kpot | 14b3502737bac84e04a9dfbbafc127a80c830c6a75320590a4778c786c196099

Analysis

max time kernel
137s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
Size

2.0MB
MD5

4a38b04384ab1c81b323300270e82c00
SHA1

1fee1edfc03f8548c28c7b4feb3910df976838e9
SHA256

14b3502737bac84e04a9dfbbafc127a80c830c6a75320590a4778c786c196099
SHA512

568ce109860db0beeb0435cb718f6d465a18af02ea1a5a841961126674bbd992e75fc203d163955cfb0177aa7ffec79684a1c07b0fd2ce5b09e7075ac59d293e
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2e:GemTLkNdfE0pZaQG

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000d00000001231c-2.dat	family_kpot
behavioral1/files/0x0031000000014502-6.dat	family_kpot
behavioral1/files/0x000700000001480e-8.dat	family_kpot
behavioral1/files/0x00070000000149e1-18.dat	family_kpot
behavioral1/files/0x0007000000014b10-22.dat	family_kpot
behavioral1/files/0x0007000000014b36-23.dat	family_kpot
behavioral1/files/0x0009000000014dae-33.dat	family_kpot
behavioral1/files/0x0006000000015c9c-47.dat	family_kpot
behavioral1/files/0x0006000000015c93-43.dat	family_kpot
behavioral1/files/0x0006000000015cbd-58.dat	family_kpot
behavioral1/files/0x0006000000015cce-63.dat	family_kpot
behavioral1/files/0x0006000000015cb0-54.dat	family_kpot
behavioral1/files/0x0006000000015cd9-68.dat	family_kpot
behavioral1/files/0x0006000000015cf5-78.dat	family_kpot
behavioral1/files/0x0006000000015fa7-118.dat	family_kpot
behavioral1/files/0x000600000001654a-143.dat	family_kpot
behavioral1/files/0x0006000000016a6f-158.dat	family_kpot
behavioral1/files/0x0006000000016813-153.dat	family_kpot
behavioral1/files/0x00060000000165f0-148.dat	family_kpot
behavioral1/files/0x0006000000016476-138.dat	family_kpot
behavioral1/files/0x00060000000162c9-133.dat	family_kpot
behavioral1/files/0x00060000000161b3-128.dat	family_kpot
behavioral1/files/0x00060000000160cc-124.dat	family_kpot
behavioral1/files/0x0006000000015f3c-113.dat	family_kpot
behavioral1/files/0x0006000000015e6d-108.dat	family_kpot
behavioral1/files/0x0006000000015e09-103.dat	family_kpot
behavioral1/files/0x0006000000015d4c-98.dat	family_kpot
behavioral1/files/0x0006000000015d44-93.dat	family_kpot
behavioral1/files/0x0006000000015d24-88.dat	family_kpot
behavioral1/files/0x0006000000015d0c-83.dat	family_kpot
behavioral1/files/0x0006000000015ce3-73.dat	family_kpot
behavioral1/files/0x0009000000014ba7-38.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000d00000001231c-2.dat	xmrig
behavioral1/files/0x0031000000014502-6.dat	xmrig
behavioral1/files/0x000700000001480e-8.dat	xmrig
behavioral1/files/0x00070000000149e1-18.dat	xmrig
behavioral1/files/0x0007000000014b10-22.dat	xmrig
behavioral1/files/0x0007000000014b36-23.dat	xmrig
behavioral1/files/0x0009000000014dae-33.dat	xmrig
behavioral1/files/0x0006000000015c9c-47.dat	xmrig
behavioral1/files/0x0006000000015c93-43.dat	xmrig
behavioral1/files/0x0006000000015cbd-58.dat	xmrig
behavioral1/files/0x0006000000015cce-63.dat	xmrig
behavioral1/files/0x0006000000015cb0-54.dat	xmrig
behavioral1/files/0x0006000000015cd9-68.dat	xmrig
behavioral1/files/0x0006000000015cf5-78.dat	xmrig
behavioral1/files/0x0006000000015fa7-118.dat	xmrig
behavioral1/files/0x000600000001654a-143.dat	xmrig
behavioral1/files/0x0006000000016a6f-158.dat	xmrig
behavioral1/files/0x0006000000016813-153.dat	xmrig
behavioral1/files/0x00060000000165f0-148.dat	xmrig
behavioral1/files/0x0006000000016476-138.dat	xmrig
behavioral1/files/0x00060000000162c9-133.dat	xmrig
behavioral1/files/0x00060000000161b3-128.dat	xmrig
behavioral1/files/0x00060000000160cc-124.dat	xmrig
behavioral1/files/0x0006000000015f3c-113.dat	xmrig
behavioral1/files/0x0006000000015e6d-108.dat	xmrig
behavioral1/files/0x0006000000015e09-103.dat	xmrig
behavioral1/files/0x0006000000015d4c-98.dat	xmrig
behavioral1/files/0x0006000000015d44-93.dat	xmrig
behavioral1/files/0x0006000000015d24-88.dat	xmrig
behavioral1/files/0x0006000000015d0c-83.dat	xmrig
behavioral1/files/0x0006000000015ce3-73.dat	xmrig
behavioral1/files/0x0009000000014ba7-38.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2524	pIdSDxM.exe
2080	YhFdtWC.exe
2632	ZbENTqE.exe
2760	Zzdnggn.exe
2908	HBhhxgu.exe
2680	MPUMTKQ.exe
1664	RgFEQlI.exe
2548	uEwdqum.exe
2604	IDScFaM.exe
2428	FVRoSBS.exe
2488	BCAACGJ.exe
2840	sjLGduc.exe
1896	RYInAXc.exe
2344	jIHihND.exe
1936	UPfUoBV.exe
1468	XAJziiI.exe
1500	XSyJILQ.exe
1144	oSvQKlR.exe
1032	qlgpDYn.exe
2188	PrgpVVp.exe
2196	CBaQlzK.exe
1560	TLisKTa.exe
1700	EAZyYeL.exe
1808	LUAdfkU.exe
1996	gbYMOEh.exe
2124	aCckwev.exe
1876	wHqQCYR.exe
1648	zLKXwWN.exe
2712	bQvYcCx.exe
692	RicUial.exe
1416	CUdmuPX.exe
1220	iTORhYN.exe
1356	AeNDzbL.exe
1736	YhADhIs.exe
2392	egvANqt.exe
1692	nvbtpKS.exe
2936	ZKjVjUL.exe
2220	UsVqIpM.exe
2964	GYzBeST.exe
2116	wDljgAI.exe
1036	xCkWawi.exe
1728	KeAvTBI.exe
1920	NGlfQqK.exe
1288	CUTdhkW.exe
1948	OHCfjtb.exe
772	zbUpwEH.exe
404	cXfTwCy.exe
940	VmdUntx.exe
1680	VqIMtFp.exe
2216	iatoxMB.exe
1676	GSKZjzj.exe
1640	euBxdco.exe
2096	ypMCZDs.exe
1652	DySMoZg.exe
1148	ynVlIud.exe
2032	LaeZbPX.exe
1436	NUBbmIR.exe
2152	BphbuVF.exe
2304	qFKkVAd.exe
1512	IRdHmyV.exe
2260	KKymGoy.exe
3008	XbWxVoh.exe
2588	NGjbDoX.exe
2752	kcFnszj.exe

