kpot | cbcf11964bc20fc6b341c2e2cebc50726c8f010d2bfc9722e99c08b246a68a07

Analysis

max time kernel
136s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 23:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
Size

2.0MB
MD5

4c23339c861acfe11465602113ab6e20
SHA1

acb0880e281ba33f0d0c1f2193355c5c2c9564bc
SHA256

cbcf11964bc20fc6b341c2e2cebc50726c8f010d2bfc9722e99c08b246a68a07
SHA512

717db63daf46c49c2e51f00b7e21079a03288bb88e195e22bba25bd06a9a45f57b011e790573dc115cbe28db61df179a73fea2bcebba6b99657a28fbabb05fbc
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2F:GemTLkNdfE0pZaQ9

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000f00000001226b-2.dat	family_kpot
behavioral1/files/0x0036000000014574-6.dat	family_kpot
behavioral1/files/0x000700000001473f-8.dat	family_kpot
behavioral1/files/0x00080000000148ac-17.dat	family_kpot
behavioral1/files/0x0007000000014b19-21.dat	family_kpot
behavioral1/files/0x0007000000014bca-29.dat	family_kpot
behavioral1/files/0x0007000000014c0b-33.dat	family_kpot
behavioral1/files/0x0006000000015d02-44.dat	family_kpot
behavioral1/files/0x0006000000015d49-60.dat	family_kpot
behavioral1/files/0x0006000000015d77-68.dat	family_kpot
behavioral1/files/0x0006000000015ff4-88.dat	family_kpot
behavioral1/files/0x0006000000016255-96.dat	family_kpot
behavioral1/files/0x0006000000016c71-128.dat	family_kpot
behavioral1/files/0x0006000000016c56-124.dat	family_kpot
behavioral1/files/0x0006000000016abb-120.dat	family_kpot
behavioral1/files/0x000600000001686d-116.dat	family_kpot
behavioral1/files/0x000600000001663f-112.dat	family_kpot
behavioral1/files/0x00060000000165a8-108.dat	family_kpot
behavioral1/files/0x00060000000164a9-104.dat	family_kpot
behavioral1/files/0x0006000000016310-101.dat	family_kpot
behavioral1/files/0x0006000000016103-92.dat	family_kpot
behavioral1/files/0x0006000000015f71-84.dat	family_kpot
behavioral1/files/0x0006000000015f05-80.dat	family_kpot
behavioral1/files/0x0006000000015e5b-76.dat	family_kpot
behavioral1/files/0x0006000000015d7f-72.dat	family_kpot
behavioral1/files/0x0006000000015d6b-64.dat	family_kpot
behavioral1/files/0x0006000000015d28-56.dat	family_kpot
behavioral1/files/0x0006000000015d19-52.dat	family_kpot
behavioral1/files/0x0006000000015d0c-48.dat	family_kpot
behavioral1/files/0x0006000000015cf0-40.dat	family_kpot
behavioral1/files/0x0008000000014f41-36.dat	family_kpot
behavioral1/files/0x0007000000014b58-24.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000f00000001226b-2.dat	xmrig
behavioral1/files/0x0036000000014574-6.dat	xmrig
behavioral1/files/0x000700000001473f-8.dat	xmrig
behavioral1/files/0x00080000000148ac-17.dat	xmrig
behavioral1/files/0x0007000000014b19-21.dat	xmrig
behavioral1/files/0x0007000000014bca-29.dat	xmrig
behavioral1/files/0x0007000000014c0b-33.dat	xmrig
behavioral1/files/0x0006000000015d02-44.dat	xmrig
behavioral1/files/0x0006000000015d49-60.dat	xmrig
behavioral1/files/0x0006000000015d77-68.dat	xmrig
behavioral1/files/0x0006000000015ff4-88.dat	xmrig
behavioral1/files/0x0006000000016255-96.dat	xmrig
behavioral1/files/0x0006000000016c71-128.dat	xmrig
behavioral1/files/0x0006000000016c56-124.dat	xmrig
behavioral1/files/0x0006000000016abb-120.dat	xmrig
behavioral1/files/0x000600000001686d-116.dat	xmrig
behavioral1/files/0x000600000001663f-112.dat	xmrig
behavioral1/files/0x00060000000165a8-108.dat	xmrig
behavioral1/files/0x00060000000164a9-104.dat	xmrig
behavioral1/files/0x0006000000016310-101.dat	xmrig
behavioral1/files/0x0006000000016103-92.dat	xmrig
behavioral1/files/0x0006000000015f71-84.dat	xmrig
behavioral1/files/0x0006000000015f05-80.dat	xmrig
behavioral1/files/0x0006000000015e5b-76.dat	xmrig
behavioral1/files/0x0006000000015d7f-72.dat	xmrig
behavioral1/files/0x0006000000015d6b-64.dat	xmrig
behavioral1/files/0x0006000000015d28-56.dat	xmrig
behavioral1/files/0x0006000000015d19-52.dat	xmrig
behavioral1/files/0x0006000000015d0c-48.dat	xmrig
behavioral1/files/0x0006000000015cf0-40.dat	xmrig
behavioral1/files/0x0008000000014f41-36.dat	xmrig
behavioral1/files/0x0007000000014b58-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2156	XBxPniQ.exe
2780	rJxGDpY.exe
2280	dUFsYbs.exe
2232	QjKnusX.exe
2620	OhivTRc.exe
2724	SUROZTS.exe
2708	ViKrSus.exe
2644	SikWdjh.exe
2752	RasrWta.exe
1656	QRzIUdM.exe
2536	BVbxXdd.exe
2676	aBVHiSD.exe
2740	pcYqpcD.exe
2508	lknhStY.exe
2436	HhIUGzi.exe
3000	GRDzlJG.exe
2212	FdAkTeY.exe
1960	AYbFcht.exe
2600	EeClYYI.exe
2696	YyHNDCj.exe
2792	AXUTMIV.exe
2688	gyEjeHl.exe
1068	xGaJAHi.exe
1784	ypsDXVx.exe
1096	LFsZLrv.exe
1192	zjToaof.exe
1976	ydHLzgF.exe
1748	HtQSESv.exe
376	jyYXKFO.exe
1752	WxDqOQM.exe
3040	YcDJpnZ.exe
2984	wSHKkcJ.exe
2104	PYWBmSO.exe
1256	ZfckQIY.exe
2692	FvUUOoP.exe
2928	ZmKGKyM.exe
2052	NVZkAab.exe
264	NEVvctX.exe
772	tkCsHcg.exe
1012	JYaBkwX.exe
496	nFSwTsc.exe
1108	AnfXUhg.exe
1660	LnYIIcO.exe
1792	RJbAGUb.exe
844	JrvhyqN.exe
1516	kXlFMms.exe
2096	PZiOnCm.exe
2300	TEpDtdz.exe
2264	ptBPWdf.exe
2220	DaEamiM.exe
1740	WZIdzlw.exe
268	PmUGkjP.exe
1796	cueaDfR.exe
1644	LuHdoIb.exe
1308	IswHQtf.exe
600	SWkCbBO.exe
2964	yXCekcU.exe
3056	nTOzItI.exe
1952	oevDKkm.exe
900	WIliiSR.exe
1084	QYJRbGE.exe
1048	nprgylc.exe
2292	XsYwKJW.exe
1564	ThcHOXY.exe

