kpot | 1361c8919f0da9d7be8c556cef04d52c07aa0f9f1cd1b91a5a1ede66b44e6200

Analysis

max time kernel
140s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
Size

2.0MB
MD5

1cac21473b2872d3ed6b34a2180ee0c0
SHA1

ff936241f266efa2744c528e15a41a1c90b329a2
SHA256

1361c8919f0da9d7be8c556cef04d52c07aa0f9f1cd1b91a5a1ede66b44e6200
SHA512

22e92f27c7d53c7b781b4443b20b5acc5f6d928e43d12c6e07c1c85fb89212d6d214bbf1b0f0e550476f55bb39775bffc08546465a8592121c2247d6a3ddaab9
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Ov:GemTLkNdfE0pZaQU

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000b000000014230-2.dat	family_kpot
behavioral1/files/0x00340000000144e4-6.dat	family_kpot
behavioral1/files/0x0007000000014708-10.dat	family_kpot
behavioral1/files/0x000700000001471d-19.dat	family_kpot
behavioral1/files/0x0007000000014726-20.dat	family_kpot
behavioral1/files/0x00340000000144f0-27.dat	family_kpot
behavioral1/files/0x0007000000014857-31.dat	family_kpot
behavioral1/files/0x000a000000014aa2-36.dat	family_kpot
behavioral1/files/0x000700000001568c-40.dat	family_kpot
behavioral1/files/0x0006000000015be6-46.dat	family_kpot
behavioral1/files/0x0006000000015cba-56.dat	family_kpot
behavioral1/files/0x0006000000015ca6-53.dat	family_kpot
behavioral1/files/0x0006000000015ce1-68.dat	family_kpot
behavioral1/files/0x0006000000015cd5-63.dat	family_kpot
behavioral1/files/0x0006000000015ceb-73.dat	family_kpot
behavioral1/files/0x0006000000015d07-78.dat	family_kpot
behavioral1/files/0x0006000000015d6f-108.dat	family_kpot
behavioral1/files/0x0006000000015d9b-128.dat	family_kpot
behavioral1/files/0x0006000000016117-153.dat	family_kpot
behavioral1/files/0x00060000000161e7-158.dat	family_kpot
behavioral1/files/0x0006000000015fe9-148.dat	family_kpot
behavioral1/files/0x0006000000015f6d-143.dat	family_kpot
behavioral1/files/0x0006000000015eaf-138.dat	family_kpot
behavioral1/files/0x0006000000015e3a-133.dat	family_kpot
behavioral1/files/0x0006000000015d8f-123.dat	family_kpot
behavioral1/files/0x0006000000015d87-118.dat	family_kpot
behavioral1/files/0x0006000000015d79-113.dat	family_kpot
behavioral1/files/0x0006000000015d67-103.dat	family_kpot
behavioral1/files/0x0006000000015d5e-98.dat	family_kpot
behavioral1/files/0x0006000000015d56-93.dat	family_kpot
behavioral1/files/0x0006000000015d4a-88.dat	family_kpot
behavioral1/files/0x0006000000015d28-83.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000b000000014230-2.dat	xmrig
behavioral1/files/0x00340000000144e4-6.dat	xmrig
behavioral1/files/0x0007000000014708-10.dat	xmrig
behavioral1/files/0x000700000001471d-19.dat	xmrig
behavioral1/files/0x0007000000014726-20.dat	xmrig
behavioral1/files/0x00340000000144f0-27.dat	xmrig
behavioral1/files/0x0007000000014857-31.dat	xmrig
behavioral1/files/0x000a000000014aa2-36.dat	xmrig
behavioral1/files/0x000700000001568c-40.dat	xmrig
behavioral1/files/0x0006000000015be6-46.dat	xmrig
behavioral1/files/0x0006000000015cba-56.dat	xmrig
behavioral1/files/0x0006000000015ca6-53.dat	xmrig
behavioral1/files/0x0006000000015ce1-68.dat	xmrig
behavioral1/files/0x0006000000015cd5-63.dat	xmrig
behavioral1/files/0x0006000000015ceb-73.dat	xmrig
behavioral1/files/0x0006000000015d07-78.dat	xmrig
behavioral1/files/0x0006000000015d6f-108.dat	xmrig
behavioral1/files/0x0006000000015d9b-128.dat	xmrig
behavioral1/files/0x0006000000016117-153.dat	xmrig
behavioral1/files/0x00060000000161e7-158.dat	xmrig
behavioral1/files/0x0006000000015fe9-148.dat	xmrig
behavioral1/files/0x0006000000015f6d-143.dat	xmrig
behavioral1/files/0x0006000000015eaf-138.dat	xmrig
behavioral1/files/0x0006000000015e3a-133.dat	xmrig
behavioral1/files/0x0006000000015d8f-123.dat	xmrig
behavioral1/files/0x0006000000015d87-118.dat	xmrig
behavioral1/files/0x0006000000015d79-113.dat	xmrig
behavioral1/files/0x0006000000015d67-103.dat	xmrig
behavioral1/files/0x0006000000015d5e-98.dat	xmrig
behavioral1/files/0x0006000000015d56-93.dat	xmrig
behavioral1/files/0x0006000000015d4a-88.dat	xmrig
behavioral1/files/0x0006000000015d28-83.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2128	BrcsiRU.exe
1280	oTTolls.exe
3068	zoCrInH.exe
2524	EsxmDKJ.exe
2108	ttNmmOF.exe
2684	VBRTrKE.exe
2556	XnRWNqY.exe
2872	bJLhwlC.exe
2468	vQHwsgS.exe
2712	VBMgnxM.exe
2544	URtzKCo.exe
2448	bWCxqsr.exe
2552	rJnktsz.exe
2052	rPlqrqx.exe
1516	QrUXaOR.exe
2532	gikCzGK.exe
2852	JJgRUNl.exe
2960	TrYJMqS.exe
3000	SHTrLfD.exe
2776	fAwQEBh.exe
1296	JGjWqjb.exe
2628	hiwUFgn.exe
2772	CvuOqNX.exe
2396	vjJjAOn.exe
2500	bcDoKsW.exe
2856	dNJObiT.exe
1420	OoaxbqR.exe
636	lHrUyTC.exe
1268	qFVBIgj.exe
2064	QiPgaAv.exe
1924	YHYhzWy.exe
2356	mNmSRnp.exe
2412	vCJMvZK.exe
2400	EPgJVIh.exe
1912	yiWKmzi.exe
712	qarlFYZ.exe
1056	XeBRpiE.exe
1472	qlbkXur.exe
2124	HTOGUZV.exe
988	mqjRAWK.exe
1772	zaxlwil.exe
1640	tsCfiQf.exe
452	qbYPwyb.exe
2388	vitiMCW.exe
1840	bTBGGiM.exe
1656	tXMWNGY.exe
1340	McxqBtZ.exe
1764	rMggnET.exe
1040	nmHpAFC.exe
1584	vkyqdok.exe
1048	tSEYkSA.exe
1044	qJmoKsh.exe
908	xqHLCvv.exe
108	uDkxbkK.exe
1436	zHOZvmc.exe
3036	xUlouJF.exe
1580	pxjeETb.exe
2200	mFCKOwB.exe
756	duALpmA.exe
2368	rZgSZCr.exe
2008	RErTeAV.exe
1192	KjJqzfP.exe
1648	PiYtZmy.exe
1544	Ystzzhb.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qJmoKsh.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\uDkxbkK.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\eJqDsVl.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\lHrUyTC.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\oQKEAYX.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\NowZvzc.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\dZUqOIK.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\QqFApvA.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\wJgqsxH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\CflKtrn.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\EsxmDKJ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ANSPVOZ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\yTIHKFc.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\NIGrvbR.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\JpKvTIN.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\zoCrInH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\rAWjpjo.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\goKtOEW.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\rCnNxSP.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\rJnktsz.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\qlbkXur.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\rZgSZCr.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\drpBPhx.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\CnNYxXA.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\kXeTfxf.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\HDKKBAI.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\eRfatpo.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\McxqBtZ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\RErTeAV.