Loads dropped DLL 64 IoCs

pid	Process
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Timxjjr.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\SvCeerI.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\MLgIHEe.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\KDOzTie.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\UnZfRoy.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\DySMoZg.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\HGnxGsD.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\GBIxhGS.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\PcqCgmw.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\VkzkXhC.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\fixtjXW.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\NEaBEvn.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\LUyiTRn.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\aSljdZo.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\iuqkEbE.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\UzfRmbR.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\KWwYWeo.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\TizRvSS.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\qVaqofw.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\qSkLjTl.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\aCckwev.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\uBikEdN.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\rBgttxL.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\ciNKQCs.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\CCurWFn.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\XSyJILQ.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\NGlfQqK.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\CUTdhkW.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\SpMcgkM.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\BWIUODa.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\DJMkqyf.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\DMDCbny.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\HAHKAHj.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\iRhhTmB.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\FVRoSBS.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\zbUpwEH.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\XbWxVoh.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\cXXgCDX.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\QaLGztR.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\fmYXMDV.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\MPUMTKQ.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\EAZyYeL.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\ZKjVjUL.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\EWxMvQN.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\VEGNLwa.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\LLdaBDI.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\CBaQlzK.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\wdIbKOv.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\jBJZhZH.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\qjvTTTA.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\OMdAhvV.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\BCAACGJ.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\EfwnPDW.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\eSmTXKB.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\LZSdAAr.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\RgLtfBL.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\bqaeoWJ.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\APDalNg.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\btHofFO.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\tPAQWZY.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\sZHvJLE.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\Eonqwwc.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\voMGpqc.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
File created	C:\Windows\System\VjJynPa.exe	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2524	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	29
PID 2744 wrote to memory of 2524	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	29
PID 2744 wrote to memory of 2524	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	29
PID 2744 wrote to memory of 2080	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	30
PID 2744 wrote to memory of 2080	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	30
PID 2744 wrote to memory of 2080	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	30
PID 2744 wrote to memory of 2632	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	31
PID 2744 wrote to memory of 2632	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	31
PID 2744 wrote to memory of 2632	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	31
PID 2744 wrote to memory of 2760	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	32
PID 2744 wrote to memory of 2760	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	32
PID 2744 wrote to memory of 2760	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	32
PID 2744 wrote to memory of 2908	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	33
PID 2744 wrote to memory of 2908	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	33
PID 2744 wrote to memory of 2908	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	33
PID 2744 wrote to memory of 2680	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	34
PID 2744 wrote to memory of 2680	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	34
PID 2744 wrote to memory of 2680	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	34
PID 2744 wrote to memory of 2548	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	35
PID 2744 wrote to memory of 2548	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	35
PID 2744 wrote to memory of 2548	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	35
PID 2744 wrote to memory of 1664	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	36
PID 2744 wrote to memory of 1664	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	36
PID 2744 wrote to memory of 1664	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	36
PID 2744 wrote to memory of 2604	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	37
PID 2744 wrote to memory of 2604	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	37
PID 2744 wrote to memory of 2604	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	37
PID 2744 wrote to memory of 2428	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	38
PID 2744 wrote to memory of 2428	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	38
PID 2744 wrote to memory of 2428	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	38
PID 2744 wrote to memory of 2488	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	39
PID 2744 wrote to memory of 2488	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	39
PID 2744 wrote to memory of 2488	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	39
PID 2744 wrote to memory of 2840	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	40
PID 2744 wrote to memory of 2840	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	40
PID 2744 wrote to memory of 2840	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	40
PID 2744 wrote to memory of 1896	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	41
