kpot | 1361c8919f0da9d7be8c556cef04d52c07aa0f9f1cd1b91a5a1ede66b44e6200

Analysis

max time kernel
137s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
Size

2.0MB
MD5

1cac21473b2872d3ed6b34a2180ee0c0
SHA1

ff936241f266efa2744c528e15a41a1c90b329a2
SHA256

1361c8919f0da9d7be8c556cef04d52c07aa0f9f1cd1b91a5a1ede66b44e6200
SHA512

22e92f27c7d53c7b781b4443b20b5acc5f6d928e43d12c6e07c1c85fb89212d6d214bbf1b0f0e550476f55bb39775bffc08546465a8592121c2247d6a3ddaab9
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Ov:GemTLkNdfE0pZaQU

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000c00000001565d-2.dat	family_kpot
behavioral1/files/0x002c000000015cb6-7.dat	family_kpot
behavioral1/files/0x0007000000015d20-14.dat	family_kpot
behavioral1/files/0x0007000000015d42-19.dat	family_kpot
behavioral1/files/0x0007000000015d4e-22.dat	family_kpot
behavioral1/files/0x0009000000015d5f-27.dat	family_kpot
behavioral1/files/0x0009000000015d6b-34.dat	family_kpot
behavioral1/files/0x000700000001658a-35.dat	family_kpot
behavioral1/files/0x0006000000016851-48.dat	family_kpot
behavioral1/files/0x0006000000016adc-52.dat	family_kpot
behavioral1/files/0x0006000000016c5e-60.dat	family_kpot
behavioral1/files/0x0006000000016c44-57.dat	family_kpot
behavioral1/files/0x0006000000016616-42.dat	family_kpot
behavioral1/files/0x0006000000016cb0-76.dat	family_kpot
behavioral1/files/0x0006000000016d07-87.dat	family_kpot
behavioral1/files/0x0006000000016cdc-82.dat	family_kpot
behavioral1/files/0x0006000000016d20-97.dat	family_kpot
behavioral1/files/0x0006000000016d3a-108.dat	family_kpot
behavioral1/files/0x0006000000016d43-119.dat	family_kpot
behavioral1/files/0x0006000000016d9d-139.dat	family_kpot
behavioral1/files/0x0006000000016dbe-159.dat	family_kpot
behavioral1/files/0x0006000000016db9-154.dat	family_kpot
behavioral1/files/0x0006000000016db1-149.dat	family_kpot
behavioral1/files/0x0006000000016da5-144.dat	family_kpot
behavioral1/files/0x0006000000016d8e-134.dat	family_kpot
behavioral1/files/0x0006000000016d74-129.dat	family_kpot
behavioral1/files/0x0006000000016d5f-124.dat	family_kpot
behavioral1/files/0x0006000000016d3e-114.dat	family_kpot
behavioral1/files/0x0006000000016d34-104.dat	family_kpot
behavioral1/files/0x0006000000016d18-92.dat	family_kpot
behavioral1/files/0x0006000000016c64-74.dat	family_kpot
behavioral1/files/0x002c000000015ccd-69.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000c00000001565d-2.dat	xmrig
behavioral1/files/0x002c000000015cb6-7.dat	xmrig
behavioral1/files/0x0007000000015d20-14.dat	xmrig
behavioral1/files/0x0007000000015d42-19.dat	xmrig
behavioral1/files/0x0007000000015d4e-22.dat	xmrig
behavioral1/files/0x0009000000015d5f-27.dat	xmrig
behavioral1/files/0x0009000000015d6b-34.dat	xmrig
behavioral1/files/0x000700000001658a-35.dat	xmrig
behavioral1/files/0x0006000000016851-48.dat	xmrig
behavioral1/files/0x0006000000016adc-52.dat	xmrig
behavioral1/files/0x0006000000016c5e-60.dat	xmrig
behavioral1/files/0x0006000000016c44-57.dat	xmrig
behavioral1/files/0x0006000000016616-42.dat	xmrig
behavioral1/files/0x0006000000016cb0-76.dat	xmrig
behavioral1/files/0x0006000000016d07-87.dat	xmrig
behavioral1/files/0x0006000000016cdc-82.dat	xmrig
behavioral1/files/0x0006000000016d20-97.dat	xmrig
behavioral1/files/0x0006000000016d3a-108.dat	xmrig
behavioral1/files/0x0006000000016d43-119.dat	xmrig
behavioral1/files/0x0006000000016d9d-139.dat	xmrig
behavioral1/files/0x0006000000016dbe-159.dat	xmrig
behavioral1/files/0x0006000000016db9-154.dat	xmrig
behavioral1/files/0x0006000000016db1-149.dat	xmrig
behavioral1/files/0x0006000000016da5-144.dat	xmrig
behavioral1/files/0x0006000000016d8e-134.dat	xmrig
behavioral1/files/0x0006000000016d74-129.dat	xmrig
behavioral1/files/0x0006000000016d5f-124.dat	xmrig
behavioral1/files/0x0006000000016d3e-114.dat	xmrig
behavioral1/files/0x0006000000016d34-104.dat	xmrig
behavioral1/files/0x0006000000016d18-92.dat	xmrig
behavioral1/files/0x0006000000016c64-74.dat	xmrig
behavioral1/files/0x002c000000015ccd-69.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1936	odFWwPL.exe
2224	fUrnVge.exe
2504	CQrjttY.exe
2520	gUTyUHf.exe
2632	HKxAAFf.exe
2564	SdajfIX.exe
2544	QinHtMh.exe
2664	bgPKuqS.exe
1732	auYAHnf.exe
2860	WwVbOQk.exe
2524	mZboTez.exe
2412	TZhyXaL.exe
2460	XdLLext.exe
2864	eHEPaOk.exe
2272	SlhKBKa.exe
1636	mClfqSa.exe
2156	zKWpvah.exe
1612	wCeTUfT.exe
2016	UgyURuy.exe
820	QfeCFRn.exe
108	cjBEWTC.exe
2004	PsoWYdU.exe
1212	NuXutNx.exe
1268	IHLkabj.exe
1236	XyACesD.exe
2036	knRQRtF.exe
2128	tytFYzk.exe
1244	gtTklCJ.exe
2508	HVzhIEa.exe
2084	hokGBIJ.exe
792	gPbMsIm.exe
884	HjAXUba.exe
584	GJlvEDb.exe
1440	khkwYHM.exe
328	blFLYPb.exe
1812	krKQfEm.exe
1620	UZttbJJ.exe
1968	mYAKXXn.exe
3020	MevPAub.exe
1144	qibUXeY.exe
2636	EamaFdG.exe
2764	OSeoKMG.exe
1304	ByQFZtW.exe
1932	JiTFjYt.exe
1352	BYJTkls.exe
292	QBnqfOF.exe
1280	tGxQCQI.exe
1012	HulPDwo.exe
1004	lXwbIgX.exe
2140	PQWJsEj.exe
1512	EDsNmLE.exe
2096	VPJOHEy.exe
2268	gDVxrKI.exe
2928	awpWTBf.exe
3044	sTnTdlz.exe
572	pnXTwWf.exe
2792	GVZnTKo.exe
1472	HuJztjL.exe
1756	WzJBrDb.exe
2320	aQHOPEi.exe
2020	XlttfyH.exe
1284	eTgKqGT.exe
2904	bAeSXrv.exe
2612	EgEqjEx.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AiaYpqJ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\YdKvgHW.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\gKevZzG.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\hMPtgOj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\zZwcLwy.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\wMLkuOl.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\EcHjsau.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\gEnGlvd.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\zaecajF.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZkbTaek.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ubKBdMH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\QsaLtai.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\awUSdSI.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\zYhSOnX.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZyYEwPm.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\igWNVJD.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ktluwgu.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\rblEnDW.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\hMInJKq.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\dCIrzZO.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\UKaZySp.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\qDEubwc.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\FAnPUSj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ipFCLAS.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\muQbzag.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\PHmRsvO.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\fDrFFzj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ygUXFHt.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\YsiwGKy.