Loads dropped DLL 64 IoCs

pid	Process
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tFkAtPz.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\DEVQycf.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\IRWcCMf.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\zEaxpUj.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RasrWta.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\rqtqhyG.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\eCHCCLB.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\FQuOUnQ.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\qLQKUMh.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RLKfjeR.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\XcgrAUb.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\zjToaof.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\DaEamiM.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\iOTdQSe.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\vPOMQoQ.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\olfyGbU.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\ydHLzgF.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\iKhFkQa.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\fsoloqB.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\vOVPNwY.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\xUoeUGW.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\pSwCHLw.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\MWvtton.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\hMCAXxk.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\ViKrSus.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\PYWBmSO.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\lCVklOR.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\YcDJpnZ.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\AwVMkGN.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\odSZGIo.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\BMHLhXK.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\vLZCAnO.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\VXdbWzI.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\YyHNDCj.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\ozYjfse.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\aPHtPKo.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\sqKoEvl.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\BkItrIE.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\wMtvlOb.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\lBsXPsV.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\oBkripv.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\rutGumu.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\QUlZoiS.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RBXNYiq.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\rJxGDpY.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\IswHQtf.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RznfopJ.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RHnPtto.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\dsPVhrA.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\WAXauqZ.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\fkeLsJE.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\ZiFQjFl.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\QOLpDCb.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\yjIhVkv.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\GauRsdt.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\vMGCTTK.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\RJbAGUb.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\ebUDJsA.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\JVuyMFK.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\gWfVmnv.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\SikWdjh.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\xndJayp.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\fxObIqb.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
File created	C:\Windows\System\JgzGRml.exe	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2156	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	29
PID 1848 wrote to memory of 2156	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	29
PID 1848 wrote to memory of 2156	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	29
PID 1848 wrote to memory of 2780	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	30
PID 1848 wrote to memory of 2780	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	30
PID 1848 wrote to memory of 2780	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	30
PID 1848 wrote to memory of 2280	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	31
PID 1848 wrote to memory of 2280	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	31
PID 1848 wrote to memory of 2280	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	31
PID 1848 wrote to memory of 2232	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	32
PID 1848 wrote to memory of 2232	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	32
PID 1848 wrote to memory of 2232	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	32
PID 1848 wrote to memory of 2620	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	33
PID 1848 wrote to memory of 2620	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	33
PID 1848 wrote to memory of 2620	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	33
PID 1848 wrote to memory of 2724	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	34
PID 1848 wrote to memory of 2724	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	34
PID 1848 wrote to memory of 2724	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	34
PID 1848 wrote to memory of 2708	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	35
PID 1848 wrote to memory of 2708	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	35
PID 1848 wrote to memory of 2708	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	35
PID 1848 wrote to memory of 2644	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	36
PID 1848 wrote to memory of 2644	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	36
PID 1848 wrote to memory of 2644	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	36
PID 1848 wrote to memory of 2752	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	37
PID 1848 wrote to memory of 2752	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	37
PID 1848 wrote to memory of 2752	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	37
PID 1848 wrote to memory of 1656	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	38
PID 1848 wrote to memory of 1656	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	38
PID 1848 wrote to memory of 1656	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	38
PID 1848 wrote to memory of 2536	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	39
PID 1848 wrote to memory of 2536	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	39
PID 1848 wrote to memory of 2536	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	39
PID 1848 wrote to memory of 2676	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	40
PID 1848 wrote to memory of 2676	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	40
PID 1848 wrote to memory of 2676	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	40
PID 1848 wrote to memory of 2740	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	41
