kpot | e84aa77928329b9ff2f2b646d09965d593d9cf6134585a825b43c7d7c9da6952

Analysis

max time kernel
140s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
Size

2.0MB
MD5

7a0b8fffa7c3c33d536ecad05951fd50
SHA1

6f937c68ee2018a1d41a34d67c0e18cf16ba4478
SHA256

e84aa77928329b9ff2f2b646d09965d593d9cf6134585a825b43c7d7c9da6952
SHA512

6521a78ddb068d0c55c318b44bab7678963ee6a50ed8064caf0d88b1d31749f17648a2ed946f47f373534260f1d3d082e16f232c445e032d477c16c48048ded8
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2v:GemTLkNdfE0pZaQn

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000c0000000144e4-2.dat	family_kpot
behavioral1/files/0x003400000001471d-6.dat	family_kpot
behavioral1/files/0x0007000000014b27-8.dat	family_kpot
behavioral1/files/0x0007000000014b63-19.dat	family_kpot
behavioral1/files/0x0007000000014baa-25.dat	family_kpot
behavioral1/files/0x0007000000015ce1-39.dat	family_kpot
behavioral1/files/0x0006000000015d07-49.dat	family_kpot
behavioral1/files/0x0006000000015d28-54.dat	family_kpot
behavioral1/files/0x0006000000015d67-74.dat	family_kpot
behavioral1/files/0x0006000000015d87-89.dat	family_kpot
behavioral1/files/0x0006000000015e3a-109.dat	family_kpot
behavioral1/files/0x0006000000016843-159.dat	family_kpot
behavioral1/files/0x000600000001661c-154.dat	family_kpot
behavioral1/files/0x0006000000016572-149.dat	family_kpot
behavioral1/files/0x00060000000164b2-144.dat	family_kpot
behavioral1/files/0x000600000001630b-139.dat	family_kpot
behavioral1/files/0x00060000000161e7-134.dat	family_kpot
behavioral1/files/0x0006000000016117-129.dat	family_kpot
behavioral1/files/0x0006000000015fe9-124.dat	family_kpot
behavioral1/files/0x0006000000015f6d-119.dat	family_kpot
behavioral1/files/0x0006000000015eaf-114.dat	family_kpot
behavioral1/files/0x0006000000015d9b-104.dat	family_kpot
behavioral1/files/0x0033000000014726-99.dat	family_kpot
behavioral1/files/0x0006000000015d8f-95.dat	family_kpot
behavioral1/files/0x0006000000015d79-84.dat	family_kpot
behavioral1/files/0x0006000000015d6f-79.dat	family_kpot
behavioral1/files/0x0006000000015d5e-69.dat	family_kpot
behavioral1/files/0x0006000000015d56-64.dat	family_kpot
behavioral1/files/0x0006000000015d4a-59.dat	family_kpot
behavioral1/files/0x0006000000015ceb-44.dat	family_kpot
behavioral1/files/0x000a000000014e51-35.dat	family_kpot
behavioral1/files/0x000a000000014bea-29.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000c0000000144e4-2.dat	xmrig
behavioral1/files/0x003400000001471d-6.dat	xmrig
behavioral1/files/0x0007000000014b27-8.dat	xmrig
behavioral1/files/0x0007000000014b63-19.dat	xmrig
behavioral1/files/0x0007000000014baa-25.dat	xmrig
behavioral1/files/0x0007000000015ce1-39.dat	xmrig
behavioral1/files/0x0006000000015d07-49.dat	xmrig
behavioral1/files/0x0006000000015d28-54.dat	xmrig
behavioral1/files/0x0006000000015d67-74.dat	xmrig
behavioral1/files/0x0006000000015d87-89.dat	xmrig
behavioral1/files/0x0006000000015e3a-109.dat	xmrig
behavioral1/files/0x0006000000016843-159.dat	xmrig
behavioral1/files/0x000600000001661c-154.dat	xmrig
behavioral1/files/0x0006000000016572-149.dat	xmrig
behavioral1/files/0x00060000000164b2-144.dat	xmrig
behavioral1/files/0x000600000001630b-139.dat	xmrig
behavioral1/files/0x00060000000161e7-134.dat	xmrig
behavioral1/files/0x0006000000016117-129.dat	xmrig
behavioral1/files/0x0006000000015fe9-124.dat	xmrig
behavioral1/files/0x0006000000015f6d-119.dat	xmrig
behavioral1/files/0x0006000000015eaf-114.dat	xmrig
behavioral1/files/0x0006000000015d9b-104.dat	xmrig
behavioral1/files/0x0033000000014726-99.dat	xmrig
behavioral1/files/0x0006000000015d8f-95.dat	xmrig
behavioral1/files/0x0006000000015d79-84.dat	xmrig
behavioral1/files/0x0006000000015d6f-79.dat	xmrig
behavioral1/files/0x0006000000015d5e-69.dat	xmrig
behavioral1/files/0x0006000000015d56-64.dat	xmrig
behavioral1/files/0x0006000000015d4a-59.dat	xmrig
behavioral1/files/0x0006000000015ceb-44.dat	xmrig
behavioral1/files/0x000a000000014e51-35.dat	xmrig
behavioral1/files/0x000a000000014bea-29.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1280	WPiPkqK.exe
2624	lPXgEcS.exe
2304	FLxyQvC.exe
2548	MKzOGsy.exe
2644	LeUIwrp.exe
2632	OteSHLD.exe
2556	JnYyxXY.exe
2728	HRXnrpe.exe
2820	azLvAWQ.exe
2736	yGBtpua.exe
2652	LvTWamf.exe
2448	zFxKetQ.exe
2560	BZDcpQn.exe
2952	HBHAqBx.exe
2316	RztzZzg.exe
2704	EsCzphL.exe
2932	syGDFMt.exe
2968	HGxaDlh.exe
1916	jDmJbxi.exe
272	JodpDVP.exe
2676	xOAMzPt.exe
2768	emCCzma.exe
2800	oJvOksg.exe
324	XMpHGtb.exe
1312	TJIrYsv.exe
832	oyxYDwa.exe
1764	xLuYdjU.exe
2120	xGjdGWf.exe
2400	AgBFYbp.exe
2876	VAlJJdq.exe
2116	iIaRqfu.exe
2132	LQtWxJt.exe
576	MLFLjTs.exe
1248	kLJNYwV.exe
1636	GeMfbiG.exe
2140	QBeUMBJ.exe
1796	xmWFFQk.exe
1784	eFsXUMc.exe
2388	nQGbThF.exe
328	uQduhmg.exe
1080	feoZsmX.exe
2148	WildLnU.exe
2368	NNRgaKs.exe
1152	ZufvEpS.exe
300	OGuGpEd.exe
1780	xqPhYiv.exe
1396	gqukimo.exe
320	YHngtIO.exe
1976	idQGVlN.exe
900	HeHBSuG.exe
868	jOiRdJy.exe
2352	qESXfLH.exe
2084	MIVTiLa.exe
2372	eikDJSS.exe
1164	ihFpwVw.exe
2364	WAaDnek.exe
1028	PAbpkpw.exe
880	wOeviqm.exe
548	rxFLCtC.exe
2208	lYAaAgz.exe
552	lJERjjF.exe
2212	gXJvVFo.exe
3068	AzbdZLl.exe
2572	IFRWzeK.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wOeviqm.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\rxFLCtC.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\GuiLoYD.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\dpAsGNk.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\XMXXTeD.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\hcVgNSu.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\HGxaDlh.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\AgBFYbp.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\xmgHoAd.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\bZGwimb.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\HwvZDvL.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\MrOpMTT.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\HRXnrpe.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\LvTWamf.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\uDyypxt.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\tfebGHN.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\GYPvBVw.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\ceEmpqa.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\QDkxGxF.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\iIaRqfu.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\pHLmzef.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\TIOzWWn.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\hyEJass.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\fOwHfTE.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\MLFLjTs.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\kLJNYwV.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\YSiCEQt.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\IHlszby.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\FhtpjTu.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\rGuINxS.