xmrig | 3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68

Analysis

max time kernel
62s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
Size

1.5MB
MD5

0e1062405a4140da3d5940557c5effe0
SHA1

ed5f1a446adcbf97873f71a67b71381dfc6d22a0
SHA256

3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68
SHA512

3099ad2d3d5a0f7dec3d81c4ce303d182d3d700f334874f1285e205991287f8703510a9d98c4477b72d7aacaf5f1f878a6c95a9df96a4debc08b48ee97687560
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/DFNkTQb5/JFNRpc14MX4hyI3:knw9oUUEEDl37jcmWH/xbbFN/NRx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/5016-32-0x00007FF7E9F40000-0x00007FF7EA331000-memory.dmp	xmrig
behavioral2/memory/3736-43-0x00007FF6AC990000-0x00007FF6ACD81000-memory.dmp	xmrig
behavioral2/memory/4500-44-0x00007FF606F30000-0x00007FF607321000-memory.dmp	xmrig
behavioral2/memory/4316-14-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp	xmrig
behavioral2/memory/3004-93-0x00007FF653770000-0x00007FF653B61000-memory.dmp	xmrig
behavioral2/memory/2944-402-0x00007FF617510000-0x00007FF617901000-memory.dmp	xmrig
behavioral2/memory/4932-409-0x00007FF65B400000-0x00007FF65B7F1000-memory.dmp	xmrig
behavioral2/memory/4668-412-0x00007FF63B5B0000-0x00007FF63B9A1000-memory.dmp	xmrig
behavioral2/memory/4524-398-0x00007FF7A2C90000-0x00007FF7A3081000-memory.dmp	xmrig
behavioral2/memory/5008-413-0x00007FF701830000-0x00007FF701C21000-memory.dmp	xmrig
behavioral2/memory/2544-902-0x00007FF670C80000-0x00007FF671071000-memory.dmp	xmrig
behavioral2/memory/5064-1391-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp	xmrig
behavioral2/memory/3784-433-0x00007FF7BF990000-0x00007FF7BFD81000-memory.dmp	xmrig
behavioral2/memory/4948-428-0x00007FF624890000-0x00007FF624C81000-memory.dmp	xmrig
behavioral2/memory/4108-395-0x00007FF6AFDB0000-0x00007FF6B01A1000-memory.dmp	xmrig
behavioral2/memory/3292-394-0x00007FF623EB0000-0x00007FF6242A1000-memory.dmp	xmrig
behavioral2/memory/4316-109-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp	xmrig
behavioral2/memory/1624-105-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp	xmrig
behavioral2/memory/4128-94-0x00007FF76D010000-0x00007FF76D401000-memory.dmp	xmrig
behavioral2/memory/2028-87-0x00007FF6C05B0000-0x00007FF6C09A1000-memory.dmp	xmrig
behavioral2/memory/1364-65-0x00007FF6A16D0000-0x00007FF6A1AC1000-memory.dmp	xmrig
behavioral2/memory/1608-59-0x00007FF70A130000-0x00007FF70A521000-memory.dmp	xmrig
behavioral2/memory/3016-2043-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp	xmrig
behavioral2/memory/320-2044-0x00007FF778C90000-0x00007FF779081000-memory.dmp	xmrig
behavioral2/memory/536-2062-0x00007FF772310000-0x00007FF772701000-memory.dmp	xmrig
behavioral2/memory/1624-2079-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp	xmrig
behavioral2/memory/4316-2084-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp	xmrig
behavioral2/memory/4128-2086-0x00007FF76D010000-0x00007FF76D401000-memory.dmp	xmrig
behavioral2/memory/5016-2088-0x00007FF7E9F40000-0x00007FF7EA331000-memory.dmp	xmrig
behavioral2/memory/2544-2090-0x00007FF670C80000-0x00007FF671071000-memory.dmp	xmrig
behavioral2/memory/4948-2092-0x00007FF624890000-0x00007FF624C81000-memory.dmp	xmrig
behavioral2/memory/3736-2094-0x00007FF6AC990000-0x00007FF6ACD81000-memory.dmp	xmrig
behavioral2/memory/4500-2096-0x00007FF606F30000-0x00007FF607321000-memory.dmp	xmrig
behavioral2/memory/1608-2114-0x00007FF70A130000-0x00007FF70A521000-memory.dmp	xmrig
behavioral2/memory/5064-2116-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp	xmrig
behavioral2/memory/1364-2118-0x00007FF6A16D0000-0x00007FF6A1AC1000-memory.dmp	xmrig
behavioral2/memory/5104-2120-0x00007FF6DB7A0000-0x00007FF6DBB91000-memory.dmp	xmrig
behavioral2/memory/2028-2126-0x00007FF6C05B0000-0x00007FF6C09A1000-memory.dmp	xmrig
behavioral2/memory/3016-2125-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp	xmrig
behavioral2/memory/3004-2123-0x00007FF653770000-0x00007FF653B61000-memory.dmp	xmrig
behavioral2/memory/5008-2130-0x00007FF701830000-0x00007FF701C21000-memory.dmp	xmrig
behavioral2/memory/2944-2134-0x00007FF617510000-0x00007FF617901000-memory.dmp	xmrig
behavioral2/memory/4108-2137-0x00007FF6AFDB0000-0x00007FF6B01A1000-memory.dmp	xmrig
behavioral2/memory/4524-2135-0x00007FF7A2C90000-0x00007FF7A3081000-memory.dmp	xmrig
behavioral2/memory/4668-2132-0x00007FF63B5B0000-0x00007FF63B9A1000-memory.dmp	xmrig
behavioral2/memory/536-2148-0x00007FF772310000-0x00007FF772701000-memory.dmp	xmrig
behavioral2/memory/320-2147-0x00007FF778C90000-0x00007FF779081000-memory.dmp	xmrig
behavioral2/memory/3292-2144-0x00007FF623EB0000-0x00007FF6242A1000-memory.dmp	xmrig
behavioral2/memory/3784-2142-0x00007FF7BF990000-0x00007FF7BFD81000-memory.dmp	xmrig
behavioral2/memory/4932-2140-0x00007FF65B400000-0x00007FF65B7F1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

UGSsmpm.exeMtWhHcX.exemiGAOcN.exeLMHzWaD.exeODxRhCl.exejyWJrVO.exePwkoOKw.exeLJAWJWg.exerJxuyiJ.execdvcLOi.exeNcmJEiP.exeeorSHRZ.exeSaYndgc.exejTVemwa.exeRHbEbYU.exeryOWdlJ.exeHvxMTHY.exeevECLuh.exeurFhMVh.exefxsnxQK.exeFPerytp.exeNFhEjlz.exeABqoVGW.exeaefOSMI.exeKGZczMY.execfOwWll.exeKGbLfAz.exeEPbgabx.exeSpyMMGQ.exehQlQGOJ.exeAoKUCYb.exefjeDojV.exehLXtMGb.exeGyHUiFy.exeKJDNgML.exeeHTqnCI.exeXInCsGR.exeKiNgidA.exefMKlffb.exevrbmZXV.exeyGKdvvC.exefGEfSdn.exegGtnyIc.exexKUZWMj.execvpKyPw.exefQzZglY.exegGueSLW.exeYcjBuhV.exeRRbhGdi.exebuGwFUb.exeplgRjsA.exeQuqLlqZ.exevrAokQg.exetldIgCa.exeRtdkMrG.exexZqJTLt.exeIkWAVKw.exesiqGvyo.exeSaEMvYG.exeOnLMLIC.exeyrUOUCo.exeKJRerPk.exeprDyzsd.exelQfDUag.exe

pid	process
4316	UGSsmpm.exe
2544	MtWhHcX.exe
4128	miGAOcN.exe
5016	LMHzWaD.exe
4948	ODxRhCl.exe
3736	jyWJrVO.exe
4500	PwkoOKw.exe
5064	LJAWJWg.exe
1608	rJxuyiJ.exe
1364	cdvcLOi.exe
5104	NcmJEiP.exe
3016	eorSHRZ.exe
3004	SaYndgc.exe
2028	jTVemwa.exe
536	RHbEbYU.exe
320	ryOWdlJ.exe
3292	HvxMTHY.exe
5008	evECLuh.exe
3784	urFhMVh.exe
4108	fxsnxQK.exe
4524	FPerytp.exe
2944	NFhEjlz.exe
4932	ABqoVGW.exe
4668	aefOSMI.exe
4916	KGZczMY.exe
4696	cfOwWll.exe
4344	KGbLfAz.exe
2424	EPbgabx.exe
5036	SpyMMGQ.exe
2752	hQlQGOJ.exe
940	AoKUCYb.exe
2184	fjeDojV.exe
2108	hLXtMGb.exe
432	GyHUiFy.exe
3672	KJDNgML.exe
1644	eHTqnCI.exe
3432	XInCsGR.exe
3324	KiNgidA.exe
1420	fMKlffb.exe
4912	vrbmZXV.exe
2476	yGKdvvC.exe
4372	fGEfSdn.exe
3108	gGtnyIc.exe
2276	xKUZWMj.exe
648	cvpKyPw.exe
2912	fQzZglY.exe
2712	gGueSLW.exe
380	YcjBuhV.exe
5116	RRbhGdi.exe
208	buGwFUb.exe
220	plgRjsA.exe
4896	QuqLlqZ.exe
4352	vrAokQg.exe
3780	tldIgCa.exe
4436	RtdkMrG.exe
1772	xZqJTLt.exe
2772	IkWAVKw.exe
2164	siqGvyo.exe
1100	SaEMvYG.exe
4876	OnLMLIC.exe
2092	yrUOUCo.exe
1076	KJRerPk.exe
2496	prDyzsd.exe
2456	lQfDUag.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp	upx
C:\Windows\System32\MtWhHcX.exe	upx
C:\Windows\System32\LMHzWaD.exe	upx
behavioral2/memory/5016-32-0x00007FF7E9F40000-0x00007FF7EA331000-memory.dmp	upx
C:\Windows\System32\PwkoOKw.exe	upx
behavioral2/memory/3736-43-0x00007FF6AC990000-0x00007FF6ACD81000-memory.dmp	upx
behavioral2/memory/4500-44-0x00007FF606F30000-0x00007FF607321000-memory.dmp	upx
C:\Windows\System32\jyWJrVO.exe	upx
C:\Windows\System32\ODxRhCl.exe	upx
behavioral2/memory/2544-29-0x00007FF670C80000-0x00007FF671071000-memory.dmp	upx
behavioral2/memory/4948-23-0x00007FF624890000-0x00007FF624C81000-memory.dmp	upx
C:\Windows\System32\miGAOcN.exe	upx
behavioral2/memory/4128-17-0x00007FF76D010000-0x00007FF76D401000-memory.dmp	upx
behavioral2/memory/4316-14-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp	upx
C:\Windows\System32\LJAWJWg.exe	upx
C:\Windows\System32\cdvcLOi.exe	upx
C:\Windows\System32\eorSHRZ.exe	upx
behavioral2/memory/5104-70-0x00007FF6DB7A0000-0x00007FF6DBB91000-memory.dmp	upx
C:\Windows\System32\NcmJEiP.exe	upx
C:\Windows\System32\jTVemwa.exe	upx
C:\Windows\System32\SaYndgc.exe	upx
C:\Windows\System32\ryOWdlJ.exe	upx
behavioral2/memory/3004-93-0x00007FF653770000-0x00007FF653B61000-memory.dmp	upx
C:\Windows\System32\RHbEbYU.exe	upx
C:\Windows\System32\HvxMTHY.exe	upx
C:\Windows\System32\NFhEjlz.exe	upx
C:\Windows\System32\SpyMMGQ.exe	upx
behavioral2/memory/2944-402-0x00007FF617510000-0x00007FF617901000-memory.dmp	upx
behavioral2/memory/4932-409-0x00007FF65B400000-0x00007FF65B7F1000-memory.dmp	upx
behavioral2/memory/4668-412-0x00007FF63B5B0000-0x00007FF63B9A1000-memory.dmp	upx
behavioral2/memory/4524-398-0x00007FF7A2C90000-0x00007FF7A3081000-memory.dmp	upx
behavioral2/memory/5008-413-0x00007FF701830000-0x00007FF701C21000-memory.dmp	upx
behavioral2/memory/2544-902-0x00007FF670C80000-0x00007FF671071000-memory.dmp	upx
behavioral2/memory/5064-1391-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp	upx
behavioral2/memory/3784-433-0x00007FF7BF990000-0x00007FF7BFD81000-memory.dmp	upx
behavioral2/memory/4948-428-0x00007FF624890000-0x00007FF624C81000-memory.dmp	upx
behavioral2/memory/4108-395-0x00007FF6AFDB0000-0x00007FF6B01A1000-memory.dmp	upx
behavioral2/memory/3292-394-0x00007FF623EB0000-0x00007FF6242A1000-memory.dmp	upx
C:\Windows\System32\fjeDojV.exe	upx
C:\Windows\System32\AoKUCYb.exe	upx
C:\Windows\System32\hQlQGOJ.exe	upx
C:\Windows\System32\EPbgabx.exe	upx
C:\Windows\System32\KGbLfAz.exe	upx
C:\Windows\System32\cfOwWll.exe	upx
C:\Windows\System32\KGZczMY.exe	upx
C:\Windows\System32\aefOSMI.exe	upx
C:\Windows\System32\ABqoVGW.exe	upx
C:\Windows\System32\FPerytp.exe	upx
C:\Windows\System32\fxsnxQK.exe	upx
C:\Windows\System32\urFhMVh.exe	upx
C:\Windows\System32\evECLuh.exe	upx
behavioral2/memory/4316-109-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp	upx
behavioral2/memory/1624-105-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp	upx
behavioral2/memory/536-101-0x00007FF772310000-0x00007FF772701000-memory.dmp	upx
behavioral2/memory/4128-94-0x00007FF76D010000-0x00007FF76D401000-memory.dmp	upx
behavioral2/memory/320-92-0x00007FF778C90000-0x00007FF779081000-memory.dmp	upx
behavioral2/memory/2028-87-0x00007FF6C05B0000-0x00007FF6C09A1000-memory.dmp	upx
behavioral2/memory/3016-74-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp	upx
behavioral2/memory/1364-65-0x00007FF6A16D0000-0x00007FF6A1AC1000-memory.dmp	upx
behavioral2/memory/1608-59-0x00007FF70A130000-0x00007FF70A521000-memory.dmp	upx
behavioral2/memory/5064-56-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp	upx
C:\Windows\System32\rJxuyiJ.exe	upx
C:\Windows\System32\UGSsmpm.exe	upx
behavioral2/memory/3016-2043-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

Processes:

