 5096	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	88
PID 4888 wrote to memory of 640	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	89
PID 4888 wrote to memory of 640	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	89
PID 4888 wrote to memory of 448	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	90
PID 4888 wrote to memory of 448	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	90
PID 4888 wrote to memory of 3492	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	91
PID 4888 wrote to memory of 3492	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	91
PID 4888 wrote to memory of 2108	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	93
PID 4888 wrote to memory of 2108	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	93
PID 4888 wrote to memory of 1660	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	94
PID 4888 wrote to memory of 1660	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	94
PID 4888 wrote to memory of 184	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	96
PID 4888 wrote to memory of 184	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	96
PID 4888 wrote to memory of 1440	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	97
PID 4888 wrote to memory of 1440	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	97
PID 4888 wrote to memory of 2680	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	98
PID 4888 wrote to memory of 2680	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	98
PID 4888 wrote to memory of 1448	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	99
PID 4888 wrote to memory of 1448	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	99
PID 4888 wrote to memory of 208	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	100
PID 4888 wrote to memory of 208	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	100
PID 4888 wrote to memory of 4540	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	101
PID 4888 wrote to memory of 4540	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	101
PID 4888 wrote to memory of 5036	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	102
PID 4888 wrote to memory of 5036	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	102
PID 4888 wrote to memory of 3232	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	103
PID 4888 wrote to memory of 3232	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	103
PID 4888 wrote to memory of 1764	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	104
PID 4888 wrote to memory of 1764	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	104
PID 4888 wrote to memory of 4848	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	105
PID 4888 wrote to memory of 4848	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	105
PID 4888 wrote to memory of 2864	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	106
PID 4888 wrote to memory of 2864	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	106
PID 4888 wrote to memory of 1728	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	107
PID 4888 wrote to memory of 1728	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	107
PID 4888 wrote to memory of 1444	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	108
PID 4888 wrote to memory of 1444	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	108
PID 4888 wrote to memory of 3256	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	109
PID 4888 wrote to memory of 3256	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	109
PID 4888 wrote to memory of 1624	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	110
PID 4888 wrote to memory of 1624	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	110
PID 4888 wrote to memory of 400	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	111
PID 4888 wrote to memory of 400	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	111
PID 4888 wrote to memory of 2800	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	113
PID 4888 wrote to memory of 2800	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	113
PID 4888 wrote to memory of 644	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	114
PID 4888 wrote to memory of 644	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	114
PID 4888 wrote to memory of 4552	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	115
PID 4888 wrote to memory of 4552	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	115
PID 4888 wrote to memory of 4184	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	116
PID 4888 wrote to memory of 4184	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	116
PID 4888 wrote to memory of 3780	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	117
PID 4888 wrote to memory of 3780	4888	87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87c363ba3d4924c3cf654c8769f9bce0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\System\hMVnuda.exe
  C:\Windows\System\hMVnuda.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\cSgrFlN.exe
  C:\Windows\System\cSgrFlN.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\uLZYhyE.exe
  C:\Windows\System\uLZYhyE.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\JxjCdIG.exe
  C:\Windows\System\JxjCdIG.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\LZpSFXI.exe
  C:\Windows\System\LZpSFXI.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\opKJSPd.exe
  C:\Windows\System\opKJSPd.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\tHrsmyx.exe