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\tYouQZF.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\EfwAKqR.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\kvUBAgv.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\sluCOfY.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\EFcnPBW.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\LQtWxJt.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\yoijbJA.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\mMrtWXo.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\qyAcsrb.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\RHrBuwY.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\feoZsmX.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\jOiRdJy.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\xnvDjWp.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\SmHzbon.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\ZlTjgtY.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\MIVTiLa.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\jtjpUiO.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\BDqwzAn.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\FEusduQ.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\vVHWHPz.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\uFhrqOQ.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\IFRWzeK.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\XMijLhm.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\uQaQlzC.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\DfAxHUU.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\nGSOywr.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\nQGbThF.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\HeHBSuG.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\yuTKROI.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\bwAyrSh.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\VZqaKjY.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\VAlJJdq.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\GeMfbiG.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
File created	C:\Windows\System\zVmLKVv.exe	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1280	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1280	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1280	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 2624	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2624	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2624	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2304	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	31
PID 3056 wrote to memory of 2304	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	31
PID 3056 wrote to memory of 2304	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	31
PID 3056 wrote to memory of 2548	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	32
PID 3056 wrote to memory of 2548	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	32
PID 3056 wrote to memory of 2548	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	32
PID 3056 wrote to memory of 2644	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	33
PID 3056 wrote to memory of 2644	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	33
PID 3056 wrote to memory of 2644	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	33
PID 3056 wrote to memory of 2632	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	34
PID 3056 wrote to memory of 2632	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	34
PID 3056 wrote to memory of 2632	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	34
PID 3056 wrote to memory of 2556	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	35
PID 3056 wrote to memory of 2556	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	35
PID 3056 wrote to memory of 2556	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	35
PID 3056 wrote to memory of 2728	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	36
PID 3056 wrote to memory of 2728	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	36
PID 3056 wrote to memory of 2728	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	36
PID 3056 wrote to memory of 2820	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	37
PID 3056 wrote to memory of 2820	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	37
PID 3056 wrote to memory of 2820	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	37
PID 3056 wrote to memory of 2736	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	38
PID 3056 wrote to memory of 2736	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	38
PID 3056 wrote to memory of 2736	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	38
PID 3056 wrote to memory of 2652	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	39
PID 3056 wrote to memory of 2652	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	39
PID 3056 wrote to memory of 2652	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	39
PID 3056 wrote to memory of 2448	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	40
PID 3056 wrote to memory of 2448	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	40
PID 3056 wrote to memory of 2448	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	40
PID 3056 wrote to memory of 2560	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	41
PID 3056 wrote to memory of 2560	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	41
PID 3056 wrote to memory of 2560	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	41
PID 3056 wrote to memory of 2952	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	42
PID 3056 wrote to memory of 2952	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	42
PID 3056 wrote to memory of 2952	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	42
PID 3056 wrote to memory of 2316	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	43
PID 3056 wrote to memory of 2316	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	43
PID 3056 wrote to memory of 2316	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	43
PID 3056 wrote to memory of 2704	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	44
PID 3056 wrote to memory of 2704	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	44
PID 3056 wrote to memory of 2704	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	44
PID 3056 wrote to memory of 2932	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	45
PID 3056 wrote to memory of 2932	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	45
PID 3056 wrote to memory of 2932	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	45
PID 3056 wrote to memory of 2968	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	46
PID 3056 wrote to memory of 2968	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	46
PID 3056 wrote to memory of 2968	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	46
PID 3056 wrote to memory of 1916	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	47