3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System32\eHTqnCI.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\bWHKYHI.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\QzpuOsi.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\LtUKQrP.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\UAYEBPf.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\EPbgabx.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\dpMvDJN.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\BNjteCe.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\zVOzTQg.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\OaoCZNi.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\bLErKNU.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\hdxwtTR.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\oJxoXxz.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\buCGWsq.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\fGEfSdn.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\YQLZnUA.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\nUTinnd.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\JlpteoM.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\yDvwLfr.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\Qdqpsbh.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\eGVEfpn.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\DZHdXGO.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\BZYylik.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\QqJuyHM.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\LHHViyr.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\KSXrMXF.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\xqfFadb.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\KiNgidA.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\sgIafBX.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\ZcfNokW.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\BRUHFOx.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\EmOvZBU.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\WKrlsKk.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\zVupOpA.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\bXRdcQh.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\VpnocZG.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\fqOozER.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\heddppx.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\AaGrFJW.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\lFdzpdz.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\ODxRhCl.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\vrbmZXV.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\MWgLmGY.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\AzejdQu.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\TYGjaWN.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\WahOdtc.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\YiwAwZu.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\XMnhLEF.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\nUMhNgV.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\RHbEbYU.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\mOHNLaM.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\RawvbGa.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\rWnkXkE.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\uMayYbL.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\JhQHMmz.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\zfzfGAX.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\pruovgd.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\dMneSCT.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\lPXbjYZ.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\CkSpHKR.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\tejprtk.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\xZrRhuW.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\eszqJJf.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
File created	C:\Windows\System32\zrbFYVi.exe	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe

description	pid	process	target process
PID 1624 wrote to memory of 4316	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	UGSsmpm.exe
PID 1624 wrote to memory of 4316	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	UGSsmpm.exe
PID 1624 wrote to memory of 2544	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	MtWhHcX.exe
PID 1624 wrote to memory of 2544	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	MtWhHcX.exe
PID 1624 wrote to memory of 4128	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	miGAOcN.exe
PID 1624 wrote to memory of 4128	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	miGAOcN.exe
PID 1624 wrote to memory of 5016	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	LMHzWaD.exe
PID 1624 wrote to memory of 5016	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	LMHzWaD.exe
PID 1624 wrote to memory of 4948	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ODxRhCl.exe
PID 1624 wrote to memory of 4948	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ODxRhCl.exe
PID 1624 wrote to memory of 3736	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	jyWJrVO.exe
PID 1624 wrote to memory of 3736	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	jyWJrVO.exe
PID 1624 wrote to memory of 4500	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	PwkoOKw.exe
PID 1624 wrote to memory of 4500	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	PwkoOKw.exe
PID 1624 wrote to memory of 5064	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	LJAWJWg.exe
PID 1624 wrote to memory of 5064	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	LJAWJWg.exe
PID 1624 wrote to memory of 1608	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	rJxuyiJ.exe
PID 1624 wrote to memory of 1608	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	rJxuyiJ.exe
PID 1624 wrote to memory of 1364	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	cdvcLOi.exe
PID 1624 wrote to memory of 1364	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	cdvcLOi.exe
PID 1624 wrote to memory of 5104	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	NcmJEiP.exe
PID 1624 wrote to memory of 5104	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	NcmJEiP.exe
PID 1624 wrote to memory of 3016	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	eorSHRZ.exe
PID 1624 wrote to memory of 3016	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	eorSHRZ.exe
PID 1624 wrote to memory of 3004	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	SaYndgc.exe
PID 1624 wrote to memory of 3004	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	SaYndgc.exe
PID 1624 wrote to memory of 2028	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	jTVemwa.exe
PID 1624 wrote to memory of 2028	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	jTVemwa.exe
PID 1624 wrote to memory of 536	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	RHbEbYU.exe
PID 1624 wrote to memory of 536	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	RHbEbYU.exe
PID 1624 wrote to memory of 320	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ryOWdlJ.exe
PID 1624 wrote to memory of 320	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ryOWdlJ.exe
PID 1624 wrote to memory of 3292	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	HvxMTHY.exe
PID 1624 wrote to memory of 3292	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	HvxMTHY.exe
PID 1624 wrote to memory of 5008	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	evECLuh.exe
PID 1624 wrote to memory of 5008	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	evECLuh.exe
PID 1624 wrote to memory of 3784	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	urFhMVh.exe
PID 1624 wrote to memory of 3784	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	urFhMVh.exe
PID 1624 wrote to memory of 4108	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	fxsnxQK.exe
PID 1624 wrote to memory of 4108	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	fxsnxQK.exe
PID 1624 wrote to memory of 4524	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	FPerytp.exe
PID 1624 wrote to memory of 4524	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	FPerytp.exe
PID 1624 wrote to memory of 2944	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	NFhEjlz.exe
PID 1624 wrote to memory of 2944	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	NFhEjlz.exe
PID 1624 wrote to memory of 4932	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ABqoVGW.exe
PID 1624 wrote to memory of 4932	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	ABqoVGW.exe
PID 1624 wrote to memory of 4668	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	aefOSMI.exe
PID 1624 wrote to memory of 4668	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	aefOSMI.exe
PID 1624 wrote to memory of 4916	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	KGZczMY.exe
PID 1624 wrote to memory of 4916	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	KGZczMY.exe
PID 1624 wrote to memory of 4696	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	cfOwWll.exe
PID 1624 wrote to memory of 4696	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	cfOwWll.exe
PID 1624 wrote to memory of 4344	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	KGbLfAz.exe
PID 1624 wrote to memory of 4344	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	KGbLfAz.exe
PID 1624 wrote to memory of 2424	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	EPbgabx.exe
PID 1624 wrote to memory of 2424	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	EPbgabx.exe
PID 1624 wrote to memory of 5036	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	SpyMMGQ.exe
PID 1624 wrote to memory of 5036	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	SpyMMGQ.exe
PID 1624 wrote to memory of 2752	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	hQlQGOJ.exe
PID 1624 wrote to memory of 2752	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	hQlQGOJ.exe
PID 1624 wrote to memory of 940	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	AoKUCYb.exe
PID 1624 wrote to memory of 940	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	AoKUCYb.exe
PID 1624 wrote to memory of 2184	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	fjeDojV.exe
PID 1624 wrote to memory of 2184	1624	3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe	fjeDojV.exe

C:\Users\Admin\AppData\Local\Temp\3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3596451b45a9895c18d7d1690673de7224e254fa9dfc11da79707e0601382f68_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1624

C:\Windows\System32\UGSsmpm.exe
C:\Windows\System32\UGSsmpm.exe
2⤵
- Executes dropped EXE
PID:4316

C:\Windows\System32\MtWhHcX.exe
C:\Windows\System32\MtWhHcX.exe
2⤵
- Executes dropped EXE
PID:2544

C:\Windows\System32\miGAOcN.exe
C:\Windows\System32\miGAOcN.exe
2⤵
- Executes dropped EXE
PID:4128

C:\Windows\System32\LMHzWaD.exe
C:\Windows\System32\LMHzWaD.exe
2⤵
- Executes dropped EXE
PID:5016

C:\Windows\System32\ODxRhCl.exe
C:\Windows\System32\ODxRhCl.exe
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\System32\jyWJrVO.exe
C:\Windows\System32\jyWJrVO.exe
2⤵
- Executes dropped EXE
PID:3736

C:\Windows\System32\PwkoOKw.exe
C:\Windows\System32\PwkoOKw.exe
2⤵
- Executes dropped EXE
PID:4500

C:\Windows\System32\LJAWJWg.exe
C:\Windows\System32\LJAWJWg.exe
2⤵
- Executes dropped EXE
PID:5064

C:\Windows\System32\rJxuyiJ.exe
C:\Windows\System32\rJxuyiJ.exe
2⤵
- Executes dropped EXE
PID:1608

C:\Windows\System32\cdvcLOi.exe
C:\Windows\System32\cdvcLOi.exe
2⤵
- Executes dropped EXE
PID:1364

C:\Windows\System32\NcmJEiP.exe
C:\Windows\System32\NcmJEiP.exe
2⤵
- Executes dropped EXE
PID:5104

C:\Windows\System32\eorSHRZ.exe
C:\Windows\System32\eorSHRZ.exe
2⤵
- Executes dropped EXE
PID:3016

C:\Windows\System32\SaYndgc.exe
C:\Windows\System32\SaYndgc.exe
2⤵
- Executes dropped EXE
PID:3004

C:\Windows\System32\jTVemwa.exe
C:\Windows\System32\jTVemwa.exe
2⤵
- Executes dropped EXE
PID:2028

C:\Windows\System32\RHbEbYU.exe
C:\Windows\System32\RHbEbYU.exe
2⤵
- Executes dropped EXE
PID:536

C:\Windows\System32\ryOWdlJ.exe
C:\Windows\System32\ryOWdlJ.exe
2⤵
- Executes dropped EXE
PID:320

C:\Windows\System32\HvxMTHY.exe
C:\Windows\System32\HvxMTHY.exe
2⤵
- Executes dropped EXE
PID:3292

C:\Windows\System32\evECLuh.exe
C:\Windows\System32\evECLuh.exe
2⤵
- Executes dropped EXE
PID:5008

C:\Windows\System32\urFhMVh.exe
C:\Windows\System32\urFhMVh.exe
2⤵
- Executes dropped EXE
PID:3784

C:\Windows\System32\fxsnxQK.exe
C:\Windows\System32\fxsnxQK.exe
2⤵
- Executes dropped EXE
PID:4108

C:\Windows\System32\FPerytp.exe
C:\Windows\System32\FPerytp.exe
2⤵
- Executes dropped EXE
PID:4524

C:\Windows\System32\NFhEjlz.exe
C:\Windows\System32\NFhEjlz.exe
2⤵
- Executes dropped EXE
PID:2944

C:\Windows\System32\ABqoVGW.exe
C:\Windows\System32\ABqoVGW.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System32\aefOSMI.exe
C:\Windows\System32\aefOSMI.exe
2⤵
- Executes dropped EXE
PID:4668

C:\Windows\System32\KGZczMY.exe
C:\Windows\System32\KGZczMY.exe
2⤵
- Executes dropped EXE
PID:4916

C:\Windows\System32\cfOwWll.exe
C:\Windows\System32\cfOwWll.exe
2⤵
- Executes dropped EXE
PID:4696

C:\Windows\System32\KGbLfAz.exe
C:\Windows\System32\KGbLfAz.exe
2⤵
- Executes dropped EXE
PID:4344

C:\Windows\System32\EPbgabx.exe
C:\Windows\System32\EPbgabx.exe
2⤵
- Executes dropped EXE
PID:2424

C:\Windows\System32\SpyMMGQ.exe
C:\Windows\System32\SpyMMGQ.exe
2⤵
- Executes dropped EXE
PID:5036

C:\Windows\System32\hQlQGOJ.exe
C:\Windows\System32\hQlQGOJ.exe
2⤵
- Executes dropped EXE
PID:2752

C:\Windows\System32\AoKUCYb.exe
C:\Windows\System32\AoKUCYb.exe
2⤵
- Executes dropped EXE
PID:940

C:\Windows\System32\fjeDojV.exe
C:\Windows\System32\fjeDojV.exe
2⤵
- Executes dropped EXE
PID:2184

C:\Windows\System32\hLXtMGb.exe
C:\Windows\System32\hLXtMGb.exe
2⤵
- Executes dropped EXE
PID:2108

C:\Windows\System32\GyHUiFy.exe
C:\Windows\System32\GyHUiFy.exe
2⤵
- Executes dropped EXE
PID:432

C:\Windows\System32\KJDNgML.exe
C:\Windows\System32\KJDNgML.exe
2⤵
- Executes dropped EXE
PID:3672

C:\Windows\System32\eHTqnCI.exe
C:\Windows\System32\eHTqnCI.exe
2⤵
- Executes dropped EXE
PID:1644

C:\Windows\System32\XInCsGR.exe
C:\Windows\System32\XInCsGR.exe
2⤵
- Executes dropped EXE
PID:3432

C:\Windows\System32\KiNgidA.exe
C:\Windows\System32\KiNgidA.exe
2⤵
- Executes dropped EXE
PID:3324

C:\Windows\System32\fMKlffb.exe
C:\Windows\System32\fMKlffb.exe
2⤵
- Executes dropped EXE
PID:1420

C:\Windows\System32\vrbmZXV.exe
C:\Windows\System32\vrbmZXV.exe
2⤵
- Executes dropped EXE
PID:4912

C:\Windows\System32\yGKdvvC.exe
C:\Windows\System32\yGKdvvC.exe
2⤵
- Executes dropped EXE
PID:2476

C:\Windows\System32\fGEfSdn.exe
C:\Windows\System32\fGEfSdn.exe
2⤵
- Executes dropped EXE
PID:4372

C:\Windows\System32\gGtnyIc.exe
C:\Windows\System32\gGtnyIc.exe
2⤵
- Executes dropped EXE
PID:3108

C:\Windows\System32\xKUZWMj.exe
C:\Windows\System32\xKUZWMj.exe
2⤵
- Executes dropped EXE
PID:2276

C:\Windows\System32\cvpKyPw.exe
C:\Windows\System32\cvpKyPw.exe
2⤵
- Executes dropped EXE
PID:648

C:\Windows\System32\fQzZglY.exe
C:\Windows\System32\fQzZglY.exe
2⤵
- Executes dropped EXE
PID:2912

C:\Windows\System32\gGueSLW.exe
C:\Windows\System32\gGueSLW.exe
2⤵
- Executes dropped EXE
PID:2712

C:\Windows\System32\YcjBuhV.exe
C:\Windows\System32\YcjBuhV.exe
2⤵
- Executes dropped EXE
PID:380

C:\Windows\System32\RRbhGdi.exe
C:\Windows\System32\RRbhGdi.exe
2⤵
- Executes dropped EXE
PID:5116

C:\Windows\System32\buGwFUb.exe
C:\Windows\System32\buGwFUb.exe
2⤵
- Executes dropped EXE
PID:208

C:\Windows\System32\plgRjsA.exe
C:\Windows\System32\plgRjsA.exe
2⤵
- Executes dropped EXE
PID:220

C:\Windows\System32\QuqLlqZ.exe
C:\Windows\System32\QuqLlqZ.exe
2⤵
- Executes dropped EXE
PID:4896

C:\Windows\System32\vrAokQg.exe
C:\Windows\System32\vrAokQg.exe
2⤵
- Executes dropped EXE
PID:4352

C:\Windows\System32\tldIgCa.exe
C:\Windows\System32\tldIgCa.exe
2⤵
- Executes dropped EXE
PID:3780

C:\Windows\System32\RtdkMrG.exe
C:\Windows\System32\RtdkMrG.exe
2⤵
- Executes dropped EXE
PID:4436

C:\Windows\System32\xZqJTLt.exe
C:\Windows\System32\xZqJTLt.exe
2⤵
- Executes dropped EXE
PID:1772

C:\Windows\System32\IkWAVKw.exe
C:\Windows\System32\IkWAVKw.exe
2⤵
- Executes dropped EXE
PID:2772

C:\Windows\System32\siqGvyo.exe
C:\Windows\System32\siqGvyo.exe
2⤵
- Executes dropped EXE
PID:2164

C:\Windows\System32\SaEMvYG.exe
C:\Windows\System32\SaEMvYG.exe
2⤵
- Executes dropped EXE
PID:1100

C:\Windows\System32\OnLMLIC.exe
C:\Windows\System32\OnLMLIC.exe
2⤵
- Executes dropped EXE
PID:4876

C:\Windows\System32\yrUOUCo.exe
C:\Windows\System32\yrUOUCo.exe
2⤵
- Executes dropped EXE
PID:2092

C:\Windows\System32\KJRerPk.exe
C:\Windows\System32\KJRerPk.exe
2⤵
- Executes dropped EXE
PID:1076

C:\Windows\System32\prDyzsd.exe
C:\Windows\System32\prDyzsd.exe
2⤵
- Executes dropped EXE
PID:2496

C:\Windows\System32\lQfDUag.exe
C:\Windows\System32\lQfDUag.exe
2⤵
- Executes dropped EXE
PID:2456

