kpot | 4451ea9ddb042e7f3866f67213f9b6ab54d4e4a138a8760cac06f6ea20d9fd43

Analysis

max time kernel
136s
max time network
146s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
Size

2.0MB
MD5

414374feb07dd96ebe8af6256db984d0
SHA1

6feed79b77495cbe5aa45e45d2a00c3545132cb8
SHA256

4451ea9ddb042e7f3866f67213f9b6ab54d4e4a138a8760cac06f6ea20d9fd43
SHA512

fa0165230b37cb79c8a0c35ea6aa1bb1d88f74f974703cc8cf73fc9212c91ee36de5c255de76233f3300102f3de5d75dd36727d34388f681e08e525d19c08e52
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StbG:oemTLkNdfE0pZrwN

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 2 IoCs

resource	yara_rule
behavioral1/files/0x00060000000173c5-135.dat	family_kpot
behavioral1/files/0x0007000000015fa6-27.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 19 IoCs

miner

resource	yara_rule
behavioral1/memory/2852-138-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173c5-135.dat	xmrig
behavioral1/memory/1984-1067-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000015fa6-27.dat	xmrig
behavioral1/memory/1984-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1360-1070-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1036-1071-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2460-1080-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2864-1082-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2372-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2852-1081-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2500-1079-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2304-1078-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2576-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2664-1076-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2392-1075-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2600-1074-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2584-1073-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2532-1072-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1360	wYoSeyV.exe
1036	ZRQuOiN.exe
2532	vXFIwEr.exe
2584	AFbcEAU.exe
2600	jVWQdEP.exe
2664	ijweTFJ.exe
2392	dlwIigQ.exe
2576	NihbksL.exe
2304	rNTKZHE.exe
2500	EqFbLDE.exe
2460	ElQVvWo.exe
2852	QBLhQIO.exe
2864	LmKDOdx.exe
2372	EJIdTsw.exe
2628	PSDHzxb.exe
2724	DvleuJN.exe
2164	AgrPEJx.exe
1444	cPeyGaw.exe
288	aYcfwrB.exe
468	xPkhRCq.exe
1616	YDoHanM.exe
1268	SxfYwgY.exe
1276	qtOESKH.exe
2000	mkmLzil.exe
2012	YzMzdkF.exe
3060	HXBKFtf.exe
1964	efBnCjg.exe
1420	jaTwTdm.exe
396	nMqMSeE.exe
528	xCIpuOO.exe
1216	uggIEIx.exe
3040	taWlvSG.exe
2332	DFsKEVi.exe
1888	powdQgr.exe
704	kdAUapQ.exe
2312	MvTaFmk.exe
1292	MlDFaQo.exe
1068	bYVvxaw.exe
1320	NcCBLnv.exe
1904	KeHlkqK.exe
800	qLqryUo.exe
1948	BuyFusw.exe
1908	VwNutcZ.exe
2056	tWhymjt.exe
2940	AjqlVyu.exe
2768	mIYhpEO.exe
2944	aGWRunQ.exe
1700	ZGachDe.exe
2976	KXnhbBB.exe
1428	hfkjXRK.exe
2072	qVdYBib.exe
1844	vhOkDUg.exe
1508	oOYREmK.exe
1532	TGqTkRo.exe
2528	eonkZgf.exe
2260	PXMLJJB.exe
2440	PFdNvWT.exe
2660	ggNSUkM.exe
2388	PJRsHHG.exe
2936	aDFIszI.exe
2064	QEmlPvn.exe
2616	emwFZgP.exe
2624	AVmutEE.exe
868	DGTACXF.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe

UPX packed file 39 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001864a-177.dat	upx
behavioral1/files/0x000600000001864a-183.dat	upx
behavioral1/files/0x000600000001748d-169.dat	upx
behavioral1/files/0x000600000001745d-162.dat	upx
behavioral1/memory/1984-121-0x0000000002080000-0x00000000023D4000-memory.dmp	upx
behavioral1/memory/2852-138-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00060000000173c5-135.dat	upx
behavioral1/memory/2372-107-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2864-104-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2460-103-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2500-94-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2304-91-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2576-87-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2392-79-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2664-77-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2600-66-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2584-60-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1984-1067-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2532-41-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x00090000000161ee-32.dat	upx
behavioral1/memory/1036-28-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0007000000015fa6-27.dat	upx
behavioral1/files/0x0007000000016013-26.dat	upx
behavioral1/memory/1360-18-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1984-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1360-1070-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1036-1071-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2460-1080-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2864-1082-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2372-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2852-1081-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2500-1079-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2304-1078-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2576-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2664-1076-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2392-1075-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2600-1074-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2584-1073-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2532-1072-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AjqlVyu.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ihDIFdY.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\VNFFnKS.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\GRgMiHD.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\tysStAZ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ufSIOVW.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\YvpZOUU.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\anScdSd.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\QPoqtHX.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\CDpFYkC.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\dlwIigQ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ijweTFJ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\NihbksL.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\sgqGgwb.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\kbDeBdO.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\RkYLMFa.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\cPeVZOM.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\DFsKEVi.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\IZjfMXy.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\RcVFqiT.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\nuDutaP.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\aDFIszI.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\oIapMFU.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\JLDWcBl.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\PSDHzxb.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\clwZNaG.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\iRxogTG.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\TWqwhuU.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ShuHQQy.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\SuWphqy.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\hrnMBCv.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\powdQgr.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\QwDkYbi.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\vCHCRrt.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\zJHkceg.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\dVzKBnV.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\KwCccsu.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\kIkGjRj.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\pcORQVO.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\OTleYMf.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\pKnkJuQ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\dOuNcFF.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\MTVJbDF.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\VuOqEPc.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\yybXcMx.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\rNTKZHE.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\PFdNvWT.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\LCHzbKD.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\anySqMC.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\THwmuUh.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\SwRnGcQ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\TSeIoez.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\bxCNZZC.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\GbBkjbZ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\AwFGNmQ.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\kkaysSP.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\FrQFHjP.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\NFXCbPD.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZCzSlha.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ggNSUkM.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\qKLKzYX.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\yoYPdzu.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\ZPbUjRA.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
File created	C:\Windows\System\xCIpuOO.exe	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1360	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	30
PID 1984 wrote to memory of 1360	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	30
PID 1984 wrote to memory of 1360	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	30
PID 1984 wrote to memory of 1036	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 1036	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 1036	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	31
PID 1984 wrote to memory of 2532	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	32
PID 1984 wrote to memory of 2532	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	32
PID 1984 wrote to memory of 2532	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	32
PID 1984 wrote to memory of 2600	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	33
PID 1984 wrote to memory of 2600	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	33
PID 1984 wrote to memory of 2600	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	33
PID 1984 wrote to memory of 2584	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	34
PID 1984 wrote to memory of 2584	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	34
PID 1984 wrote to memory of 2584	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	34
PID 1984 wrote to memory of 2392	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	35
PID 1984 wrote to memory of 2392	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	35
PID 1984 wrote to memory of 2392	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	35
PID 1984 wrote to memory of 2664	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	36
PID 1984 wrote to memory of 2664	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	36
PID 1984 wrote to memory of 2664	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	36
PID 1984 wrote to memory of 2576	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	37
PID 1984 wrote to memory of 2576	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	37
PID 1984 wrote to memory of 2576	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	37
PID 1984 wrote to memory of 2304	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	38
PID 1984 wrote to memory of 2304	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	38
PID 1984 wrote to memory of 2304	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	38
PID 1984 wrote to memory of 2500	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	39
PID 1984 wrote to memory of 2500	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	39
PID 1984 wrote to memory of 2500	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	39
PID 1984 wrote to memory of 2460	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	40
PID 1984 wrote to memory of 2460	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	40
PID 1984 wrote to memory of 2460	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	40
PID 1984 wrote to memory of 2852	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	41
PID 1984 wrote to memory of 2852	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	41
PID 1984 wrote to memory of 2852	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	41
PID 1984 wrote to memory of 2864	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	42
PID 1984 wrote to memory of 2864	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	42
PID 1984 wrote to memory of 2864	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	42
PID 1984 wrote to memory of 2372	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	43
PID 1984 wrote to memory of 2372	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	43
PID 1984 wrote to memory of 2372	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	43
PID 1984 wrote to memory of 2628	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	44
PID 1984 wrote to memory of 2628	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	44
PID 1984 wrote to memory of 2628	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	44
PID 1984 wrote to memory of 2724	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	45
PID 1984 wrote to memory of 2724	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	45
PID 1984 wrote to memory of 2724	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	45
PID 1984 wrote to memory of 2164	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	46
PID 1984 wrote to memory of 2164	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	46
PID 1984 wrote to memory of 2164	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	46
PID 1984 wrote to memory of 1444	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	47
PID 1984 wrote to memory of 1444	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	47
PID 1984 wrote to memory of 1444	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	47
PID 1984 wrote to memory of 288	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	48
PID 1984 wrote to memory of 288	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	48
PID 1984 wrote to memory of 288	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	48
PID 1984 wrote to memory of 468	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	49
PID 1984 wrote to memory of 468	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	49
PID 1984 wrote to memory of 468	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	49
PID 1984 wrote to memory of 1616	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	50
PID 1984 wrote to memory of 1616	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	50
PID 1984 wrote to memory of 1616	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	50
PID 1984 wrote to memory of 1276	1984	414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe	51