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\MWYRIgm.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\lrmMzZf.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\noyDnwA.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\XlttfyH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\bAeSXrv.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\EgEqjEx.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\kASnxuF.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\QdtPsgs.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\AQQAttx.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\uooKPpZ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\sDFHiBY.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\FdjtOHh.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\tYyZcue.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\bgPKuqS.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\KzHjjRT.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\VOnlApQ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\qLyfIBU.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\blFLYPb.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\RxcVlWd.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\tuAQJPe.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\IBIYdgO.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\XAQJLAh.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\tLenuWD.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\RmLcHlI.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\NDhzSeq.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\gUTyUHf.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\QBnqfOF.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\cTjhNnu.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\DLmSrMu.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\RtSSNPV.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\auYAHnf.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\SlhKBKa.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\whXEqLc.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\tPHgkxN.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\IHLkabj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1936	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2696 wrote to memory of 1936	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2696 wrote to memory of 1936	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2696 wrote to memory of 2224	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2696 wrote to memory of 2224	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2696 wrote to memory of 2224	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2696 wrote to memory of 2504	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2696 wrote to memory of 2504	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2696 wrote to memory of 2504	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2696 wrote to memory of 2520	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2696 wrote to memory of 2520	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2696 wrote to memory of 2520	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2696 wrote to memory of 2632	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2696 wrote to memory of 2632	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2696 wrote to memory of 2632	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2696 wrote to memory of 2564	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2696 wrote to memory of 2564	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2696 wrote to memory of 2564	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2696 wrote to memory of 2544	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2696 wrote to memory of 2544	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2696 wrote to memory of 2544	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2696 wrote to memory of 2664	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2696 wrote to memory of 2664	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2696 wrote to memory of 2664	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2696 wrote to memory of 1732	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2696 wrote to memory of 1732	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2696 wrote to memory of 1732	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2696 wrote to memory of 2860	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2696 wrote to memory of 2860	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2696 wrote to memory of 2860	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2696 wrote to memory of 2524	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2696 wrote to memory of 2524	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2696 wrote to memory of 2524	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2696 wrote to memory of 2412	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2696 wrote to memory of 2412	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2696 wrote to memory of 2412	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2696 wrote to memory of 2460	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2696 wrote to memory of 2460	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2696 wrote to memory of 2460	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2696 wrote to memory of 2864	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2696 wrote to memory of 2864	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2696 wrote to memory of 2864	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2696 wrote to memory of 2272	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2696 wrote to memory of 2272	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2696 wrote to memory of 2272	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2696 wrote to memory of 1636	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2696 wrote to memory of 1636	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2696 wrote to memory of 1636	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2696 wrote to memory of 2156	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2696 wrote to memory of 2156	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2696 wrote to memory of 2156	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2696 wrote to memory of 1612	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2696 wrote to memory of 1612	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2696 wrote to memory of 1612	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2696 wrote to memory of 2016	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2696 wrote to memory of 2016	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2696 wrote to memory of 2016	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2696 wrote to memory of 820	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2696 wrote to memory of 820	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2696 wrote to memory of 820	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2696 wrote to memory of 108	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2696 wrote to memory of 108	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2696 wrote to memory of 108	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2696 wrote to memory of 2004	2696	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\System\odFWwPL.exe