C:\Windows\System32\CvXLbLa.exe
C:\Windows\System32\CvXLbLa.exe
2⤵
PID:5108

C:\Windows\System32\eHmKQKN.exe
C:\Windows\System32\eHmKQKN.exe
2⤵
PID:2176

C:\Windows\System32\AvDUbnS.exe
C:\Windows\System32\AvDUbnS.exe
2⤵
PID:4660

C:\Windows\System32\oJRvKdn.exe
C:\Windows\System32\oJRvKdn.exe
2⤵
PID:3808

C:\Windows\System32\bjCJetU.exe
C:\Windows\System32\bjCJetU.exe
2⤵
PID:2420

C:\Windows\System32\YQLZnUA.exe
C:\Windows\System32\YQLZnUA.exe
2⤵
PID:4852

C:\Windows\System32\MidjAKI.exe
C:\Windows\System32\MidjAKI.exe
2⤵
PID:2652

C:\Windows\System32\buaHkGU.exe
C:\Windows\System32\buaHkGU.exe
2⤵
PID:1592

C:\Windows\System32\lDADnYC.exe
C:\Windows\System32\lDADnYC.exe
2⤵
PID:2788

C:\Windows\System32\QANBatN.exe
C:\Windows\System32\QANBatN.exe
2⤵
PID:1588

C:\Windows\System32\EzcnzFA.exe
C:\Windows\System32\EzcnzFA.exe
2⤵
PID:4264

C:\Windows\System32\ePOerFq.exe
C:\Windows\System32\ePOerFq.exe
2⤵
PID:2320

C:\Windows\System32\bXwcjlF.exe
C:\Windows\System32\bXwcjlF.exe
2⤵
PID:3744

C:\Windows\System32\vFezVPF.exe
C:\Windows\System32\vFezVPF.exe
2⤵
PID:5000

C:\Windows\System32\wlUQMrr.exe
C:\Windows\System32\wlUQMrr.exe
2⤵
PID:1884

C:\Windows\System32\mzKUwqH.exe
C:\Windows\System32\mzKUwqH.exe
2⤵
PID:1416

C:\Windows\System32\wQWiKNj.exe
C:\Windows\System32\wQWiKNj.exe
2⤵
PID:5020

C:\Windows\System32\nCPHZRY.exe
C:\Windows\System32\nCPHZRY.exe
2⤵
PID:3656

C:\Windows\System32\QXvagwJ.exe
C:\Windows\System32\QXvagwJ.exe
2⤵
PID:1496

C:\Windows\System32\VLQwBBD.exe
C:\Windows\System32\VLQwBBD.exe
2⤵
PID:4228

C:\Windows\System32\zWBJDZM.exe
C:\Windows\System32\zWBJDZM.exe
2⤵
PID:3204

C:\Windows\System32\WnerpId.exe
C:\Windows\System32\WnerpId.exe
2⤵
PID:3104

C:\Windows\System32\WQQPnsB.exe
C:\Windows\System32\WQQPnsB.exe
2⤵
PID:4636

C:\Windows\System32\pHTjnlS.exe
C:\Windows\System32\pHTjnlS.exe
2⤵
PID:3868

C:\Windows\System32\JNNVkjh.exe
C:\Windows\System32\JNNVkjh.exe
2⤵
PID:2012

C:\Windows\System32\rsnCUyu.exe
C:\Windows\System32\rsnCUyu.exe
2⤵
PID:3328

C:\Windows\System32\grMpEgS.exe
C:\Windows\System32\grMpEgS.exe
2⤵
PID:1972

C:\Windows\System32\AzIICNW.exe
C:\Windows\System32\AzIICNW.exe
2⤵
PID:468

C:\Windows\System32\lPFoPkb.exe
C:\Windows\System32\lPFoPkb.exe
2⤵
PID:5084

C:\Windows\System32\SbktNKY.exe
C:\Windows\System32\SbktNKY.exe
2⤵
PID:1504

C:\Windows\System32\YlrXaoJ.exe
C:\Windows\System32\YlrXaoJ.exe
2⤵
PID:1680

C:\Windows\System32\oIEYTMY.exe
C:\Windows\System32\oIEYTMY.exe
2⤵
PID:2304

C:\Windows\System32\xOyIvvr.exe
C:\Windows\System32\xOyIvvr.exe
2⤵
PID:2872

C:\Windows\System32\nUTinnd.exe
C:\Windows\System32\nUTinnd.exe
2⤵
PID:3880

C:\Windows\System32\PFAaJrx.exe
C:\Windows\System32\PFAaJrx.exe
2⤵
PID:2796

C:\Windows\System32\YSvOeLQ.exe
C:\Windows\System32\YSvOeLQ.exe
2⤵
PID:4280

C:\Windows\System32\xtixnvi.exe
C:\Windows\System32\xtixnvi.exe
2⤵
PID:4008

C:\Windows\System32\pmMIhyT.exe
C:\Windows\System32\pmMIhyT.exe
2⤵
PID:1748

C:\Windows\System32\Mezveot.exe
C:\Windows\System32\Mezveot.exe
2⤵
PID:5160

C:\Windows\System32\bvkplrq.exe
C:\Windows\System32\bvkplrq.exe
2⤵
PID:5176

C:\Windows\System32\QwqYpqZ.exe
C:\Windows\System32\QwqYpqZ.exe
2⤵
PID:5228

C:\Windows\System32\TTLkwuQ.exe
C:\Windows\System32\TTLkwuQ.exe
2⤵
PID:5248

C:\Windows\System32\vzksKYT.exe
C:\Windows\System32\vzksKYT.exe
2⤵
PID:5276

C:\Windows\System32\VpnocZG.exe
C:\Windows\System32\VpnocZG.exe
2⤵
PID:5336

C:\Windows\System32\bjVcYUP.exe
C:\Windows\System32\bjVcYUP.exe
2⤵
PID:5356

C:\Windows\System32\bihAVtl.exe
C:\Windows\System32\bihAVtl.exe
2⤵
PID:5376

C:\Windows\System32\VZiGKZU.exe
C:\Windows\System32\VZiGKZU.exe
2⤵
PID:5392

C:\Windows\System32\zqZGbfT.exe
C:\Windows\System32\zqZGbfT.exe
2⤵
PID:5416

C:\Windows\System32\lkvjoWh.exe
C:\Windows\System32\lkvjoWh.exe
2⤵
PID:5436

C:\Windows\System32\zDACDXH.exe
C:\Windows\System32\zDACDXH.exe
2⤵
PID:5452

C:\Windows\System32\HrRUXKx.exe
C:\Windows\System32\HrRUXKx.exe
2⤵
PID:5476

C:\Windows\System32\YiwAwZu.exe
C:\Windows\System32\YiwAwZu.exe
2⤵
PID:5492

C:\Windows\System32\uTUODFN.exe
C:\Windows\System32\uTUODFN.exe
2⤵
PID:5540

C:\Windows\System32\shAvpwg.exe
C:\Windows\System32\shAvpwg.exe
2⤵
PID:5568

C:\Windows\System32\sgIafBX.exe
C:\Windows\System32\sgIafBX.exe
2⤵
PID:5592

C:\Windows\System32\qxmjXvX.exe
C:\Windows\System32\qxmjXvX.exe
2⤵
PID:5620

C:\Windows\System32\vfTsvHT.exe
C:\Windows\System32\vfTsvHT.exe
2⤵
PID:5636

C:\Windows\System32\kcFwnAz.exe
C:\Windows\System32\kcFwnAz.exe
2⤵
PID:5676

C:\Windows\System32\dMneSCT.exe
C:\Windows\System32\dMneSCT.exe
2⤵
PID:5732

C:\Windows\System32\PexPwfN.exe
C:\Windows\System32\PexPwfN.exe
2⤵
PID:5748

C:\Windows\System32\kEekvco.exe
C:\Windows\System32\kEekvco.exe
2⤵
PID:5804

C:\Windows\System32\PvhWDAV.exe
C:\Windows\System32\PvhWDAV.exe
2⤵
PID:5836

C:\Windows\System32\CSaNeCu.exe
C:\Windows\System32\CSaNeCu.exe
2⤵
PID:5860

C:\Windows\System32\rGaqpoa.exe
C:\Windows\System32\rGaqpoa.exe
2⤵
PID:5888

C:\Windows\System32\cABWpup.exe
C:\Windows\System32\cABWpup.exe
2⤵
PID:5904

C:\Windows\System32\mzxxCYg.exe
C:\Windows\System32\mzxxCYg.exe
2⤵
PID:5940

C:\Windows\System32\bWHKYHI.exe
C:\Windows\System32\bWHKYHI.exe
2⤵
PID:5980

C:\Windows\System32\YtIgsdj.exe
C:\Windows\System32\YtIgsdj.exe
2⤵
PID:6004

C:\Windows\System32\WFuLLAM.exe
C:\Windows\System32\WFuLLAM.exe
2⤵
PID:6032

C:\Windows\System32\Fuohlgj.exe
C:\Windows\System32\Fuohlgj.exe
2⤵
PID:6072

C:\Windows\System32\GQjHkwK.exe
C:\Windows\System32\GQjHkwK.exe
2⤵
PID:6100

C:\Windows\System32\CkiLbFi.exe
C:\Windows\System32\CkiLbFi.exe
2⤵
PID:6124

C:\Windows\System32\PcEZrEv.exe
C:\Windows\System32\PcEZrEv.exe
2⤵
PID:6140

C:\Windows\System32\JlpteoM.exe
C:\Windows\System32\JlpteoM.exe
2⤵
PID:4856

C:\Windows\System32\sBsoRPO.exe
C:\Windows\System32\sBsoRPO.exe
2⤵
PID:2808

C:\Windows\System32\utrOpMr.exe
C:\Windows\System32\utrOpMr.exe
2⤵
PID:4056

C:\Windows\System32\dOYDpeQ.exe
C:\Windows\System32\dOYDpeQ.exe
2⤵
PID:3844

C:\Windows\System32\zTZtzHX.exe
C:\Windows\System32\zTZtzHX.exe
2⤵
PID:1500

C:\Windows\System32\fqOozER.exe
C:\Windows\System32\fqOozER.exe
2⤵
PID:5224

C:\Windows\System32\juOQvSH.exe
C:\Windows\System32\juOQvSH.exe
2⤵
PID:5272

C:\Windows\System32\uZJgXMO.exe
C:\Windows\System32\uZJgXMO.exe
2⤵
PID:5244

C:\Windows\System32\uORubfJ.exe
C:\Windows\System32\uORubfJ.exe
2⤵
PID:2932

C:\Windows\System32\xEsWYSv.exe
C:\Windows\System32\xEsWYSv.exe
2⤵
PID:1148

C:\Windows\System32\wxGhPvQ.exe
C:\Windows\System32\wxGhPvQ.exe
2⤵
PID:5348

C:\Windows\System32\srKyYjw.exe
C:\Windows\System32\srKyYjw.exe
2⤵
PID:5432

C:\Windows\System32\DJEjBdm.exe
C:\Windows\System32\DJEjBdm.exe
2⤵
PID:5588

C:\Windows\System32\VXknmLs.exe
C:\Windows\System32\VXknmLs.exe
2⤵
PID:5560

C:\Windows\System32\KaCvftZ.exe
C:\Windows\System32\KaCvftZ.exe
2⤵
PID:5672

C:\Windows\System32\PPPTTNm.exe
C:\Windows\System32\PPPTTNm.exe
2⤵
PID:5656

C:\Windows\System32\QqQrBec.exe
C:\Windows\System32\QqQrBec.exe
2⤵
PID:5744

C:\Windows\System32\sicrZgW.exe
C:\Windows\System32\sicrZgW.exe
2⤵
PID:5820

C:\Windows\System32\ZWpwIxr.exe
C:\Windows\System32\ZWpwIxr.exe
2⤵
PID:5852

C:\Windows\System32\CyQIemr.exe
C:\Windows\System32\CyQIemr.exe
2⤵
PID:5976

C:\Windows\System32\Oqkvusi.exe
C:\Windows\System32\Oqkvusi.exe
2⤵
PID:6048

C:\Windows\System32\LuJiwJW.exe
C:\Windows\System32\LuJiwJW.exe
2⤵
PID:6132

C:\Windows\System32\iepOzbs.exe
C:\Windows\System32\iepOzbs.exe
2⤵
PID:5060

C:\Windows\System32\ldjnxUa.exe
C:\Windows\System32\ldjnxUa.exe
2⤵
PID:5128

C:\Windows\System32\LLKbAUU.exe
C:\Windows\System32\LLKbAUU.exe
2⤵
PID:2896

C:\Windows\System32\KHXyuWo.exe
C:\Windows\System32\KHXyuWo.exe
2⤵
PID:5268

C:\Windows\System32\DEZnTGQ.exe
C:\Windows\System32\DEZnTGQ.exe
2⤵
PID:3836

C:\Windows\System32\lPXbjYZ.exe
C:\Windows\System32\lPXbjYZ.exe
2⤵
PID:3416

C:\Windows\System32\QyQtKeM.exe
C:\Windows\System32\QyQtKeM.exe
2⤵
PID:2964

C:\Windows\System32\CkSpHKR.exe
C:\Windows\System32\CkSpHKR.exe
2⤵
PID:5612

C:\Windows\System32\cEQOIeF.exe
C:\Windows\System32\cEQOIeF.exe
2⤵
PID:5932

C:\Windows\System32\KFTYuTg.exe
C:\Windows\System32\KFTYuTg.exe
2⤵
PID:4420

C:\Windows\System32\SgdvZaG.exe
C:\Windows\System32\SgdvZaG.exe
2⤵
PID:6112

C:\Windows\System32\VFqwbQw.exe
C:\Windows\System32\VFqwbQw.exe
2⤵
PID:1828

C:\Windows\System32\RDAOPIU.exe
C:\Windows\System32\RDAOPIU.exe
2⤵
PID:3916

C:\Windows\System32\pwcJSQy.exe
C:\Windows\System32\pwcJSQy.exe
2⤵
PID:5296

C:\Windows\System32\fkIJUyE.exe
C:\Windows\System32\fkIJUyE.exe
2⤵
PID:5632

C:\Windows\System32\ejmzoMG.exe
C:\Windows\System32\ejmzoMG.exe
2⤵
PID:5756

C:\Windows\System32\heddppx.exe
C:\Windows\System32\heddppx.exe
2⤵
PID:6136

C:\Windows\System32\RjQmMEW.exe
C:\Windows\System32\RjQmMEW.exe
2⤵
PID:5304

C:\Windows\System32\BviiBtU.exe
C:\Windows\System32\BviiBtU.exe
2⤵
PID:672

C:\Windows\System32\uzWSvMj.exe
C:\Windows\System32\uzWSvMj.exe
2⤵
PID:6200

C:\Windows\System32\lGMOSWK.exe
C:\Windows\System32\lGMOSWK.exe
2⤵
PID:6224

C:\Windows\System32\MgfaWCs.exe
C:\Windows\System32\MgfaWCs.exe
2⤵
PID:6252

C:\Windows\System32\vxEnlHc.exe
C:\Windows\System32\vxEnlHc.exe
2⤵
PID:6272

C:\Windows\System32\mngccJI.exe
C:\Windows\System32\mngccJI.exe
2⤵
PID:6288

C:\Windows\System32\WudUjfr.exe
C:\Windows\System32\WudUjfr.exe
2⤵
PID:6340

C:\Windows\System32\uZRwYRJ.exe
C:\Windows\System32\uZRwYRJ.exe
2⤵
PID:6368

C:\Windows\System32\yDvwLfr.exe
C:\Windows\System32\yDvwLfr.exe
2⤵
PID:6396

C:\Windows\System32\qYpbJUq.exe
C:\Windows\System32\qYpbJUq.exe
2⤵
PID:6420

C:\Windows\System32\MunZXTP.exe
C:\Windows\System32\MunZXTP.exe
2⤵
PID:6452

C:\Windows\System32\AGkwCxk.exe
C:\Windows\System32\AGkwCxk.exe
2⤵
PID:6468

C:\Windows\System32\cCFCWiM.exe
C:\Windows\System32\cCFCWiM.exe