C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\System\wYoSeyV.exe
  C:\Windows\System\wYoSeyV.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\ZRQuOiN.exe
  C:\Windows\System\ZRQuOiN.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\vXFIwEr.exe
  C:\Windows\System\vXFIwEr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\jVWQdEP.exe
  C:\Windows\System\jVWQdEP.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\AFbcEAU.exe
  C:\Windows\System\AFbcEAU.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\dlwIigQ.exe
  C:\Windows\System\dlwIigQ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\ijweTFJ.exe
  C:\Windows\System\ijweTFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\NihbksL.exe
  C:\Windows\System\NihbksL.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\rNTKZHE.exe
  C:\Windows\System\rNTKZHE.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\EqFbLDE.exe
  C:\Windows\System\EqFbLDE.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\ElQVvWo.exe
  C:\Windows\System\ElQVvWo.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\QBLhQIO.exe
  C:\Windows\System\QBLhQIO.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\LmKDOdx.exe
  C:\Windows\System\LmKDOdx.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\EJIdTsw.exe
  C:\Windows\System\EJIdTsw.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\PSDHzxb.exe
  C:\Windows\System\PSDHzxb.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\DvleuJN.exe
  C:\Windows\System\DvleuJN.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\AgrPEJx.exe
  C:\Windows\System\AgrPEJx.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cPeyGaw.exe
  C:\Windows\System\cPeyGaw.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\aYcfwrB.exe
  C:\Windows\System\aYcfwrB.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\xPkhRCq.exe
  C:\Windows\System\xPkhRCq.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\YDoHanM.exe
  C:\Windows\System\YDoHanM.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\qtOESKH.exe
  C:\Windows\System\qtOESKH.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\SxfYwgY.exe
  C:\Windows\System\SxfYwgY.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\YzMzdkF.exe
  C:\Windows\System\YzMzdkF.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\mkmLzil.exe
  C:\Windows\System\mkmLzil.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\HXBKFtf.exe
  C:\Windows\System\HXBKFtf.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\efBnCjg.exe
  C:\Windows\System\efBnCjg.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\jaTwTdm.exe
  C:\Windows\System\jaTwTdm.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\xCIpuOO.exe
  C:\Windows\System\xCIpuOO.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\nMqMSeE.exe
  C:\Windows\System\nMqMSeE.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\uggIEIx.exe
  C:\Windows\System\uggIEIx.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\taWlvSG.exe
  C:\Windows\System\taWlvSG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\kdAUapQ.exe
  C:\Windows\System\kdAUapQ.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\DFsKEVi.exe
  C:\Windows\System\DFsKEVi.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\MvTaFmk.exe
  C:\Windows\System\MvTaFmk.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\powdQgr.exe
  C:\Windows\System\powdQgr.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\MlDFaQo.exe
  C:\Windows\System\MlDFaQo.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\bYVvxaw.exe
  C:\Windows\System\bYVvxaw.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\NcCBLnv.exe
  C:\Windows\System\NcCBLnv.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\KeHlkqK.exe
  C:\Windows\System\KeHlkqK.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\BuyFusw.exe
  C:\Windows\System\BuyFusw.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\qLqryUo.exe
  C:\Windows\System\qLqryUo.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\VwNutcZ.exe
  C:\Windows\System\VwNutcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\tWhymjt.exe
  C:\Windows\System\tWhymjt.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\AjqlVyu.exe
  C:\Windows\System\AjqlVyu.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\mIYhpEO.exe
  C:\Windows\System\mIYhpEO.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\aGWRunQ.exe
  C:\Windows\System\aGWRunQ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ZGachDe.exe