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\nQPzeQN.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\EUkHUIj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\UsJNbZz.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\HByikNy.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\yFktjSD.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\TGmHoxi.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\fAVOXsM.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\AwKoXnj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\csULTzB.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\wsNYxnR.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\IXKqcGH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\nmHpAFC.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ddHAedu.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\WNrMAvo.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\RCexbkn.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\gRVlztj.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\wVYWdtZ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\EyImDlX.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\lMUfupJ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\iwUDrSX.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\BrcsiRU.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\zBCyDkK.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\HzkIzYy.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\MYHOGoQ.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\JAFGfXd.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ASLaoFE.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\QrUXaOR.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\GpIxlnk.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\ItNXDpN.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\XeGldfh.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\oZYxCmX.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\paRSqex.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\wxjHUwH.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\pofjQDi.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
File created	C:\Windows\System\tmgAyiU.exe	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2128	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2220 wrote to memory of 2128	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2220 wrote to memory of 2128	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	29
PID 2220 wrote to memory of 1280	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2220 wrote to memory of 1280	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2220 wrote to memory of 1280	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	30
PID 2220 wrote to memory of 3068	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2220 wrote to memory of 3068	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2220 wrote to memory of 3068	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	31
PID 2220 wrote to memory of 2524	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2220 wrote to memory of 2524	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2220 wrote to memory of 2524	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	32
PID 2220 wrote to memory of 2108	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2220 wrote to memory of 2108	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2220 wrote to memory of 2108	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	33
PID 2220 wrote to memory of 2684	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2220 wrote to memory of 2684	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2220 wrote to memory of 2684	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	34
PID 2220 wrote to memory of 2556	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2220 wrote to memory of 2556	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2220 wrote to memory of 2556	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	35
PID 2220 wrote to memory of 2872	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2220 wrote to memory of 2872	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2220 wrote to memory of 2872	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	36
PID 2220 wrote to memory of 2468	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2220 wrote to memory of 2468	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2220 wrote to memory of 2468	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	37
PID 2220 wrote to memory of 2712	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2220 wrote to memory of 2712	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2220 wrote to memory of 2712	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	38
PID 2220 wrote to memory of 2544	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2220 wrote to memory of 2544	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2220 wrote to memory of 2544	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	39
PID 2220 wrote to memory of 2448	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2220 wrote to memory of 2448	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2220 wrote to memory of 2448	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	40
PID 2220 wrote to memory of 2552	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2220 wrote to memory of 2552	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2220 wrote to memory of 2552	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	41
PID 2220 wrote to memory of 2052	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2220 wrote to memory of 2052	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2220 wrote to memory of 2052	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	42
PID 2220 wrote to memory of 1516	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2220 wrote to memory of 1516	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2220 wrote to memory of 1516	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	43
PID 2220 wrote to memory of 2532	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2220 wrote to memory of 2532	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2220 wrote to memory of 2532	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	44
PID 2220 wrote to memory of 2852	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2220 wrote to memory of 2852	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2220 wrote to memory of 2852	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	45
PID 2220 wrote to memory of 2960	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2220 wrote to memory of 2960	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2220 wrote to memory of 2960	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	46
PID 2220 wrote to memory of 3000	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2220 wrote to memory of 3000	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2220 wrote to memory of 3000	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	47