2⤵
PID:6488

C:\Windows\System32\zpDhLOj.exe
C:\Windows\System32\zpDhLOj.exe
2⤵
PID:6532

C:\Windows\System32\iRsknGt.exe
C:\Windows\System32\iRsknGt.exe
2⤵
PID:6556

C:\Windows\System32\OwROeis.exe
C:\Windows\System32\OwROeis.exe
2⤵
PID:6596

C:\Windows\System32\dpMvDJN.exe
C:\Windows\System32\dpMvDJN.exe
2⤵
PID:6624

C:\Windows\System32\dPKcdmQ.exe
C:\Windows\System32\dPKcdmQ.exe
2⤵
PID:6648

C:\Windows\System32\lxclsqq.exe
C:\Windows\System32\lxclsqq.exe
2⤵
PID:6692

C:\Windows\System32\PElEZjt.exe
C:\Windows\System32\PElEZjt.exe
2⤵
PID:6708

C:\Windows\System32\mcfOMLs.exe
C:\Windows\System32\mcfOMLs.exe
2⤵
PID:6732

C:\Windows\System32\IqTcmTp.exe
C:\Windows\System32\IqTcmTp.exe
2⤵
PID:6752

C:\Windows\System32\OYGWvwG.exe
C:\Windows\System32\OYGWvwG.exe
2⤵
PID:6772

C:\Windows\System32\NFebMSL.exe
C:\Windows\System32\NFebMSL.exe
2⤵
PID:6824

C:\Windows\System32\VcxYuSx.exe
C:\Windows\System32\VcxYuSx.exe
2⤵
PID:6848

C:\Windows\System32\eLUDYdV.exe
C:\Windows\System32\eLUDYdV.exe
2⤵
PID:6864

C:\Windows\System32\NDIXGwq.exe
C:\Windows\System32\NDIXGwq.exe
2⤵
PID:6916

C:\Windows\System32\mOHNLaM.exe
C:\Windows\System32\mOHNLaM.exe
2⤵
PID:6936

C:\Windows\System32\TEssHVh.exe
C:\Windows\System32\TEssHVh.exe
2⤵
PID:6968

C:\Windows\System32\fyJddme.exe
C:\Windows\System32\fyJddme.exe
2⤵
PID:6988

C:\Windows\System32\ySoKvdw.exe
C:\Windows\System32\ySoKvdw.exe
2⤵
PID:7008

C:\Windows\System32\MVhHSpH.exe
C:\Windows\System32\MVhHSpH.exe
2⤵
PID:7044

C:\Windows\System32\HAngmxS.exe
C:\Windows\System32\HAngmxS.exe
2⤵
PID:7060

C:\Windows\System32\HTEdAMN.exe
C:\Windows\System32\HTEdAMN.exe
2⤵
PID:7088

C:\Windows\System32\OfkAcHo.exe
C:\Windows\System32\OfkAcHo.exe
2⤵
PID:7132

C:\Windows\System32\eujmxWJ.exe
C:\Windows\System32\eujmxWJ.exe
2⤵
PID:2020

C:\Windows\System32\AiLjoPm.exe
C:\Windows\System32\AiLjoPm.exe
2⤵
PID:6164

C:\Windows\System32\PysgwAC.exe
C:\Windows\System32\PysgwAC.exe
2⤵
PID:6216

C:\Windows\System32\NixpAhq.exe
C:\Windows\System32\NixpAhq.exe
2⤵
PID:6280

C:\Windows\System32\aduJAYx.exe
C:\Windows\System32\aduJAYx.exe
2⤵
PID:6356

C:\Windows\System32\AOHGXib.exe
C:\Windows\System32\AOHGXib.exe
2⤵
PID:6428

C:\Windows\System32\qKkeugo.exe
C:\Windows\System32\qKkeugo.exe
2⤵
PID:6480

C:\Windows\System32\GZsKUSm.exe
C:\Windows\System32\GZsKUSm.exe
2⤵
PID:6540

C:\Windows\System32\VXZZxLc.exe
C:\Windows\System32\VXZZxLc.exe
2⤵
PID:6592

C:\Windows\System32\EQlGufP.exe
C:\Windows\System32\EQlGufP.exe
2⤵
PID:6656

C:\Windows\System32\mqBegEq.exe
C:\Windows\System32\mqBegEq.exe
2⤵
PID:6728

C:\Windows\System32\byxoGbJ.exe
C:\Windows\System32\byxoGbJ.exe
2⤵
PID:6808

C:\Windows\System32\pjZQQkI.exe
C:\Windows\System32\pjZQQkI.exe
2⤵
PID:6840

C:\Windows\System32\JDwCWth.exe
C:\Windows\System32\JDwCWth.exe
2⤵
PID:6876

C:\Windows\System32\fCygQlo.exe
C:\Windows\System32\fCygQlo.exe
2⤵
PID:6996

C:\Windows\System32\BNjteCe.exe
C:\Windows\System32\BNjteCe.exe
2⤵
PID:7068

C:\Windows\System32\DbwnWok.exe
C:\Windows\System32\DbwnWok.exe
2⤵
PID:7108

C:\Windows\System32\sBxCVTR.exe
C:\Windows\System32\sBxCVTR.exe
2⤵
PID:5428

C:\Windows\System32\fqiMGvh.exe
C:\Windows\System32\fqiMGvh.exe
2⤵
PID:6384

C:\Windows\System32\AmHukch.exe
C:\Windows\System32\AmHukch.exe
2⤵
PID:6512

C:\Windows\System32\HaRZJtJ.exe
C:\Windows\System32\HaRZJtJ.exe
2⤵
PID:6608

C:\Windows\System32\OcfZTCB.exe
C:\Windows\System32\OcfZTCB.exe
2⤵
PID:6764

C:\Windows\System32\RFDrUsC.exe
C:\Windows\System32\RFDrUsC.exe
2⤵
PID:6932

C:\Windows\System32\sVuyVxx.exe
C:\Windows\System32\sVuyVxx.exe
2⤵
PID:7052

C:\Windows\System32\ZcfNokW.exe
C:\Windows\System32\ZcfNokW.exe
2⤵
PID:7160

C:\Windows\System32\zVlKlxH.exe
C:\Windows\System32\zVlKlxH.exe
2⤵
PID:6676

C:\Windows\System32\siwoFyD.exe
C:\Windows\System32\siwoFyD.exe
2⤵
PID:6724

C:\Windows\System32\JzNbOil.exe
C:\Windows\System32\JzNbOil.exe
2⤵
PID:6336

C:\Windows\System32\lZLNHEH.exe
C:\Windows\System32\lZLNHEH.exe
2⤵
PID:7056

C:\Windows\System32\xAfRQTK.exe
C:\Windows\System32\xAfRQTK.exe
2⤵
PID:7172

C:\Windows\System32\IJNOjyW.exe
C:\Windows\System32\IJNOjyW.exe
2⤵
PID:7196

C:\Windows\System32\ZBRNFZh.exe
C:\Windows\System32\ZBRNFZh.exe
2⤵
PID:7220

C:\Windows\System32\jgOtZus.exe
C:\Windows\System32\jgOtZus.exe
2⤵
PID:7272

C:\Windows\System32\rwuYOlY.exe
C:\Windows\System32\rwuYOlY.exe
2⤵
PID:7292

C:\Windows\System32\FllPDnT.exe
C:\Windows\System32\FllPDnT.exe
2⤵
PID:7332

C:\Windows\System32\xdvgsiI.exe
C:\Windows\System32\xdvgsiI.exe
2⤵
PID:7368

C:\Windows\System32\lrkwSFe.exe
C:\Windows\System32\lrkwSFe.exe
2⤵
PID:7396

C:\Windows\System32\CIMaSpV.exe
C:\Windows\System32\CIMaSpV.exe
2⤵
PID:7416

C:\Windows\System32\FNKagpa.exe
C:\Windows\System32\FNKagpa.exe
2⤵
PID:7436

C:\Windows\System32\osaloCo.exe
C:\Windows\System32\osaloCo.exe
2⤵
PID:7480

C:\Windows\System32\SayfpOO.exe
C:\Windows\System32\SayfpOO.exe
2⤵
PID:7500

C:\Windows\System32\FYPHSjD.exe
C:\Windows\System32\FYPHSjD.exe
2⤵
PID:7520

C:\Windows\System32\QzpuOsi.exe
C:\Windows\System32\QzpuOsi.exe
2⤵
PID:7556

C:\Windows\System32\Qdqpsbh.exe
C:\Windows\System32\Qdqpsbh.exe
2⤵
PID:7576

C:\Windows\System32\coFjxJa.exe
C:\Windows\System32\coFjxJa.exe
2⤵
PID:7592

C:\Windows\System32\uMlkpRu.exe
C:\Windows\System32\uMlkpRu.exe
2⤵
PID:7620

C:\Windows\System32\GNIXOdE.exe
C:\Windows\System32\GNIXOdE.exe
2⤵
PID:7640

C:\Windows\System32\RMazWZQ.exe
C:\Windows\System32\RMazWZQ.exe
2⤵
PID:7684

C:\Windows\System32\fBUQWNr.exe
C:\Windows\System32\fBUQWNr.exe
2⤵
PID:7716

C:\Windows\System32\YpfEeKg.exe
C:\Windows\System32\YpfEeKg.exe
2⤵
PID:7844

C:\Windows\System32\hPDhndm.exe
C:\Windows\System32\hPDhndm.exe
2⤵
PID:7884

C:\Windows\System32\RawvbGa.exe
C:\Windows\System32\RawvbGa.exe
2⤵
PID:7900

C:\Windows\System32\SykSgRu.exe
C:\Windows\System32\SykSgRu.exe
2⤵
PID:7916

C:\Windows\System32\bcvttoL.exe
C:\Windows\System32\bcvttoL.exe
2⤵
PID:7940

C:\Windows\System32\fMfZHeZ.exe
C:\Windows\System32\fMfZHeZ.exe
2⤵
PID:8016

C:\Windows\System32\VRnFgxF.exe
C:\Windows\System32\VRnFgxF.exe
2⤵
PID:8040

C:\Windows\System32\FFweWWt.exe
C:\Windows\System32\FFweWWt.exe
2⤵
PID:8068

C:\Windows\System32\oBVnxJJ.exe
C:\Windows\System32\oBVnxJJ.exe
2⤵
PID:8100

C:\Windows\System32\myBbESP.exe
C:\Windows\System32\myBbESP.exe
2⤵
PID:8124

C:\Windows\System32\bcdoekS.exe
C:\Windows\System32\bcdoekS.exe
2⤵
PID:8148

C:\Windows\System32\zVOzTQg.exe
C:\Windows\System32\zVOzTQg.exe
2⤵
PID:8168

C:\Windows\System32\HcDgATd.exe
C:\Windows\System32\HcDgATd.exe
2⤵
PID:6408

C:\Windows\System32\QsrnwaF.exe
C:\Windows\System32\QsrnwaF.exe
2⤵
PID:7192

C:\Windows\System32\FkQTPwf.exe
C:\Windows\System32\FkQTPwf.exe
2⤵
PID:7320

C:\Windows\System32\rWnkXkE.exe
C:\Windows\System32\rWnkXkE.exe
2⤵
PID:7388

C:\Windows\System32\iTLcAAZ.exe
C:\Windows\System32\iTLcAAZ.exe
2⤵
PID:7448

C:\Windows\System32\uMayYbL.exe
C:\Windows\System32\uMayYbL.exe
2⤵
PID:7472

C:\Windows\System32\CwyWBcz.exe
C:\Windows\System32\CwyWBcz.exe
2⤵
PID:7568

C:\Windows\System32\FCRxsME.exe
C:\Windows\System32\FCRxsME.exe
2⤵
PID:7636

C:\Windows\System32\xECIdyn.exe
C:\Windows\System32\xECIdyn.exe
2⤵
PID:7696

C:\Windows\System32\ugzNbfG.exe
C:\Windows\System32\ugzNbfG.exe
2⤵
PID:7772

C:\Windows\System32\bLErKNU.exe
C:\Windows\System32\bLErKNU.exe
2⤵
PID:7724

C:\Windows\System32\vaCKUQm.exe
C:\Windows\System32\vaCKUQm.exe
2⤵
PID:7768

C:\Windows\System32\tejprtk.exe
C:\Windows\System32\tejprtk.exe
2⤵
PID:7800

C:\Windows\System32\SSdTOsB.exe
C:\Windows\System32\SSdTOsB.exe
2⤵
PID:7952

C:\Windows\System32\FbwAZuj.exe
C:\Windows\System32\FbwAZuj.exe
2⤵
PID:7936

C:\Windows\System32\qJJBSdN.exe
C:\Windows\System32\qJJBSdN.exe
2⤵
PID:7976

C:\Windows\System32\oJxoXxz.exe
C:\Windows\System32\oJxoXxz.exe
2⤵
PID:8084

C:\Windows\System32\ibIhxsl.exe
C:\Windows\System32\ibIhxsl.exe
2⤵
PID:6572

C:\Windows\System32\sarjbsU.exe
C:\Windows\System32\sarjbsU.exe
2⤵
PID:8156

C:\Windows\System32\PxYCtoR.exe
C:\Windows\System32\PxYCtoR.exe
2⤵
PID:7240

C:\Windows\System32\ToEoKBx.exe
C:\Windows\System32\ToEoKBx.exe
2⤵
PID:7496

C:\Windows\System32\NffQoBw.exe
C:\Windows\System32\NffQoBw.exe
2⤵
PID:7728

C:\Windows\System32\JHtUTWd.exe
C:\Windows\System32\JHtUTWd.exe
2⤵
PID:7700

C:\Windows\System32\RKAeGJh.exe
C:\Windows\System32\RKAeGJh.exe
2⤵
PID:7852

C:\Windows\System32\xZrRhuW.exe
C:\Windows\System32\xZrRhuW.exe
2⤵
PID:8048

C:\Windows\System32\maAwBjp.exe
C:\Windows\System32\maAwBjp.exe
2⤵
PID:8108

C:\Windows\System32\MyitsMq.exe
C:\Windows\System32\MyitsMq.exe
2⤵
PID:7404

C:\Windows\System32\eJsjLYE.exe
C:\Windows\System32\eJsjLYE.exe
2⤵
PID:7604

C:\Windows\System32\whuDMmV.exe
C:\Windows\System32\whuDMmV.exe
2⤵
PID:7744

C:\Windows\System32\NfzuXxW.exe
C:\Windows\System32\NfzuXxW.exe
2⤵
PID:7892

C:\Windows\System32\ESQEPbZ.exe
C:\Windows\System32\ESQEPbZ.exe
2⤵
PID:7692

C:\Windows\System32\ReCtPSY.exe
C:\Windows\System32\ReCtPSY.exe
2⤵
PID:8176

C:\Windows\System32\cCfzTUu.exe
C:\Windows\System32\cCfzTUu.exe
2⤵
PID:8208

C:\Windows\System32\nQEEjwa.exe
C:\Windows\System32\nQEEjwa.exe
2⤵
PID:8232

C:\Windows\System32\CAPozdA.exe
C:\Windows\System32\CAPozdA.exe
2⤵
PID:8256

C:\Windows\System32\BRUHFOx.exe
C:\Windows\System32\BRUHFOx.exe
2⤵
PID:8284

C:\Windows\System32\enpNagi.exe
C:\Windows\System32\enpNagi.exe
2⤵
PID:8324

C:\Windows\System32\cznXUat.exe
C:\Windows\System32\cznXUat.exe
2⤵
PID:8356

C:\Windows\System32\ZaQCtZy.exe
C:\Windows\System32\ZaQCtZy.exe
2⤵
PID:8380

C:\Windows\System32\oIBKGqi.exe
C:\Windows\System32\oIBKGqi.exe
2⤵
PID:8400

C:\Windows\System32\MWgLmGY.exe
C:\Windows\System32\MWgLmGY.exe
2⤵
PID:8416

C:\Windows\System32\KDKUTiw.exe
C:\Windows\System32\KDKUTiw.exe
2⤵
PID:8432

C:\Windows\System32\VHDVrhg.exe