  C:\Windows\System\ZGachDe.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\KXnhbBB.exe
  C:\Windows\System\KXnhbBB.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\hfkjXRK.exe
  C:\Windows\System\hfkjXRK.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\qVdYBib.exe
  C:\Windows\System\qVdYBib.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\vhOkDUg.exe
  C:\Windows\System\vhOkDUg.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\oOYREmK.exe
  C:\Windows\System\oOYREmK.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\TGqTkRo.exe
  C:\Windows\System\TGqTkRo.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\eonkZgf.exe
  C:\Windows\System\eonkZgf.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\PXMLJJB.exe
  C:\Windows\System\PXMLJJB.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\PFdNvWT.exe
  C:\Windows\System\PFdNvWT.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ggNSUkM.exe
  C:\Windows\System\ggNSUkM.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\PJRsHHG.exe
  C:\Windows\System\PJRsHHG.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\aDFIszI.exe
  C:\Windows\System\aDFIszI.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\QEmlPvn.exe
  C:\Windows\System\QEmlPvn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\emwFZgP.exe
  C:\Windows\System\emwFZgP.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\AVmutEE.exe
  C:\Windows\System\AVmutEE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\DGTACXF.exe
  C:\Windows\System\DGTACXF.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\xypvJSI.exe
  C:\Windows\System\xypvJSI.exe
  2⤵
  PID:1572
- C:\Windows\System\DiBaBRV.exe
  C:\Windows\System\DiBaBRV.exe
  2⤵
  PID:328
- C:\Windows\System\GxOJNiH.exe
  C:\Windows\System\GxOJNiH.exe
  2⤵
  PID:2128
- C:\Windows\System\hgGBsPY.exe
  C:\Windows\System\hgGBsPY.exe
  2⤵
  PID:2040
- C:\Windows\System\tysStAZ.exe
  C:\Windows\System\tysStAZ.exe
  2⤵
  PID:1540
- C:\Windows\System\yTmUPTt.exe
  C:\Windows\System\yTmUPTt.exe
  2⤵
  PID:2212
- C:\Windows\System\QwDkYbi.exe
  C:\Windows\System\QwDkYbi.exe
  2⤵
  PID:760
- C:\Windows\System\vCHCRrt.exe
  C:\Windows\System\vCHCRrt.exe
  2⤵
  PID:1160
- C:\Windows\System\CBmvysq.exe
  C:\Windows\System\CBmvysq.exe
  2⤵
  PID:1132
- C:\Windows\System\IQevYOT.exe
  C:\Windows\System\IQevYOT.exe
  2⤵
  PID:980
- C:\Windows\System\sgqGgwb.exe
  C:\Windows\System\sgqGgwb.exe
  2⤵
  PID:2648
- C:\Windows\System\nuWRSoA.exe
  C:\Windows\System\nuWRSoA.exe
  2⤵
  PID:1176
- C:\Windows\System\TSgkmbQ.exe
  C:\Windows\System\TSgkmbQ.exe
  2⤵
  PID:968
- C:\Windows\System\fwyveTj.exe
  C:\Windows\System\fwyveTj.exe
  2⤵
  PID:2112
- C:\Windows\System\xvaqkCh.exe
  C:\Windows\System\xvaqkCh.exe
  2⤵
  PID:1852
- C:\Windows\System\btKnama.exe
  C:\Windows\System\btKnama.exe
  2⤵
  PID:1924
- C:\Windows\System\cTWLaMZ.exe
  C:\Windows\System\cTWLaMZ.exe
  2⤵
  PID:2200
- C:\Windows\System\FDKnQzP.exe
  C:\Windows\System\FDKnQzP.exe
  2⤵
  PID:1244
- C:\Windows\System\ufSIOVW.exe
  C:\Windows\System\ufSIOVW.exe
  2⤵
  PID:2156
- C:\Windows\System\wZvLBbS.exe
  C:\Windows\System\wZvLBbS.exe
  2⤵
  PID:900
- C:\Windows\System\ztehJrO.exe
  C:\Windows\System\ztehJrO.exe
  2⤵
  PID:2780
- C:\Windows\System\CUIvOUt.exe
  C:\Windows\System\CUIvOUt.exe
  2⤵
  PID:1528
- C:\Windows\System\AwFGNmQ.exe
  C:\Windows\System\AwFGNmQ.exe
  2⤵
  PID:2960
- C:\Windows\System\FyEjaYe.exe
  C:\Windows\System\FyEjaYe.exe
  2⤵
  PID:2580
- C:\Windows\System\IZjfMXy.exe
  C:\Windows\System\IZjfMXy.exe
  2⤵
  PID:2552
- C:\Windows\System\DidhPrC.exe
  C:\Windows\System\DidhPrC.exe
  2⤵
  PID:2720
- C:\Windows\System\qKLKzYX.exe
  C:\Windows\System\qKLKzYX.exe
  2⤵
  PID:2556
- C:\Windows\System\QdxvRlf.exe
  C:\Windows\System\QdxvRlf.exe
  2⤵
  PID:1584
- C:\Windows\System\MiDshCr.exe
  C:\Windows\System\MiDshCr.exe
  2⤵
  PID:1220
- C:\Windows\System\JyayxGy.exe
  C:\Windows\System\JyayxGy.exe
  2⤵
  PID:1552
- C:\Windows\System\jyRiklt.exe
  C:\Windows\System\jyRiklt.exe
  2⤵
  PID:2152
- C:\Windows\System\jbYuhsM.exe
  C:\Windows\System\jbYuhsM.exe
  2⤵
  PID:2876
- C:\Windows\System\oKLtBZk.exe
  C:\Windows\System\oKLtBZk.exe
  2⤵
  PID:2224
- C:\Windows\System\JHUGolC.exe
  C:\Windows\System\JHUGolC.exe
  2⤵
  PID:1156
- C:\Windows\System\TpykTqM.exe
  C:\Windows\System\TpykTqM.exe
  2⤵
  PID:2344
- C:\Windows\System\HfFqSIZ.exe
  C:\Windows\System\HfFqSIZ.exe
  2⤵
  PID:2208
- C:\Windows\System\fYoCJHq.exe
  C:\Windows\System\fYoCJHq.exe
  2⤵