PID 1848 wrote to memory of 2740	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	41
PID 1848 wrote to memory of 2740	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	41
PID 1848 wrote to memory of 2508	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	42
PID 1848 wrote to memory of 2508	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	42
PID 1848 wrote to memory of 2508	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	42
PID 1848 wrote to memory of 2436	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	43
PID 1848 wrote to memory of 2436	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	43
PID 1848 wrote to memory of 2436	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	43
PID 1848 wrote to memory of 3000	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	44
PID 1848 wrote to memory of 3000	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	44
PID 1848 wrote to memory of 3000	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	44
PID 1848 wrote to memory of 2212	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	45
PID 1848 wrote to memory of 2212	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	45
PID 1848 wrote to memory of 2212	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	45
PID 1848 wrote to memory of 1960	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	46
PID 1848 wrote to memory of 1960	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	46
PID 1848 wrote to memory of 1960	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	46
PID 1848 wrote to memory of 2600	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	47
PID 1848 wrote to memory of 2600	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	47
PID 1848 wrote to memory of 2600	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	47
PID 1848 wrote to memory of 2696	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	48
PID 1848 wrote to memory of 2696	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	48
PID 1848 wrote to memory of 2696	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	48
PID 1848 wrote to memory of 2792	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	49
PID 1848 wrote to memory of 2792	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	49
PID 1848 wrote to memory of 2792	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	49
PID 1848 wrote to memory of 2688	1848	4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c23339c861acfe11465602113ab6e20_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\System\XBxPniQ.exe
  C:\Windows\System\XBxPniQ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\rJxGDpY.exe
  C:\Windows\System\rJxGDpY.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\dUFsYbs.exe
  C:\Windows\System\dUFsYbs.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\QjKnusX.exe
  C:\Windows\System\QjKnusX.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\OhivTRc.exe
  C:\Windows\System\OhivTRc.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\SUROZTS.exe
  C:\Windows\System\SUROZTS.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ViKrSus.exe
  C:\Windows\System\ViKrSus.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\SikWdjh.exe
  C:\Windows\System\SikWdjh.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RasrWta.exe
  C:\Windows\System\RasrWta.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\QRzIUdM.exe
  C:\Windows\System\QRzIUdM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\BVbxXdd.exe
  C:\Windows\System\BVbxXdd.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\aBVHiSD.exe
  C:\Windows\System\aBVHiSD.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\pcYqpcD.exe
  C:\Windows\System\pcYqpcD.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\lknhStY.exe
  C:\Windows\System\lknhStY.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\HhIUGzi.exe
  C:\Windows\System\HhIUGzi.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\GRDzlJG.exe
  C:\Windows\System\GRDzlJG.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\FdAkTeY.exe
  C:\Windows\System\FdAkTeY.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\AYbFcht.exe
  C:\Windows\System\AYbFcht.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\EeClYYI.exe
  C:\Windows\System\EeClYYI.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\YyHNDCj.exe
  C:\Windows\System\YyHNDCj.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\AXUTMIV.exe
  C:\Windows\System\AXUTMIV.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\gyEjeHl.exe
  C:\Windows\System\gyEjeHl.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\xGaJAHi.exe
  C:\Windows\System\xGaJAHi.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\ypsDXVx.exe
  C:\Windows\System\ypsDXVx.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\LFsZLrv.exe
  C:\Windows\System\LFsZLrv.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zjToaof.exe
  C:\Windows\System\zjToaof.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\ydHLzgF.exe
  C:\Windows\System\ydHLzgF.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HtQSESv.exe
  C:\Windows\System\HtQSESv.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\jyYXKFO.exe
  C:\Windows\System\jyYXKFO.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\WxDqOQM.exe
  C:\Windows\System\WxDqOQM.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\YcDJpnZ.exe
  C:\Windows\System\YcDJpnZ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\wSHKkcJ.exe
  C:\Windows\System\wSHKkcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\PYWBmSO.exe
  C:\Windows\System\PYWBmSO.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ZfckQIY.exe
  C:\Windows\System\ZfckQIY.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\FvUUOoP.exe
  C:\Windows\System\FvUUOoP.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ZmKGKyM.exe
  C:\Windows\System\ZmKGKyM.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\NVZkAab.exe
  C:\Windows\System\NVZkAab.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\NEVvctX.exe
  C:\Windows\System\NEVvctX.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\tkCsHcg.exe
  C:\Windows\System\tkCsHcg.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\JYaBkwX.exe
  C:\Windows\System\JYaBkwX.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\nFSwTsc.exe
  C:\Windows\System\nFSwTsc.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\AnfXUhg.exe
  C:\Windows\System\AnfXUhg.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\LnYIIcO.exe
  C:\Windows\System\LnYIIcO.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\RJbAGUb.exe
  C:\Windows\System\RJbAGUb.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\JrvhyqN.exe
  C:\Windows\System\JrvhyqN.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\kXlFMms.exe
  C:\Windows\System\kXlFMms.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\PZiOnCm.exe
  C:\Windows\System\PZiOnCm.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\TEpDtdz.exe
  C:\Windows\System\TEpDtdz.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ptBPWdf.exe
  C:\Windows\System\ptBPWdf.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\DaEamiM.exe
  C:\Windows\System\DaEamiM.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\WZIdzlw.exe
  C:\Windows\System\WZIdzlw.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\PmUGkjP.exe