C:\Windows\System32\VHDVrhg.exe
2⤵
PID:8452

C:\Windows\System32\fLKlJHE.exe
C:\Windows\System32\fLKlJHE.exe
2⤵
PID:8468

C:\Windows\System32\GxlxVFR.exe
C:\Windows\System32\GxlxVFR.exe
2⤵
PID:8492

C:\Windows\System32\qZEbXTx.exe
C:\Windows\System32\qZEbXTx.exe
2⤵
PID:8524

C:\Windows\System32\AnnkWEq.exe
C:\Windows\System32\AnnkWEq.exe
2⤵
PID:8600

C:\Windows\System32\mAPsmdr.exe
C:\Windows\System32\mAPsmdr.exe
2⤵
PID:8632

C:\Windows\System32\JVqHeat.exe
C:\Windows\System32\JVqHeat.exe
2⤵
PID:8660

C:\Windows\System32\YUKusTW.exe
C:\Windows\System32\YUKusTW.exe
2⤵
PID:8692

C:\Windows\System32\OrQhuOu.exe
C:\Windows\System32\OrQhuOu.exe
2⤵
PID:8716

C:\Windows\System32\AfFycnW.exe
C:\Windows\System32\AfFycnW.exe
2⤵
PID:8736

C:\Windows\System32\RakjCUj.exe
C:\Windows\System32\RakjCUj.exe
2⤵
PID:8756

C:\Windows\System32\fUdTmfS.exe
C:\Windows\System32\fUdTmfS.exe
2⤵
PID:8800

C:\Windows\System32\WNWLWIb.exe
C:\Windows\System32\WNWLWIb.exe
2⤵
PID:8820

C:\Windows\System32\hCAOuaE.exe
C:\Windows\System32\hCAOuaE.exe
2⤵
PID:8852

C:\Windows\System32\imlJpxq.exe
C:\Windows\System32\imlJpxq.exe
2⤵
PID:8888

C:\Windows\System32\SShdujv.exe
C:\Windows\System32\SShdujv.exe
2⤵
PID:8920

C:\Windows\System32\OqHbFAr.exe
C:\Windows\System32\OqHbFAr.exe
2⤵
PID:8944

C:\Windows\System32\mwKKsyr.exe
C:\Windows\System32\mwKKsyr.exe
2⤵
PID:8964

C:\Windows\System32\Myznlux.exe
C:\Windows\System32\Myznlux.exe
2⤵
PID:8988

C:\Windows\System32\CumdOAm.exe
C:\Windows\System32\CumdOAm.exe
2⤵
PID:9016

C:\Windows\System32\jEqgSve.exe
C:\Windows\System32\jEqgSve.exe
2⤵
PID:9056

C:\Windows\System32\BUcweEr.exe
C:\Windows\System32\BUcweEr.exe
2⤵
PID:9080

C:\Windows\System32\wxnDTwB.exe
C:\Windows\System32\wxnDTwB.exe
2⤵
PID:9096

C:\Windows\System32\Hydzljq.exe
C:\Windows\System32\Hydzljq.exe
2⤵
PID:9144

C:\Windows\System32\whcmrDZ.exe
C:\Windows\System32\whcmrDZ.exe
2⤵
PID:9164

C:\Windows\System32\KwjJUKn.exe
C:\Windows\System32\KwjJUKn.exe
2⤵
PID:9200

C:\Windows\System32\fYwSflb.exe
C:\Windows\System32\fYwSflb.exe
2⤵
PID:8220

C:\Windows\System32\pihoSLH.exe
C:\Windows\System32\pihoSLH.exe
2⤵
PID:8244

C:\Windows\System32\hEzFFHq.exe
C:\Windows\System32\hEzFFHq.exe
2⤵
PID:8308

C:\Windows\System32\kIqkVvS.exe
C:\Windows\System32\kIqkVvS.exe
2⤵
PID:8372

C:\Windows\System32\EjPoLOc.exe
C:\Windows\System32\EjPoLOc.exe
2⤵
PID:8488

C:\Windows\System32\xLcGcCy.exe
C:\Windows\System32\xLcGcCy.exe
2⤵
PID:8532

C:\Windows\System32\kyVWyCy.exe
C:\Windows\System32\kyVWyCy.exe
2⤵
PID:8608

C:\Windows\System32\WKWBfod.exe
C:\Windows\System32\WKWBfod.exe
2⤵
PID:8640

C:\Windows\System32\CfCJLbP.exe
C:\Windows\System32\CfCJLbP.exe
2⤵
PID:8724

C:\Windows\System32\Vmrpieb.exe
C:\Windows\System32\Vmrpieb.exe
2⤵
PID:8812

C:\Windows\System32\iKaqJYj.exe
C:\Windows\System32\iKaqJYj.exe
2⤵
PID:5256

C:\Windows\System32\mGpWWkq.exe
C:\Windows\System32\mGpWWkq.exe
2⤵
PID:8952

C:\Windows\System32\aJRZtSK.exe
C:\Windows\System32\aJRZtSK.exe
2⤵
PID:8996

C:\Windows\System32\jRtBWaf.exe
C:\Windows\System32\jRtBWaf.exe
2⤵
PID:9072

C:\Windows\System32\nzotCPJ.exe
C:\Windows\System32\nzotCPJ.exe
2⤵
PID:9112

C:\Windows\System32\WcbIdcy.exe
C:\Windows\System32\WcbIdcy.exe
2⤵
PID:9208

C:\Windows\System32\XXLLVVA.exe
C:\Windows\System32\XXLLVVA.exe
2⤵
PID:8312

C:\Windows\System32\jQRcIMp.exe
C:\Windows\System32\jQRcIMp.exe
2⤵
PID:8412

C:\Windows\System32\NxzGfkr.exe
C:\Windows\System32\NxzGfkr.exe
2⤵
PID:8508

C:\Windows\System32\AGUAdTZ.exe
C:\Windows\System32\AGUAdTZ.exe
2⤵
PID:8808

C:\Windows\System32\WoCcLZD.exe
C:\Windows\System32\WoCcLZD.exe
2⤵
PID:8880

C:\Windows\System32\ypbEryx.exe
C:\Windows\System32\ypbEryx.exe
2⤵
PID:9012

C:\Windows\System32\ZXumugF.exe
C:\Windows\System32\ZXumugF.exe
2⤵
PID:9044

C:\Windows\System32\yQVTxjC.exe
C:\Windows\System32\yQVTxjC.exe
2⤵
PID:8588

C:\Windows\System32\QqwtJoD.exe
C:\Windows\System32\QqwtJoD.exe
2⤵
PID:8936

C:\Windows\System32\zhzZEZR.exe
C:\Windows\System32\zhzZEZR.exe
2⤵
PID:8408

C:\Windows\System32\oWmjRoT.exe
C:\Windows\System32\oWmjRoT.exe
2⤵
PID:8840

C:\Windows\System32\eszqJJf.exe
C:\Windows\System32\eszqJJf.exe
2⤵
PID:9224

C:\Windows\System32\AaGrFJW.exe
C:\Windows\System32\AaGrFJW.exe
2⤵
PID:9260

C:\Windows\System32\lVJeQpw.exe
C:\Windows\System32\lVJeQpw.exe
2⤵
PID:9296

C:\Windows\System32\LvnkHHB.exe
C:\Windows\System32\LvnkHHB.exe
2⤵
PID:9320

C:\Windows\System32\lDMfpWf.exe
C:\Windows\System32\lDMfpWf.exe
2⤵
PID:9344

C:\Windows\System32\OWxHXcw.exe
C:\Windows\System32\OWxHXcw.exe
2⤵
PID:9364

C:\Windows\System32\vlOYzfv.exe
C:\Windows\System32\vlOYzfv.exe
2⤵
PID:9404

C:\Windows\System32\LdwnaEd.exe
C:\Windows\System32\LdwnaEd.exe
2⤵
PID:9428

C:\Windows\System32\jNKQFdC.exe
C:\Windows\System32\jNKQFdC.exe
2⤵
PID:9460

C:\Windows\System32\laznuUH.exe
C:\Windows\System32\laznuUH.exe
2⤵
PID:9480

C:\Windows\System32\CkVQWjK.exe
C:\Windows\System32\CkVQWjK.exe
2⤵
PID:9500

C:\Windows\System32\LtUKQrP.exe
C:\Windows\System32\LtUKQrP.exe
2⤵
PID:9524

C:\Windows\System32\deZxcHU.exe
C:\Windows\System32\deZxcHU.exe
2⤵
PID:9548

C:\Windows\System32\cHljRIq.exe
C:\Windows\System32\cHljRIq.exe
2⤵
PID:9592

C:\Windows\System32\gSpJukD.exe
C:\Windows\System32\gSpJukD.exe
2⤵
PID:9632

C:\Windows\System32\RXjOncs.exe
C:\Windows\System32\RXjOncs.exe
2⤵
PID:9656

C:\Windows\System32\dHqitaD.exe
C:\Windows\System32\dHqitaD.exe
2⤵
PID:9684

C:\Windows\System32\CIqdYik.exe
C:\Windows\System32\CIqdYik.exe
2⤵
PID:9704

C:\Windows\System32\EmOvZBU.exe
C:\Windows\System32\EmOvZBU.exe
2⤵
PID:9724

C:\Windows\System32\biPMQYu.exe
C:\Windows\System32\biPMQYu.exe
2⤵
PID:9756

C:\Windows\System32\AzejdQu.exe
C:\Windows\System32\AzejdQu.exe
2⤵
PID:9800

C:\Windows\System32\buWORTm.exe
C:\Windows\System32\buWORTm.exe
2⤵
PID:9824

C:\Windows\System32\NNTKCEO.exe
C:\Windows\System32\NNTKCEO.exe
2⤵
PID:9844

C:\Windows\System32\gybVCKS.exe
C:\Windows\System32\gybVCKS.exe
2⤵
PID:9864

C:\Windows\System32\bqVmKsV.exe
C:\Windows\System32\bqVmKsV.exe
2⤵
PID:9880

C:\Windows\System32\QuSHmnS.exe
C:\Windows\System32\QuSHmnS.exe
2⤵
PID:9912

C:\Windows\System32\LKKsqwh.exe
C:\Windows\System32\LKKsqwh.exe
2⤵
PID:9940

C:\Windows\System32\CvHiwZA.exe
C:\Windows\System32\CvHiwZA.exe
2⤵
PID:9960

C:\Windows\System32\NSuIixy.exe
C:\Windows\System32\NSuIixy.exe
2⤵
PID:10016

C:\Windows\System32\MiebXJL.exe
C:\Windows\System32\MiebXJL.exe
2⤵
PID:10040

C:\Windows\System32\VhtMCvd.exe
C:\Windows\System32\VhtMCvd.exe
2⤵
PID:10080

C:\Windows\System32\sllKVRO.exe
C:\Windows\System32\sllKVRO.exe
2⤵
PID:10104

C:\Windows\System32\LAXRAOO.exe
C:\Windows\System32\LAXRAOO.exe
2⤵
PID:10124

C:\Windows\System32\gUpoaRK.exe
C:\Windows\System32\gUpoaRK.exe
2⤵
PID:10152

C:\Windows\System32\EGeVZUk.exe
C:\Windows\System32\EGeVZUk.exe
2⤵
PID:10192

C:\Windows\System32\buCGWsq.exe
C:\Windows\System32\buCGWsq.exe
2⤵
PID:10216

C:\Windows\System32\HzVJWbs.exe
C:\Windows\System32\HzVJWbs.exe
2⤵
PID:10236

C:\Windows\System32\lwSgfxB.exe
C:\Windows\System32\lwSgfxB.exe
2⤵
PID:9272

C:\Windows\System32\MYlHqUS.exe
C:\Windows\System32\MYlHqUS.exe
2⤵
PID:9340

C:\Windows\System32\HJvsudx.exe
C:\Windows\System32\HJvsudx.exe
2⤵
PID:9396

C:\Windows\System32\IIgRpOT.exe
C:\Windows\System32\IIgRpOT.exe
2⤵
PID:9472

C:\Windows\System32\GYYMNBm.exe
C:\Windows\System32\GYYMNBm.exe
2⤵
PID:9512

C:\Windows\System32\FtpuxRr.exe
C:\Windows\System32\FtpuxRr.exe
2⤵
PID:9616

C:\Windows\System32\VTPxJMD.exe
C:\Windows\System32\VTPxJMD.exe
2⤵
PID:9676

C:\Windows\System32\wMBzXcy.exe
C:\Windows\System32\wMBzXcy.exe
2⤵
PID:9696

C:\Windows\System32\UoSOksB.exe
C:\Windows\System32\UoSOksB.exe
2⤵
PID:9796

C:\Windows\System32\BRazMqE.exe
C:\Windows\System32\BRazMqE.exe
2⤵
PID:9812

C:\Windows\System32\pTEEdnU.exe
C:\Windows\System32\pTEEdnU.exe
2⤵
PID:9852

C:\Windows\System32\mzycsYV.exe
C:\Windows\System32\mzycsYV.exe
2⤵
PID:9980

C:\Windows\System32\eGVEfpn.exe
C:\Windows\System32\eGVEfpn.exe
2⤵
PID:10036

C:\Windows\System32\fKhXEcq.exe
C:\Windows\System32\fKhXEcq.exe
2⤵
PID:10112

C:\Windows\System32\KoytgJl.exe
C:\Windows\System32\KoytgJl.exe
2⤵
PID:10172

C:\Windows\System32\ORRMJXR.exe
C:\Windows\System32\ORRMJXR.exe
2⤵
PID:9240

C:\Windows\System32\qlwrmTO.exe
C:\Windows\System32\qlwrmTO.exe
2⤵
PID:9352

C:\Windows\System32\ZIQtxFu.exe
C:\Windows\System32\ZIQtxFu.exe
2⤵
PID:9424

C:\Windows\System32\DZHdXGO.exe
C:\Windows\System32\DZHdXGO.exe
2⤵
PID:9672

C:\Windows\System32\GyivqSA.exe
C:\Windows\System32\GyivqSA.exe
2⤵
PID:9956

C:\Windows\System32\doBmpUG.exe
C:\Windows\System32\doBmpUG.exe
2⤵
PID:10144

C:\Windows\System32\IBiaQIa.exe
C:\Windows\System32\IBiaQIa.exe
2⤵
PID:10232

C:\Windows\System32\pETjSNs.exe
C:\Windows\System32\pETjSNs.exe
2⤵
PID:9624

C:\Windows\System32\YcUDACe.exe
C:\Windows\System32\YcUDACe.exe
2⤵
PID:9840

C:\Windows\System32\RmwYkjb.exe
C:\Windows\System32\RmwYkjb.exe
2⤵
PID:10076

C:\Windows\System32\tKogXXw.exe
C:\Windows\System32\tKogXXw.exe
2⤵
PID:9220

C:\Windows\System32\mQzRbgK.exe
C:\Windows\System32\mQzRbgK.exe
2⤵
PID:9244

C:\Windows\System32\egJXaxZ.exe
C:\Windows\System32\egJXaxZ.exe
2⤵
PID:10268

C:\Windows\System32\nEsigKw.exe
C:\Windows\System32\nEsigKw.exe
2⤵
PID:10288

C:\Windows\System32\RUWqVhC.exe
C:\Windows\System32\RUWqVhC.exe
2⤵
PID:10328

C:\Windows\System32\MZzhJDu.exe
C:\Windows\System32\MZzhJDu.exe
2⤵
PID:10352

C:\Windows\System32\LokaElC.exe
C:\Windows\System32\LokaElC.exe
2⤵
PID:10372

C:\Windows\System32\qoiaTDZ.exe
C:\Windows\System32\qoiaTDZ.exe
2⤵
PID:10412

C:\Windows\System32\WKrlsKk.exe
C:\Windows\System32\WKrlsKk.exe
2⤵
PID:10436

C:\Windows\System32\stzTDvu.exe
C:\Windows\System32\stzTDvu.exe
2⤵
PID:10456

C:\Windows\System32\SWRuRGg.exe
C:\Windows\System32\SWRuRGg.exe
2⤵
PID:10492