  C:\Windows\System\odFWwPL.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\fUrnVge.exe
  C:\Windows\System\fUrnVge.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\CQrjttY.exe
  C:\Windows\System\CQrjttY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\gUTyUHf.exe
  C:\Windows\System\gUTyUHf.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\HKxAAFf.exe
  C:\Windows\System\HKxAAFf.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\SdajfIX.exe
  C:\Windows\System\SdajfIX.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\QinHtMh.exe
  C:\Windows\System\QinHtMh.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\bgPKuqS.exe
  C:\Windows\System\bgPKuqS.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\auYAHnf.exe
  C:\Windows\System\auYAHnf.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\WwVbOQk.exe
  C:\Windows\System\WwVbOQk.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\mZboTez.exe
  C:\Windows\System\mZboTez.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\TZhyXaL.exe
  C:\Windows\System\TZhyXaL.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\XdLLext.exe
  C:\Windows\System\XdLLext.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\eHEPaOk.exe
  C:\Windows\System\eHEPaOk.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\SlhKBKa.exe
  C:\Windows\System\SlhKBKa.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\mClfqSa.exe
  C:\Windows\System\mClfqSa.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\zKWpvah.exe
  C:\Windows\System\zKWpvah.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\wCeTUfT.exe
  C:\Windows\System\wCeTUfT.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\UgyURuy.exe
  C:\Windows\System\UgyURuy.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\QfeCFRn.exe
  C:\Windows\System\QfeCFRn.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\cjBEWTC.exe
  C:\Windows\System\cjBEWTC.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\PsoWYdU.exe
  C:\Windows\System\PsoWYdU.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\NuXutNx.exe
  C:\Windows\System\NuXutNx.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\IHLkabj.exe
  C:\Windows\System\IHLkabj.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\XyACesD.exe
  C:\Windows\System\XyACesD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\knRQRtF.exe
  C:\Windows\System\knRQRtF.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\tytFYzk.exe
  C:\Windows\System\tytFYzk.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gtTklCJ.exe
  C:\Windows\System\gtTklCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\HVzhIEa.exe
  C:\Windows\System\HVzhIEa.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\hokGBIJ.exe
  C:\Windows\System\hokGBIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\gPbMsIm.exe
  C:\Windows\System\gPbMsIm.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\HjAXUba.exe
  C:\Windows\System\HjAXUba.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\GJlvEDb.exe
  C:\Windows\System\GJlvEDb.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\khkwYHM.exe
  C:\Windows\System\khkwYHM.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\blFLYPb.exe
  C:\Windows\System\blFLYPb.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\krKQfEm.exe
  C:\Windows\System\krKQfEm.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\UZttbJJ.exe
  C:\Windows\System\UZttbJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\mYAKXXn.exe
  C:\Windows\System\mYAKXXn.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\MevPAub.exe
  C:\Windows\System\MevPAub.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\qibUXeY.exe
  C:\Windows\System\qibUXeY.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\EamaFdG.exe
  C:\Windows\System\EamaFdG.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\OSeoKMG.exe
  C:\Windows\System\OSeoKMG.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ByQFZtW.exe
  C:\Windows\System\ByQFZtW.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\JiTFjYt.exe
  C:\Windows\System\JiTFjYt.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\BYJTkls.exe
  C:\Windows\System\BYJTkls.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\QBnqfOF.exe
  C:\Windows\System\QBnqfOF.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\tGxQCQI.exe
  C:\Windows\System\tGxQCQI.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\HulPDwo.exe
  C:\Windows\System\HulPDwo.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\lXwbIgX.exe
  C:\Windows\System\lXwbIgX.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\PQWJsEj.exe
  C:\Windows\System\PQWJsEj.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\EDsNmLE.exe
  C:\Windows\System\EDsNmLE.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\VPJOHEy.exe
  C:\Windows\System\VPJOHEy.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\gDVxrKI.exe
  C:\Windows\System\gDVxrKI.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\awpWTBf.exe
  C:\Windows\System\awpWTBf.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\sTnTdlz.exe
  C:\Windows\System\sTnTdlz.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\pnXTwWf.exe
  C:\Windows\System\pnXTwWf.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\GVZnTKo.exe
  C:\Windows\System\GVZnTKo.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\HuJztjL.exe
  C:\Windows\System\HuJztjL.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\WzJBrDb.exe
  C:\Windows\System\WzJBrDb.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\aQHOPEi.exe
  C:\Windows\System\aQHOPEi.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\XlttfyH.exe
  C:\Windows\System\XlttfyH.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\eTgKqGT.exe
  C:\Windows\System\eTgKqGT.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\bAeSXrv.exe
  C:\Windows\System\bAeSXrv.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EgEqjEx.exe
  C:\Windows\System\EgEqjEx.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\hcbLUIV.exe
  C:\Windows\System\hcbLUIV.exe
  2⤵
  PID:2744
- C:\Windows\System\SnMqNsA.exe
  C:\Windows\System\SnMqNsA.exe
  2⤵
  PID:2572
- C:\Windows\System\pqRhmTE.exe
  C:\Windows\System\pqRhmTE.exe
  2⤵
  PID:3052
- C:\Windows\System\ZbfwbaY.exe
  C:\Windows\System\ZbfwbaY.exe