PID 3056 wrote to memory of 1916	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	47
PID 3056 wrote to memory of 1916	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	47
PID 3056 wrote to memory of 272	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	48
PID 3056 wrote to memory of 272	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	48
PID 3056 wrote to memory of 272	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	48
PID 3056 wrote to memory of 2676	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	49
PID 3056 wrote to memory of 2676	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	49
PID 3056 wrote to memory of 2676	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	49
PID 3056 wrote to memory of 2768	3056	7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a0b8fffa7c3c33d536ecad05951fd50_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\System\WPiPkqK.exe
  C:\Windows\System\WPiPkqK.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\lPXgEcS.exe
  C:\Windows\System\lPXgEcS.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\FLxyQvC.exe
  C:\Windows\System\FLxyQvC.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\MKzOGsy.exe
  C:\Windows\System\MKzOGsy.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LeUIwrp.exe
  C:\Windows\System\LeUIwrp.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\OteSHLD.exe
  C:\Windows\System\OteSHLD.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\JnYyxXY.exe
  C:\Windows\System\JnYyxXY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\HRXnrpe.exe
  C:\Windows\System\HRXnrpe.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\azLvAWQ.exe
  C:\Windows\System\azLvAWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\yGBtpua.exe
  C:\Windows\System\yGBtpua.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\LvTWamf.exe
  C:\Windows\System\LvTWamf.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\zFxKetQ.exe
  C:\Windows\System\zFxKetQ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BZDcpQn.exe
  C:\Windows\System\BZDcpQn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\HBHAqBx.exe
  C:\Windows\System\HBHAqBx.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\RztzZzg.exe
  C:\Windows\System\RztzZzg.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\EsCzphL.exe
  C:\Windows\System\EsCzphL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\syGDFMt.exe
  C:\Windows\System\syGDFMt.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\HGxaDlh.exe
  C:\Windows\System\HGxaDlh.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\jDmJbxi.exe
  C:\Windows\System\jDmJbxi.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\JodpDVP.exe
  C:\Windows\System\JodpDVP.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\xOAMzPt.exe
  C:\Windows\System\xOAMzPt.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\emCCzma.exe
  C:\Windows\System\emCCzma.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\oJvOksg.exe
  C:\Windows\System\oJvOksg.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\XMpHGtb.exe
  C:\Windows\System\XMpHGtb.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\TJIrYsv.exe
  C:\Windows\System\TJIrYsv.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\oyxYDwa.exe
  C:\Windows\System\oyxYDwa.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\xLuYdjU.exe
  C:\Windows\System\xLuYdjU.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\xGjdGWf.exe
  C:\Windows\System\xGjdGWf.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\AgBFYbp.exe
  C:\Windows\System\AgBFYbp.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\VAlJJdq.exe
  C:\Windows\System\VAlJJdq.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iIaRqfu.exe
  C:\Windows\System\iIaRqfu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\LQtWxJt.exe
  C:\Windows\System\LQtWxJt.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MLFLjTs.exe
  C:\Windows\System\MLFLjTs.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\kLJNYwV.exe
  C:\Windows\System\kLJNYwV.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\GeMfbiG.exe
  C:\Windows\System\GeMfbiG.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\QBeUMBJ.exe
  C:\Windows\System\QBeUMBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\xmWFFQk.exe
  C:\Windows\System\xmWFFQk.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\eFsXUMc.exe
  C:\Windows\System\eFsXUMc.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\nQGbThF.exe
  C:\Windows\System\nQGbThF.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\uQduhmg.exe
  C:\Windows\System\uQduhmg.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\feoZsmX.exe
  C:\Windows\System\feoZsmX.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\WildLnU.exe
  C:\Windows\System\WildLnU.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\NNRgaKs.exe
  C:\Windows\System\NNRgaKs.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\ZufvEpS.exe
  C:\Windows\System\ZufvEpS.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\OGuGpEd.exe
  C:\Windows\System\OGuGpEd.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\xqPhYiv.exe
  C:\Windows\System\xqPhYiv.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\gqukimo.exe
  C:\Windows\System\gqukimo.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\YHngtIO.exe
  C:\Windows\System\YHngtIO.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\idQGVlN.exe
  C:\Windows\System\idQGVlN.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HeHBSuG.exe
  C:\Windows\System\HeHBSuG.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\jOiRdJy.exe
  C:\Windows\System\jOiRdJy.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\qESXfLH.exe
  C:\Windows\System\qESXfLH.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\MIVTiLa.exe
  C:\Windows\System\MIVTiLa.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\eikDJSS.exe
  C:\Windows\System\eikDJSS.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ihFpwVw.exe
  C:\Windows\System\ihFpwVw.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\WAaDnek.exe
  C:\Windows\System\WAaDnek.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\PAbpkpw.exe
  C:\Windows\System\PAbpkpw.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\wOeviqm.exe
  C:\Windows\System\wOeviqm.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\rxFLCtC.exe
  C:\Windows\System\rxFLCtC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\lYAaAgz.exe
  C:\Windows\System\lYAaAgz.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\lJERjjF.exe
  C:\Windows\System\lJERjjF.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\gXJvVFo.exe
  C:\Windows\System\gXJvVFo.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\AzbdZLl.exe
  C:\Windows\System\AzbdZLl.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\IFRWzeK.exe
  C:\Windows\System\IFRWzeK.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\nDJvtmR.exe
  C:\Windows\System\nDJvtmR.exe
  2⤵