PID 2220 wrote to memory of 2776	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2220 wrote to memory of 2776	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2220 wrote to memory of 2776	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	48
PID 2220 wrote to memory of 1296	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2220 wrote to memory of 1296	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2220 wrote to memory of 1296	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	49
PID 2220 wrote to memory of 2628	2220	1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1cac21473b2872d3ed6b34a2180ee0c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\BrcsiRU.exe
  C:\Windows\System\BrcsiRU.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\oTTolls.exe
  C:\Windows\System\oTTolls.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\zoCrInH.exe
  C:\Windows\System\zoCrInH.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\EsxmDKJ.exe
  C:\Windows\System\EsxmDKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ttNmmOF.exe
  C:\Windows\System\ttNmmOF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VBRTrKE.exe
  C:\Windows\System\VBRTrKE.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\XnRWNqY.exe
  C:\Windows\System\XnRWNqY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\bJLhwlC.exe
  C:\Windows\System\bJLhwlC.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\vQHwsgS.exe
  C:\Windows\System\vQHwsgS.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\VBMgnxM.exe
  C:\Windows\System\VBMgnxM.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\URtzKCo.exe
  C:\Windows\System\URtzKCo.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\bWCxqsr.exe
  C:\Windows\System\bWCxqsr.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\rJnktsz.exe
  C:\Windows\System\rJnktsz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\rPlqrqx.exe
  C:\Windows\System\rPlqrqx.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\QrUXaOR.exe
  C:\Windows\System\QrUXaOR.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\gikCzGK.exe
  C:\Windows\System\gikCzGK.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\JJgRUNl.exe
  C:\Windows\System\JJgRUNl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\TrYJMqS.exe
  C:\Windows\System\TrYJMqS.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\SHTrLfD.exe
  C:\Windows\System\SHTrLfD.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\fAwQEBh.exe
  C:\Windows\System\fAwQEBh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\JGjWqjb.exe
  C:\Windows\System\JGjWqjb.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\hiwUFgn.exe
  C:\Windows\System\hiwUFgn.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\CvuOqNX.exe
  C:\Windows\System\CvuOqNX.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\vjJjAOn.exe
  C:\Windows\System\vjJjAOn.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\bcDoKsW.exe
  C:\Windows\System\bcDoKsW.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\dNJObiT.exe
  C:\Windows\System\dNJObiT.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\OoaxbqR.exe
  C:\Windows\System\OoaxbqR.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\lHrUyTC.exe
  C:\Windows\System\lHrUyTC.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\qFVBIgj.exe
  C:\Windows\System\qFVBIgj.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\QiPgaAv.exe
  C:\Windows\System\QiPgaAv.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\YHYhzWy.exe
  C:\Windows\System\YHYhzWy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\mNmSRnp.exe
  C:\Windows\System\mNmSRnp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\vCJMvZK.exe
  C:\Windows\System\vCJMvZK.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\EPgJVIh.exe
  C:\Windows\System\EPgJVIh.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\yiWKmzi.exe
  C:\Windows\System\yiWKmzi.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\qarlFYZ.exe
  C:\Windows\System\qarlFYZ.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\XeBRpiE.exe
  C:\Windows\System\XeBRpiE.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\qlbkXur.exe
  C:\Windows\System\qlbkXur.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\HTOGUZV.exe
  C:\Windows\System\HTOGUZV.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\mqjRAWK.exe
  C:\Windows\System\mqjRAWK.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\zaxlwil.exe
  C:\Windows\System\zaxlwil.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\tsCfiQf.exe
  C:\Windows\System\tsCfiQf.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\qbYPwyb.exe
  C:\Windows\System\qbYPwyb.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\vitiMCW.exe
  C:\Windows\System\vitiMCW.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\bTBGGiM.exe
  C:\Windows\System\bTBGGiM.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\tXMWNGY.exe
  C:\Windows\System\tXMWNGY.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\McxqBtZ.exe
  C:\Windows\System\McxqBtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\rMggnET.exe
  C:\Windows\System\rMggnET.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\nmHpAFC.exe
  C:\Windows\System\nmHpAFC.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\vkyqdok.exe
  C:\Windows\System\vkyqdok.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\tSEYkSA.exe
  C:\Windows\System\tSEYkSA.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\qJmoKsh.exe
  C:\Windows\System\qJmoKsh.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\xqHLCvv.exe
  C:\Windows\System\xqHLCvv.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\uDkxbkK.exe
  C:\Windows\System\uDkxbkK.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\zHOZvmc.exe
  C:\Windows\System\zHOZvmc.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\xUlouJF.exe
  C:\Windows\System\xUlouJF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\pxjeETb.exe
  C:\Windows\System\pxjeETb.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\mFCKOwB.exe
  C:\Windows\System\mFCKOwB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\duALpmA.exe
  C:\Windows\System\duALpmA.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\rZgSZCr.exe
  C:\Windows\System\rZgSZCr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\RErTeAV.exe
  C:\Windows\System\RErTeAV.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\KjJqzfP.exe
  C:\Windows\System\KjJqzfP.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\PiYtZmy.exe
  C:\Windows\System\PiYtZmy.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\Ystzzhb.exe
  C:\Windows\System\Ystzzhb.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\OWXRmql.exe
  C:\Windows\System\OWXRmql.exe
  2⤵
  PID:360
- C:\Windows\System\zdKEKFZ.exe
  C:\Windows\System\zdKEKFZ.exe
  2⤵