  2⤵
  PID:2660
- C:\Windows\System\tMCCXvY.exe
  C:\Windows\System\tMCCXvY.exe
  2⤵
  PID:2440
- C:\Windows\System\DKEgVaL.exe
  C:\Windows\System\DKEgVaL.exe
  2⤵
  PID:2944
- C:\Windows\System\kPQHYPm.exe
  C:\Windows\System\kPQHYPm.exe
  2⤵
  PID:2808
- C:\Windows\System\cLcddcy.exe
  C:\Windows\System\cLcddcy.exe
  2⤵
  PID:2372
- C:\Windows\System\EkrySxY.exe
  C:\Windows\System\EkrySxY.exe
  2⤵
  PID:2516
- C:\Windows\System\pDpHIhB.exe
  C:\Windows\System\pDpHIhB.exe
  2⤵
  PID:1592
- C:\Windows\System\XaieTmP.exe
  C:\Windows\System\XaieTmP.exe
  2⤵
  PID:1864
- C:\Windows\System\eXdpLdY.exe
  C:\Windows\System\eXdpLdY.exe
  2⤵
  PID:2172
- C:\Windows\System\tiWEozp.exe
  C:\Windows\System\tiWEozp.exe
  2⤵
  PID:2112
- C:\Windows\System\LCEkvcC.exe
  C:\Windows\System\LCEkvcC.exe
  2⤵
  PID:2152
- C:\Windows\System\WntaWED.exe
  C:\Windows\System\WntaWED.exe
  2⤵
  PID:896
- C:\Windows\System\pfZdmHj.exe
  C:\Windows\System\pfZdmHj.exe
  2⤵
  PID:3048
- C:\Windows\System\FwGhFlC.exe
  C:\Windows\System\FwGhFlC.exe
  2⤵
  PID:2356
- C:\Windows\System\uuiALTd.exe
  C:\Windows\System\uuiALTd.exe
  2⤵
  PID:2252
- C:\Windows\System\cxKdSKD.exe
  C:\Windows\System\cxKdSKD.exe
  2⤵
  PID:592
- C:\Windows\System\cTjhNnu.exe
  C:\Windows\System\cTjhNnu.exe
  2⤵
  PID:1444
- C:\Windows\System\zZwcLwy.exe
  C:\Windows\System\zZwcLwy.exe
  2⤵
  PID:1884
- C:\Windows\System\pABjdIH.exe
  C:\Windows\System\pABjdIH.exe
  2⤵
  PID:1088
- C:\Windows\System\cLjOjqm.exe
  C:\Windows\System\cLjOjqm.exe
  2⤵
  PID:404
- C:\Windows\System\qIsaQlf.exe
  C:\Windows\System\qIsaQlf.exe
  2⤵
  PID:1332
- C:\Windows\System\wdblFQg.exe
  C:\Windows\System\wdblFQg.exe
  2⤵
  PID:2376
- C:\Windows\System\eZSCinH.exe
  C:\Windows\System\eZSCinH.exe
  2⤵
  PID:2676
- C:\Windows\System\dGkCwoR.exe
  C:\Windows\System\dGkCwoR.exe
  2⤵
  PID:1516
- C:\Windows\System\uzHnkjf.exe
  C:\Windows\System\uzHnkjf.exe
  2⤵
  PID:968
- C:\Windows\System\XzDYdaa.exe
  C:\Windows\System\XzDYdaa.exe
  2⤵
  PID:1860
- C:\Windows\System\RwcgEIC.exe
  C:\Windows\System\RwcgEIC.exe
  2⤵
  PID:772
- C:\Windows\System\OoPzrTH.exe
  C:\Windows\System\OoPzrTH.exe
  2⤵
  PID:2968
- C:\Windows\System\gACxefu.exe
  C:\Windows\System\gACxefu.exe
  2⤵
  PID:2780
- C:\Windows\System\YsiwGKy.exe
  C:\Windows\System\YsiwGKy.exe
  2⤵
  PID:652
- C:\Windows\System\dpDljhI.exe
  C:\Windows\System\dpDljhI.exe
  2⤵
  PID:1944
- C:\Windows\System\BbgTtzk.exe
  C:\Windows\System\BbgTtzk.exe
  2⤵
  PID:1744
- C:\Windows\System\SquyJcl.exe
  C:\Windows\System\SquyJcl.exe
  2⤵
  PID:1960
- C:\Windows\System\HSsjobF.exe
  C:\Windows\System\HSsjobF.exe
  2⤵
  PID:2368
- C:\Windows\System\JFyITew.exe
  C:\Windows\System\JFyITew.exe
  2⤵
  PID:1536
- C:\Windows\System\vwxdgsy.exe
  C:\Windows\System\vwxdgsy.exe
  2⤵
  PID:1564
- C:\Windows\System\UKaZySp.exe
  C:\Windows\System\UKaZySp.exe
  2⤵
  PID:2264
- C:\Windows\System\ROXThOK.exe
  C:\Windows\System\ROXThOK.exe
  2⤵
  PID:2908
- C:\Windows\System\llEDxqH.exe
  C:\Windows\System\llEDxqH.exe
  2⤵
  PID:2648
- C:\Windows\System\qSJeGhm.exe
  C:\Windows\System\qSJeGhm.exe
  2⤵
  PID:2332
- C:\Windows\System\vupbImJ.exe
  C:\Windows\System\vupbImJ.exe
  2⤵
  PID:2576
- C:\Windows\System\OySySRi.exe
  C:\Windows\System\OySySRi.exe
  2⤵
  PID:2620
- C:\Windows\System\NacKMPq.exe
  C:\Windows\System\NacKMPq.exe
  2⤵
  PID:2484
- C:\Windows\System\mwZgdDe.exe
  C:\Windows\System\mwZgdDe.exe
  2⤵
  PID:2364
- C:\Windows\System\TyHZNSu.exe
  C:\Windows\System\TyHZNSu.exe
  2⤵
  PID:2468
- C:\Windows\System\IBIYdgO.exe
  C:\Windows\System\IBIYdgO.exe
  2⤵
  PID:2604
- C:\Windows\System\DOPryeL.exe
  C:\Windows\System\DOPryeL.exe
  2⤵
  PID:1804
- C:\Windows\System\CpwwiWf.exe
  C:\Windows\System\CpwwiWf.exe
  2⤵
  PID:1916
- C:\Windows\System\GXimBIa.exe
  C:\Windows\System\GXimBIa.exe
  2⤵
  PID:2120
- C:\Windows\System\whXEqLc.exe
  C:\Windows\System\whXEqLc.exe
  2⤵
  PID:2256
- C:\Windows\System\WwObJxz.exe
  C:\Windows\System\WwObJxz.exe
  2⤵
  PID:2072
- C:\Windows\System\paxdguD.exe
  C:\Windows\System\paxdguD.exe
  2⤵
  PID:1740
- C:\Windows\System\RxcVlWd.exe
  C:\Windows\System\RxcVlWd.exe
  2⤵
  PID:760
- C:\Windows\System\iFqcWCo.exe
  C:\Windows\System\iFqcWCo.exe
  2⤵
  PID:1576
- C:\Windows\System\FjcNAmw.exe
  C:\Windows\System\FjcNAmw.exe
  2⤵
  PID:2896
- C:\Windows\System\vWuJwAb.exe
  C:\Windows\System\vWuJwAb.exe
  2⤵
  PID:1748
- C:\Windows\System\PUVcTgX.exe
  C:\Windows\System\PUVcTgX.exe
  2⤵
  PID:3012
- C:\Windows\System\awxanbF.exe
  C:\Windows\System\awxanbF.exe
  2⤵
  PID:3024
- C:\Windows\System\JBZmPlD.exe
  C:\Windows\System\JBZmPlD.exe
  2⤵
  PID:3036
- C:\Windows\System\FpJtAQt.exe
  C:\Windows\System\FpJtAQt.exe
  2⤵
  PID:2784
- C:\Windows\System\Vwlcqwt.exe
  C:\Windows\System\Vwlcqwt.exe
  2⤵
  PID:2312
- C:\Windows\System\UvvFoYB.exe
  C:\Windows\System\UvvFoYB.exe
  2⤵
  PID:2932
- C:\Windows\System\VITIEIq.exe
  C:\Windows\System\VITIEIq.exe
  2⤵
  PID:1608
- C:\Windows\System\itxmliz.exe
  C:\Windows\System\itxmliz.exe
  2⤵
  PID:2856
- C:\Windows\System\XKHfPCz.exe
  C:\Windows\System\XKHfPCz.exe
  2⤵
  PID:2888
- C:\Windows\System\AQQAttx.exe
  C:\Windows\System\AQQAttx.exe
  2⤵
  PID:776
- C:\Windows\System\HnlrTqs.exe
  C:\Windows\System\HnlrTqs.exe
  2⤵
  PID:2668
- C:\Windows\System\KzzEMQM.exe
  C:\Windows\System\KzzEMQM.exe
  2⤵
  PID:2476
- C:\Windows\System\wMLkuOl.exe
  C:\Windows\System\wMLkuOl.exe
  2⤵
  PID:2532
- C:\Windows\System\ILeOedu.exe
  C:\Windows\System\ILeOedu.exe
  2⤵
  PID:1596
- C:\Windows\System\gEnGlvd.exe
  C:\Windows\System\gEnGlvd.exe
  2⤵
  PID:2528
- C:\Windows\System\pOVfyCu.exe
  C:\Windows\System\pOVfyCu.exe
  2⤵
  PID:2280
- C:\Windows\System\QZJlMav.exe
  C:\Windows\System\QZJlMav.exe
  2⤵
  PID:560
- C:\Windows\System\stcZtOB.exe
  C:\Windows\System\stcZtOB.exe
  2⤵
  PID:1772
- C:\Windows\System\TebvITB.exe
  C:\Windows\System\TebvITB.exe
  2⤵
  PID:1496
- C:\Windows\System\ktluwgu.exe
  C:\Windows\System\ktluwgu.exe
  2⤵
  PID:668
- C:\Windows\System\ySemiUc.exe
  C:\Windows\System\ySemiUc.exe
  2⤵
  PID:2752
- C:\Windows\System\aOinPaF.exe
  C:\Windows\System\aOinPaF.exe
  2⤵
  PID:2760
- C:\Windows\System\PwtZQLy.exe
  C:\Windows\System\PwtZQLy.exe
  2⤵
  PID:1728
- C:\Windows\System\UQvSOrY.exe
  C:\Windows\System\UQvSOrY.exe
  2⤵
  PID:964
- C:\Windows\System\PfoGQDS.exe
  C:\Windows\System\PfoGQDS.exe
  2⤵
  PID:2420
- C:\Windows\System\TqtOTZZ.exe
  C:\Windows\System\TqtOTZZ.exe
  2⤵
  PID:1568
- C:\Windows\System\OoiMVWM.exe
  C:\Windows\System\OoiMVWM.exe
  2⤵
  PID:1476
- C:\Windows\System\ZkbTaek.exe
  C:\Windows\System\ZkbTaek.exe
  2⤵
  PID:2456
- C:\Windows\System\NiPeoPy.exe
  C:\Windows\System\NiPeoPy.exe
  2⤵
  PID:856
- C:\Windows\System\PHmRsvO.exe
  C:\Windows\System\PHmRsvO.exe
  2⤵
  PID:1776
- C:\Windows\System\slfMraQ.exe
  C:\Windows\System\slfMraQ.exe