  PID:1792
- C:\Windows\System\LCHzbKD.exe
  C:\Windows\System\LCHzbKD.exe
  2⤵
  PID:1588
- C:\Windows\System\YvpZOUU.exe
  C:\Windows\System\YvpZOUU.exe
  2⤵
  PID:1708
- C:\Windows\System\AKbprGw.exe
  C:\Windows\System\AKbprGw.exe
  2⤵
  PID:1668
- C:\Windows\System\JkQTFsu.exe
  C:\Windows\System\JkQTFsu.exe
  2⤵
  PID:1232
- C:\Windows\System\UNMiSbY.exe
  C:\Windows\System\UNMiSbY.exe
  2⤵
  PID:628
- C:\Windows\System\TlwZopm.exe
  C:\Windows\System\TlwZopm.exe
  2⤵
  PID:2536
- C:\Windows\System\ssrEDSP.exe
  C:\Windows\System\ssrEDSP.exe
  2⤵
  PID:2436
- C:\Windows\System\MUyIxiw.exe
  C:\Windows\System\MUyIxiw.exe
  2⤵
  PID:656
- C:\Windows\System\hmZFGmG.exe
  C:\Windows\System\hmZFGmG.exe
  2⤵
  PID:2656
- C:\Windows\System\sCeQStZ.exe
  C:\Windows\System\sCeQStZ.exe
  2⤵
  PID:1472
- C:\Windows\System\XUUDjzc.exe
  C:\Windows\System\XUUDjzc.exe
  2⤵
  PID:1932
- C:\Windows\System\EVbJcYM.exe
  C:\Windows\System\EVbJcYM.exe
  2⤵
  PID:2356
- C:\Windows\System\JQKdCwA.exe
  C:\Windows\System\JQKdCwA.exe
  2⤵
  PID:888
- C:\Windows\System\SldBYOg.exe
  C:\Windows\System\SldBYOg.exe
  2⤵
  PID:2888
- C:\Windows\System\UzXuihr.exe
  C:\Windows\System\UzXuihr.exe
  2⤵
  PID:1404
- C:\Windows\System\VUerZCV.exe
  C:\Windows\System\VUerZCV.exe
  2⤵
  PID:2360
- C:\Windows\System\OhyGcwd.exe
  C:\Windows\System\OhyGcwd.exe
  2⤵
  PID:3036
- C:\Windows\System\gFZYTZH.exe
  C:\Windows\System\gFZYTZH.exe
  2⤵
  PID:572
- C:\Windows\System\lPawTTJ.exe
  C:\Windows\System\lPawTTJ.exe
  2⤵
  PID:1464
- C:\Windows\System\GwOXWKt.exe
  C:\Windows\System\GwOXWKt.exe
  2⤵
  PID:2708
- C:\Windows\System\aNZnEyj.exe
  C:\Windows\System\aNZnEyj.exe
  2⤵
  PID:2176
- C:\Windows\System\MvfOXrn.exe
  C:\Windows\System\MvfOXrn.exe
  2⤵
  PID:1704
- C:\Windows\System\lzGKBKh.exe
  C:\Windows\System\lzGKBKh.exe
  2⤵
  PID:1564
- C:\Windows\System\LwMlbhr.exe
  C:\Windows\System\LwMlbhr.exe
  2⤵
  PID:1740
- C:\Windows\System\clwZNaG.exe
  C:\Windows\System\clwZNaG.exe
  2⤵
  PID:852
- C:\Windows\System\LqwIIhj.exe
  C:\Windows\System\LqwIIhj.exe
  2⤵
  PID:1304
- C:\Windows\System\rNVozso.exe
  C:\Windows\System\rNVozso.exe
  2⤵
  PID:1640
- C:\Windows\System\EzxRjLi.exe
  C:\Windows\System\EzxRjLi.exe
  2⤵
  PID:2608
- C:\Windows\System\dZjLxDo.exe
  C:\Windows\System\dZjLxDo.exe
  2⤵
  PID:1256
- C:\Windows\System\qYUnDLm.exe
  C:\Windows\System\qYUnDLm.exe
  2⤵
  PID:3080
- C:\Windows\System\WWMiWrJ.exe
  C:\Windows\System\WWMiWrJ.exe
  2⤵
  PID:3100
- C:\Windows\System\aXVKjKn.exe
  C:\Windows\System\aXVKjKn.exe
  2⤵
  PID:3132
- C:\Windows\System\iRxogTG.exe
  C:\Windows\System\iRxogTG.exe
  2⤵
  PID:3152
- C:\Windows\System\kkaysSP.exe
  C:\Windows\System\kkaysSP.exe
  2⤵
  PID:3172
- C:\Windows\System\RzZmRca.exe
  C:\Windows\System\RzZmRca.exe
  2⤵
  PID:3192
- C:\Windows\System\qIbXiTA.exe
  C:\Windows\System\qIbXiTA.exe
  2⤵
  PID:3212
- C:\Windows\System\kIkGjRj.exe
  C:\Windows\System\kIkGjRj.exe
  2⤵
  PID:3232
- C:\Windows\System\mPyliyG.exe
  C:\Windows\System\mPyliyG.exe
  2⤵
  PID:3252
- C:\Windows\System\yOXQcVq.exe
  C:\Windows\System\yOXQcVq.exe
  2⤵
  PID:3272
- C:\Windows\System\mEdzXVt.exe
  C:\Windows\System\mEdzXVt.exe
  2⤵
  PID:3292
- C:\Windows\System\rfOeokH.exe
  C:\Windows\System\rfOeokH.exe
  2⤵
  PID:3312
- C:\Windows\System\FTgOxho.exe
  C:\Windows\System\FTgOxho.exe
  2⤵
  PID:3332
- C:\Windows\System\rRHdPJs.exe
  C:\Windows\System\rRHdPJs.exe
  2⤵
  PID:3352
- C:\Windows\System\ANjILxa.exe
  C:\Windows\System\ANjILxa.exe
  2⤵
  PID:3372
- C:\Windows\System\WhieQLh.exe
  C:\Windows\System\WhieQLh.exe
  2⤵
  PID:3392
- C:\Windows\System\OfUyGel.exe
  C:\Windows\System\OfUyGel.exe
  2⤵
  PID:3412
- C:\Windows\System\VaZtYYX.exe
  C:\Windows\System\VaZtYYX.exe
  2⤵
  PID:3432
- C:\Windows\System\mhJypCm.exe
  C:\Windows\System\mhJypCm.exe
  2⤵
  PID:3452
- C:\Windows\System\kDqmyQE.exe
  C:\Windows\System\kDqmyQE.exe
  2⤵
  PID:3472
- C:\Windows\System\TWqwhuU.exe
  C:\Windows\System\TWqwhuU.exe
  2⤵
  PID:3492
- C:\Windows\System\eKxdtvW.exe
  C:\Windows\System\eKxdtvW.exe
  2⤵
  PID:3512
- C:\Windows\System\ImbIZmI.exe
  C:\Windows\System\ImbIZmI.exe
  2⤵
  PID:3532
- C:\Windows\System\zCSROZK.exe
  C:\Windows\System\zCSROZK.exe
  2⤵
  PID:3552
- C:\Windows\System\MCZImAJ.exe
  C:\Windows\System\MCZImAJ.exe
  2⤵
  PID:3572
- C:\Windows\System\HfQTXyZ.exe
  C:\Windows\System\HfQTXyZ.exe
  2⤵
  PID:3592
- C:\Windows\System\CbbBZKr.exe
  C:\Windows\System\CbbBZKr.exe
  2⤵
  PID:3612