PID 2744 wrote to memory of 1896	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	41
PID 2744 wrote to memory of 1896	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	41
PID 2744 wrote to memory of 2344	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	42
PID 2744 wrote to memory of 2344	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	42
PID 2744 wrote to memory of 2344	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	42
PID 2744 wrote to memory of 1936	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	43
PID 2744 wrote to memory of 1936	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	43
PID 2744 wrote to memory of 1936	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	43
PID 2744 wrote to memory of 1468	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	44
PID 2744 wrote to memory of 1468	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	44
PID 2744 wrote to memory of 1468	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	44
PID 2744 wrote to memory of 1500	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	45
PID 2744 wrote to memory of 1500	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	45
PID 2744 wrote to memory of 1500	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	45
PID 2744 wrote to memory of 1144	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	46
PID 2744 wrote to memory of 1144	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	46
PID 2744 wrote to memory of 1144	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	46
PID 2744 wrote to memory of 1032	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	47
PID 2744 wrote to memory of 1032	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	47
PID 2744 wrote to memory of 1032	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	47
PID 2744 wrote to memory of 2188	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	48
PID 2744 wrote to memory of 2188	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	48
PID 2744 wrote to memory of 2188	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	48
PID 2744 wrote to memory of 2196	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	49
PID 2744 wrote to memory of 2196	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	49
PID 2744 wrote to memory of 2196	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	49
PID 2744 wrote to memory of 1560	2744	4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a38b04384ab1c81b323300270e82c00_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\System\pIdSDxM.exe
  C:\Windows\System\pIdSDxM.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\YhFdtWC.exe
  C:\Windows\System\YhFdtWC.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ZbENTqE.exe
  C:\Windows\System\ZbENTqE.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\Zzdnggn.exe
  C:\Windows\System\Zzdnggn.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HBhhxgu.exe
  C:\Windows\System\HBhhxgu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MPUMTKQ.exe
  C:\Windows\System\MPUMTKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\uEwdqum.exe
  C:\Windows\System\uEwdqum.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\RgFEQlI.exe
  C:\Windows\System\RgFEQlI.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\IDScFaM.exe
  C:\Windows\System\IDScFaM.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\FVRoSBS.exe
  C:\Windows\System\FVRoSBS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\BCAACGJ.exe
  C:\Windows\System\BCAACGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\sjLGduc.exe
  C:\Windows\System\sjLGduc.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\RYInAXc.exe
  C:\Windows\System\RYInAXc.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\jIHihND.exe
  C:\Windows\System\jIHihND.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\UPfUoBV.exe
  C:\Windows\System\UPfUoBV.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\XAJziiI.exe
  C:\Windows\System\XAJziiI.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\XSyJILQ.exe
  C:\Windows\System\XSyJILQ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\oSvQKlR.exe
  C:\Windows\System\oSvQKlR.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\qlgpDYn.exe
  C:\Windows\System\qlgpDYn.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\PrgpVVp.exe
  C:\Windows\System\PrgpVVp.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\CBaQlzK.exe
  C:\Windows\System\CBaQlzK.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TLisKTa.exe
  C:\Windows\System\TLisKTa.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\EAZyYeL.exe
  C:\Windows\System\EAZyYeL.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\LUAdfkU.exe
  C:\Windows\System\LUAdfkU.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\gbYMOEh.exe
  C:\Windows\System\gbYMOEh.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\aCckwev.exe
  C:\Windows\System\aCckwev.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\wHqQCYR.exe
  C:\Windows\System\wHqQCYR.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\zLKXwWN.exe
  C:\Windows\System\zLKXwWN.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\bQvYcCx.exe
  C:\Windows\System\bQvYcCx.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RicUial.exe
  C:\Windows\System\RicUial.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\CUdmuPX.exe
  C:\Windows\System\CUdmuPX.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\iTORhYN.exe
  C:\Windows\System\iTORhYN.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\AeNDzbL.exe
  C:\Windows\System\AeNDzbL.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\YhADhIs.exe
  C:\Windows\System\YhADhIs.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\egvANqt.exe
  C:\Windows\System\egvANqt.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\nvbtpKS.exe
  C:\Windows\System\nvbtpKS.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ZKjVjUL.exe
  C:\Windows\System\ZKjVjUL.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\UsVqIpM.exe
  C:\Windows\System\UsVqIpM.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\GYzBeST.exe
  C:\Windows\System\GYzBeST.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wDljgAI.exe
  C:\Windows\System\wDljgAI.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\xCkWawi.exe
  C:\Windows\System\xCkWawi.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\KeAvTBI.exe
  C:\Windows\System\KeAvTBI.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\NGlfQqK.exe
  C:\Windows\System\NGlfQqK.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\CUTdhkW.exe
  C:\Windows\System\CUTdhkW.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\OHCfjtb.exe
  C:\Windows\System\OHCfjtb.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\zbUpwEH.exe
  C:\Windows\System\zbUpwEH.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\cXfTwCy.exe
  C:\Windows\System\cXfTwCy.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\VmdUntx.exe
  C:\Windows\System\VmdUntx.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\VqIMtFp.exe
  C:\Windows\System\VqIMtFp.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\iatoxMB.exe
  C:\Windows\System\iatoxMB.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\GSKZjzj.exe
  C:\Windows\System\GSKZjzj.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\euBxdco.exe