  PID:2656
- C:\Windows\System\KAnvqBO.exe
  C:\Windows\System\KAnvqBO.exe
  2⤵
  PID:2852
- C:\Windows\System\rynIHPB.exe
  C:\Windows\System\rynIHPB.exe
  2⤵
  PID:2280
- C:\Windows\System\dAPhSgM.exe
  C:\Windows\System\dAPhSgM.exe
  2⤵
  PID:2484
- C:\Windows\System\JgLdPLD.exe
  C:\Windows\System\JgLdPLD.exe
  2⤵
  PID:2432
- C:\Windows\System\bGYThtp.exe
  C:\Windows\System\bGYThtp.exe
  2⤵
  PID:2488
- C:\Windows\System\tSnHzYU.exe
  C:\Windows\System\tSnHzYU.exe
  2⤵
  PID:1048
- C:\Windows\System\OvRjziO.exe
  C:\Windows\System\OvRjziO.exe
  2⤵
  PID:2924
- C:\Windows\System\WCTktxX.exe
  C:\Windows\System\WCTktxX.exe
  2⤵
  PID:2476
- C:\Windows\System\HApPVTZ.exe
  C:\Windows\System\HApPVTZ.exe
  2⤵
  PID:1844
- C:\Windows\System\qDJtSsN.exe
  C:\Windows\System\qDJtSsN.exe
  2⤵
  PID:2712
- C:\Windows\System\GkCDNvu.exe
  C:\Windows\System\GkCDNvu.exe
  2⤵
  PID:2716
- C:\Windows\System\ufpRIxA.exe
  C:\Windows\System\ufpRIxA.exe
  2⤵
  PID:2832
- C:\Windows\System\upQafJK.exe
  C:\Windows\System\upQafJK.exe
  2⤵
  PID:860
- C:\Windows\System\KArzdJS.exe
  C:\Windows\System\KArzdJS.exe
  2⤵
  PID:2112
- C:\Windows\System\MlFioOQ.exe
  C:\Windows\System\MlFioOQ.exe
  2⤵
  PID:776
- C:\Windows\System\DnSYyiY.exe
  C:\Windows\System\DnSYyiY.exe
  2⤵
  PID:2872
- C:\Windows\System\ROmrZCk.exe
  C:\Windows\System\ROmrZCk.exe
  2⤵
  PID:1740
- C:\Windows\System\ApDvwuC.exe
  C:\Windows\System\ApDvwuC.exe
  2⤵
  PID:704
- C:\Windows\System\eHmPQtF.exe
  C:\Windows\System\eHmPQtF.exe
  2⤵
  PID:1100
- C:\Windows\System\jtjpUiO.exe
  C:\Windows\System\jtjpUiO.exe
  2⤵
  PID:292
- C:\Windows\System\ltONmGl.exe
  C:\Windows\System\ltONmGl.exe
  2⤵
  PID:636
- C:\Windows\System\zrGVEgN.exe
  C:\Windows\System\zrGVEgN.exe
  2⤵
  PID:740
- C:\Windows\System\aJLxiFH.exe
  C:\Windows\System\aJLxiFH.exe
  2⤵
  PID:2384
- C:\Windows\System\OnzmrqU.exe
  C:\Windows\System\OnzmrqU.exe
  2⤵
  PID:1340
- C:\Windows\System\nuqxLxa.exe
  C:\Windows\System\nuqxLxa.exe
  2⤵
  PID:1548
- C:\Windows\System\hqNxydr.exe
  C:\Windows\System\hqNxydr.exe
  2⤵
  PID:944
- C:\Windows\System\MEAMqkX.exe
  C:\Windows\System\MEAMqkX.exe
  2⤵
  PID:308
- C:\Windows\System\pJUnyXZ.exe
  C:\Windows\System\pJUnyXZ.exe
  2⤵
  PID:752
- C:\Windows\System\PjKpENF.exe
  C:\Windows\System\PjKpENF.exe
  2⤵
  PID:1088
- C:\Windows\System\AHWenQI.exe
  C:\Windows\System\AHWenQI.exe
  2⤵
  PID:2000
- C:\Windows\System\njAtGwR.exe
  C:\Windows\System\njAtGwR.exe
  2⤵
  PID:2296
- C:\Windows\System\XMijLhm.exe
  C:\Windows\System\XMijLhm.exe
  2⤵
  PID:2180
- C:\Windows\System\MjUFHVp.exe
  C:\Windows\System\MjUFHVp.exe
  2⤵
  PID:1256
- C:\Windows\System\YrlCeOO.exe
  C:\Windows\System\YrlCeOO.exe
  2⤵
  PID:804
- C:\Windows\System\zVmLKVv.exe
  C:\Windows\System\zVmLKVv.exe
  2⤵
  PID:1716
- C:\Windows\System\DhzMCXB.exe
  C:\Windows\System\DhzMCXB.exe
  2⤵
  PID:1284
- C:\Windows\System\WXkMyMG.exe
  C:\Windows\System\WXkMyMG.exe
  2⤵
  PID:2156
- C:\Windows\System\TjNKueS.exe
  C:\Windows\System\TjNKueS.exe
  2⤵
  PID:2732
- C:\Windows\System\jlzLlHg.exe
  C:\Windows\System\jlzLlHg.exe
  2⤵
  PID:2464
- C:\Windows\System\fNQxGek.exe
  C:\Windows\System\fNQxGek.exe
  2⤵
  PID:2508
- C:\Windows\System\dMmjBGV.exe
  C:\Windows\System\dMmjBGV.exe
  2⤵
  PID:808
- C:\Windows\System\VtfCkSx.exe
  C:\Windows\System\VtfCkSx.exe
  2⤵
  PID:2408
- C:\Windows\System\QhxjIwV.exe
  C:\Windows\System\QhxjIwV.exe
  2⤵
  PID:1788
- C:\Windows\System\NHvsIxe.exe
  C:\Windows\System\NHvsIxe.exe
  2⤵
  PID:2804
- C:\Windows\System\dRsRDzm.exe
  C:\Windows\System\dRsRDzm.exe
  2⤵
  PID:1400
- C:\Windows\System\mVTRRLV.exe
  C:\Windows\System\mVTRRLV.exe
  2⤵
  PID:1760
- C:\Windows\System\ZNQOKvV.exe
  C:\Windows\System\ZNQOKvV.exe
  2⤵
  PID:2092
- C:\Windows\System\fIjPtuR.exe
  C:\Windows\System\fIjPtuR.exe
  2⤵
  PID:2864
- C:\Windows\System\UVDnsqK.exe
  C:\Windows\System\UVDnsqK.exe
  2⤵
  PID:588
- C:\Windows\System\TIOzWWn.exe
  C:\Windows\System\TIOzWWn.exe
  2⤵
  PID:2200
- C:\Windows\System\ecKFfzo.exe
  C:\Windows\System\ecKFfzo.exe
  2⤵
  PID:2144
- C:\Windows\System\uQaQlzC.exe
  C:\Windows\System\uQaQlzC.exe
  2⤵
  PID:988
- C:\Windows\System\Myeiwdt.exe
  C:\Windows\System\Myeiwdt.exe
  2⤵
  PID:1304
- C:\Windows\System\VjkeQyf.exe
  C:\Windows\System\VjkeQyf.exe
  2⤵
  PID:768
- C:\Windows\System\tjoauuE.exe
  C:\Windows\System\tjoauuE.exe
  2⤵
  PID:2220
- C:\Windows\System\GuiLoYD.exe
  C:\Windows\System\GuiLoYD.exe
  2⤵
  PID:1676
- C:\Windows\System\gTBLpVU.exe
  C:\Windows\System\gTBLpVU.exe
  2⤵
  PID:1504
- C:\Windows\System\ItesMEP.exe
  C:\Windows\System\ItesMEP.exe
  2⤵
  PID:2160
- C:\Windows\System\wqGMNCM.exe
  C:\Windows\System\wqGMNCM.exe
  2⤵
  PID:2444
- C:\Windows\System\ZQyMlPB.exe
  C:\Windows\System\ZQyMlPB.exe
  2⤵
  PID:2740
- C:\Windows\System\yuTKROI.exe
  C:\Windows\System\yuTKROI.exe
  2⤵
  PID:2552
- C:\Windows\System\RoajxXD.exe
  C:\Windows\System\RoajxXD.exe
  2⤵
  PID:3080
- C:\Windows\System\xNGkyTI.exe
  C:\Windows\System\xNGkyTI.exe
  2⤵
  PID:3096
- C:\Windows\System\IyQzRKz.exe
  C:\Windows\System\IyQzRKz.exe
  2⤵
  PID:3120
- C:\Windows\System\CPVMJqD.exe
  C:\Windows\System\CPVMJqD.exe
  2⤵
  PID:3140
- C:\Windows\System\wWXMXzl.exe
  C:\Windows\System\wWXMXzl.exe
  2⤵
  PID:3160
- C:\Windows\System\OaFBvGm.exe
  C:\Windows\System\OaFBvGm.exe
  2⤵
  PID:3184
- C:\Windows\System\BDqwzAn.exe
  C:\Windows\System\BDqwzAn.exe
  2⤵
  PID:3204
- C:\Windows\System\ZquOKFP.exe
  C:\Windows\System\ZquOKFP.exe
  2⤵
  PID:3224
- C:\Windows\System\UFcFXCC.exe
  C:\Windows\System\UFcFXCC.exe
  2⤵
  PID:3244
- C:\Windows\System\beaCLHf.exe
  C:\Windows\System\beaCLHf.exe
  2⤵
  PID:3264
- C:\Windows\System\WFLqMCd.exe
  C:\Windows\System\WFLqMCd.exe
  2⤵
  PID:3284
- C:\Windows\System\DPQhVcN.exe
  C:\Windows\System\DPQhVcN.exe
  2⤵
  PID:3304
- C:\Windows\System\iwNWClR.exe
  C:\Windows\System\iwNWClR.exe
  2⤵
  PID:3324
- C:\Windows\System\KHtaBif.exe
  C:\Windows\System\KHtaBif.exe
  2⤵
  PID:3344
- C:\Windows\System\cPeovaC.exe
  C:\Windows\System\cPeovaC.exe
  2⤵
  PID:3364
- C:\Windows\System\yoXhHov.exe
  C:\Windows\System\yoXhHov.exe
  2⤵
  PID:3384
- C:\Windows\System\CkOsXlj.exe
  C:\Windows\System\CkOsXlj.exe
  2⤵
  PID:3404
- C:\Windows\System\fAsUXvu.exe
  C:\Windows\System\fAsUXvu.exe
  2⤵
  PID:3424
- C:\Windows\System\yIsFiVb.exe
  C:\Windows\System\yIsFiVb.exe
  2⤵
  PID:3444
- C:\Windows\System\ZzBazZQ.exe
  C:\Windows\System\ZzBazZQ.exe
  2⤵
  PID:3460
- C:\Windows\System\vSGDoXs.exe
  C:\Windows\System\vSGDoXs.exe
  2⤵
  PID:3484
- C:\Windows\System\UgxyMgF.exe
  C:\Windows\System\UgxyMgF.exe
  2⤵
  PID:3504
- C:\Windows\System\eCZUBck.exe
  C:\Windows\System\eCZUBck.exe
  2⤵
  PID:3524
- C:\Windows\System\RTCVTob.exe
  C:\Windows\System\RTCVTob.exe
  2⤵
  PID:3540
- C:\Windows\System\WkZJlmq.exe
  C:\Windows\System\WkZJlmq.exe
  2⤵
  PID:3564
- C:\Windows\System\HzZthpb.exe
  C:\Windows\System\HzZthpb.exe
  2⤵
  PID:3584