- C:\Windows\System\MTVJbDF.exe
  C:\Windows\System\MTVJbDF.exe
  2⤵
  PID:3632
- C:\Windows\System\FrQFHjP.exe
  C:\Windows\System\FrQFHjP.exe
  2⤵
  PID:3652
- C:\Windows\System\NVidpgM.exe
  C:\Windows\System\NVidpgM.exe
  2⤵
  PID:3672
- C:\Windows\System\FrsifPe.exe
  C:\Windows\System\FrsifPe.exe
  2⤵
  PID:3692
- C:\Windows\System\aWgNxVg.exe
  C:\Windows\System\aWgNxVg.exe
  2⤵
  PID:3708
- C:\Windows\System\KdfAelO.exe
  C:\Windows\System\KdfAelO.exe
  2⤵
  PID:3732
- C:\Windows\System\SJgnIUh.exe
  C:\Windows\System\SJgnIUh.exe
  2⤵
  PID:3752
- C:\Windows\System\mweBqtm.exe
  C:\Windows\System\mweBqtm.exe
  2⤵
  PID:3772
- C:\Windows\System\pYgfwvq.exe
  C:\Windows\System\pYgfwvq.exe
  2⤵
  PID:3792
- C:\Windows\System\pcORQVO.exe
  C:\Windows\System\pcORQVO.exe
  2⤵
  PID:3812
- C:\Windows\System\KUTHXZY.exe
  C:\Windows\System\KUTHXZY.exe
  2⤵
  PID:3832
- C:\Windows\System\yUESXhp.exe
  C:\Windows\System\yUESXhp.exe
  2⤵
  PID:3852
- C:\Windows\System\mLGrUJu.exe
  C:\Windows\System\mLGrUJu.exe
  2⤵
  PID:3868
- C:\Windows\System\rnnHRCa.exe
  C:\Windows\System\rnnHRCa.exe
  2⤵
  PID:3884
- C:\Windows\System\FazCjFa.exe
  C:\Windows\System\FazCjFa.exe
  2⤵
  PID:3900
- C:\Windows\System\zaeILNp.exe
  C:\Windows\System\zaeILNp.exe
  2⤵
  PID:3920
- C:\Windows\System\qSNlqRm.exe
  C:\Windows\System\qSNlqRm.exe
  2⤵
  PID:3936
- C:\Windows\System\iOlnrQr.exe
  C:\Windows\System\iOlnrQr.exe
  2⤵
  PID:3956
- C:\Windows\System\FuBFTOg.exe
  C:\Windows\System\FuBFTOg.exe
  2⤵
  PID:3976
- C:\Windows\System\omayOlT.exe
  C:\Windows\System\omayOlT.exe
  2⤵
  PID:3992
- C:\Windows\System\mXYhDFB.exe
  C:\Windows\System\mXYhDFB.exe
  2⤵
  PID:4008
- C:\Windows\System\qRqxZgD.exe
  C:\Windows\System\qRqxZgD.exe
  2⤵
  PID:4028
- C:\Windows\System\kvKMFry.exe
  C:\Windows\System\kvKMFry.exe
  2⤵
  PID:4044
- C:\Windows\System\eONbENK.exe
  C:\Windows\System\eONbENK.exe
  2⤵
  PID:4060
- C:\Windows\System\OTleYMf.exe
  C:\Windows\System\OTleYMf.exe
  2⤵
  PID:4076
- C:\Windows\System\pQtcZyQ.exe
  C:\Windows\System\pQtcZyQ.exe
  2⤵
  PID:1956
- C:\Windows\System\SwRnGcQ.exe
  C:\Windows\System\SwRnGcQ.exe
  2⤵
  PID:3096
- C:\Windows\System\PPxSooT.exe
  C:\Windows\System\PPxSooT.exe
  2⤵
  PID:3112
- C:\Windows\System\EgHvubh.exe
  C:\Windows\System\EgHvubh.exe
  2⤵
  PID:3160
- C:\Windows\System\YtOrJji.exe
  C:\Windows\System\YtOrJji.exe
  2⤵
  PID:3200
- C:\Windows\System\FHJMNKH.exe
  C:\Windows\System\FHJMNKH.exe
  2⤵
  PID:3228
- C:\Windows\System\NNSvsmP.exe
  C:\Windows\System\NNSvsmP.exe
  2⤵
  PID:3268
- C:\Windows\System\VsuWJlN.exe
  C:\Windows\System\VsuWJlN.exe
  2⤵
  PID:3284
- C:\Windows\System\JjNnMbL.exe
  C:\Windows\System\JjNnMbL.exe
  2⤵
  PID:3328
- C:\Windows\System\rSsyhwy.exe
  C:\Windows\System\rSsyhwy.exe
  2⤵
  PID:3344
- C:\Windows\System\kbDeBdO.exe
  C:\Windows\System\kbDeBdO.exe
  2⤵
  PID:3388
- C:\Windows\System\ShuHQQy.exe
  C:\Windows\System\ShuHQQy.exe
  2⤵
  PID:3420
- C:\Windows\System\RAaMEnM.exe
  C:\Windows\System\RAaMEnM.exe
  2⤵
  PID:3448
- C:\Windows\System\oktrsUS.exe
  C:\Windows\System\oktrsUS.exe
  2⤵
  PID:3464
- C:\Windows\System\SurwiAV.exe
  C:\Windows\System\SurwiAV.exe
  2⤵
  PID:3500
- C:\Windows\System\uagcBxr.exe
  C:\Windows\System\uagcBxr.exe
  2⤵
  PID:3524
- C:\Windows\System\anScdSd.exe
  C:\Windows\System\anScdSd.exe
  2⤵
  PID:3560
- C:\Windows\System\HFwFeha.exe
  C:\Windows\System\HFwFeha.exe
  2⤵
  PID:3584
- C:\Windows\System\hiPYPPE.exe
  C:\Windows\System\hiPYPPE.exe
  2⤵
  PID:3620
- C:\Windows\System\zJiSgvb.exe
  C:\Windows\System\zJiSgvb.exe
  2⤵
  PID:3648
- C:\Windows\System\RcVFqiT.exe
  C:\Windows\System\RcVFqiT.exe
  2⤵
  PID:3688
- C:\Windows\System\QdDkynZ.exe
  C:\Windows\System\QdDkynZ.exe
  2⤵
  PID:3720
- C:\Windows\System\qLUttWR.exe
  C:\Windows\System\qLUttWR.exe
  2⤵
  PID:3748
- C:\Windows\System\ASxsOab.exe
  C:\Windows\System\ASxsOab.exe
  2⤵
  PID:3780
- C:\Windows\System\DPYNZUE.exe
  C:\Windows\System\DPYNZUE.exe
  2⤵
  PID:3804
- C:\Windows\System\anySqMC.exe
  C:\Windows\System\anySqMC.exe
  2⤵
  PID:3840
- C:\Windows\System\zJHkceg.exe
  C:\Windows\System\zJHkceg.exe
  2⤵
  PID:3864
- C:\Windows\System\eYyDuqx.exe
  C:\Windows\System\eYyDuqx.exe
  2⤵
  PID:3916
- C:\Windows\System\iobiIeT.exe
  C:\Windows\System\iobiIeT.exe
  2⤵
  PID:3948
- C:\Windows\System\jLKvbHt.exe
  C:\Windows\System\jLKvbHt.exe
  2⤵
  PID:4024
- C:\Windows\System\ArEZLdp.exe
  C:\Windows\System\ArEZLdp.exe
  2⤵
  PID:3088
- C:\Windows\System\nhCRCgQ.exe