  C:\Windows\System\tHrsmyx.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\EXZpaXV.exe
  C:\Windows\System\EXZpaXV.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\oakhhYZ.exe
  C:\Windows\System\oakhhYZ.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\tVGFVte.exe
  C:\Windows\System\tVGFVte.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\soZEzkj.exe
  C:\Windows\System\soZEzkj.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\hGQJXmF.exe
  C:\Windows\System\hGQJXmF.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\RfrXQYL.exe
  C:\Windows\System\RfrXQYL.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\lpBvkfH.exe
  C:\Windows\System\lpBvkfH.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\pNQVSFS.exe
  C:\Windows\System\pNQVSFS.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\fVtKPwe.exe
  C:\Windows\System\fVtKPwe.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\leNKxec.exe
  C:\Windows\System\leNKxec.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\hNNdpCI.exe
  C:\Windows\System\hNNdpCI.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\ZJAzFOd.exe
  C:\Windows\System\ZJAzFOd.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\rzXgJvz.exe
  C:\Windows\System\rzXgJvz.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\AsqlelI.exe
  C:\Windows\System\AsqlelI.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\tEUQHoi.exe
  C:\Windows\System\tEUQHoi.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PePUZpw.exe
  C:\Windows\System\PePUZpw.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RFKWnES.exe
  C:\Windows\System\RFKWnES.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\FDiBmQg.exe
  C:\Windows\System\FDiBmQg.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\bffyLna.exe
  C:\Windows\System\bffyLna.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\ZfuQAWz.exe
  C:\Windows\System\ZfuQAWz.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\kEPWWLs.exe
  C:\Windows\System\kEPWWLs.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\NWjyvbL.exe
  C:\Windows\System\NWjyvbL.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\eHURqvg.exe
  C:\Windows\System\eHURqvg.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\FhySjmx.exe
  C:\Windows\System\FhySjmx.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\iJgNijy.exe
  C:\Windows\System\iJgNijy.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\BwMszJg.exe
  C:\Windows\System\BwMszJg.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\cZTXyex.exe
  C:\Windows\System\cZTXyex.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ZIDwGpj.exe
  C:\Windows\System\ZIDwGpj.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\tcSFzgo.exe
  C:\Windows\System\tcSFzgo.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\ZPPbWBR.exe
  C:\Windows\System\ZPPbWBR.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\qBjxcqg.exe
  C:\Windows\System\qBjxcqg.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\JRQzxTf.exe
  C:\Windows\System\JRQzxTf.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\FZODgAT.exe
  C:\Windows\System\FZODgAT.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\WeAElxW.exe
  C:\Windows\System\WeAElxW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\rZzCpPk.exe
  C:\Windows\System\rZzCpPk.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\KEtcQue.exe
  C:\Windows\System\KEtcQue.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\wsIOIBJ.exe
  C:\Windows\System\wsIOIBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\RYBhAtH.exe
  C:\Windows\System\RYBhAtH.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\SHjifZk.exe
  C:\Windows\System\SHjifZk.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\FqCPVCZ.exe
  C:\Windows\System\FqCPVCZ.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\MrMdfJo.exe
  C:\Windows\System\MrMdfJo.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\hrSITNX.exe
  C:\Windows\System\hrSITNX.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\JzLbBQd.exe
  C:\Windows\System\JzLbBQd.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\WKqiGXS.exe
  C:\Windows\System\WKqiGXS.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\esfekXK.exe
  C:\Windows\System\esfekXK.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\WSelWCy.exe
  C:\Windows\System\WSelWCy.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\lhutoxd.exe
  C:\Windows\System\lhutoxd.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\svEOAjq.exe
  C:\Windows\System\svEOAjq.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\SqGBFGl.exe
  C:\Windows\System\SqGBFGl.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\PJXtkJL.exe
  C:\Windows\System\PJXtkJL.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\wTvktjP.exe
  C:\Windows\System\wTvktjP.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\yXseDRN.exe
  C:\Windows\System\yXseDRN.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\rzYBNeG.exe
  C:\Windows\System\rzYBNeG.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lukVqNo.exe
  C:\Windows\System\lukVqNo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\QUFUSDl.exe
  C:\Windows\System\QUFUSDl.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\DPidHlr.exe
  C:\Windows\System\DPidHlr.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\DoGupDV.exe