  2⤵
  PID:1468
- C:\Windows\System\uooKPpZ.exe
  C:\Windows\System\uooKPpZ.exe
  2⤵
  PID:320
- C:\Windows\System\uJuDoie.exe
  C:\Windows\System\uJuDoie.exe
  2⤵
  PID:2452
- C:\Windows\System\FojGAwt.exe
  C:\Windows\System\FojGAwt.exe
  2⤵
  PID:1040
- C:\Windows\System\QvPDZWm.exe
  C:\Windows\System\QvPDZWm.exe
  2⤵
  PID:3060
- C:\Windows\System\JhKyTRl.exe
  C:\Windows\System\JhKyTRl.exe
  2⤵
  PID:1792
- C:\Windows\System\lkNHTgm.exe
  C:\Windows\System\lkNHTgm.exe
  2⤵
  PID:2388
- C:\Windows\System\EcHjsau.exe
  C:\Windows\System\EcHjsau.exe
  2⤵
  PID:2580
- C:\Windows\System\fDrFFzj.exe
  C:\Windows\System\fDrFFzj.exe
  2⤵
  PID:912
- C:\Windows\System\XAQJLAh.exe
  C:\Windows\System\XAQJLAh.exe
  2⤵
  PID:1856
- C:\Windows\System\ixWeCKU.exe
  C:\Windows\System\ixWeCKU.exe
  2⤵
  PID:1360
- C:\Windows\System\yROYrNu.exe
  C:\Windows\System\yROYrNu.exe
  2⤵
  PID:972
- C:\Windows\System\tPXTsvm.exe
  C:\Windows\System\tPXTsvm.exe
  2⤵
  PID:1888
- C:\Windows\System\JDLNQUo.exe
  C:\Windows\System\JDLNQUo.exe
  2⤵
  PID:2700
- C:\Windows\System\IktVrbu.exe
  C:\Windows\System\IktVrbu.exe
  2⤵
  PID:1604
- C:\Windows\System\pDAtuFb.exe
  C:\Windows\System\pDAtuFb.exe
  2⤵
  PID:860
- C:\Windows\System\dxNuzgr.exe
  C:\Windows\System\dxNuzgr.exe
  2⤵
  PID:2628
- C:\Windows\System\UZXXzpR.exe
  C:\Windows\System\UZXXzpR.exe
  2⤵
  PID:1548
- C:\Windows\System\UeiFBBG.exe
  C:\Windows\System\UeiFBBG.exe
  2⤵
  PID:1048
- C:\Windows\System\AWsYqZH.exe
  C:\Windows\System\AWsYqZH.exe
  2⤵
  PID:1140
- C:\Windows\System\ocpXqVv.exe
  C:\Windows\System\ocpXqVv.exe
  2⤵
  PID:2692
- C:\Windows\System\dGxQJUW.exe
  C:\Windows\System\dGxQJUW.exe
  2⤵
  PID:2836
- C:\Windows\System\HTnFxzD.exe
  C:\Windows\System\HTnFxzD.exe
  2⤵
  PID:2712
- C:\Windows\System\KvIGpau.exe
  C:\Windows\System\KvIGpau.exe
  2⤵
  PID:2716
- C:\Windows\System\flzhGcH.exe
  C:\Windows\System\flzhGcH.exe
  2⤵
  PID:2708
- C:\Windows\System\ZZSLuAW.exe
  C:\Windows\System\ZZSLuAW.exe
  2⤵
  PID:1168
- C:\Windows\System\KzHjjRT.exe
  C:\Windows\System\KzHjjRT.exe
  2⤵
  PID:624
- C:\Windows\System\wALanQn.exe
  C:\Windows\System\wALanQn.exe
  2⤵
  PID:2656
- C:\Windows\System\RZeKAYV.exe
  C:\Windows\System\RZeKAYV.exe
  2⤵
  PID:336
- C:\Windows\System\eBPtnpR.exe
  C:\Windows\System\eBPtnpR.exe
  2⤵
  PID:2336
- C:\Windows\System\fAPTZrV.exe
  C:\Windows\System\fAPTZrV.exe
  2⤵
  PID:2164
- C:\Windows\System\MqDCCIq.exe
  C:\Windows\System\MqDCCIq.exe
  2⤵
  PID:600
- C:\Windows\System\sedDyMC.exe
  C:\Windows\System\sedDyMC.exe
  2⤵
  PID:3076
- C:\Windows\System\gzFpEVr.exe
  C:\Windows\System\gzFpEVr.exe
  2⤵
  PID:3096
- C:\Windows\System\HoTfYGt.exe
  C:\Windows\System\HoTfYGt.exe
  2⤵
  PID:3116
- C:\Windows\System\eiKSKHb.exe
  C:\Windows\System\eiKSKHb.exe
  2⤵
  PID:3136
- C:\Windows\System\rblEnDW.exe
  C:\Windows\System\rblEnDW.exe
  2⤵
  PID:3156
- C:\Windows\System\aWcCWOw.exe
  C:\Windows\System\aWcCWOw.exe
  2⤵
  PID:3176
- C:\Windows\System\mzzVtRh.exe
  C:\Windows\System\mzzVtRh.exe
  2⤵
  PID:3192
- C:\Windows\System\iOcktSC.exe
  C:\Windows\System\iOcktSC.exe
  2⤵
  PID:3216
- C:\Windows\System\WrMeNMf.exe
  C:\Windows\System\WrMeNMf.exe
  2⤵
  PID:3236
- C:\Windows\System\DLmSrMu.exe
  C:\Windows\System\DLmSrMu.exe
  2⤵
  PID:3256
- C:\Windows\System\RmLcHlI.exe
  C:\Windows\System\RmLcHlI.exe
  2⤵
  PID:3276
- C:\Windows\System\YeUcCrB.exe
  C:\Windows\System\YeUcCrB.exe
  2⤵
  PID:3296
- C:\Windows\System\RNPCmkL.exe
  C:\Windows\System\RNPCmkL.exe
  2⤵
  PID:3316
- C:\Windows\System\LInqIoI.exe
  C:\Windows\System\LInqIoI.exe
  2⤵
  PID:3336
- C:\Windows\System\qDEubwc.exe
  C:\Windows\System\qDEubwc.exe
  2⤵
  PID:3352
- C:\Windows\System\Mitqrzy.exe
  C:\Windows\System\Mitqrzy.exe
  2⤵
  PID:3368
- C:\Windows\System\QcqMcpl.exe
  C:\Windows\System\QcqMcpl.exe
  2⤵
  PID:3388
- C:\Windows\System\zbrjchZ.exe
  C:\Windows\System\zbrjchZ.exe
  2⤵
  PID:3404
- C:\Windows\System\sDFHiBY.exe
  C:\Windows\System\sDFHiBY.exe
  2⤵
  PID:3420
- C:\Windows\System\AnHVAgU.exe
  C:\Windows\System\AnHVAgU.exe
  2⤵
  PID:3436
- C:\Windows\System\KhpDqBx.exe
  C:\Windows\System\KhpDqBx.exe
  2⤵
  PID:3456
- C:\Windows\System\NDhzSeq.exe
  C:\Windows\System\NDhzSeq.exe
  2⤵
  PID:3472
- C:\Windows\System\XjoCYiR.exe
  C:\Windows\System\XjoCYiR.exe
  2⤵
  PID:3488
- C:\Windows\System\thFBDJu.exe
  C:\Windows\System\thFBDJu.exe
  2⤵
  PID:3508
- C:\Windows\System\qpNAQnY.exe
  C:\Windows\System\qpNAQnY.exe
  2⤵
  PID:3524
- C:\Windows\System\RtSSNPV.exe
  C:\Windows\System\RtSSNPV.exe
  2⤵
  PID:3540
- C:\Windows\System\APlMZGw.exe
  C:\Windows\System\APlMZGw.exe
  2⤵
  PID:3560
- C:\Windows\System\cQPLpqs.exe
  C:\Windows\System\cQPLpqs.exe
  2⤵
  PID:3576
- C:\Windows\System\CNmPSNu.exe
  C:\Windows\System\CNmPSNu.exe
  2⤵
  PID:3596
- C:\Windows\System\xduSmEF.exe
  C:\Windows\System\xduSmEF.exe
  2⤵
  PID:3616
- C:\Windows\System\VOnlApQ.exe
  C:\Windows\System\VOnlApQ.exe
  2⤵
  PID:3652
- C:\Windows\System\JWBFAQD.exe
  C:\Windows\System\JWBFAQD.exe
  2⤵
  PID:3672
- C:\Windows\System\EHnVxRN.exe
  C:\Windows\System\EHnVxRN.exe
  2⤵
  PID:3688
- C:\Windows\System\vMGBgtx.exe
  C:\Windows\System\vMGBgtx.exe
  2⤵
  PID:3704
- C:\Windows\System\ubKBdMH.exe
  C:\Windows\System\ubKBdMH.exe
  2⤵
  PID:3736
- C:\Windows\System\zaecajF.exe
  C:\Windows\System\zaecajF.exe
  2⤵
  PID:3756
- C:\Windows\System\BnBveGv.exe
  C:\Windows\System\BnBveGv.exe
  2⤵
  PID:3772
- C:\Windows\System\cqMLLUF.exe
  C:\Windows\System\cqMLLUF.exe
  2⤵
  PID:3804
- C:\Windows\System\XpOHzYa.exe
  C:\Windows\System\XpOHzYa.exe
  2⤵
  PID:3824
- C:\Windows\System\jzznMNB.exe
  C:\Windows\System\jzznMNB.exe
  2⤵
  PID:3840
- C:\Windows\System\dzEkShK.exe
  C:\Windows\System\dzEkShK.exe
  2⤵
  PID:3856
- C:\Windows\System\XHrnYwh.exe
  C:\Windows\System\XHrnYwh.exe
  2⤵
  PID:3872
- C:\Windows\System\QsaLtai.exe
  C:\Windows\System\QsaLtai.exe
  2⤵
  PID:3888
- C:\Windows\System\tuAQJPe.exe
  C:\Windows\System\tuAQJPe.exe
  2⤵
  PID:3904
- C:\Windows\System\hMInJKq.exe
  C:\Windows\System\hMInJKq.exe
  2⤵
  PID:3920
- C:\Windows\System\pSItMnu.exe
  C:\Windows\System\pSItMnu.exe
  2⤵
  PID:3936
- C:\Windows\System\LobFfHi.exe
  C:\Windows\System\LobFfHi.exe
  2⤵
  PID:3952
- C:\Windows\System\wXpIDKx.exe
  C:\Windows\System\wXpIDKx.exe
  2⤵
  PID:3972
- C:\Windows\System\FAnPUSj.exe
  C:\Windows\System\FAnPUSj.exe
  2⤵
  PID:3992
- C:\Windows\System\CKwHNQI.exe
  C:\Windows\System\CKwHNQI.exe
  2⤵
  PID:4008
- C:\Windows\System\EmAtrjG.exe
  C:\Windows\System\EmAtrjG.exe
  2⤵
  PID:4024
- C:\Windows\System\awUSdSI.exe
  C:\Windows\System\awUSdSI.exe
  2⤵
  PID:4040
- C:\Windows\System\uChOYaf.exe
  C:\Windows\System\uChOYaf.exe
  2⤵
  PID:4056
- C:\Windows\System\zYhSOnX.exe
  C:\Windows\System\zYhSOnX.exe
  2⤵
  PID:4072
- C:\Windows\System\AshQZRo.exe
  C:\Windows\System\AshQZRo.exe
  2⤵