  C:\Windows\System\PmUGkjP.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\cueaDfR.exe
  C:\Windows\System\cueaDfR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\LuHdoIb.exe
  C:\Windows\System\LuHdoIb.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\IswHQtf.exe
  C:\Windows\System\IswHQtf.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\SWkCbBO.exe
  C:\Windows\System\SWkCbBO.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\yXCekcU.exe
  C:\Windows\System\yXCekcU.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\nTOzItI.exe
  C:\Windows\System\nTOzItI.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\oevDKkm.exe
  C:\Windows\System\oevDKkm.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\WIliiSR.exe
  C:\Windows\System\WIliiSR.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\QYJRbGE.exe
  C:\Windows\System\QYJRbGE.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\nprgylc.exe
  C:\Windows\System\nprgylc.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\XsYwKJW.exe
  C:\Windows\System\XsYwKJW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ThcHOXY.exe
  C:\Windows\System\ThcHOXY.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\oBkripv.exe
  C:\Windows\System\oBkripv.exe
  2⤵
  PID:2184
- C:\Windows\System\NVkxDtc.exe
  C:\Windows\System\NVkxDtc.exe
  2⤵
  PID:2420
- C:\Windows\System\LVDbuDz.exe
  C:\Windows\System\LVDbuDz.exe
  2⤵
  PID:2968
- C:\Windows\System\kuOoKjx.exe
  C:\Windows\System\kuOoKjx.exe
  2⤵
  PID:3060
- C:\Windows\System\McsbuBG.exe
  C:\Windows\System\McsbuBG.exe
  2⤵
  PID:2388
- C:\Windows\System\xRILYnh.exe
  C:\Windows\System\xRILYnh.exe
  2⤵
  PID:2256
- C:\Windows\System\JyFbtoA.exe
  C:\Windows\System\JyFbtoA.exe
  2⤵
  PID:2032
- C:\Windows\System\zIzVIVo.exe
  C:\Windows\System\zIzVIVo.exe
  2⤵
  PID:1868
- C:\Windows\System\ebUDJsA.exe
  C:\Windows\System\ebUDJsA.exe
  2⤵
  PID:2288
- C:\Windows\System\iKhFkQa.exe
  C:\Windows\System\iKhFkQa.exe
  2⤵
  PID:2892
- C:\Windows\System\IRWcCMf.exe
  C:\Windows\System\IRWcCMf.exe
  2⤵
  PID:1552
- C:\Windows\System\XlIrAku.exe
  C:\Windows\System\XlIrAku.exe
  2⤵
  PID:1560
- C:\Windows\System\TSqNhyj.exe
  C:\Windows\System\TSqNhyj.exe
  2⤵
  PID:2592
- C:\Windows\System\IkrFgUO.exe
  C:\Windows\System\IkrFgUO.exe
  2⤵
  PID:2116
- C:\Windows\System\FQuOUnQ.exe
  C:\Windows\System\FQuOUnQ.exe
  2⤵
  PID:2712
- C:\Windows\System\LhVlMMi.exe
  C:\Windows\System\LhVlMMi.exe
  2⤵
  PID:2904
- C:\Windows\System\AwVMkGN.exe
  C:\Windows\System\AwVMkGN.exe
  2⤵
  PID:2788
- C:\Windows\System\RKgvrUj.exe
  C:\Windows\System\RKgvrUj.exe
  2⤵
  PID:3064
- C:\Windows\System\aRUxrpb.exe
  C:\Windows\System\aRUxrpb.exe
  2⤵
  PID:1324
- C:\Windows\System\sqKoEvl.exe
  C:\Windows\System\sqKoEvl.exe
  2⤵
  PID:2632
- C:\Windows\System\LKiNpGA.exe
  C:\Windows\System\LKiNpGA.exe
  2⤵
  PID:3016
- C:\Windows\System\FhJtTrV.exe
  C:\Windows\System\FhJtTrV.exe
  2⤵
  PID:2824
- C:\Windows\System\tFDOOfJ.exe
  C:\Windows\System\tFDOOfJ.exe
  2⤵
  PID:2868
- C:\Windows\System\qcJKJbt.exe
  C:\Windows\System\qcJKJbt.exe
  2⤵
  PID:2844
- C:\Windows\System\ARzKaEk.exe
  C:\Windows\System\ARzKaEk.exe
  2⤵
  PID:2400
- C:\Windows\System\guYAfDY.exe
  C:\Windows\System\guYAfDY.exe
  2⤵
  PID:2188
- C:\Windows\System\wzZLrbW.exe
  C:\Windows\System\wzZLrbW.exe
  2⤵
  PID:236
- C:\Windows\System\bgELeWY.exe
  C:\Windows\System\bgELeWY.exe
  2⤵
  PID:1236
- C:\Windows\System\UwQOQLk.exe
  C:\Windows\System\UwQOQLk.exe
  2⤵
  PID:2856
- C:\Windows\System\jdNwHRc.exe
  C:\Windows\System\jdNwHRc.exe
  2⤵
  PID:1920
- C:\Windows\System\kJyLQYA.exe
  C:\Windows\System\kJyLQYA.exe
  2⤵
  PID:2088
- C:\Windows\System\rqtqhyG.exe
  C:\Windows\System\rqtqhyG.exe
  2⤵
  PID:668
- C:\Windows\System\PeOQMgq.exe
  C:\Windows\System\PeOQMgq.exe
  2⤵
  PID:1476
- C:\Windows\System\KwoPcgu.exe
  C:\Windows\System\KwoPcgu.exe
  2⤵
  PID:584
- C:\Windows\System\OSvznYI.exe
  C:\Windows\System\OSvznYI.exe
  2⤵
  PID:2004
- C:\Windows\System\zEaxpUj.exe
  C:\Windows\System\zEaxpUj.exe
  2⤵
  PID:1936
- C:\Windows\System\TBaCthZ.exe
  C:\Windows\System\TBaCthZ.exe
  2⤵
  PID:824
- C:\Windows\System\zbwLVYn.exe
  C:\Windows\System\zbwLVYn.exe
  2⤵
  PID:2260
- C:\Windows\System\JgbtrIj.exe
  C:\Windows\System\JgbtrIj.exe
  2⤵
  PID:2072
- C:\Windows\System\VOqRDvo.exe
  C:\Windows\System\VOqRDvo.exe
  2⤵
  PID:1532
- C:\Windows\System\UfoZXIu.exe
  C:\Windows\System\UfoZXIu.exe
  2⤵
  PID:556
- C:\Windows\System\rutGumu.exe
  C:\Windows\System\rutGumu.exe
  2⤵
  PID:1932
- C:\Windows\System\CxPqRxc.exe
  C:\Windows\System\CxPqRxc.exe
  2⤵
  PID:876
- C:\Windows\System\OtYVBwx.exe
  C:\Windows\System\OtYVBwx.exe
  2⤵
  PID:1032
- C:\Windows\System\vUCQFVH.exe
  C:\Windows\System\vUCQFVH.exe
  2⤵
  PID:1416
- C:\Windows\System\WAXauqZ.exe
  C:\Windows\System\WAXauqZ.exe
  2⤵
  PID:2108
- C:\Windows\System\bqAjwOt.exe
  C:\Windows\System\bqAjwOt.exe
  2⤵
  PID:2368
- C:\Windows\System\tqWfuKY.exe
  C:\Windows\System\tqWfuKY.exe
  2⤵
  PID:892
- C:\Windows\System\WOSvCcB.exe
  C:\Windows\System\WOSvCcB.exe
  2⤵
  PID:2144
- C:\Windows\System\CzaVdBg.exe
  C:\Windows\System\CzaVdBg.exe
  2⤵
  PID:2180
- C:\Windows\System\eXqBuit.exe
  C:\Windows\System\eXqBuit.exe
  2⤵
  PID:1576
- C:\Windows\System\toDIzsV.exe
  C:\Windows\System\toDIzsV.exe
  2⤵
  PID:1504
- C:\Windows\System\sagSpgJ.exe
  C:\Windows\System\sagSpgJ.exe
  2⤵
  PID:1536
- C:\Windows\System\qLQKUMh.exe
  C:\Windows\System\qLQKUMh.exe
  2⤵
  PID:2648
- C:\Windows\System\fsoloqB.exe
  C:\Windows\System\fsoloqB.exe
  2⤵
  PID:3004
- C:\Windows\System\EpOgBny.exe
  C:\Windows\System\EpOgBny.exe
  2⤵
  PID:2612
- C:\Windows\System\eQTscaA.exe
  C:\Windows\System\eQTscaA.exe
  2⤵
  PID:1968
- C:\Windows\System\aPqeCiV.exe
  C:\Windows\System\aPqeCiV.exe
  2⤵
  PID:2988
- C:\Windows\System\nVodzaE.exe
  C:\Windows\System\nVodzaE.exe
  2⤵
  PID:1232
- C:\Windows\System\WbMhEDJ.exe
  C:\Windows\System\WbMhEDJ.exe
  2⤵
  PID:2016
- C:\Windows\System\vOVPNwY.exe
  C:\Windows\System\vOVPNwY.exe
  2⤵
  PID:1608
- C:\Windows\System\EVPGEnA.exe
  C:\Windows\System\EVPGEnA.exe
  2⤵
  PID:3028
- C:\Windows\System\xUoeUGW.exe
  C:\Windows\System\xUoeUGW.exe
  2⤵
  PID:1140
- C:\Windows\System\yKaCZLB.exe
  C:\Windows\System\yKaCZLB.exe
  2⤵
  PID:2216
- C:\Windows\System\mNQhPjt.exe
  C:\Windows\System\mNQhPjt.exe
  2⤵
  PID:1528
- C:\Windows\System\ZiFQjFl.exe
  C:\Windows\System\ZiFQjFl.exe
  2⤵
  PID:396
- C:\Windows\System\mkoyPke.exe
  C:\Windows\System\mkoyPke.exe
  2⤵
  PID:1928
- C:\Windows\System\HfqCYtZ.exe
  C:\Windows\System\HfqCYtZ.exe
  2⤵
  PID:1320
- C:\Windows\System\nuYTMmw.exe
  C:\Windows\System\nuYTMmw.exe
  2⤵
  PID:2168
- C:\Windows\System\FfBCoxG.exe
  C:\Windows\System\FfBCoxG.exe
  2⤵
  PID:2036
- C:\Windows\System\ZDcZyei.exe
  C:\Windows\System\ZDcZyei.exe
  2⤵
  PID:2416
- C:\Windows\System\recxbdr.exe
  C:\Windows\System\recxbdr.exe
  2⤵
  PID:2768
- C:\Windows\System\PxtwORd.exe
  C:\Windows\System\PxtwORd.exe
  2⤵
  PID:2516
- C:\Windows\System\CKKForE.exe
  C:\Windows\System\CKKForE.exe
  2⤵
  PID:2804
- C:\Windows\System\tkfMlUG.exe
  C:\Windows\System\tkfMlUG.exe
  2⤵
  PID:3024
- C:\Windows\System\QOLpDCb.exe
  C:\Windows\System\QOLpDCb.exe
  2⤵
  PID:572
- C:\Windows\System\nfudQmk.exe
  C:\Windows\System\nfudQmk.exe
  2⤵
  PID:1468
- C:\Windows\System\SCkPvGe.exe