- C:\Windows\System\NpGSwOw.exe
  C:\Windows\System\NpGSwOw.exe
  2⤵
  PID:3604
- C:\Windows\System\QdTNnen.exe
  C:\Windows\System\QdTNnen.exe
  2⤵
  PID:3624
- C:\Windows\System\Pfzliva.exe
  C:\Windows\System\Pfzliva.exe
  2⤵
  PID:3644
- C:\Windows\System\iSSpAPm.exe
  C:\Windows\System\iSSpAPm.exe
  2⤵
  PID:3664
- C:\Windows\System\rPeQEza.exe
  C:\Windows\System\rPeQEza.exe
  2⤵
  PID:3684
- C:\Windows\System\JtfGVrH.exe
  C:\Windows\System\JtfGVrH.exe
  2⤵
  PID:3704
- C:\Windows\System\DdEsuSS.exe
  C:\Windows\System\DdEsuSS.exe
  2⤵
  PID:3724
- C:\Windows\System\xnvDjWp.exe
  C:\Windows\System\xnvDjWp.exe
  2⤵
  PID:3740
- C:\Windows\System\GFQsuBQ.exe
  C:\Windows\System\GFQsuBQ.exe
  2⤵
  PID:3764
- C:\Windows\System\bZGwimb.exe
  C:\Windows\System\bZGwimb.exe
  2⤵
  PID:3784
- C:\Windows\System\QWRPquX.exe
  C:\Windows\System\QWRPquX.exe
  2⤵
  PID:3804
- C:\Windows\System\yoijbJA.exe
  C:\Windows\System\yoijbJA.exe
  2⤵
  PID:3820
- C:\Windows\System\odrrQlD.exe
  C:\Windows\System\odrrQlD.exe
  2⤵
  PID:3844
- C:\Windows\System\GtpjquL.exe
  C:\Windows\System\GtpjquL.exe
  2⤵
  PID:3860
- C:\Windows\System\uqWODZq.exe
  C:\Windows\System\uqWODZq.exe
  2⤵
  PID:3884
- C:\Windows\System\TXTrtDy.exe
  C:\Windows\System\TXTrtDy.exe
  2⤵
  PID:3904
- C:\Windows\System\DfAxHUU.exe
  C:\Windows\System\DfAxHUU.exe
  2⤵
  PID:3924
- C:\Windows\System\pAOYEpY.exe
  C:\Windows\System\pAOYEpY.exe
  2⤵
  PID:3940
- C:\Windows\System\yrdmKay.exe
  C:\Windows\System\yrdmKay.exe
  2⤵
  PID:3964
- C:\Windows\System\EAAHhwM.exe
  C:\Windows\System\EAAHhwM.exe
  2⤵
  PID:3980
- C:\Windows\System\qRQlXls.exe
  C:\Windows\System\qRQlXls.exe
  2⤵
  PID:4004
- C:\Windows\System\AMjeAXQ.exe
  C:\Windows\System\AMjeAXQ.exe
  2⤵
  PID:4024
- C:\Windows\System\ZTZyOGq.exe
  C:\Windows\System\ZTZyOGq.exe
  2⤵
  PID:4044
- C:\Windows\System\EFcnPBW.exe
  C:\Windows\System\EFcnPBW.exe
  2⤵
  PID:4064
- C:\Windows\System\kvUBAgv.exe
  C:\Windows\System\kvUBAgv.exe
  2⤵
  PID:4084
- C:\Windows\System\bJSQKxP.exe
  C:\Windows\System\bJSQKxP.exe
  2⤵
  PID:2988
- C:\Windows\System\NTRBnrN.exe
  C:\Windows\System\NTRBnrN.exe
  2⤵
  PID:1932
- C:\Windows\System\ljDAqgD.exe
  C:\Windows\System\ljDAqgD.exe
  2⤵
  PID:1984
- C:\Windows\System\GOqbpzS.exe
  C:\Windows\System\GOqbpzS.exe
  2⤵
  PID:2420
- C:\Windows\System\xCeeEGe.exe
  C:\Windows\System\xCeeEGe.exe
  2⤵
  PID:1852
- C:\Windows\System\AQwMXwd.exe
  C:\Windows\System\AQwMXwd.exe
  2⤵
  PID:1772
- C:\Windows\System\FEusduQ.exe
  C:\Windows\System\FEusduQ.exe
  2⤵
  PID:1804
- C:\Windows\System\NPiZulU.exe
  C:\Windows\System\NPiZulU.exe
  2⤵
  PID:784
- C:\Windows\System\SmHzbon.exe
  C:\Windows\System\SmHzbon.exe
  2⤵
  PID:764
- C:\Windows\System\rbuYrcd.exe
  C:\Windows\System\rbuYrcd.exe
  2⤵
  PID:3044
- C:\Windows\System\OUgLwiE.exe
  C:\Windows\System\OUgLwiE.exe
  2⤵
  PID:2412
- C:\Windows\System\vVHWHPz.exe
  C:\Windows\System\vVHWHPz.exe
  2⤵
  PID:2308
- C:\Windows\System\VLlBckc.exe
  C:\Windows\System\VLlBckc.exe
  2⤵
  PID:3052
- C:\Windows\System\WQTtaQs.exe
  C:\Windows\System\WQTtaQs.exe
  2⤵
  PID:2008
- C:\Windows\System\naSOtDj.exe
  C:\Windows\System\naSOtDj.exe
  2⤵
  PID:3104
- C:\Windows\System\dpAsGNk.exe
  C:\Windows\System\dpAsGNk.exe
  2⤵
  PID:3136
- C:\Windows\System\HsbQsvN.exe
  C:\Windows\System\HsbQsvN.exe
  2⤵
  PID:3152
- C:\Windows\System\rbfnWXf.exe
  C:\Windows\System\rbfnWXf.exe
  2⤵
  PID:3200
- C:\Windows\System\TjtRSKW.exe
  C:\Windows\System\TjtRSKW.exe
  2⤵
  PID:3216
- C:\Windows\System\mMrtWXo.exe
  C:\Windows\System\mMrtWXo.exe
  2⤵
  PID:3256
- C:\Windows\System\juGxRuv.exe
  C:\Windows\System\juGxRuv.exe
  2⤵
  PID:3292
- C:\Windows\System\lfFXqBg.exe
  C:\Windows\System\lfFXqBg.exe
  2⤵
  PID:3316
- C:\Windows\System\hDmjPHl.exe
  C:\Windows\System\hDmjPHl.exe
  2⤵
  PID:3340
- C:\Windows\System\qXUVawj.exe
  C:\Windows\System\qXUVawj.exe
  2⤵
  PID:3396
- C:\Windows\System\EjakFtD.exe
  C:\Windows\System\EjakFtD.exe
  2⤵
  PID:3380
- C:\Windows\System\ZzUSvXt.exe
  C:\Windows\System\ZzUSvXt.exe
  2⤵
  PID:3420
- C:\Windows\System\qyAcsrb.exe
  C:\Windows\System\qyAcsrb.exe
  2⤵
  PID:3520
- C:\Windows\System\sluCOfY.exe
  C:\Windows\System\sluCOfY.exe
  2⤵
  PID:3560
- C:\Windows\System\FDWMlAy.exe
  C:\Windows\System\FDWMlAy.exe
  2⤵
  PID:3596
- C:\Windows\System\HwvZDvL.exe
  C:\Windows\System\HwvZDvL.exe
  2⤵
  PID:3572
- C:\Windows\System\DRWQaTp.exe
  C:\Windows\System\DRWQaTp.exe
  2⤵
  PID:3640
- C:\Windows\System\mMjjYyx.exe
  C:\Windows\System\mMjjYyx.exe
  2⤵
  PID:3676
- C:\Windows\System\zycMlxq.exe
  C:\Windows\System\zycMlxq.exe
  2⤵
  PID:3612
- C:\Windows\System\NUZFdjL.exe
  C:\Windows\System\NUZFdjL.exe
  2⤵
  PID:3660
- C:\Windows\System\hyEJass.exe
  C:\Windows\System\hyEJass.exe
  2⤵
  PID:3760
- C:\Windows\System\XMXXTeD.exe
  C:\Windows\System\XMXXTeD.exe
  2⤵
  PID:3696
- C:\Windows\System\xxUtiHQ.exe
  C:\Windows\System\xxUtiHQ.exe
  2⤵
  PID:3828
- C:\Windows\System\tCWZxhB.exe
  C:\Windows\System\tCWZxhB.exe
  2⤵
  PID:3736
- C:\Windows\System\GqCbUkc.exe
  C:\Windows\System\GqCbUkc.exe
  2⤵
  PID:3812
- C:\Windows\System\UWXnSQr.exe
  C:\Windows\System\UWXnSQr.exe
  2⤵
  PID:3872
- C:\Windows\System\vFKsvfQ.exe
  C:\Windows\System\vFKsvfQ.exe
  2⤵
  PID:3892
- C:\Windows\System\HxNgOon.exe
  C:\Windows\System\HxNgOon.exe
  2⤵
  PID:3948
- C:\Windows\System\FLsixDA.exe
  C:\Windows\System\FLsixDA.exe
  2⤵
  PID:2264
- C:\Windows\System\AnfzOeA.exe
  C:\Windows\System\AnfzOeA.exe
  2⤵
  PID:4000
- C:\Windows\System\ImqvZiQ.exe
  C:\Windows\System\ImqvZiQ.exe
  2⤵
  PID:3936
- C:\Windows\System\KLuajSK.exe
  C:\Windows\System\KLuajSK.exe
  2⤵
  PID:4012
- C:\Windows\System\ZxkEgIq.exe
  C:\Windows\System\ZxkEgIq.exe
  2⤵
  PID:4076
- C:\Windows\System\JtHtGSB.exe
  C:\Windows\System\JtHtGSB.exe
  2⤵
  PID:2524
- C:\Windows\System\YIkxFKJ.exe
  C:\Windows\System\YIkxFKJ.exe
  2⤵
  PID:1692
- C:\Windows\System\GiRIpOV.exe
  C:\Windows\System\GiRIpOV.exe
  2⤵
  PID:2808
- C:\Windows\System\ugkbpoM.exe
  C:\Windows\System\ugkbpoM.exe
  2⤵
  PID:2152
- C:\Windows\System\nrCsNrS.exe
  C:\Windows\System\nrCsNrS.exe
  2⤵
  PID:2176
- C:\Windows\System\pHLmzef.exe
  C:\Windows\System\pHLmzef.exe
  2⤵
  PID:2844
- C:\Windows\System\bwAyrSh.exe
  C:\Windows\System\bwAyrSh.exe
  2⤵
  PID:3128
- C:\Windows\System\RHrBuwY.exe
  C:\Windows\System\RHrBuwY.exe
  2⤵
  PID:1540
- C:\Windows\System\TJWCdXa.exe
  C:\Windows\System\TJWCdXa.exe
  2⤵
  PID:2664
- C:\Windows\System\wxunWoY.exe
  C:\Windows\System\wxunWoY.exe
  2⤵
  PID:2500
- C:\Windows\System\uDyypxt.exe
  C:\Windows\System\uDyypxt.exe
  2⤵
  PID:3236
- C:\Windows\System\nToppGt.exe
  C:\Windows\System\nToppGt.exe
  2⤵
  PID:1828
- C:\Windows\System\eVsgnSb.exe
  C:\Windows\System\eVsgnSb.exe
  2⤵
  PID:3252
- C:\Windows\System\wrPbCvt.exe
  C:\Windows\System\wrPbCvt.exe
  2⤵
  PID:1032
- C:\Windows\System\cVMneah.exe
  C:\Windows\System\cVMneah.exe
  2⤵