  C:\Windows\System\DoGupDV.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\MiwsuUL.exe
  C:\Windows\System\MiwsuUL.exe
  2⤵
  PID:2828
- C:\Windows\System\KnVrXPs.exe
  C:\Windows\System\KnVrXPs.exe
  2⤵
  PID:1228
- C:\Windows\System\WPFhXrg.exe
  C:\Windows\System\WPFhXrg.exe
  2⤵
  PID:536
- C:\Windows\System\htsouuz.exe
  C:\Windows\System\htsouuz.exe
  2⤵
  PID:3340
- C:\Windows\System\vuzMulg.exe
  C:\Windows\System\vuzMulg.exe
  2⤵
  PID:4136
- C:\Windows\System\cDwFPzX.exe
  C:\Windows\System\cDwFPzX.exe
  2⤵
  PID:2588
- C:\Windows\System\roqPJNY.exe
  C:\Windows\System\roqPJNY.exe
  2⤵
  PID:4748
- C:\Windows\System\yjMyNOx.exe
  C:\Windows\System\yjMyNOx.exe
  2⤵
  PID:2028
- C:\Windows\System\BuoHnTk.exe
  C:\Windows\System\BuoHnTk.exe
  2⤵
  PID:3504
- C:\Windows\System\TqeXTFi.exe
  C:\Windows\System\TqeXTFi.exe
  2⤵
  PID:2848
- C:\Windows\System\tyrQUGG.exe
  C:\Windows\System\tyrQUGG.exe
  2⤵
  PID:3476
- C:\Windows\System\CjKqZeE.exe
  C:\Windows\System\CjKqZeE.exe
  2⤵
  PID:1044
- C:\Windows\System\SZuerNd.exe
  C:\Windows\System\SZuerNd.exe
  2⤵
  PID:5052
- C:\Windows\System\SAzOYjK.exe
  C:\Windows\System\SAzOYjK.exe
  2⤵
  PID:2616
- C:\Windows\System\jTTXcbG.exe
  C:\Windows\System\jTTXcbG.exe
  2⤵
  PID:2484
- C:\Windows\System\PZQcYGD.exe
  C:\Windows\System\PZQcYGD.exe
  2⤵
  PID:2200
- C:\Windows\System\EDicAgX.exe
  C:\Windows\System\EDicAgX.exe
  2⤵
  PID:3212
- C:\Windows\System\mhLLnYz.exe
  C:\Windows\System\mhLLnYz.exe
  2⤵
  PID:1360
- C:\Windows\System\CzvjCaT.exe
  C:\Windows\System\CzvjCaT.exe
  2⤵
  PID:1968
- C:\Windows\System\CFRdHfT.exe
  C:\Windows\System\CFRdHfT.exe
  2⤵
  PID:4692
- C:\Windows\System\XUQnLOq.exe
  C:\Windows\System\XUQnLOq.exe
  2⤵
  PID:2652
- C:\Windows\System\xBIcWIl.exe
  C:\Windows\System\xBIcWIl.exe
  2⤵
  PID:2060
- C:\Windows\System\mjWpXNK.exe
  C:\Windows\System\mjWpXNK.exe
  2⤵
  PID:4044
- C:\Windows\System\BZaVgUK.exe
  C:\Windows\System\BZaVgUK.exe
  2⤵
  PID:440
- C:\Windows\System\rMyQTUV.exe
  C:\Windows\System\rMyQTUV.exe
  2⤵
  PID:3060
- C:\Windows\System\uFJePoS.exe
  C:\Windows\System\uFJePoS.exe
  2⤵
  PID:3940
- C:\Windows\System\hqvenJL.exe
  C:\Windows\System\hqvenJL.exe
  2⤵
  PID:4468
- C:\Windows\System\bhoQLcd.exe
  C:\Windows\System\bhoQLcd.exe
  2⤵
  PID:3644
- C:\Windows\System\QzqibII.exe
  C:\Windows\System\QzqibII.exe
  2⤵
  PID:2236
- C:\Windows\System\czamLAt.exe
  C:\Windows\System\czamLAt.exe
  2⤵
  PID:4508
- C:\Windows\System\bjnAoXu.exe
  C:\Windows\System\bjnAoXu.exe
  2⤵
  PID:3184
- C:\Windows\System\MQXPTUu.exe
  C:\Windows\System\MQXPTUu.exe
  2⤵
  PID:1052
- C:\Windows\System\muSsjJG.exe
  C:\Windows\System\muSsjJG.exe
  2⤵
  PID:3912
- C:\Windows\System\lLAvUGy.exe
  C:\Windows\System\lLAvUGy.exe
  2⤵
  PID:2548
- C:\Windows\System\cFwxwko.exe
  C:\Windows\System\cFwxwko.exe
  2⤵
  PID:820
- C:\Windows\System\ItPyzDh.exe
  C:\Windows\System\ItPyzDh.exe
  2⤵
  PID:4768
- C:\Windows\System\jXmjlHU.exe
  C:\Windows\System\jXmjlHU.exe
  2⤵
  PID:2000
- C:\Windows\System\YTcgUQO.exe
  C:\Windows\System\YTcgUQO.exe
  2⤵
  PID:3620
- C:\Windows\System\vRxTldQ.exe
  C:\Windows\System\vRxTldQ.exe
  2⤵
  PID:4880
- C:\Windows\System\KSlMIWg.exe
  C:\Windows\System\KSlMIWg.exe
  2⤵
  PID:3284
- C:\Windows\System\kNZDrUT.exe
  C:\Windows\System\kNZDrUT.exe
  2⤵
  PID:4216
- C:\Windows\System\rSdWiTj.exe
  C:\Windows\System\rSdWiTj.exe
  2⤵
  PID:5152
- C:\Windows\System\kZNKIks.exe
  C:\Windows\System\kZNKIks.exe
  2⤵
  PID:5184
- C:\Windows\System\XDXMjFa.exe
  C:\Windows\System\XDXMjFa.exe
  2⤵
  PID:5204
- C:\Windows\System\cIvwvNN.exe
  C:\Windows\System\cIvwvNN.exe
  2⤵
  PID:5224
- C:\Windows\System\roOXlwN.exe
  C:\Windows\System\roOXlwN.exe
  2⤵
  PID:5252
- C:\Windows\System\RYoYnBE.exe
  C:\Windows\System\RYoYnBE.exe
  2⤵
  PID:5280
- C:\Windows\System\WrcBPol.exe
  C:\Windows\System\WrcBPol.exe
  2⤵
  PID:5316
- C:\Windows\System\HQaNVot.exe
  C:\Windows\System\HQaNVot.exe
  2⤵
  PID:5340
- C:\Windows\System\ZAxYoEK.exe
  C:\Windows\System\ZAxYoEK.exe
  2⤵
  PID:5360
- C:\Windows\System\lNiSwpg.exe
  C:\Windows\System\lNiSwpg.exe
  2⤵
  PID:5380
- C:\Windows\System\zOHFekC.exe
  C:\Windows\System\zOHFekC.exe
  2⤵
  PID:5412
- C:\Windows\System\GJSdhLL.exe
  C:\Windows\System\GJSdhLL.exe
  2⤵
  PID:5440
- C:\Windows\System\XKaAfnY.exe
  C:\Windows\System\XKaAfnY.exe
  2⤵
  PID:5472
- C:\Windows\System\UbMEAOy.exe
  C:\Windows\System\UbMEAOy.exe
  2⤵
  PID:5504
- C:\Windows\System\CXuseZG.exe
  C:\Windows\System\CXuseZG.exe
  2⤵
  PID:5528
- C:\Windows\System\eIECTID.exe
  C:\Windows\System\eIECTID.exe
  2⤵
  PID:5564
- C:\Windows\System\wofKAMa.exe
  C:\Windows\System\wofKAMa.exe
  2⤵
  PID:5588
- C:\Windows\System\MlyOFgg.exe
  C:\Windows\System\MlyOFgg.exe
  2⤵
  PID:5616
- C:\Windows\System\iKCfsOB.exe
  C:\Windows\System\iKCfsOB.exe
  2⤵
  PID:5652
- C:\Windows\System\EJzlnMO.exe
  C:\Windows\System\EJzlnMO.exe
  2⤵
  PID:5680
- C:\Windows\System\yGTeoPM.exe
  C:\Windows\System\yGTeoPM.exe
  2⤵
  PID:5696
- C:\Windows\System\XAGnqww.exe
  C:\Windows\System\XAGnqww.exe
  2⤵
  PID:5728
- C:\Windows\System\SGaWhEA.exe
  C:\Windows\System\SGaWhEA.exe
  2⤵
  PID:5756
- C:\Windows\System\solYJpQ.exe
  C:\Windows\System\solYJpQ.exe
  2⤵
  PID:5784
- C:\Windows\System\WSrEVMO.exe
  C:\Windows\System\WSrEVMO.exe
  2⤵
  PID:5812
- C:\Windows\System\JCmBydH.exe
  C:\Windows\System\JCmBydH.exe
  2⤵
  PID:5848
- C:\Windows\System\abDYWPk.exe