  C:\Windows\System\nhCRCgQ.exe
  2⤵
  PID:3144
- C:\Windows\System\wbuPxqd.exe
  C:\Windows\System\wbuPxqd.exe
  2⤵
  PID:3248
- C:\Windows\System\rIamqVJ.exe
  C:\Windows\System\rIamqVJ.exe
  2⤵
  PID:3304
- C:\Windows\System\SuWphqy.exe
  C:\Windows\System\SuWphqy.exe
  2⤵
  PID:3220
- C:\Windows\System\urHcjdp.exe
  C:\Windows\System\urHcjdp.exe
  2⤵
  PID:3488
- C:\Windows\System\vfkrvDC.exe
  C:\Windows\System\vfkrvDC.exe
  2⤵
  PID:3608
- C:\Windows\System\gALjdJr.exe
  C:\Windows\System\gALjdJr.exe
  2⤵
  PID:3664
- C:\Windows\System\klkYTIa.exe
  C:\Windows\System\klkYTIa.exe
  2⤵
  PID:3784
- C:\Windows\System\ivbzBNF.exe
  C:\Windows\System\ivbzBNF.exe
  2⤵
  PID:3876
- C:\Windows\System\BnibKql.exe
  C:\Windows\System\BnibKql.exe
  2⤵
  PID:3580
- C:\Windows\System\GxufPQH.exe
  C:\Windows\System\GxufPQH.exe
  2⤵
  PID:3704
- C:\Windows\System\wDzopCU.exe
  C:\Windows\System\wDzopCU.exe
  2⤵
  PID:3828
- C:\Windows\System\nWBaUYV.exe
  C:\Windows\System\nWBaUYV.exe
  2⤵
  PID:4016
- C:\Windows\System\NFXCbPD.exe
  C:\Windows\System\NFXCbPD.exe
  2⤵
  PID:3348
- C:\Windows\System\nOSYCuh.exe
  C:\Windows\System\nOSYCuh.exe
  2⤵
  PID:3400
- C:\Windows\System\QCcnAOM.exe
  C:\Windows\System\QCcnAOM.exe
  2⤵
  PID:4040
- C:\Windows\System\RkYLMFa.exe
  C:\Windows\System\RkYLMFa.exe
  2⤵
  PID:2476
- C:\Windows\System\nVSNOkA.exe
  C:\Windows\System\nVSNOkA.exe
  2⤵
  PID:3972
- C:\Windows\System\QPoqtHX.exe
  C:\Windows\System\QPoqtHX.exe
  2⤵
  PID:3964
- C:\Windows\System\hAgZRDN.exe
  C:\Windows\System\hAgZRDN.exe
  2⤵
  PID:3368
- C:\Windows\System\bTZGPrL.exe
  C:\Windows\System\bTZGPrL.exe
  2⤵
  PID:3260
- C:\Windows\System\wTUHoux.exe
  C:\Windows\System\wTUHoux.exe
  2⤵
  PID:3724
- C:\Windows\System\rPaYCeJ.exe
  C:\Windows\System\rPaYCeJ.exe
  2⤵
  PID:3504
- C:\Windows\System\uVTeeXg.exe
  C:\Windows\System\uVTeeXg.exe
  2⤵
  PID:4056
- C:\Windows\System\ZCzSlha.exe
  C:\Windows\System\ZCzSlha.exe
  2⤵
  PID:3120
- C:\Windows\System\vdbnvYB.exe
  C:\Windows\System\vdbnvYB.exe
  2⤵
  PID:3244
- C:\Windows\System\SegRxsm.exe
  C:\Windows\System\SegRxsm.exe
  2⤵
  PID:3908
- C:\Windows\System\ZPzuuEE.exe
  C:\Windows\System\ZPzuuEE.exe
  2⤵
  PID:4004
- C:\Windows\System\GSTABKB.exe
  C:\Windows\System\GSTABKB.exe
  2⤵
  PID:3320
- C:\Windows\System\iDreziU.exe
  C:\Windows\System\iDreziU.exe
  2⤵
  PID:2520
- C:\Windows\System\ZvkiYSb.exe
  C:\Windows\System\ZvkiYSb.exe
  2⤵
  PID:4000
- C:\Windows\System\GOZZtLv.exe
  C:\Windows\System\GOZZtLv.exe
  2⤵
  PID:3180
- C:\Windows\System\oIapMFU.exe
  C:\Windows\System\oIapMFU.exe
  2⤵
  PID:3668
- C:\Windows\System\vzQIfpV.exe
  C:\Windows\System\vzQIfpV.exe
  2⤵
  PID:3660
- C:\Windows\System\GmotzcW.exe
  C:\Windows\System\GmotzcW.exe
  2⤵
  PID:3808
- C:\Windows\System\lEvNuyq.exe
  C:\Windows\System\lEvNuyq.exe
  2⤵
  PID:4100
- C:\Windows\System\BYAxOny.exe
  C:\Windows\System\BYAxOny.exe
  2⤵
  PID:4120
- C:\Windows\System\dZhNMCh.exe
  C:\Windows\System\dZhNMCh.exe
  2⤵
  PID:4136
- C:\Windows\System\mtrmcnZ.exe
  C:\Windows\System\mtrmcnZ.exe
  2⤵
  PID:4152
- C:\Windows\System\DkVDDGN.exe
  C:\Windows\System\DkVDDGN.exe
  2⤵
  PID:4168
- C:\Windows\System\HRLWFmN.exe
  C:\Windows\System\HRLWFmN.exe
  2⤵
  PID:4224
- C:\Windows\System\DDMhTaP.exe
  C:\Windows\System\DDMhTaP.exe
  2⤵
  PID:4240
- C:\Windows\System\yoYPdzu.exe
  C:\Windows\System\yoYPdzu.exe
  2⤵
  PID:4256
- C:\Windows\System\eWoIvNW.exe
  C:\Windows\System\eWoIvNW.exe
  2⤵
  PID:4276
- C:\Windows\System\vRhRLpC.exe
  C:\Windows\System\vRhRLpC.exe
  2⤵
  PID:4292
- C:\Windows\System\jNCLNLE.exe
  C:\Windows\System\jNCLNLE.exe
  2⤵
  PID:4316
- C:\Windows\System\zxMcubc.exe
  C:\Windows\System\zxMcubc.exe
  2⤵
  PID:4332
- C:\Windows\System\TiOVXFF.exe
  C:\Windows\System\TiOVXFF.exe
  2⤵
  PID:4352
- C:\Windows\System\RipFVHV.exe
  C:\Windows\System\RipFVHV.exe
  2⤵
  PID:4372
- C:\Windows\System\VuOqEPc.exe
  C:\Windows\System\VuOqEPc.exe
  2⤵
  PID:4392
- C:\Windows\System\tUEOYww.exe
  C:\Windows\System\tUEOYww.exe
  2⤵
  PID:4412
- C:\Windows\System\ojShvLA.exe
  C:\Windows\System\ojShvLA.exe
  2⤵
  PID:4428
- C:\Windows\System\yYFsqUt.exe
  C:\Windows\System\yYFsqUt.exe
  2⤵
  PID:4448
- C:\Windows\System\TSeIoez.exe
  C:\Windows\System\TSeIoez.exe
  2⤵
  PID:4464
- C:\Windows\System\fThQXLx.exe
  C:\Windows\System\fThQXLx.exe
  2⤵
  PID:4488
- C:\Windows\System\pKnkJuQ.exe
  C:\Windows\System\pKnkJuQ.exe
  2⤵
  PID:4516
- C:\Windows\System\UXvfQpc.exe