  PID:3296
- C:\Windows\System\SXQeNPv.exe
  C:\Windows\System\SXQeNPv.exe
  2⤵
  PID:3392
- C:\Windows\System\mRBIhMk.exe
  C:\Windows\System\mRBIhMk.exe
  2⤵
  PID:2816
- C:\Windows\System\dXkvYIZ.exe
  C:\Windows\System\dXkvYIZ.exe
  2⤵
  PID:3360
- C:\Windows\System\KYbwvol.exe
  C:\Windows\System\KYbwvol.exe
  2⤵
  PID:3512
- C:\Windows\System\IHlszby.exe
  C:\Windows\System\IHlszby.exe
  2⤵
  PID:3548
- C:\Windows\System\VxBkwfI.exe
  C:\Windows\System\VxBkwfI.exe
  2⤵
  PID:3496
- C:\Windows\System\nGSOywr.exe
  C:\Windows\System\nGSOywr.exe
  2⤵
  PID:3532
- C:\Windows\System\nJWXUEW.exe
  C:\Windows\System\nJWXUEW.exe
  2⤵
  PID:3680
- C:\Windows\System\rGuINxS.exe
  C:\Windows\System\rGuINxS.exe
  2⤵
  PID:2696
- C:\Windows\System\QMPMiEV.exe
  C:\Windows\System\QMPMiEV.exe
  2⤵
  PID:1276
- C:\Windows\System\rHRohSf.exe
  C:\Windows\System\rHRohSf.exe
  2⤵
  PID:3880
- C:\Windows\System\smpuBjs.exe
  C:\Windows\System\smpuBjs.exe
  2⤵
  PID:1324
- C:\Windows\System\RdPiKXU.exe
  C:\Windows\System\RdPiKXU.exe
  2⤵
  PID:2036
- C:\Windows\System\XYEveqR.exe
  C:\Windows\System\XYEveqR.exe
  2⤵
  PID:3956
- C:\Windows\System\rdIZwoX.exe
  C:\Windows\System\rdIZwoX.exe
  2⤵
  PID:3632
- C:\Windows\System\zUkQKaU.exe
  C:\Windows\System\zUkQKaU.exe
  2⤵
  PID:3836
- C:\Windows\System\IxtKwfL.exe
  C:\Windows\System\IxtKwfL.exe
  2⤵
  PID:4016
- C:\Windows\System\DvaGVVR.exe
  C:\Windows\System\DvaGVVR.exe
  2⤵
  PID:840
- C:\Windows\System\fOwHfTE.exe
  C:\Windows\System\fOwHfTE.exe
  2⤵
  PID:2648
- C:\Windows\System\IqyFqCh.exe
  C:\Windows\System\IqyFqCh.exe
  2⤵
  PID:1860
- C:\Windows\System\FhtpjTu.exe
  C:\Windows\System\FhtpjTu.exe
  2⤵
  PID:2136
- C:\Windows\System\KWwGyTO.exe
  C:\Windows\System\KWwGyTO.exe
  2⤵
  PID:2528
- C:\Windows\System\JFSEaUT.exe
  C:\Windows\System\JFSEaUT.exe
  2⤵
  PID:1708
- C:\Windows\System\JBcVCWF.exe
  C:\Windows\System\JBcVCWF.exe
  2⤵
  PID:3192
- C:\Windows\System\OiVaAks.exe
  C:\Windows\System\OiVaAks.exe
  2⤵
  PID:2260
- C:\Windows\System\StbwxlX.exe
  C:\Windows\System\StbwxlX.exe
  2⤵
  PID:3156
- C:\Windows\System\MxLDWZp.exe
  C:\Windows\System\MxLDWZp.exe
  2⤵
  PID:2460
- C:\Windows\System\VgztbkT.exe
  C:\Windows\System\VgztbkT.exe
  2⤵
  PID:2996
- C:\Windows\System\hcVgNSu.exe
  C:\Windows\System\hcVgNSu.exe
  2⤵
  PID:3008
- C:\Windows\System\jwNqCjs.exe
  C:\Windows\System\jwNqCjs.exe
  2⤵
  PID:2880
- C:\Windows\System\xVDEBhZ.exe
  C:\Windows\System\xVDEBhZ.exe
  2⤵
  PID:1776
- C:\Windows\System\MAkfKKS.exe
  C:\Windows\System\MAkfKKS.exe
  2⤵
  PID:3480
- C:\Windows\System\tfebGHN.exe
  C:\Windows\System\tfebGHN.exe
  2⤵
  PID:3652
- C:\Windows\System\lhySwJu.exe
  C:\Windows\System\lhySwJu.exe
  2⤵
  PID:3916
- C:\Windows\System\cPpsrAI.exe
  C:\Windows\System\cPpsrAI.exe
  2⤵
  PID:2788
- C:\Windows\System\hPTauoz.exe
  C:\Windows\System\hPTauoz.exe
  2⤵
  PID:3800
- C:\Windows\System\nDhxeaK.exe
  C:\Windows\System\nDhxeaK.exe
  2⤵
  PID:1316
- C:\Windows\System\PsnYJTU.exe
  C:\Windows\System\PsnYJTU.exe
  2⤵
  PID:2600
- C:\Windows\System\JqzZowE.exe
  C:\Windows\System\JqzZowE.exe
  2⤵
  PID:3112
- C:\Windows\System\gbESfhk.exe
  C:\Windows\System\gbESfhk.exe
  2⤵
  PID:3220
- C:\Windows\System\MrOpMTT.exe
  C:\Windows\System\MrOpMTT.exe
  2⤵
  PID:3332
- C:\Windows\System\zLJoDkV.exe
  C:\Windows\System\zLJoDkV.exe
  2⤵
  PID:4060
- C:\Windows\System\ZCBBwHD.exe
  C:\Windows\System\ZCBBwHD.exe
  2⤵
  PID:2928
- C:\Windows\System\VtVtLRN.exe
  C:\Windows\System\VtVtLRN.exe
  2⤵
  PID:1452
- C:\Windows\System\fxMITZp.exe
  C:\Windows\System\fxMITZp.exe
  2⤵
  PID:2700
- C:\Windows\System\rJrNJdX.exe
  C:\Windows\System\rJrNJdX.exe
  2⤵
  PID:2884
- C:\Windows\System\zXGlaXZ.exe
  C:\Windows\System\zXGlaXZ.exe
  2⤵
  PID:2360
- C:\Windows\System\tdieGIO.exe
  C:\Windows\System\tdieGIO.exe
  2⤵
  PID:3752
- C:\Windows\System\uFhrqOQ.exe
  C:\Windows\System\uFhrqOQ.exe
  2⤵
  PID:3492
- C:\Windows\System\ZlTjgtY.exe
  C:\Windows\System\ZlTjgtY.exe
  2⤵
  PID:4112
- C:\Windows\System\edwqsSR.exe
  C:\Windows\System\edwqsSR.exe
  2⤵
  PID:4132
- C:\Windows\System\GYPvBVw.exe
  C:\Windows\System\GYPvBVw.exe
  2⤵
  PID:4152
- C:\Windows\System\xCrYlcb.exe
  C:\Windows\System\xCrYlcb.exe
  2⤵
  PID:4172
- C:\Windows\System\suprPgj.exe
  C:\Windows\System\suprPgj.exe
  2⤵
  PID:4188
- C:\Windows\System\RtbyzUC.exe
  C:\Windows\System\RtbyzUC.exe
  2⤵
  PID:4204
- C:\Windows\System\neHjEIQ.exe
  C:\Windows\System\neHjEIQ.exe
  2⤵
  PID:4220
- C:\Windows\System\VZqaKjY.exe
  C:\Windows\System\VZqaKjY.exe
  2⤵
  PID:4312
- C:\Windows\System\rvVnSIg.exe
  C:\Windows\System\rvVnSIg.exe
  2⤵
  PID:4332
- C:\Windows\System\tQBUcOJ.exe
  C:\Windows\System\tQBUcOJ.exe
  2⤵
  PID:4348
- C:\Windows\System\TdGoDwh.exe
  C:\Windows\System\TdGoDwh.exe
  2⤵
  PID:4364
- C:\Windows\System\npxKvKe.exe
  C:\Windows\System\npxKvKe.exe
  2⤵
  PID:4380
- C:\Windows\System\XbTlGec.exe
  C:\Windows\System\XbTlGec.exe
  2⤵
  PID:4404
- C:\Windows\System\IhAVjKZ.exe
  C:\Windows\System\IhAVjKZ.exe
  2⤵
  PID:4420
- C:\Windows\System\XaEGTwk.exe
  C:\Windows\System\XaEGTwk.exe
  2⤵
  PID:4440
- C:\Windows\System\ZamsqVG.exe
  C:\Windows\System\ZamsqVG.exe
  2⤵
  PID:4460
- C:\Windows\System\TjDPkxV.exe
  C:\Windows\System\TjDPkxV.exe
  2⤵
  PID:4476
- C:\Windows\System\AaRBarc.exe
  C:\Windows\System\AaRBarc.exe
  2⤵
  PID:4492
- C:\Windows\System\xmgHoAd.exe
  C:\Windows\System\xmgHoAd.exe
  2⤵
  PID:4508
- C:\Windows\System\MVooOkw.exe
  C:\Windows\System\MVooOkw.exe
  2⤵
  PID:4532
- C:\Windows\System\tWfZAiP.exe
  C:\Windows\System\tWfZAiP.exe
  2⤵
  PID:4548
- C:\Windows\System\JlLHHwr.exe
  C:\Windows\System\JlLHHwr.exe
  2⤵
  PID:4568
- C:\Windows\System\jOUivNW.exe
  C:\Windows\System\jOUivNW.exe
  2⤵
  PID:4584
- C:\Windows\System\YSiCEQt.exe
  C:\Windows\System\YSiCEQt.exe
  2⤵
  PID:4604
- C:\Windows\System\zxmLgEp.exe
  C:\Windows\System\zxmLgEp.exe
  2⤵
  PID:4624
- C:\Windows\System\BdBZIMZ.exe
  C:\Windows\System\BdBZIMZ.exe
  2⤵
  PID:4652
- C:\Windows\System\rzOiUCd.exe
  C:\Windows\System\rzOiUCd.exe
  2⤵
  PID:4672
- C:\Windows\System\ceEmpqa.exe
  C:\Windows\System\ceEmpqa.exe
  2⤵
  PID:4692
- C:\Windows\System\tYouQZF.exe
  C:\Windows\System\tYouQZF.exe
  2⤵
  PID:4708
- C:\Windows\System\uiMVjml.exe
  C:\Windows\System\uiMVjml.exe
  2⤵
  PID:4724
- C:\Windows\System\MPOrAzI.exe
  C:\Windows\System\MPOrAzI.exe
  2⤵
  PID:4740
- C:\Windows\System\jlzFwik.exe
  C:\Windows\System\jlzFwik.exe
  2⤵
  PID:4756
- C:\Windows\System\MNtkXfE.exe
  C:\Windows\System\MNtkXfE.exe
  2⤵
  PID:4776
- C:\Windows\System\xOAVnDd.exe
  C:\Windows\System\xOAVnDd.exe
  2⤵
  PID:4796
- C:\Windows\System\QDkxGxF.exe
  C:\Windows\System\QDkxGxF.exe
  2⤵
  PID:4812
- C:\Windows\System\qFGPzWx.exe
  C:\Windows\System\qFGPzWx.exe
  2⤵
  PID:4840
- C:\Windows\System\EfwAKqR.exe
  C:\Windows\System\EfwAKqR.exe
  2⤵
  PID:4860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AgBFYbp.exe