  PID:1244
- C:\Windows\System\rAWjpjo.exe
  C:\Windows\System\rAWjpjo.exe
  2⤵
  PID:2092
- C:\Windows\System\YesmSLh.exe
  C:\Windows\System\YesmSLh.exe
  2⤵
  PID:2116
- C:\Windows\System\CMKuvCl.exe
  C:\Windows\System\CMKuvCl.exe
  2⤵
  PID:2860
- C:\Windows\System\fZmLIYi.exe
  C:\Windows\System\fZmLIYi.exe
  2⤵
  PID:2112
- C:\Windows\System\uCgTbQx.exe
  C:\Windows\System\uCgTbQx.exe
  2⤵
  PID:2680
- C:\Windows\System\FuNtjWE.exe
  C:\Windows\System\FuNtjWE.exe
  2⤵
  PID:2736
- C:\Windows\System\wHbdkjx.exe
  C:\Windows\System\wHbdkjx.exe
  2⤵
  PID:2460
- C:\Windows\System\cmuhGqB.exe
  C:\Windows\System\cmuhGqB.exe
  2⤵
  PID:3056
- C:\Windows\System\GpIxlnk.exe
  C:\Windows\System\GpIxlnk.exe
  2⤵
  PID:2480
- C:\Windows\System\eJqDsVl.exe
  C:\Windows\System\eJqDsVl.exe
  2⤵
  PID:2488
- C:\Windows\System\drpBPhx.exe
  C:\Windows\System\drpBPhx.exe
  2⤵
  PID:2980
- C:\Windows\System\Qdypekx.exe
  C:\Windows\System\Qdypekx.exe
  2⤵
  PID:2408
- C:\Windows\System\CcCuNDP.exe
  C:\Windows\System\CcCuNDP.exe
  2⤵
  PID:2836
- C:\Windows\System\OMmqimJ.exe
  C:\Windows\System\OMmqimJ.exe
  2⤵
  PID:3028
- C:\Windows\System\zBCyDkK.exe
  C:\Windows\System\zBCyDkK.exe
  2⤵
  PID:2932
- C:\Windows\System\OktcqeP.exe
  C:\Windows\System\OktcqeP.exe
  2⤵
  PID:2664
- C:\Windows\System\HzkIzYy.exe
  C:\Windows\System\HzkIzYy.exe
  2⤵
  PID:1128
- C:\Windows\System\KdAVATo.exe
  C:\Windows\System\KdAVATo.exe
  2⤵
  PID:2652
- C:\Windows\System\ADwozVe.exe
  C:\Windows\System\ADwozVe.exe
  2⤵
  PID:1944
- C:\Windows\System\ALYatQT.exe
  C:\Windows\System\ALYatQT.exe
  2⤵
  PID:1484
- C:\Windows\System\ItRbkVy.exe
  C:\Windows\System\ItRbkVy.exe
  2⤵
  PID:2012
- C:\Windows\System\gmcPQhN.exe
  C:\Windows\System\gmcPQhN.exe
  2⤵
  PID:1780
- C:\Windows\System\quLlSKU.exe
  C:\Windows\System\quLlSKU.exe
  2⤵
  PID:2416
- C:\Windows\System\ANSPVOZ.exe
  C:\Windows\System\ANSPVOZ.exe
  2⤵
  PID:2148
- C:\Windows\System\gXXfFwe.exe
  C:\Windows\System\gXXfFwe.exe
  2⤵
  PID:660
- C:\Windows\System\bQruIbO.exe
  C:\Windows\System\bQruIbO.exe
  2⤵
  PID:1468
- C:\Windows\System\YCIZrcB.exe
  C:\Windows\System\YCIZrcB.exe
  2⤵
  PID:2104
- C:\Windows\System\jjoeqSO.exe
  C:\Windows\System\jjoeqSO.exe
  2⤵
  PID:556
- C:\Windows\System\OpWTuad.exe
  C:\Windows\System\OpWTuad.exe
  2⤵
  PID:1136
- C:\Windows\System\XIYxVpX.exe
  C:\Windows\System\XIYxVpX.exe
  2⤵
  PID:2304
- C:\Windows\System\MXIlQJc.exe
  C:\Windows\System\MXIlQJc.exe
  2⤵
  PID:1508
- C:\Windows\System\MtkRHAo.exe
  C:\Windows\System\MtkRHAo.exe
  2⤵
  PID:1512
- C:\Windows\System\awUaZaV.exe
  C:\Windows\System\awUaZaV.exe
  2⤵
  PID:1036
- C:\Windows\System\mRiNggm.exe
  C:\Windows\System\mRiNggm.exe
  2⤵
  PID:1812
- C:\Windows\System\CnNYxXA.exe
  C:\Windows\System\CnNYxXA.exe
  2⤵
  PID:1616
- C:\Windows\System\cqvTQei.exe
  C:\Windows\System\cqvTQei.exe
  2⤵
  PID:700
- C:\Windows\System\IdDNcXd.exe
  C:\Windows\System\IdDNcXd.exe
  2⤵
  PID:2024
- C:\Windows\System\YBNSAyn.exe
  C:\Windows\System\YBNSAyn.exe
  2⤵
  PID:2272
- C:\Windows\System\yFktjSD.exe
  C:\Windows\System\yFktjSD.exe
  2⤵
  PID:312
- C:\Windows\System\mhjaIHA.exe
  C:\Windows\System\mhjaIHA.exe
  2⤵
  PID:3052
- C:\Windows\System\jqGoHhP.exe
  C:\Windows\System\jqGoHhP.exe
  2⤵
  PID:1604
- C:\Windows\System\IcPBtXv.exe
  C:\Windows\System\IcPBtXv.exe
  2⤵
  PID:1568
- C:\Windows\System\iYwHVGo.exe
  C:\Windows\System\iYwHVGo.exe
  2⤵
  PID:2380
- C:\Windows\System\gVvrXBD.exe
  C:\Windows\System\gVvrXBD.exe
  2⤵
  PID:2152
- C:\Windows\System\CyIJRNz.exe
  C:\Windows\System\CyIJRNz.exe
  2⤵
  PID:2228
- C:\Windows\System\UfVHWiH.exe
  C:\Windows\System\UfVHWiH.exe
  2⤵
  PID:2876
- C:\Windows\System\RklGEPZ.exe
  C:\Windows\System\RklGEPZ.exe
  2⤵
  PID:2756
- C:\Windows\System\OjHCVXI.exe
  C:\Windows\System\OjHCVXI.exe
  2⤵
  PID:308
- C:\Windows\System\OESaKad.exe
  C:\Windows\System\OESaKad.exe
  2⤵
  PID:2444
- C:\Windows\System\goKtOEW.exe
  C:\Windows\System\goKtOEW.exe
  2⤵
  PID:2828
- C:\Windows\System\iTXMDaS.exe
  C:\Windows\System\iTXMDaS.exe
  2⤵
  PID:2952
- C:\Windows\System\oqEvofv.exe
  C:\Windows\System\oqEvofv.exe
  2⤵
  PID:2660
- C:\Windows\System\CIPsAnG.exe
  C:\Windows\System\CIPsAnG.exe
  2⤵
  PID:1608
- C:\Windows\System\qZZAcnJ.exe
  C:\Windows\System\qZZAcnJ.exe
  2⤵
  PID:2800
- C:\Windows\System\SmhJaxc.exe
  C:\Windows\System\SmhJaxc.exe
  2⤵
  PID:860
- C:\Windows\System\gRVlztj.exe
  C:\Windows\System\gRVlztj.exe
  2⤵
  PID:2528
- C:\Windows\System\jxcQuYZ.exe
  C:\Windows\System\jxcQuYZ.exe
  2⤵
  PID:2004
- C:\Windows\System\iJqGean.exe
  C:\Windows\System\iJqGean.exe
  2⤵
  PID:684
- C:\Windows\System\ziEErzW.exe
  C:\Windows\System\ziEErzW.exe
  2⤵
  PID:576
- C:\Windows\System\yTIHKFc.exe
  C:\Windows\System\yTIHKFc.exe
  2⤵
  PID:616
- C:\Windows\System\xuafILJ.exe
  C:\Windows\System\xuafILJ.exe
  2⤵
  PID:2384
- C:\Windows\System\rEqMPcR.exe
  C:\Windows\System\rEqMPcR.exe
  2⤵
  PID:2016
- C:\Windows\System\iwieAoD.exe
  C:\Windows\System\iwieAoD.exe
  2⤵
  PID:1760
- C:\Windows\System\AlDttta.exe
  C:\Windows\System\AlDttta.exe
  2⤵
  PID:1744
- C:\Windows\System\XZpwBqt.exe
  C:\Windows\System\XZpwBqt.exe
  2⤵
  PID:2928
- C:\Windows\System\jyXaNxn.exe
  C:\Windows\System\jyXaNxn.exe
  2⤵
  PID:3040
- C:\Windows\System\ItNXDpN.exe
  C:\Windows\System\ItNXDpN.exe
  2⤵
  PID:1736
- C:\Windows\System\sXbGXeb.exe
  C:\Windows\System\sXbGXeb.exe
  2⤵
  PID:672
- C:\Windows\System\pcrbiyQ.exe
  C:\Windows\System\pcrbiyQ.exe
  2⤵
  PID:1256
- C:\Windows\System\ETxDxVW.exe
  C:\Windows\System\ETxDxVW.exe
  2⤵
  PID:1700
- C:\Windows\System\JYHDhPa.exe
  C:\Windows\System\JYHDhPa.exe
  2⤵
  PID:2732
- C:\Windows\System\kjRGwKH.exe
  C:\Windows\System\kjRGwKH.exe
  2⤵
  PID:2572
- C:\Windows\System\ysdwcDc.exe
  C:\Windows\System\ysdwcDc.exe
  2⤵
  PID:2432
- C:\Windows\System\JemRzyp.exe
  C:\Windows\System\JemRzyp.exe
  2⤵
  PID:2988
- C:\Windows\System\hSpIMMz.exe
  C:\Windows\System\hSpIMMz.exe
  2⤵
  PID:2608
- C:\Windows\System\cKXzXXn.exe
  C:\Windows\System\cKXzXXn.exe
  2⤵
  PID:1948
- C:\Windows\System\fXFtBFy.exe
  C:\Windows\System\fXFtBFy.exe
  2⤵
  PID:1908
- C:\Windows\System\KfuvcEJ.exe
  C:\Windows\System\KfuvcEJ.exe
  2⤵
  PID:1984
- C:\Windows\System\kJgZQYe.exe
  C:\Windows\System\kJgZQYe.exe
  2⤵
  PID:1816
- C:\Windows\System\aBstPIx.exe
  C:\Windows\System\aBstPIx.exe
  2⤵
  PID:412
- C:\Windows\System\NIGrvbR.exe
  C:\Windows\System\NIGrvbR.exe
  2⤵
  PID:1768
- C:\Windows\System\wVYWdtZ.exe
  C:\Windows\System\wVYWdtZ.exe
  2⤵
  PID:844
- C:\Windows\System\QtsMgaF.exe
  C:\Windows\System\QtsMgaF.exe
  2⤵
  PID:2256
- C:\Windows\System\CrsMnYh.exe
  C:\Windows\System\CrsMnYh.exe
  2⤵
  PID:1684
- C:\Windows\System\FRkXbyg.exe
  C:\Windows\System\FRkXbyg.exe
  2⤵
  PID:1572
- C:\Windows\System\GFGgsPI.exe
  C:\Windows\System\GFGgsPI.exe
  2⤵
  PID:2588
- C:\Windows\System\EyImDlX.exe
  C:\Windows\System\EyImDlX.exe