  C:\Windows\System\abDYWPk.exe
  2⤵
  PID:5868
- C:\Windows\System\fCNVbHO.exe
  C:\Windows\System\fCNVbHO.exe
  2⤵
  PID:5900
- C:\Windows\System\RiQGeTh.exe
  C:\Windows\System\RiQGeTh.exe
  2⤵
  PID:5932
- C:\Windows\System\FmsUqnz.exe
  C:\Windows\System\FmsUqnz.exe
  2⤵
  PID:5960
- C:\Windows\System\zSnftTA.exe
  C:\Windows\System\zSnftTA.exe
  2⤵
  PID:5988
- C:\Windows\System\XPSHXAQ.exe
  C:\Windows\System\XPSHXAQ.exe
  2⤵
  PID:6016
- C:\Windows\System\lGqJiKP.exe
  C:\Windows\System\lGqJiKP.exe
  2⤵
  PID:6044
- C:\Windows\System\EGmXfsU.exe
  C:\Windows\System\EGmXfsU.exe
  2⤵
  PID:6072
- C:\Windows\System\RwlkeVn.exe
  C:\Windows\System\RwlkeVn.exe
  2⤵
  PID:6100
- C:\Windows\System\hVNNIns.exe
  C:\Windows\System\hVNNIns.exe
  2⤵
  PID:6140
- C:\Windows\System\UsvcIlh.exe
  C:\Windows\System\UsvcIlh.exe
  2⤵
  PID:5136
- C:\Windows\System\pmYztjB.exe
  C:\Windows\System\pmYztjB.exe
  2⤵
  PID:5176
- C:\Windows\System\joiOKNO.exe
  C:\Windows\System\joiOKNO.exe
  2⤵
  PID:5216
- C:\Windows\System\QhufCtx.exe
  C:\Windows\System\QhufCtx.exe
  2⤵
  PID:5272
- C:\Windows\System\lAqoveN.exe
  C:\Windows\System\lAqoveN.exe
  2⤵
  PID:5332
- C:\Windows\System\NDzegGX.exe
  C:\Windows\System\NDzegGX.exe
  2⤵
  PID:5492
- C:\Windows\System\ZUFDwWr.exe
  C:\Windows\System\ZUFDwWr.exe
  2⤵
  PID:5480
- C:\Windows\System\MGKzdAv.exe
  C:\Windows\System\MGKzdAv.exe
  2⤵
  PID:5576
- C:\Windows\System\fnrCIPU.exe
  C:\Windows\System\fnrCIPU.exe
  2⤵
  PID:5664
- C:\Windows\System\GaUTQvv.exe
  C:\Windows\System\GaUTQvv.exe
  2⤵
  PID:5716
- C:\Windows\System\NXGyxUg.exe
  C:\Windows\System\NXGyxUg.exe
  2⤵
  PID:5748
- C:\Windows\System\XJHOzmj.exe
  C:\Windows\System\XJHOzmj.exe
  2⤵
  PID:5828
- C:\Windows\System\TdbZEmc.exe
  C:\Windows\System\TdbZEmc.exe
  2⤵
  PID:5916
- C:\Windows\System\YLjTQQx.exe
  C:\Windows\System\YLjTQQx.exe
  2⤵
  PID:6008
- C:\Windows\System\zmTMssm.exe
  C:\Windows\System\zmTMssm.exe
  2⤵
  PID:6028
- C:\Windows\System\jQWqFqU.exe
  C:\Windows\System\jQWqFqU.exe
  2⤵
  PID:6092
- C:\Windows\System\LDFQigu.exe
  C:\Windows\System\LDFQigu.exe
  2⤵
  PID:5160
- C:\Windows\System\ygjhPHO.exe
  C:\Windows\System\ygjhPHO.exe
  2⤵
  PID:5196
- C:\Windows\System\xWtMKSs.exe
  C:\Windows\System\xWtMKSs.exe
  2⤵
  PID:5404
- C:\Windows\System\hdiSdLD.exe
  C:\Windows\System\hdiSdLD.exe
  2⤵
  PID:5624
- C:\Windows\System\OUiMnCd.exe
  C:\Windows\System\OUiMnCd.exe
  2⤵
  PID:5708
- C:\Windows\System\fpQafRU.exe
  C:\Windows\System\fpQafRU.exe
  2⤵
  PID:5836
- C:\Windows\System\YzltvRK.exe
  C:\Windows\System\YzltvRK.exe
  2⤵
  PID:6068
- C:\Windows\System\AeGatZl.exe
  C:\Windows\System\AeGatZl.exe
  2⤵
  PID:2388
- C:\Windows\System\IOPwDoI.exe
  C:\Windows\System\IOPwDoI.exe
  2⤵
  PID:5436
- C:\Windows\System\eJcAQaa.exe
  C:\Windows\System\eJcAQaa.exe
  2⤵
  PID:5776
- C:\Windows\System\TyXRFpM.exe
  C:\Windows\System\TyXRFpM.exe
  2⤵
  PID:6148
- C:\Windows\System\yghEZhV.exe
  C:\Windows\System\yghEZhV.exe
  2⤵
  PID:6168
- C:\Windows\System\edXdHAb.exe
  C:\Windows\System\edXdHAb.exe
  2⤵
  PID:6188
- C:\Windows\System\FlJjRft.exe
  C:\Windows\System\FlJjRft.exe
  2⤵
  PID:6216
- C:\Windows\System\yekjyvm.exe
  C:\Windows\System\yekjyvm.exe
  2⤵
  PID:6248
- C:\Windows\System\TiCWsFG.exe
  C:\Windows\System\TiCWsFG.exe
  2⤵
  PID:6272
- C:\Windows\System\lPrByOC.exe
  C:\Windows\System\lPrByOC.exe
  2⤵
  PID:6300
- C:\Windows\System\fjMjnew.exe
  C:\Windows\System\fjMjnew.exe
  2⤵
  PID:6332
- C:\Windows\System\DpFkgPX.exe
  C:\Windows\System\DpFkgPX.exe
  2⤵
  PID:6352
- C:\Windows\System\CChzDyP.exe
  C:\Windows\System\CChzDyP.exe
  2⤵
  PID:6376
- C:\Windows\System\UkIlFgg.exe
  C:\Windows\System\UkIlFgg.exe
  2⤵
  PID:6408
- C:\Windows\System\QmORLMR.exe
  C:\Windows\System\QmORLMR.exe
  2⤵
  PID:6440
- C:\Windows\System\tNqWKoK.exe
  C:\Windows\System\tNqWKoK.exe
  2⤵
  PID:6476
- C:\Windows\System\pXCvhpO.exe
  C:\Windows\System\pXCvhpO.exe
  2⤵
  PID:6500
- C:\Windows\System\bYXVRnz.exe
  C:\Windows\System\bYXVRnz.exe
  2⤵
  PID:6524
- C:\Windows\System\QwWXDMt.exe
  C:\Windows\System\QwWXDMt.exe
  2⤵
  PID:6556
- C:\Windows\System\OPqhNDI.exe
  C:\Windows\System\OPqhNDI.exe
  2⤵
  PID:6588
- C:\Windows\System\mvzkVCa.exe
  C:\Windows\System\mvzkVCa.exe
  2⤵
  PID:6616
- C:\Windows\System\PUnzXyv.exe
  C:\Windows\System\PUnzXyv.exe
  2⤵
  PID:6640
- C:\Windows\System\QilZZYx.exe
  C:\Windows\System\QilZZYx.exe
  2⤵
  PID:6668
- C:\Windows\System\fuTonVE.exe
  C:\Windows\System\fuTonVE.exe
  2⤵
  PID:6696
- C:\Windows\System\FrzkRku.exe
  C:\Windows\System\FrzkRku.exe
  2⤵
  PID:6720
- C:\Windows\System\SIQFJeD.exe
  C:\Windows\System\SIQFJeD.exe
  2⤵
  PID:6748
- C:\Windows\System\cypKyVo.exe
  C:\Windows\System\cypKyVo.exe
  2⤵
  PID:6768
- C:\Windows\System\BrLeuuB.exe
  C:\Windows\System\BrLeuuB.exe
  2⤵
  PID:6784
- C:\Windows\System\pfgQrFa.exe
  C:\Windows\System\pfgQrFa.exe
  2⤵
  PID:6808
- C:\Windows\System\WIRQxbP.exe
  C:\Windows\System\WIRQxbP.exe
  2⤵
  PID:6832
- C:\Windows\System\GzHiOEf.exe
  C:\Windows\System\GzHiOEf.exe
  2⤵
  PID:6860
- C:\Windows\System\dZMtqjJ.exe
  C:\Windows\System\dZMtqjJ.exe
  2⤵
  PID:6880
- C:\Windows\System\SEDxuWN.exe
  C:\Windows\System\SEDxuWN.exe
  2⤵
  PID:6904
- C:\Windows\System\zdntdwH.exe
  C:\Windows\System\zdntdwH.exe
  2⤵
  PID:6932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AsqlelI.exe