  C:\Windows\System\euBxdco.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ypMCZDs.exe
  C:\Windows\System\ypMCZDs.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\DySMoZg.exe
  C:\Windows\System\DySMoZg.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ynVlIud.exe
  C:\Windows\System\ynVlIud.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\LaeZbPX.exe
  C:\Windows\System\LaeZbPX.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\NUBbmIR.exe
  C:\Windows\System\NUBbmIR.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\BphbuVF.exe
  C:\Windows\System\BphbuVF.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\qFKkVAd.exe
  C:\Windows\System\qFKkVAd.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\IRdHmyV.exe
  C:\Windows\System\IRdHmyV.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\KKymGoy.exe
  C:\Windows\System\KKymGoy.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\XbWxVoh.exe
  C:\Windows\System\XbWxVoh.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\NGjbDoX.exe
  C:\Windows\System\NGjbDoX.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\kcFnszj.exe
  C:\Windows\System\kcFnszj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\uweRQxr.exe
  C:\Windows\System\uweRQxr.exe
  2⤵
  PID:2676
- C:\Windows\System\gNutkVg.exe
  C:\Windows\System\gNutkVg.exe
  2⤵
  PID:2440
- C:\Windows\System\APDalNg.exe
  C:\Windows\System\APDalNg.exe
  2⤵
  PID:2460
- C:\Windows\System\xsiHyoX.exe
  C:\Windows\System\xsiHyoX.exe
  2⤵
  PID:2480
- C:\Windows\System\uBikEdN.exe
  C:\Windows\System\uBikEdN.exe
  2⤵
  PID:2132
- C:\Windows\System\pivVUTp.exe
  C:\Windows\System\pivVUTp.exe
  2⤵
  PID:2312
- C:\Windows\System\AEiixUc.exe
  C:\Windows\System\AEiixUc.exe
  2⤵
  PID:2144
- C:\Windows\System\gGxAvCs.exe
  C:\Windows\System\gGxAvCs.exe
  2⤵
  PID:1616
- C:\Windows\System\iocjUfp.exe
  C:\Windows\System\iocjUfp.exe
  2⤵
  PID:2148
- C:\Windows\System\EfwnPDW.exe
  C:\Windows\System\EfwnPDW.exe
  2⤵
  PID:1576
- C:\Windows\System\JoySTgE.exe
  C:\Windows\System\JoySTgE.exe
  2⤵
  PID:1592
- C:\Windows\System\SpMcgkM.exe
  C:\Windows\System\SpMcgkM.exe
  2⤵
  PID:1824
- C:\Windows\System\wdIbKOv.exe
  C:\Windows\System\wdIbKOv.exe
  2⤵
  PID:472
- C:\Windows\System\gTPRMod.exe
  C:\Windows\System\gTPRMod.exe
  2⤵
  PID:2848
- C:\Windows\System\dRJJZGz.exe
  C:\Windows\System\dRJJZGz.exe
  2⤵
  PID:360
- C:\Windows\System\xJruyPe.exe
  C:\Windows\System\xJruyPe.exe
  2⤵
  PID:592
- C:\Windows\System\FplPhsl.exe
  C:\Windows\System\FplPhsl.exe
  2⤵
  PID:1816
- C:\Windows\System\ZHaNeTV.exe
  C:\Windows\System\ZHaNeTV.exe
  2⤵
  PID:2316
- C:\Windows\System\AgcEVtv.exe
  C:\Windows\System\AgcEVtv.exe
  2⤵
  PID:1440
- C:\Windows\System\hIFFCwa.exe
  C:\Windows\System\hIFFCwa.exe
  2⤵
  PID:2992
- C:\Windows\System\dBRAqeU.exe
  C:\Windows\System\dBRAqeU.exe
  2⤵
  PID:2108
- C:\Windows\System\BJMgMtm.exe
  C:\Windows\System\BJMgMtm.exe
  2⤵
  PID:1472
- C:\Windows\System\NvzaylN.exe
  C:\Windows\System\NvzaylN.exe
  2⤵
  PID:1492
- C:\Windows\System\Timxjjr.exe
  C:\Windows\System\Timxjjr.exe
  2⤵
  PID:996
- C:\Windows\System\oIViYTp.exe
  C:\Windows\System\oIViYTp.exe
  2⤵
  PID:2980
- C:\Windows\System\YivlbQj.exe
  C:\Windows\System\YivlbQj.exe
  2⤵
  PID:1956
- C:\Windows\System\KWwYWeo.exe
  C:\Windows\System\KWwYWeo.exe
  2⤵
  PID:1632
- C:\Windows\System\ukFZVKE.exe
  C:\Windows\System\ukFZVKE.exe
  2⤵
  PID:2276
- C:\Windows\System\fixtjXW.exe
  C:\Windows\System\fixtjXW.exe
  2⤵
  PID:2924
- C:\Windows\System\sgHfPJm.exe
  C:\Windows\System\sgHfPJm.exe
  2⤵
  PID:3032
- C:\Windows\System\sxKGgFw.exe
  C:\Windows\System\sxKGgFw.exe
  2⤵
  PID:2004
- C:\Windows\System\YnNoVbt.exe
  C:\Windows\System\YnNoVbt.exe
  2⤵
  PID:2052
- C:\Windows\System\wUPdkGd.exe
  C:\Windows\System\wUPdkGd.exe
  2⤵
  PID:1992
- C:\Windows\System\IAYbNjh.exe
  C:\Windows\System\IAYbNjh.exe
  2⤵
  PID:1940
- C:\Windows\System\BzRPcug.exe
  C:\Windows\System\BzRPcug.exe
  2⤵
  PID:2376
- C:\Windows\System\eSmTXKB.exe
  C:\Windows\System\eSmTXKB.exe
  2⤵
  PID:2644
- C:\Windows\System\SvCeerI.exe
  C:\Windows\System\SvCeerI.exe
  2⤵
  PID:2640
- C:\Windows\System\tBSipVw.exe
  C:\Windows\System\tBSipVw.exe
  2⤵
  PID:2672
- C:\Windows\System\GwxjMgq.exe
  C:\Windows\System\GwxjMgq.exe
  2⤵
  PID:2552
- C:\Windows\System\TwEqIwI.exe
  C:\Windows\System\TwEqIwI.exe
  2⤵
  PID:2832
- C:\Windows\System\wQCpYLA.exe
  C:\Windows\System\wQCpYLA.exe
  2⤵
  PID:1832
- C:\Windows\System\btHofFO.exe
  C:\Windows\System\btHofFO.exe
  2⤵
  PID:2176
- C:\Windows\System\HIwnZfj.exe
  C:\Windows\System\HIwnZfj.exe
  2⤵
  PID:2388
- C:\Windows\System\BWIUODa.exe
  C:\Windows\System\BWIUODa.exe
  2⤵
  PID:1568
- C:\Windows\System\pbxjeUt.exe
  C:\Windows\System\pbxjeUt.exe
  2⤵
  PID:864
- C:\Windows\System\ySQpKYu.exe
  C:\Windows\System\ySQpKYu.exe
  2⤵
  PID:1928
- C:\Windows\System\hTTfRrg.exe
  C:\Windows\System\hTTfRrg.exe
  2⤵
  PID:1424
- C:\Windows\System\BVvtWQN.exe
  C:\Windows\System\BVvtWQN.exe
  2⤵
  PID:3028
- C:\Windows\System\OroZLAF.exe
  C:\Windows\System\OroZLAF.exe
  2⤵
  PID:344
- C:\Windows\System\TizRvSS.exe
  C:\Windows\System\TizRvSS.exe
  2⤵
  PID:2576
- C:\Windows\System\sjoYxzI.exe
  C:\Windows\System\sjoYxzI.exe
  2⤵
  PID:1272
- C:\Windows\System\DJMkqyf.exe
  C:\Windows\System\DJMkqyf.exe
  2⤵
  PID:3016
- C:\Windows\System\oiQLNMX.exe
  C:\Windows\System\oiQLNMX.exe
  2⤵
  PID:1636
- C:\Windows\System\dSpDaaj.exe
  C:\Windows\System\dSpDaaj.exe
  2⤵
  PID:1720
- C:\Windows\System\kiuxcpE.exe
  C:\Windows\System\kiuxcpE.exe
  2⤵
  PID:2228
- C:\Windows\System\UHPFEWq.exe
  C:\Windows\System\UHPFEWq.exe
  2⤵
  PID:2920
- C:\Windows\System\OMJpOci.exe
  C:\Windows\System\OMJpOci.exe
  2⤵
  PID:2616
- C:\Windows\System\hyEhRVG.exe
  C:\Windows\System\hyEhRVG.exe
  2⤵
  PID:3060
- C:\Windows\System\HxQRMUC.exe
  C:\Windows\System\HxQRMUC.exe
  2⤵
  PID:1248
- C:\Windows\System\hqEtxil.exe
  C:\Windows\System\hqEtxil.exe
  2⤵
  PID:2556
- C:\Windows\System\abUaPmf.exe
  C:\Windows\System\abUaPmf.exe
  2⤵
  PID:2932
- C:\Windows\System\LaZlEpU.exe
  C:\Windows\System\LaZlEpU.exe
  2⤵
  PID:2016
- C:\Windows\System\jlJaVZL.exe
  C:\Windows\System\jlJaVZL.exe
  2⤵
  PID:2364
- C:\Windows\System\EWxMvQN.exe
  C:\Windows\System\EWxMvQN.exe
  2⤵
  PID:1584
- C:\Windows\System\qVaqofw.exe
  C:\Windows\System\qVaqofw.exe
  2⤵
  PID:1104
- C:\Windows\System\gHcliTl.exe
  C:\Windows\System\gHcliTl.exe
  2⤵
  PID:2036
- C:\Windows\System\rBgttxL.exe
  C:\Windows\System\rBgttxL.exe
  2⤵
  PID:2968
- C:\Windows\System\PFPkRLJ.exe
  C:\Windows\System\PFPkRLJ.exe
  2⤵
  PID:2900
- C:\Windows\System\xTOXvGQ.exe
  C:\Windows\System\xTOXvGQ.exe
  2⤵
  PID:960
- C:\Windows\System\NtecZPI.exe
  C:\Windows\System\NtecZPI.exe
  2⤵
  PID:2020
- C:\Windows\System\Wocgqfp.exe
  C:\Windows\System\Wocgqfp.exe
  2⤵
  PID:2436
- C:\Windows\System\ouLvoiA.exe
  C:\Windows\System\ouLvoiA.exe
  2⤵
  PID:2708
- C:\Windows\System\nOaCAXY.exe
  C:\Windows\System\nOaCAXY.exe
  2⤵
  PID:2856
- C:\Windows\System\gsVJmdl.exe
  C:\Windows\System\gsVJmdl.exe
  2⤵
  PID:2288
- C:\Windows\System\VDiTaGD.exe
  C:\Windows\System\VDiTaGD.exe
  2⤵
  PID:2592
- C:\Windows\System\HXssMIl.exe
  C:\Windows\System\HXssMIl.exe
  2⤵
  PID:2320
- C:\Windows\System\zwmivEF.exe
  C:\Windows\System\zwmivEF.exe
  2⤵
  PID:2444
- C:\Windows\System\QeTGkUV.exe