  2⤵
  PID:2824
- C:\Windows\System\xpEtWlv.exe
  C:\Windows\System\xpEtWlv.exe
  2⤵
  PID:2848
- C:\Windows\System\ESrLSvn.exe
  C:\Windows\System\ESrLSvn.exe
  2⤵
  PID:1688
- C:\Windows\System\HMnoDft.exe
  C:\Windows\System\HMnoDft.exe
  2⤵
  PID:1800
- C:\Windows\System\nzSXKCb.exe
  C:\Windows\System\nzSXKCb.exe
  2⤵
  PID:2904
- C:\Windows\System\tTFcLgW.exe
  C:\Windows\System\tTFcLgW.exe
  2⤵
  PID:1096
- C:\Windows\System\oKPRVyO.exe
  C:\Windows\System\oKPRVyO.exe
  2⤵
  PID:2520
- C:\Windows\System\tIkZwlm.exe
  C:\Windows\System\tIkZwlm.exe
  2⤵
  PID:2924
- C:\Windows\System\kmDCClr.exe
  C:\Windows\System\kmDCClr.exe
  2⤵
  PID:2804
- C:\Windows\System\ayDLwTw.exe
  C:\Windows\System\ayDLwTw.exe
  2⤵
  PID:2576
- C:\Windows\System\HrcpWYA.exe
  C:\Windows\System\HrcpWYA.exe
  2⤵
  PID:3080
- C:\Windows\System\NvqFpcZ.exe
  C:\Windows\System\NvqFpcZ.exe
  2⤵
  PID:3100
- C:\Windows\System\XDXcdIk.exe
  C:\Windows\System\XDXcdIk.exe
  2⤵
  PID:3120
- C:\Windows\System\gNMejHo.exe
  C:\Windows\System\gNMejHo.exe
  2⤵
  PID:3140
- C:\Windows\System\NOEvlRr.exe
  C:\Windows\System\NOEvlRr.exe
  2⤵
  PID:3160
- C:\Windows\System\oQKEAYX.exe
  C:\Windows\System\oQKEAYX.exe
  2⤵
  PID:3180
- C:\Windows\System\ANKwyGH.exe
  C:\Windows\System\ANKwyGH.exe
  2⤵
  PID:3200
- C:\Windows\System\dHCOWvF.exe
  C:\Windows\System\dHCOWvF.exe
  2⤵
  PID:3216
- C:\Windows\System\iKaegyz.exe
  C:\Windows\System\iKaegyz.exe
  2⤵
  PID:3240
- C:\Windows\System\tQtdipi.exe
  C:\Windows\System\tQtdipi.exe
  2⤵
  PID:3260
- C:\Windows\System\rRhTUhd.exe
  C:\Windows\System\rRhTUhd.exe
  2⤵
  PID:3280
- C:\Windows\System\qFmjfQM.exe
  C:\Windows\System\qFmjfQM.exe
  2⤵
  PID:3300
- C:\Windows\System\WjOEOhL.exe
  C:\Windows\System\WjOEOhL.exe
  2⤵
  PID:3320
- C:\Windows\System\DhsrAym.exe
  C:\Windows\System\DhsrAym.exe
  2⤵
  PID:3340
- C:\Windows\System\VBzhdFG.exe
  C:\Windows\System\VBzhdFG.exe
  2⤵
  PID:3360
- C:\Windows\System\znjYkAz.exe
  C:\Windows\System\znjYkAz.exe
  2⤵
  PID:3376
- C:\Windows\System\VzZBfgS.exe
  C:\Windows\System\VzZBfgS.exe
  2⤵
  PID:3396
- C:\Windows\System\ZtjaMsc.exe
  C:\Windows\System\ZtjaMsc.exe
  2⤵
  PID:3416
- C:\Windows\System\JpKvTIN.exe
  C:\Windows\System\JpKvTIN.exe
  2⤵
  PID:3440
- C:\Windows\System\SrsFCVy.exe
  C:\Windows\System\SrsFCVy.exe
  2⤵
  PID:3460
- C:\Windows\System\YUpqiUj.exe
  C:\Windows\System\YUpqiUj.exe
  2⤵
  PID:3480
- C:\Windows\System\BzXKmgF.exe
  C:\Windows\System\BzXKmgF.exe
  2⤵
  PID:3496
- C:\Windows\System\ddHAedu.exe
  C:\Windows\System\ddHAedu.exe
  2⤵
  PID:3520
- C:\Windows\System\rCDqwaZ.exe
  C:\Windows\System\rCDqwaZ.exe
  2⤵
  PID:3536
- C:\Windows\System\FYDynVC.exe
  C:\Windows\System\FYDynVC.exe
  2⤵
  PID:3568
- C:\Windows\System\NowZvzc.exe
  C:\Windows\System\NowZvzc.exe
  2⤵
  PID:3584
- C:\Windows\System\TGmHoxi.exe
  C:\Windows\System\TGmHoxi.exe
  2⤵
  PID:3600
- C:\Windows\System\CqrjxTg.exe
  C:\Windows\System\CqrjxTg.exe
  2⤵
  PID:3616
- C:\Windows\System\XQHBgJb.exe
  C:\Windows\System\XQHBgJb.exe
  2⤵
  PID:3632
- C:\Windows\System\cUCXhew.exe
  C:\Windows\System\cUCXhew.exe
  2⤵
  PID:3652
- C:\Windows\System\xIqvSLw.exe
  C:\Windows\System\xIqvSLw.exe
  2⤵
  PID:3696
- C:\Windows\System\WNrMAvo.exe
  C:\Windows\System\WNrMAvo.exe
  2⤵
  PID:3712
- C:\Windows\System\FCrHMvi.exe
  C:\Windows\System\FCrHMvi.exe
  2⤵
  PID:3728
- C:\Windows\System\iUuWmYj.exe
  C:\Windows\System\iUuWmYj.exe
  2⤵
  PID:3744
- C:\Windows\System\LGOayfx.exe
  C:\Windows\System\LGOayfx.exe
  2⤵
  PID:3760
- C:\Windows\System\QAwhqha.exe
  C:\Windows\System\QAwhqha.exe
  2⤵
  PID:3776
- C:\Windows\System\nQPzeQN.exe
  C:\Windows\System\nQPzeQN.exe
  2⤵
  PID:3796
- C:\Windows\System\kNXaqXh.exe
  C:\Windows\System\kNXaqXh.exe
  2⤵
  PID:3816
- C:\Windows\System\csULTzB.exe
  C:\Windows\System\csULTzB.exe
  2⤵
  PID:3840
- C:\Windows\System\RZHOFEc.exe
  C:\Windows\System\RZHOFEc.exe
  2⤵
  PID:3860
- C:\Windows\System\vNMlBOI.exe
  C:\Windows\System\vNMlBOI.exe
  2⤵
  PID:3876
- C:\Windows\System\XeqqXgP.exe
  C:\Windows\System\XeqqXgP.exe
  2⤵
  PID:3892
- C:\Windows\System\ehrAwyh.exe
  C:\Windows\System\ehrAwyh.exe
  2⤵
  PID:3908
- C:\Windows\System\EygNxvb.exe
  C:\Windows\System\EygNxvb.exe
  2⤵
  PID:3924
- C:\Windows\System\HtATTnf.exe
  C:\Windows\System\HtATTnf.exe
  2⤵
  PID:3948
- C:\Windows\System\PCYPSSY.exe
  C:\Windows\System\PCYPSSY.exe
  2⤵
  PID:3964
- C:\Windows\System\ITfFKJJ.exe
  C:\Windows\System\ITfFKJJ.exe
  2⤵
  PID:3980
- C:\Windows\System\PLxfLMT.exe
  C:\Windows\System\PLxfLMT.exe
  2⤵
  PID:3996
- C:\Windows\System\Upbsetc.exe
  C:\Windows\System\Upbsetc.exe
  2⤵
  PID:4016
- C:\Windows\System\VfliDPJ.exe
  C:\Windows\System\VfliDPJ.exe
  2⤵
  PID:4032
- C:\Windows\System\yzJGQRU.exe
  C:\Windows\System\yzJGQRU.exe
  2⤵
  PID:4048
- C:\Windows\System\LVUyemt.exe
  C:\Windows\System\LVUyemt.exe
  2⤵
  PID:4064
- C:\Windows\System\EUkHUIj.exe
  C:\Windows\System\EUkHUIj.exe
  2⤵
  PID:4080
- C:\Windows\System\SddTPbe.exe
  C:\Windows\System\SddTPbe.exe
  2⤵
  PID:2640
- C:\Windows\System\lMUfupJ.exe
  C:\Windows\System\lMUfupJ.exe
  2⤵
  PID:2596
- C:\Windows\System\CaFROjC.exe
  C:\Windows\System\CaFROjC.exe
  2⤵
  PID:1960
- C:\Windows\System\tRFVeSV.exe
  C:\Windows\System\tRFVeSV.exe
  2⤵
  PID:2188
- C:\Windows\System\bWTZvUB.exe
  C:\Windows\System\bWTZvUB.exe
  2⤵
  PID:2208
- C:\Windows\System\XYNDUXC.exe
  C:\Windows\System\XYNDUXC.exe
  2⤵
  PID:1356
- C:\Windows\System\KxamVbh.exe
  C:\Windows\System\KxamVbh.exe
  2⤵
  PID:2428
- C:\Windows\System\paRSqex.exe
  C:\Windows\System\paRSqex.exe
  2⤵
  PID:2820
- C:\Windows\System\MYHOGoQ.exe
  C:\Windows\System\MYHOGoQ.exe
  2⤵
  PID:3096
- C:\Windows\System\bHyGdOh.exe
  C:\Windows\System\bHyGdOh.exe
  2⤵
  PID:2996
- C:\Windows\System\wxjHUwH.exe
  C:\Windows\System\wxjHUwH.exe
  2⤵
  PID:3152
- C:\Windows\System\RCexbkn.exe
  C:\Windows\System\RCexbkn.exe
  2⤵
  PID:3176
- C:\Windows\System\SbdkaZO.exe
  C:\Windows\System\SbdkaZO.exe
  2⤵
  PID:3228
- C:\Windows\System\MdQaDiY.exe
  C:\Windows\System\MdQaDiY.exe
  2⤵
  PID:3268
- C:\Windows\System\gXRtzgs.exe
  C:\Windows\System\gXRtzgs.exe
  2⤵
  PID:3276
- C:\Windows\System\pyKNoAT.exe
  C:\Windows\System\pyKNoAT.exe
  2⤵
  PID:1956
- C:\Windows\System\UsJNbZz.exe
  C:\Windows\System\UsJNbZz.exe
  2⤵
  PID:3328
- C:\Windows\System\JAFGfXd.exe
  C:\Windows\System\JAFGfXd.exe
  2⤵
  PID:1644
- C:\Windows\System\JJLtqbv.exe
  C:\Windows\System\JJLtqbv.exe
  2⤵
  PID:2632
- C:\Windows\System\lnZyVGX.exe
  C:\Windows\System\lnZyVGX.exe
  2⤵
  PID:3408
- C:\Windows\System\gbgIQvT.exe
  C:\Windows\System\gbgIQvT.exe
  2⤵
  PID:3424
- C:\Windows\System\UnBUeqF.exe
  C:\Windows\System\UnBUeqF.exe
  2⤵
  PID:1492
- C:\Windows\System\fAVOXsM.exe
  C:\Windows\System\fAVOXsM.exe
  2⤵
  PID:3468
- C:\Windows\System\SWdScpm.exe
  C:\Windows\System\SWdScpm.exe
  2⤵
  PID:3476
- C:\Windows\System\apNqlYe.exe