Filesize
1.3MB

MD5
20be00378cd150986b4d37337b60e67b

SHA1
c368ccec16f656805a9f27fc4f0d6c973e473715

SHA256
295cac8a7937116d7352c3fc3373fc82e9c8819d8572fb848bcd73e5a05f254d

SHA512
f9617966cf0d2e4500466a859bad79abe2cf69cdc451029586915e07f0fe00eb47dd8ec9ab1b904174da535ff0b8336e8ec8a5a74607b69a7e1c0833db0ef238

Download Submit
C:\Windows\System\BwMszJg.exe

Filesize
1.3MB

MD5
66279a3c837749df53dd9d8cdc66f277

SHA1
339a06e2f628773be140e84c3cfc3e65612ef2e3

SHA256
24430fdb31a26b1e5e1cab9c945e7cadde56826206f0c9dc7a4dae3cf907378f

SHA512
4e8f2626059983eef5f83bc1fce7f2a4484f6790c5f21865cd788b44c8a4aa19617509a6e98869853d452a5e0a98c569d20c2080488a1f9e80ef67ca21bae430

Download Submit
C:\Windows\System\EXZpaXV.exe

Filesize
1.3MB

MD5
eb2b1a5c75f0c15541c9e3cddb9d4db9

SHA1
00ba281df7ee9d3bb848d6ca4d14124b485ee44c

SHA256
6c5a4840e261b5a3be182f691bbc5593ea08369052e926a9b56ae4e4632b2c7e

SHA512
2f4c282501f67015bb69010847ba8412d9054ac500412518e08506656a2d262764f849aa8392023427ffbdccfe3c94ebc9d7c41cb77ff0bb3f8a2a773b99d4c7

Download Submit
C:\Windows\System\FDiBmQg.exe

Filesize
1.3MB

MD5
9980f485ad99bb0a3628deb3ace631af

SHA1
e591680284c8cfca46bfc8b6b11a56a267513fa4

SHA256
796f2564f9f55f59323dbb64d189c483caa0a6cdb6c52056b4a1b0873aea976e

SHA512
85a213aa58666ba748215604b00217c4c8811e1a0e4996dae36f07268134a234182393cfb65629b555a16c7305d7b80367196643d6852f965197803dffc30592