  C:\Windows\System\QeTGkUV.exe
  2⤵
  PID:832
- C:\Windows\System\yIDcfpw.exe
  C:\Windows\System\yIDcfpw.exe
  2⤵
  PID:1040
- C:\Windows\System\LZSdAAr.exe
  C:\Windows\System\LZSdAAr.exe
  2⤵
  PID:872
- C:\Windows\System\asCSzas.exe
  C:\Windows\System\asCSzas.exe
  2⤵
  PID:328
- C:\Windows\System\PqfmSFW.exe
  C:\Windows\System\PqfmSFW.exe
  2⤵
  PID:2720
- C:\Windows\System\voMGpqc.exe
  C:\Windows\System\voMGpqc.exe
  2⤵
  PID:2244
- C:\Windows\System\uuyqhNM.exe
  C:\Windows\System\uuyqhNM.exe
  2⤵
  PID:2332
- C:\Windows\System\crWSZhR.exe
  C:\Windows\System\crWSZhR.exe
  2⤵
  PID:2836
- C:\Windows\System\muAxetf.exe
  C:\Windows\System\muAxetf.exe
  2⤵
  PID:1756
- C:\Windows\System\kzMLEeV.exe
  C:\Windows\System\kzMLEeV.exe
  2⤵
  PID:1236
- C:\Windows\System\YDqhyPq.exe
  C:\Windows\System\YDqhyPq.exe
  2⤵
  PID:1776
- C:\Windows\System\CZWFyEw.exe
  C:\Windows\System\CZWFyEw.exe
  2⤵
  PID:2308
- C:\Windows\System\tQSlNCu.exe
  C:\Windows\System\tQSlNCu.exe
  2⤵
  PID:1900
- C:\Windows\System\kzHPEhj.exe
  C:\Windows\System\kzHPEhj.exe
  2⤵
  PID:2732
- C:\Windows\System\hlEHHTN.exe
  C:\Windows\System\hlEHHTN.exe
  2⤵
  PID:1448
- C:\Windows\System\jBJZhZH.exe
  C:\Windows\System\jBJZhZH.exe
  2⤵
  PID:1120
- C:\Windows\System\JnOzpUi.exe
  C:\Windows\System\JnOzpUi.exe
  2⤵
  PID:2160
- C:\Windows\System\dGJHfxH.exe
  C:\Windows\System\dGJHfxH.exe
  2⤵
  PID:800
- C:\Windows\System\XfleIeZ.exe
  C:\Windows\System\XfleIeZ.exe
  2⤵
  PID:908
- C:\Windows\System\HXpAhbF.exe
  C:\Windows\System\HXpAhbF.exe
  2⤵
  PID:892
- C:\Windows\System\JiCvQuT.exe
  C:\Windows\System\JiCvQuT.exe
  2⤵
  PID:2476
- C:\Windows\System\Ncomaes.exe
  C:\Windows\System\Ncomaes.exe
  2⤵
  PID:1656
- C:\Windows\System\bKhibrG.exe
  C:\Windows\System\bKhibrG.exe
  2⤵
  PID:2264
- C:\Windows\System\wWuHAqZ.exe
  C:\Windows\System\wWuHAqZ.exe
  2⤵
  PID:2360
- C:\Windows\System\YfjHaMa.exe
  C:\Windows\System\YfjHaMa.exe
  2⤵
  PID:2012
- C:\Windows\System\NsjJvUj.exe
  C:\Windows\System\NsjJvUj.exe
  2⤵
  PID:2596
- C:\Windows\System\rbVVKRY.exe
  C:\Windows\System\rbVVKRY.exe
  2⤵
  PID:284
- C:\Windows\System\HGnxGsD.exe
  C:\Windows\System\HGnxGsD.exe
  2⤵
  PID:804
- C:\Windows\System\tPAQWZY.exe
  C:\Windows\System\tPAQWZY.exe
  2⤵
  PID:964
- C:\Windows\System\WNMBXXE.exe
  C:\Windows\System\WNMBXXE.exe
  2⤵
  PID:3084
- C:\Windows\System\rQUoQkR.exe
  C:\Windows\System\rQUoQkR.exe
  2⤵
  PID:3100
- C:\Windows\System\VxBRUfC.exe
  C:\Windows\System\VxBRUfC.exe
  2⤵
  PID:3120
- C:\Windows\System\vBriklv.exe
  C:\Windows\System\vBriklv.exe
  2⤵
  PID:3140
- C:\Windows\System\RgLtfBL.exe
  C:\Windows\System\RgLtfBL.exe
  2⤵
  PID:3164
- C:\Windows\System\mZrFvHA.exe
  C:\Windows\System\mZrFvHA.exe
  2⤵
  PID:3236
- C:\Windows\System\mkMypGb.exe
  C:\Windows\System\mkMypGb.exe
  2⤵
  PID:3268
- C:\Windows\System\VEGNLwa.exe
  C:\Windows\System\VEGNLwa.exe
  2⤵
  PID:3284
- C:\Windows\System\HzAaHog.exe
  C:\Windows\System\HzAaHog.exe
  2⤵
  PID:3300
- C:\Windows\System\vxKARyF.exe
  C:\Windows\System\vxKARyF.exe
  2⤵
  PID:3320
- C:\Windows\System\Gpinzdq.exe
  C:\Windows\System\Gpinzdq.exe
  2⤵
  PID:3336
- C:\Windows\System\BKPyZZv.exe
  C:\Windows\System\BKPyZZv.exe
  2⤵
  PID:3352
- C:\Windows\System\sZHvJLE.exe
  C:\Windows\System\sZHvJLE.exe
  2⤵
  PID:3368
- C:\Windows\System\dzKUcGM.exe
  C:\Windows\System\dzKUcGM.exe
  2⤵
  PID:3404
- C:\Windows\System\GBmMOLF.exe
  C:\Windows\System\GBmMOLF.exe
  2⤵
  PID:3428
- C:\Windows\System\dJdLiBA.exe
  C:\Windows\System\dJdLiBA.exe
  2⤵
  PID:3460
- C:\Windows\System\DfAaJlr.exe
  C:\Windows\System\DfAaJlr.exe
  2⤵
  PID:3476
- C:\Windows\System\tObAaJz.exe
  C:\Windows\System\tObAaJz.exe
  2⤵
  PID:3496
- C:\Windows\System\rNCCXMX.exe
  C:\Windows\System\rNCCXMX.exe
  2⤵
  PID:3512
- C:\Windows\System\uAHpFQw.exe
  C:\Windows\System\uAHpFQw.exe
  2⤵
  PID:3532
- C:\Windows\System\Eonqwwc.exe
  C:\Windows\System\Eonqwwc.exe
  2⤵
  PID:3548
- C:\Windows\System\RuugFNC.exe
  C:\Windows\System\RuugFNC.exe
  2⤵
  PID:3564
- C:\Windows\System\NyZUiLi.exe
  C:\Windows\System\NyZUiLi.exe
  2⤵
  PID:3584
- C:\Windows\System\dQwwuOa.exe
  C:\Windows\System\dQwwuOa.exe
  2⤵
  PID:3600
- C:\Windows\System\vaKAotu.exe
  C:\Windows\System\vaKAotu.exe
  2⤵
  PID:3640
- C:\Windows\System\vLIihDp.exe
  C:\Windows\System\vLIihDp.exe
  2⤵
  PID:3660
- C:\Windows\System\NEaBEvn.exe
  C:\Windows\System\NEaBEvn.exe
  2⤵
  PID:3676
- C:\Windows\System\EFlsjQp.exe
  C:\Windows\System\EFlsjQp.exe
  2⤵
  PID:3692
- C:\Windows\System\GgiffkL.exe
  C:\Windows\System\GgiffkL.exe
  2⤵
  PID:3724
- C:\Windows\System\JciNTjE.exe
  C:\Windows\System\JciNTjE.exe
  2⤵
  PID:3740
- C:\Windows\System\rvLrNZo.exe
  C:\Windows\System\rvLrNZo.exe
  2⤵
  PID:3760
- C:\Windows\System\UennkDh.exe
  C:\Windows\System\UennkDh.exe
  2⤵
  PID:3776
- C:\Windows\System\edDzMtm.exe
  C:\Windows\System\edDzMtm.exe
  2⤵
  PID:3792
- C:\Windows\System\aJfkIiF.exe
  C:\Windows\System\aJfkIiF.exe
  2⤵
  PID:3812
- C:\Windows\System\vNmxyPy.exe
  C:\Windows\System\vNmxyPy.exe
  2⤵
  PID:3832
- C:\Windows\System\jCagwnn.exe
  C:\Windows\System\jCagwnn.exe
  2⤵
  PID:3852
- C:\Windows\System\VrtIZPm.exe
  C:\Windows\System\VrtIZPm.exe
  2⤵
  PID:3868
- C:\Windows\System\HSOytql.exe
  C:\Windows\System\HSOytql.exe
  2⤵
  PID:3884
- C:\Windows\System\BLEKCvZ.exe
  C:\Windows\System\BLEKCvZ.exe
  2⤵
  PID:3904
- C:\Windows\System\VjJynPa.exe
  C:\Windows\System\VjJynPa.exe
  2⤵
  PID:3920
- C:\Windows\System\qjvTTTA.exe
  C:\Windows\System\qjvTTTA.exe
  2⤵
  PID:3936
- C:\Windows\System\hjeYjkw.exe
  C:\Windows\System\hjeYjkw.exe
  2⤵
  PID:3956
- C:\Windows\System\MLgIHEe.exe
  C:\Windows\System\MLgIHEe.exe
  2⤵
  PID:3972
- C:\Windows\System\lEhjCPa.exe
  C:\Windows\System\lEhjCPa.exe
  2⤵
  PID:3992
- C:\Windows\System\ZGUijpe.exe
  C:\Windows\System\ZGUijpe.exe
  2⤵
  PID:4008
- C:\Windows\System\qSkLjTl.exe
  C:\Windows\System\qSkLjTl.exe
  2⤵
  PID:4028
- C:\Windows\System\UNqQJgT.exe
  C:\Windows\System\UNqQJgT.exe
  2⤵
  PID:4048
- C:\Windows\System\sksUewi.exe
  C:\Windows\System\sksUewi.exe
  2⤵
  PID:4064
- C:\Windows\System\bTclNPG.exe
  C:\Windows\System\bTclNPG.exe
  2⤵
  PID:4080
- C:\Windows\System\tuPTGPz.exe
  C:\Windows\System\tuPTGPz.exe
  2⤵
  PID:3076
- C:\Windows\System\cXXgCDX.exe
  C:\Windows\System\cXXgCDX.exe
  2⤵
  PID:644
- C:\Windows\System\SlgczMT.exe
  C:\Windows\System\SlgczMT.exe
  2⤵
  PID:580
- C:\Windows\System\hjxiqPP.exe
  C:\Windows\System\hjxiqPP.exe
  2⤵
  PID:3092
- C:\Windows\System\GMzoJSI.exe
  C:\Windows\System\GMzoJSI.exe
  2⤵
  PID:1788
- C:\Windows\System\NKikXui.exe
  C:\Windows\System\NKikXui.exe
  2⤵
  PID:2128
- C:\Windows\System\OlwCBFn.exe
  C:\Windows\System\OlwCBFn.exe
  2⤵
  PID:2528
- C:\Windows\System\JjVBGiG.exe
  C:\Windows\System\JjVBGiG.exe
  2⤵
  PID:3264
- C:\Windows\System\jqTjvTJ.exe
  C:\Windows\System\jqTjvTJ.exe
  2⤵
  PID:3328
- C:\Windows\System\KEwmQKi.exe
  C:\Windows\System\KEwmQKi.exe
  2⤵
  PID:3308
- C:\Windows\System\GAcaIAV.exe
  C:\Windows\System\GAcaIAV.exe
  2⤵
  PID:3344
- C:\Windows\System\KEpVqve.exe
  C:\Windows\System\KEpVqve.exe
  2⤵
  PID:3384
- C:\Windows\System\UcbarpD.exe
  C:\Windows\System\UcbarpD.exe
  2⤵
  PID:3416
- C:\Windows\System\LLdaBDI.exe
  C:\Windows\System\LLdaBDI.exe
  2⤵
  PID:3444
- C:\Windows\System\QaLGztR.exe
  C:\Windows\System\QaLGztR.exe