  C:\Windows\System\apNqlYe.exe
  2⤵
  PID:3452
- C:\Windows\System\pkaZEIp.exe
  C:\Windows\System\pkaZEIp.exe
  2⤵
  PID:3488
- C:\Windows\System\AnpvSUb.exe
  C:\Windows\System\AnpvSUb.exe
  2⤵
  PID:3512
- C:\Windows\System\wSrXwdz.exe
  C:\Windows\System\wSrXwdz.exe
  2⤵
  PID:3552
- C:\Windows\System\ewXmLFN.exe
  C:\Windows\System\ewXmLFN.exe
  2⤵
  PID:3528
- C:\Windows\System\xInIqok.exe
  C:\Windows\System\xInIqok.exe
  2⤵
  PID:1660
- C:\Windows\System\yTouSBb.exe
  C:\Windows\System\yTouSBb.exe
  2⤵
  PID:1548
- C:\Windows\System\xeqMBuN.exe
  C:\Windows\System\xeqMBuN.exe
  2⤵
  PID:1620
- C:\Windows\System\dZUqOIK.exe
  C:\Windows\System\dZUqOIK.exe
  2⤵
  PID:3576
- C:\Windows\System\kXeTfxf.exe
  C:\Windows\System\kXeTfxf.exe
  2⤵
  PID:3624
- C:\Windows\System\vvuFbRk.exe
  C:\Windows\System\vvuFbRk.exe
  2⤵
  PID:3668
- C:\Windows\System\pEMPGpb.exe
  C:\Windows\System\pEMPGpb.exe
  2⤵
  PID:3648
- C:\Windows\System\SOGoKoo.exe
  C:\Windows\System\SOGoKoo.exe
  2⤵
  PID:3692
- C:\Windows\System\oSffjhq.exe
  C:\Windows\System\oSffjhq.exe
  2⤵
  PID:3756
- C:\Windows\System\tXHCKPa.exe
  C:\Windows\System\tXHCKPa.exe
  2⤵
  PID:3708
- C:\Windows\System\rVNiygb.exe
  C:\Windows\System\rVNiygb.exe
  2⤵
  PID:3772
- C:\Windows\System\iwUDrSX.exe
  C:\Windows\System\iwUDrSX.exe
  2⤵
  PID:3828
- C:\Windows\System\wPNHWOD.exe
  C:\Windows\System\wPNHWOD.exe
  2⤵
  PID:3872
- C:\Windows\System\VtItBre.exe
  C:\Windows\System\VtItBre.exe
  2⤵
  PID:3940
- C:\Windows\System\AwKoXnj.exe
  C:\Windows\System\AwKoXnj.exe
  2⤵
  PID:3920
- C:\Windows\System\XeGldfh.exe
  C:\Windows\System\XeGldfh.exe
  2⤵
  PID:3808
- C:\Windows\System\XohPoft.exe
  C:\Windows\System\XohPoft.exe
  2⤵
  PID:3960
- C:\Windows\System\EjtvvEy.exe
  C:\Windows\System\EjtvvEy.exe
  2⤵
  PID:4008
- C:\Windows\System\JbirLjc.exe
  C:\Windows\System\JbirLjc.exe
  2⤵
  PID:4072
- C:\Windows\System\pLbzOrb.exe
  C:\Windows\System\pLbzOrb.exe
  2⤵
  PID:1788
- C:\Windows\System\rHlkOYX.exe
  C:\Windows\System\rHlkOYX.exe
  2⤵
  PID:4056
- C:\Windows\System\IvwfZQO.exe
  C:\Windows\System\IvwfZQO.exe
  2⤵
  PID:4024
- C:\Windows\System\QqFApvA.exe
  C:\Windows\System\QqFApvA.exe
  2⤵
  PID:1664
- C:\Windows\System\kkWjIer.exe
  C:\Windows\System\kkWjIer.exe
  2⤵
  PID:2308
- C:\Windows\System\ABrycLA.exe
  C:\Windows\System\ABrycLA.exe
  2⤵
  PID:3156
- C:\Windows\System\SMtrgjO.exe
  C:\Windows\System\SMtrgjO.exe
  2⤵
  PID:3172
- C:\Windows\System\rCnNxSP.exe
  C:\Windows\System\rCnNxSP.exe
  2⤵
  PID:3064
- C:\Windows\System\tmgAyiU.exe
  C:\Windows\System\tmgAyiU.exe
  2⤵
  PID:3288
- C:\Windows\System\wsNYxnR.exe
  C:\Windows\System\wsNYxnR.exe
  2⤵
  PID:3356
- C:\Windows\System\mycjbUo.exe
  C:\Windows\System\mycjbUo.exe
  2⤵
  PID:3252
- C:\Windows\System\IXKqcGH.exe
  C:\Windows\System\IXKqcGH.exe
  2⤵
  PID:1272
- C:\Windows\System\dIpGzvX.exe
  C:\Windows\System\dIpGzvX.exe
  2⤵
  PID:3392
- C:\Windows\System\kqJprKf.exe
  C:\Windows\System\kqJprKf.exe
  2⤵
  PID:1316
- C:\Windows\System\PLgvqPg.exe
  C:\Windows\System\PLgvqPg.exe
  2⤵
  PID:2336
- C:\Windows\System\PaUbRyl.exe
  C:\Windows\System\PaUbRyl.exe
  2⤵
  PID:3612
- C:\Windows\System\CePUOad.exe
  C:\Windows\System\CePUOad.exe
  2⤵
  PID:2792
- C:\Windows\System\qmlgBVR.exe
  C:\Windows\System\qmlgBVR.exe
  2⤵
  PID:3812
- C:\Windows\System\lkredbk.exe
  C:\Windows\System\lkredbk.exe
  2⤵
  PID:3916
- C:\Windows\System\vFQkRXa.exe
  C:\Windows\System\vFQkRXa.exe
  2⤵
  PID:3704
- C:\Windows\System\GMwmQeg.exe
  C:\Windows\System\GMwmQeg.exe
  2⤵
  PID:3564
- C:\Windows\System\dyfgJyc.exe
  C:\Windows\System\dyfgJyc.exe
  2⤵
  PID:2972
- C:\Windows\System\OpMjMTi.exe
  C:\Windows\System\OpMjMTi.exe
  2⤵
  PID:3720
- C:\Windows\System\pofjQDi.exe
  C:\Windows\System\pofjQDi.exe
  2⤵
  PID:1196
- C:\Windows\System\wJgqsxH.exe
  C:\Windows\System\wJgqsxH.exe
  2⤵
  PID:3956
- C:\Windows\System\VwmmRIV.exe
  C:\Windows\System\VwmmRIV.exe
  2⤵
  PID:2780
- C:\Windows\System\QfmRjUr.exe
  C:\Windows\System\QfmRjUr.exe
  2⤵
  PID:3012
- C:\Windows\System\hiiynnW.exe
  C:\Windows\System\hiiynnW.exe
  2⤵
  PID:3884
- C:\Windows\System\fFZnVOt.exe
  C:\Windows\System\fFZnVOt.exe
  2⤵
  PID:3236
- C:\Windows\System\HDKKBAI.exe
  C:\Windows\System\HDKKBAI.exe
  2⤵
  PID:3308
- C:\Windows\System\jcmDtei.exe
  C:\Windows\System\jcmDtei.exe
  2⤵
  PID:3504
- C:\Windows\System\zQozQTl.exe
  C:\Windows\System\zQozQTl.exe
  2⤵
  PID:1964
- C:\Windows\System\eRfatpo.exe
  C:\Windows\System\eRfatpo.exe
  2⤵
  PID:3436
- C:\Windows\System\pKcgsUm.exe
  C:\Windows\System\pKcgsUm.exe
  2⤵
  PID:2456
- C:\Windows\System\OHmFqxA.exe
  C:\Windows\System\OHmFqxA.exe
  2⤵
  PID:3788
- C:\Windows\System\hFlMtpY.exe
  C:\Windows\System\hFlMtpY.exe
  2⤵
  PID:3688
- C:\Windows\System\HByikNy.exe
  C:\Windows\System\HByikNy.exe
  2⤵
  PID:3848
- C:\Windows\System\TtuKeqS.exe
  C:\Windows\System\TtuKeqS.exe
  2⤵
  PID:3312
- C:\Windows\System\HdJOpJp.exe
  C:\Windows\System\HdJOpJp.exe
  2⤵
  PID:3664
- C:\Windows\System\ZwwQPuz.exe
  C:\Windows\System\ZwwQPuz.exe
  2⤵
  PID:3128
- C:\Windows\System\KhENVlu.exe
  C:\Windows\System\KhENVlu.exe
  2⤵
  PID:3544
- C:\Windows\System\wKAorkH.exe
  C:\Windows\System\wKAorkH.exe
  2⤵
  PID:3972
- C:\Windows\System\DoiszfD.exe
  C:\Windows\System\DoiszfD.exe
  2⤵
  PID:3904
- C:\Windows\System\dfzmrBM.exe
  C:\Windows\System\dfzmrBM.exe
  2⤵
  PID:4040
- C:\Windows\System\OLYCjDL.exe
  C:\Windows\System\OLYCjDL.exe
  2⤵
  PID:1952
- C:\Windows\System\CflKtrn.exe
  C:\Windows\System\CflKtrn.exe
  2⤵
  PID:2984
- C:\Windows\System\yNQbGZj.exe
  C:\Windows\System\yNQbGZj.exe
  2⤵
  PID:3368
- C:\Windows\System\inQFlJS.exe
  C:\Windows\System\inQFlJS.exe
  2⤵
  PID:1796
- C:\Windows\System\tkPnmqW.exe
  C:\Windows\System\tkPnmqW.exe
  2⤵
  PID:2620
- C:\Windows\System\qQpFBBm.exe
  C:\Windows\System\qQpFBBm.exe
  2⤵
  PID:2196
- C:\Windows\System\oZYxCmX.exe
  C:\Windows\System\oZYxCmX.exe
  2⤵
  PID:3372
- C:\Windows\System\RdvNJHx.exe
  C:\Windows\System\RdvNJHx.exe
  2⤵
  PID:3212
- C:\Windows\System\WPACOau.exe
  C:\Windows\System\WPACOau.exe
  2⤵
  PID:4004
- C:\Windows\System\WyWJqTf.exe
  C:\Windows\System\WyWJqTf.exe
  2⤵
  PID:3804
- C:\Windows\System\iTqeAfW.exe
  C:\Windows\System\iTqeAfW.exe
  2⤵
  PID:3752
- C:\Windows\System\jATnAwq.exe
  C:\Windows\System\jATnAwq.exe
  2⤵
  PID:4108
- C:\Windows\System\YyjKwtB.exe
  C:\Windows\System\YyjKwtB.exe
  2⤵
  PID:4124
- C:\Windows\System\BxJjbef.exe
  C:\Windows\System\BxJjbef.exe
  2⤵
  PID:4140
- C:\Windows\System\BfsbqqU.exe
  C:\Windows\System\BfsbqqU.exe
  2⤵
  PID:4156
- C:\Windows\System\ASLaoFE.exe
  C:\Windows\System\ASLaoFE.exe
  2⤵
  PID:4172
- C:\Windows\System\UiFAYvF.exe
  C:\Windows\System\UiFAYvF.exe
  2⤵
  PID:4188
- C:\Windows\System\kymZFZy.exe
  C:\Windows\System\kymZFZy.exe
  2⤵
  PID:4204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CvuOqNX.exe