  PID:4088
- C:\Windows\System\DSXdHqT.exe
  C:\Windows\System\DSXdHqT.exe
  2⤵
  PID:3084
- C:\Windows\System\MnwKVzu.exe
  C:\Windows\System\MnwKVzu.exe
  2⤵
  PID:3108
- C:\Windows\System\JnmMgfN.exe
  C:\Windows\System\JnmMgfN.exe
  2⤵
  PID:3144
- C:\Windows\System\gUTVllm.exe
  C:\Windows\System\gUTVllm.exe
  2⤵
  PID:3172
- C:\Windows\System\dCIrzZO.exe
  C:\Windows\System\dCIrzZO.exe
  2⤵
  PID:3204
- C:\Windows\System\GFqlcZA.exe
  C:\Windows\System\GFqlcZA.exe
  2⤵
  PID:3224
- C:\Windows\System\NcUazmI.exe
  C:\Windows\System\NcUazmI.exe
  2⤵
  PID:3252
- C:\Windows\System\ZyYEwPm.exe
  C:\Windows\System\ZyYEwPm.exe
  2⤵
  PID:3268
- C:\Windows\System\yfXeebJ.exe
  C:\Windows\System\yfXeebJ.exe
  2⤵
  PID:3304
- C:\Windows\System\rbPTCXq.exe
  C:\Windows\System\rbPTCXq.exe
  2⤵
  PID:3332
- C:\Windows\System\tLenuWD.exe
  C:\Windows\System\tLenuWD.exe
  2⤵
  PID:3344
- C:\Windows\System\ygUXFHt.exe
  C:\Windows\System\ygUXFHt.exe
  2⤵
  PID:3428
- C:\Windows\System\OWVZjXs.exe
  C:\Windows\System\OWVZjXs.exe
  2⤵
  PID:3468
- C:\Windows\System\kASnxuF.exe
  C:\Windows\System\kASnxuF.exe
  2⤵
  PID:3504
- C:\Windows\System\iASPljo.exe
  C:\Windows\System\iASPljo.exe
  2⤵
  PID:3572
- C:\Windows\System\NHLpWpp.exe
  C:\Windows\System\NHLpWpp.exe
  2⤵
  PID:3780
- C:\Windows\System\CeIInVl.exe
  C:\Windows\System\CeIInVl.exe
  2⤵
  PID:3800
- C:\Windows\System\GgOCAMk.exe
  C:\Windows\System\GgOCAMk.exe
  2⤵
  PID:3628
- C:\Windows\System\EjVxMrE.exe
  C:\Windows\System\EjVxMrE.exe
  2⤵
  PID:3852
- C:\Windows\System\lJGhAuS.exe
  C:\Windows\System\lJGhAuS.exe
  2⤵
  PID:3916
- C:\Windows\System\AiaYpqJ.exe
  C:\Windows\System\AiaYpqJ.exe
  2⤵
  PID:3732
- C:\Windows\System\tSAjCYA.exe
  C:\Windows\System\tSAjCYA.exe
  2⤵
  PID:3832
- C:\Windows\System\DCGxlyC.exe
  C:\Windows\System\DCGxlyC.exe
  2⤵
  PID:3896
- C:\Windows\System\ssuaCXG.exe
  C:\Windows\System\ssuaCXG.exe
  2⤵
  PID:3764
- C:\Windows\System\CITAkzk.exe
  C:\Windows\System\CITAkzk.exe
  2⤵
  PID:4020
- C:\Windows\System\FdjtOHh.exe
  C:\Windows\System\FdjtOHh.exe
  2⤵
  PID:3088
- C:\Windows\System\qLyfIBU.exe
  C:\Windows\System\qLyfIBU.exe
  2⤵
  PID:4004
- C:\Windows\System\HtcFwme.exe
  C:\Windows\System\HtcFwme.exe
  2⤵
  PID:4064
- C:\Windows\System\ZGHnGSn.exe
  C:\Windows\System\ZGHnGSn.exe
  2⤵
  PID:3132
- C:\Windows\System\DlzgZFH.exe
  C:\Windows\System\DlzgZFH.exe
  2⤵
  PID:3188
- C:\Windows\System\gmwuJyM.exe
  C:\Windows\System\gmwuJyM.exe
  2⤵
  PID:3288
- C:\Windows\System\MWYRIgm.exe
  C:\Windows\System\MWYRIgm.exe
  2⤵
  PID:3264
- C:\Windows\System\DbwVmiR.exe
  C:\Windows\System\DbwVmiR.exe
  2⤵
  PID:3532
- C:\Windows\System\VHjCavZ.exe
  C:\Windows\System\VHjCavZ.exe
  2⤵
  PID:3376
- C:\Windows\System\HMadeYt.exe
  C:\Windows\System\HMadeYt.exe
  2⤵
  PID:3484
- C:\Windows\System\ncdfKiI.exe
  C:\Windows\System\ncdfKiI.exe
  2⤵
  PID:3552
- C:\Windows\System\JJrcqAP.exe
  C:\Windows\System\JJrcqAP.exe
  2⤵
  PID:3624
- C:\Windows\System\YdKvgHW.exe
  C:\Windows\System\YdKvgHW.exe
  2⤵
  PID:3648
- C:\Windows\System\bGRxyNz.exe
  C:\Windows\System\bGRxyNz.exe
  2⤵
  PID:3728
- C:\Windows\System\lhcMFQG.exe
  C:\Windows\System\lhcMFQG.exe
  2⤵
  PID:3748
- C:\Windows\System\qlfHAjl.exe
  C:\Windows\System\qlfHAjl.exe
  2⤵
  PID:2208
- C:\Windows\System\HDwBLgS.exe
  C:\Windows\System\HDwBLgS.exe
  2⤵
  PID:1712
- C:\Windows\System\evhbUCV.exe
  C:\Windows\System\evhbUCV.exe
  2⤵
  PID:3788
- C:\Windows\System\LdFkSka.exe
  C:\Windows\System\LdFkSka.exe
  2⤵
  PID:3820
- C:\Windows\System\lrmMzZf.exe
  C:\Windows\System\lrmMzZf.exe
  2⤵
  PID:3588
- C:\Windows\System\tPHgkxN.exe
  C:\Windows\System\tPHgkxN.exe
  2⤵
  PID:3988
- C:\Windows\System\tYyZcue.exe
  C:\Windows\System\tYyZcue.exe
  2⤵
  PID:3984
- C:\Windows\System\WVtTtRi.exe
  C:\Windows\System\WVtTtRi.exe
  2⤵
  PID:3104
- C:\Windows\System\luXYfuM.exe
  C:\Windows\System\luXYfuM.exe
  2⤵
  PID:2260
- C:\Windows\System\FdrSlHJ.exe
  C:\Windows\System\FdrSlHJ.exe
  2⤵
  PID:3292
- C:\Windows\System\fULckdi.exe
  C:\Windows\System\fULckdi.exe
  2⤵
  PID:3604
- C:\Windows\System\iEtNsEV.exe
  C:\Windows\System\iEtNsEV.exe
  2⤵
  PID:3584
- C:\Windows\System\OKRUiWt.exe
  C:\Windows\System\OKRUiWt.exe
  2⤵
  PID:3724
- C:\Windows\System\XyRsozw.exe
  C:\Windows\System\XyRsozw.exe
  2⤵
  PID:4156
- C:\Windows\System\gWpzakn.exe
  C:\Windows\System\gWpzakn.exe
  2⤵
  PID:4192
- C:\Windows\System\gKevZzG.exe
  C:\Windows\System\gKevZzG.exe
  2⤵
  PID:4212
- C:\Windows\System\hIhMASG.exe
  C:\Windows\System\hIhMASG.exe
  2⤵
  PID:4228
- C:\Windows\System\qwCofIb.exe
  C:\Windows\System\qwCofIb.exe
  2⤵
  PID:4244
- C:\Windows\System\ipFCLAS.exe
  C:\Windows\System\ipFCLAS.exe
  2⤵
  PID:4264
- C:\Windows\System\DWIGFYj.exe
  C:\Windows\System\DWIGFYj.exe
  2⤵
  PID:4284
- C:\Windows\System\goVqmul.exe
  C:\Windows\System\goVqmul.exe
  2⤵
  PID:4300
- C:\Windows\System\KsFJHpA.exe
  C:\Windows\System\KsFJHpA.exe
  2⤵
  PID:4316
- C:\Windows\System\YjsqbAy.exe
  C:\Windows\System\YjsqbAy.exe
  2⤵
  PID:4336
- C:\Windows\System\muQbzag.exe
  C:\Windows\System\muQbzag.exe
  2⤵
  PID:4372
- C:\Windows\System\igWNVJD.exe
  C:\Windows\System\igWNVJD.exe
  2⤵
  PID:4392
- C:\Windows\System\FKCxLRU.exe
  C:\Windows\System\FKCxLRU.exe
  2⤵
  PID:4408
- C:\Windows\System\hMPtgOj.exe
  C:\Windows\System\hMPtgOj.exe
  2⤵
  PID:4424
- C:\Windows\System\VILkZey.exe
  C:\Windows\System\VILkZey.exe
  2⤵
  PID:4444
- C:\Windows\System\jeTPpeU.exe
  C:\Windows\System\jeTPpeU.exe
  2⤵
  PID:4460
- C:\Windows\System\RuCZkAJ.exe
  C:\Windows\System\RuCZkAJ.exe
  2⤵
  PID:4476
- C:\Windows\System\rDNYDVh.exe
  C:\Windows\System\rDNYDVh.exe
  2⤵
  PID:4496
- C:\Windows\System\zRHlpDG.exe
  C:\Windows\System\zRHlpDG.exe
  2⤵
  PID:4516
- C:\Windows\System\KAvGfxe.exe
  C:\Windows\System\KAvGfxe.exe
  2⤵
  PID:4536
- C:\Windows\System\MmLfNKD.exe
  C:\Windows\System\MmLfNKD.exe
  2⤵
  PID:4556
- C:\Windows\System\UcMtzLG.exe
  C:\Windows\System\UcMtzLG.exe
  2⤵
  PID:4572
- C:\Windows\System\fINUGee.exe
  C:\Windows\System\fINUGee.exe
  2⤵
  PID:4592
- C:\Windows\System\noyDnwA.exe
  C:\Windows\System\noyDnwA.exe
  2⤵
  PID:4608
- C:\Windows\System\jeRfXTj.exe
  C:\Windows\System\jeRfXTj.exe
  2⤵
  PID:4624
- C:\Windows\System\EdQdUar.exe
  C:\Windows\System\EdQdUar.exe
  2⤵
  PID:4648
- C:\Windows\System\gCoZpuA.exe
  C:\Windows\System\gCoZpuA.exe
  2⤵
  PID:4672
- C:\Windows\System\NxYqhby.exe
  C:\Windows\System\NxYqhby.exe
  2⤵
  PID:4688
- C:\Windows\System\QruefZd.exe
  C:\Windows\System\QruefZd.exe
  2⤵
  PID:4704
- C:\Windows\System\utmcnuq.exe
  C:\Windows\System\utmcnuq.exe
  2⤵
  PID:4724
- C:\Windows\System\HkVAFCa.exe
  C:\Windows\System\HkVAFCa.exe
  2⤵
  PID:4744
- C:\Windows\System\QdtPsgs.exe
  C:\Windows\System\QdtPsgs.exe
  2⤵
  PID:4760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CQrjttY.exe