Filesize
2.0MB

MD5
10f424449b64057d46bd66e2ae678099

SHA1
e0d24df788e5ebf58dd278a10f9bd915f160c487

SHA256
3418380dcd34a9350b1b095cf622140a11069fe63853181f042a1bd9ece7d864

SHA512
e4a1ab1f9a7b99fe027b02e621cbf976e788e9cb4f613db82c38facce1a785529426d3c4b5e5018de3a3bf1961fcce6ed81a1dbe05a7413823ba888a9889d0d2

Download Submit
C:\Windows\system\BZDcpQn.exe

Filesize
2.0MB

MD5
f7fc65000f12a4ac249887d5c59c5351

SHA1
92bd5f677722af083f4f5996b851401ff1a08c9b

SHA256
4fc713bff8b49c1b48a66a412523dd0c9bd799ebe852e1c8233c3cfaa80eb6a9

SHA512
0e62d9ac3425d229449825070f701f1d2f4b64f31ac8c299677ec1411fe3c3c5acc824a0359120d8d714cecf48425ceaa4ec0cd238f1c5115a048ae9d600b5ec

Download Submit
C:\Windows\system\EsCzphL.exe

Filesize
2.0MB

MD5
3bf7af68aa558af3ceae1503a260c4b8

SHA1
2b0f5cdeac740cb1b8699b8fb5ef9e6c1179e0db

SHA256
8f00d4acc1493b62822caa0cf8f39ba1dac8d1ecd42fff4b1ae4331ff8b4f387

SHA512
3ba298ab39e505b8d864dcf60a1d14e803002086ec2bb0f389871f251d6347b4555028e894f513858a48df4a6758c4316d06d4f3c24d7982e6dce7c24a197bfc

Download Submit
C:\Windows\system\FLxyQvC.exe

Filesize
2.0MB

MD5
01099a8a96ea08128137ad3b7d4fca6d

SHA1
c2c5242f76ec3754e3b182e66971d55252a4d0b1

SHA256
93cf9ea10973a26c32323a60780f9cf5aed077c86f996513539c9c4bac9f9493

SHA512
62f4a6db3f50d96d68816e049cc84ea584307701c2d80cf2e38b7544a55d2aed892e0b6d83d036ece25247ab7769a61363102ee061a01948325d2e789c4b973d

Download Submit
C:\Windows\system\HBHAqBx.exe

Filesize
2.0MB

MD5
5808a7a2b917f861e20187df376e66dd

SHA1
ae3b9e27615f889966bab13b997c99624d959414

SHA256
67aaf8965c117e0f6d88059869434fef3e5d497c3287ad443fdeab4cec177a8d

SHA512
4df25fc42fb5041fe177885dced88a1ef91d781481302ebfc97873aaad35b69216651e2b73dfee79dd14130815918c6c048bbc66485554c0d81eba8e6875922d

Download Submit
C:\Windows\system\HGxaDlh.exe

Filesize
2.0MB

MD5
574917f6bf33f319fd42cf96d880d368

SHA1
957427636184de33019c5c165a0dd02b91f00917

SHA256
5c6a76498bc6ee323962251d29ea329caacb6a5c3efbd6c46e483c75855b42d9

SHA512
d24c647d8489f5a5e781acd33a88e4d409333b9d64816c259f7ec3b4c625fa832b66bb6319f487ba31a49db616f28b3cab0260ebb2827fb9fa474a0925eb6942

Download Submit
C:\Windows\system\HRXnrpe.exe

Filesize
2.0MB

MD5
de2738757f75e552d89656aa449fc362

SHA1
83a3d0761e948f7b5f7a81a94947a36bb993d05b

SHA256
090a5cf7c0bb2ed1c8c4ff18c465802b387ee953d2d4e526c0dc1a95f73940b0

SHA512
a5eaf4c40500ab6fd7885e52103d039921bd8e734fd37498f940d079773dea8d9de1b1f4355bf87e4a9a6a70d5adae0d4d724dba13ecfb98c7c3a833c30e2925

Download Submit
C:\Windows\system\JnYyxXY.exe

Filesize
2.0MB

MD5
d20a81cc40218440af687fa622ee72c8

SHA1
52ab13297290e9d9624cbe10eb4c52f6b090d34c

SHA256
e21fc1a3f645cb7d5b9f748ff484dddda5412aa955bf8cc7f1514b46dce02a6b

SHA512
2084addba50a45f26612adb91c2b14bee8d16569e8dfc3b1600860a478ee8c15bba8fcc6fc4df4bbeaf26b7c8395d0d2b310390c5fb131b05f20f1addc915629

Download Submit
C:\Windows\system\JodpDVP.exe

Filesize
2.0MB

MD5
cff8846a2388ddbe6d8fc0cae061c788

SHA1
58cbbb5c9d58df13554e966120187f8ae4aa574c

SHA256
5e41f7155fb73b2db21c3456840d4c3749f0468e1ae20566c0575d51a305403b

SHA512
dd8bdadbf93b28221859e313c748d9e1509054dd1db7666f707000324d4e7615497b6654b396f9a8df8c70e702f8ddbbb07a5eac833b438834e415a560dc76af

Download Submit
C:\Windows\system\LQtWxJt.exe

Filesize
2.0MB

MD5
8cd56d40e9c06d8902d54b12952842c9

SHA1
f709741520ffe9a95acdd9d5d93829d5f0d25dd6

SHA256
1a0e1bab4ec5194461f8b55e72a60b9271c2fa1f6b8d8570fab7d2354b7707f4

SHA512
91d3a0df3eaa56e08451dab9fce57ed9859b73d5f059fe0cfc4676ee761af01e6a9b6c4080a43b99682b801f11cff831783093fb908b5810f95d6d35feb54e33

Download Submit
C:\Windows\system\LeUIwrp.exe

Filesize
2.0MB

MD5
403430431038b04409fae16939e6740a

SHA1
a09271caeba0de9844f029fdc84ae69fee9d37ca

SHA256
233c3c19e76c09a57512d8aa861f0db58910cf4f7e964f5f13d8d480bdb21a78

SHA512
5bf813265fe95f0238252eb983b6739f46d8bd4c31db7e1b1e9700215ad838b84d08c30b861294bf1e6479ce4211654efd916b939d0ac100ad6d56184b242336

Download Submit
C:\Windows\system\LvTWamf.exe

Filesize
2.0MB

MD5
2b555e2400e755bb72deebb216b172bb

SHA1
2708db7b71bc95367ad355ab743644e631c7416f

SHA256
26bdf70d264af2676bd7f672a266d2026219494eb888e498ff87dfedb38b2090

SHA512
07da8c7934138c22439442075bd85a28e11a36e9142bbb28b8dc267a42815e4170f8f699b9769fe1bfca61e0068cec3ef2c6994252273b399f7d74d23659b9c1

Download Submit
C:\Windows\system\MKzOGsy.exe

Filesize
2.0MB

MD5
b3c9b0e6ade51b8cfde1da84ad68c50b

SHA1
aa0e90421de146bcb51a525755e7665b4abc2112

SHA256
ee40ba1ba2706283434c5ac8b05b82209f798db6d0b8feeb3ff12377ed44d105

SHA512
451093096d1ad8c64e5ab6af37888b8459288661a3d3290b3072759b51886b2d4e2ed92022eacaf5605ef47c3b40dcdec238d395957f1d21dd2fedd8ae9ab8ca

Download Submit
C:\Windows\system\OteSHLD.exe

Filesize
2.0MB

MD5
621e618a318dfa0ac2d3398659290b83

SHA1
e538568fd7a97431769c3447f083fdc50eca9343

SHA256
7188f10fab02a57d9f876e307e14caba53e3b51c5493501e53756514dfd07807

SHA512
19572a19d4ca52bed6e3eb00557e029b1580fb8fe040a9573a63b62dcba4bbe2c0ce87f97096f3a5b92c8b7d11b38896edc2c34fddba0adf80dfc13af1dd5a23

Download Submit
C:\Windows\system\RztzZzg.exe

Filesize
2.0MB

MD5
6c59e75e17365f9e8541ca882b9ea6df

SHA1
2cabb124b8b68dafc4e0de44954247bd40aab946

SHA256
1a38fcb1863c7e6ff0a1bc46fe0f20fc20e8858500661a6c2f4f55b51c4e77cf

SHA512
867acdf3b7932e8e9ef87035b3a028e629f7ae26966b88b51a96365c2ac93cbe7c5bfe8c7cac9c3c876a3c8c5c7731abc38447238c1b6251ed1f5190f2c5ab0c

Download Submit
C:\Windows\system\TJIrYsv.exe

Filesize
2.0MB

MD5
84e4e06cb2775d81f448976c54c2eaea

SHA1
b14c1116cce0d6632a88aac4d04b244fe9dbf367

SHA256
5f0b27a50f918d7a892c681f1dc2046c9278ce044f654aad417e9a7ec2b447d0

SHA512
6d5e3a9bbe55de38d38e07e2b7d3dee3f52d0809e86776f9dff8c362f135c3f940dcc50ad6b003869d34202c9543404690a3be988474ad9ca7cec73d0d49c979

Download Submit
C:\Windows\system\VAlJJdq.exe

Filesize
2.0MB

MD5
c73d78e52ca10a2dfd8a51bfe645610c

SHA1
426b05e801271c2ba675442ae306f70afa9a6f45

SHA256
6b02f36538ead02b89107e5121ac8a92f06f295a2874448bd71fdede7ea80453

SHA512
60d4dd3cf0723d5c905a1f9afcc3db4800d94a19e4bc97bdaf4345a255675e6c25aaab514251c386fa2bbf1a1d2af912246c587185d54a72ceae593bea9228c9