C:\Windows\System32\vcSCPxA.exe
C:\Windows\System32\vcSCPxA.exe
2⤵
PID:10520

C:\Windows\System32\zeAzxDl.exe
C:\Windows\System32\zeAzxDl.exe
2⤵
PID:10544

C:\Windows\System32\YevHIWN.exe
C:\Windows\System32\YevHIWN.exe
2⤵
PID:10576

C:\Windows\System32\ybMoojp.exe
C:\Windows\System32\ybMoojp.exe
2⤵
PID:10596

C:\Windows\System32\hXeGohO.exe
C:\Windows\System32\hXeGohO.exe
2⤵
PID:10620

C:\Windows\System32\OPSvDzA.exe
C:\Windows\System32\OPSvDzA.exe
2⤵
PID:10644

C:\Windows\System32\NBKnJgX.exe
C:\Windows\System32\NBKnJgX.exe
2⤵
PID:10668

C:\Windows\System32\TWGUCxW.exe
C:\Windows\System32\TWGUCxW.exe
2⤵
PID:10708

C:\Windows\System32\lEJhmtZ.exe
C:\Windows\System32\lEJhmtZ.exe
2⤵
PID:10748

C:\Windows\System32\TJKyLGA.exe
C:\Windows\System32\TJKyLGA.exe
2⤵
PID:10772

C:\Windows\System32\cUQElkJ.exe
C:\Windows\System32\cUQElkJ.exe
2⤵
PID:10792

C:\Windows\System32\FRlPjlE.exe
C:\Windows\System32\FRlPjlE.exe
2⤵
PID:10840

C:\Windows\System32\VixKhnw.exe
C:\Windows\System32\VixKhnw.exe
2⤵
PID:10860

C:\Windows\System32\TBvBhqk.exe
C:\Windows\System32\TBvBhqk.exe
2⤵
PID:10888

C:\Windows\System32\ltDiGXR.exe
C:\Windows\System32\ltDiGXR.exe
2⤵
PID:10916

C:\Windows\System32\VyrrYYt.exe
C:\Windows\System32\VyrrYYt.exe
2⤵
PID:10940

C:\Windows\System32\FTulivb.exe
C:\Windows\System32\FTulivb.exe
2⤵
PID:10964

C:\Windows\System32\WfDWRgV.exe
C:\Windows\System32\WfDWRgV.exe
2⤵
PID:10984

C:\Windows\System32\STRedQY.exe
C:\Windows\System32\STRedQY.exe
2⤵
PID:11008

C:\Windows\System32\WtJEtve.exe
C:\Windows\System32\WtJEtve.exe
2⤵
PID:11028

C:\Windows\System32\pWqMLax.exe
C:\Windows\System32\pWqMLax.exe
2⤵
PID:11052

C:\Windows\System32\RAFIjIi.exe
C:\Windows\System32\RAFIjIi.exe
2⤵
PID:11076

C:\Windows\System32\UAYEBPf.exe
C:\Windows\System32\UAYEBPf.exe
2⤵
PID:11096

C:\Windows\System32\KSPCcOo.exe
C:\Windows\System32\KSPCcOo.exe
2⤵
PID:11144

C:\Windows\System32\BZnoJZw.exe
C:\Windows\System32\BZnoJZw.exe
2⤵
PID:11176

C:\Windows\System32\XXWPSkn.exe
C:\Windows\System32\XXWPSkn.exe
2⤵
PID:11208

C:\Windows\System32\GyFXbbO.exe
C:\Windows\System32\GyFXbbO.exe
2⤵
PID:11228

C:\Windows\System32\ycufAQZ.exe
C:\Windows\System32\ycufAQZ.exe
2⤵
PID:11248

C:\Windows\System32\TYGjaWN.exe
C:\Windows\System32\TYGjaWN.exe
2⤵
PID:10228

C:\Windows\System32\PtSehEF.exe
C:\Windows\System32\PtSehEF.exe
2⤵
PID:10320

C:\Windows\System32\OoycHYC.exe
C:\Windows\System32\OoycHYC.exe
2⤵
PID:10400

C:\Windows\System32\LNgFSYv.exe
C:\Windows\System32\LNgFSYv.exe
2⤵
PID:10500

C:\Windows\System32\tCYdHrW.exe
C:\Windows\System32\tCYdHrW.exe
2⤵
PID:10536

C:\Windows\System32\ArZULvh.exe
C:\Windows\System32\ArZULvh.exe
2⤵
PID:10592

C:\Windows\System32\TlbctQz.exe
C:\Windows\System32\TlbctQz.exe
2⤵
PID:10676

C:\Windows\System32\zfzfGAX.exe
C:\Windows\System32\zfzfGAX.exe
2⤵
PID:10780

C:\Windows\System32\JhQHMmz.exe
C:\Windows\System32\JhQHMmz.exe
2⤵
PID:10848

C:\Windows\System32\RcCmUzh.exe
C:\Windows\System32\RcCmUzh.exe
2⤵
PID:10928

C:\Windows\System32\WBwjtBp.exe
C:\Windows\System32\WBwjtBp.exe
2⤵
PID:10980

C:\Windows\System32\TYRbcag.exe
C:\Windows\System32\TYRbcag.exe
2⤵
PID:11016

C:\Windows\System32\FBriZdI.exe
C:\Windows\System32\FBriZdI.exe
2⤵
PID:11048

C:\Windows\System32\gDEoyRW.exe
C:\Windows\System32\gDEoyRW.exe
2⤵
PID:11072

C:\Windows\System32\FgFNfHQ.exe
C:\Windows\System32\FgFNfHQ.exe
2⤵
PID:11184

C:\Windows\System32\lLKrpaB.exe
C:\Windows\System32\lLKrpaB.exe
2⤵
PID:11244

C:\Windows\System32\qzafxHX.exe
C:\Windows\System32\qzafxHX.exe
2⤵
PID:9572

C:\Windows\System32\PEIbBgf.exe
C:\Windows\System32\PEIbBgf.exe
2⤵
PID:10504

C:\Windows\System32\XSbArnj.exe
C:\Windows\System32\XSbArnj.exe
2⤵
PID:10612

C:\Windows\System32\gNoWNjS.exe
C:\Windows\System32\gNoWNjS.exe
2⤵
PID:10808

C:\Windows\System32\KSXrMXF.exe
C:\Windows\System32\KSXrMXF.exe
2⤵
PID:11000

C:\Windows\System32\gcwXxqk.exe
C:\Windows\System32\gcwXxqk.exe
2⤵
PID:11188

C:\Windows\System32\lQWtIVl.exe
C:\Windows\System32\lQWtIVl.exe
2⤵
PID:11192

C:\Windows\System32\xqfFadb.exe
C:\Windows\System32\xqfFadb.exe
2⤵
PID:10584

C:\Windows\System32\RhtPxpm.exe
C:\Windows\System32\RhtPxpm.exe
2⤵
PID:10872

C:\Windows\System32\zDSYcrJ.exe
C:\Windows\System32\zDSYcrJ.exe
2⤵
PID:11240

C:\Windows\System32\rcwWtom.exe
C:\Windows\System32\rcwWtom.exe
2⤵
PID:10532

C:\Windows\System32\ndnpVoT.exe
C:\Windows\System32\ndnpVoT.exe
2⤵
PID:11288

C:\Windows\System32\fvuUoiq.exe
C:\Windows\System32\fvuUoiq.exe
2⤵
PID:11316

C:\Windows\System32\jYeMhSS.exe
C:\Windows\System32\jYeMhSS.exe
2⤵
PID:11332

C:\Windows\System32\pjoShca.exe
C:\Windows\System32\pjoShca.exe
2⤵
PID:11384

C:\Windows\System32\kpvEUYe.exe
C:\Windows\System32\kpvEUYe.exe
2⤵
PID:11400

C:\Windows\System32\JqUBNit.exe
C:\Windows\System32\JqUBNit.exe
2⤵
PID:11424

C:\Windows\System32\tPFaMOM.exe
C:\Windows\System32\tPFaMOM.exe
2⤵
PID:11444

C:\Windows\System32\SSilQNn.exe
C:\Windows\System32\SSilQNn.exe
2⤵
PID:11464

C:\Windows\System32\yiJiIsC.exe
C:\Windows\System32\yiJiIsC.exe
2⤵
PID:11492

C:\Windows\System32\MPjfDVi.exe
C:\Windows\System32\MPjfDVi.exe
2⤵
PID:11544

C:\Windows\System32\nJadBTq.exe
C:\Windows\System32\nJadBTq.exe
2⤵
PID:11572

C:\Windows\System32\VvPptbj.exe
C:\Windows\System32\VvPptbj.exe
2⤵
PID:11596

C:\Windows\System32\YFRiLOU.exe
C:\Windows\System32\YFRiLOU.exe
2⤵
PID:11620

C:\Windows\System32\nUMhNgV.exe
C:\Windows\System32\nUMhNgV.exe
2⤵
PID:11652

C:\Windows\System32\sEwCvLo.exe
C:\Windows\System32\sEwCvLo.exe
2⤵
PID:11680

C:\Windows\System32\UgYmjQD.exe
C:\Windows\System32\UgYmjQD.exe
2⤵
PID:11708

C:\Windows\System32\mQjEdKs.exe
C:\Windows\System32\mQjEdKs.exe
2⤵
PID:11728

C:\Windows\System32\eerFQAj.exe
C:\Windows\System32\eerFQAj.exe
2⤵
PID:11748

C:\Windows\System32\LlcBBEp.exe
C:\Windows\System32\LlcBBEp.exe
2⤵
PID:11796

C:\Windows\System32\BeSYkCA.exe
C:\Windows\System32\BeSYkCA.exe
2⤵
PID:11816

C:\Windows\System32\BkoBZCK.exe
C:\Windows\System32\BkoBZCK.exe
2⤵
PID:11840

C:\Windows\System32\DmOqXBJ.exe
C:\Windows\System32\DmOqXBJ.exe
2⤵
PID:11856

C:\Windows\System32\hlQtaJu.exe
C:\Windows\System32\hlQtaJu.exe
2⤵
PID:11916

C:\Windows\System32\ZprynAq.exe
C:\Windows\System32\ZprynAq.exe
2⤵
PID:11932

C:\Windows\System32\fVSEcGh.exe
C:\Windows\System32\fVSEcGh.exe
2⤵
PID:11956

C:\Windows\System32\TxiIeAl.exe
C:\Windows\System32\TxiIeAl.exe
2⤵
PID:11988

C:\Windows\System32\zKaqZkW.exe
C:\Windows\System32\zKaqZkW.exe
2⤵
PID:12016

C:\Windows\System32\XbNyMQD.exe
C:\Windows\System32\XbNyMQD.exe
2⤵
PID:12052

C:\Windows\System32\ByfIYSU.exe
C:\Windows\System32\ByfIYSU.exe
2⤵
PID:12076

C:\Windows\System32\ydfyiIu.exe
C:\Windows\System32\ydfyiIu.exe
2⤵
PID:12096

C:\Windows\System32\ZXlsvbX.exe
C:\Windows\System32\ZXlsvbX.exe
2⤵
PID:12112

C:\Windows\System32\FQOHxty.exe
C:\Windows\System32\FQOHxty.exe
2⤵
PID:12136

C:\Windows\System32\hdxwtTR.exe
C:\Windows\System32\hdxwtTR.exe
2⤵
PID:12164

C:\Windows\System32\RDMfAxP.exe
C:\Windows\System32\RDMfAxP.exe
2⤵
PID:12196

C:\Windows\System32\Yueebxb.exe
C:\Windows\System32\Yueebxb.exe
2⤵
PID:12248

C:\Windows\System32\BWJhuHN.exe
C:\Windows\System32\BWJhuHN.exe
2⤵
PID:12264

C:\Windows\System32\rzzUeYI.exe
C:\Windows\System32\rzzUeYI.exe
2⤵
PID:10168

C:\Windows\System32\ZwzDXQB.exe
C:\Windows\System32\ZwzDXQB.exe
2⤵
PID:11324

C:\Windows\System32\OaoCZNi.exe
C:\Windows\System32\OaoCZNi.exe
2⤵
PID:11420

C:\Windows\System32\kcwABdY.exe
C:\Windows\System32\kcwABdY.exe
2⤵
PID:11440

C:\Windows\System32\WxYTmvW.exe
C:\Windows\System32\WxYTmvW.exe
2⤵
PID:11512

C:\Windows\System32\TjXCauS.exe
C:\Windows\System32\TjXCauS.exe
2⤵
PID:1360

C:\Windows\System32\MUZZUts.exe
C:\Windows\System32\MUZZUts.exe
2⤵
PID:11616

C:\Windows\System32\sWbtwyK.exe
C:\Windows\System32\sWbtwyK.exe
2⤵
PID:11724

C:\Windows\System32\FgMqSHi.exe
C:\Windows\System32\FgMqSHi.exe
2⤵
PID:11776

C:\Windows\System32\zVupOpA.exe
C:\Windows\System32\zVupOpA.exe
2⤵
PID:11832

C:\Windows\System32\BHTdbSd.exe
C:\Windows\System32\BHTdbSd.exe
2⤵
PID:11900

C:\Windows\System32\BZYylik.exe
C:\Windows\System32\BZYylik.exe
2⤵
PID:11928

C:\Windows\System32\wwJGrpm.exe
C:\Windows\System32\wwJGrpm.exe
2⤵
PID:11996

C:\Windows\System32\lGtqDwi.exe
C:\Windows\System32\lGtqDwi.exe
2⤵
PID:12048

C:\Windows\System32\IjiUXeQ.exe
C:\Windows\System32\IjiUXeQ.exe
2⤵
PID:12132

C:\Windows\System32\YkCZRgW.exe
C:\Windows\System32\YkCZRgW.exe
2⤵
PID:4088

C:\Windows\System32\WzCBFcG.exe
C:\Windows\System32\WzCBFcG.exe
2⤵
PID:1508

C:\Windows\System32\yAFHLMM.exe
C:\Windows\System32\yAFHLMM.exe
2⤵
PID:12256

C:\Windows\System32\hIWFzBe.exe
C:\Windows\System32\hIWFzBe.exe
2⤵
PID:11308

C:\Windows\System32\xZSdcAk.exe
C:\Windows\System32\xZSdcAk.exe
2⤵
PID:11436

C:\Windows\System32\DogBKCT.exe
C:\Windows\System32\DogBKCT.exe
2⤵
PID:11472

C:\Windows\System32\idMOytq.exe
C:\Windows\System32\idMOytq.exe
2⤵
PID:11744

C:\Windows\System32\mLdHLUP.exe
C:\Windows\System32\mLdHLUP.exe
2⤵
PID:10784

C:\Windows\System32\KAqLIxe.exe
C:\Windows\System32\KAqLIxe.exe
2⤵
PID:12036

C:\Windows\System32\XhtNRjx.exe
C:\Windows\System32\XhtNRjx.exe
2⤵
PID:12156

C:\Windows\System32\WxuLJUx.exe
C:\Windows\System32\WxuLJUx.exe
2⤵
PID:3240

C:\Windows\System32\pruovgd.exe
C:\Windows\System32\pruovgd.exe
2⤵
PID:11456

C:\Windows\System32\apjVbTT.exe
C:\Windows\System32\apjVbTT.exe
2⤵
PID:11592

C:\Windows\System32\oZfIGEz.exe
C:\Windows\System32\oZfIGEz.exe
2⤵
PID:11812

C:\Windows\System32\CMioTWG.exe
C:\Windows\System32\CMioTWG.exe
2⤵
PID:11940

C:\Windows\System32\cVdRqRz.exe
C:\Windows\System32\cVdRqRz.exe
2⤵
PID:11224

C:\Windows\System32\aJzwHDt.exe
C:\Windows\System32\aJzwHDt.exe
2⤵
PID:12320

C:\Windows\System32\WVNIwaX.exe
C:\Windows\System32\WVNIwaX.exe
2⤵
PID:12344

C:\Windows\System32\xvbZZoo.exe