Download Submit
C:\Windows\System\FhySjmx.exe

Filesize
1.3MB

MD5
a5b599044a11fda3852eda1ac2a043bb

SHA1
fe1d38b522036f123e2f1d3bdd2a39763d6fd984

SHA256
aa3fc91a3c95478ff9e3777349d1f377de8e03d9b25cfa77d52501b510b9ecb4

SHA512
98dd51d7ec2d5cd1764b620934ec69af8f2c582709ce73308e9543ed945b0bf18a2d013674421cc6012947d967c448a0ad17e0c0707b9b785d9178a0c1223849

Download Submit
C:\Windows\System\JxjCdIG.exe

Filesize
1.3MB

MD5
f9b7a9fc3a73fed30851bed2b6428979

SHA1
f18503f3730eee0a5bfc08b14c2a598159072d83

SHA256
0f5662b8b663ed61c14ee5eecf24d003750ab90c66f3cb249e8d0fa96ce41284

SHA512
fe3408f1836bae676146d82e4e27365ce01316c0884f74ed4233b06ce4f8773e1caf3ee32d361cd21becbcf1d367f1f82836fee154f10572015f7c42871b2e7b

Download Submit
C:\Windows\System\LZpSFXI.exe

Filesize
1.3MB

MD5
29e648355a0756fe6e7694b3de07a20d

SHA1
4c38abcd950dc5b34e370c3ebfec3eedee23aa07

SHA256
c8a215de212985975ef5e3eabd4028d2c9eb6946142cf936cd1e0519dd1b9069

SHA512
2de5e6e420f3821928dab30afa21d97dccffaed42a29b6262bebcd2e209f11677de89faeacfc0a4fa889e3d769fce65e71ba29f62948ba1e5cbb9628485e23d7

Download Submit
C:\Windows\System\NWjyvbL.exe

Filesize
1.3MB

MD5
f3aec7237bac92c6ea8f3f2f67b08f85

SHA1
dd85e9b4fa0c15132c56c8c0d6d520bb09448292

SHA256
dafc4f59a9d8e82efd3f992b80f8e50d9e3787df10a79e7321abbfdd0f7d8bd0

SHA512
89bfdbcb15179c1b2866332f193c0878ee37640c74ed76f69107645d6ec67841b3b5539bfaaed2b6ebb14b4c6a13de69e41998b685107a0f828c12379fd42382

Download Submit
C:\Windows\System\PePUZpw.exe

Filesize
1.3MB

MD5
3fe54123fead78e145d6ce74348bbc6a

SHA1
f7f0c270488a9545511bb671ad95bb112090f1e0

SHA256
d116fee6ccbfd27b2fecf12b25884282891eb9b09c7c3c453a8c12ecb247b58e

SHA512
496ef5717a3b554e17b2292c2abb6499cd9e5cdf22e32096602fe67a3b0ea235c44ce8ec0625d2d50354f3234ce3f441872909ef7fbb940df0ab9e7e0f4dcacb

Download Submit
C:\Windows\System\RFKWnES.exe

Filesize
1.3MB

MD5
37c18a3d6d1861320b731f02b7a1690b

SHA1
404f88a9697360d32c54a19203029aee2658e110

SHA256
9ad551a10ee80dc03d7ce2bdbfa8852122fffa603e4a3efe8e0797ecd38d3db6

SHA512
d8b092e087a7ff9b3288d4c9403e4afa51b193c3c5b696ab513a39e16e286b1ac81498a0ea45e2cd27141eb9200ec17799b9c4b51c62ad8e0dc159c204c14946

Download Submit
C:\Windows\System\RfrXQYL.exe

Filesize
1.3MB

MD5
d037af3f3bf6676e1db0941573bb695d

SHA1
5300078e3185540502f63221b76f0ec21c675592

SHA256
6a78adeb92827bdfa2c20c3378656201ee50e81e26273b2f14b09af46bc8c688

SHA512
5d74881060b5c8669324990fa33b4f06c729373dc955fe1657147eeeb02700dc0d85b23932aae9ab61e5626f139e039977a7f280c12c43b04fbdc86bb2e19086

Download Submit
C:\Windows\System\ZJAzFOd.exe

Filesize
1.3MB

MD5
89c16b04d536ed361dc917c780a0aa95

SHA1
c576162de87ba542314aedc859187767a511aaa1

SHA256
a96108124f8e2bcc77c40a802af912bf69b846699fa3340e8b579f3b30baee03

SHA512
49a961486ba1683c24f4966304824f7e3b4f69e67abea730fa85b1bd8a569d9fb0a62a76428220cc3a6532b0e7505d6f4ac7deb6ee4d81beb49d9c5ec62b97b9

Download Submit
C:\Windows\System\ZfuQAWz.exe

Filesize
1.3MB

MD5
e66c258340fde0e4f07ea16e6e1fb178

SHA1
c0c019c96660aa52ce522c1ecee9c0ecb782929f

SHA256
528796ecbe5928c6d62f09b434ce0f624544ce597ec1224a418b4eb3edf85c0e

SHA512
c4ae562df56e0982467b162d98ac53bf65dd35aa2171a0d78b82f8d7078cb4e0e982667133f2c367f850d215c183a85c27652731d20528991256e27aaf06183b

Download Submit
C:\Windows\System\bffyLna.exe

Filesize
1.3MB

MD5
cab3f632cbe231d654edac03fee826f8

SHA1
3c19e9bcce674073466c2dcf5fe8ac2a4aa7679f

SHA256
d0989984d2e186ff58883543c9841ef8fb596b9ceef4dcfb68132816b7905bba

SHA512
6c35511168c3d724d21f835b7a394e43ab9ac16f9efaf1846560d75aefc9f01ee369d0c996c9dfdacb4889f38a610eeafc2c4cdb8c7ba0ce96f68d4ab2b132d7