  C:\Windows\System\SCkPvGe.exe
  2⤵
  PID:1160
- C:\Windows\System\XEBtjKE.exe
  C:\Windows\System\XEBtjKE.exe
  2⤵
  PID:1592
- C:\Windows\System\aopQikb.exe
  C:\Windows\System\aopQikb.exe
  2⤵
  PID:2328
- C:\Windows\System\vjFnYsc.exe
  C:\Windows\System\vjFnYsc.exe
  2⤵
  PID:1568
- C:\Windows\System\TzrKqLt.exe
  C:\Windows\System\TzrKqLt.exe
  2⤵
  PID:2756
- C:\Windows\System\yjIhVkv.exe
  C:\Windows\System\yjIhVkv.exe
  2⤵
  PID:760
- C:\Windows\System\kymdigJ.exe
  C:\Windows\System\kymdigJ.exe
  2⤵
  PID:2272
- C:\Windows\System\gHTfpqH.exe
  C:\Windows\System\gHTfpqH.exe
  2⤵
  PID:2616
- C:\Windows\System\almopzc.exe
  C:\Windows\System\almopzc.exe
  2⤵
  PID:1388
- C:\Windows\System\jdNlTGu.exe
  C:\Windows\System\jdNlTGu.exe
  2⤵
  PID:2128
- C:\Windows\System\UCIYXar.exe
  C:\Windows\System\UCIYXar.exe
  2⤵
  PID:2640
- C:\Windows\System\LLKhuLw.exe
  C:\Windows\System\LLKhuLw.exe
  2⤵
  PID:2704
- C:\Windows\System\fggtSbG.exe
  C:\Windows\System\fggtSbG.exe
  2⤵
  PID:3080
- C:\Windows\System\MIRDdHA.exe
  C:\Windows\System\MIRDdHA.exe
  2⤵
  PID:3096
- C:\Windows\System\fkeLsJE.exe
  C:\Windows\System\fkeLsJE.exe
  2⤵
  PID:3112
- C:\Windows\System\mylpSJX.exe
  C:\Windows\System\mylpSJX.exe
  2⤵
  PID:3128
- C:\Windows\System\cagMdAP.exe
  C:\Windows\System\cagMdAP.exe
  2⤵
  PID:3144
- C:\Windows\System\DbSUeUi.exe
  C:\Windows\System\DbSUeUi.exe
  2⤵
  PID:3160
- C:\Windows\System\nNrHNUI.exe
  C:\Windows\System\nNrHNUI.exe
  2⤵
  PID:3176
- C:\Windows\System\GauRsdt.exe
  C:\Windows\System\GauRsdt.exe
  2⤵
  PID:3192
- C:\Windows\System\RznfopJ.exe
  C:\Windows\System\RznfopJ.exe
  2⤵
  PID:3208
- C:\Windows\System\TdlXwiV.exe
  C:\Windows\System\TdlXwiV.exe
  2⤵
  PID:3224
- C:\Windows\System\RHnPtto.exe
  C:\Windows\System\RHnPtto.exe
  2⤵
  PID:3240
- C:\Windows\System\XRtYxFr.exe
  C:\Windows\System\XRtYxFr.exe
  2⤵
  PID:3256
- C:\Windows\System\QUlZoiS.exe
  C:\Windows\System\QUlZoiS.exe
  2⤵
  PID:3272
- C:\Windows\System\lCVklOR.exe
  C:\Windows\System\lCVklOR.exe
  2⤵
  PID:3288
- C:\Windows\System\IzZJiHN.exe
  C:\Windows\System\IzZJiHN.exe
  2⤵
  PID:3304
- C:\Windows\System\dtLsMvz.exe
  C:\Windows\System\dtLsMvz.exe
  2⤵
  PID:3320
- C:\Windows\System\YchgYoU.exe
  C:\Windows\System\YchgYoU.exe
  2⤵
  PID:3336
- C:\Windows\System\ctzMOYD.exe
  C:\Windows\System\ctzMOYD.exe
  2⤵
  PID:3352
- C:\Windows\System\byJQFPl.exe
  C:\Windows\System\byJQFPl.exe
  2⤵
  PID:3368
- C:\Windows\System\FVPEAhu.exe
  C:\Windows\System\FVPEAhu.exe
  2⤵
  PID:3384
- C:\Windows\System\AmRhmGc.exe
  C:\Windows\System\AmRhmGc.exe
  2⤵
  PID:3400
- C:\Windows\System\usIeNZq.exe
  C:\Windows\System\usIeNZq.exe
  2⤵
  PID:3416
- C:\Windows\System\xiqcGpp.exe
  C:\Windows\System\xiqcGpp.exe
  2⤵
  PID:3432
- C:\Windows\System\zvzMJma.exe
  C:\Windows\System\zvzMJma.exe
  2⤵
  PID:3448
- C:\Windows\System\HISPjlh.exe
  C:\Windows\System\HISPjlh.exe
  2⤵
  PID:3464
- C:\Windows\System\oVQtslr.exe
  C:\Windows\System\oVQtslr.exe
  2⤵
  PID:3480
- C:\Windows\System\uTnUwAC.exe
  C:\Windows\System\uTnUwAC.exe
  2⤵
  PID:3496
- C:\Windows\System\SGcyQyo.exe
  C:\Windows\System\SGcyQyo.exe
  2⤵
  PID:3512
- C:\Windows\System\ZuqYSDh.exe
  C:\Windows\System\ZuqYSDh.exe
  2⤵
  PID:3528
- C:\Windows\System\eNAWpbx.exe
  C:\Windows\System\eNAWpbx.exe
  2⤵
  PID:3544
- C:\Windows\System\RLKfjeR.exe
  C:\Windows\System\RLKfjeR.exe
  2⤵
  PID:3560
- C:\Windows\System\dGohVPT.exe
  C:\Windows\System\dGohVPT.exe
  2⤵
  PID:3576
- C:\Windows\System\yTdRYdj.exe
  C:\Windows\System\yTdRYdj.exe
  2⤵
  PID:3592
- C:\Windows\System\ozYjfse.exe
  C:\Windows\System\ozYjfse.exe
  2⤵
  PID:3608
- C:\Windows\System\BkItrIE.exe
  C:\Windows\System\BkItrIE.exe
  2⤵
  PID:3624
- C:\Windows\System\JXUmPrN.exe
  C:\Windows\System\JXUmPrN.exe
  2⤵
  PID:3640
- C:\Windows\System\AHUTvMK.exe
  C:\Windows\System\AHUTvMK.exe
  2⤵
  PID:3656
- C:\Windows\System\ywVVBGp.exe
  C:\Windows\System\ywVVBGp.exe
  2⤵
  PID:3704
- C:\Windows\System\wmfoXAP.exe
  C:\Windows\System\wmfoXAP.exe
  2⤵
  PID:3720
- C:\Windows\System\OkgJSbJ.exe
  C:\Windows\System\OkgJSbJ.exe
  2⤵
  PID:3748
- C:\Windows\System\eBtnnme.exe
  C:\Windows\System\eBtnnme.exe
  2⤵
  PID:3764
- C:\Windows\System\iOTdQSe.exe
  C:\Windows\System\iOTdQSe.exe
  2⤵
  PID:3788
- C:\Windows\System\HkDXAJs.exe
  C:\Windows\System\HkDXAJs.exe
  2⤵
  PID:3804
- C:\Windows\System\cLLvOVz.exe
  C:\Windows\System\cLLvOVz.exe
  2⤵
  PID:3844
- C:\Windows\System\LiBcGnC.exe
  C:\Windows\System\LiBcGnC.exe
  2⤵
  PID:3928
- C:\Windows\System\FBhpFWf.exe
  C:\Windows\System\FBhpFWf.exe
  2⤵
  PID:3944
- C:\Windows\System\IOkUZlj.exe
  C:\Windows\System\IOkUZlj.exe
  2⤵
  PID:3960
- C:\Windows\System\cErkxeR.exe
  C:\Windows\System\cErkxeR.exe
  2⤵
  PID:3976
- C:\Windows\System\AaCuDML.exe
  C:\Windows\System\AaCuDML.exe
  2⤵
  PID:3992
- C:\Windows\System\LOvgHVp.exe
  C:\Windows\System\LOvgHVp.exe
  2⤵
  PID:4008
- C:\Windows\System\VUzGACn.exe
  C:\Windows\System\VUzGACn.exe
  2⤵
  PID:4024
- C:\Windows\System\xndJayp.exe
  C:\Windows\System\xndJayp.exe
  2⤵
  PID:4040
- C:\Windows\System\nldokbg.exe
  C:\Windows\System\nldokbg.exe
  2⤵
  PID:4056
- C:\Windows\System\oNEXnlr.exe
  C:\Windows\System\oNEXnlr.exe
  2⤵
  PID:4076
- C:\Windows\System\CScSYCc.exe
  C:\Windows\System\CScSYCc.exe
  2⤵
  PID:4092
- C:\Windows\System\OXbThyu.exe
  C:\Windows\System\OXbThyu.exe
  2⤵
  PID:2772
- C:\Windows\System\TLVgkQo.exe
  C:\Windows\System\TLVgkQo.exe
  2⤵
  PID:3168
- C:\Windows\System\vxXWCXz.exe
  C:\Windows\System\vxXWCXz.exe
  2⤵
  PID:3216
- C:\Windows\System\XIugifj.exe
  C:\Windows\System\XIugifj.exe
  2⤵
  PID:3248
- C:\Windows\System\ucmVFyo.exe
  C:\Windows\System\ucmVFyo.exe
  2⤵
  PID:3280
- C:\Windows\System\nycOehK.exe
  C:\Windows\System\nycOehK.exe
  2⤵
  PID:3268
- C:\Windows\System\WrvXZpe.exe
  C:\Windows\System\WrvXZpe.exe
  2⤵
  PID:3344
- C:\Windows\System\zDtrgJp.exe
  C:\Windows\System\zDtrgJp.exe
  2⤵
  PID:3332
- C:\Windows\System\fxObIqb.exe
  C:\Windows\System\fxObIqb.exe
  2⤵
  PID:3376
- C:\Windows\System\odSZGIo.exe
  C:\Windows\System\odSZGIo.exe
  2⤵
  PID:2672
- C:\Windows\System\mAAHoNK.exe
  C:\Windows\System\mAAHoNK.exe
  2⤵
  PID:2848
- C:\Windows\System\yVcIpEz.exe
  C:\Windows\System\yVcIpEz.exe
  2⤵
  PID:3428
- C:\Windows\System\eCSQIVb.exe
  C:\Windows\System\eCSQIVb.exe
  2⤵
  PID:3472
- C:\Windows\System\dsPVhrA.exe
  C:\Windows\System\dsPVhrA.exe
  2⤵
  PID:3504
- C:\Windows\System\STvmJvy.exe
  C:\Windows\System\STvmJvy.exe
  2⤵
  PID:3536
- C:\Windows\System\dHinBIv.exe
  C:\Windows\System\dHinBIv.exe
  2⤵
  PID:3524
- C:\Windows\System\UrGEpZy.exe
  C:\Windows\System\UrGEpZy.exe
  2⤵
  PID:3600
- C:\Windows\System\pSwCHLw.exe
  C:\Windows\System\pSwCHLw.exe
  2⤵
  PID:3632
- C:\Windows\System\vTdKJlI.exe
  C:\Windows\System\vTdKJlI.exe
  2⤵
  PID:3664
- C:\Windows\System\GzoTEid.exe
  C:\Windows\System\GzoTEid.exe
  2⤵
  PID:3680
- C:\Windows\System\JUQKhyj.exe
  C:\Windows\System\JUQKhyj.exe
  2⤵
  PID:2556
- C:\Windows\System\sVmuVYv.exe
  C:\Windows\System\sVmuVYv.exe
  2⤵
  PID:3692
- C:\Windows\System\YELtVUu.exe
  C:\Windows\System\YELtVUu.exe
  2⤵
  PID:3728
- C:\Windows\System\vPOMQoQ.exe
  C:\Windows\System\vPOMQoQ.exe
  2⤵
  PID:3740
- C:\Windows\System\RBXNYiq.exe
  C:\Windows\System\RBXNYiq.exe
  2⤵
  PID:3780
- C:\Windows\System\WgYHqUQ.exe
  C:\Windows\System\WgYHqUQ.exe