Filesize
2.0MB

MD5
e30c1e8b42ddfa67020d61fb9b7d345b

SHA1
e492579e712e9bc6163d023cd87874071975e991

SHA256
06e2effd67779495b6043e8f5de0f87d8a31b4bdfe7e16acdb9dfbcc1b4e5304

SHA512
3999d6dc1fed5dda885324902c5e4c4a2fd64061e6c748e7083e4f04195090925b293246374ec79e68ea097caaf3ae9db274a9b85930b04906998218f1e44194

Download Submit
C:\Windows\system\HVzhIEa.exe

Filesize
2.0MB

MD5
2417343fa41e2b976d79286f94c3a167

SHA1
ca12cb98a2d0ddce677c8d64a30540aa9b7e4fd6

SHA256
59a26369b17cf7f19a1a92a2ae3cc6c621d9ad42cfda11231ab196dd965af542

SHA512
2719f5a68184c2489805ed3d4d8714befaf0a06e2acac172a2f61ebf8d23f31d2f2733a0ef78b9340ea081af2e13a5327e92ad625dee3d6ce26dd5ea00369520

Download Submit
C:\Windows\system\HjAXUba.exe

Filesize
2.0MB

MD5
764fd941588c55540e425f3598539579

SHA1
ae2daa846f5eea2250ad7f4f8c7a450920b2d0a3

SHA256
549128716bd7f348b8bb732894203ef3839802d03cad94718bd2f82c66bcede8

SHA512
1af1913d4750eb9124d9209b823813b5e88e9900d174309013ae1f739bd768d8afffc476aae06c3e6268061536b586ccad0c9b1c4a20fb57d38c1b0cd9eb0800

Download Submit
C:\Windows\system\IHLkabj.exe

Filesize
2.0MB

MD5
05a76f79c65739ec8d1a93ed28ddb751

SHA1
b5b197619430162d90bd96424b11ce327ae87264

SHA256
95453edfa053fb30b204b5e598fdbe6347ec870b87b8592ba31664625274b269

SHA512
61b9e7648d8df1360a015f1a6246ba27ceecdd0a63862770014c72d604ec07b69209576107391172afeb68b0d6e5e0260c67207f61a3e927f96f1dac36f3bba8

Download Submit
C:\Windows\system\NuXutNx.exe

Filesize
2.0MB

MD5
14f9045dbc8e78fe81e66b2e3663405b

SHA1
8e656b1de414bb6952f40b18673dbf1357c60450

SHA256
b16de795e08bb008b308e4196f1adedabaf8f738e39a447b3f91407598f87fad

SHA512
a6ce8f77e86a6a9effe6398b8c7a3975d6220b25a49d58de83d8de4b91b88ea600164e572711e512f582e4146eb7538e3f72c94410b32efde68c2526121bd85c

Download Submit
C:\Windows\system\PsoWYdU.exe

Filesize
2.0MB

MD5
0d93b8e5c4999b26b424de5ed8948b3c

SHA1
b81a0e798378d70626bb68e540e59a9da0439636

SHA256
be51a0a5691d6c6fed431eed28dc5db92a1e67260d7c2b108ff31f8b4cd690b8

SHA512
8cdbca343e7444b0f31f29372427cb295b8ee1c00c7a8e5b10e740e6bb6bc408729d9cd2728177f2957612f1ef8a963e5cd6e2b68bf62cc93323cd0e25d215fb

Download Submit
C:\Windows\system\QfeCFRn.exe

Filesize
2.0MB

MD5
b89871a80654afddea2c68ff33f5763c

SHA1
83867d4575e25377fbc12d5250dc48f59b587b0f

SHA256
929a407673749f47053ef35c2103235a3e180fc4268741fa63daf3ffab11c294

SHA512
d477a3f40dcf88c80006d2230f418a87be7fd521f5ab365c7a33902769788f1b39795c33726cb0fa45a504cc459dc779b1abf47d3548d3e24bef78f6b9a4bd90

Download Submit
C:\Windows\system\QinHtMh.exe

Filesize
2.0MB

MD5
a8c20e95754ced65ed07017fe06400bc

SHA1
4cd214c9907f3646ad5f17d8881c9e5932ac83c0

SHA256
05a2906cdddfb993ea5dca6fafa40b4d5c247400b124f9f8500cfa4533d591d3

SHA512
23e027699d612c1321e208a14f6bf136644b36196c195ec5170a7ccd35db2b454719cc9843f2fa76a5770fb5d5e51335bc0e65f840009ad653eecfaa53e1f3c2

Download Submit
C:\Windows\system\SlhKBKa.exe

Filesize
2.0MB

MD5
34f16de6e7f2797d1bf4814a26616e16

SHA1
65b9866b9fc8cb65827b26f93b0bb0b5e3dd3ae4

SHA256
4464785945b594a59b246dfe68aef7434ffeaa38a4a3dfdbed915f3397c8da24

SHA512
716944441b16a724c7429faa9c23058a7bdd4158ebbb1a1bd1edf5b7a5bbd150338f856448dded30fee47f2d4fa39271bab366ab68058ec1f8bc7b2759725c0e

Download Submit
C:\Windows\system\TZhyXaL.exe

Filesize
2.0MB

MD5
56bf077940c6b8ec63f7a5fc49ee351e

SHA1
65e392dac65591b146138a3f2b95f587ed48876d

SHA256
9e961b8ff6a2c68cb2c13cd4c6d648a153c51e7364384098cd3efc51403598c1

SHA512
10ddd15393724739ab411627d10b1eccb307b3d5fbab7aa88f03a10c4d6187c6cccc8019af6899ab5b9cc6b4595a840f3af0c7bb4eaddf8739e375973bae4f5b

Download Submit
C:\Windows\system\UgyURuy.exe

Filesize
2.0MB

MD5
bdcbffa00c2ca4db09bc4be8ae6a50cd

SHA1
a705af2ddf4e887a7cfa248505c580d88db9d207

SHA256
7ad88eb1b9b3a30e64e346e11b9265de29fdeee650f5fdefe3d2da22f8474e1a

SHA512
47367a1df2786fd9d3e9672b4cc20c34d2ff3e45e1d97b798fbb1faff8a8e22c8b9896a61570682bd6fbda5c721901552227f486fbda143d6037d147a4763387

Download Submit
C:\Windows\system\WwVbOQk.exe

Filesize
2.0MB

MD5
42e2ba48ce6e56b551ae6d76f6f22395

SHA1
1a14a93c8f8397a0c14a4d4609d7ecbe947bfb3a

SHA256
ddfdfad6686ecb74ff6de9aa43611aa4ec879de419a860f20cdad8e4f43877d7

SHA512
e028234660e66f671c1c76a0583374d484f5976073ce1af1f2290c6e1a9e74c0e147b48839892f3d7d7b27da0b77893aa82a61e819005b6620493892d57caf9d

Download Submit
C:\Windows\system\XyACesD.exe

Filesize
2.0MB

MD5
48e616dfb290d74474023cbdf720416b

SHA1
d9717600124309953e507fd66179cafb6e20884e

SHA256
905622f72771facd2436304869f57066b5cf295ad14e24c7e9094619da2e0764

SHA512
b5433603d9ac638e91349d29cd210f124919522d81455cfd877ef4e484a59f67a6e6aa996b679b01e9c0b832c8e1c526e7b14fb38471683fea912013caa6c258

Download Submit
C:\Windows\system\auYAHnf.exe

Filesize
2.0MB

MD5
089d2d1c764998e161e525a789f824fa

SHA1
6baa5b2fa11660306d1219ba33afd39293aa43e1

SHA256
8eb9be9dc8061c55294c5d30d669964b254708fac54ddb0038000fc3238c0312

SHA512
8663c54f34a7e184c6dce70f0837190c1fc090ee94137253a89b38c70e51214f05f7e3d49e91cb449ee0018a8ad7c559b9725fd7e7bb37e118a0f6acbd84ec1f

Download Submit
C:\Windows\system\cjBEWTC.exe

Filesize
2.0MB

MD5
b40223939181671ca312a8d719a194e0

SHA1
658c08fa3ad7be5e95ce384285b4a663a23cfc3b

SHA256
2bb6d6ffea3aa847f512bf50a2ae4f8db313323db17236c419602c34552c563b

SHA512
35db5942a5f1c80e7037912bd91439c93c54383fcfadba2d73bb773b22e03dc67907c10257f6c917f8eb42f7aea419315c748af5c11fd1873f860f792923713d

Download Submit
C:\Windows\system\eHEPaOk.exe

Filesize
2.0MB

MD5
4091aeea9ec2919c33b56f383ff44709

SHA1
5e47881f4f14ff9873a600d62dd304574ffa3d72

SHA256
9363e4084e6a3509dfeae6f6521aad745ef3a466e1a844415a62de839afded4b

SHA512
3dcaf4e30f105b7e6958074bcfe77a60187f38b660867d37d617236ded5af586e2dc321e76a832b5d25dcaefc5c2a2917e449d9485537863c2580c0e45419bff

Download Submit
C:\Windows\system\gPbMsIm.exe

Filesize
2.0MB

MD5
e1c31af4b1be5db9262fd9f461664dc4

SHA1
aaa8b60980a2eeb89b5ba74a093a35bf71553ccd

SHA256
975063711ae2d07e67f27481a3acf9e7b0daaf3f9c87d76c0cf806c238582dcb

SHA512
beb3006b82ffc3c50a63755ffd984c07df0e2a8b70edb39328dfdf165196276cb3bd971ebc33bba7152585a6fb7c5bf74f9c5f1f7b8bb9e68c7a2c7ff54c57e0