  C:\Windows\System\UXvfQpc.exe
  2⤵
  PID:4532
- C:\Windows\System\ihDIFdY.exe
  C:\Windows\System\ihDIFdY.exe
  2⤵
  PID:4548
- C:\Windows\System\VNFFnKS.exe
  C:\Windows\System\VNFFnKS.exe
  2⤵
  PID:4564
- C:\Windows\System\bxCNZZC.exe
  C:\Windows\System\bxCNZZC.exe
  2⤵
  PID:4584
- C:\Windows\System\esszxpo.exe
  C:\Windows\System\esszxpo.exe
  2⤵
  PID:4604
- C:\Windows\System\qTyhztA.exe
  C:\Windows\System\qTyhztA.exe
  2⤵
  PID:4624
- C:\Windows\System\zytBCWD.exe
  C:\Windows\System\zytBCWD.exe
  2⤵
  PID:4640
- C:\Windows\System\DREWXun.exe
  C:\Windows\System\DREWXun.exe
  2⤵
  PID:4660
- C:\Windows\System\kChNNGY.exe
  C:\Windows\System\kChNNGY.exe
  2⤵
  PID:4676
- C:\Windows\System\jDUxlgf.exe
  C:\Windows\System\jDUxlgf.exe
  2⤵
  PID:4696
- C:\Windows\System\fvrUwnW.exe
  C:\Windows\System\fvrUwnW.exe
  2⤵
  PID:4716
- C:\Windows\System\dVzKBnV.exe
  C:\Windows\System\dVzKBnV.exe
  2⤵
  PID:4732
- C:\Windows\System\RKmFWFT.exe
  C:\Windows\System\RKmFWFT.exe
  2⤵
  PID:4748
- C:\Windows\System\lyExlOO.exe
  C:\Windows\System\lyExlOO.exe
  2⤵
  PID:4764
- C:\Windows\System\HAIzSst.exe
  C:\Windows\System\HAIzSst.exe
  2⤵
  PID:4780
- C:\Windows\System\yMlRPCf.exe
  C:\Windows\System\yMlRPCf.exe
  2⤵
  PID:4796
- C:\Windows\System\MivSCsp.exe
  C:\Windows\System\MivSCsp.exe
  2⤵
  PID:4816
- C:\Windows\System\nuDutaP.exe
  C:\Windows\System\nuDutaP.exe
  2⤵
  PID:4860
- C:\Windows\System\fRqKhml.exe
  C:\Windows\System\fRqKhml.exe
  2⤵
  PID:4876
- C:\Windows\System\lpSWLOe.exe
  C:\Windows\System\lpSWLOe.exe
  2⤵
  PID:4920
- C:\Windows\System\cPeVZOM.exe
  C:\Windows\System\cPeVZOM.exe
  2⤵
  PID:4936
- C:\Windows\System\HfhWCIP.exe
  C:\Windows\System\HfhWCIP.exe
  2⤵
  PID:4956
- C:\Windows\System\JLDWcBl.exe
  C:\Windows\System\JLDWcBl.exe
  2⤵
  PID:4972
- C:\Windows\System\SIfCUvu.exe
  C:\Windows\System\SIfCUvu.exe
  2⤵
  PID:4988
- C:\Windows\System\KwCccsu.exe
  C:\Windows\System\KwCccsu.exe
  2⤵
  PID:5008
- C:\Windows\System\EdBRgcP.exe
  C:\Windows\System\EdBRgcP.exe
  2⤵
  PID:5024
- C:\Windows\System\dOuNcFF.exe
  C:\Windows\System\dOuNcFF.exe
  2⤵
  PID:5048
- C:\Windows\System\GbBkjbZ.exe
  C:\Windows\System\GbBkjbZ.exe
  2⤵
  PID:5068
- C:\Windows\System\wgAkEXm.exe
  C:\Windows\System\wgAkEXm.exe
  2⤵
  PID:5088
- C:\Windows\System\wjMFxhO.exe
  C:\Windows\System\wjMFxhO.exe
  2⤵
  PID:5112
- C:\Windows\System\THwmuUh.exe
  C:\Windows\System\THwmuUh.exe
  2⤵
  PID:3988
- C:\Windows\System\ZOsnfZG.exe
  C:\Windows\System\ZOsnfZG.exe
  2⤵
  PID:4160
- C:\Windows\System\tVcjVnw.exe
  C:\Windows\System\tVcjVnw.exe
  2⤵
  PID:3564
- C:\Windows\System\hPXmbCb.exe
  C:\Windows\System\hPXmbCb.exe
  2⤵
  PID:3640
- C:\Windows\System\fLbLklM.exe
  C:\Windows\System\fLbLklM.exe
  2⤵
  PID:4108
- C:\Windows\System\ImfrLrA.exe
  C:\Windows\System\ImfrLrA.exe
  2⤵
  PID:4144
- C:\Windows\System\hrnMBCv.exe
  C:\Windows\System\hrnMBCv.exe
  2⤵
  PID:4212
- C:\Windows\System\xCICHbI.exe
  C:\Windows\System\xCICHbI.exe
  2⤵
  PID:4216
- C:\Windows\System\sekJLzj.exe
  C:\Windows\System\sekJLzj.exe
  2⤵
  PID:4236
- C:\Windows\System\CDpFYkC.exe
  C:\Windows\System\CDpFYkC.exe
  2⤵
  PID:4272
- C:\Windows\System\IZGczfz.exe
  C:\Windows\System\IZGczfz.exe
  2⤵
  PID:4308
- C:\Windows\System\WwNpJWj.exe
  C:\Windows\System\WwNpJWj.exe
  2⤵
  PID:4312
- C:\Windows\System\GRgMiHD.exe
  C:\Windows\System\GRgMiHD.exe
  2⤵
  PID:4388
- C:\Windows\System\JJLkwaF.exe
  C:\Windows\System\JJLkwaF.exe
  2⤵
  PID:4324
- C:\Windows\System\yxrxLnJ.exe
  C:\Windows\System\yxrxLnJ.exe
  2⤵
  PID:4484
- C:\Windows\System\gGJKZAB.exe
  C:\Windows\System\gGJKZAB.exe
  2⤵
  PID:4504
- C:\Windows\System\ZPbUjRA.exe
  C:\Windows\System\ZPbUjRA.exe
  2⤵
  PID:4580
- C:\Windows\System\NYwVnBp.exe
  C:\Windows\System\NYwVnBp.exe
  2⤵
  PID:4648
- C:\Windows\System\yybXcMx.exe
  C:\Windows\System\yybXcMx.exe
  2⤵
  PID:4688
- C:\Windows\System\ktKEtPw.exe
  C:\Windows\System\ktKEtPw.exe
  2⤵
  PID:4756
- C:\Windows\System\hLkpzFZ.exe
  C:\Windows\System\hLkpzFZ.exe
  2⤵
  PID:4592
- C:\Windows\System\tUAdAxL.exe
  C:\Windows\System\tUAdAxL.exe
  2⤵
  PID:4668
- C:\Windows\System\HTVhpch.exe
  C:\Windows\System\HTVhpch.exe
  2⤵
  PID:4712
- C:\Windows\System\FPBgtJf.exe
  C:\Windows\System\FPBgtJf.exe
  2⤵
  PID:4804
- C:\Windows\System\RVSFrWP.exe
  C:\Windows\System\RVSFrWP.exe
  2⤵
  PID:4600
- C:\Windows\System\mnNPGBY.exe
  C:\Windows\System\mnNPGBY.exe
  2⤵
  PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFbcEAU.exe