Download Submit
C:\Windows\System\cSgrFlN.exe

Filesize
1.3MB

MD5
69bb3d2f4d4dd3a3a19c3d07efc14ddd

SHA1
c7e84f1c16d40519a4eb1576dabdfa68e42e1dad

SHA256
93d47e599f6ea7b8e09807f6a3080147c32ae2ef44ef16d262c10a9b8592295e

SHA512
af7b24514fa00a0f8cac22ada6174f1d32600860dd9c5d9aae807fb4920a9422da4afe7caf3038514fb585d2039038ab78db84a141872ae9819391b8bcd5889d

Download Submit
C:\Windows\System\eHURqvg.exe

Filesize
1.3MB

MD5
5772b801372973e26c52b86536e4e31c

SHA1
b8d65d73479ac252502924d48d8f9e7c70f7ff00

SHA256
c327da6896ac14111898f93d8b0644a2c7e59c8a9935fa4af70431f986a523fb

SHA512
fd239b87ec802cc0f1f6c271bd64747f6c9a8c04d057278b718a58166acffd78be96dddcb79bdd198379f51b29da1943492ba3cfd50679219839617602019442

Download Submit
C:\Windows\System\fVtKPwe.exe

Filesize
1.3MB

MD5
9af8c12141b2e21fd22a331c9d32dbe0

SHA1
f85710bb657ca5ad417aff6defbaa8b5cffceabd

SHA256
d32f5be9c92387909da2269d3fc64666d50bb6a99796ea348b9b91d498c35ea9

SHA512
e9ba89e6c4a4e0a9ee5778e4c9a8ef883d69e12315ad99837e5f53a05bde0073d2fc615765e62f66b18ca8c02292037c81cdeb711c8f3749c773d96aaa109bbc

Download Submit
C:\Windows\System\hGQJXmF.exe

Filesize
1.3MB

MD5
a083b598884a2a9a479f1b867e44dd6f

SHA1
b2045f66e6701fb8f15ca608cea784326cb17b75

SHA256
f5ee3a54c1c1da1c6b233e6d711fdf71ccc22220627e8305b403fa8711002aae

SHA512
95ce85f168c30574ecd9ba53c45a1a6e4c275e76048128746f732f530cc9bc1d0722320af35f6ecddbb5e5a9e1ac111da74fcc34578790b1eba155a21d699f21

Download Submit
C:\Windows\System\hMVnuda.exe

Filesize
1.3MB

MD5
a45dc18a42236b809ce1b5e5d2cd8a8e

SHA1
7467c0e2e62c3287abe04ba8b8d070315e4cac84

SHA256
6edfcfd35ae24b880862e6c6ea9fc9797b8bdeca45361ca3cb65f767c9297086

SHA512
32730e4275e8a3b0a01c09ec823c6c5026e39a094ba26738cd19cf86968b643555bc9217ff82c924949ca4037d7f8fb21013b4b27a6849807155a90561f1eb29

Download Submit
C:\Windows\System\hNNdpCI.exe

Filesize
1.3MB

MD5
1a5e79708b539fe85573c323eef1e79f

SHA1
e3bff11200741327f65e27a1cf5610ead803a708

SHA256
fe8e6a7f6858e065c8633826b140f1ed8af8d074aeece8e8cf859069606fac41

SHA512
4a4120544516794efabd61fb7488d0ee7bfe5ff081fa3a922ebd0f2a2859f0c48ab314a333804417a0173edf3c5e3a9198face9a3d377bdb988b32f44c839351

Download Submit
C:\Windows\System\iJgNijy.exe

Filesize
1.3MB

MD5
febd86eab8485b8e8f197b01465eae72

SHA1
a4d9aae8c2027d7ee513ae18f9548adc660fc8ff

SHA256
e43f862a221d391a1f0927dc654c6afa2894cde13315eafb9ec5af928a22f8aa

SHA512
30c27b0d0002cd5f853a848061030ce5f22aff7671d34c9e83c7b3647c751f2ddd44cd678fc2f5bf5b8657a162863a45b762bd7747b22e3ecef4fe43c413281c

Download Submit
C:\Windows\System\kEPWWLs.exe

Filesize
1.3MB

MD5
89c51bfe7caaab555c26a5ad8ffd9528

SHA1
2bf9ee24b4ddfcb3bc50265ae783a4d63d8e49c2

SHA256
b4a964220e14ff0ec1af5f341106bbdc6c8cc454f4b3f5276465eff7c90e5abc

SHA512
7961e38a837d63346c822a57d6bace4b17430aa0587ca038df8cf10c1ae5e89a28e58785527cceb3872ed821fe8c8de3927dc1fc3f4a15075c45a43335ca121e

Download Submit
C:\Windows\System\leNKxec.exe

Filesize
1.3MB

MD5
99c9913da613839618a2d5da6a68653c

SHA1
69644c65582593dfaad32b10ece6807d35e45094

SHA256
3fb6eb3ab5c4adb4fca04a35bb85e1263c0d0ef1b86947fd94513ea5a9335273

SHA512
5c051e449aebe6f4ea09da814047a705753c2b2116f3c98bf2b9db11c86998a7b4ec28ff1331ee10175492efdb1864a16e57273029ef2178045f308d45ed56d5

Download Submit
C:\Windows\System\lpBvkfH.exe

Filesize
1.3MB

MD5
4eb2b0bd9e95bb4dc43890a4a71c2656

SHA1
4092f6ee5895fe47082fd7b6e7059ea0f4c4a403

SHA256
31e8e85954ca396476d80328532326e6c38474446a4ac3d770f204bd09519aca

SHA512
bcb0857dd3842341abbb7d86230bb26a2436e319ab6b048803bc725ab0fd3cc9203e1ceed558b27bfd72d88eec7f48e8e122869e499567957ba0c4d3c8f08d8e