Filesize
2.0MB

MD5
920fb47a6fa1b3e204001063ab112caf

SHA1
fdcedf7ddb15e546d539ca3b0f9f83d7559276e1

SHA256
25df575d3d0effc0207eae45e45e71bc07ac78d822183b48ff73e2c0b3714956

SHA512
3f64f51bd52568f0ddb0cba9307d048dd15fae540ddc541241a2f2f53268738dbb944e716e98d12617b993ca42b4046262fae1d61401d6c75d61e8a95830bee4

Download Submit
C:\Windows\system\EsxmDKJ.exe

Filesize
2.0MB

MD5
ed214f4911aa5a229cc4feaf0666fbfb

SHA1
7e401866651b1bff4adad9854aa6c1b358194116

SHA256
99334fd64b883fc289eca093ae9624329ad805b647c0b58b7d01bfd755362b60

SHA512
e7fea421f21227a059a1c716f1949fa2f82f96aea52d24050092255d16c8453f133a4c6431b2559d37b757a75299a6d74927daddc8beb46f8b1e98c4adf01745

Download Submit
C:\Windows\system\JGjWqjb.exe

Filesize
2.0MB

MD5
ad853efe5eb12fe740b374dae86a25e5

SHA1
a4ee4090d78a1bf39ccdabffa16624d3da5c5e6b

SHA256
c0b559c88e9db07788fdb3bf5a464f9e697d12345b74f968d485b76943fee30e

SHA512
b983e21314764ebcd5874954e86445666ee03f6143493777e35f5a09b80df9e2bf520328fcc4b701cbea358a0f7529bcb827486b5c75f7bf7739a7df12549ee9

Download Submit
C:\Windows\system\JJgRUNl.exe

Filesize
2.0MB

MD5
976b6c2633bd8fe66e9fde016f4dfb9d

SHA1
3b08e7c255b3a81c06b9b66d32cf6a13efeced7d

SHA256
0731b20f366d0703efe16d008bd0d855f70ef4f4419fe660b97c463a31f2e826

SHA512
276b9fd8d5a8a357c2f648967afe9a387834467a9387ac35262554c1ea21e133445401219b878b7e184417e822b61e574dd8b9a49581960b8adb437a977c2a15

Download Submit
C:\Windows\system\OoaxbqR.exe

Filesize
2.0MB

MD5
d648bf09eaa2adce62d72bcb817cb051

SHA1
a5565d46c82d8ef9bcb585968b7be9aef852ab26

SHA256
71445413f4ae06c3a02f3bb1960596cb0bd60cb807954b87910d1151a5c26014

SHA512
99b93fb29813bcbfb6781b9fb26ce491352ddcd4b0d9b589be2626fc20a76879433b1284d31ca9061f7ee5fb273892630726689a1b38b81cf31a40c769138eb5

Download Submit
C:\Windows\system\QiPgaAv.exe

Filesize
2.0MB

MD5
e4ee22f1f8f9e4cc6621efbbeecab862

SHA1
b40cf8da3fe23e1b9e8f5225f8bd31ee5eaa4993

SHA256
82c27bc7699665f79d4668a7058d08def11333acb3fd2c3a9ccbda224110f44c

SHA512
2d5b102949a8dfb55f0ca39c3b2c9eafa0171ff3357c62c091b2c0e8f1b4c9c2d84c8059e4e101bdd76ec09aa1c49a473034f031b360501439d4a0c8efd28ab8

Download Submit
C:\Windows\system\QrUXaOR.exe

Filesize
2.0MB

MD5
00f1dc75dc7011e5e370409e46f13c3b

SHA1
9eaae480d339016a2fa9e0735ee21d98782e9085

SHA256
dd875b99dd353938df14749e7addc54a3ee0af0fcd2ce354e02bf8247a9c9893

SHA512
2957adcc799348c3bc2e2dece1cd2e26d143efea024c649e651b531a25851bc851ae71738ca47b2a1e0b38dc828e46ceea5be18ca5ed885a8c1ecf9ec1716fc8

Download Submit
C:\Windows\system\SHTrLfD.exe

Filesize
2.0MB

MD5
c4f32defd3db305c152ffafb9e9bea84

SHA1
e75092917cde02e01c3bd52bc3a5163ef3c199d0

SHA256
d3fdf8301bcffe8785093acb897014321cda46e0aac232f73a1b055809c81a93

SHA512
1f870433f4bc210bec33cb54a5af756050c8dbd1c90abc66458f0c75c53d918d0e81ccf3b36ac6e4e8369d1e784d9384ac96f6de03d079273c5bee9980d6d2a2

Download Submit
C:\Windows\system\TrYJMqS.exe

Filesize
2.0MB

MD5
779038fea23348fb2160c171e898b81d

SHA1
5e2c84613949ccd5cbc00a2ed15b1961ecc1b456

SHA256
ce7402971a2f9087826022510ce7f4e9cec4aa7ca5e938e4bbe9d7f47d5a8c41

SHA512
1d7707c3f2a004fcc4adbf84974ea38e46c49278165544ae6e931f67e1d060e07d91a20155d68ad779d6cd960d1c05f91ddf95c9fa780fbad086713340f8d2e4

Download Submit
C:\Windows\system\URtzKCo.exe

Filesize
2.0MB

MD5
0b57d3ea9c9dcefbf29d356cca4f794d

SHA1
faaa235070effc6d32a1d49f0dbb26bf78784701

SHA256
15fbc9c199c68b5e91aa1a1f08994b5b1f7fd52b75ccf534ef7adf22e5fb68a6

SHA512
4b08ab72103c8d9bb3f4a95eb489aee9e55505dab8e8a59b60bb34244f558b63ae41fd654286f7b32f2325c484cdbab9a03bbb5f21f42e1ad81ba6ab51b1b9a9

Download Submit
C:\Windows\system\YHYhzWy.exe

Filesize
2.0MB

MD5
301b6e9e72f189bf7da1f02441ee8d47

SHA1
358073c4fb65a815ffd03efdafa0aa854b0e6d59

SHA256
cf65c0121871618d1e9519c8a4ff2b2247bc5e2bf8e7d8ecd61ecb3886d69294

SHA512
7d9f67a494730deb2f19024f72809d96a1e34228448fb7dbbd9a0ae50cbfff178d11c34e7b3cfc54a379a56f6e3d5347741d95cb9425ce176f29ae2db97d183e

Download Submit
C:\Windows\system\bcDoKsW.exe

Filesize
2.0MB

MD5
7d75f2a6f82becc1772cf894077c3128

SHA1
24f856695ac8ffe064819fd6cf452113bb24ac4f

SHA256
78ecff5c774259b2a2cccbbb592846c873c335444d6c267febc25336d4c28afb

SHA512
a30433c0f6c3275636fb714b5c4331f29f3232287fdd1604676870f5fcb5f90da8547dddade07d98952669a0841f7c5c52c52b9b94f7715f720fb3ce0bd5ef56

Download Submit
C:\Windows\system\dNJObiT.exe

Filesize
2.0MB

MD5
928018400ccb0d948df2a329f0fc958e

SHA1
4027283d68a7c888c3d71561c6141ce6bb0ef796

SHA256
4c82973a1bf0806ce9b8b1734062e137bb7c5c8a1cb34836b79bc8202bf4d3de

SHA512
18e7ceec8cc1241ddf455b574d7fddd81bf7f049cdaf98838db4ff51f2fc74e7d14c264b3d29e05d37a0f5dda91293528feae2a7c3aa46e329146ff46667ede1

Download Submit
C:\Windows\system\fAwQEBh.exe

Filesize
2.0MB

MD5
f04f4fff1726af2b38f7f22c5f9c0852

SHA1
1dea15b079582fac2ec07b7ff7963c1f3e0bdeff

SHA256
5b49cb89a45783dcee3eb493f1c9fa89362024fb5efc3780f44beb4327f28595

SHA512
9e0b8a3df40399e43010a9bc3cd8b0edccb01edccf62eb904902b976fdc37fc6718c62043ad583a9c7772ca240d6555548ca84fbeaa731d838b86ba8a893bc0f

Download Submit
C:\Windows\system\gikCzGK.exe

Filesize
2.0MB

MD5
f1dd0a2c43e46ae54288ed29812e3294

SHA1
b0e3eaa324c1e3a161410b97408865d9668a747e

SHA256
07661c4e3bc320ec85c038bfe5774c93291a1a8480b03befe8a0033aa6cce7b7

SHA512
e19b56848ecad19e92fcbd362608b4188ea619d8e0d076a4a3a195ec217c52436827e151845acce14f03c987f1ec9ac2068bf5dc714eb4b6b1a3fb82962fea2d

Download Submit
C:\Windows\system\hiwUFgn.exe

Filesize
2.0MB

MD5
83817c22cf452cd28bc0021aedc2ccd0

SHA1
f297a1a2447e09e317bac354379c8eef79ca88a6

SHA256
a9d8defdd92dd4af90e123d7ee6082d0e3fa887e724708cdd4f7251d5a5189c7

SHA512
d0394d67b15cd888aa4f7c5bfce539dccd031911f728a9808d2aa03d748f1e43e06695bcfe75cf65310fa1789c8eb9220cf8ecfaf5a28e42009262c6007f6160

Download Submit
C:\Windows\system\lHrUyTC.exe

Filesize
2.0MB

MD5
3652959290ee7e03931e1f741ba89554

SHA1
96e412ec4dd2a08b8f76073aef7f4c04a55fdf21

SHA256
3b892c6f94947a83a9e03a4a2f1e79630d4c9e4aea3d08b0ca90315ce0d5b5cb

SHA512
a4aa304e89a97ff9beaaec1aebbab20b5316c0ed8e1e8bddf6e95de2372e118c0c22466933c988d0b815d915ecc665c6401563b16069b484636f52757297cae3