Filesize
384KB

MD5
c82368624fc0cbc229c201ce1985bc94

SHA1
ee5f9762a48551b4aca0f410ce58ba6b3a31c5e7

SHA256
931c951679eb1fb702111027aabfe5c2dbae5ee0133b51e3a18f5413cb866a95

SHA512
a02b7bbdc00adbf81d06cac9c2ff95404ee7daaf391f997518b816e211a80c24bef9f62cfffbf4467be156c5ab3f90c9c19fabf63f6e25a559ab78ca4191369f

Download Submit
C:\Windows\system\SxfYwgY.exe

Filesize
2.0MB

MD5
1979b0879876186bd0f5aa0f254c132a

SHA1
e892dbefcbe90935ad660042061e35b51203706e

SHA256
7da4f6f471002ec76d839ba97be537c656ab453f09a6bdb3e3d038b53e35c156

SHA512
1aae061748aa9b3f592b54687a21b721bcbaa1962fbcde211e2eb6b16e91b420fcff2582b6b47f09b0b5676c869963698eb54cb0695c46e63e130c4a2be1965d

Download Submit
C:\Windows\system\efBnCjg.exe

Filesize
576KB

MD5
127f4866c00e3ecb45b1d23b1d0c741c

SHA1
bbd6a9cffc79a79bd90d816b9900c68bfca18543

SHA256
bcc97a96b21714501a1a73d093ecbf16bebdde5c4d96059fba2ad80c8b5330a5

SHA512
c7527a9f1edae2d067417b282065ad27153e8fbc1423f8998711e828f7b5c2f6434c8cd15eb1be193ec5e0e78c50d3413aca371edb5d76738fe331728ad68c91

Download Submit
C:\Windows\system\jVWQdEP.exe

Filesize
2.0MB

MD5
9f03c1e8a19f19c9c45da43a423e0a14

SHA1
d2a703fa74678641f486c752be544e84b61a98ce

SHA256
19e57cb695e9244fe767c678339f563de14070b43eb07b000264ced259475064

SHA512
a1c0cdac6a9ce360516c585d2a64c7c50034a342c0accadf24adb66c4908020d1d1abe105ce2e8bca3f50f328aa140b7cb1764d4a36d28c426f912a4bdf10e38

Download Submit
C:\Windows\system\uggIEIx.exe

Filesize
448KB

MD5
460a560d9343614b4f5d3d4dba3f4ee8

SHA1
b7e4e11f7bd5df3f2363cf6c1fa4d5ae53e0122e

SHA256
fd744e6808c52535a94243828181a8d013638b8f8817cf398b9172e0ee7b110d

SHA512
1f115a8993e51d1f37533d08960597baad579468fd9fc33ed73870d8dbecffbacf74c482d28ec7d6893e63aba21811f0abf2dfee545d005b933bc73799ad2c80

Download Submit
\Windows\system\ijweTFJ.exe

Filesize
192KB

MD5
9b577ffff6c1f5ffff7f64441d883431

SHA1
10ba0bbbec3c90794664c7d383f12f8e5eb6c74b

SHA256
91f3e82906a538100a99ed926f9fc65724c6b25f34a3a65f82125b966c8582db

SHA512
f8bb3727a9f20749433ece4d83348bcfd5e5e28efa7ccba238d5a6d724481df6d5f37b94f4ffcea847376be6b1b47a9ca7c6e243f6823afe20547eef85d0ed8f

Download Submit
\Windows\system\uggIEIx.exe

Filesize
128KB

MD5
6f79929539cf65dcb1e405ed0a538ec1

SHA1
46963681601be609a978fb70a544460fdecbb830

SHA256
8292e8db4cea39d46d950b64cc55f87ab625ecdebcbe27f469743b8d918b78e8

SHA512
e991eb3fcf3d9e8bf2f4b7d6bc5ccb92f66bf173e56c3693b2cbd12083aeda0fcdb439b0c82e3da3f8abfa3d37b16394bcf458c3b338809e1ffa376eff9aa3d0

Download Submit
\Windows\system\xCIpuOO.exe

Filesize
512KB

MD5
0b4145c2cc110331e4da5e560102704d

SHA1
c566b9a6ceb44b7f1c214b316c08f6bec9d9b2b1

SHA256
45685ced1acb15c50a2e82577fa387cda30481d8f7a525239c32c5f5bf6e48b4

SHA512
abf913119d63f487a6aab21c7aef0828fd1abea0d0c9a3b66bf2a375882b42bf9f76fd9b59dbd74e92020f35616ebd4ca75dc1ea4b5b55a7e8ed17cc28d58dc6

Download Submit
memory/1036-1071-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1036-28-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1360-1070-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1360-18-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1068-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-121-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-143-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-149-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1069-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-0-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1984-12-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-78-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-131-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-75-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-69-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-137-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-126-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-55-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-116-0x0000000002080000-0x00000000023D4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1067-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1078-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-91-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2372-107-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2392-79-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1075-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1080-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2460-103-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2500-1079-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2500-94-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1072-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2532-41-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2576-87-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1073-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-60-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1074-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2600-66-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2664-77-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1076-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1081-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-138-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1082-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-104-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download