Download Submit
C:\Windows\System\oakhhYZ.exe

Filesize
1.3MB

MD5
3632875d117730937e8486712c9e5c72

SHA1
bb2a3cf63cc2e8f1f9eff7d75d624e0e4ee1872a

SHA256
86eda36e2f2f06dbe84aff0eb2577dd9dfe43d1a59fff350dcbf7dbea604fd64

SHA512
b4dc7976f20541ede3b026b0c074d6a182a8152726d26f9648e67a3d33ca1c7419a1a40741124a9a38a36248b0b99134e7f74f425d6a60791d5416d6d5d08aff

Download Submit
C:\Windows\System\opKJSPd.exe

Filesize
1.3MB

MD5
9e5b40973d08c7035e116074313e1b8d

SHA1
1aa7ab404914b8d0502de5e787dce53765774618

SHA256
59161cda4eee7bea21dbd493e420cf71c595580243e49c95f9f6926671f59ed1

SHA512
620a36729cb7703550f0a9968793c1b01feaddaebfff084b0ab4c0d2064f32e9566667d09400696065b6c24c7e936909795cde3bbf7762fe25e5aa5f8aae8db6

Download Submit
C:\Windows\System\pNQVSFS.exe

Filesize
1.3MB

MD5
037a27df4eabb7654b6e21330e9310fd

SHA1
f168d7a11fbb8f490f462c301e507f22df4ea40e

SHA256
5ee1651a9b75bde3d0aa1aab1106788f704417654d0b136bd935d129d92fb620

SHA512
0816e205366e30e73af883d0d7df983072d6601af9ce463ddc61e088067d9dc576619201ccc1b964ef94823944ac47054b06ebfc39d6559fcfdcc3628c7b6b11

Download Submit
C:\Windows\System\rzXgJvz.exe

Filesize
1.3MB

MD5
283fba7276a2ae2760802be77dc1d60a

SHA1
0d7db1dccb10410fefedd09c06e0dedb608fb514

SHA256
cd18c895ee45212110fa40626dc89cc8b3f82bbdf71a2ef629ce76966fc8bb83

SHA512
5ce0c080a71f2d418f60f873a1ec6607633f3a9639442caf066cc439eacdac1c10c11f09c85913b5b3d4825a5b1ea033f47664cd0fafd1daa912838052c4a304

Download Submit
C:\Windows\System\soZEzkj.exe

Filesize
1.3MB

MD5
4d0153155b3262accf39d976c953c6ec

SHA1
0927ce1c83055af06732ee9d5f38e7c42bb2a342

SHA256
20e227b61c5a76142db1e4eeb4b80565614096e62006f8f79d42fd890fc9e9ef

SHA512
8e34386258d1ce4012ad7b4a5ec1ca9cef8186f923f770076eb0b848f1c87ca327980436afdf90385b912da2b80b6974c71896da5dc6d9690b745274c114e66b

Download Submit
C:\Windows\System\tEUQHoi.exe

Filesize
1.3MB

MD5
c7d497c093abb864fa767172a52b8df7

SHA1
0d1afdf9007cad6f10c75fe20904406afb002881

SHA256
3b16f8ef0e087810416dff2cf02d8948bd481d3d445a6d278d170bd95985474c

SHA512
f3b774e1ad23fd8a29b3915ef532561be731133f53266a34ed84e6b3dc1296e08b6e7d40106e50df049e475d43854bea208279c078b9bbcfe635bba29bfccb92

Download Submit
C:\Windows\System\tHrsmyx.exe

Filesize
1.3MB

MD5
e8327485ba16286320733097d2cb0668

SHA1
f7a66a0891418a8302019e2b47de15ca1c6f5ca1

SHA256
090e34c69b1d35bfb3b84d1c4ddc5f6b8409c5812e82c83cef703fe26fbbeb87

SHA512
f74dccc1e2767f54cdd1d34db9096ef50354bc8f2f9c6390382907c86537e4121a8b1b210789a38dcd72bb6d0a191c5ef9789a23e0f1271963f870a7e5703e49

Download Submit
C:\Windows\System\tVGFVte.exe

Filesize
1.3MB

MD5
2e29a3633e6be5836ee6d2d57a8a51d8

SHA1
9d589efa9d0e2b2ef5efc3867722f940cf8b7a84

SHA256
0cd174f4236790fe9f65ab98d666f5fc3c7a9e6fcb81776aea60fe3bf8cc5fb2

SHA512
5cf4dfa1f0fc69b0edd6501c3741445f2d9f68b6b6da3b861abc48f388e85d7dc51b19c046c4336a6cf4dbc102ed75d8e522b670f871406488a52c8eaaeaf523

Download Submit
C:\Windows\System\uLZYhyE.exe

Filesize
1.3MB

MD5
f6f436b8e2f79b001988c1712cdc6491

SHA1
30b116b666a4dafa7985b8a2de5090a0543d06e8

SHA256
a3be2684c80b6d1eb63d083cd58b49bed6a24e51a81fc7df4adc4a81b910461a

SHA512
b156cf30cd5be0306806ccc01e2bd01fa5bd65ec0f5e441495bb8dd3f7fc009f457152ac4a4fbae968db30490b236834e6b44b861dc17db4fe60914c340aa26a

Download Submit
memory/4888-0-0x0000021AE0540000-0x0000021AE0550000-memory.dmp

Filesize
64KB

Download