C:\Windows\System32\xvbZZoo.exe
2⤵
PID:12392

C:\Windows\System32\EAjplsj.exe
C:\Windows\System32\EAjplsj.exe
2⤵
PID:12416

C:\Windows\System32\PqjtNiO.exe
C:\Windows\System32\PqjtNiO.exe
2⤵
PID:12432

C:\Windows\System32\dmpyRIf.exe
C:\Windows\System32\dmpyRIf.exe
2⤵
PID:12480

C:\Windows\System32\DQgCflW.exe
C:\Windows\System32\DQgCflW.exe
2⤵
PID:12500

C:\Windows\System32\JTSNdTw.exe
C:\Windows\System32\JTSNdTw.exe
2⤵
PID:12540

C:\Windows\System32\fQoAxBr.exe
C:\Windows\System32\fQoAxBr.exe
2⤵
PID:12564

C:\Windows\System32\ZtCyPGH.exe
C:\Windows\System32\ZtCyPGH.exe
2⤵
PID:12584

C:\Windows\System32\hEDmstD.exe
C:\Windows\System32\hEDmstD.exe
2⤵
PID:12624

C:\Windows\System32\iwwqYFP.exe
C:\Windows\System32\iwwqYFP.exe
2⤵
PID:12648

C:\Windows\System32\QtxUNXx.exe
C:\Windows\System32\QtxUNXx.exe
2⤵
PID:12668

C:\Windows\System32\djFDOEO.exe
C:\Windows\System32\djFDOEO.exe
2⤵
PID:12688

C:\Windows\System32\hNAmzjq.exe
C:\Windows\System32\hNAmzjq.exe
2⤵
PID:12712

C:\Windows\System32\qIKJSYb.exe
C:\Windows\System32\qIKJSYb.exe
2⤵
PID:12748

C:\Windows\System32\PAxBEtm.exe
C:\Windows\System32\PAxBEtm.exe
2⤵
PID:12792

C:\Windows\System32\fBaSHaq.exe
C:\Windows\System32\fBaSHaq.exe
2⤵
PID:12816

C:\Windows\System32\pZHzohM.exe
C:\Windows\System32\pZHzohM.exe
2⤵
PID:12836

C:\Windows\System32\gJuiRer.exe
C:\Windows\System32\gJuiRer.exe
2⤵
PID:12876

C:\Windows\System32\imZFblk.exe
C:\Windows\System32\imZFblk.exe
2⤵
PID:12900

C:\Windows\System32\SgeCvxj.exe
C:\Windows\System32\SgeCvxj.exe
2⤵
PID:12932

C:\Windows\System32\bCYPzYN.exe
C:\Windows\System32\bCYPzYN.exe
2⤵
PID:12956

C:\Windows\System32\mLMxIzs.exe
C:\Windows\System32\mLMxIzs.exe
2⤵
PID:12976

C:\Windows\System32\PvNqVCS.exe
C:\Windows\System32\PvNqVCS.exe
2⤵
PID:12992

C:\Windows\System32\SMJlGcS.exe
C:\Windows\System32\SMJlGcS.exe
2⤵
PID:13048

C:\Windows\System32\KUasWYW.exe
C:\Windows\System32\KUasWYW.exe
2⤵
PID:13072

C:\Windows\System32\FVLZyvX.exe
C:\Windows\System32\FVLZyvX.exe
2⤵
PID:13096

C:\Windows\System32\JzjuVWC.exe
C:\Windows\System32\JzjuVWC.exe
2⤵
PID:13116

C:\Windows\System32\sbLXpCp.exe
C:\Windows\System32\sbLXpCp.exe
2⤵
PID:13156

C:\Windows\System32\rnUFDBD.exe
C:\Windows\System32\rnUFDBD.exe
2⤵
PID:13180

C:\Windows\System32\bXRdcQh.exe
C:\Windows\System32\bXRdcQh.exe
2⤵
PID:13200

C:\Windows\System32\RdWncss.exe
C:\Windows\System32\RdWncss.exe
2⤵
PID:13236

C:\Windows\System32\vHPDAtU.exe
C:\Windows\System32\vHPDAtU.exe
2⤵
PID:13268

C:\Windows\System32\LrQvKFD.exe
C:\Windows\System32\LrQvKFD.exe
2⤵
PID:13296

C:\Windows\System32\CeLvEvT.exe
C:\Windows\System32\CeLvEvT.exe
2⤵
PID:4748

C:\Windows\System32\QqJuyHM.exe
C:\Windows\System32\QqJuyHM.exe
2⤵
PID:12292

C:\Windows\System32\GtJBYgc.exe
C:\Windows\System32\GtJBYgc.exe
2⤵
PID:12404

C:\Windows\System32\bIVdcgE.exe
C:\Windows\System32\bIVdcgE.exe
2⤵
PID:12424

C:\Windows\System32\bifdmSQ.exe
C:\Windows\System32\bifdmSQ.exe
2⤵
PID:12496

C:\Windows\System32\WahOdtc.exe
C:\Windows\System32\WahOdtc.exe
2⤵
PID:12560

C:\Windows\System32\tnwnSqW.exe
C:\Windows\System32\tnwnSqW.exe
2⤵
PID:12636

C:\Windows\System32\dRWjaqE.exe
C:\Windows\System32\dRWjaqE.exe
2⤵
PID:12684

C:\Windows\System32\BJdxobz.exe
C:\Windows\System32\BJdxobz.exe
2⤵
PID:12772

C:\Windows\System32\DbjfZno.exe
C:\Windows\System32\DbjfZno.exe
2⤵
PID:12812

C:\Windows\System32\hsyWHnP.exe
C:\Windows\System32\hsyWHnP.exe
2⤵
PID:1864

C:\Windows\System32\XwyByGe.exe
C:\Windows\System32\XwyByGe.exe
2⤵
PID:12912

C:\Windows\System32\SAgiVDP.exe
C:\Windows\System32\SAgiVDP.exe
2⤵
PID:12952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\ABqoVGW.exe
Filesize
1.6MB

MD5
7286e6f198ce944542b39e564dbbc23e

SHA1
719e87a2a503bf982b4fd1e01b0754c38c77a7c9

SHA256
1b5cb6738cdde1ebdeb1144a08becf2946702969d42374df9a431516bf17f13b

SHA512
7d2b802a7c548c045e7b95dad208b4606298573a9f07e8ed90996fbeb2c77354eeb68782721a7b5d731b2cd99ff352b808c27717673775f0d7b8f948f341b697

Download Submit
C:\Windows\System32\AoKUCYb.exe
Filesize
1.6MB

MD5
4eeceb0725fa476554bb1f9d206dc9c4

SHA1
2bf8351ad0a2672c57d48964aa73bfd5e33e9fff

SHA256
ab7f7db2ba3b01f2399fb2991b53cc61ac4ba560abfa407e31d736851f7aa8d5

SHA512
28450bfc3d41311aa6eb11e9e1cd336aaba09507101783fba69d77881e51e26bf96937fa9e6e96a20d809f79757cb31c2e6934a4e2e4e8387391333d478b5fa4

Download Submit
C:\Windows\System32\EPbgabx.exe
Filesize
1.6MB

MD5
f40b0c6720ef5ba27a8b806efa73cc64

SHA1
48d391267f41c2a7306a3564438b0e6d751e510a

SHA256
22a34b38db1ac63deb4a91f60aaae84fbd85949da5d1e4a8069eed411a08ca6d

SHA512
830cd671fb817c2dbb28220b8dd1fc938c5a14f5d93cfce0782f5db26557c351872690a08e54d16d67d9aedf65c9352ab5af18196a20c86848821e1dea9025dc

Download Submit
C:\Windows\System32\FPerytp.exe
Filesize
1.6MB

MD5
623767fe0490b4b30b22ef0f88edf384

SHA1
138662e314f31949da7d31e5a860bb9d127cf8dc

SHA256
6738edc6a413b3b4f2a78bf34343235741958430ab0d1c718860252c28d26ade

SHA512
5363a43e66ab49c715623f6c9e85ddfa0def76353d7ea308464ac019270f9b21a47b34fed8ca1723e0d6038eafa1f2b1a9c6fa450d37d0b81486e5a503430828

Download Submit
C:\Windows\System32\HvxMTHY.exe
Filesize
1.6MB

MD5
703775b179222c973da9ec8bd101301c

SHA1
9233f85f3603959a06996c93b0f82fec3667d21f

SHA256
a2cab9f7ae211c59fd242dbe2ee49577d542dd63ed8cc66ef7046dbe9236ffab

SHA512
81748c7fbcf56c96b6814a1cbd03dacd0335a339feef6f57e0142b6650c5a6b63365e585c3884bc536d862c9058f45f8f3c983d0e99d625d9422bd8edc4db028

Download Submit
C:\Windows\System32\KGZczMY.exe
Filesize
1.6MB

MD5
d061797b53fd4c2367e1a07c12e85ac2

SHA1
38707ff573e2282f928f6ca621d77e02f5035bf3

SHA256
21f1c9f5455d29ca09a8231e19db9a082567ed9d053a187394c5f755d9370fdb

SHA512
ab11c745d8ba6b092e07510e79189e9be3b95de2312ad685e820ce44a82774d3ae3f4bc736be50c01b5687e39cefdd5dd5624e1af1d29267b152fbe182f1715d

Download Submit
C:\Windows\System32\KGbLfAz.exe
Filesize
1.6MB

MD5
3f536e630489e7ce014afe369d3ffaaa

SHA1
6268d41070bc0f7242ca72492b2ab4877fa31cd8

SHA256
ab0a2ff6479a7cbedbb13f68629b1612228af65c3c09a8bc40ef876e0ebed011

SHA512
733c80b77eaa32ed274d33e62ddc4571cbaa193a3eadd7e847e14902e00068a7393c470ab888f726d67fa9484ead6903e52847a75698bb23026d8fc3ca98278d

Download Submit
C:\Windows\System32\LJAWJWg.exe
Filesize
1.5MB

MD5
a0c169be6e27256c62cf7deedab85c7e

SHA1
c7750b574a3c00f11d2c64bc0f81f0e1e23e51b9

SHA256
31a5e9a0264b9654c5468a23f6ce5a93f72b7a9dff32f86cadcb766a3f61db7d

SHA512
fa574588e902fe14b66425c8823d81bc1e8f2f57338a93f18c273827f5b9a9641e23c49914061f4ab7965f634073e9b18554e05c5095cbacbc7f266cc7ebbea1

Download Submit
C:\Windows\System32\LMHzWaD.exe
Filesize
1.5MB

MD5
571134c4649be7c7b17fd71d88fd4655

SHA1
22ce039ef310e8d63da10e1aaf2e6f1fca113bba

SHA256
946e6d27bbc25681315420f23226afe243146faa5e3c6f671a8484478ffa4b3a

SHA512
a5dd3d4a5ed3d7662e2332bfa992f9f79ed39d55b733f2626eedd271e6c1822c5d0816fbd225979adf5d0bf12ffabb251cd31ac7886aa1d02cdac23bee3abd98

Download Submit
C:\Windows\System32\MtWhHcX.exe
Filesize
1.5MB

MD5
d860e25daf1cecb88dc050595358c4b0

SHA1
08de8675a053b8e615ed8d84673cdd335150630b

SHA256
9a6e517eb3992cac4735d5203e2258e5b9734f8b430f35bbe504f6aea12fe0e6

SHA512
60bef75d64cf8b15244959a9a1baeab48cc551f65c9214c291960780ee441bbc759bf0ec9573ff76b482ec97821e04a510d21d1e0efa2d0ecba215d191ea4970

Download Submit
C:\Windows\System32\NFhEjlz.exe
Filesize
1.6MB

MD5
052f123329fd62e5ba01112fa4f1b025

SHA1
c97120371ecf46da2c4fda4f1826835b67e10cb6

SHA256
3d5e57ba3682bde3295061103ce5834e342b45e1e75b7b2015d112c925f818b1

SHA512
45bcfd3e06f9f9e7b49f33dc92ac7251bc2763d2ef2caae25530fa2d5a9e71a543e8f88fac5fa7c11b8b46427261a85c181b8767fa9175fe65984f2e1ac31738

Download Submit
C:\Windows\System32\NcmJEiP.exe
Filesize
1.5MB

MD5
a843401c482873dcf2793d73c23b4280

SHA1
f28bc7fdb9b105eb18e74fe205cdc43accc0ec09

SHA256
6ec538f46ef3f6c8d6608b26bda5c55f2af4d6c5a99fd6d2aec2c9c72d181495

SHA512
37841be8d211164da46ed3ef6617e335a2c5f41aa7d2e308e1b8dcec463142398bafdaf4d4fa67eaf6df4320ba0e698dce94891707d19aa1347fd0710662862f

Download Submit
C:\Windows\System32\ODxRhCl.exe
Filesize
1.5MB

MD5
a08bc3768b2f658205e4a9b6e38ba24c

SHA1
948064f17c3e4e4587f68f4bc2aa40d808e98909

SHA256
6b3a564442c691a4f780b8fd1bee49f01b39cc2e3bc4a2fb389bfc34ea97f286

SHA512
32d9ab086845d9c69992280ca44138096a8020c723a2c5629ee26f41f49c878691d7960055594cd05c40dce8876569e7a0b08f9a287e5fa7b9a9117f62295adb

Download Submit
C:\Windows\System32\PwkoOKw.exe
Filesize
1.5MB

MD5
99a0e5f322892282498ca1c8a1a300cf

SHA1
aefd523729db612a55832c2b73ffc67cb24c1fa2

SHA256
f52422ba86db40154ea353fa446b9b1e600c088d4cfef1354c0d7aa5ea9165e9

SHA512
e2f68a66852eef7f53464c997db99ff77a003754ed4ede0c428819014833459526336383bd2a4180859e54acf221abc65b78eec762272b2e63ef8e393484d8f6

Download Submit
C:\Windows\System32\RHbEbYU.exe
Filesize
1.6MB

MD5
33efa6bd370e753e1c475be386dc71fe

SHA1
f88326ae4027323dc50d9e7764679ef87ffdec17

SHA256
71a2ba879219ea75870a8330bb9d1800d292657672fc3595394a87fbb078daea

SHA512
ad4eccf1e5fa2a7727a7a23095129c74d35565a1eb3f107383e570d771211c4c5b1d95ae9a786b134be1c6351049a9b62ad759a51d3468cfbaa558014e2332d0

Download Submit
C:\Windows\System32\SaYndgc.exe
Filesize
1.5MB

MD5
017669198d08ebcc46b6dcb5c7120b8e

SHA1
26e9a6c3e6841068fab1653fd10c3f817fb9917c

SHA256
2f984bcb39373af500cef30ca710e3c3dafde3ce5f6de68e0a998fd24a090a98

SHA512
1319fd2c540cacd797e6839f1d9d89570449a853b2cdf76665bda1cb69f731f14000d9816b1e69241eeb9702e409e48b8d6a8862814ff9cebcfb53620994c967

Download Submit
C:\Windows\System32\SpyMMGQ.exe
Filesize
1.6MB

MD5
d4b2c3b9a309fa76d27b0f477acf4e5c

SHA1
da9ef478d4fe17352e11445d61c97fc1c2470a41

SHA256
cb2a7d7aa88206527bdb64a3fac2c9c5e9757794c8a6436ceb264d1cd6aa3e50

SHA512
3a3856d4482b624f3ea9c02183b6382ac8fd304436bfdc74e0f9e5e1545e29769229357c4936280a84b23673b10cc88f7707dcf0a4fa57ec58b24e7fed355695