  2⤵
  PID:3456
- C:\Windows\System\lEXHIgl.exe
  C:\Windows\System\lEXHIgl.exe
  2⤵
  PID:3572
- C:\Windows\System\wOHRDXt.exe
  C:\Windows\System\wOHRDXt.exe
  2⤵
  PID:3624
- C:\Windows\System\RJDrEuw.exe
  C:\Windows\System\RJDrEuw.exe
  2⤵
  PID:3556
- C:\Windows\System\rJaAyxp.exe
  C:\Windows\System\rJaAyxp.exe
  2⤵
  PID:3520
- C:\Windows\System\XlCbayg.exe
  C:\Windows\System\XlCbayg.exe
  2⤵
  PID:3656
- C:\Windows\System\soIYbzE.exe
  C:\Windows\System\soIYbzE.exe
  2⤵
  PID:3704
- C:\Windows\System\dVrtoxj.exe
  C:\Windows\System\dVrtoxj.exe
  2⤵
  PID:3684
- C:\Windows\System\jsIQGVy.exe
  C:\Windows\System\jsIQGVy.exe
  2⤵
  PID:3752
- C:\Windows\System\HJxvehg.exe
  C:\Windows\System\HJxvehg.exe
  2⤵
  PID:3820
- C:\Windows\System\ORNkYMI.exe
  C:\Windows\System\ORNkYMI.exe
  2⤵
  PID:3864
- C:\Windows\System\ciNKQCs.exe
  C:\Windows\System\ciNKQCs.exe
  2⤵
  PID:3932
- C:\Windows\System\XphrkKh.exe
  C:\Windows\System\XphrkKh.exe
  2⤵
  PID:4004
- C:\Windows\System\DMDCbny.exe
  C:\Windows\System\DMDCbny.exe
  2⤵
  PID:4076
- C:\Windows\System\LUyiTRn.exe
  C:\Windows\System\LUyiTRn.exe
  2⤵
  PID:3768
- C:\Windows\System\YOilkkq.exe
  C:\Windows\System\YOilkkq.exe
  2⤵
  PID:3848
- C:\Windows\System\SaHzZdJ.exe
  C:\Windows\System\SaHzZdJ.exe
  2⤵
  PID:1532
- C:\Windows\System\JzqdZhM.exe
  C:\Windows\System\JzqdZhM.exe
  2⤵
  PID:1192
- C:\Windows\System\jwxEnWm.exe
  C:\Windows\System\jwxEnWm.exe
  2⤵
  PID:3200
- C:\Windows\System\YSDVhSD.exe
  C:\Windows\System\YSDVhSD.exe
  2⤵
  PID:3188
- C:\Windows\System\IPVXdWK.exe
  C:\Windows\System\IPVXdWK.exe
  2⤵
  PID:3244
- C:\Windows\System\TjovANX.exe
  C:\Windows\System\TjovANX.exe
  2⤵
  PID:488
- C:\Windows\System\XQNOWXv.exe
  C:\Windows\System\XQNOWXv.exe
  2⤵
  PID:3944
- C:\Windows\System\mjcaARm.exe
  C:\Windows\System\mjcaARm.exe
  2⤵
  PID:3988
- C:\Windows\System\nSOvlhT.exe
  C:\Windows\System\nSOvlhT.exe
  2⤵
  PID:4060
- C:\Windows\System\IchFxRB.exe
  C:\Windows\System\IchFxRB.exe
  2⤵
  PID:3260
- C:\Windows\System\GBIxhGS.exe
  C:\Windows\System\GBIxhGS.exe
  2⤵
  PID:3424
- C:\Windows\System\uPdaclW.exe
  C:\Windows\System\uPdaclW.exe
  2⤵
  PID:3280
- C:\Windows\System\xVfBKcT.exe
  C:\Windows\System\xVfBKcT.exe
  2⤵
  PID:3448
- C:\Windows\System\lAUDgce.exe
  C:\Windows\System\lAUDgce.exe
  2⤵
  PID:3576
- C:\Windows\System\OVDWlUL.exe
  C:\Windows\System\OVDWlUL.exe
  2⤵
  PID:3620
- C:\Windows\System\llEcDeq.exe
  C:\Windows\System\llEcDeq.exe
  2⤵
  PID:3636
- C:\Windows\System\FDmzQdA.exe
  C:\Windows\System\FDmzQdA.exe
  2⤵
  PID:3788
- C:\Windows\System\UBmqpEo.exe
  C:\Windows\System\UBmqpEo.exe
  2⤵
  PID:2408
- C:\Windows\System\oXXphiN.exe
  C:\Windows\System\oXXphiN.exe
  2⤵
  PID:3732
- C:\Windows\System\HAHKAHj.exe
  C:\Windows\System\HAHKAHj.exe
  2⤵
  PID:3748
- C:\Windows\System\URJTNsm.exe
  C:\Windows\System\URJTNsm.exe
  2⤵
  PID:3736
- C:\Windows\System\bqaeoWJ.exe
  C:\Windows\System\bqaeoWJ.exe
  2⤵
  PID:3128
- C:\Windows\System\fmYXMDV.exe
  C:\Windows\System\fmYXMDV.exe
  2⤵
  PID:3984
- C:\Windows\System\aSljdZo.exe
  C:\Windows\System\aSljdZo.exe
  2⤵
  PID:3804
- C:\Windows\System\wiSlIgd.exe
  C:\Windows\System\wiSlIgd.exe
  2⤵
  PID:3400
- C:\Windows\System\Kkrsgor.exe
  C:\Windows\System\Kkrsgor.exe
  2⤵
  PID:3544
- C:\Windows\System\PdmgfZa.exe
  C:\Windows\System\PdmgfZa.exe
  2⤵
  PID:3616
- C:\Windows\System\FhcJvbO.exe
  C:\Windows\System\FhcJvbO.exe
  2⤵
  PID:3112
- C:\Windows\System\XytyZXr.exe
  C:\Windows\System\XytyZXr.exe
  2⤵
  PID:3900
- C:\Windows\System\iRhhTmB.exe
  C:\Windows\System\iRhhTmB.exe
  2⤵
  PID:3912
- C:\Windows\System\UiPhXCb.exe
  C:\Windows\System\UiPhXCb.exe
  2⤵
  PID:3380
- C:\Windows\System\IeWxpeV.exe
  C:\Windows\System\IeWxpeV.exe
  2⤵
  PID:3712
- C:\Windows\System\rynGNXU.exe
  C:\Windows\System\rynGNXU.exe
  2⤵
  PID:4072
- C:\Windows\System\PcqCgmw.exe
  C:\Windows\System\PcqCgmw.exe
  2⤵
  PID:3668
- C:\Windows\System\FDZYhBE.exe
  C:\Windows\System\FDZYhBE.exe
  2⤵
  PID:3860
- C:\Windows\System\CCurWFn.exe
  C:\Windows\System\CCurWFn.exe
  2⤵
  PID:3968
- C:\Windows\System\dQyWiuZ.exe
  C:\Windows\System\dQyWiuZ.exe
  2⤵
  PID:2636
- C:\Windows\System\IwkFmbR.exe
  C:\Windows\System\IwkFmbR.exe
  2⤵
  PID:3248
- C:\Windows\System\XvTolZr.exe
  C:\Windows\System\XvTolZr.exe
  2⤵
  PID:4092
- C:\Windows\System\SVbyRHx.exe
  C:\Windows\System\SVbyRHx.exe
  2⤵
  PID:4056
- C:\Windows\System\EzprhEs.exe
  C:\Windows\System\EzprhEs.exe
  2⤵
  PID:3276
- C:\Windows\System\WMritqJ.exe
  C:\Windows\System\WMritqJ.exe
  2⤵
  PID:3688
- C:\Windows\System\OJpgjNF.exe
  C:\Windows\System\OJpgjNF.exe
  2⤵
  PID:3608
- C:\Windows\System\VkzkXhC.exe
  C:\Windows\System\VkzkXhC.exe
  2⤵
  PID:4108
- C:\Windows\System\HGElDjy.exe
  C:\Windows\System\HGElDjy.exe
  2⤵
  PID:4124
- C:\Windows\System\GJyumoP.exe
  C:\Windows\System\GJyumoP.exe
  2⤵
  PID:4140
- C:\Windows\System\KDOzTie.exe
  C:\Windows\System\KDOzTie.exe
  2⤵
  PID:4160
- C:\Windows\System\TJZERsz.exe
  C:\Windows\System\TJZERsz.exe
  2⤵
  PID:4176
- C:\Windows\System\zksErVF.exe
  C:\Windows\System\zksErVF.exe
  2⤵
  PID:4200
- C:\Windows\System\pgLAMgh.exe
  C:\Windows\System\pgLAMgh.exe
  2⤵
  PID:4216
- C:\Windows\System\DsCbrES.exe
  C:\Windows\System\DsCbrES.exe
  2⤵
  PID:4232
- C:\Windows\System\uXfZTRh.exe
  C:\Windows\System\uXfZTRh.exe
  2⤵
  PID:4252
- C:\Windows\System\OMdAhvV.exe
  C:\Windows\System\OMdAhvV.exe
  2⤵
  PID:4272
- C:\Windows\System\UnZfRoy.exe
  C:\Windows\System\UnZfRoy.exe
  2⤵
  PID:4292
- C:\Windows\System\CtfrWXu.exe
  C:\Windows\System\CtfrWXu.exe
  2⤵
  PID:4312
- C:\Windows\System\iuqkEbE.exe
  C:\Windows\System\iuqkEbE.exe
  2⤵
  PID:4328
- C:\Windows\System\OubzcoN.exe
  C:\Windows\System\OubzcoN.exe
  2⤵
  PID:4348
- C:\Windows\System\HhoDNuP.exe
  C:\Windows\System\HhoDNuP.exe
  2⤵
  PID:4364
- C:\Windows\System\PFuuEco.exe
  C:\Windows\System\PFuuEco.exe
  2⤵
  PID:4384
- C:\Windows\System\XteIUwi.exe
  C:\Windows\System\XteIUwi.exe
  2⤵
  PID:4400
- C:\Windows\System\ZRHNwaA.exe
  C:\Windows\System\ZRHNwaA.exe
  2⤵
  PID:4428
- C:\Windows\System\looepCa.exe
  C:\Windows\System\looepCa.exe
  2⤵
  PID:4444
- C:\Windows\System\mowogNZ.exe
  C:\Windows\System\mowogNZ.exe
  2⤵
  PID:4464
- C:\Windows\System\lDRedCQ.exe
  C:\Windows\System\lDRedCQ.exe
  2⤵
  PID:4484
- C:\Windows\System\rBrrIhZ.exe
  C:\Windows\System\rBrrIhZ.exe
  2⤵
  PID:4504
- C:\Windows\System\PClYUSY.exe
  C:\Windows\System\PClYUSY.exe
  2⤵
  PID:4524
- C:\Windows\System\UxXqEwb.exe
  C:\Windows\System\UxXqEwb.exe
  2⤵
  PID:4544
- C:\Windows\System\ydpORlX.exe
  C:\Windows\System\ydpORlX.exe
  2⤵
  PID:4560
- C:\Windows\System\QFvSfVZ.exe
  C:\Windows\System\QFvSfVZ.exe
  2⤵
  PID:4580
- C:\Windows\System\wbJNFcw.exe
  C:\Windows\System\wbJNFcw.exe
  2⤵
  PID:4608
- C:\Windows\System\NohdpZX.exe
  C:\Windows\System\NohdpZX.exe
  2⤵
  PID:4628
- C:\Windows\System\VxDKvNc.exe
  C:\Windows\System\VxDKvNc.exe
  2⤵
  PID:4652
- C:\Windows\System\pnNMyoP.exe
  C:\Windows\System\pnNMyoP.exe
  2⤵
  PID:4680
- C:\Windows\System\BsyWZxX.exe
  C:\Windows\System\BsyWZxX.exe
  2⤵
  PID:4696
- C:\Windows\System\UzfRmbR.exe
  C:\Windows\System\UzfRmbR.exe
  2⤵
  PID:4716
- C:\Windows\System\bHxeCyY.exe
  C:\Windows\System\bHxeCyY.exe
  2⤵
  PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCAACGJ.exe