Download Submit
C:\Windows\system\gUTyUHf.exe

Filesize
2.0MB

MD5
f4802c65645b1312a120489a4972aea0

SHA1
5d01060302c65c33a6cd0cce406583c31a4c5467

SHA256
8bd1813beb57512cb16f9973334e7cb81325f52e2b4d1307b78c9b9c809be40d

SHA512
4a27d573611eab5ea3dae0a039c7e8b5a59fa096baee3eaba36ff7dc65bc27e5c3288d8b16c5df68f1de9dabb9578e48bf01c8c38a2f25e47e28bc433ab9a369

Download Submit
C:\Windows\system\gtTklCJ.exe

Filesize
2.0MB

MD5
24319df7be47bd1cfb7d669a08c4105a

SHA1
dfe7d4237fad244b822f0ae022a3ed2caf4f9b1a

SHA256
8591f3bd570c30f5dc2b4c145d4af3d386d23563a653d075ffa159f230bab97f

SHA512
9e6011a2a8f54e755fc4ca2f559887ec4b63546dbd88dcbdb70e5eeaa1f1e44899e7532c9f01e6fdbabb4669489a77674b7bd9273c024a5a0fdeb9923e6648a3

Download Submit
C:\Windows\system\hokGBIJ.exe

Filesize
2.0MB

MD5
8603038ceedb140a574a2dd9161021a9

SHA1
65d263558ebf9fef71789a0d9f5749d4e32abf91

SHA256
edb638dd2b8c85b961c6c06758098647f80e08e74021b26beea580bace32f688

SHA512
4fd58f9e94592c137e5cc3f9decc21af42709d008c199b024faed16c69e7f16ce0134ce93d38526cfac2af73771d7f6a1ec552546b9779c7484f793e2e5fa21b

Download Submit
C:\Windows\system\knRQRtF.exe

Filesize
2.0MB

MD5
9405f1d5909d5b3455c676503ab084bb

SHA1
35f6bd413565f242fbfd3207b49e3424d3589e32

SHA256
fe5bf520db6b08a3f1f538b1f7e2b6f154db5939a45771398abb9bc89f12c5e7

SHA512
85def0ad863017ab6eea902b993d3ad0088de1197a2439ea30e3afbe7c78bd01a6fa8c1275dd733fdfdbf7981da6fc62f899a47b18884413e9367ffc4411bb59

Download Submit
C:\Windows\system\mZboTez.exe

Filesize
2.0MB

MD5
f367001162b56ef733156b5617e3e518

SHA1
2fa77edd0132d9cedae8569e2d7c5a56b5058ae2

SHA256
ff904b13c5dcc81020a7240a0a5fa9600c71c15ec6a6e74116d4067ae79bc1a1

SHA512
40c1c780fdbfef71160a8d8f8640cad76443aa395fc804044644175eecf159066e1f01352303a5740a4bdbc2412750639f1f24cdb6a01dbac8ed875368c3f8eb

Download Submit
C:\Windows\system\tytFYzk.exe

Filesize
2.0MB

MD5
783f48e3b57f8149408fb09ee19809f2

SHA1
af802a5c52f3b15d669343e6eb918efdaa61c7a5

SHA256
da5e4923cdbd595e90a4bc7b8d149fa2d0106929183ff85357f066c0005fe7b0

SHA512
92cbf8ea5b80d821610f165a87ff82dfcdc1ceb787e72216bf9626a5501296ec049e9e5c21bee19721bcff654258d23538f8ce32a572bfcaefde53186e38f265

Download Submit
C:\Windows\system\wCeTUfT.exe

Filesize
2.0MB

MD5
861e7135661114bdd8c9bdf2045ddf44

SHA1
2b2adcbfa183f9c56e40f4891acc482c4d2a84b8

SHA256
fde772403fbf1a34e5d08497522851acd61546b8ecc4c8bb2069cc24c525ff0c

SHA512
af3730d81c39d5eb8eb4f72d95bb72b142734167dac14a1599d001fa2a5cee54d7b615557bfa368705776164f38b314f6305a39331155c7843e6e72289da5555

Download Submit
C:\Windows\system\zKWpvah.exe

Filesize
2.0MB

MD5
553d359dcb820ceb1a71f17cdf352b03

SHA1
9ae8043101f696eaf521c8763eaa156d982b5848

SHA256
bf3fd8c551cb71a7c3083551467d2fc8413d39dd92e2a5d2d1febbe8cb3630a0

SHA512
07924051fe171ae79626b8a5d56493e9633cd1bd3a58e9bd1884bd7841cf7cbee36f650cab1bb13c05cd44e154ff0f7376fcef748065e0ee7186ef29ba1838ef

Download Submit
\Windows\system\HKxAAFf.exe

Filesize
2.0MB

MD5
fb707a1df68dfd4f6fc7ced1669462f7

SHA1
06f99c24136c636f2fb9acca3731d41f4a281f5f

SHA256
5a49b3e22f55eb83ded35d260263625163cfc439ed112a79e41f988336839002

SHA512
229838a1ce51917833d736e226c91b8f1ab38b60088247f16c5bb5cc3fea74c4ddd403a9abccc1357dd6d59a35bd42189dce623f1a3692bfedb26d70ae9e51b2

Download Submit
\Windows\system\SdajfIX.exe

Filesize
2.0MB

MD5
d0f75ba517f566df82220852682ee93c

SHA1
313ba32d0ababb39780dc4930cfa9fe911ee9042

SHA256
83189d7a1b2155a35d6c49f8801803525ae07cc15742ce7beb2627aff384764b

SHA512
0fd7b3e65c8905b3346f880526723d128cf4870faed2f3a442e8572199c97b44e5cc82682820cdf0e3d03017e582ce4196e3f1199db22107f7ba03eb70244fc8

Download Submit
\Windows\system\XdLLext.exe

Filesize
2.0MB

MD5
75053313e4bcde75dec4a371b8420f33

SHA1
ff57c047a1c64279fa28fb2cc6d1f9e8be1d9d8b

SHA256
4ba4a09d0301cf28eeaf1e6a5b69f1da57b3d7f3e1d374602e9547a23511c7b6

SHA512
e3230b8a572ecc3d791604b065ebfa9f50c979cb0a1e4eb41ee1df1daff6d1abcf9211d11d68de1a29f179fc7e7ca0c504ad267f62f1a8feb5e880340dbc2dd1

Download Submit
\Windows\system\bgPKuqS.exe

Filesize
2.0MB

MD5
c6780d6d14cb12051012fb6de93683fe

SHA1
332f44d2cecef171d91bd5444bfe2fcfa81572ea

SHA256
00a4641bf5547cc0f908f9f413a51fd2646105717a2e88b9ebc664f7603a69ab

SHA512
ab7b165cbe973983d9dbf349892b3369a0e5f5f232d0740458ded1a3a29559642f9778235d71fb68aefe8334fe4d49ea383a72ae182702eb118c9752f8f4a1b7

Download Submit
\Windows\system\fUrnVge.exe

Filesize
2.0MB

MD5
3275f2c57fcddae553bc21849d2bd242

SHA1
c5379d2b81881fca8c379e2e3245760f901e847e

SHA256
1546a9859f8205eabafc83e5098da87aa3735af9d2b8898133a0374ef02fb96a

SHA512
f91b414912fab15315c63c624f5ca128ca9dcabfb856da069b4bcfe5f5c2201fe62af7bb0b7e80cd5543671339179fba788c3bba3f239318f8fda49654f87ad0

Download Submit
\Windows\system\mClfqSa.exe

Filesize
2.0MB

MD5
c0d76516a7c5abf37646484821221819

SHA1
85cb423135fad050b9cd886f30605c2b1d1a7160

SHA256
7139f5d86c153fbead87fe968e733b00e3936c2654475c48b0e6427a009798d1

SHA512
8e28a4eaf0088198ace5eb9ae3854c13ebc8580379876eb8169f3cc346c215eddb4abc35b828c0ee14768d8899a3f1bb68369641493ce68e12b7394dbea66c31

Download Submit
\Windows\system\odFWwPL.exe

Filesize
2.0MB

MD5
a6a466a89dafe1d53543fd289e9b6bd5

SHA1
4ea22838c09eb03090c297968e7a093fc2d83be9

SHA256
f8cc0e982064ddb2292aafa4de65bdb0145cc339f39db27785223dbbbddc06d3

SHA512
f36638ab4cdb68984183640e728072ba4b8fc276a7d13306bab05fe053357d6956bbefee308fc82e9388debed5f84b2c0be84b961844ba04357bcc4039622ada

Download Submit
memory/2696-0-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download