kpot | a1400c5b53063ce3b01e695b350599e0713a15653c83eff6b525420e763ae649

Analysis

max time kernel
137s
max time network
148s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
Size

2.1MB
MD5

49681094f32fcfd8da865f1cb4f4eb90
SHA1

99acbd38451f7f8c44804107c3ee12ed50fd5bdf
SHA256

a1400c5b53063ce3b01e695b350599e0713a15653c83eff6b525420e763ae649
SHA512

0a20cc28fe8f115cd466131de4c14356dae255688fcce087d6a8d8826cf0d8790fcc1f704857f0267b28ed2ddd058a20b92e53ba367e3e79e772d5febd5b356b
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc20:GemTLkNdfE0pZaQ8

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000f000000012324-2.dat	family_kpot
behavioral1/files/0x000a000000013425-6.dat	family_kpot
behavioral1/files/0x0008000000013a44-8.dat	family_kpot
behavioral1/files/0x0008000000013a89-17.dat	family_kpot
behavioral1/files/0x0009000000014179-21.dat	family_kpot
behavioral1/files/0x000900000001419c-29.dat	family_kpot
behavioral1/files/0x0007000000014219-31.dat	family_kpot
behavioral1/files/0x0007000000014288-39.dat	family_kpot
behavioral1/files/0x00070000000142a1-44.dat	family_kpot
behavioral1/files/0x0006000000014321-50.dat	family_kpot
behavioral1/files/0x00060000000143c3-57.dat	family_kpot
behavioral1/files/0x00060000000144a4-67.dat	family_kpot
behavioral1/files/0x00060000000144f3-79.dat	family_kpot
behavioral1/files/0x00060000000146d4-97.dat	family_kpot
behavioral1/files/0x00060000000149e8-119.dat	family_kpot
behavioral1/files/0x0006000000014f46-132.dat	family_kpot
behavioral1/files/0x000600000001506f-144.dat	family_kpot
behavioral1/files/0x0006000000015382-152.dat	family_kpot
behavioral1/files/0x0006000000015515-159.dat	family_kpot
behavioral1/files/0x0006000000015142-149.dat	family_kpot
behavioral1/files/0x0006000000015043-139.dat	family_kpot
behavioral1/files/0x0006000000014b0a-124.dat	family_kpot
behavioral1/files/0x0006000000014c22-129.dat	family_kpot
behavioral1/files/0x000600000001485e-114.dat	family_kpot
behavioral1/files/0x0006000000014713-104.dat	family_kpot
behavioral1/files/0x000600000001472b-109.dat	family_kpot
behavioral1/files/0x000600000001462d-94.dat	family_kpot
behavioral1/files/0x000600000001459f-89.dat	family_kpot
behavioral1/files/0x00060000000144fb-84.dat	family_kpot
behavioral1/files/0x00060000000144e4-74.dat	family_kpot
behavioral1/files/0x000600000001444c-64.dat	family_kpot
behavioral1/files/0x000a000000013522-54.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000f000000012324-2.dat	xmrig
behavioral1/files/0x000a000000013425-6.dat	xmrig
behavioral1/files/0x0008000000013a44-8.dat	xmrig
behavioral1/files/0x0008000000013a89-17.dat	xmrig
behavioral1/files/0x0009000000014179-21.dat	xmrig
behavioral1/files/0x000900000001419c-29.dat	xmrig
behavioral1/files/0x0007000000014219-31.dat	xmrig
behavioral1/files/0x0007000000014288-39.dat	xmrig
behavioral1/files/0x00070000000142a1-44.dat	xmrig
behavioral1/files/0x0006000000014321-50.dat	xmrig
behavioral1/files/0x00060000000143c3-57.dat	xmrig
behavioral1/files/0x00060000000144a4-67.dat	xmrig
behavioral1/files/0x00060000000144f3-79.dat	xmrig
behavioral1/files/0x00060000000146d4-97.dat	xmrig
behavioral1/files/0x00060000000149e8-119.dat	xmrig
behavioral1/files/0x0006000000014f46-132.dat	xmrig
behavioral1/files/0x000600000001506f-144.dat	xmrig
behavioral1/files/0x0006000000015382-152.dat	xmrig
behavioral1/files/0x0006000000015515-159.dat	xmrig
behavioral1/files/0x0006000000015142-149.dat	xmrig
behavioral1/files/0x0006000000015043-139.dat	xmrig
behavioral1/files/0x0006000000014b0a-124.dat	xmrig
behavioral1/files/0x0006000000014c22-129.dat	xmrig
behavioral1/files/0x000600000001485e-114.dat	xmrig
behavioral1/files/0x0006000000014713-104.dat	xmrig
behavioral1/files/0x000600000001472b-109.dat	xmrig
behavioral1/files/0x000600000001462d-94.dat	xmrig
behavioral1/files/0x000600000001459f-89.dat	xmrig
behavioral1/files/0x00060000000144fb-84.dat	xmrig
behavioral1/files/0x00060000000144e4-74.dat	xmrig
behavioral1/files/0x000600000001444c-64.dat	xmrig
behavioral1/files/0x000a000000013522-54.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1628	jSjkKyl.exe
2160	VKQmIBd.exe
2192	YLJHYRN.exe
2968	frVjtol.exe
1560	tmEIFxO.exe
2984	wMKShay.exe
2580	mzqZElk.exe
2648	tVXlloc.exe
2720	GcBSbuJ.exe
2628	DBQyHHX.exe
2616	lnXhKVP.exe
2696	fgLbJwv.exe
2448	WizWPrs.exe
2508	xuFfQbi.exe
2484	vXsqHfX.exe
2252	KZqtLeS.exe
1432	iJtOhvp.exe
2768	paNLqrF.exe
1300	BIkLWtF.exe
1340	BlAnlbM.exe
2148	TWWaaAY.exe
1612	EgQcElE.exe
1036	aNzigeD.exe
2736	ueGIzVk.exe
2904	fClcUIG.exe
2032	MVCeTvP.exe
2916	zpoOxeg.exe
376	WVIBcMt.exe
2068	mucEyiK.exe
2476	keYIFVw.exe
2268	RqtoOPm.exe
2216	tAXlZcl.exe
1856	mjRDyvD.exe
264	SMPFVZG.exe
476	CZHRkqH.exe
760	UwFVTHo.exe
540	vVIzVkX.exe
304	vinwnEi.exe
2008	qiwpWLe.exe
2284	iRkdMEj.exe
1544	gyBqCSF.exe
1292	GQCJIgO.exe
1288	GhKXbYW.exe
408	nQQjeCE.exe
2684	UBrdWpb.exe
2800	OnkNPEk.exe
3068	jRdyRlG.exe
1360	zCtCHZt.exe
620	PXJWGwv.exe
1616	eKccWcT.exe
920	oSeTmny.exe
2136	ckYfNJg.exe
2024	opSjRip.exe
688	InXAuFn.exe
764	nnHNDqR.exe
3040	oeCVSir.exe
2300	gKSWxiM.exe
2716	tnWPGVA.exe
3052	UOBGIft.exe
2232	yyyKoZz.exe
888	dkMAUBW.exe
1124	aZhGFDV.exe
2972	Wtpdozs.exe
1580	KFlppWM.exe

Loads dropped DLL 64 IoCs

pid	Process
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nLQYlHq.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\qiwpWLe.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\cWHjEOS.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\QeizzfU.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\dGrAcFd.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\iNgoylB.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\kqEBEvu.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\TwiTwLr.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\paNLqrF.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\PXJWGwv.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\CGSikPf.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\lEHIRCT.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\eUDkOof.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\nSXgGEE.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\ZbTJfjr.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\vCKEJiG.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\InXAuFn.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\aZhGFDV.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\gqsgaxC.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\AoixkNX.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\BlAnlbM.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\MxQiGsG.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\wAoWeDl.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\ciHHIem.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\vMSKPyJ.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\yAFJAwl.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\DxlQcPm.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\moqWlXG.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\WGwuwws.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\BgCottT.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\mDbmdYi.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\rwYfjXa.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\kYKZETw.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\mzqZElk.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\tfIsWzR.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\sKkZfKh.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\WwgURMP.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\KwSinUC.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\xsDyPgc.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\aVcbXDP.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\lnXhKVP.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\QwUYzOm.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\ARbquww.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\xknLJxg.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\CBzhvbd.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\DBQyHHX.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\OKuXBBe.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\sCAisck.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\oeCVSir.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\jAhqtwh.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\SmtMptI.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\oNqFnmj.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\MVCeTvP.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\YsnlrJg.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\LZGoKKP.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\LTBXffR.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\rVvyWgg.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\SBmybbg.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\LpwZcJz.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\SzDSEQB.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\LGViNZN.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\DELKAfw.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\NcWNnXn.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
File created	C:\Windows\System\zPCPpXu.exe	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	29
PID 2340 wrote to memory of 1628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	29
PID 2340 wrote to memory of 1628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	29
PID 2340 wrote to memory of 2160	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2160	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2160	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	30
PID 2340 wrote to memory of 2192	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2192	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2192	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	31
PID 2340 wrote to memory of 2968	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	32
PID 2340 wrote to memory of 2968	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	32
PID 2340 wrote to memory of 2968	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	32
PID 2340 wrote to memory of 1560	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	33
PID 2340 wrote to memory of 1560	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	33
PID 2340 wrote to memory of 1560	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	33
PID 2340 wrote to memory of 2984	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	34
PID 2340 wrote to memory of 2984	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	34
PID 2340 wrote to memory of 2984	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	34
PID 2340 wrote to memory of 2580	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	35
PID 2340 wrote to memory of 2580	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	35
PID 2340 wrote to memory of 2580	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	35
PID 2340 wrote to memory of 2648	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	36
PID 2340 wrote to memory of 2648	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	36
PID 2340 wrote to memory of 2648	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	36
PID 2340 wrote to memory of 2720	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	37
PID 2340 wrote to memory of 2720	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	37
PID 2340 wrote to memory of 2720	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	37
PID 2340 wrote to memory of 2628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	38
PID 2340 wrote to memory of 2628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	38
PID 2340 wrote to memory of 2628	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	38
PID 2340 wrote to memory of 2616	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	39
PID 2340 wrote to memory of 2616	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	39
PID 2340 wrote to memory of 2616	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	39
PID 2340 wrote to memory of 2696	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	40
PID 2340 wrote to memory of 2696	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	40
PID 2340 wrote to memory of 2696	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	40
PID 2340 wrote to memory of 2448	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	41
PID 2340 wrote to memory of 2448	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	41
PID 2340 wrote to memory of 2448	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	41
PID 2340 wrote to memory of 2508	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	42
PID 2340 wrote to memory of 2508	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	42
PID 2340 wrote to memory of 2508	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	42
PID 2340 wrote to memory of 2484	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	43
PID 2340 wrote to memory of 2484	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	43
PID 2340 wrote to memory of 2484	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	43
PID 2340 wrote to memory of 2252	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	44
PID 2340 wrote to memory of 2252	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	44
PID 2340 wrote to memory of 2252	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	44
PID 2340 wrote to memory of 1432	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	45
PID 2340 wrote to memory of 1432	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	45
PID 2340 wrote to memory of 1432	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	45
PID 2340 wrote to memory of 2768	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	46
PID 2340 wrote to memory of 2768	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	46
PID 2340 wrote to memory of 2768	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	46
PID 2340 wrote to memory of 1300	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	47
PID 2340 wrote to memory of 1300	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	47
PID 2340 wrote to memory of 1300	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	47
PID 2340 wrote to memory of 1340	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	48
PID 2340 wrote to memory of 1340	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	48
PID 2340 wrote to memory of 1340	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	48
PID 2340 wrote to memory of 2148	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	49
PID 2340 wrote to memory of 2148	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	49
PID 2340 wrote to memory of 2148	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	49
PID 2340 wrote to memory of 1612	2340	49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\49681094f32fcfd8da865f1cb4f4eb90_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\System\jSjkKyl.exe
  C:\Windows\System\jSjkKyl.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\VKQmIBd.exe
  C:\Windows\System\VKQmIBd.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\YLJHYRN.exe
  C:\Windows\System\YLJHYRN.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\frVjtol.exe
  C:\Windows\System\frVjtol.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\tmEIFxO.exe
  C:\Windows\System\tmEIFxO.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\wMKShay.exe
  C:\Windows\System\wMKShay.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\mzqZElk.exe
  C:\Windows\System\mzqZElk.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\tVXlloc.exe
  C:\Windows\System\tVXlloc.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\GcBSbuJ.exe
  C:\Windows\System\GcBSbuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\DBQyHHX.exe
  C:\Windows\System\DBQyHHX.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\lnXhKVP.exe
  C:\Windows\System\lnXhKVP.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\fgLbJwv.exe
  C:\Windows\System\fgLbJwv.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\WizWPrs.exe
  C:\Windows\System\WizWPrs.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\xuFfQbi.exe
  C:\Windows\System\xuFfQbi.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vXsqHfX.exe
  C:\Windows\System\vXsqHfX.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\KZqtLeS.exe
  C:\Windows\System\KZqtLeS.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\iJtOhvp.exe
  C:\Windows\System\iJtOhvp.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\paNLqrF.exe
  C:\Windows\System\paNLqrF.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\BIkLWtF.exe
  C:\Windows\System\BIkLWtF.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\BlAnlbM.exe
  C:\Windows\System\BlAnlbM.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\TWWaaAY.exe
  C:\Windows\System\TWWaaAY.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\EgQcElE.exe
  C:\Windows\System\EgQcElE.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\aNzigeD.exe
  C:\Windows\System\aNzigeD.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ueGIzVk.exe
  C:\Windows\System\ueGIzVk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\fClcUIG.exe
  C:\Windows\System\fClcUIG.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\MVCeTvP.exe
  C:\Windows\System\MVCeTvP.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\zpoOxeg.exe
  C:\Windows\System\zpoOxeg.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WVIBcMt.exe
  C:\Windows\System\WVIBcMt.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\mucEyiK.exe
  C:\Windows\System\mucEyiK.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\keYIFVw.exe
  C:\Windows\System\keYIFVw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RqtoOPm.exe
  C:\Windows\System\RqtoOPm.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\tAXlZcl.exe
  C:\Windows\System\tAXlZcl.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\mjRDyvD.exe
  C:\Windows\System\mjRDyvD.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\SMPFVZG.exe
  C:\Windows\System\SMPFVZG.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\CZHRkqH.exe
  C:\Windows\System\CZHRkqH.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\UwFVTHo.exe
  C:\Windows\System\UwFVTHo.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\vVIzVkX.exe
  C:\Windows\System\vVIzVkX.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\vinwnEi.exe
  C:\Windows\System\vinwnEi.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\qiwpWLe.exe
  C:\Windows\System\qiwpWLe.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\iRkdMEj.exe
  C:\Windows\System\iRkdMEj.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\gyBqCSF.exe
  C:\Windows\System\gyBqCSF.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GQCJIgO.exe
  C:\Windows\System\GQCJIgO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\GhKXbYW.exe
  C:\Windows\System\GhKXbYW.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\nQQjeCE.exe
  C:\Windows\System\nQQjeCE.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\UBrdWpb.exe
  C:\Windows\System\UBrdWpb.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\OnkNPEk.exe
  C:\Windows\System\OnkNPEk.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\jRdyRlG.exe
  C:\Windows\System\jRdyRlG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\zCtCHZt.exe
  C:\Windows\System\zCtCHZt.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\PXJWGwv.exe
  C:\Windows\System\PXJWGwv.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\eKccWcT.exe
  C:\Windows\System\eKccWcT.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\oSeTmny.exe
  C:\Windows\System\oSeTmny.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\ckYfNJg.exe
  C:\Windows\System\ckYfNJg.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\opSjRip.exe
  C:\Windows\System\opSjRip.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\InXAuFn.exe
  C:\Windows\System\InXAuFn.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\nnHNDqR.exe
  C:\Windows\System\nnHNDqR.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\oeCVSir.exe
  C:\Windows\System\oeCVSir.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\gKSWxiM.exe
  C:\Windows\System\gKSWxiM.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\tnWPGVA.exe
  C:\Windows\System\tnWPGVA.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\UOBGIft.exe
  C:\Windows\System\UOBGIft.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\yyyKoZz.exe
  C:\Windows\System\yyyKoZz.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\dkMAUBW.exe
  C:\Windows\System\dkMAUBW.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\aZhGFDV.exe
  C:\Windows\System\aZhGFDV.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\Wtpdozs.exe
  C:\Windows\System\Wtpdozs.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\KFlppWM.exe
  C:\Windows\System\KFlppWM.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\pbJphzx.exe
  C:\Windows\System\pbJphzx.exe
  2⤵
  PID:1604
- C:\Windows\System\kErTmPy.exe
  C:\Windows\System\kErTmPy.exe
  2⤵
  PID:1692
- C:\Windows\System\yOtjtyk.exe
  C:\Windows\System\yOtjtyk.exe
  2⤵
  PID:2152
- C:\Windows\System\wQHGTwj.exe
  C:\Windows\System\wQHGTwj.exe
  2⤵
  PID:2324
- C:\Windows\System\BCUQYKR.exe
  C:\Windows\System\BCUQYKR.exe
  2⤵
  PID:2952
- C:\Windows\System\ZztqaYN.exe
  C:\Windows\System\ZztqaYN.exe
  2⤵
  PID:1620
- C:\Windows\System\DvFbpnS.exe
  C:\Windows\System\DvFbpnS.exe
  2⤵
  PID:2248
- C:\Windows\System\XGuvhxu.exe
  C:\Windows\System\XGuvhxu.exe
  2⤵
  PID:2544
- C:\Windows\System\OvofDUf.exe
  C:\Windows\System\OvofDUf.exe
  2⤵
  PID:2444
- C:\Windows\System\HbNpiIc.exe
  C:\Windows\System\HbNpiIc.exe
  2⤵
  PID:2788
- C:\Windows\System\QwUYzOm.exe
  C:\Windows\System\QwUYzOm.exe
  2⤵
  PID:1896
- C:\Windows\System\mlahwFf.exe
  C:\Windows\System\mlahwFf.exe
  2⤵
  PID:2624
- C:\Windows\System\tfIsWzR.exe
  C:\Windows\System\tfIsWzR.exe
  2⤵
  PID:2488
- C:\Windows\System\PqILVUy.exe
  C:\Windows\System\PqILVUy.exe
  2⤵
  PID:2120
- C:\Windows\System\YEivkIq.exe
  C:\Windows\System\YEivkIq.exe
  2⤵
  PID:2860
- C:\Windows\System\HuNIxRg.exe
  C:\Windows\System\HuNIxRg.exe
  2⤵
  PID:2848
- C:\Windows\System\IdpjLUi.exe
  C:\Windows\System\IdpjLUi.exe
  2⤵
  PID:2380
- C:\Windows\System\OnVyBKB.exe
  C:\Windows\System\OnVyBKB.exe
  2⤵
  PID:2156
- C:\Windows\System\EsmeuvC.exe
  C:\Windows\System\EsmeuvC.exe
  2⤵
  PID:2504
- C:\Windows\System\RDvRUcx.exe
  C:\Windows\System\RDvRUcx.exe
  2⤵
  PID:1264
- C:\Windows\System\MQTuxAB.exe
  C:\Windows\System\MQTuxAB.exe
  2⤵
  PID:1708
- C:\Windows\System\hGpZIio.exe
  C:\Windows\System\hGpZIio.exe
  2⤵
  PID:2100
- C:\Windows\System\oBdmZFb.exe
  C:\Windows\System\oBdmZFb.exe
  2⤵
  PID:2108
- C:\Windows\System\vDGPlqI.exe
  C:\Windows\System\vDGPlqI.exe
  2⤵
  PID:1696
- C:\Windows\System\cWHjEOS.exe
  C:\Windows\System\cWHjEOS.exe
  2⤵
  PID:1892
- C:\Windows\System\nHBXkJE.exe
  C:\Windows\System\nHBXkJE.exe
  2⤵
  PID:536
- C:\Windows\System\qnvLckK.exe
  C:\Windows\System\qnvLckK.exe
  2⤵
  PID:968
- C:\Windows\System\eLbMHiq.exe
  C:\Windows\System\eLbMHiq.exe
  2⤵
  PID:2264
- C:\Windows\System\MaSnVqa.exe
  C:\Windows\System\MaSnVqa.exe
  2⤵
  PID:644
- C:\Windows\System\LmjOGHK.exe
  C:\Windows\System\LmjOGHK.exe
  2⤵
  PID:2404
- C:\Windows\System\eCipJnN.exe
  C:\Windows\System\eCipJnN.exe
  2⤵
  PID:828
- C:\Windows\System\AUKEgKu.exe
  C:\Windows\System\AUKEgKu.exe
  2⤵
  PID:2816
- C:\Windows\System\ToqWViH.exe
  C:\Windows\System\ToqWViH.exe
  2⤵
  PID:2812
- C:\Windows\System\QHmasdk.exe
  C:\Windows\System\QHmasdk.exe
  2⤵
  PID:2040
- C:\Windows\System\QuKNpNA.exe
  C:\Windows\System\QuKNpNA.exe
  2⤵
  PID:1088
- C:\Windows\System\zPCPpXu.exe
  C:\Windows\System\zPCPpXu.exe
  2⤵
  PID:2524
- C:\Windows\System\YsnlrJg.exe
  C:\Windows\System\YsnlrJg.exe
  2⤵
  PID:1956
- C:\Windows\System\yGBYgnt.exe
  C:\Windows\System\yGBYgnt.exe
  2⤵
  PID:1732
- C:\Windows\System\PNLoRhS.exe
  C:\Windows\System\PNLoRhS.exe
  2⤵
  PID:2200
- C:\Windows\System\IgffFDB.exe
  C:\Windows\System\IgffFDB.exe
  2⤵
  PID:1636
- C:\Windows\System\kQFEILu.exe
  C:\Windows\System\kQFEILu.exe
  2⤵
  PID:2228
- C:\Windows\System\LGViNZN.exe
  C:\Windows\System\LGViNZN.exe
  2⤵
  PID:876
- C:\Windows\System\LZGoKKP.exe
  C:\Windows\System\LZGoKKP.exe
  2⤵
  PID:2144
- C:\Windows\System\KMENrCB.exe
  C:\Windows\System\KMENrCB.exe
  2⤵
  PID:2188
- C:\Windows\System\PTBbpPh.exe
  C:\Windows\System\PTBbpPh.exe
  2⤵
  PID:1784
- C:\Windows\System\MxQiGsG.exe
  C:\Windows\System\MxQiGsG.exe
  2⤵
  PID:2164
- C:\Windows\System\ieOqenw.exe
  C:\Windows\System\ieOqenw.exe
  2⤵
  PID:2996
- C:\Windows\System\qCqDcoW.exe
  C:\Windows\System\qCqDcoW.exe
  2⤵
  PID:2840
- C:\Windows\System\vjBVPuI.exe
  C:\Windows\System\vjBVPuI.exe
  2⤵
  PID:2792
- C:\Windows\System\uNIardg.exe
  C:\Windows\System\uNIardg.exe
  2⤵
  PID:2472
- C:\Windows\System\bYNifMf.exe
  C:\Windows\System\bYNifMf.exe
  2⤵
  PID:2440
- C:\Windows\System\LTBXffR.exe
  C:\Windows\System\LTBXffR.exe
  2⤵
  PID:1016
- C:\Windows\System\HzIRLOp.exe
  C:\Windows\System\HzIRLOp.exe
  2⤵
  PID:1904
- C:\Windows\System\YxrYBbD.exe
  C:\Windows\System\YxrYBbD.exe
  2⤵
  PID:1796
- C:\Windows\System\lmaOSQH.exe
  C:\Windows\System\lmaOSQH.exe
  2⤵
  PID:1652
- C:\Windows\System\dwroUtk.exe
  C:\Windows\System\dwroUtk.exe
  2⤵
  PID:1324
- C:\Windows\System\irJWjkX.exe
  C:\Windows\System\irJWjkX.exe
  2⤵
  PID:2092
- C:\Windows\System\CBfNFjo.exe
  C:\Windows\System\CBfNFjo.exe
  2⤵
  PID:1624
- C:\Windows\System\kPnMBFv.exe
  C:\Windows\System\kPnMBFv.exe
  2⤵
  PID:576
- C:\Windows\System\CGSikPf.exe
  C:\Windows\System\CGSikPf.exe
  2⤵
  PID:2680
- C:\Windows\System\COyPYon.exe
  C:\Windows\System\COyPYon.exe
  2⤵
  PID:1736
- C:\Windows\System\yAFJAwl.exe
  C:\Windows\System\yAFJAwl.exe
  2⤵
  PID:1768
- C:\Windows\System\FNsVLVj.exe
  C:\Windows\System\FNsVLVj.exe
  2⤵
  PID:944
- C:\Windows\System\rVvyWgg.exe
  C:\Windows\System\rVvyWgg.exe
  2⤵
  PID:1344
- C:\Windows\System\wMFDffF.exe
  C:\Windows\System\wMFDffF.exe
  2⤵
  PID:1552
- C:\Windows\System\iYRxOep.exe
  C:\Windows\System\iYRxOep.exe
  2⤵
  PID:2180
- C:\Windows\System\wAoWeDl.exe
  C:\Windows\System\wAoWeDl.exe
  2⤵
  PID:1320
- C:\Windows\System\STvDQlt.exe
  C:\Windows\System\STvDQlt.exe
  2⤵
  PID:1504
- C:\Windows\System\DxlQcPm.exe
  C:\Windows\System\DxlQcPm.exe
  2⤵
  PID:1776
- C:\Windows\System\LuaFzcw.exe
  C:\Windows\System\LuaFzcw.exe
  2⤵
  PID:2056
- C:\Windows\System\VsyPiko.exe
  C:\Windows\System\VsyPiko.exe
  2⤵
  PID:1596
- C:\Windows\System\ZSWhruV.exe
  C:\Windows\System\ZSWhruV.exe
  2⤵
  PID:2852
- C:\Windows\System\TvpSLNW.exe
  C:\Windows\System\TvpSLNW.exe
  2⤵
  PID:2480
- C:\Windows\System\CciYWGW.exe
  C:\Windows\System\CciYWGW.exe
  2⤵
  PID:1520
- C:\Windows\System\moqWlXG.exe
  C:\Windows\System\moqWlXG.exe
  2⤵
  PID:2896
- C:\Windows\System\NvrMaFv.exe
  C:\Windows\System\NvrMaFv.exe
  2⤵
  PID:2752
- C:\Windows\System\reKaxHL.exe
  C:\Windows\System\reKaxHL.exe
  2⤵
  PID:1748
- C:\Windows\System\irpmWsi.exe
  C:\Windows\System\irpmWsi.exe
  2⤵
  PID:2712
- C:\Windows\System\SBmybbg.exe
  C:\Windows\System\SBmybbg.exe
  2⤵
  PID:1192
- C:\Windows\System\YGhPQMk.exe
  C:\Windows\System\YGhPQMk.exe
  2⤵
  PID:1128
- C:\Windows\System\gqgVoIg.exe
  C:\Windows\System\gqgVoIg.exe
  2⤵
  PID:332
- C:\Windows\System\HvYcGpE.exe
  C:\Windows\System\HvYcGpE.exe
  2⤵
  PID:1564
- C:\Windows\System\OwVEjmp.exe
  C:\Windows\System\OwVEjmp.exe
  2⤵
  PID:2408
- C:\Windows\System\yrfwSnK.exe
  C:\Windows\System\yrfwSnK.exe
  2⤵
  PID:940
- C:\Windows\System\ARbquww.exe
  C:\Windows\System\ARbquww.exe
  2⤵
  PID:1900
- C:\Windows\System\zRNQzek.exe
  C:\Windows\System\zRNQzek.exe
  2⤵
  PID:2396
- C:\Windows\System\PzlzyXQ.exe
  C:\Windows\System\PzlzyXQ.exe
  2⤵
  PID:2516
- C:\Windows\System\cXjuTTz.exe
  C:\Windows\System\cXjuTTz.exe
  2⤵
  PID:1668
- C:\Windows\System\COsbjEr.exe
  C:\Windows\System\COsbjEr.exe
  2⤵
  PID:1572
- C:\Windows\System\SlkzmML.exe
  C:\Windows\System\SlkzmML.exe
  2⤵
  PID:1040
- C:\Windows\System\AjrHsGb.exe
  C:\Windows\System\AjrHsGb.exe
  2⤵
  PID:1872
- C:\Windows\System\HJnRUrE.exe
  C:\Windows\System\HJnRUrE.exe
  2⤵
  PID:2948
- C:\Windows\System\ROxZabg.exe
  C:\Windows\System\ROxZabg.exe
  2⤵
  PID:2608
- C:\Windows\System\zrvqqvA.exe
  C:\Windows\System\zrvqqvA.exe
  2⤵
  PID:668
- C:\Windows\System\sKkZfKh.exe
  C:\Windows\System\sKkZfKh.exe
  2⤵
  PID:1076
- C:\Windows\System\ufSmjpM.exe
  C:\Windows\System\ufSmjpM.exe
  2⤵
  PID:380
- C:\Windows\System\QeizzfU.exe
  C:\Windows\System\QeizzfU.exe
  2⤵
  PID:2888
- C:\Windows\System\lolvcao.exe
  C:\Windows\System\lolvcao.exe
  2⤵
  PID:3076
- C:\Windows\System\hJCccAG.exe
  C:\Windows\System\hJCccAG.exe
  2⤵
  PID:3096
- C:\Windows\System\YVinCuE.exe
  C:\Windows\System\YVinCuE.exe
  2⤵
  PID:3112
- C:\Windows\System\oyKTynU.exe
  C:\Windows\System\oyKTynU.exe
  2⤵
  PID:3136
- C:\Windows\System\DpZRcMk.exe
  C:\Windows\System\DpZRcMk.exe
  2⤵
  PID:3152
- C:\Windows\System\FNtFzRa.exe
  C:\Windows\System\FNtFzRa.exe
  2⤵
  PID:3172
- C:\Windows\System\CBzhvbd.exe
  C:\Windows\System\CBzhvbd.exe
  2⤵
  PID:3192
- C:\Windows\System\OyXUgbf.exe
  C:\Windows\System\OyXUgbf.exe
  2⤵
  PID:3216
- C:\Windows\System\vuESLzT.exe
  C:\Windows\System\vuESLzT.exe
  2⤵
  PID:3236
- C:\Windows\System\qsZYSHD.exe
  C:\Windows\System\qsZYSHD.exe
  2⤵
  PID:3256
- C:\Windows\System\LIiVWJr.exe
  C:\Windows\System\LIiVWJr.exe
  2⤵
  PID:3276
- C:\Windows\System\tcydpmw.exe
  C:\Windows\System\tcydpmw.exe
  2⤵
  PID:3296
- C:\Windows\System\TQaJEfg.exe
  C:\Windows\System\TQaJEfg.exe
  2⤵
  PID:3316
- C:\Windows\System\mQhQhoX.exe
  C:\Windows\System\mQhQhoX.exe
  2⤵
  PID:3332
- C:\Windows\System\gqsgaxC.exe
  C:\Windows\System\gqsgaxC.exe
  2⤵
  PID:3356
- C:\Windows\System\BMvbMfm.exe
  C:\Windows\System\BMvbMfm.exe
  2⤵
  PID:3376
- C:\Windows\System\PubkQCE.exe
  C:\Windows\System\PubkQCE.exe
  2⤵
  PID:3396
- C:\Windows\System\lEHIRCT.exe
  C:\Windows\System\lEHIRCT.exe
  2⤵
  PID:3412
- C:\Windows\System\OjhdBMy.exe
  C:\Windows\System\OjhdBMy.exe
  2⤵
  PID:3436
- C:\Windows\System\JUfHyDz.exe
  C:\Windows\System\JUfHyDz.exe
  2⤵
  PID:3452
- C:\Windows\System\AoixkNX.exe
  C:\Windows\System\AoixkNX.exe
  2⤵
  PID:3476
- C:\Windows\System\dGrAcFd.exe
  C:\Windows\System\dGrAcFd.exe
  2⤵
  PID:3496
- C:\Windows\System\VhAHLhs.exe
  C:\Windows\System\VhAHLhs.exe
  2⤵
  PID:3516
- C:\Windows\System\phHzchC.exe
  C:\Windows\System\phHzchC.exe
  2⤵
  PID:3536
- C:\Windows\System\SCIgWym.exe
  C:\Windows\System\SCIgWym.exe
  2⤵
  PID:3556
- C:\Windows\System\cfwCQUr.exe
  C:\Windows\System\cfwCQUr.exe
  2⤵
  PID:3576
- C:\Windows\System\kLLcXGT.exe
  C:\Windows\System\kLLcXGT.exe
  2⤵
  PID:3592
- C:\Windows\System\TOltlbe.exe
  C:\Windows\System\TOltlbe.exe
  2⤵
  PID:3612
- C:\Windows\System\iDDhisd.exe
  C:\Windows\System\iDDhisd.exe
  2⤵
  PID:3632
- C:\Windows\System\imGLZNb.exe
  C:\Windows\System\imGLZNb.exe
  2⤵
  PID:3656
- C:\Windows\System\nXQyYnm.exe
  C:\Windows\System\nXQyYnm.exe
  2⤵
  PID:3672
- C:\Windows\System\ciHHIem.exe
  C:\Windows\System\ciHHIem.exe
  2⤵
  PID:3692
- C:\Windows\System\nTQarqG.exe
  C:\Windows\System\nTQarqG.exe
  2⤵
  PID:3708
- C:\Windows\System\ZMsGVUh.exe
  C:\Windows\System\ZMsGVUh.exe
  2⤵
  PID:3724
- C:\Windows\System\OmpeJqD.exe
  C:\Windows\System\OmpeJqD.exe
  2⤵
  PID:3740
- C:\Windows\System\hWSoaNo.exe
  C:\Windows\System\hWSoaNo.exe
  2⤵
  PID:3756
- C:\Windows\System\qGJharf.exe
  C:\Windows\System\qGJharf.exe
  2⤵
  PID:3772
- C:\Windows\System\EqVNqbv.exe
  C:\Windows\System\EqVNqbv.exe
  2⤵
  PID:3812
- C:\Windows\System\ehKfdke.exe
  C:\Windows\System\ehKfdke.exe
  2⤵
  PID:3828
- C:\Windows\System\JfszFkg.exe
  C:\Windows\System\JfszFkg.exe
  2⤵
  PID:3848
- C:\Windows\System\sALePgX.exe
  C:\Windows\System\sALePgX.exe
  2⤵
  PID:3864
- C:\Windows\System\AmfYHFh.exe
  C:\Windows\System\AmfYHFh.exe
  2⤵
  PID:3880
- C:\Windows\System\qSmlzPj.exe
  C:\Windows\System\qSmlzPj.exe
  2⤵
  PID:3900
- C:\Windows\System\xknLJxg.exe
  C:\Windows\System\xknLJxg.exe
  2⤵
  PID:3920
- C:\Windows\System\aVFdpmD.exe
  C:\Windows\System\aVFdpmD.exe
  2⤵
  PID:3936
- C:\Windows\System\IjAzalf.exe
  C:\Windows\System\IjAzalf.exe
  2⤵
  PID:3956
- C:\Windows\System\LpwZcJz.exe
  C:\Windows\System\LpwZcJz.exe
  2⤵
  PID:3972
- C:\Windows\System\AnVtgCV.exe
  C:\Windows\System\AnVtgCV.exe
  2⤵
  PID:3988
- C:\Windows\System\WGwuwws.exe
  C:\Windows\System\WGwuwws.exe
  2⤵
  PID:4004
- C:\Windows\System\EGcCley.exe
  C:\Windows\System\EGcCley.exe
  2⤵
  PID:4020
- C:\Windows\System\HLiBwZX.exe
  C:\Windows\System\HLiBwZX.exe
  2⤵
  PID:4040
- C:\Windows\System\gdUlImS.exe
  C:\Windows\System\gdUlImS.exe
  2⤵
  PID:4056
- C:\Windows\System\PAGYdUo.exe
  C:\Windows\System\PAGYdUo.exe
  2⤵
  PID:4072
- C:\Windows\System\vlQipDM.exe
  C:\Windows\System\vlQipDM.exe
  2⤵
  PID:2668
- C:\Windows\System\cBYIbpU.exe
  C:\Windows\System\cBYIbpU.exe
  2⤵
  PID:1168
- C:\Windows\System\qWjBpsj.exe
  C:\Windows\System\qWjBpsj.exe
  2⤵
  PID:2604
- C:\Windows\System\gRbrtrI.exe
  C:\Windows\System\gRbrtrI.exe
  2⤵
  PID:2988
- C:\Windows\System\OKuXBBe.exe
  C:\Windows\System\OKuXBBe.exe
  2⤵
  PID:3084
- C:\Windows\System\hUBrley.exe
  C:\Windows\System\hUBrley.exe
  2⤵
  PID:3124
- C:\Windows\System\BbzHDcd.exe
  C:\Windows\System\BbzHDcd.exe
  2⤵
  PID:2500
- C:\Windows\System\khObeue.exe
  C:\Windows\System\khObeue.exe
  2⤵
  PID:3144
- C:\Windows\System\jAhqtwh.exe
  C:\Windows\System\jAhqtwh.exe
  2⤵
  PID:1640
- C:\Windows\System\EgCdwcB.exe
  C:\Windows\System\EgCdwcB.exe
  2⤵
  PID:3228
- C:\Windows\System\DELKAfw.exe
  C:\Windows\System\DELKAfw.exe
  2⤵
  PID:3060
- C:\Windows\System\WwgURMP.exe
  C:\Windows\System\WwgURMP.exe
  2⤵
  PID:3268
- C:\Windows\System\CyqTfcb.exe
  C:\Windows\System\CyqTfcb.exe
  2⤵
  PID:3312
- C:\Windows\System\mdTkxAe.exe
  C:\Windows\System\mdTkxAe.exe
  2⤵
  PID:3372
- C:\Windows\System\PHtgGJK.exe
  C:\Windows\System\PHtgGJK.exe
  2⤵
  PID:1836
- C:\Windows\System\JenoDcn.exe
  C:\Windows\System\JenoDcn.exe
  2⤵
  PID:1428
- C:\Windows\System\MFZbVzD.exe
  C:\Windows\System\MFZbVzD.exe
  2⤵
  PID:3424
- C:\Windows\System\KdPbiDs.exe
  C:\Windows\System\KdPbiDs.exe
  2⤵
  PID:2876
- C:\Windows\System\QEAmIxX.exe
  C:\Windows\System\QEAmIxX.exe
  2⤵
  PID:3428
- C:\Windows\System\vVveXSG.exe
  C:\Windows\System\vVveXSG.exe
  2⤵
  PID:1660
- C:\Windows\System\luVrQNg.exe
  C:\Windows\System\luVrQNg.exe
  2⤵
  PID:3572
- C:\Windows\System\QJmXBPd.exe
  C:\Windows\System\QJmXBPd.exe
  2⤵
  PID:3508
- C:\Windows\System\CEkiWyW.exe
  C:\Windows\System\CEkiWyW.exe
  2⤵
  PID:2224
- C:\Windows\System\EYqGxVu.exe
  C:\Windows\System\EYqGxVu.exe
  2⤵
  PID:1080
- C:\Windows\System\snmbvvx.exe
  C:\Windows\System\snmbvvx.exe
  2⤵
  PID:1576
- C:\Windows\System\BgCottT.exe
  C:\Windows\System\BgCottT.exe
  2⤵
  PID:3648
- C:\Windows\System\gqGiIPj.exe
  C:\Windows\System\gqGiIPj.exe
  2⤵
  PID:2540
- C:\Windows\System\iKbKTIh.exe
  C:\Windows\System\iKbKTIh.exe
  2⤵
  PID:3584
- C:\Windows\System\KwSinUC.exe
  C:\Windows\System\KwSinUC.exe
  2⤵
  PID:3752
- C:\Windows\System\GILNCfH.exe
  C:\Windows\System\GILNCfH.exe
  2⤵
  PID:3792
- C:\Windows\System\KnKomcw.exe
  C:\Windows\System\KnKomcw.exe
  2⤵
  PID:3704
- C:\Windows\System\eUDkOof.exe
  C:\Windows\System\eUDkOof.exe
  2⤵
  PID:1800
- C:\Windows\System\KyHkVUY.exe
  C:\Windows\System\KyHkVUY.exe
  2⤵
  PID:2256
- C:\Windows\System\MgxKvBu.exe
  C:\Windows\System\MgxKvBu.exe
  2⤵
  PID:1684
- C:\Windows\System\xsDyPgc.exe
  C:\Windows\System\xsDyPgc.exe
  2⤵
  PID:2044
- C:\Windows\System\iCdFAqX.exe
  C:\Windows\System\iCdFAqX.exe
  2⤵
  PID:3952
- C:\Windows\System\KpWYbvt.exe
  C:\Windows\System\KpWYbvt.exe
  2⤵
  PID:3944
- C:\Windows\System\DkmHeJj.exe
  C:\Windows\System\DkmHeJj.exe
  2⤵
  PID:3932
- C:\Windows\System\XJAXUXj.exe
  C:\Windows\System\XJAXUXj.exe
  2⤵
  PID:4016
- C:\Windows\System\cTKHfCe.exe
  C:\Windows\System\cTKHfCe.exe
  2⤵
  PID:4088
- C:\Windows\System\gcBnzAu.exe
  C:\Windows\System\gcBnzAu.exe
  2⤵
  PID:4000
- C:\Windows\System\WvCmXTS.exe
  C:\Windows\System\WvCmXTS.exe
  2⤵
  PID:4064
- C:\Windows\System\NVooVzn.exe
  C:\Windows\System\NVooVzn.exe
  2⤵
  PID:3016
- C:\Windows\System\DJbuseB.exe
  C:\Windows\System\DJbuseB.exe
  2⤵
  PID:2600
- C:\Windows\System\BbQINHf.exe
  C:\Windows\System\BbQINHf.exe
  2⤵
  PID:748
- C:\Windows\System\OqSGcxx.exe
  C:\Windows\System\OqSGcxx.exe
  2⤵
  PID:1528
- C:\Windows\System\eennNHx.exe
  C:\Windows\System\eennNHx.exe
  2⤵
  PID:3088
- C:\Windows\System\mDbmdYi.exe
  C:\Windows\System\mDbmdYi.exe
  2⤵
  PID:3132
- C:\Windows\System\QlasclF.exe
  C:\Windows\System\QlasclF.exe
  2⤵
  PID:3160
- C:\Windows\System\meuMxrC.exe
  C:\Windows\System\meuMxrC.exe
  2⤵
  PID:3204
- C:\Windows\System\oNqFnmj.exe
  C:\Windows\System\oNqFnmj.exe
  2⤵
  PID:1276
- C:\Windows\System\taFrRHB.exe
  C:\Windows\System\taFrRHB.exe
  2⤵
  PID:2992
- C:\Windows\System\QHRuHwd.exe
  C:\Windows\System\QHRuHwd.exe
  2⤵
  PID:3364
- C:\Windows\System\AibXrFr.exe
  C:\Windows\System\AibXrFr.exe
  2⤵
  PID:3348
- C:\Windows\System\dhJIjuP.exe
  C:\Windows\System\dhJIjuP.exe
  2⤵
  PID:2900
- C:\Windows\System\vXivgPL.exe
  C:\Windows\System\vXivgPL.exe
  2⤵
  PID:1044
- C:\Windows\System\IiMpEyq.exe
  C:\Windows\System\IiMpEyq.exe
  2⤵
  PID:1756
- C:\Windows\System\WuIDyiH.exe
  C:\Windows\System\WuIDyiH.exe
  2⤵
  PID:3512
- C:\Windows\System\aVcbXDP.exe
  C:\Windows\System\aVcbXDP.exe
  2⤵
  PID:3800
- C:\Windows\System\NvkTbxX.exe
  C:\Windows\System\NvkTbxX.exe
  2⤵
  PID:3720
- C:\Windows\System\AKXkITp.exe
  C:\Windows\System\AKXkITp.exe
  2⤵
  PID:3748
- C:\Windows\System\OcvXUqV.exe
  C:\Windows\System\OcvXUqV.exe
  2⤵
  PID:3548
- C:\Windows\System\vgOtTLN.exe
  C:\Windows\System\vgOtTLN.exe
  2⤵
  PID:3784
- C:\Windows\System\fceerxY.exe
  C:\Windows\System\fceerxY.exe
  2⤵
  PID:3700
- C:\Windows\System\gDErwdV.exe
  C:\Windows\System\gDErwdV.exe
  2⤵
  PID:3764
- C:\Windows\System\PKlPYkL.exe
  C:\Windows\System\PKlPYkL.exe
  2⤵
  PID:3876
- C:\Windows\System\qsopumk.exe
  C:\Windows\System\qsopumk.exe
  2⤵
  PID:4080
- C:\Windows\System\JoyzWXb.exe
  C:\Windows\System\JoyzWXb.exe
  2⤵
  PID:2312
- C:\Windows\System\qMOGXxA.exe
  C:\Windows\System\qMOGXxA.exe
  2⤵
  PID:2976
- C:\Windows\System\YcGjZUM.exe
  C:\Windows\System\YcGjZUM.exe
  2⤵
  PID:2220
- C:\Windows\System\UMmFeuz.exe
  C:\Windows\System\UMmFeuz.exe
  2⤵
  PID:2924
- C:\Windows\System\SzDSEQB.exe
  C:\Windows\System\SzDSEQB.exe
  2⤵
  PID:3968
- C:\Windows\System\nSXgGEE.exe
  C:\Windows\System\nSXgGEE.exe
  2⤵
  PID:3272
- C:\Windows\System\kkObCYk.exe
  C:\Windows\System\kkObCYk.exe
  2⤵
  PID:3448
- C:\Windows\System\vMSKPyJ.exe
  C:\Windows\System\vMSKPyJ.exe
  2⤵
  PID:3916
- C:\Windows\System\RLXkQjv.exe
  C:\Windows\System\RLXkQjv.exe
  2⤵
  PID:776
- C:\Windows\System\NuyqMZx.exe
  C:\Windows\System\NuyqMZx.exe
  2⤵
  PID:3420
- C:\Windows\System\VVPHYwN.exe
  C:\Windows\System\VVPHYwN.exe
  2⤵
  PID:3244
- C:\Windows\System\yeIxzIK.exe
  C:\Windows\System\yeIxzIK.exe
  2⤵
  PID:2124
- C:\Windows\System\nLQYlHq.exe
  C:\Windows\System\nLQYlHq.exe
  2⤵
  PID:1780
- C:\Windows\System\lKvTRZb.exe
  C:\Windows\System\lKvTRZb.exe
  2⤵
  PID:1852
- C:\Windows\System\OfvkaIU.exe
  C:\Windows\System\OfvkaIU.exe
  2⤵
  PID:2424
- C:\Windows\System\kYKZETw.exe
  C:\Windows\System\kYKZETw.exe
  2⤵
  PID:2320
- C:\Windows\System\eGLWsNE.exe
  C:\Windows\System\eGLWsNE.exe
  2⤵
  PID:3896
- C:\Windows\System\nmcXeIk.exe
  C:\Windows\System\nmcXeIk.exe
  2⤵
  PID:3224
- C:\Windows\System\vPMKiMr.exe
  C:\Windows\System\vPMKiMr.exe
  2⤵
  PID:2764
- C:\Windows\System\ieuPgii.exe
  C:\Windows\System\ieuPgii.exe
  2⤵
  PID:3860
- C:\Windows\System\iNgoylB.exe
  C:\Windows\System\iNgoylB.exe
  2⤵
  PID:3168
- C:\Windows\System\SmtMptI.exe
  C:\Windows\System\SmtMptI.exe
  2⤵
  PID:3488
- C:\Windows\System\eIYYFfb.exe
  C:\Windows\System\eIYYFfb.exe
  2⤵
  PID:3468
- C:\Windows\System\ksoOqRt.exe
  C:\Windows\System\ksoOqRt.exe
  2⤵
  PID:3604
- C:\Windows\System\YgHzySd.exe
  C:\Windows\System\YgHzySd.exe
  2⤵
  PID:3552
- C:\Windows\System\iZVkzCG.exe
  C:\Windows\System\iZVkzCG.exe
  2⤵
  PID:4048
- C:\Windows\System\IFzCCtt.exe
  C:\Windows\System\IFzCCtt.exe
  2⤵
  PID:3164
- C:\Windows\System\OcCdgKm.exe
  C:\Windows\System\OcCdgKm.exe
  2⤵
  PID:3928
- C:\Windows\System\NcWNnXn.exe
  C:\Windows\System\NcWNnXn.exe
  2⤵
  PID:3044
- C:\Windows\System\rfNFRqO.exe
  C:\Windows\System\rfNFRqO.exe
  2⤵
  PID:4108
- C:\Windows\System\vCKEJiG.exe
  C:\Windows\System\vCKEJiG.exe
  2⤵
  PID:4124
- C:\Windows\System\uIJXOyX.exe
  C:\Windows\System\uIJXOyX.exe
  2⤵
  PID:4140
- C:\Windows\System\cwnrHWt.exe
  C:\Windows\System\cwnrHWt.exe
  2⤵
  PID:4156
- C:\Windows\System\kqEBEvu.exe
  C:\Windows\System\kqEBEvu.exe
  2⤵
  PID:4172
- C:\Windows\System\uagzzuH.exe
  C:\Windows\System\uagzzuH.exe
  2⤵
  PID:4192
- C:\Windows\System\ZbTJfjr.exe
  C:\Windows\System\ZbTJfjr.exe
  2⤵
  PID:4208
- C:\Windows\System\rwYfjXa.exe
  C:\Windows\System\rwYfjXa.exe
  2⤵
  PID:4228
- C:\Windows\System\iaHwLey.exe
  C:\Windows\System\iaHwLey.exe
  2⤵
  PID:4244
- C:\Windows\System\sCAisck.exe
  C:\Windows\System\sCAisck.exe
  2⤵
  PID:4268
- C:\Windows\System\TwiTwLr.exe
  C:\Windows\System\TwiTwLr.exe
  2⤵
  PID:4284
- C:\Windows\System\atuCDrj.exe
  C:\Windows\System\atuCDrj.exe
  2⤵
  PID:4300
- C:\Windows\System\YVcHjua.exe
  C:\Windows\System\YVcHjua.exe
  2⤵
  PID:4316
- C:\Windows\System\IeZbXDA.exe
  C:\Windows\System\IeZbXDA.exe
  2⤵
  PID:4336
- C:\Windows\System\KswaYnk.exe
  C:\Windows\System\KswaYnk.exe
  2⤵
  PID:4388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BIkLWtF.exe

Filesize
2.1MB

MD5
434ac2360b64d1a03adddf661db74e01

SHA1
1a53f9c18319ba67b0399e72c2ba41cde3cd274c

SHA256
2263a241eced3d27b4c76d003c763e8aa5908b49df332367710966417465c5b5

SHA512
38410ca502da6db9ec00b4827a35dd51f861d3433fa56fbebf40580b5787d82360dc7a7e11aa247486c2e828cf8e29bd504a02807f61bc509336857c34ed6acf

Download Submit
C:\Windows\system\DBQyHHX.exe

Filesize
2.1MB

MD5
e17a4f933c727c3cc300ea5f2ad4dc50

SHA1
a32c03c52e73fd66c38568066e16ed765f3caa83

SHA256
37508c212b7c109b273a82bb0e881281251975a94b7898c0dcbb594f74d42c47

SHA512
b267d38dacd2c87015c86d60664256c69460ac4c314d4340d755b77bbd88ad4d97813f6cffbd67c2f3d95b4d96a990fb635f24a60a221336fe11ace6c20b5f4c

Download Submit
C:\Windows\system\EgQcElE.exe

Filesize
2.1MB

MD5
accd5c42f26803bc56ed9ca480fa24fa

SHA1
56f7b4ca366d4541e2573b7b6915142b86895895

SHA256
381ebf120407d7661dc55b1eb642bb1e7cbaa0b746d19a35f015953fa82e02db

SHA512
fe226ee5308e3832fb7b413a304f0885a1b00e6292d634cd68b83b1851a96b1e04b67a246dbbde77c659fba9c65eaf99257fa07814a1746740b909e444e2e0a6

Download Submit
C:\Windows\system\GcBSbuJ.exe

Filesize
2.1MB

MD5
ba41ad1f3a138e5de923df81dc67cc8a

SHA1
f820e82838bce6c84944db470bcd377df6e8193e

SHA256
b4089f72c1279ba4adf0e4f754565176c03a69b53c6b835f310a9ec8186edfc7

SHA512
c719f2c8067143ad0d7134fed02783964c8de08c79157e53c9850909bb80090e40312a14fc22085c8288f27aa771e28e3260d03e81282c4be61ce22d152e8241

Download Submit
C:\Windows\system\KZqtLeS.exe

Filesize
2.1MB

MD5
7eecc4fa6da44a809322c8c95e93b851

SHA1
13def58925d4bfbc55a8a6fa7c88a23aece396cd

SHA256
0c7435d68073edd0425f59d72d14f8b21566fdb1cb0e809a7af155abbe7f2b75

SHA512
73a9fd2817c4f90e8179d9537523615f7a63d0b06cba0b38c624ad3e42c9dcc33ef07d9fe794cc99b9e4dafcfca2fa65e17124be23017c8c1b0c098860a17f3b

Download Submit
C:\Windows\system\MVCeTvP.exe

Filesize
2.1MB

MD5
b99daeaab8a70cfa7e0d0abdc668f1bb

SHA1
5b8e36bf7b9b0f607c815fbc6c6d663b3a36abe1

SHA256
074fff976102c60dd87507a2e0947e3e8eef06347b84c74c46251b88e70fc678

SHA512
66a6c80d34743fdd254121ee97ffdc584c6e24280d857856bf0ef25517f8ec56c02de24443a87b066db8774e125f2ef3b6c126c231e773f9f9ff60f8f2a95317

Download Submit
C:\Windows\system\TWWaaAY.exe

Filesize
2.1MB

MD5
c5e9d3aadc74056c24bb4cbdfd4bff65

SHA1
ecd43a0850d0ead44a78ca5f7760effa3ba25b49

SHA256
a113c522b1c5373e378de1cf4a7b4ebbb602a9f2a160d187ff97fb84d2992157

SHA512
a8a11647bd9d1f9b2fae7a8c2f3d61215b473a16f9074c6c2ef9c4046591f207b10a8e4c765e6e139c848634a218c86c3ffa9d814300e47f7587692c4e3c2d5a

Download Submit
C:\Windows\system\WVIBcMt.exe

Filesize
2.1MB

MD5
90436881d7cdfcd53459e1997d9dd236

SHA1
d92590cd65eabb61725cb62a468e7b2f850874f9

SHA256
fd2e8e2a271a9e5b6e1d846446b919b0c0384a064c28cb95bf3d1431d10a81d7

SHA512
b17825667f073adbc71984deee8a4a38f2130edbf6e368bcc8d61a3618b88b38a7078cc326cfd7d6553ad75b5b946497d54c33230147a5df5832d43b16dfb5da

Download Submit
C:\Windows\system\WizWPrs.exe

Filesize
2.1MB

MD5
c41ed9fdb40b6a2320da8efd775901e4

SHA1
fb588c96d0d2b6a2be9f28171399ac03b71257d8

SHA256
7a4e805e355cdb36d5ececfe1cfa101aeb504c53beaa1172f6718d9bfed4ddf1

SHA512
96a66f4bb6a1ce851f12b0bfb32f708339b3c529241ddedbf8b80b99124ccbf4930f25a5510f987865a76f6e17ecf581c27fc08fab0ddd6ff98f435b7b3cf118

Download Submit
C:\Windows\system\YLJHYRN.exe

Filesize
2.1MB

MD5
6433a5e223064e0dfb8e21f019efc90f

SHA1
832e00b6f05a8aa180f034f001ed32d794c7d625

SHA256
d8401ea55a18dfb217cacc70d9890b3128f6fde1a4f7b0a91a081995023a95c9

SHA512
418f2ddc5c882f48c06b28ace5cdc74bf02e50315eefe418b3de15518fefae5bbdc6c72d52bb7d255a154b5ab2e6730bd69c24671b62bad338d5366ab1d953da

Download Submit
C:\Windows\system\aNzigeD.exe

Filesize
2.1MB

MD5
229d403ecc5aec595dae650373c5ffff

SHA1
29b5f82716d38b9058a967c7520065cb79b990c4

SHA256
36b8bbebc4700cee7b328a8d62bc6a77db77a5530ab9cb969ebf9cf54a6d8b67

SHA512
d323578045086aebf57db5c8672fbcf307ea455c9b00d07e5103f8018ea7a8a10ee982cfb4a0e9333487d1973a74ca9fb2f7548c6b189cc3a74cf62f64a19e3d

Download Submit
C:\Windows\system\fClcUIG.exe

Filesize
2.1MB

MD5
044b69d5a45423440cfb8c0f2d68aeee

SHA1
cd054b8d34b23cbfa7dc3462756afbc3967a20af

SHA256
7bac45c1b174dd17c4da0306d8a242e95d84647e34d8f9ec5dcd6fa29c4de763

SHA512
8b4498211039fa40d3cffc06f53cf0f97655b20834430a32a707338eec977915d517009ebcd758e142e9ffa7121ec80a3080732495c69645a324a568d6fa8a64

Download Submit
C:\Windows\system\iJtOhvp.exe

Filesize
2.1MB

MD5
74f890b94db0165ad6fa4816034ff1a3

SHA1
195438f3e950d919a6c01ca3e3a08a3d4746d8ae

SHA256
89cd530878fef9b14044b56289a5a1c84e5b9d69fd369a46ee8697022203e3e0

SHA512
254b2a14bb6b5f81fe71f4d002bc4a3de830515f3e0637a460e49e2c34eb193de42bca306226acad4f10c9f3c2d4cfdfdc698e074c883ac5d488b653222bbd93

Download Submit
C:\Windows\system\keYIFVw.exe

Filesize
2.1MB

MD5
4a1c1b85f94f52ff596260780ce9f459

SHA1
1a2c07aed9ad6fc775ee9eaa1f3246ef112212b2

SHA256
57f1b093bb9e15c0db79b8702b7309d23a0b6fbd951d189385fbe8670d8418f9

SHA512
0756252e51aa1089d900f5bb833489b522eb047bf28343cd82696148f72830c0296ea6677e2560c80a4dd1148c95bb7b89962c7e8d164d5bd04bfaa102c9dd69

Download Submit
C:\Windows\system\lnXhKVP.exe

Filesize
2.1MB

MD5
bc530bb6caa6960e886f9ddd23dbcebd

SHA1
699626f3a8f2d5ccccca1b4b9c384f4fdb4e1fdd

SHA256
134dffc70d343100625373f508b3321b34d0cd3becc6dc57ac78b55045fbbca3

SHA512
001347ab4c1724c500e117621fa30c66d48adaf42c629050f12e76eadf058c17258f536af04cd45292f4caeb918064390ece06d29e5c373f8689ae8ec1b2f607

Download Submit
C:\Windows\system\mucEyiK.exe

Filesize
2.1MB

MD5
0d89ee28b8826dcc6f9525885044362c

SHA1
c49384710dc361ceefc06bed56e93bdadc314dd1

SHA256
6190c041c39b26e70cce9ef68b03c25c7dbf16ac3f50cefc765447880ada92a5

SHA512
149b3d75d4a9dbd4cf7c444e655f2137cf1980f80f60b1a60cbce55fb7dae89f8133d84a58578d49e2b4530143822e69d44df316375b755060c77919fa6eac33

Download Submit
C:\Windows\system\paNLqrF.exe

Filesize
2.1MB

MD5
d1f49093f1bf028d06049c0ae23104b3

SHA1
0b97c3cd2c2e0d4782c08078f917eadacdbd432a

SHA256
0222dda6eeb054f3073f4e9a2545fa6eab3943c881c86128036c85d5206d425c

SHA512
9b53adc79e71c7d65f30e9175d45529b458ea14116513cf6d236ab097996d3b230af9821f0c907b42fb1345e8c0cd818f8ff2265942246772c7cb216c33b953d

Download Submit
C:\Windows\system\tAXlZcl.exe

Filesize
2.1MB

MD5
04513d360dace8cd2ec5ff96cdd4d27d

SHA1
76d7739626a47f7a3016acf2531aa8c841bdaadd

SHA256
203454c0e28b1b435c672f7556424ed321dcb10a5f0b26c2bf69b6df05341f22

SHA512
c573c903ebad04995bbf28e796266fd31bb3d759bd0eb92329d2baaa266e0515030fc55198bec780f659d6736d859540b1a9d9fd41bde5aceb1ba854f41a2d12

Download Submit
C:\Windows\system\tVXlloc.exe

Filesize
2.1MB

MD5
64aa4dade6fa966fbe8c12a35e594da6

SHA1
dddc9591bc063b68ac05a49f76c08409fc9d5746

SHA256
318d52b28fa1d6d2b644351782928a3301a574e990f7ece1ebf090123e5657e2

SHA512
9d24cbe3e8977915ea5ca3d5ddb59b4aa1c3d94c22b0aa09c6dfad729211de635b2fd9da87239df74af3693ac327c3ef5f126bfc2762d439ccc73e31a533336f

Download Submit
C:\Windows\system\ueGIzVk.exe

Filesize
2.1MB

MD5
cfc1c140baeda4f97d13c6b5aec5a6e6

SHA1
6d26d5335f4377e31c9c238f99a930bc5e697560

SHA256
c583beb378fdf7a91a0c71cbf831f4285e29d0f85d230d857ae1343843f76013

SHA512
403af7dee67b0114b3fe7901f21bda964671a273a68fac7065a5565a8895139b3be20283bf892dcfd8b162717a9bb6244fe40716a6cb74030b4ee0cbfb1df90e

Download Submit
C:\Windows\system\vXsqHfX.exe

Filesize
2.1MB

MD5
2330d157412396fb9d2457818f49f3e2

SHA1
86225493ea21d198f3c2345f8a3dd0d0ae3d50d2

SHA256
05cdc37bcc2c4b66157d5272dd5138472f6e9e1900b7ca7993c55837b4a70932

SHA512
788a4a347c15b8e73d2429aa77a3228140b766515c342fdc0d64aa1cb23e670b1f8274359b0712431f0d1dee45ab1570f338e4e68a72c23777f9cd9408cb3b29

Download Submit
C:\Windows\system\wMKShay.exe

Filesize
2.1MB

MD5
3651122fc5949b245997917c0c27125d

SHA1
f4c37f40a565986a30a28aa0a3f28136a64c32f5

SHA256
36e4044b90b31d161a967150bad6ebcfb7c7dc3fc237ef2db0a3e898a42554ea

SHA512
18e44a3ebb7f04c88f435c3445c07df0685e726fe8ed5dac80bb1eef4edbcc4cb0558f951c69fc293aa8cab0fee51d294d4aea6d8ac94b8a2f485bb0370a3164

Download Submit
\Windows\system\BlAnlbM.exe

Filesize
2.1MB

MD5
788e0e705386a228fb24c47d605358f0

SHA1
b26bee1bb53674d3b52c4e1ece4153799596dfd1

SHA256
9f057c48018775862597a45034bed68d3fe34886b0af9df61aa8559f34ec68cd

SHA512
ff6935e10be8c40e5ccedf6862a746e41815ef6ef11cf7f52ad22c8fe42deffcc95ed6900b847767065f5f101b4fa078ed83d1691cef193645a5349275054664

Download Submit
\Windows\system\RqtoOPm.exe

Filesize
2.1MB

MD5
4afddabdc210e4aea26dd21a9f3e9c33

SHA1
d025c00efef52a1dfd457f9001ba6910ba804198

SHA256
ea4fe475a384d4c8f20f9c4366565ef74fd23e6193d55524ae64059c0b113d24

SHA512
07d9b121d5df49c0694b92fab402f5a9bd60f44eb286939ef883d6988a892d2cacbda4c4696efd7f4bac935b3253dd1ffdcd0306cedcdf2f93bdc2560633c60d

Download Submit
\Windows\system\VKQmIBd.exe

Filesize
2.1MB

MD5
c577c656fc82bb5df6ef87671aa8a51d

SHA1
79da846903329c6b7afe9192cf040f764f64a8fe

SHA256
4a78549462aee496e7d7bd0d2ec2107712942beb488ca5492a068b158fd69294

SHA512
743f0014b4347059ce79206f018e4d5be1f3160c7bf5097a93a32e47880758a21154eb9c673464a4e37f4d02ef222dd24302c8a0423e2d2989cf027e30b1c0df

Download Submit
\Windows\system\fgLbJwv.exe

Filesize
2.1MB

MD5
93c4fa463d1c1712bcc634e6aa99239e

SHA1
0d5b6bb88ef56127ce249b1e7da337381c1d2db4

SHA256
8482b4a73782d02d9b2643fefc52a552868acfd3b7426d4905bfe1323e012e7b

SHA512
b2834808e31bb478d05190c9d8389811c26aa4c7af32dc84c5ec0ed65dbc7b3a6728c47fa0cf82ba5a0317c63d7f3d4a2be95a4de9c56a1b39120e9d3cfe89e5

Download Submit
\Windows\system\frVjtol.exe

Filesize
2.1MB

MD5
18ab483ec36940cc3a25b38fa5b871e1

SHA1
844b21e3350645f2685221c67f5c8e7d118bd339

SHA256
942f33c7fadb9add44d8cd94cdc7239f48d88977863080e72020bb89d1a3d623

SHA512
8272c5aff03558cb6e136a3a96cf45d7919405b76b0a93c0e252de0ffc4e3f2c51761f222a87dc981c2c4ea30daada6a4bb7edb6a1dca3d689abd67dab85dcc3

Download Submit
\Windows\system\jSjkKyl.exe

Filesize
2.1MB

MD5
2c9d0aedc7ac04791a92afd07b1c05b7

SHA1
d7e440e467dee78a5b4ee75289b6559821b8ca5a

SHA256
91eec9e680cbfcce40ac698325086ebef50033793d94199a940bdddc2dd683e9

SHA512
c2a9f0f49fc349527f71447b927e5095d390f1a4c69615674179998945e16e00c52a242cc25e77bb53ec26d4dc1e1f836f21147323066dd2b9b5878698d1113c

Download Submit
\Windows\system\mzqZElk.exe

Filesize
2.1MB

MD5
94ba1644ae978f05f4edfd4d5b8da45f

SHA1
13eb1b9580586771ad99666ab94c672d175a2808

SHA256
3ca484c77faf3836ef40700d7bfe746d260855d0a7a5afb09ca769a26d7cc7fe

SHA512
1bc035a104fa4521d1e2a4e4e415a894fe534eb5c1ef5bbf71a02a4381477aec9d441f4ed1d9a87b130635fe108aef4ae0040656565ca44d2d8d9d38865e2585

Download Submit
\Windows\system\tmEIFxO.exe

Filesize
2.1MB

MD5
5d1b5a5b761907cfb1baefe5d68a785c

SHA1
28b36f05c4713e5798cbbf46f5b2340147851917

SHA256
b7de6a444a69e57300922224fb55c9d381ce160d1f9be47683266c5377355102

SHA512
4b34fa31825142db591ee433a03b4252bb476c863479013cddaf9c26345b3fbd4064a863611dd6a9fcbdb875ec147622ab20d52f2dc974f7cb7f16bb466f932f

Download Submit
\Windows\system\xuFfQbi.exe

Filesize
2.1MB

MD5
8962ee78889c72ae1f393cea3a63a01d

SHA1
589bc86bd989fa29d5f45a5524f0b9e733457756

SHA256
cff1a7f7f396e4bb3c2d7b1950e06abcfe68eb9c3048a195132c35b0faccf6e9

SHA512
ce7fa5696d47b43d4711deed2e7f808bd72a4b6e753df560c08836c6cff5d099f3f5fb5be133a918379aa56e21ef50e7c5a6d95afe647ae88735f068827445bc

Download Submit
\Windows\system\zpoOxeg.exe

Filesize
2.1MB

MD5
7af75b30741dccf5c89d88f977553ea7

SHA1
2fcfef20ad96f4bed893a018006ae2125a87e1f1

SHA256
ef7d8aca904a58ee6d2581ec3877d18859e844730677fbcca4d337203c2aa70a

SHA512
17923547e04671d6d16330a826cb00ff38d4a481c09e85c25c9c653262546da59d2a41051ce38ccc9beb9f2dbf3848c66f400aa8bb902301b1544973680c3838

Download Submit
memory/2340-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download