Filesize
2.0MB

MD5
fa34742baffd52ee1c18ffafe14035fd

SHA1
49b338fe76d39e9c13c62eb4c3b4cdfd595c8fa8

SHA256
7694c570cc27f519b14fd2ac311c131a75c4c2c09a1b2f6865dccaaf74e5c7ce

SHA512
604afbbe4353d587e17e6e54bd45d9ed13398bab1d8564bb5b8a7283f42b3252acbcc9a7e23a61b16e421413d21c07ce03aa18cdcbb4d0f8189f5b488bb6ccf8

Download Submit
C:\Windows\system\CBaQlzK.exe

Filesize
2.0MB

MD5
3ddbc11c3448272a43cb3a802a4fa360

SHA1
b838117c139180c9328874631f305c63c5f830f4

SHA256
585b2308b6d31deddf49910d3f7c3354459d13cd4f71daa7568d0e268f9a27ef

SHA512
c9020fa03cf23c10549637fbdf480b55c410b8462abc9838f062772aac3a92412c169f140f2befcca695f26e7eb0bbbb203d817aa02adad06e5de1e0ae30f005

Download Submit
C:\Windows\system\CUdmuPX.exe

Filesize
2.0MB

MD5
79ebdcdb9bec802093f590c37f9362d7

SHA1
658bae608d75dbae04d32287db292efb2487391b

SHA256
8018107db4896d61343a71dbac3301ad562e2edeb9f688802a91fa75a3070fe5

SHA512
d78c94f2cec8cc2afad1a8b4d1f2bfd37f4f005e72661425741a197c0dbfee35ecafba13ebc2684c8dcfc00f3f7b0979e19a528285458f826e5ba730b23870ae

Download Submit
C:\Windows\system\EAZyYeL.exe

Filesize
2.0MB

MD5
92bf9c95815458c50b5c3183651cbc06

SHA1
1698a7d59d0bcbf2f73683369f92c512247c6bda

SHA256
fb3feac0bd02414c6c1f5b12c2a85abb6052aa634dcdc2e819479adda4070def

SHA512
c61a38d496139d4bd26ada6b94f61d512b1a7db1227cbef1ec2e457f7df30b25fb001f4b7e33345dc8f1771d75020e5e270e214b935434c2c50f913d1f6a1f6b

Download Submit
C:\Windows\system\FVRoSBS.exe

Filesize
2.0MB

MD5
36d943b567d37b3dcb59ce171b3ece3d

SHA1
b1e839e880ce5c9c63ec8cefa70ac471b5a6f7cd

SHA256
95efb5ef7256fef3f54000e6e8d67c79dc5591def6afbd1eb0061ed19036643c

SHA512
919bc264da97ccf5f2d98dd681c343efdd99b88ea657859ada5825936398f242949a4a1fbe74ea757ba8ca58510a0f5d688cc3c5d0e2ef3f46e5945a4b5d1182

Download Submit
C:\Windows\system\HBhhxgu.exe

Filesize
2.0MB

MD5
3822cd2a9f69e5702d440c864e3d40c9

SHA1
fc06c59b6b928a933dcd36f3ffb20803d6b019d1

SHA256
d6de65f026ecee7607335c3d84ada9bdd5540c9b1f1b02ef3241d535ac8b3e6c

SHA512
850e2bf5eeb34c32ccac05b998f201464cc6ccdba36618f75b047bf8872c5c632f6e05c1fadd31397fa74b3d720abc637b71ce1ec2a60096a68f788bfdb54694

Download Submit
C:\Windows\system\IDScFaM.exe

Filesize
2.0MB

MD5
116bff6dd3a44f5612644567d1d2b786

SHA1
4b2bc9c2d3d2b05212d54ebfa53a457e4d0ebe66

SHA256
4652af74421ae0ee69fa49981d546e2ac26989a7f90818c8ef75c953dd99ceb5

SHA512
bc3e91c6a9c695546d8214b285c9a99c2bad282ab68320456688d8d0682083bfc88dd4ade95d36cc65bb492feabd783a73e8b2fcd94112433dbb6ee014c7d34c

Download Submit
C:\Windows\system\LUAdfkU.exe

Filesize
2.0MB

MD5
8f0e34d08630cc5148ea3efba4137781

SHA1
dfa0521a07678874df6595ddb490eb7ecf5596bd

SHA256
edf89bf326d8dbfdf0dfc0de3ba2690dbf4e5d05466b410ab3ba0242a1331dba

SHA512
e4f0045c1cce44dce5f10887ae19a29806ecf7dfaf3b752512c771dcf3ef200e49d932de125b170452f9115a73f3fc45826946d1af6e74f443e2d1ddb7b60cd6

Download Submit
C:\Windows\system\PrgpVVp.exe

Filesize
2.0MB

MD5
b1eca83f8d5a3bbc4f1870fd52d49093

SHA1
a3f4a2294a68d8105560660e2563d391570c2102

SHA256
e0f11775a5fe5b6866c32095bcdc04626fe5090cac22737e2a27d2a263ad4dcd

SHA512
9a1933c74c111a40318ce58de08e1755fba37025946f3314b4377e3e9359c17eeeed18810b5611c77a99425beb6b564b395fe18db87b0a73d68ad1eca3f47eb1

Download Submit
C:\Windows\system\RYInAXc.exe

Filesize
2.0MB

MD5
ed18ebc32865eb63a964c9f5da14277b

SHA1
04426d5fc46acead9e42bc1b62b989f49f0a8b9c

SHA256
b588c7b66e4578966b82383748d136876089494af6a0eb805a80109cb22b4dc9

SHA512
71829d973ad05ec663e34acb0bc738796368c0efd1499242ca071f2894d84eefba0b155867c16227c6561c03bb074ac102b3bd3a37164eb7569d3173e94aef59

Download Submit
C:\Windows\system\RgFEQlI.exe

Filesize
2.0MB

MD5
cc8323f57a4a34d54b0a281c0770d72f

SHA1
b3fc4ad2a3ea7de2936ef2bb8f134d6ca13e9058

SHA256
076f6e282fd7949fe83d27c3fc3a574945afd6ce592b7049d776ffe4d5e75c22

SHA512
609d97e91173ea3b52c687a6fcdde1ef5c1228c6a51c22b94ffae258c166fd102553a94ae349e10275baa121db5c87b1863d3714b209dc5c65300c406131ba24

Download Submit
C:\Windows\system\RicUial.exe

Filesize
2.0MB

MD5
abff56fa02f3395fa0d0633a213dcee3

SHA1
30c7baf7623bda858d74976c40b6bee95063f9f4

SHA256
e0b7eb484279951d95e1e6a842958d91631c33973ee690d9384d08ed5a48a865

SHA512
5a9f24e763d947883b2050c2e116dd9d0b470bc2ab255ec4668ea8b34b584bc8ca7e36fc985e1f92a8a0d5f2fe1ff23972f962920455a9c4457a3ae1e439f790

Download Submit
C:\Windows\system\TLisKTa.exe

Filesize
2.0MB

MD5
0f20ce96c816c674443faa5c7845fc66

SHA1
9c425b766047c76f60087db0a17e9fec31bbe9dd

SHA256
8bb504420afe12e32990fe1fe6233bf89dbdf30e3c052603815845ec1ecb3c93

SHA512
0cd4151b10f3c5f9c121223c94b1a252dfcce614b20b0ad544548a89f7dec86ac706e98339e85ef384ece3142420d6ef45caa10ff62c504889eb36b2161c2fb3

Download Submit
C:\Windows\system\UPfUoBV.exe

Filesize
2.0MB

MD5
321f41156281336f44b953eb67922f0a

SHA1
5311920170a65e3921b362a323e85f0b3e27b29e

SHA256
68dfe3ceaaad0bc14086bc690952944c89cba962dfb56ab3f6574a94c9792193

SHA512
858189b391d05b84053c290837a59fb5af2f01d5df0159967686c280e5024ed9bf49a34b363cd7532d923b6ac2f4ec6bc6daaf1aea422f6b9f4f725626d5b618

Download Submit
C:\Windows\system\XAJziiI.exe

Filesize
2.0MB

MD5
7d1b33470fc1277d925c7d96c2a7b15c

SHA1
6634854761729da29fcd50d3c31d14bfadf80a71

SHA256
9369ac8ac7c3f84a0ad983394f9925afdd27cdd584d020674fe4b0a0b26987ae

SHA512
97e8b72cf96738ec836306da72ce133cda211765ef42cf99c0fe38cef9a67127166248b36d60d1b6e7c5c7e2256e7c1dc1735c526d60e19b12b2af8629b396ff

Download Submit
C:\Windows\system\XSyJILQ.exe

Filesize
2.0MB

MD5
c3fc28dcb3cc81fafb878f75f98f95a6

SHA1
7310c02915755e89054e6492c5a49568b59d4c6b

SHA256
dba5c0856d4a41091aa781882f92f1233ab9599209c19921e0fbb2e45240fa9e

SHA512
155d327c882ddecfd71c5527865b73b8c7e0d09f35f28167f46806dc11774bc16b3a077ddf7a8ce3361b0d86ca19d0c0c0474b5aec4b97cd4694098e06edbb5c

Download Submit
C:\Windows\system\ZbENTqE.exe

Filesize
2.0MB

MD5
69a78a11995938c2ee05c0daf6860dc6

SHA1
e6ae60a50707d9375208016079e00569da1ab8b7

SHA256
f08eb05a4d925eb4b498af37ba20a83d0c1488465f66f48577e32f5eeb4b0d1e

SHA512
a3960398efe551e29c1c21b4303c6a2ecc25f84fad5a6f529f8a8ce419958ff748c024d2fa97919ceb51d85a4d461d9b8d2b9772493803d132346e4fcdc12edf