  2⤵
  PID:3648
- C:\Windows\System\DxPiWXz.exe
  C:\Windows\System\DxPiWXz.exe
  2⤵
  PID:3756
- C:\Windows\System\nxQlHJg.exe
  C:\Windows\System\nxQlHJg.exe
  2⤵
  PID:3820
- C:\Windows\System\CYzcbCm.exe
  C:\Windows\System\CYzcbCm.exe
  2⤵
  PID:3836
- C:\Windows\System\puVHMUS.exe
  C:\Windows\System\puVHMUS.exe
  2⤵
  PID:2820
- C:\Windows\System\BMHLhXK.exe
  C:\Windows\System\BMHLhXK.exe
  2⤵
  PID:1860
- C:\Windows\System\yqMUWlC.exe
  C:\Windows\System\yqMUWlC.exe
  2⤵
  PID:3856
- C:\Windows\System\syocYDZ.exe
  C:\Windows\System\syocYDZ.exe
  2⤵
  PID:3868
- C:\Windows\System\ybOxhjz.exe
  C:\Windows\System\ybOxhjz.exe
  2⤵
  PID:1988
- C:\Windows\System\kKQGtNC.exe
  C:\Windows\System\kKQGtNC.exe
  2⤵
  PID:3884
- C:\Windows\System\XEnuDMK.exe
  C:\Windows\System\XEnuDMK.exe
  2⤵
  PID:3896
- C:\Windows\System\JgzGRml.exe
  C:\Windows\System\JgzGRml.exe
  2⤵
  PID:3916
- C:\Windows\System\AywNNpE.exe
  C:\Windows\System\AywNNpE.exe
  2⤵
  PID:3936
- C:\Windows\System\QPowAnJ.exe
  C:\Windows\System\QPowAnJ.exe
  2⤵
  PID:3968
- C:\Windows\System\vLZCAnO.exe
  C:\Windows\System\vLZCAnO.exe
  2⤵
  PID:3988
- C:\Windows\System\QAWwbfV.exe
  C:\Windows\System\QAWwbfV.exe
  2⤵
  PID:4032
- C:\Windows\System\XZjzNcF.exe
  C:\Windows\System\XZjzNcF.exe
  2⤵
  PID:4072
- C:\Windows\System\GNyFPUV.exe
  C:\Windows\System\GNyFPUV.exe
  2⤵
  PID:1696
- C:\Windows\System\duIAsEW.exe
  C:\Windows\System\duIAsEW.exe
  2⤵
  PID:4052
- C:\Windows\System\PPaZQnH.exe
  C:\Windows\System\PPaZQnH.exe
  2⤵
  PID:4048
- C:\Windows\System\JVuyMFK.exe
  C:\Windows\System\JVuyMFK.exe
  2⤵
  PID:2092
- C:\Windows\System\fmlDfxT.exe
  C:\Windows\System\fmlDfxT.exe
  2⤵
  PID:1692
- C:\Windows\System\SWSndmq.exe
  C:\Windows\System\SWSndmq.exe
  2⤵
  PID:3092
- C:\Windows\System\jnZPmfo.exe
  C:\Windows\System\jnZPmfo.exe
  2⤵
  PID:3124
- C:\Windows\System\tDUXmFf.exe
  C:\Windows\System\tDUXmFf.exe
  2⤵
  PID:2148
- C:\Windows\System\BMApMZv.exe
  C:\Windows\System\BMApMZv.exe
  2⤵
  PID:272
- C:\Windows\System\SjBupZW.exe
  C:\Windows\System\SjBupZW.exe
  2⤵
  PID:3200
- C:\Windows\System\XcgrAUb.exe
  C:\Windows\System\XcgrAUb.exe
  2⤵
  PID:3184
- C:\Windows\System\iOnjRkd.exe
  C:\Windows\System\iOnjRkd.exe
  2⤵
  PID:2404
- C:\Windows\System\wMtvlOb.exe
  C:\Windows\System\wMtvlOb.exe
  2⤵
  PID:3360
- C:\Windows\System\eOzATXr.exe
  C:\Windows\System\eOzATXr.exe
  2⤵
  PID:1676
- C:\Windows\System\EoVCBqg.exe
  C:\Windows\System\EoVCBqg.exe
  2⤵
  PID:3392
- C:\Windows\System\joUvjyG.exe
  C:\Windows\System\joUvjyG.exe
  2⤵
  PID:2684
- C:\Windows\System\LLCEZLt.exe
  C:\Windows\System\LLCEZLt.exe
  2⤵
  PID:3584
- C:\Windows\System\VHfETeq.exe
  C:\Windows\System\VHfETeq.exe
  2⤵
  PID:3700
- C:\Windows\System\MWvtton.exe
  C:\Windows\System\MWvtton.exe
  2⤵
  PID:3776
- C:\Windows\System\AheuODV.exe
  C:\Windows\System\AheuODV.exe
  2⤵
  PID:3460
- C:\Windows\System\VXdbWzI.exe
  C:\Windows\System\VXdbWzI.exe
  2⤵
  PID:3620
- C:\Windows\System\EXiBeEG.exe
  C:\Windows\System\EXiBeEG.exe
  2⤵
  PID:2568
- C:\Windows\System\EFRuXez.exe
  C:\Windows\System\EFRuXez.exe
  2⤵
  PID:3712
- C:\Windows\System\pylDiuE.exe
  C:\Windows\System\pylDiuE.exe
  2⤵
  PID:3828
- C:\Windows\System\tpAaEkA.exe
  C:\Windows\System\tpAaEkA.exe
  2⤵
  PID:2564
- C:\Windows\System\aPHtPKo.exe
  C:\Windows\System\aPHtPKo.exe
  2⤵
  PID:3860
- C:\Windows\System\ztkTBcA.exe
  C:\Windows\System\ztkTBcA.exe
  2⤵
  PID:1904
- C:\Windows\System\vMGCTTK.exe
  C:\Windows\System\vMGCTTK.exe
  2⤵
  PID:3904
- C:\Windows\System\wRSmVyN.exe
  C:\Windows\System\wRSmVyN.exe
  2⤵
  PID:3952
- C:\Windows\System\kgimVao.exe
  C:\Windows\System\kgimVao.exe
  2⤵
  PID:2320
- C:\Windows\System\CIGXXsM.exe
  C:\Windows\System\CIGXXsM.exe
  2⤵
  PID:888
- C:\Windows\System\TVjGdqa.exe
  C:\Windows\System\TVjGdqa.exe
  2⤵
  PID:308
- C:\Windows\System\BLZXKHF.exe
  C:\Windows\System\BLZXKHF.exe
  2⤵
  PID:2888
- C:\Windows\System\hMCAXxk.exe
  C:\Windows\System\hMCAXxk.exe
  2⤵
  PID:2716
- C:\Windows\System\MqJjNKz.exe
  C:\Windows\System\MqJjNKz.exe
  2⤵
  PID:3136
- C:\Windows\System\FXbdXRs.exe
  C:\Windows\System\FXbdXRs.exe
  2⤵
  PID:3232
- C:\Windows\System\pDMfCuV.exe
  C:\Windows\System\pDMfCuV.exe
  2⤵
  PID:2492
- C:\Windows\System\cYoAtZq.exe
  C:\Windows\System\cYoAtZq.exe
  2⤵
  PID:3508
- C:\Windows\System\yAHxsNz.exe
  C:\Windows\System\yAHxsNz.exe
  2⤵
  PID:3348
- C:\Windows\System\zUouWGY.exe
  C:\Windows\System\zUouWGY.exe
  2⤵
  PID:2960
- C:\Windows\System\klUxxAz.exe
  C:\Windows\System\klUxxAz.exe
  2⤵
  PID:2528
- C:\Windows\System\OMWIoxP.exe
  C:\Windows\System\OMWIoxP.exe
  2⤵
  PID:1060
- C:\Windows\System\dekBAcb.exe
  C:\Windows\System\dekBAcb.exe
  2⤵
  PID:3800
- C:\Windows\System\xsgUnIL.exe
  C:\Windows\System\xsgUnIL.exe
  2⤵
  PID:1556
- C:\Windows\System\zczoKeF.exe
  C:\Windows\System\zczoKeF.exe
  2⤵
  PID:3972
- C:\Windows\System\VyaYiuy.exe
  C:\Windows\System\VyaYiuy.exe
  2⤵
  PID:3924
- C:\Windows\System\tFkAtPz.exe
  C:\Windows\System\tFkAtPz.exe
  2⤵
  PID:2996
- C:\Windows\System\igeqrkn.exe
  C:\Windows\System\igeqrkn.exe
  2⤵
  PID:1764
- C:\Windows\System\DEVQycf.exe
  C:\Windows\System\DEVQycf.exe
  2⤵
  PID:3152
- C:\Windows\System\LFKNOOu.exe
  C:\Windows\System\LFKNOOu.exe
  2⤵
  PID:2176
- C:\Windows\System\MzqIVwG.exe
  C:\Windows\System\MzqIVwG.exe
  2⤵
  PID:3880
- C:\Windows\System\SWFqjWW.exe
  C:\Windows\System\SWFqjWW.exe
  2⤵
  PID:3424
- C:\Windows\System\LVcSeox.exe
  C:\Windows\System\LVcSeox.exe
  2⤵
  PID:3572
- C:\Windows\System\ZtNVpiE.exe
  C:\Windows\System\ZtNVpiE.exe
  2⤵
  PID:3204
- C:\Windows\System\gWfVmnv.exe
  C:\Windows\System\gWfVmnv.exe
  2⤵
  PID:3772
- C:\Windows\System\SeLgLtx.exe
  C:\Windows\System\SeLgLtx.exe
  2⤵
  PID:3832
- C:\Windows\System\eCHCCLB.exe
  C:\Windows\System\eCHCCLB.exe
  2⤵
  PID:2736
- C:\Windows\System\cxcOHCR.exe
  C:\Windows\System\cxcOHCR.exe
  2⤵
  PID:3108
- C:\Windows\System\yuknXeu.exe
  C:\Windows\System\yuknXeu.exe
  2⤵
  PID:2776
- C:\Windows\System\GWfwWvO.exe
  C:\Windows\System\GWfwWvO.exe
  2⤵
  PID:3380
- C:\Windows\System\WiKRYan.exe
  C:\Windows\System\WiKRYan.exe
  2⤵
  PID:4112
- C:\Windows\System\brDdIMH.exe
  C:\Windows\System\brDdIMH.exe
  2⤵
  PID:4128
- C:\Windows\System\PkRwkrS.exe
  C:\Windows\System\PkRwkrS.exe
  2⤵
  PID:4144
- C:\Windows\System\abTaiJA.exe
  C:\Windows\System\abTaiJA.exe
  2⤵
  PID:4160
- C:\Windows\System\uFPjDVA.exe
  C:\Windows\System\uFPjDVA.exe
  2⤵
  PID:4176
- C:\Windows\System\UYlVrbT.exe
  C:\Windows\System\UYlVrbT.exe
  2⤵
  PID:4192
- C:\Windows\System\IDLsZUl.exe
  C:\Windows\System\IDLsZUl.exe
  2⤵
  PID:4208
- C:\Windows\System\lBsXPsV.exe
  C:\Windows\System\lBsXPsV.exe
  2⤵
  PID:4224
- C:\Windows\System\olfyGbU.exe
  C:\Windows\System\olfyGbU.exe
  2⤵
  PID:4240
- C:\Windows\System\eArKGxi.exe
  C:\Windows\System\eArKGxi.exe
  2⤵
  PID:4256
- C:\Windows\System\DDiXoqe.exe
  C:\Windows\System\DDiXoqe.exe
  2⤵
  PID:4272
- C:\Windows\System\WktCABG.exe
  C:\Windows\System\WktCABG.exe
  2⤵
  PID:4288
- C:\Windows\System\BhNgUiI.exe
  C:\Windows\System\BhNgUiI.exe
  2⤵
  PID:4304
- C:\Windows\System\sWjfMVW.exe
  C:\Windows\System\sWjfMVW.exe
  2⤵
  PID:4320
- C:\Windows\System\fDYAJRX.exe
  C:\Windows\System\fDYAJRX.exe
  2⤵
  PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXUTMIV.exe

Filesize
2.0MB

MD5
6a9974fdfcb17818ceb9c76f5fec9054

SHA1
492fd2bf37b77fa43086c8bf2344987915b89a45

SHA256
3b858fc7832ed97b93a9d675e8abd72f9ed27a180bda9feb18b51638204827ec

SHA512
307c5b09ed335c2a0dd62f14d1dc5b8671cfd273e8fe089ad24f7f6fb9e6ce0639a29de688a62831307c92d3664f60ed27720f78726e4e6075f3c012baef603a

Download Submit
C:\Windows\system\AYbFcht.exe

Filesize
2.0MB

MD5
5bc9f5109ce5ffe44bc864c2907fb823

SHA1
24629aeaddf9014855b0178694e5d93a25148586

SHA256
f6972674465e2dd2bc19f02ea64cc66ee81c3dd557869b2181cdb8acc6c35b7d

SHA512
16b4ca8d9cfe9663b5139f963fedcffe0c5b5a0039ad2bd33e9e0c5aa634e8e6e5292a9f143648c3fefdd6adc879e0b49659fae4686c4fd7b8da3fba81c2ae98

Download Submit
C:\Windows\system\BVbxXdd.exe

Filesize
2.0MB

MD5
92e57f5b7001c4ad5995f5dfff154b74

SHA1
3b8a6dc60724b2c097e692d61b49316e8839f817

SHA256
82c9c6bcc67049ce44f08e81240d8a33416962ebdfcd7733d0a0c08e59770e8f

SHA512
7e4c35ab1d9785ba4b9e02c3cc3326ad960718cc85fb60eb6ecb31f4ec74092b026f5aaa68bbcb636f0f718726c15c75e729ac30d34f91c9e05acb7813c861a5

Download Submit
C:\Windows\system\EeClYYI.exe

Filesize
2.0MB

MD5
a0e905b2d428d4efc11a750814a4ba35

SHA1
5b177608433f52ed5f93977d951c7ac84a6fef79

SHA256
cb0bfc525611bd96dbd2243ed3ef8f6317f7959ea6e005e4f0106df2c5838652

SHA512
abd7dc193e11667dfe2216ba3dcec5e6ac665220a38b877de71ceedf687f2afc580138b5e353942770538293f50af313f0b613d75324c3f5fdf141b21958e97b

Download Submit
C:\Windows\system\FdAkTeY.exe

Filesize
2.0MB

MD5
190f3f5d660a3afc74c12e50ebb3b08c

SHA1
4372690c965a5b41f80b5aa2998d69afb7355554

SHA256
66131db2549fd1eba9a11124c137da13611ef7ed5c50bfab93cd12ce492033d3

SHA512
9add18d7caa71fceff6aef1fe594fe1f7cba0a8b5cfe21d2549d6bd8a110c82d6571dbb584303abc128aa1331ab65e747c0358a0882286be74437e1203189f75

Download Submit
C:\Windows\system\GRDzlJG.exe

Filesize
2.0MB

MD5
f3641e3af27722aea9ed64ee2a058a8e

SHA1
f2c7c0ff1c161a8541a75ed59bbe19e69b413c2f

SHA256
50a78e619f82a227694bf19af3f63e0d9f7c01e7cb4872c23a2c7c3a17d885d4

SHA512
969a3abdda2b47606f1951c200789fa38588c783bb83c774f7ce96edfd4e3428b2450457e2ed79d8c54def2523d1350abdcc8be1f1bcc33f6299e28ecb52583a

Download Submit
C:\Windows\system\HhIUGzi.exe

Filesize
2.0MB

MD5
ded761563988c024ea1881220730e927

SHA1
618e6f77bd80fe9a98e09411eda4f6f93bc43562

SHA256
917c377ac2d7a642c426ae078d2fc58e54667b3462e3eb33581c7c8bcd85c9a3

SHA512
41f490fcddbf757771b51d8eee39b2c2b754c340f6eb1303649150efb4baecc7d3f2ebcdd096b9c5a15791430c424db8af125a76b6e73193a4d24fe7526f8d7a

Download Submit
C:\Windows\system\HtQSESv.exe

Filesize
2.0MB

MD5
fcafab5bf4b55608a0331c6fea86acae

SHA1
ac027aeb4fd4f6463283a9747dbbbd107dda812d

SHA256
48be78704b8d3bd204fdf835c1fc77c497e8d67e7edd1444ab4258d11172ee23

SHA512
25d078e9c0019a75d2442aab16433c9738141d593f6a290f8b13459378ce8e4976610d1bd798b3673bc1eb135fb417eb4ed9933fac3a227d984dc51032f3229a

Download Submit
C:\Windows\system\LFsZLrv.exe

Filesize
2.0MB

MD5
aafdfbaa28d7972e85da1515c8b439e3

SHA1
95bb6ca20b58c41b3800136a96cfbc7a397eba9a

SHA256
bb0d4963ed3fa6065301a70f6ff13d237efbf05c562e0db7969e15a11636cab6

SHA512
8f58e08287a2cf80acc2ad1f03f0111286b814bb4f9c837ba937a8cb3261d89ea70de74412b9cbfb23c3ba4555cde888de8744a782705dcb4ef1f7a379502b99

Download Submit
C:\Windows\system\OhivTRc.exe

Filesize
2.0MB

MD5
ba1f610fe15583dcf7df384ae29ff7d9

SHA1
0c36e7c297bf4fbc755e875e102f1391f097cc1d

SHA256
db3667ad4fcebba3a323dea4c6191671382a3843867c13c553738858bd6f9c9e

SHA512
0ea46e2f1d74b054a84e31e48e680127bfd09ef9c3fbf5acf63fee7c5bc9bcffb4e0caf58f155095316cdf17eccd0d9a99787565b4614b9c1020da51455bcdf9

Download Submit
C:\Windows\system\QRzIUdM.exe

Filesize
2.0MB

MD5
a76315c5c223991e5255a77b92b60ea1

SHA1
352f6ff90027756642ff49b90d18ca439e0b7f13

SHA256
8762de5d2eca1d28d7a5069e8c95d3f9467b27f7d56e8b172a189b2e1d5a201f

SHA512
61191c969bba4523106a26509c0619f17d2f618984c74ee97c6b867dbc4d1efd41e22e6b8fe5638edff29ea2579ec84965034b191607fc424bd9905fa53227c2

Download Submit
C:\Windows\system\QjKnusX.exe

Filesize
2.0MB

MD5
c4d3f2f0d7fb3edcb872fe672c3eebfb

SHA1
084363974fa4bf56f4ac9463aef13ebe57b04727

SHA256
10c4fba6da3426c054ebde540ffaf05ea24d3bf05b10937b492b80ab1c60bc12

SHA512
d325ac26e086443cc06bd93d5ffa910e59c4b1620dfa520b1a52cd2526d88a048b084836e0b120b6615de8f19dfab426b0cece8a200320e74f67e7a673ad6a00

Download Submit
C:\Windows\system\RasrWta.exe

Filesize
2.0MB

MD5
79849487d6e5f6c963a5d613d886a5b9

SHA1
8c318608553ad85af8d6cf307a1ad929a6372b56

SHA256
d3c4f8f31a0aee89e0d5e537eb730dfd5a6d6b9928db9366cb1b25e0ca833b44

SHA512
e6917255f08a184b662ab56e39b84fc937039f17d88febf82357b45446e671af65e999222ac5303051bf6e7bf1785d4a874a9b321e03d4cb53eaa017a925396b

Download Submit
C:\Windows\system\SUROZTS.exe

Filesize
2.0MB

MD5
491ef218fae876154b013bd5d06f78f7

SHA1
ee1e813a8df5695ee3fa562f6fa55981fb370d10

SHA256
06be76aecd540e102fec3d4a9e45f2b4290acb48df81384f79db89c26afea451

SHA512
fe29a1247e74ea68d34f00764ec7afe0fa6e643a68c4b617ba8bc3b48e8f0d1ee4a0c949ab2066787732c21cf8e4c70b59dd69fcd97cc3829e0021622cc926f8

Download Submit
C:\Windows\system\SikWdjh.exe

Filesize
2.0MB

MD5
d851665c8d014f580425c6b248e16868

SHA1
9204dfa0fb9b2b2ed867ac90686b55e169ee3e24

SHA256
f2bbf22d457144a8ae387803ed2f1b4bdef8cd178bb81f070ec37f1d9bd19c94

SHA512
d92d8b6ae82afd95c3829d313488b2c044e52cf1734cef96df04f05486c07f3f350f5a0b1dec351675b93bf4c5c2b813a5f2af861a52df116f7ff447b17fbf72

Download Submit
C:\Windows\system\ViKrSus.exe

Filesize
2.0MB

MD5
7197733736bc299827e84bfce4440862

SHA1
379ba4f755679c1cfa6383b0d8036769fee2b450

SHA256
3aeee525f8ac8ad55a239f682ea9431232db437f006f91e484c0f1e18b384385

SHA512
2f5131d892123998da54f04e1fcf1d6b86322e74db651ba3be898af0cf5ba00d8a1009ba52d6e66a4c780d525d3603dbf7ab529e34a6d923b5b1ae825fef4369

Download Submit
C:\Windows\system\WxDqOQM.exe

Filesize
2.0MB

MD5
12578fb4f708779e59dcee52d3e1799f

SHA1
23f895fbb9c62d02e2a87e3d2c86d190fde64b5d

SHA256
4c189a741235b50850162cb89e8a4f29fab4be82468b111ab1e16bc2fa73d90b

SHA512
371317a8209c5d3769a88072036ecac43fe2ce0037854037638ae3e21fac988debe473dcaf118134c5da0adc8a2ddf8a01960e816162149661c8f114602314e1

Download Submit
C:\Windows\system\YcDJpnZ.exe

Filesize
2.0MB

MD5
463ceacb56cd90245e305f8cfe4182f1

SHA1
b541c448acb911c5980662cba65243a959283837

SHA256
476c142f2f8532e4e688ccdf7931bad2e9b864f711fbddd623b21458ef3ab46f

SHA512
ce08403b0420fb6cd7bda0ebd6c3796ea1788f0a779bec88fa6d72e750546a406a5cf6391390d82eed043cf05ab3523511bf18daae8c6955a15d62e165caf44f

Download Submit
C:\Windows\system\YyHNDCj.exe

Filesize
2.0MB

MD5
243e720dbfb21bbd3601aefd4cbe7c6f

SHA1
39fff7945c85b83dfc8819223f0f464f57380332

SHA256
1e18412952b10e407b7c7459b3c480e957cb061568199dcf0b2c71714de30d77

SHA512
2d612a45160dc7c8b298388f27547102975a73394ebd02d4e5a3759ff8c7e09e8aa9b40947ed6047634862bc6a01ab237641b118c216609268101d4f4f67db86

Download Submit
C:\Windows\system\aBVHiSD.exe

Filesize
2.0MB

MD5
aed1e2aba6333d65b3674ed141c74fc4

SHA1
69ec7953f25b3c22cc36eea727cc0da6d3c777b1

SHA256
afa1f1fa9b3375e2f2c77ff82bb06387a01de2cb8ecf9f8c1e710991f3d45764

SHA512
600d0b879c5bc51fabcef2c10e8a97188732b53abe7b05269451b5156ff592b11f94f9bdb3a02d03a0771febb2e724f9b59081ff69ac87ff08673ec0a239b30d

Download Submit
C:\Windows\system\dUFsYbs.exe

Filesize
2.0MB

MD5
51234fffaa14336fd2c2310523d068e4

SHA1
29e34b661e3c1fd472ced1285ce4331b50ec8abb

SHA256
ba52c9a2cae348dded402ca458adeb41c8c2b31e310241317d554bb77644167f

SHA512
cc8619069aca70cb244ce19532eb9f1f0e55ae25088456baedfaf543133112de50b74f8a095661288d4f6ff48166cc2d17322ba014c8b53dd38a32be90ba19e3

Download Submit
C:\Windows\system\gyEjeHl.exe

Filesize
2.0MB

MD5
4c24c334d8f468eaafde8714795e42ba

SHA1
775173055d70259efad0bd4db0a728fe0b11ee50

SHA256
999db8363e77bcdce0d781bca7fc850a901c45837c3f6335e1bdd5119962f801

SHA512
3e1b8c77278ca038cb0fd2fe178efdd81c4a2675fc55a033d95e75b1fb49186f1f7cf67273812192e19a243890c97b2cfd86c00bebb4b7d126fa09bc7cc52cf4

Download Submit
C:\Windows\system\jyYXKFO.exe

Filesize
2.0MB

MD5
699418dc3dbfa4f6ab3f49999c739649

SHA1
97616b3ef6a4970d776ea001f3772f123a09bb92

SHA256
6583c4ce96e25f83f04e15dd77cf7a845b380d3f1747acd7325478886bb9cdae

SHA512
73bf5ce70da903605ec220435a10b5f1e62d7806cf9cb6d82bf97dcd9c033deb36eedd3ada1dbc2d5a6ebc1e72781a1d7d3e2c1f3e26bec839f52bc00bcbb9a4

Download Submit
C:\Windows\system\lknhStY.exe

Filesize
2.0MB

MD5
3b6b58fd63c6043563e773656223eb88

SHA1
e587135f7bb156d246970a456bb28d1c6b774435

SHA256
30f1f277dac680f4e3d165663770c4b323a384079d67884edd92f598e6594886

SHA512
87615afef23704cdab369fd0e5872455df0f99f53f55a9300e5b51ed1721b3467d0be30d8b88b2d775b1f085e7b04d6f7829071f029cc3dc849a35607635d8e2

Download Submit
C:\Windows\system\pcYqpcD.exe

Filesize
2.0MB

MD5
3358fa31f0c1782d8505dd6e0927532d

SHA1
a0e748b533865982e85661278c2e93f11f2325ef

SHA256
31341800c4d6fec97075826516634aa36e1c000bf9aded6ee56ce0f2b591a6fa

SHA512
6e802e28c266bb42dfda4ae97748e339aff1657c8af648df962820ff7ac709cc67d530981412409d4d2ca5f087ea21ce7bfbf36b40d3c0a26ab6e809ede10bb7

Download Submit
C:\Windows\system\wSHKkcJ.exe

Filesize
2.0MB

MD5
825bd4ced8684ee651028ba424c6405f

SHA1
92ea1eed6f4206845fe742155ccdd445feeb27d3

SHA256
e604d1eca29fdee53911edbdc760a314acf8136e26e3b199682f17c9afe90ec0

SHA512
1a48964099ae410c176b731fa8bd830572c5f22cf798af6cab7c5071aad4178893318c9615066456a56caef15121ec314da7d9b7161b9257f588544fdec98b89

Download Submit
C:\Windows\system\xGaJAHi.exe

Filesize
2.0MB

MD5
4a7a86e456164484272a723a310299d3

SHA1
82067acb08276252d4694aca5d052c20632f7a7b

SHA256
86f050a8e78be6612e4118d17f8292d9565cde4d0e368b8211d9915b703bb085

SHA512
441009154351d8932a8ff0675533509a7bd1e1412b1acbd43f63168514485d83689556ac28466179821f04f550c31f1587cd750932e579161dfae8becc88c384

Download Submit
C:\Windows\system\ydHLzgF.exe

Filesize
2.0MB

MD5
737d7b3e63737b1176d8a95bdb8f32be

SHA1
f0aaa6180f68b2b818be60fdacfc040fc645e06f

SHA256
7c2f70e84e1fd2baab5d5d8873f0601b42a06fcb3f912af875f439a392a31a45

SHA512
ca1f1214eeb6ed1a7986f5f305e2386fe0640d6c7f76a8c5099a2968fa60943df3b70fe499fcea3d151a842871045309ce97a0bc0156dc20e06c4ea9c6bd13e7

Download Submit
C:\Windows\system\ypsDXVx.exe

Filesize
2.0MB

MD5
46e4755df4ebcad8c56d6e3b6b140e4d

SHA1
febc999b606587ee0ed9f3d4c4b8b1059b807073

SHA256
3e4a37b534c37f2f00f1730c7bc040a2a5e1b76f28dd7a26c752d0047bfa913e

SHA512
be34e3934de0abb6a07955e2ad55b5af7a6dfa9553b0c461098f10e4bd6c1480eda13ac95b52121f061627b5f38494c0bbde12285e038363ae2fa928e149695e

Download Submit
C:\Windows\system\zjToaof.exe

Filesize
2.0MB

MD5
13bc80cce01710d41bc7c58e41b5ad3f

SHA1
6480cb7ccee9328bbaa28c431cbf3ca7618b1a0f

SHA256
57f24074a95287daf155215ac43d48da71fed988bd7e499169766e10b6cf8c9b

SHA512
9eaa2c13cc450f574295325135bf83d9de4522397c88436eccd0ea70c21b67a8c20c8f69cadf7831a1df221a6119fd17391bbe358121ca33d37fa3c158983afc

Download Submit
\Windows\system\XBxPniQ.exe

Filesize
2.0MB

MD5
a44045034ee4e68cb852a29edd6c76a7

SHA1
c98a1311f53d1e133b6e9218efa5fdd100eb07c4

SHA256
a2d7e2bddcf195e2b4e10651d58c3068c545b4ce7bba65be6546aa1cbb2b6d27

SHA512
34330f8ff0183a88026c6554ede6e518dddff4956e84d146e3d2e22c200e84fca32e0657c941303418d63197e06260efde4535106d4f84c96f300c198dc8f448

Download Submit
\Windows\system\rJxGDpY.exe

Filesize
2.0MB

MD5
f5d8a880f06296b75f5719ba34899ff7

SHA1
ed6cc1c4fce83f996ea18a646922a413a74eb8ee

SHA256
c05408e6a7e93775de093a5083e8c45af41187f4db75e3d0b5d146d40b27b758

SHA512
33eef36f0ebf939ef658b4b8c9baf6bf281c8d5fb7abfc9ef5c5beb57863fe75e3473475de08daf352d9f7da10a6739dc1596b11fb1804a3411715a341b458a7

Download Submit
memory/1848-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download