Download Submit
C:\Windows\system\XMpHGtb.exe

Filesize
2.0MB

MD5
c710910c2e8f3f2cb693b2cead4863ca

SHA1
6da05664f5b2d263e08ad179532b113fcd5ef639

SHA256
c0f56142cb8e98d8037435f10ceaf538e5bd0b7c1de0ee3acad567285c83cf0c

SHA512
58b80a5790a61e751be695ce98e619c4d26d276dada87e3e3bc313a53e21312b010af2760414ff77660c8438b64df7ac352f0a1fe545ef462345bb4787e764b7

Download Submit
C:\Windows\system\azLvAWQ.exe

Filesize
2.0MB

MD5
6d928819286ae3a62bc7ba7e864bba10

SHA1
ad9ef5e7d13779dbfa00e843db047ea1511c07f6

SHA256
2a03e43cccc7c42ec3f81944509b6dc897275efc100327a9b2b5c3ea8bc7032a

SHA512
168a4ba96f5e9982a3bdb8878ade0bd75730b25fee67614f2b56cccf57acb59f8213d71b97159f65845768891116db9cc2d1aa59779a6ce89779223807aa5e61

Download Submit
C:\Windows\system\emCCzma.exe

Filesize
2.0MB

MD5
83705ffaed87decddf1a385b3b8a33b9

SHA1
13697a3faf8a851905dc7f48395420842444a349

SHA256
250713af77817a337e51114009f69e089fa949cf67a91b78832ad7c1f00f673e

SHA512
090e06f8649e5bdc6d4ef566fb33aecb8c25c30c3fc1740a19ac7cd73350b08f0051a512f608c15d38bcfa6f2cb885ba97624721c16fce0436b54d0330c0375a

Download Submit
C:\Windows\system\iIaRqfu.exe

Filesize
2.0MB

MD5
3b999ec82abaeba89cb5a7df6be43780

SHA1
ec1379ff14abdc95bab0a3ce918e04ab672719ea

SHA256
9d95a667f13284deae3bfb280989804a3c0f8669926f5ed608e90ee8429daa03

SHA512
c6d399306de40f1266038254904ada3d011d0ae4caab729a090bc9710d7c2a25b15135c06cfa026431becbf33cded5ffa1871a6c25a6244e1a686902604465ac

Download Submit
C:\Windows\system\jDmJbxi.exe

Filesize
2.0MB

MD5
fd9399d5966cddc56ac69ab892f2872f

SHA1
e6083da73670c0c167763aeafa696c544889a980

SHA256
4fed7e734215c3339c34ec7d58a0d832352127ddace4e4457dc8cf559a8a9af5

SHA512
882a9a3c8e65780e7219182837a908890c5434f92e4c4450280a15bdb416158757435deb9739adad2980f80acf1395ac0bb0faa281913568af0f09ccfb750039

Download Submit
C:\Windows\system\oJvOksg.exe

Filesize
2.0MB

MD5
078261c9d6c684d82a9a9de8e93207e8

SHA1
7ccef2fd5ae94e41c7f7e040f0aebf7bc50d91e0

SHA256
4cd4396547841efb69890c8a6695df0de0520fa69d3e428433ad16cbd1aab1ee

SHA512
a4fbe6fec96bbbb2ad603183589b28b8c74189a91e1fbe64017916192a645dd2d626b783d089155029f2dd8dbb6f552e4c611313e3bdf929bdd46ff97ebc652c

Download Submit
C:\Windows\system\oyxYDwa.exe

Filesize
2.0MB

MD5
6e28d7b201c69a6b75889a5bb69f5e29

SHA1
a6cb4352df669c7cd91e9450f0eb6289a64f960b

SHA256
bf638f7ba6b03bd1eaacbcc3196b2c2443e487f34f3c4ac5bd32b7d8d513c829

SHA512
f99c49ae315d89dc56d9a9b8d1fb275b3e8c4afebf209a12f1dccd1ab09433ad9803c9e7375a5bf48c0600391380aaa5f54beaffc0b8b11434071680d9a055f4

Download Submit
C:\Windows\system\syGDFMt.exe

Filesize
2.0MB

MD5
10f95b0ce79355acd7b2e49a405c68b7

SHA1
ff950b203d723250d85c10940b96373b824e2250

SHA256
92ebd055847300314ada4b3cbc7227caf0242d0372d46c0bc2be8ad25f96b592

SHA512
28ea11ffc0dbf8f5ef35b2bb29d3756db4366ecffb99d9d26c305ae8ac5cdc004b36f474b589749eea7417b50d966cf11963e7a445cd4ca88fa1ee81096db022

Download Submit
C:\Windows\system\xGjdGWf.exe

Filesize
2.0MB

MD5
cdbb149e0fd1e86b4e52358bc34e9bba

SHA1
d9c61b111fa50d8c94524bbb097f4dd0d425740e

SHA256
6ab677e79718f1f457c20256fea6a10291635ae772abbe9d5b6267b7478736ea

SHA512
ef05a7d4dff25a3dcd2d975cceed7a65282814e37a547c624571d48eea5f7ea1035f9dbf8be78fc69efceb45d656f729a06164d51def140edc9aa4e8562b659a

Download Submit
C:\Windows\system\xLuYdjU.exe

Filesize
2.0MB

MD5
56bc61a406bd027955392555034396a7

SHA1
b632a6d9a9263d4bd4e595fb8ee63b33caf09deb

SHA256
79f76e408e14a0612a759007f5f4ed96e16565697c5bb01dd72279e3f1faa99d

SHA512
9e60007e29a288a002f1db07f1778616420ec4f0c29733773daa07b18900db585a1fed61a9b3aee1818fbd2df7be8cc5355ba5921716cd95aa2308bfe4155937

Download Submit
C:\Windows\system\xOAMzPt.exe

Filesize
2.0MB

MD5
50eb6d3ed12eb451cf2226b601a2488f

SHA1
6860f5e610555139d91e2a7706342572cc2e28dc

SHA256
9f45fc6b341507582d857c3f7542eea36db9d8bae2dccdfb85e8b3a5f128ffc4

SHA512
4f5c90584703868304471995c872357c619f9c25b15d62843b6e497d59393fd49f01cc72187f8885d1481c476be1ed6bb384de02ad2da9f3ebcd421d32f41b22

Download Submit
C:\Windows\system\yGBtpua.exe

Filesize
2.0MB

MD5
89f1d70066d06e5ed232e07bd5097f30

SHA1
2b3d2bc711466a19b8e66c9de246eb6a4ef56ff7

SHA256
16ff2e39b7920418342feee439e433b5b19c00403b11995bc6ed0d5997b71693

SHA512
3eb43acea2a2377296b3b6dd42c61ab43d6fa1699f972f0e9f5fe22c607bff9cc1a39e8351e0d34baa337dbfb3c356682364a49ff0a6b8b1b79beedcf73395f6

Download Submit
C:\Windows\system\zFxKetQ.exe

Filesize
2.0MB

MD5
2dc9f6bacf0a8ec36a480d254e27c10c

SHA1
2cc1f51164a43eb55445c848fc2b283f6cdea2f6

SHA256
c24e09770b9c2307c628d1c66bcc1c23b7043d6a6c4977dd96e6b72e4b8864b8

SHA512
641b29142967d4d85a7a2010c3942980ff2d0ba3c5b1a6634416a9d01d064a6bc14f211d49e1ee30767e4dab2dd04c621a46514cba9977198d9c114e30c92d8f

Download Submit
\Windows\system\WPiPkqK.exe

Filesize
2.0MB

MD5
72edf70be469dcbdf386d7e700553eee

SHA1
603d20725d53b6f54331e148a02d5deaaf5cc6fc

SHA256
ddfcf1b848f8ecc77179ecceb86b266e3f31c510924c5e4eb7972c980901d54e

SHA512
6eb82a810adf5f85bc80c6b4a23722856df67211c3e49ac6be68d9ec44da8de2872434358d21c6fc6c730cd9410886aef8c7575dcdd480d91171c7e75077880c

Download Submit
\Windows\system\lPXgEcS.exe

Filesize
2.0MB

MD5
df9233958120db3ec0eb06ffdc2fcdce

SHA1
d62b75846d61ef6f4da612513c89b54b9e6ad194

SHA256
054f2d2612d454d8b2e0e3fd513b6b60c5b9aa05d46c36baf146465e25ba2ddc

SHA512
4579a351259b368580a490b853ab1f307df71bd33e24979441b6f667289ce790e07bf428ded7ddc842425139e8c3e4cd49309e2b07cb28d20c24b4853c8613f1

Download Submit
memory/3056-0-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download