Download Submit
C:\Windows\system\mNmSRnp.exe

Filesize
2.0MB

MD5
ef04a707f82651f1f7cf59cf784463b7

SHA1
0d68932ff7f1c6913a21d94cf202a731e4362b44

SHA256
48798b29df0101cd211b29893c8685194c314edd5b30e5a1b0bf579dec5e3116

SHA512
6d53f31df0cc6b5cb6eee8edd7b7cbca4f4aa2b4ce8740f94a2ced94b1ce00b0a23d3fed386c1a0b16f9cc55078293e9ebf77a2a599b73a1ab1191b74183c556

Download Submit
C:\Windows\system\qFVBIgj.exe

Filesize
2.0MB

MD5
c68ff9653f7699200d966ade295e84d1

SHA1
16f987603c5c9be82b1c44dd22bc0c90fe3c143e

SHA256
2b0cc9516984449335b1c65637e1a5de01fb134c83284803f2387070b0c3e6a4

SHA512
0dd578879095dfa7b0e593b2346050b536aea8c463642ed65caebfb794112498dadbe5e8159b0c0651346758effcc45501aa54e168f278952552fbe9b9b0f638

Download Submit
C:\Windows\system\rJnktsz.exe

Filesize
2.0MB

MD5
99b1bbb7829790d089c6bcc8295b9c6f

SHA1
d9daeb6f709c86db87ee2ca4b774a773e2eb4b45

SHA256
66436f2be33805e0ca555095f75da11f330010a22ab6d9c3887d37460a1aa9e8

SHA512
5f9548dc513e2e2d3bb36449c91f3f4dab694ef36105143131a5c3c4662e3e5daa8dce795ef899f7f2fbd1099125ffffc086182ef19f3960815c82135e821822

Download Submit
C:\Windows\system\rPlqrqx.exe

Filesize
2.0MB

MD5
f1286a16f0cd0ea357605f4a01d560f8

SHA1
d757cde4f77867a63411bcc7b7e6a4139f2ba78e

SHA256
d832e963951ac2679dc7a811d97267c37031d03ca2fbae9c9283ad43ca8c5391

SHA512
8e40a25e23f465a8bcea5a675a4916221c0c13feb376aa5d125cdb78ad9c3fb8c8fa03f2bd4ec2a9b4c49c988f10e8c5feca376f908c61c22aa2abd00bb32622

Download Submit
C:\Windows\system\vjJjAOn.exe

Filesize
2.0MB

MD5
3a510de3bad4d433e3f176f2936595e3

SHA1
841c1ee530a3be793f736228a6cb2a165b28ad7c

SHA256
09cebaa5a1b8014f9b9b71271fca49b3ae415731d8a915eff3fd2863444e34d1

SHA512
396e1eecdb6d6f665ae70eef8a93b498adce198a1705d3ea1c0c9b9ff06c41a9958f95038320d25118557c9e12ae79c2a708c378a28384872ec77916ba8b2d28

Download Submit
C:\Windows\system\zoCrInH.exe

Filesize
2.0MB

MD5
330b586f3e8f720d21871f6874237db5

SHA1
7b5492d0216cc350678990aba8301ef92f3b5af2

SHA256
76ba5fdea62f2871fe59b65f0348049c600816c57d1977e0781e8295767b2394

SHA512
cc717b50c485482457d9c4bf0d2faefa0ca2b65f8b0cc9dee5795c3a5550623b92feb8be52cb9b6a688e1a0f7a79bb8e7c379b09d5b4e0bd3d533fbbaa59f750

Download Submit
\Windows\system\BrcsiRU.exe

Filesize
2.0MB

MD5
93ecff65231c53c42207f48f5563d588

SHA1
25e9c4553937bd8c2a02d6e75d03b20ec29c6477

SHA256
a8f7ab77f2d3cc3a0b8f60b22d9ca65d27115dacef782a0e9bc5f640120ad1c4

SHA512
221fb08fc9c8139af27680b72e2be0da85810ed5f98bfeea2c950cd338e32f4572097ae7fa721255419bbab10a459e76bcb899a2d3173f61ff8b3047d1a16c7f

Download Submit
\Windows\system\VBMgnxM.exe

Filesize
2.0MB

MD5
79678bb58887a452c5837cbbf945d1b6

SHA1
f852597cfe0ecdf1608164b036542fff69143a9b

SHA256
cdeec99ac33e0aafaba6d2993b06a4d671fddf65b6568f1a78b1bc16ef4961ef

SHA512
ba277c57aa9545d20de8268579cb305e206a96bb91ce1b8b873a66423d368890e6cecf3e08a347146fb4f008d0658e3b5a6a74917617cbf1931f4f95ea32294b

Download Submit
\Windows\system\VBRTrKE.exe

Filesize
2.0MB

MD5
69ab7d4dbf1cf721f40d28344b6d76af

SHA1
00293f1b870938ae9ef0aaec95c3a1a289a4393f

SHA256
8bae93355553e421e30a4af5ffd8876cfbdfb77cae0f39e73fe7e0e1f6b9a47f

SHA512
ab53816f7dccf237cfd58d140f6027e07f433a896fca4674e869b69b7012d607574962d674a8ae708f0592aa79b454ac5387c5d76dc07bb2a17f0d9daf989488

Download Submit
\Windows\system\XnRWNqY.exe

Filesize
2.0MB

MD5
52d78dcb6583ee885ac6f6c04d4bc8b3

SHA1
0d68cbe20f54b5b5d32931859b2399c77017a6a4

SHA256
fcca5a8af088d5366605a075c7c517f43a2486500079c131dba96c5a5c5a03dd

SHA512
1fb95aae73ef8abfce50b6f3fea853b37663547c6fe7e73d847c84e171d8377be3d45e5c0e830d144dd33011f54bbfc4f9d3d4006a0cd7ecded3565feff25c2f

Download Submit
\Windows\system\bJLhwlC.exe

Filesize
2.0MB

MD5
85d2b98fcfe989f161ff5f52c5bd9601

SHA1
d01f97bfde9541dc7cb5b31959640335da36570a

SHA256
2c8c9c0bb5d08a4ff4e89a71cc806a90d90b9d3fc4b4c4049f12e19f8dff6d8d

SHA512
c549db5bf6728539d8f22a65845ddbf168695c12c9d2525f7494b6c178d52bb8719a95ed33b1f36a3aea4961276db6b2c32a172fcb52239a8910ddb5fb58294c

Download Submit
\Windows\system\bWCxqsr.exe

Filesize
2.0MB

MD5
4bc5a6a16cfea27af74fd8474136b90b

SHA1
547265aa66406274fb423c360669279e1150fd94

SHA256
e9b0b8192f5bf6724eee4c36b449a0bff07e19ee1ee876445570079efbad20e7

SHA512
57cce2b5aeee8e01d0bcd17cfd31ed9485758c7a39034949bc2e997c78ee8ef904b51c8f968a78316182f9c3d5d7bfd95219006ff30513e1fefd0abeff5bb61c

Download Submit
\Windows\system\oTTolls.exe

Filesize
2.0MB

MD5
68ab0ed556276dc01faeb8822a12e084

SHA1
8377d6de824679266272d01c432c280cf11271ca

SHA256
81d654ed72f02db0cc93632e98a370064f5e9acfa4b5bc1b12cb76d5c2bb8849

SHA512
ca3ec00393912b60593e601f6453464c1f67238a9ac769acb577222737c834d4f1180c2cc81fe65e8edfd574f083d7e6b2afec95e25521d53e59976c935a35cd

Download Submit
\Windows\system\ttNmmOF.exe

Filesize
2.0MB

MD5
00b673fb070ab7bfd4d3b224217b2304

SHA1
7125fe33977bbb51f7b826fb0d98551798d0648d

SHA256
32a21ce143d6ed34208cc2d28b19924dc6c832989caea072bb440decaf9ec428

SHA512
15a206aac94c5642a5aee87b880f0864f0cb9300c5c351242191d26e416dce71da909d9b7dc7bc08bdcb92f0d273ad39d59551a43939b2b53b84f6508628e3d3

Download Submit
\Windows\system\vQHwsgS.exe

Filesize
2.0MB

MD5
ba0b5624681908a87cea93dca7acfc0a

SHA1
6d17651ab3197d75b8fbce4f4660246b72afa198

SHA256
08378148b3cd9ef14d31763bcdba98cc0c6b155f37549b3c2ddd21ce50a31c7d

SHA512
77de13262a111c2e1d0566c521112e9eca079a6e82b8cb0ab46cfdb6365fed3921ed985f484abf644bf83a071360c0b3a5681f2be9a411e2ab0e097d561a0383

Download Submit
memory/2220-0-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download