Download Submit
C:\Windows\system\Zzdnggn.exe

Filesize
2.0MB

MD5
496bae6a75cafe6fe1a5819d7681591e

SHA1
8d662d871669779c35e3ee8e8aca301dbb77d21f

SHA256
7d7cd36209e5a9aa58ff773b9a8d4ea475f9e93bb28a5875262472dd95c3e71a

SHA512
96c0b965b0c9a191bef4366a339dc2a3064c1be9634ab45be8b64da990cd396a71aa5abf742bb364284db757838b638df1078750938e3313a8f62b3c535d4b3d

Download Submit
C:\Windows\system\aCckwev.exe

Filesize
2.0MB

MD5
b5e86c607136fd5432c931d983d73919

SHA1
c09b514b680e2b9c06ff1a7a2cc85f6491668e96

SHA256
cdc9131d708e5a05c4c8b59f50b25a3a93f0eaa1847cf2860c521625a3a4ff76

SHA512
4fb3c34bea8553f9c273b509bb057ca4b9dbebeeec684b94b72393f1c8f858b5ff653a4b4a73d4766e677d4cdcfbc982f81017911dc6aa218ede1b83c315212a

Download Submit
C:\Windows\system\bQvYcCx.exe

Filesize
2.0MB

MD5
0cbf8113f4e5d12d52f1906f3e617e2e

SHA1
b4ca4534085b42be034b775978db7b2550e9e7d7

SHA256
903ebc5d1e6275bbfc5e62fdb7e7c9aedcd4ac99bccb37cac91f2aac24e66301

SHA512
bb6710b29b43d6fbdc185a0c4c8a98126251379a3d91df6e937bdcda27d10f95b739a906c97bf8ae6e071ac15350d46def4b7a65bd038794bd4efc9aaef71743

Download Submit
C:\Windows\system\gbYMOEh.exe

Filesize
2.0MB

MD5
84b6e463afbf6b074dcb287e7f4a60af

SHA1
082754ae1498712e8bf01e5b39e8d8a90ecf350b

SHA256
6a54ada9337885d8909c4fe4f8ed043d2bc4372043c09b93cba2634a1401b90f

SHA512
206a475b1a39ebee4ceca69b45f860af422588a7f43e21afb26109e1d58358d70fd7eb147780904357687dd7ff627c8164022448597908231dfb42124b95f415

Download Submit
C:\Windows\system\iTORhYN.exe

Filesize
2.0MB

MD5
64ce1a24a84b38f77992aa7b48e3a3c1

SHA1
c88b32332f0f03ad2270499efd5bc15ca82c4b48

SHA256
4a63d32697093f273505f015d83ad7ddc7fb98c4f83ba0ea7efc5565f7a25e13

SHA512
37780773391d676ddf127b4ee2e6f86e6752f7d9f513b057aed16644392d33906a601faa87095475d6d4e7ed107d9b37d2ac4ceeb7571a5d78c3aea506f5b232

Download Submit
C:\Windows\system\jIHihND.exe

Filesize
2.0MB

MD5
2998e77df580dc16be2a128482e0fa16

SHA1
89b65bc459fdd7fd1f81ee06ffffe890fefa4afd

SHA256
fd52f19004b5a30930362476c22307bea9b7fbfd03941fb6336545fd4331e6cc

SHA512
c2ce8a7d6fa86c3b643810006455147a07d7033f6ac0b09cbb3485454bbc11ebedde487a0836ba22434d1ba931ba59f00e6f3f6261625493a02c5e34e6fc9710

Download Submit
C:\Windows\system\oSvQKlR.exe

Filesize
2.0MB

MD5
c178671126d34e61eb83da4b10c78ea5

SHA1
46b3d6142ffcc77a1b5e3ca4efd703d488bd4563

SHA256
be87d638fd92b70c3493fa48cd9f4357e4732d82b35585457d92b35e86005be3

SHA512
96fd6107a2263680971922bd8b15c1093532c0f9e0b8361f22d415148fd9333eacc8a52120623313ae335be8076dba853e39ce9a9af5ebe63cea4dfa8b8dd1a3

Download Submit
C:\Windows\system\qlgpDYn.exe

Filesize
2.0MB

MD5
4027ef69858c1febb5b790b526b85ef6

SHA1
710bee76087a4bf280fde357eff844c1b7e8e901

SHA256
c058164a9a610e637499cc726c149b60ffdf4d0271f0d5cf9d6a92f61444370c

SHA512
a39a85c35a8123b01f3531882cc21479d54d1bbb11f120933e828f3e9024905599470a4b115fdca94b3af847d057f3e18ea44106c15b0064eaf98b2051d869e2

Download Submit
C:\Windows\system\sjLGduc.exe

Filesize
2.0MB

MD5
34ce5a20d1e6ab25d535c7e3e1cfeed9

SHA1
7f8887691c6a2f84c543b35e6b9330e1934b452e

SHA256
60261e8d7ae095cb873f59788e62a7b7a5a1f5ff90b866e1fad688ba1036e7b1

SHA512
98e9935343d0779cad46fadd0def31b75c8b4f6f57e8ec12603904ed4c89788e1a2e8a55f05a463913e0c6f2364c7ad48b838bb41b4baf4be02ed06d5b923959

Download Submit
C:\Windows\system\uEwdqum.exe

Filesize
2.0MB

MD5
effed576f1a4aea2ad2961b5e2ac593f

SHA1
6ce43554e89e6bd4729075f42cbd63078aed6cc5

SHA256
c7fe0d22b13a7a3c5fa1589be89e760cbab292d8f610c0c334a451e3165f3469

SHA512
f507bc702c3284cb191233ac75929560bdbe19ca5b3f72af86071a4afae57a8709e1a1dc3646042978706a0ef6927f0a58b368cb29882b3de5be6e96dd57f58e

Download Submit
C:\Windows\system\wHqQCYR.exe

Filesize
2.0MB

MD5
3dd9cb529e340ea76772d80c2973d972

SHA1
64f945a65a70adf48ef5df9fabadfdb2c9147fd3

SHA256
37b1788ce129475e474db03b74b9f3c387aa8a9cdd0b07466fdb3b72836aa694

SHA512
37985f6ed116dc5c2697fa04f7ef93a74e925edfb018cb18b2063bba429ff1b664243b42ea4d0b0348284125f3889685f2272d49c0850a7c328af964561db701

Download Submit
C:\Windows\system\zLKXwWN.exe

Filesize
2.0MB

MD5
b64cc4930123da664d57364179e2f865

SHA1
b06b2ad9ddfc4a4f83a6c11ca53928f59228d233

SHA256
9434b905ebfcd7056418912b2094f689f6416a277e8baf5bdea26368267d302b

SHA512
355b3c4fa384e9a3011bad5f90fc330331aa7f300f83913d578e65a5e1d86274014f6fa1aaca71519034326aba1ce9c37194db8e4377897447224e0b48eb8948

Download Submit
\Windows\system\MPUMTKQ.exe

Filesize
2.0MB

MD5
f41b02de29506ef375588c76ead6450a

SHA1
ec9ba5309abfd7c86ea9ee359c027d7fc2486b3e

SHA256
a9f403ec73a888fb2397c9037b82d822d791edfa767ed81dcb42797b2379c6e9

SHA512
78c24c39e9c6015d71dcd9910ddee57438f1c4ae0047bf0533e4c4a0fd7804774fc5b539db594c1ee9ab6fd904c7a81c37cccdd7883d47ff59fef3b5f58171a4

Download Submit
\Windows\system\YhFdtWC.exe

Filesize
2.0MB

MD5
033f4364f9cf346a6f92889b866402d5

SHA1
fa376bcb9290248ecb3e77c58fd0f477bb063387

SHA256
b155c0af500033c72717dce6dc2d433de4edf28769edac9d1ed98d34bb18c1f4

SHA512
fecb4db30fc3bf87c1d888b434b1a61338788e21cb0269c6ce8beff9489ac0915810530d923b44d2b8ed301624eaa49f6a6df16a8a78862dd79cccee3a70e18b

Download Submit
\Windows\system\pIdSDxM.exe

Filesize
2.0MB

MD5
6ade20dcb6c7d5d10f2034857bce3dad

SHA1
98a504ac32c18b586f382032ac95cd6872044452

SHA256
a3dc6d36b6d719621a024b2512b9712f09d9ff9dadfb1f3c2ce1427f094b716d

SHA512
0d4426ee3bdea3e85023da052eb621657509e3f0869982dd7f0cc23a215b89cfcb5907bbc3979bf85359045db50ca3d9f9db5d92bb706a697ce63bb95044f91b

Download Submit
memory/2744-0-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download