Download Submit
C:\Windows\System32\UGSsmpm.exe
Filesize
1.5MB

MD5
b52cce6743acd2725d0c9790266e23cb

SHA1
f0521e2ff5ecf1d22723be8a9fea07a5bf1dfc36

SHA256
3494d12580e96642a603e9f0f7a18a30c7968ab1e8e0b5289d96bac4914ca888

SHA512
79567cc5ba670040e77b2bf047789e979a4a423c3eecd294d725f2da5d137b7e8b51889bdbcc17d782ccf35efc97af05f0fdea829744812242c48f1ab4a6c03c

Download Submit
C:\Windows\System32\aefOSMI.exe
Filesize
1.6MB

MD5
aad61ae6a0778d4ae9b3ef9b2e425bd9

SHA1
6ccccaa8b685f503154c2cbc2a54d2235be06eac

SHA256
d4e7f4ed4bad4a94ee38ab8acff64b6ddc54ec29ae1bb1733450a4619e116f4a

SHA512
930ca29ad80a3919e4053f23ec09d929bad5beec5a552c18b6f41806a8c90ac7716089c86f84df1a3bbaca1b1ff01acf3321f9be79d0c4d3c4d30b566eeea98b

Download Submit
C:\Windows\System32\cdvcLOi.exe
Filesize
1.5MB

MD5
a17162af1938c1a91b0319c231d24635

SHA1
bc7542e5736e3786a3a65407a6b00a98c0f966c3

SHA256
4dafbb141259fcc93857e7560db59b4595f505d999ac75bb67bd7b45a9b8bcf3

SHA512
5d08a6778b9d3c9f9fb3dbca5d0983da0677c87ee01e871cfa35743290bf52405fe176d95d3598542522e2e75d054a7b7ccec2f5d213db725a9d5541e25f607f

Download Submit
C:\Windows\System32\cfOwWll.exe
Filesize
1.6MB

MD5
c2e07410a9f881e4a80dd08d3f37dfcc

SHA1
9d5eb53182d8bd57120bb0dc2afed9dda81fc43f

SHA256
a5eb01431ecfa7232cb8f64b5a43b15b634dd7ec56e2a8c81a85fcf0b51df8ef

SHA512
b5580836bca77442d715d96752460606c602fba4d2b1655ebb57508ffe724a8e50779ee39b77c0873d1c25c7b042aca26d57620e9cf451f71f6c73d1f59af5ca

Download Submit
C:\Windows\System32\eorSHRZ.exe
Filesize
1.5MB

MD5
b47608ebfac21ba643b17910da3fa9fe

SHA1
776ab20c36aae62db74b48293d0c7808ddea9a84

SHA256
a2bf1c0d22e34460482f35e0d6a08fb5cd418f997ee47275066e39b4a7f686bf

SHA512
866955db6e56f71a21d17d57df8c8ec0d3fa9bae07dfbaf36bb7b77890f659190fb0b14b9c838d425e1f7fec38ed7ef9d9f15af968c15a3f54d76dd48fdbdee5

Download Submit
C:\Windows\System32\evECLuh.exe
Filesize
1.6MB

MD5
5d7b97aa8bd19fab69f65c52d39f86e7

SHA1
599e9f332fdb9b4f9158d70a9f1cc4868fd99a72

SHA256
4cd75f46dc0a1c56439561a8ac0cd76cc39ffe056c3c47cc681271cb81d1f731

SHA512
340d7a8abf4e33c1d4008bed3a309e02c5bd666ba84670074a6130244ff66e9bbc4aed0da21adc63c5e74258d09d3e2c4693befe3cdc34f765595dfea9e0aadf

Download Submit
C:\Windows\System32\fjeDojV.exe
Filesize
1.6MB

MD5
bd1ba4aed99a4c96ebfadd3e1be3b712

SHA1
8fe1fa5a43e22c5b6029c45d0c164cfcc77c83cf

SHA256
7f4442e75cfe8151bed998c1f6057497dbfa583f8ecf4afd95f0fa242b0f6b2c

SHA512
dfd15bed2a71142e1ea3f08e2e47040e0235f5953e8b4efa8bcd07ffd51bf056f570944f79d9bf2b477cccf025f36499d5788a7f9ce31a66d85b2acf01baf962

Download Submit
C:\Windows\System32\fxsnxQK.exe
Filesize
1.6MB

MD5
281773bebe9664106287e4d19459c075

SHA1
6f3541466557d2bfdc22f131f7c229ca73a71e67

SHA256
0ed1ef0d7b7f9f26a856af847238c7a48130f09aa9f1abf47bf7d3fba7075c89

SHA512
604ff1bdb6d7fa3978c96fde8a9a6a617a8d94580ab5b5f9d1c3cac30410645b27ddce953597c38c9da6974452d31c8598af01a5bad24a26bf3f0ec8d7da5170

Download Submit
C:\Windows\System32\hQlQGOJ.exe
Filesize
1.6MB

MD5
637bb2f04db669f142499403ef93c56a

SHA1
f53f1606cf8401069878eaf7ce62b68d200e02d1

SHA256
3092d41815853e3a6f5bdaaa7b036460e0c84f7350e34e03a1f0e3422d82695c

SHA512
3f44e6e88fbee1088dd2a42fbae1ba91f04416580d397a19181a078ea0b2ea0a172f7582ec3e9b0e3354efecda0a270ce2af4171fadce75217f5090c2f46a28f

Download Submit
C:\Windows\System32\jTVemwa.exe
Filesize
1.5MB

MD5
4143e034f3ad09af66ba748228dfbc52

SHA1
44aa44a0058ed66964dae1c48168c88f0102ef9b

SHA256
29bcb787434c5930ab5d96f954872f856c91689b9a627511e871e086a1938b71

SHA512
3150771555b53d2e7e5fd905adc860703e6d5ea66f35faef2ff93f719210fb3fd341441ce4f2b45cb569ab0e7daf9a0ab7d98327e3bb7ecd78db44c61d6aff63

Download Submit
C:\Windows\System32\jyWJrVO.exe
Filesize
1.5MB

MD5
ce4c56e06fd19705ed36218ff0826859

SHA1
69e8697dd69bac4418029ab2c9fd1fb1434aa2bd

SHA256
26d0dd92133108a9eac7fe01302374983454942cdbc45d43c986cb9d2d797609

SHA512
3245e96821fd4b93c88ed8dd6c395852769015d45d8bc96afa0b6973767e49d29517ee6ead10ab2df9b30a881970225c98caa7ae10ab3d43c9a72a44d50a991a

Download Submit
C:\Windows\System32\miGAOcN.exe
Filesize
1.5MB

MD5
51b826d44a230d4e66a2ad7dd7745915

SHA1
ece4a87c956d5fd89f6a25f7bfb6c8e244dcb19a

SHA256
7597770c421475b34ed78c495478b6610bd0801ed45b97775675b09f64b82414

SHA512
85b1b00f4b782fc3de39c9058e543a3a9acb89dfe9e2bc9ea694b0fc8f908df2421b42e0ae3d9a3edca5db9cf916c660e8db6e9627d74796b3e900a0d249774e

Download Submit
C:\Windows\System32\rJxuyiJ.exe
Filesize
1.5MB

MD5
0fe2b0207005605619acbd21f27bc62d

SHA1
e010b51c3833dc4c6396525c64a0f90dc1ad8c2b

SHA256
8a84690d5cdc4d0aac6080beef10a9cc54172614c9db8e82f3b10f4e64b85a6a

SHA512
17a76d51ae91f17abc4980c209b384dda5c0e861b5066401af0de9bd716c7f49de0e47f7786f3a9b37bf680b4e47e897232767cd5ff63e15289e8ae794a062ba

Download Submit
C:\Windows\System32\ryOWdlJ.exe
Filesize
1.6MB

MD5
4a9e8cd394126724398f67f1cabf41af

SHA1
2bd8ad8a408fa5b65ea6f061abf7da5c90bc49f6

SHA256
17e72a071b87dfcd08f5768a5c54337de6ebbade6119b4ff7a43e3f2ade7d360

SHA512
4a6182bb5bbf0965df10136ad91929f733c6752883990588592e3117e103857628d1ec031737288c8af0ef76275605e3b3476a7c4e9629269968293bcaf190bb

Download Submit
C:\Windows\System32\urFhMVh.exe
Filesize
1.6MB

MD5
b0f81280ea3c9c3d514088d05b051c9e

SHA1
abf1db49d28fa83ece4041f7a503569c240d3c3e

SHA256
441d0ae89d714400282cfd323383a33c1af42c3147cd5ff37d560b7a7b093ef3

SHA512
730e957e682cf5d85003ac0bb0dd4a35f8b38aaeeb6d95db5c9aebc511de85945ff860bc94f8b2d712080f6324c2411a511144a91399376606c0a49e5d72a282

Download Submit
memory/320-92-0x00007FF778C90000-0x00007FF779081000-memory.dmp

Filesize
3.9MB

Download
memory/320-2147-0x00007FF778C90000-0x00007FF779081000-memory.dmp

Filesize
3.9MB

Download
memory/320-2044-0x00007FF778C90000-0x00007FF779081000-memory.dmp

Filesize
3.9MB

Download
memory/536-101-0x00007FF772310000-0x00007FF772701000-memory.dmp

Filesize
3.9MB

Download
memory/536-2062-0x00007FF772310000-0x00007FF772701000-memory.dmp

Filesize
3.9MB

Download
memory/536-2148-0x00007FF772310000-0x00007FF772701000-memory.dmp

Filesize
3.9MB

Download
memory/1364-2118-0x00007FF6A16D0000-0x00007FF6A1AC1000-memory.dmp

Filesize
3.9MB

Download
memory/1364-65-0x00007FF6A16D0000-0x00007FF6A1AC1000-memory.dmp

Filesize
3.9MB

Download
memory/1608-2114-0x00007FF70A130000-0x00007FF70A521000-memory.dmp

Filesize
3.9MB

Download
memory/1608-59-0x00007FF70A130000-0x00007FF70A521000-memory.dmp

Filesize
3.9MB

Download
memory/1624-0-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp

Filesize
3.9MB

Download
memory/1624-1-0x0000028278720000-0x0000028278730000-memory.dmp

Filesize
64KB

Download
memory/1624-2079-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp

Filesize
3.9MB

Download
memory/1624-105-0x00007FF625F00000-0x00007FF6262F1000-memory.dmp

Filesize
3.9MB

Download
memory/2028-2126-0x00007FF6C05B0000-0x00007FF6C09A1000-memory.dmp

Filesize
3.9MB

Download
memory/2028-87-0x00007FF6C05B0000-0x00007FF6C09A1000-memory.dmp

Filesize
3.9MB

Download
memory/2544-29-0x00007FF670C80000-0x00007FF671071000-memory.dmp

Filesize
3.9MB

Download
memory/2544-902-0x00007FF670C80000-0x00007FF671071000-memory.dmp

Filesize
3.9MB

Download
memory/2544-2090-0x00007FF670C80000-0x00007FF671071000-memory.dmp

Filesize
3.9MB

Download
memory/2944-2134-0x00007FF617510000-0x00007FF617901000-memory.dmp

Filesize
3.9MB

Download
memory/2944-402-0x00007FF617510000-0x00007FF617901000-memory.dmp

Filesize
3.9MB

Download
memory/3004-93-0x00007FF653770000-0x00007FF653B61000-memory.dmp

Filesize
3.9MB

Download
memory/3004-2123-0x00007FF653770000-0x00007FF653B61000-memory.dmp

Filesize
3.9MB

Download
memory/3016-74-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp

Filesize
3.9MB

Download
memory/3016-2043-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp

Filesize
3.9MB

Download
memory/3016-2125-0x00007FF7E7210000-0x00007FF7E7601000-memory.dmp

Filesize
3.9MB

Download
memory/3292-394-0x00007FF623EB0000-0x00007FF6242A1000-memory.dmp

Filesize
3.9MB

Download
memory/3292-2144-0x00007FF623EB0000-0x00007FF6242A1000-memory.dmp

Filesize
3.9MB

Download
memory/3736-2094-0x00007FF6AC990000-0x00007FF6ACD81000-memory.dmp

Filesize
3.9MB

Download
memory/3736-43-0x00007FF6AC990000-0x00007FF6ACD81000-memory.dmp

Filesize
3.9MB

Download
memory/3784-433-0x00007FF7BF990000-0x00007FF7BFD81000-memory.dmp

Filesize
3.9MB

Download
memory/3784-2142-0x00007FF7BF990000-0x00007FF7BFD81000-memory.dmp

Filesize
3.9MB

Download
memory/4108-2137-0x00007FF6AFDB0000-0x00007FF6B01A1000-memory.dmp

Filesize
3.9MB

Download
memory/4108-395-0x00007FF6AFDB0000-0x00007FF6B01A1000-memory.dmp

Filesize
3.9MB

Download
memory/4128-94-0x00007FF76D010000-0x00007FF76D401000-memory.dmp

Filesize
3.9MB

Download
memory/4128-17-0x00007FF76D010000-0x00007FF76D401000-memory.dmp

Filesize
3.9MB

Download
memory/4128-2086-0x00007FF76D010000-0x00007FF76D401000-memory.dmp

Filesize
3.9MB

Download
memory/4316-14-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2084-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp

Filesize
3.9MB

Download
memory/4316-109-0x00007FF649F00000-0x00007FF64A2F1000-memory.dmp

Filesize
3.9MB

Download
memory/4500-2096-0x00007FF606F30000-0x00007FF607321000-memory.dmp

Filesize
3.9MB

Download
memory/4500-44-0x00007FF606F30000-0x00007FF607321000-memory.dmp

Filesize
3.9MB

Download
memory/4524-398-0x00007FF7A2C90000-0x00007FF7A3081000-memory.dmp

Filesize
3.9MB

Download
memory/4524-2135-0x00007FF7A2C90000-0x00007FF7A3081000-memory.dmp

Filesize
3.9MB

Download
memory/4668-412-0x00007FF63B5B0000-0x00007FF63B9A1000-memory.dmp

Filesize
3.9MB

Download
memory/4668-2132-0x00007FF63B5B0000-0x00007FF63B9A1000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2140-0x00007FF65B400000-0x00007FF65B7F1000-memory.dmp

Filesize
3.9MB

Download
memory/4932-409-0x00007FF65B400000-0x00007FF65B7F1000-memory.dmp

Filesize
3.9MB

Download
memory/4948-23-0x00007FF624890000-0x00007FF624C81000-memory.dmp

Filesize
3.9MB

Download
memory/4948-428-0x00007FF624890000-0x00007FF624C81000-memory.dmp

Filesize
3.9MB

Download
memory/4948-2092-0x00007FF624890000-0x00007FF624C81000-memory.dmp

Filesize
3.9MB

Download
memory/5008-2130-0x00007FF701830000-0x00007FF701C21000-memory.dmp

Filesize
3.9MB

Download
memory/5008-413-0x00007FF701830000-0x00007FF701C21000-memory.dmp

Filesize
3.9MB

Download
memory/5016-2088-0x00007FF7E9F40000-0x00007FF7EA331000-memory.dmp

Filesize
3.9MB

Download
memory/5016-32-0x00007FF7E9F40000-0x00007FF7EA331000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2116-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp

Filesize
3.9MB

Download
memory/5064-56-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp

Filesize
3.9MB

Download
memory/5064-1391-0x00007FF6A9900000-0x00007FF6A9CF1000-memory.dmp

Filesize
3.9MB

Download
memory/5104-70-0x00007FF6DB7A0000-0x00007FF6DBB91000-memory.dmp

Filesize
3.9MB

Download
memory/5104-2120-0x00007FF6DB7A0000-0x00007FF6DBB91000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads