kpot | 98708f1f9c46bd7c0b035ca5c7d21621055b6d77cf25804ed576b67bda5d1c12

Analysis

max time kernel
138s
max time network
153s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
Size

2.0MB
MD5

9f46aea1927c188cf901188523adeaf0
SHA1

7988fd53513923819ca9510ed609179aefeef346
SHA256

98708f1f9c46bd7c0b035ca5c7d21621055b6d77cf25804ed576b67bda5d1c12
SHA512

d1b30a56e6f0e084035293bf18b4d9c9f8d0c9ce96a951d443dc6b59e746474b754a7f4524f1daa700a5f1737971b6851998437df69b305f7955a1a9ec5efd89
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2U:GemTLkNdfE0pZaQc

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x0009000000016a29-2.dat	family_kpot
behavioral1/files/0x0009000000016ca5-7.dat	family_kpot
behavioral1/files/0x0008000000016cc6-10.dat	family_kpot
behavioral1/files/0x0007000000016d16-16.dat	family_kpot
behavioral1/files/0x0007000000016d1a-24.dat	family_kpot
behavioral1/files/0x0009000000016d51-28.dat	family_kpot
behavioral1/files/0x0009000000016d57-33.dat	family_kpot
behavioral1/files/0x0008000000016e24-34.dat	family_kpot
behavioral1/files/0x0007000000016e4a-41.dat	family_kpot
behavioral1/files/0x0009000000016cb6-46.dat	family_kpot
behavioral1/files/0x000700000001735a-59.dat	family_kpot
behavioral1/files/0x0006000000017371-64.dat	family_kpot
behavioral1/files/0x0006000000017374-68.dat	family_kpot
behavioral1/files/0x00060000000173f2-77.dat	family_kpot
behavioral1/files/0x0006000000017422-88.dat	family_kpot
behavioral1/files/0x00140000000185e9-97.dat	family_kpot
behavioral1/files/0x000600000001737c-71.dat	family_kpot
behavioral1/files/0x000500000001860c-105.dat	family_kpot
behavioral1/files/0x0006000000018ed8-128.dat	family_kpot
behavioral1/files/0x0005000000019185-155.dat	family_kpot
behavioral1/files/0x00050000000191b0-158.dat	family_kpot
behavioral1/files/0x0006000000019064-145.dat	family_kpot
behavioral1/files/0x0005000000019159-148.dat	family_kpot
behavioral1/files/0x0006000000018fbf-135.dat	family_kpot
behavioral1/files/0x0006000000019052-138.dat	family_kpot
behavioral1/files/0x0006000000018bab-125.dat	family_kpot
behavioral1/files/0x0005000000018717-115.dat	family_kpot
behavioral1/files/0x000d0000000185f4-112.dat	family_kpot
behavioral1/files/0x0006000000018ba1-118.dat	family_kpot
behavioral1/files/0x00060000000174a5-102.dat	family_kpot
behavioral1/files/0x0006000000017407-85.dat	family_kpot
behavioral1/files/0x0007000000016fed-55.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x0009000000016a29-2.dat	xmrig
behavioral1/files/0x0009000000016ca5-7.dat	xmrig
behavioral1/files/0x0008000000016cc6-10.dat	xmrig
behavioral1/files/0x0007000000016d16-16.dat	xmrig
behavioral1/files/0x0007000000016d1a-24.dat	xmrig
behavioral1/files/0x0009000000016d51-28.dat	xmrig
behavioral1/files/0x0009000000016d57-33.dat	xmrig
behavioral1/files/0x0008000000016e24-34.dat	xmrig
behavioral1/files/0x0007000000016e4a-41.dat	xmrig
behavioral1/files/0x0009000000016cb6-46.dat	xmrig
behavioral1/files/0x000700000001735a-59.dat	xmrig
behavioral1/files/0x0006000000017371-64.dat	xmrig
behavioral1/files/0x0006000000017374-68.dat	xmrig
behavioral1/files/0x00060000000173f2-77.dat	xmrig
behavioral1/files/0x0006000000017422-88.dat	xmrig
behavioral1/files/0x00140000000185e9-97.dat	xmrig
behavioral1/files/0x000600000001737c-71.dat	xmrig
behavioral1/files/0x000500000001860c-105.dat	xmrig
behavioral1/files/0x0006000000018ed8-128.dat	xmrig
behavioral1/files/0x0005000000019185-155.dat	xmrig
behavioral1/files/0x00050000000191b0-158.dat	xmrig
behavioral1/files/0x0006000000019064-145.dat	xmrig
behavioral1/files/0x0005000000019159-148.dat	xmrig
behavioral1/files/0x0006000000018fbf-135.dat	xmrig
behavioral1/files/0x0006000000019052-138.dat	xmrig
behavioral1/files/0x0006000000018bab-125.dat	xmrig
behavioral1/files/0x0005000000018717-115.dat	xmrig
behavioral1/files/0x000d0000000185f4-112.dat	xmrig
behavioral1/files/0x0006000000018ba1-118.dat	xmrig
behavioral1/files/0x00060000000174a5-102.dat	xmrig
behavioral1/files/0x0006000000017407-85.dat	xmrig
behavioral1/files/0x0007000000016fed-55.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3016	xgnSHha.exe
3032	BuxQvex.exe
1980	rYzwPja.exe
3024	ruhcpxa.exe
2588	wWqVSld.exe
2652	KzxyJoU.exe
2720	vYKDfuj.exe
2876	KPeaFsf.exe
2276	SnQfXdg.exe
2560	LRURweP.exe
2460	zQaIHUH.exe
2524	TvkHPKC.exe
2952	qfWvASP.exe
1268	JlfqXOx.exe
1644	aNgQUdi.exe
2684	cPVornC.exe
1264	LcmglXn.exe
2184	jDqmVBx.exe
704	IApyyVu.exe
1248	IksvBuU.exe
2680	FeaPBsg.exe
772	EBpfleL.exe
2752	osrTjAS.exe
1680	mnuglEG.exe
856	WLQVMsX.exe
860	hYburXO.exe
2296	EYFFCEL.exe
2840	PZhyMCp.exe
1740	TRJKwjE.exe
2024	vYwuUlN.exe
1256	VGOUwwW.exe
540	kIcgDFZ.exe
824	xcBodHE.exe
616	oDyuHFB.exe
1368	dGLuLTd.exe
1820	TYMlEPo.exe
2040	zNbkSYP.exe
2100	ncWuiGa.exe
700	IpQXUTr.exe
2188	tbXkDwM.exe
1488	gRqaTxy.exe
2660	UkWyDSK.exe
1948	gugNAcz.exe
1548	tlaNxIn.exe
1828	GrgVzBS.exe
1612	gmGYmgD.exe
1832	rZYzdnk.exe
1704	WkilGLC.exe
2936	sGGEDAV.exe
916	rgKzEaF.exe
1332	jLbRxWc.exe
2360	lZTnXIg.exe
2236	fGxmndl.exe
2084	yyMKLut.exe
2408	JJwQhFd.exe
2896	RUXhxvE.exe
1604	DXDfHtP.exe
1792	pIuOAeD.exe
1712	PXZpUgP.exe
2244	xBHTRhI.exe
1976	qZGTqEj.exe
1600	aJFBsdX.exe
1596	OYcGhWT.exe
1580	GnUSdpY.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pIuOAeD.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\yBjgeSr.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\JapehHn.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\nWblLbQ.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\NLgaewt.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ImBMEbO.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\EYFFCEL.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\hTWRnCK.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\mXvRNAX.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\zIFkRwP.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\OrMVzjU.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\bDBqPIH.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\liLgXyG.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\cQAFXUX.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\TKfOLOj.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\FskakYx.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ZAvQehR.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\oDyuHFB.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\KsvMuVY.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\gsuBRGq.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\MRQNnPF.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\CtShubN.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\GfKrGGZ.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\shSEEHu.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\HupgIcw.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\nFsRsLo.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\YczdtHX.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\JlfqXOx.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\FeaPBsg.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\gRqaTxy.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\qtOfPJL.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\nHWalsQ.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\EBpfleL.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\lqVEXjY.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\skbMKXd.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\cCKYkpz.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\xzlDGrT.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\JQQTyuh.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\uhYvyHX.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\DXDfHtP.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\uLWAriS.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\NDKqbKH.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\JwLMDTC.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\MNzPeEa.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\edtUOeu.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ltbUCsT.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\CRXWTcv.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\xcBodHE.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ujCqqol.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\WMUkGAJ.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\eluSBfg.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\hFGecay.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ihRMQkW.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\EsEPjCT.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\SyHTrGh.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\bHOHVcB.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\eFQNqDB.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\HjtZeDN.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\ErIDzsn.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\xBHTRhI.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\Mygsyor.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\xgnSHha.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\RsPGDdV.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
File created	C:\Windows\System\BnvjgOX.exe	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 3016	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	29
PID 2060 wrote to memory of 3016	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	29
PID 2060 wrote to memory of 3016	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	29
PID 2060 wrote to memory of 3032	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	30
PID 2060 wrote to memory of 3032	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	30
PID 2060 wrote to memory of 3032	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	30
PID 2060 wrote to memory of 1980	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	31
PID 2060 wrote to memory of 1980	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	31
PID 2060 wrote to memory of 1980	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	31
PID 2060 wrote to memory of 3024	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	32
PID 2060 wrote to memory of 3024	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	32
PID 2060 wrote to memory of 3024	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	32
PID 2060 wrote to memory of 2588	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	33
PID 2060 wrote to memory of 2588	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	33
PID 2060 wrote to memory of 2588	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	33
PID 2060 wrote to memory of 2652	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	34
PID 2060 wrote to memory of 2652	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	34
PID 2060 wrote to memory of 2652	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	34
PID 2060 wrote to memory of 2720	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	35
PID 2060 wrote to memory of 2720	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	35
PID 2060 wrote to memory of 2720	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	35
PID 2060 wrote to memory of 2876	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	36
PID 2060 wrote to memory of 2876	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	36
PID 2060 wrote to memory of 2876	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	36
PID 2060 wrote to memory of 2276	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	37
PID 2060 wrote to memory of 2276	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	37
PID 2060 wrote to memory of 2276	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	37
PID 2060 wrote to memory of 2560	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	38
PID 2060 wrote to memory of 2560	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	38
PID 2060 wrote to memory of 2560	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	38
PID 2060 wrote to memory of 2460	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	39
PID 2060 wrote to memory of 2460	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	39
PID 2060 wrote to memory of 2460	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	39
PID 2060 wrote to memory of 2524	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	40
PID 2060 wrote to memory of 2524	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	40
PID 2060 wrote to memory of 2524	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	40
PID 2060 wrote to memory of 2952	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	41
PID 2060 wrote to memory of 2952	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	41
PID 2060 wrote to memory of 2952	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	41
PID 2060 wrote to memory of 1268	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	42
PID 2060 wrote to memory of 1268	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	42
PID 2060 wrote to memory of 1268	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	42
PID 2060 wrote to memory of 1644	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	43
PID 2060 wrote to memory of 1644	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	43
PID 2060 wrote to memory of 1644	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	43
PID 2060 wrote to memory of 2684	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	44
PID 2060 wrote to memory of 2684	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	44
PID 2060 wrote to memory of 2684	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	44
PID 2060 wrote to memory of 1264	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	45
PID 2060 wrote to memory of 1264	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	45
PID 2060 wrote to memory of 1264	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	45
PID 2060 wrote to memory of 2184	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	46
PID 2060 wrote to memory of 2184	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	46
PID 2060 wrote to memory of 2184	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	46
PID 2060 wrote to memory of 1248	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	47
PID 2060 wrote to memory of 1248	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	47
PID 2060 wrote to memory of 1248	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	47
PID 2060 wrote to memory of 704	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	48
PID 2060 wrote to memory of 704	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	48
PID 2060 wrote to memory of 704	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	48
PID 2060 wrote to memory of 772	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	49
PID 2060 wrote to memory of 772	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	49
PID 2060 wrote to memory of 772	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	49
PID 2060 wrote to memory of 2680	2060	9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9f46aea1927c188cf901188523adeaf0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\System\xgnSHha.exe
  C:\Windows\System\xgnSHha.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\BuxQvex.exe
  C:\Windows\System\BuxQvex.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\rYzwPja.exe
  C:\Windows\System\rYzwPja.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ruhcpxa.exe
  C:\Windows\System\ruhcpxa.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\wWqVSld.exe
  C:\Windows\System\wWqVSld.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\KzxyJoU.exe
  C:\Windows\System\KzxyJoU.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\vYKDfuj.exe
  C:\Windows\System\vYKDfuj.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\KPeaFsf.exe
  C:\Windows\System\KPeaFsf.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\SnQfXdg.exe
  C:\Windows\System\SnQfXdg.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\LRURweP.exe
  C:\Windows\System\LRURweP.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\zQaIHUH.exe
  C:\Windows\System\zQaIHUH.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TvkHPKC.exe
  C:\Windows\System\TvkHPKC.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\qfWvASP.exe
  C:\Windows\System\qfWvASP.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\JlfqXOx.exe
  C:\Windows\System\JlfqXOx.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\aNgQUdi.exe
  C:\Windows\System\aNgQUdi.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\cPVornC.exe
  C:\Windows\System\cPVornC.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\LcmglXn.exe
  C:\Windows\System\LcmglXn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\jDqmVBx.exe
  C:\Windows\System\jDqmVBx.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\IksvBuU.exe
  C:\Windows\System\IksvBuU.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\IApyyVu.exe
  C:\Windows\System\IApyyVu.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\EBpfleL.exe
  C:\Windows\System\EBpfleL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\FeaPBsg.exe
  C:\Windows\System\FeaPBsg.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\osrTjAS.exe
  C:\Windows\System\osrTjAS.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\mnuglEG.exe
  C:\Windows\System\mnuglEG.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\WLQVMsX.exe
  C:\Windows\System\WLQVMsX.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\hYburXO.exe
  C:\Windows\System\hYburXO.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\EYFFCEL.exe
  C:\Windows\System\EYFFCEL.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\PZhyMCp.exe
  C:\Windows\System\PZhyMCp.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\TRJKwjE.exe
  C:\Windows\System\TRJKwjE.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\vYwuUlN.exe
  C:\Windows\System\vYwuUlN.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\VGOUwwW.exe
  C:\Windows\System\VGOUwwW.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\kIcgDFZ.exe
  C:\Windows\System\kIcgDFZ.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\xcBodHE.exe
  C:\Windows\System\xcBodHE.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\oDyuHFB.exe
  C:\Windows\System\oDyuHFB.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\dGLuLTd.exe
  C:\Windows\System\dGLuLTd.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\TYMlEPo.exe
  C:\Windows\System\TYMlEPo.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\zNbkSYP.exe
  C:\Windows\System\zNbkSYP.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ncWuiGa.exe
  C:\Windows\System\ncWuiGa.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\IpQXUTr.exe
  C:\Windows\System\IpQXUTr.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\tbXkDwM.exe
  C:\Windows\System\tbXkDwM.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\gRqaTxy.exe
  C:\Windows\System\gRqaTxy.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\UkWyDSK.exe
  C:\Windows\System\UkWyDSK.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\gugNAcz.exe
  C:\Windows\System\gugNAcz.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\tlaNxIn.exe
  C:\Windows\System\tlaNxIn.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GrgVzBS.exe
  C:\Windows\System\GrgVzBS.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\gmGYmgD.exe
  C:\Windows\System\gmGYmgD.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\rZYzdnk.exe
  C:\Windows\System\rZYzdnk.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\WkilGLC.exe
  C:\Windows\System\WkilGLC.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\sGGEDAV.exe
  C:\Windows\System\sGGEDAV.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\rgKzEaF.exe
  C:\Windows\System\rgKzEaF.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\jLbRxWc.exe
  C:\Windows\System\jLbRxWc.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\lZTnXIg.exe
  C:\Windows\System\lZTnXIg.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\fGxmndl.exe
  C:\Windows\System\fGxmndl.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\yyMKLut.exe
  C:\Windows\System\yyMKLut.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JJwQhFd.exe
  C:\Windows\System\JJwQhFd.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\RUXhxvE.exe
  C:\Windows\System\RUXhxvE.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\DXDfHtP.exe
  C:\Windows\System\DXDfHtP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\pIuOAeD.exe
  C:\Windows\System\pIuOAeD.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PXZpUgP.exe
  C:\Windows\System\PXZpUgP.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\xBHTRhI.exe
  C:\Windows\System\xBHTRhI.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\qZGTqEj.exe
  C:\Windows\System\qZGTqEj.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\aJFBsdX.exe
  C:\Windows\System\aJFBsdX.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\OYcGhWT.exe
  C:\Windows\System\OYcGhWT.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\GnUSdpY.exe
  C:\Windows\System\GnUSdpY.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\jBMUYCx.exe
  C:\Windows\System\jBMUYCx.exe
  2⤵
  PID:1728
- C:\Windows\System\gumXHFW.exe
  C:\Windows\System\gumXHFW.exe
  2⤵
  PID:2152
- C:\Windows\System\JlZbXGV.exe
  C:\Windows\System\JlZbXGV.exe
  2⤵
  PID:2556
- C:\Windows\System\lUglxqh.exe
  C:\Windows\System\lUglxqh.exe
  2⤵
  PID:2716
- C:\Windows\System\CRWYooS.exe
  C:\Windows\System\CRWYooS.exe
  2⤵
  PID:2580
- C:\Windows\System\enmsZZo.exe
  C:\Windows\System\enmsZZo.exe
  2⤵
  PID:1884
- C:\Windows\System\hNeBRtw.exe
  C:\Windows\System\hNeBRtw.exe
  2⤵
  PID:2636
- C:\Windows\System\zGaLqRw.exe
  C:\Windows\System\zGaLqRw.exe
  2⤵
  PID:2872
- C:\Windows\System\xQCkwXR.exe
  C:\Windows\System\xQCkwXR.exe
  2⤵
  PID:2620
- C:\Windows\System\TKfOLOj.exe
  C:\Windows\System\TKfOLOj.exe
  2⤵
  PID:2508
- C:\Windows\System\tRcjmZo.exe
  C:\Windows\System\tRcjmZo.exe
  2⤵
  PID:1908
- C:\Windows\System\liLgXyG.exe
  C:\Windows\System\liLgXyG.exe
  2⤵
  PID:1252
- C:\Windows\System\nkqJRha.exe
  C:\Windows\System\nkqJRha.exe
  2⤵
  PID:1812
- C:\Windows\System\RsPGDdV.exe
  C:\Windows\System\RsPGDdV.exe
  2⤵
  PID:2772
- C:\Windows\System\HwWbVNr.exe
  C:\Windows\System\HwWbVNr.exe
  2⤵
  PID:2800
- C:\Windows\System\PAQHZng.exe
  C:\Windows\System\PAQHZng.exe
  2⤵
  PID:2764
- C:\Windows\System\ITReQqH.exe
  C:\Windows\System\ITReQqH.exe
  2⤵
  PID:2932
- C:\Windows\System\xVnVkcZ.exe
  C:\Windows\System\xVnVkcZ.exe
  2⤵
  PID:2372
- C:\Windows\System\VZznbCj.exe
  C:\Windows\System\VZznbCj.exe
  2⤵
  PID:1964
- C:\Windows\System\yBjgeSr.exe
  C:\Windows\System\yBjgeSr.exe
  2⤵
  PID:1888
- C:\Windows\System\WSUpHyp.exe
  C:\Windows\System\WSUpHyp.exe
  2⤵
  PID:2000
- C:\Windows\System\cQAFXUX.exe
  C:\Windows\System\cQAFXUX.exe
  2⤵
  PID:716
- C:\Windows\System\WtiBYAA.exe
  C:\Windows\System\WtiBYAA.exe
  2⤵
  PID:1636
- C:\Windows\System\JSeZJgD.exe
  C:\Windows\System\JSeZJgD.exe
  2⤵
  PID:2624
- C:\Windows\System\JHAOAmt.exe
  C:\Windows\System\JHAOAmt.exe
  2⤵
  PID:2428
- C:\Windows\System\shSEEHu.exe
  C:\Windows\System\shSEEHu.exe
  2⤵
  PID:1800
- C:\Windows\System\QlhJeuo.exe
  C:\Windows\System\QlhJeuo.exe
  2⤵
  PID:2448
- C:\Windows\System\uLWAriS.exe
  C:\Windows\System\uLWAriS.exe
  2⤵
  PID:2416
- C:\Windows\System\tFBZSBR.exe
  C:\Windows\System\tFBZSBR.exe
  2⤵
  PID:2884
- C:\Windows\System\vyDGPLm.exe
  C:\Windows\System\vyDGPLm.exe
  2⤵
  PID:2380
- C:\Windows\System\NDKqbKH.exe
  C:\Windows\System\NDKqbKH.exe
  2⤵
  PID:1672
- C:\Windows\System\jDXmUTE.exe
  C:\Windows\System\jDXmUTE.exe
  2⤵
  PID:1416
- C:\Windows\System\UPwLPPF.exe
  C:\Windows\System\UPwLPPF.exe
  2⤵
  PID:956
- C:\Windows\System\piNLhEF.exe
  C:\Windows\System\piNLhEF.exe
  2⤵
  PID:904
- C:\Windows\System\dOijWnq.exe
  C:\Windows\System\dOijWnq.exe
  2⤵
  PID:968
- C:\Windows\System\JQQTyuh.exe
  C:\Windows\System\JQQTyuh.exe
  2⤵
  PID:2920
- C:\Windows\System\stiLtNJ.exe
  C:\Windows\System\stiLtNJ.exe
  2⤵
  PID:2928
- C:\Windows\System\LOcJkHg.exe
  C:\Windows\System\LOcJkHg.exe
  2⤵
  PID:1240
- C:\Windows\System\ECnwugc.exe
  C:\Windows\System\ECnwugc.exe
  2⤵
  PID:3068
- C:\Windows\System\jKSHOFx.exe
  C:\Windows\System\jKSHOFx.exe
  2⤵
  PID:1684
- C:\Windows\System\mWXdEtD.exe
  C:\Windows\System\mWXdEtD.exe
  2⤵
  PID:2200
- C:\Windows\System\ErIDzsn.exe
  C:\Windows\System\ErIDzsn.exe
  2⤵
  PID:2384
- C:\Windows\System\JwLMDTC.exe
  C:\Windows\System\JwLMDTC.exe
  2⤵
  PID:3020
- C:\Windows\System\aAQoZNf.exe
  C:\Windows\System\aAQoZNf.exe
  2⤵
  PID:3052
- C:\Windows\System\kUaxWIA.exe
  C:\Windows\System\kUaxWIA.exe
  2⤵
  PID:2604
- C:\Windows\System\OMKzlQD.exe
  C:\Windows\System\OMKzlQD.exe
  2⤵
  PID:2780
- C:\Windows\System\QiwLMaw.exe
  C:\Windows\System\QiwLMaw.exe
  2⤵
  PID:2724
- C:\Windows\System\JPeMomt.exe
  C:\Windows\System\JPeMomt.exe
  2⤵
  PID:2444
- C:\Windows\System\lAaHPvO.exe
  C:\Windows\System\lAaHPvO.exe
  2⤵
  PID:2496
- C:\Windows\System\FSVzWJc.exe
  C:\Windows\System\FSVzWJc.exe
  2⤵
  PID:1340
- C:\Windows\System\qcoHqOC.exe
  C:\Windows\System\qcoHqOC.exe
  2⤵
  PID:2168
- C:\Windows\System\oROCpcj.exe
  C:\Windows\System\oROCpcj.exe
  2⤵
  PID:2020
- C:\Windows\System\skbMKXd.exe
  C:\Windows\System\skbMKXd.exe
  2⤵
  PID:1308
- C:\Windows\System\mWXNmOn.exe
  C:\Windows\System\mWXNmOn.exe
  2⤵
  PID:2688
- C:\Windows\System\tGSaBGo.exe
  C:\Windows\System\tGSaBGo.exe
  2⤵
  PID:1756
- C:\Windows\System\ZSVYJXH.exe
  C:\Windows\System\ZSVYJXH.exe
  2⤵
  PID:2404
- C:\Windows\System\FTijOUp.exe
  C:\Windows\System\FTijOUp.exe
  2⤵
  PID:1896
- C:\Windows\System\zrNMtQR.exe
  C:\Windows\System\zrNMtQR.exe
  2⤵
  PID:2156
- C:\Windows\System\Hlthprg.exe
  C:\Windows\System\Hlthprg.exe
  2⤵
  PID:572
- C:\Windows\System\mfvvcFt.exe
  C:\Windows\System\mfvvcFt.exe
  2⤵
  PID:2852
- C:\Windows\System\uhYvyHX.exe
  C:\Windows\System\uhYvyHX.exe
  2⤵
  PID:600
- C:\Windows\System\FrflmpI.exe
  C:\Windows\System\FrflmpI.exe
  2⤵
  PID:1116
- C:\Windows\System\TUFgZsW.exe
  C:\Windows\System\TUFgZsW.exe
  2⤵
  PID:1452
- C:\Windows\System\BMfYeGZ.exe
  C:\Windows\System\BMfYeGZ.exe
  2⤵
  PID:1524
- C:\Windows\System\yrokgJd.exe
  C:\Windows\System\yrokgJd.exe
  2⤵
  PID:1952
- C:\Windows\System\OMvtDBu.exe
  C:\Windows\System\OMvtDBu.exe
  2⤵
  PID:1892
- C:\Windows\System\hFGecay.exe
  C:\Windows\System\hFGecay.exe
  2⤵
  PID:2728
- C:\Windows\System\HupgIcw.exe
  C:\Windows\System\HupgIcw.exe
  2⤵
  PID:1944
- C:\Windows\System\mOhnUHd.exe
  C:\Windows\System\mOhnUHd.exe
  2⤵
  PID:1568
- C:\Windows\System\mHSocmD.exe
  C:\Windows\System\mHSocmD.exe
  2⤵
  PID:304
- C:\Windows\System\crspTsS.exe
  C:\Windows\System\crspTsS.exe
  2⤵
  PID:960
- C:\Windows\System\bJmjvSs.exe
  C:\Windows\System\bJmjvSs.exe
  2⤵
  PID:1664
- C:\Windows\System\yuuihgy.exe
  C:\Windows\System\yuuihgy.exe
  2⤵
  PID:2864
- C:\Windows\System\uKWbTeq.exe
  C:\Windows\System\uKWbTeq.exe
  2⤵
  PID:2904
- C:\Windows\System\qILyzvI.exe
  C:\Windows\System\qILyzvI.exe
  2⤵
  PID:1436
- C:\Windows\System\VqcaTQr.exe
  C:\Windows\System\VqcaTQr.exe
  2⤵
  PID:2776
- C:\Windows\System\qtOfPJL.exe
  C:\Windows\System\qtOfPJL.exe
  2⤵
  PID:2600
- C:\Windows\System\GfKrGGZ.exe
  C:\Windows\System\GfKrGGZ.exe
  2⤵
  PID:2440
- C:\Windows\System\mUzHRrN.exe
  C:\Windows\System\mUzHRrN.exe
  2⤵
  PID:2320
- C:\Windows\System\FskakYx.exe
  C:\Windows\System\FskakYx.exe
  2⤵
  PID:268
- C:\Windows\System\zbaptIC.exe
  C:\Windows\System\zbaptIC.exe
  2⤵
  PID:292
- C:\Windows\System\xyAHFbr.exe
  C:\Windows\System\xyAHFbr.exe
  2⤵
  PID:2424
- C:\Windows\System\yqeQevZ.exe
  C:\Windows\System\yqeQevZ.exe
  2⤵
  PID:2080
- C:\Windows\System\KsvMuVY.exe
  C:\Windows\System\KsvMuVY.exe
  2⤵
  PID:2804
- C:\Windows\System\MNzPeEa.exe
  C:\Windows\System\MNzPeEa.exe
  2⤵
  PID:2572
- C:\Windows\System\YulpgzD.exe
  C:\Windows\System\YulpgzD.exe
  2⤵
  PID:2824
- C:\Windows\System\RGrNoKf.exe
  C:\Windows\System\RGrNoKf.exe
  2⤵
  PID:2520
- C:\Windows\System\SbTNfwp.exe
  C:\Windows\System\SbTNfwp.exe
  2⤵
  PID:1652
- C:\Windows\System\KgHyIXL.exe
  C:\Windows\System\KgHyIXL.exe
  2⤵
  PID:1912
- C:\Windows\System\eluSBfg.exe
  C:\Windows\System\eluSBfg.exe
  2⤵
  PID:984
- C:\Windows\System\UgkdwYz.exe
  C:\Windows\System\UgkdwYz.exe
  2⤵
  PID:108
- C:\Windows\System\lBSfqsc.exe
  C:\Windows\System\lBSfqsc.exe
  2⤵
  PID:2016
- C:\Windows\System\aARPMwB.exe
  C:\Windows\System\aARPMwB.exe
  2⤵
  PID:2260
- C:\Windows\System\cYsokwf.exe
  C:\Windows\System\cYsokwf.exe
  2⤵
  PID:448
- C:\Windows\System\nFsRsLo.exe
  C:\Windows\System\nFsRsLo.exe
  2⤵
  PID:2668
- C:\Windows\System\edtUOeu.exe
  C:\Windows\System\edtUOeu.exe
  2⤵
  PID:1668
- C:\Windows\System\ffwUlVz.exe
  C:\Windows\System\ffwUlVz.exe
  2⤵
  PID:988
- C:\Windows\System\pLkPghw.exe
  C:\Windows\System\pLkPghw.exe
  2⤵
  PID:636
- C:\Windows\System\vJRPZrK.exe
  C:\Windows\System\vJRPZrK.exe
  2⤵
  PID:312
- C:\Windows\System\YpGefIy.exe
  C:\Windows\System\YpGefIy.exe
  2⤵
  PID:2796
- C:\Windows\System\gsuBRGq.exe
  C:\Windows\System\gsuBRGq.exe
  2⤵
  PID:1084
- C:\Windows\System\sJMeZWd.exe
  C:\Windows\System\sJMeZWd.exe
  2⤵
  PID:2284
- C:\Windows\System\VdYHfAt.exe
  C:\Windows\System\VdYHfAt.exe
  2⤵
  PID:1468
- C:\Windows\System\NnAhKPk.exe
  C:\Windows\System\NnAhKPk.exe
  2⤵
  PID:1188
- C:\Windows\System\tYaPAzU.exe
  C:\Windows\System\tYaPAzU.exe
  2⤵
  PID:2292
- C:\Windows\System\OczsErn.exe
  C:\Windows\System\OczsErn.exe
  2⤵
  PID:1148
- C:\Windows\System\aBJuATm.exe
  C:\Windows\System\aBJuATm.exe
  2⤵
  PID:2264
- C:\Windows\System\MooyQxw.exe
  C:\Windows\System\MooyQxw.exe
  2⤵
  PID:1608
- C:\Windows\System\JvQBHEQ.exe
  C:\Windows\System\JvQBHEQ.exe
  2⤵
  PID:3000
- C:\Windows\System\BnvjgOX.exe
  C:\Windows\System\BnvjgOX.exe
  2⤵
  PID:1260
- C:\Windows\System\zIFkRwP.exe
  C:\Windows\System\zIFkRwP.exe
  2⤵
  PID:1448
- C:\Windows\System\qERzApH.exe
  C:\Windows\System\qERzApH.exe
  2⤵
  PID:2328
- C:\Windows\System\Mygsyor.exe
  C:\Windows\System\Mygsyor.exe
  2⤵
  PID:2948
- C:\Windows\System\fOofKRh.exe
  C:\Windows\System\fOofKRh.exe
  2⤵
  PID:3080
- C:\Windows\System\EkOVsoD.exe
  C:\Windows\System\EkOVsoD.exe
  2⤵
  PID:3096
- C:\Windows\System\UuXnRje.exe
  C:\Windows\System\UuXnRje.exe
  2⤵
  PID:3120
- C:\Windows\System\xgeWWPX.exe
  C:\Windows\System\xgeWWPX.exe
  2⤵
  PID:3140
- C:\Windows\System\WyJBNEk.exe
  C:\Windows\System\WyJBNEk.exe
  2⤵
  PID:3160
- C:\Windows\System\rMOFJdG.exe
  C:\Windows\System\rMOFJdG.exe
  2⤵
  PID:3180
- C:\Windows\System\wujSVEl.exe
  C:\Windows\System\wujSVEl.exe
  2⤵
  PID:3252
- C:\Windows\System\YczdtHX.exe
  C:\Windows\System\YczdtHX.exe
  2⤵
  PID:3268
- C:\Windows\System\oExecbM.exe
  C:\Windows\System\oExecbM.exe
  2⤵
  PID:3284
- C:\Windows\System\nFsobjs.exe
  C:\Windows\System\nFsobjs.exe
  2⤵
  PID:3312
- C:\Windows\System\IqqBCpG.exe
  C:\Windows\System\IqqBCpG.exe
  2⤵
  PID:3332
- C:\Windows\System\tXvTjeu.exe
  C:\Windows\System\tXvTjeu.exe
  2⤵
  PID:3348
- C:\Windows\System\MRQNnPF.exe
  C:\Windows\System\MRQNnPF.exe
  2⤵
  PID:3364
- C:\Windows\System\VMgBNcl.exe
  C:\Windows\System\VMgBNcl.exe
  2⤵
  PID:3388
- C:\Windows\System\nHWalsQ.exe
  C:\Windows\System\nHWalsQ.exe
  2⤵
  PID:3408
- C:\Windows\System\CFxCDzA.exe
  C:\Windows\System\CFxCDzA.exe
  2⤵
  PID:3424
- C:\Windows\System\UYozxaA.exe
  C:\Windows\System\UYozxaA.exe
  2⤵
  PID:3452
- C:\Windows\System\uXjsiTN.exe
  C:\Windows\System\uXjsiTN.exe
  2⤵
  PID:3468
- C:\Windows\System\fdAgjiP.exe
  C:\Windows\System\fdAgjiP.exe
  2⤵
  PID:3488
- C:\Windows\System\JapehHn.exe
  C:\Windows\System\JapehHn.exe
  2⤵
  PID:3504
- C:\Windows\System\MIHKqQa.exe
  C:\Windows\System\MIHKqQa.exe
  2⤵
  PID:3520
- C:\Windows\System\sWsubpn.exe
  C:\Windows\System\sWsubpn.exe
  2⤵
  PID:3536
- C:\Windows\System\yKDcmYq.exe
  C:\Windows\System\yKDcmYq.exe
  2⤵
  PID:3552
- C:\Windows\System\DEQfkwb.exe
  C:\Windows\System\DEQfkwb.exe
  2⤵
  PID:3568
- C:\Windows\System\cBBEtrT.exe
  C:\Windows\System\cBBEtrT.exe
  2⤵
  PID:3584
- C:\Windows\System\ueSMotp.exe
  C:\Windows\System\ueSMotp.exe
  2⤵
  PID:3632
- C:\Windows\System\RSvfuyf.exe
  C:\Windows\System\RSvfuyf.exe
  2⤵
  PID:3652
- C:\Windows\System\hTWRnCK.exe
  C:\Windows\System\hTWRnCK.exe
  2⤵
  PID:3676
- C:\Windows\System\IijfYCl.exe
  C:\Windows\System\IijfYCl.exe
  2⤵
  PID:3696
- C:\Windows\System\lcuVgEm.exe
  C:\Windows\System\lcuVgEm.exe
  2⤵
  PID:3716
- C:\Windows\System\WzfoYyU.exe
  C:\Windows\System\WzfoYyU.exe
  2⤵
  PID:3736
- C:\Windows\System\KkdHekC.exe
  C:\Windows\System\KkdHekC.exe
  2⤵
  PID:3752
- C:\Windows\System\UpxxbfX.exe
  C:\Windows\System\UpxxbfX.exe
  2⤵
  PID:3768
- C:\Windows\System\GZmYDdk.exe
  C:\Windows\System\GZmYDdk.exe
  2⤵
  PID:3784
- C:\Windows\System\rHCqAkR.exe
  C:\Windows\System\rHCqAkR.exe
  2⤵
  PID:3824
- C:\Windows\System\IPyhedR.exe
  C:\Windows\System\IPyhedR.exe
  2⤵
  PID:3840
- C:\Windows\System\EpImUYi.exe
  C:\Windows\System\EpImUYi.exe
  2⤵
  PID:3860
- C:\Windows\System\RkWjrrN.exe
  C:\Windows\System\RkWjrrN.exe
  2⤵
  PID:3876
- C:\Windows\System\nXPSmpa.exe
  C:\Windows\System\nXPSmpa.exe
  2⤵
  PID:3892
- C:\Windows\System\XlUuuzt.exe
  C:\Windows\System\XlUuuzt.exe
  2⤵
  PID:3912
- C:\Windows\System\bvaYgwc.exe
  C:\Windows\System\bvaYgwc.exe
  2⤵
  PID:3928
- C:\Windows\System\HZkcHGw.exe
  C:\Windows\System\HZkcHGw.exe
  2⤵
  PID:3944
- C:\Windows\System\uZArsQB.exe
  C:\Windows\System\uZArsQB.exe
  2⤵
  PID:3960
- C:\Windows\System\ihRMQkW.exe
  C:\Windows\System\ihRMQkW.exe
  2⤵
  PID:3976
- C:\Windows\System\erXQtrJ.exe
  C:\Windows\System\erXQtrJ.exe
  2⤵
  PID:3992
- C:\Windows\System\dcdHRTu.exe
  C:\Windows\System\dcdHRTu.exe
  2⤵
  PID:4008
- C:\Windows\System\UNcmCim.exe
  C:\Windows\System\UNcmCim.exe
  2⤵
  PID:4036
- C:\Windows\System\UkvXRaA.exe
  C:\Windows\System\UkvXRaA.exe
  2⤵
  PID:4056
- C:\Windows\System\cbjONlh.exe
  C:\Windows\System\cbjONlh.exe
  2⤵
  PID:4072
- C:\Windows\System\VfVPyIw.exe
  C:\Windows\System\VfVPyIw.exe
  2⤵
  PID:4092
- C:\Windows\System\cCKYkpz.exe
  C:\Windows\System\cCKYkpz.exe
  2⤵
  PID:1696
- C:\Windows\System\rpeQbIl.exe
  C:\Windows\System\rpeQbIl.exe
  2⤵
  PID:2052
- C:\Windows\System\CYWQsIS.exe
  C:\Windows\System\CYWQsIS.exe
  2⤵
  PID:780
- C:\Windows\System\EsEPjCT.exe
  C:\Windows\System\EsEPjCT.exe
  2⤵
  PID:3172
- C:\Windows\System\tQmrLFV.exe
  C:\Windows\System\tQmrLFV.exe
  2⤵
  PID:908
- C:\Windows\System\pOPqPQS.exe
  C:\Windows\System\pOPqPQS.exe
  2⤵
  PID:3104
- C:\Windows\System\kxKAiah.exe
  C:\Windows\System\kxKAiah.exe
  2⤵
  PID:2128
- C:\Windows\System\WMUkGAJ.exe
  C:\Windows\System\WMUkGAJ.exe
  2⤵
  PID:1048
- C:\Windows\System\nMmJXjk.exe
  C:\Windows\System\nMmJXjk.exe
  2⤵
  PID:3188
- C:\Windows\System\RZjMBti.exe
  C:\Windows\System\RZjMBti.exe
  2⤵
  PID:3204
- C:\Windows\System\mXvRNAX.exe
  C:\Windows\System\mXvRNAX.exe
  2⤵
  PID:3264
- C:\Windows\System\PvlmOMy.exe
  C:\Windows\System\PvlmOMy.exe
  2⤵
  PID:3308
- C:\Windows\System\bMxpopT.exe
  C:\Windows\System\bMxpopT.exe
  2⤵
  PID:3416
- C:\Windows\System\oBomJfx.exe
  C:\Windows\System\oBomJfx.exe
  2⤵
  PID:3328
- C:\Windows\System\kxvPSVt.exe
  C:\Windows\System\kxvPSVt.exe
  2⤵
  PID:3248
- C:\Windows\System\SyHTrGh.exe
  C:\Windows\System\SyHTrGh.exe
  2⤵
  PID:3528
- C:\Windows\System\ejjetIZ.exe
  C:\Windows\System\ejjetIZ.exe
  2⤵
  PID:3592
- C:\Windows\System\xzlDGrT.exe
  C:\Windows\System\xzlDGrT.exe
  2⤵
  PID:3612
- C:\Windows\System\PvhHiwl.exe
  C:\Windows\System\PvhHiwl.exe
  2⤵
  PID:3476
- C:\Windows\System\GuslYDZ.exe
  C:\Windows\System\GuslYDZ.exe
  2⤵
  PID:3596
- C:\Windows\System\mxukaNI.exe
  C:\Windows\System\mxukaNI.exe
  2⤵
  PID:3360
- C:\Windows\System\EyLJXvR.exe
  C:\Windows\System\EyLJXvR.exe
  2⤵
  PID:3396
- C:\Windows\System\pcxLPTx.exe
  C:\Windows\System\pcxLPTx.exe
  2⤵
  PID:3432
- C:\Windows\System\VEAvicG.exe
  C:\Windows\System\VEAvicG.exe
  2⤵
  PID:3484
- C:\Windows\System\nWblLbQ.exe
  C:\Windows\System\nWblLbQ.exe
  2⤵
  PID:3576
- C:\Windows\System\HsZSJWr.exe
  C:\Windows\System\HsZSJWr.exe
  2⤵
  PID:3640
- C:\Windows\System\xAOUXYq.exe
  C:\Windows\System\xAOUXYq.exe
  2⤵
  PID:3692
- C:\Windows\System\UtOTzTV.exe
  C:\Windows\System\UtOTzTV.exe
  2⤵
  PID:3688
- C:\Windows\System\AooTlCh.exe
  C:\Windows\System\AooTlCh.exe
  2⤵
  PID:3792
- C:\Windows\System\bkByxbw.exe
  C:\Windows\System\bkByxbw.exe
  2⤵
  PID:3832
- C:\Windows\System\lghVUTv.exe
  C:\Windows\System\lghVUTv.exe
  2⤵
  PID:3900
- C:\Windows\System\JQlixMq.exe
  C:\Windows\System\JQlixMq.exe
  2⤵
  PID:3936
- C:\Windows\System\rkZqteX.exe
  C:\Windows\System\rkZqteX.exe
  2⤵
  PID:4000
- C:\Windows\System\YhisvzP.exe
  C:\Windows\System\YhisvzP.exe
  2⤵
  PID:3132
- C:\Windows\System\DxeVkee.exe
  C:\Windows\System\DxeVkee.exe
  2⤵
  PID:4024
- C:\Windows\System\ttPdPgV.exe
  C:\Windows\System\ttPdPgV.exe
  2⤵
  PID:3168
- C:\Windows\System\glfkBGb.exe
  C:\Windows\System\glfkBGb.exe
  2⤵
  PID:3984
- C:\Windows\System\OrMVzjU.exe
  C:\Windows\System\OrMVzjU.exe
  2⤵
  PID:2476
- C:\Windows\System\ifscjAJ.exe
  C:\Windows\System\ifscjAJ.exe
  2⤵
  PID:2300
- C:\Windows\System\NLgaewt.exe
  C:\Windows\System\NLgaewt.exe
  2⤵
  PID:3112
- C:\Windows\System\HHJkQBr.exe
  C:\Windows\System\HHJkQBr.exe
  2⤵
  PID:3196
- C:\Windows\System\WxuyrrX.exe
  C:\Windows\System\WxuyrrX.exe
  2⤵
  PID:1516
- C:\Windows\System\bHOHVcB.exe
  C:\Windows\System\bHOHVcB.exe
  2⤵
  PID:1164
- C:\Windows\System\ltbUCsT.exe
  C:\Windows\System\ltbUCsT.exe
  2⤵
  PID:3604
- C:\Windows\System\qMzCNEY.exe
  C:\Windows\System\qMzCNEY.exe
  2⤵
  PID:3280
- C:\Windows\System\CtShubN.exe
  C:\Windows\System\CtShubN.exe
  2⤵
  PID:3448
- C:\Windows\System\jcGCuLN.exe
  C:\Windows\System\jcGCuLN.exe
  2⤵
  PID:3708
- C:\Windows\System\VvygAvm.exe
  C:\Windows\System\VvygAvm.exe
  2⤵
  PID:3152
- C:\Windows\System\JmDVGAD.exe
  C:\Windows\System\JmDVGAD.exe
  2⤵
  PID:3672
- C:\Windows\System\bDBqPIH.exe
  C:\Windows\System\bDBqPIH.exe
  2⤵
  PID:3744
- C:\Windows\System\alFIDUm.exe
  C:\Windows\System\alFIDUm.exe
  2⤵
  PID:1928
- C:\Windows\System\OWvviCs.exe
  C:\Windows\System\OWvviCs.exe
  2⤵
  PID:3240
- C:\Windows\System\eFQNqDB.exe
  C:\Windows\System\eFQNqDB.exe
  2⤵
  PID:3804
- C:\Windows\System\STqhotz.exe
  C:\Windows\System\STqhotz.exe
  2⤵
  PID:3820
- C:\Windows\System\ncidACO.exe
  C:\Windows\System\ncidACO.exe
  2⤵
  PID:4044
- C:\Windows\System\FJQbyJj.exe
  C:\Windows\System\FJQbyJj.exe
  2⤵
  PID:4084
- C:\Windows\System\ktTyQYn.exe
  C:\Windows\System\ktTyQYn.exe
  2⤵
  PID:3920
- C:\Windows\System\SVyNYQK.exe
  C:\Windows\System\SVyNYQK.exe
  2⤵
  PID:3972
- C:\Windows\System\qqQdhla.exe
  C:\Windows\System\qqQdhla.exe
  2⤵
  PID:1508
- C:\Windows\System\BnPJhpb.exe
  C:\Windows\System\BnPJhpb.exe
  2⤵
  PID:2704
- C:\Windows\System\lInfKfp.exe
  C:\Windows\System\lInfKfp.exe
  2⤵
  PID:3324
- C:\Windows\System\ZVfvVmy.exe
  C:\Windows\System\ZVfvVmy.exe
  2⤵
  PID:3376
- C:\Windows\System\iKCGmDT.exe
  C:\Windows\System\iKCGmDT.exe
  2⤵
  PID:3620
- C:\Windows\System\dzgrfFJ.exe
  C:\Windows\System\dzgrfFJ.exe
  2⤵
  PID:3816
- C:\Windows\System\JTImjoR.exe
  C:\Windows\System\JTImjoR.exe
  2⤵
  PID:3872
- C:\Windows\System\FSHmWTF.exe
  C:\Windows\System\FSHmWTF.exe
  2⤵
  PID:4020
- C:\Windows\System\FzPpPFM.exe
  C:\Windows\System\FzPpPFM.exe
  2⤵
  PID:3500
- C:\Windows\System\HjtZeDN.exe
  C:\Windows\System\HjtZeDN.exe
  2⤵
  PID:3216
- C:\Windows\System\ZftFNPI.exe
  C:\Windows\System\ZftFNPI.exe
  2⤵
  PID:3624
- C:\Windows\System\OtabpYj.exe
  C:\Windows\System\OtabpYj.exe
  2⤵
  PID:3088
- C:\Windows\System\NDVUVqh.exe
  C:\Windows\System\NDVUVqh.exe
  2⤵
  PID:3380
- C:\Windows\System\BmHmddN.exe
  C:\Windows\System\BmHmddN.exe
  2⤵
  PID:3760
- C:\Windows\System\nJSukgB.exe
  C:\Windows\System\nJSukgB.exe
  2⤵
  PID:3300
- C:\Windows\System\ImBMEbO.exe
  C:\Windows\System\ImBMEbO.exe
  2⤵
  PID:3648
- C:\Windows\System\jstdGbj.exe
  C:\Windows\System\jstdGbj.exe
  2⤵
  PID:3244
- C:\Windows\System\APXKKnq.exe
  C:\Windows\System\APXKKnq.exe
  2⤵
  PID:3852
- C:\Windows\System\CzFzKqo.exe
  C:\Windows\System\CzFzKqo.exe
  2⤵
  PID:3764
- C:\Windows\System\VIClOmb.exe
  C:\Windows\System\VIClOmb.exe
  2⤵
  PID:1072
- C:\Windows\System\QKWmAVW.exe
  C:\Windows\System\QKWmAVW.exe
  2⤵
  PID:2144
- C:\Windows\System\azJJzwK.exe
  C:\Windows\System\azJJzwK.exe
  2⤵
  PID:4112
- C:\Windows\System\QthWhMJ.exe
  C:\Windows\System\QthWhMJ.exe
  2⤵
  PID:4128
- C:\Windows\System\jdFcowJ.exe
  C:\Windows\System\jdFcowJ.exe
  2⤵
  PID:4152
- C:\Windows\System\CRXWTcv.exe
  C:\Windows\System\CRXWTcv.exe
  2⤵
  PID:4204
- C:\Windows\System\qdsHSXE.exe
  C:\Windows\System\qdsHSXE.exe
  2⤵
  PID:4220
- C:\Windows\System\oHwKNjy.exe
  C:\Windows\System\oHwKNjy.exe
  2⤵
  PID:4236
- C:\Windows\System\WwtqEns.exe
  C:\Windows\System\WwtqEns.exe
  2⤵
  PID:4256
- C:\Windows\System\lqVEXjY.exe
  C:\Windows\System\lqVEXjY.exe
  2⤵
  PID:4272
- C:\Windows\System\PZISbaf.exe
  C:\Windows\System\PZISbaf.exe
  2⤵
  PID:4292
- C:\Windows\System\MqtaXzd.exe
  C:\Windows\System\MqtaXzd.exe
  2⤵
  PID:4308
- C:\Windows\System\QXHNhTJ.exe
  C:\Windows\System\QXHNhTJ.exe
  2⤵
  PID:4328
- C:\Windows\System\boWcanM.exe
  C:\Windows\System\boWcanM.exe
  2⤵
  PID:4344
- C:\Windows\System\gvtvRFs.exe
  C:\Windows\System\gvtvRFs.exe
  2⤵
  PID:4368
- C:\Windows\System\ZAvQehR.exe
  C:\Windows\System\ZAvQehR.exe
  2⤵
  PID:4388
- C:\Windows\System\CQXHeas.exe
  C:\Windows\System\CQXHeas.exe
  2⤵
  PID:4404
- C:\Windows\System\NafScRV.exe
  C:\Windows\System\NafScRV.exe
  2⤵
  PID:4424
- C:\Windows\System\vEvfpRp.exe
  C:\Windows\System\vEvfpRp.exe
  2⤵
  PID:4440
- C:\Windows\System\BowRSlO.exe
  C:\Windows\System\BowRSlO.exe
  2⤵
  PID:4456
- C:\Windows\System\ujCqqol.exe
  C:\Windows\System\ujCqqol.exe
  2⤵
  PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EBpfleL.exe

Filesize
2.0MB

MD5
19f136c814772a8bd9457b525b3e6ff8

SHA1
4890b9b0a4ccfccf8c892d99817441e0d3ea6447

SHA256
4f27eebb674e63eab041dda14b56afaae71408746e26fe0eb0b19902c1a6c12c

SHA512
47ceb25631128b21666c58743d1f4424632af56178793315808d16dc7af3e2f2225422e65ddc8d93124c4e9c04dd409107f37685bac087bcd0b4afa2f42da491

Download Submit
C:\Windows\system\EYFFCEL.exe

Filesize
2.0MB

MD5
5aca9cdd2255ae659b6707518843c571

SHA1
5fb321896cc98db54c7a883b7b652512a9676230

SHA256
e08b270b4331a3b3e8c1a8d19b3bcb068dea458a08fb41e0c2682bc16b504609

SHA512
24e374bc01c66be9d5ea2e7c992186c971adfed4aeab91952c067f324a9b351e05b4bd22a98b5528ba478da4d29f6257190346c3a4c55499a3710584272f1f69

Download Submit
C:\Windows\system\IApyyVu.exe

Filesize
2.0MB

MD5
a4babc778068821467b28e42f8e1f7f1

SHA1
a2cf8e78f03ba3cc1743c875d0d7cb143a76bd32

SHA256
4ea1adcdf1bdf4bb6370bf9bb0584b0a3f596cea4c99a30991ed819b80c3b69e

SHA512
bd4f50a8bc71f92035ef8cdc1765458c8044c4ce2cd0322c888123d68ce4187d4c627c6df6b9f10054aa860a54472576073f0aad04b2ebc64881fe45ee8760a0

Download Submit
C:\Windows\system\IksvBuU.exe

Filesize
2.0MB

MD5
f3d214a4dfa9524b4630ea2547896c9d

SHA1
d7ba19f72f5e9e190c5bb8741da3a5f9f9d015ac

SHA256
e3b00dff5648a74a3406ecea66e74afe134b67ace3b9a9f77895962157c11d97

SHA512
4e8a8fa5e467c5d6a5c9509bb318918f29be6417c7a3b842351a0958c9e923a3e17d44c84b978410c70add70281f2e63fae40fbae541df5a4282774a293020cb

Download Submit
C:\Windows\system\JlfqXOx.exe

Filesize
2.0MB

MD5
6c46709544b811119e9f0214e0d2d43b

SHA1
00a25914fb51d3580fdf51879280010faed26a93

SHA256
8a60df7687a5a51a66e64a97e53b7e90a56302a4bb27349d1ac4105e8b508809

SHA512
dd216ec53d7d62930ec0a0047b307cf1e79e1090ad4edbf8e3c220e142f77bd64bbf29a7d492c289085552cba0fe747be7723eba18d49e1fb2ed6c4ef96d0c0f

Download Submit
C:\Windows\system\KzxyJoU.exe

Filesize
2.0MB

MD5
ddd63a05f3e796a5af30dc7b3830f47d

SHA1
f0ddd177ec5ac46729cedc311b4c466438ee0503

SHA256
0e420f80dfbfda81375edf094474d1acc042bdb8851fe5714aeba678fe2ecfdd

SHA512
6644abe13a14229dfd178f791f7bc09df1e6fd5d2337b8591765c28466ec160eaecd473e2b835ce379b28179efa17c3fa8d7903214eb22cae92ccbafa5f43612

Download Submit
C:\Windows\system\LcmglXn.exe

Filesize
2.0MB

MD5
b075c64b0426478d303892fcde3b51a5

SHA1
7a864c9a005dcc808467cf789772a4bb892078c4

SHA256
a6ca697079e108f6f12b158c771711f97b903ccd2f889d11431c45c830be2ea1

SHA512
42042593675ea7b5f97d23df29ace9fa11362a35293c2f6b1957bfb03e1fc480237e51f54db5abb20eb509eafdd79712cf28c0e89b7ff286ae485cf49c5690bb

Download Submit
C:\Windows\system\PZhyMCp.exe

Filesize
2.0MB

MD5
180584643a9568a5e7472f7bc9e62a04

SHA1
48711bca815c1a76ede1d5dfc1dbe0a3d5cddf6b

SHA256
bb71f96fba3b5cb53439cab68943978743de16eec4413038de4015085675c2d2

SHA512
2622fa84724aebc7a41f4ba606bba8c04767fb64ce7ac911d6fad1f73b15c44741e14957b6d2bc508bfd55e5b23da03262aeb1cb6313045ba5b3585dbe07d4a5

Download Submit
C:\Windows\system\TRJKwjE.exe

Filesize
2.0MB

MD5
9e1735484d239d5400ee39c276dc1e66

SHA1
706cf6f6ebb1d07a79e50bf9196effd87ccbcc01

SHA256
34a10ec3807a6669c7a4c534c395cad379301666d17147d7afd2d56cc8734bbc

SHA512
5555ba609d919ab6ae3fbf16f46cc351327ccbb8380cd8afddd85402069cffad9cd523e1c9c140564f98f5349fb37072f2faee10643405e01f10827cd8c0df27

Download Submit
C:\Windows\system\TvkHPKC.exe

Filesize
2.0MB

MD5
6766114cd208d6b63d21dcfeec695656

SHA1
4f30e282531fb4b1d3c78d22a02bf6d106a88540

SHA256
7b5d0f4e7a9d09e1f36fd8bed1097e0706c1e88deb49ebd07f5a75ccb16dcdb9

SHA512
e282f90b06adb2158aab19bc4a9c34607e1004acbc2939b877ca24d5cba5d820c78ab8fa0d3962f04ba4d11afa6cbeabf6a37188c3b1e1d1062961afa319b935

Download Submit
C:\Windows\system\VGOUwwW.exe

Filesize
2.0MB

MD5
fa90d837efe78d54d2d1c66f160d799f

SHA1
e90f347cee222b5e0ccf517472bd87fcb4e1c776

SHA256
93aea07c51a97f5a98a8e793406fcb773b201909e0bb67bf2eadcd4a9d5c4c66

SHA512
0d0aba3df619ae072d63b430e9d1a1f9bf074ab04a7da42cfedf0045ac87695d618d3e9e31363bc9e9433f74f39aaea59056591b2cf54d0c9876405b564c81be

Download Submit
C:\Windows\system\WLQVMsX.exe

Filesize
2.0MB

MD5
ae647321e242cc44b72dddbb80ae37b3

SHA1
abe549f8b438e06318321b487fc7576a741a7693

SHA256
1d536e03fe47ec19d4034a3a3ef6cb5a600e8590f3048f8e5c87d7386b6339fd

SHA512
48fe1c7decafb7a6189a0c3c46d43ccb55f9b4387cb8a666b7539cbd353b17ff571453fed8735f463478a90001f5a00a35a28a42ace19a713912d4c71170254c

Download Submit
C:\Windows\system\cPVornC.exe

Filesize
2.0MB

MD5
f2490fb875607193c6e87c652f48d708

SHA1
7bf4255a6d97b275ab5449949e2ce809fe2b8fc2

SHA256
16657fe9570de4608ba9819e0dc42ad23b49f4f9f1d7350f0e87ab1d38ab096c

SHA512
de6f058c58b0f63d43954fac0d39a0197caa4193e1afaee04fe39f968bb43d51ae6de5961255cde63151c454090b26b302db37432bfd86e49cab114b47751bb9

Download Submit
C:\Windows\system\hYburXO.exe

Filesize
2.0MB

MD5
01fcb848a82e3c7aa7ff4f1fd8a27e51

SHA1
892db880ef4d1ea3a427f1ffebb48a90553ff63f

SHA256
f9950e303acd727e4b90fb9f49c9ba273f5f71ccb252e7422b049f8a33542746

SHA512
e56145e6a3e89cc8882238b8a3fed25a1b140238d5334fab03cbbd6325b739daaf29bc4d02dc4eb28ec8af6a4ffa13b36baab9b670cbf7dba78356bc7d67683a

Download Submit
C:\Windows\system\jDqmVBx.exe

Filesize
2.0MB

MD5
2adc851d8a650d0dc1c23f72dc0031e3

SHA1
5188a7f0652cc73e7bf933921b0a70bbd9414ddc

SHA256
426d6f67408753b0e6d44176f68ffc42990613fcffa16a82374aca994511b04d

SHA512
e7b9f07cedc5f7af281d596f5a4e41404f4b97dbfa7f7929160a4c2919a5c31424355917eb2a463571336d45593856e59f46212a1146bfaf7549a2ca2f5eeaa5

Download Submit
C:\Windows\system\kIcgDFZ.exe

Filesize
2.0MB

MD5
766241945ced097595df0c383adaa86f

SHA1
5db1f818d752165a7ed034439c9707533add5b9a

SHA256
4e4b7191277562a0da26d03cbd7d11fd49a11c498d160dadccd5fb4d900b4cee

SHA512
64c1cf591b869d1ca75b012f69cd671dda86fadf06165dad8b87878471213ac532c348a8d8020f38df9246042ca82a113070f158467b16963a40978a62f94c20

Download Submit
C:\Windows\system\mnuglEG.exe

Filesize
2.0MB

MD5
b76f34f2989b8bc70b9863711a5eed1c

SHA1
f64ccd654496fd66664e7dcddda26170c9de2e9b

SHA256
ec9189f2f2eaa24137aed9ffe21af04f80f2d6194fdeef2beda0be70c6bbabee

SHA512
bfb15efa58037b4a65320044e8b40911cf25c3aa593b827254d45d60bb05abd81109f80ac5ff58496f825ead8c969a350fcad38e752f10ef0b4e2576efdb6444

Download Submit
C:\Windows\system\osrTjAS.exe

Filesize
2.0MB

MD5
9aaede976cdb4da40b87ff5eb045b06f

SHA1
624ad1a7c70d9b337b5691cdaaff13fe63a3501c

SHA256
47b4ab5e2e8d136aabe63f96fe6847cb0980e62394860083a26020131859966c

SHA512
3c8c51f7dc4efb6e54850c1c98a4e383282ab4b0affe3af6e2792f00b1fad3fe0a8480b851d2a9fc97755ddc314a27cce190a21ef8a1dc6b0167078803ae5992

Download Submit
C:\Windows\system\qfWvASP.exe

Filesize
2.0MB

MD5
d2f09d1108cebbfe4f4374ec9d870d35

SHA1
3f9f4241550df66e1e05e273b54e5eb3d888f3cb

SHA256
4c60d0d0743654dfdc15798773ec295b9bea4b2869227d39b6b82b8459379439

SHA512
d885afa04eb810ce69ce0bc1b6a81bfb416d77aa008099232b12ed34075813c08a542e2e798e6a5fa54645990a3188a1297cdf685a3d76e3566c3d421b809d59

Download Submit
C:\Windows\system\rYzwPja.exe

Filesize
2.0MB

MD5
539064fd5055f5a626d1a825ad0d2f6f

SHA1
5a4d3e185f42b8a2f3316b68b6c93b01b5d2b1f1

SHA256
35953b84ba3cd322bef8c13652935c1f56998a1d1466a9c5912fcab9854556f2

SHA512
079a0f67df237f5558b25df097a1023585a0bdd24b977e013ec23eeb4886ecc398c5599c61039c1c026ac18d075be39e52f0b8db2ae39b5722f119f99ab83150

Download Submit
C:\Windows\system\vYKDfuj.exe

Filesize
2.0MB

MD5
2d83d2a166733f3db2f9fb933a67f6cb

SHA1
427272a7fd8bb437938438b5b8dd412b333e2094

SHA256
8ed95ed4658dc4e5a485ad250c6bf5fb5153e21875420ed5904e4b04ddaea027

SHA512
b463a88872b917b87f6baaf3f6b9aea5c51195d6d72090f772db7eb8356a26b59d5884ea09161f0d01e85d6c08bab9228c7792047901d66a612ee28f8e77d05c

Download Submit
C:\Windows\system\vYwuUlN.exe

Filesize
2.0MB

MD5
fe2aa5ea854a4e22afd6abd5ebda245f

SHA1
904e8c0bf416ff5323e1e2cd1e5953ca31ba66eb

SHA256
8ee80283a62e08284d419230a57a42a75b21c769bca04d98a889ee901f71b7a8

SHA512
783bea30dc6bf678b9d2e96166d295eda65dd1f304ad49eb0cc6663f780bcbdf89ae605f36928648298839706b109a31953ae61851e59a2d92068524938117d7

Download Submit
C:\Windows\system\wWqVSld.exe

Filesize
2.0MB

MD5
be71e1819e84ad55d81124afab8f7563

SHA1
e66cfb7ce8460b5e541c862fa59ad871e3b0728c

SHA256
9ae2aa5631c4c342a108513c787713d0f72d0279f4d28bbc84d1ecd31dce95dd

SHA512
353b102348403e6e057b7176b32c68aefab202843c4522d07148fc1306367cb2e1b0f8a82d397ef9bbac19a637e2e0b4c1b20980e24404b6d42abcd5d51c921e

Download Submit
C:\Windows\system\zQaIHUH.exe

Filesize
2.0MB

MD5
576511bf07965d6bd4861f21ee0ad9a3

SHA1
fbb67b0b69d416a54ceb2280ef71f1fe6ce0a52a

SHA256
0cfeab2bb9169149ca214b9bcf5bfea986ff2d31cb5c4785ed2778fa64a6fbc9

SHA512
5366c8dca6beb5e79e629ee96ef70a6da50d79ac080483f52f595161c6f8279a2d8d46ea46e09567a1c264e452bfbed1b9d4aec0c4f64032984cbc7f9b920521

Download Submit
\Windows\system\BuxQvex.exe

Filesize
2.0MB

MD5
1c407b1e9aea6ea11127356c288bba10

SHA1
4ddfc120392ecea20e3cbdfd39b92a7647edd4ff

SHA256
d76ab5e8a6776b02572e414245c7996c42e50a8feaa1da1c6bf7387bd13c8be7

SHA512
c746ac12c8fcd7b82fa5604056f3d0be1fc3f50311a2f007b067f26360613ed3cdb295395797b5bda8bda72be43ffd117f27f31739444976c6f8f47577e07f2f

Download Submit
\Windows\system\FeaPBsg.exe

Filesize
2.0MB

MD5
76dcdd2ee6230cc89644270666a5a584

SHA1
acaf410c0de0402c950cd1dc93572f0b13ddab72

SHA256
fbca0fa73a27e6518e8da7a4b3a2c3ba36ff27ffdeb0c2a0f6c9334c24f031ea

SHA512
3171aad75512ea99f08c66aed29c52694ed5d29e4e6c8cc73603c47f946d0f3d888729294bea1c7b63e6f7448d585d9fe9948bf0e56365cf00028e798ec174aa

Download Submit
\Windows\system\KPeaFsf.exe

Filesize
2.0MB

MD5
4c2feccd37c45f5d71293c4d8116fb05

SHA1
78fd08762286392d023d6f9ad56bb87ef018302d

SHA256
2135ce4d13e3efc00d7fcc2c39f0402b49de8da961b67a3b7db8daa4e31859bf

SHA512
3bbca6f856ba70db14022f6289885d5015a6bace433abefe7adc3eb127ba523e7cb68ee6f588ab2aa03a54128b6fd5dd64472c3af1d1714c88147f54dfdd14cb

Download Submit
\Windows\system\LRURweP.exe

Filesize
2.0MB

MD5
6b5718298977e414bbdb95186cb923dc

SHA1
9aafb24b97237dbe631308086e2254af9742d1d4

SHA256
ea1f097360940f13347252310ea6b265c34c72d01e777a0824fc206b1dad5fb9

SHA512
f37616b961b0e05af64327234b17db6e0f4b44223c966a0b01cbddaef8aab06ea68d38a687d77333ddc06fd7e34f71d0f0af5615a5ccfa5a80609e692bcf654e

Download Submit
\Windows\system\SnQfXdg.exe

Filesize
2.0MB

MD5
0532c4b024bf17270577e18e8723c026

SHA1
40e9d50d8e904b3c2b2912ca1db4a7ab375d74ca

SHA256
ffef2fabeca050b62ff4fda1a934f9019f69ee6cff1fffddfea97cb17913324b

SHA512
83aa87526625ef289e5e96ac6af4958ac543eb785624b5730441fe66790c2d73d1b8713497022f128976b3593488ac1f09e359b4299afb1cf2c1204c150f01ae

Download Submit
\Windows\system\aNgQUdi.exe

Filesize
2.0MB

MD5
f833d20f3a5cb86d5ae38a920cbd617c

SHA1
49e82a660c35c49705c52c37649afea3c56d83fc

SHA256
d88b68e361503a94b4924e4f29f2fb2da9cf56daab72f4cfafa70a1162ac4dbe

SHA512
5d68deaeeab0c714fe1b5f60962cb2cb280a77356abf96c7751cfda4642197f7fffd1bc13bf9fb65cd139405a28949c54c31ecd3e389a998e9edf1e9912f18b3

Download Submit
\Windows\system\ruhcpxa.exe

Filesize
2.0MB

MD5
68f882bd3053084852ab0bd7f30103e1

SHA1
1e57c5ae32c4a8a463a42595d23acda7a79b1767

SHA256
2ef4f22a2f97cc3aa59be7c05fed16faf03af082815e4cf96a576252f231fe00

SHA512
ed4a219981eed879dd12ce3ab612c011472cf59b82070030e9453402e31582ecd2fb8791690274e4a73b507f584cad04ec5d013743cf971d0aacfd022f177930

Download Submit
\Windows\system\xgnSHha.exe

Filesize
2.0MB

MD5
b9051589f47e4b9aa0eae5e881b7c3bd

SHA1
374dc43f7e80aec2cbe5c85670664b675bb7d003

SHA256
9f630b39b9ae3242d5af6a21436186262c2bff23928abf4ca687ee6f56c4d64e

SHA512
ee1dbea071750f9484f0033d82145f9d404d7719d56aa99d91075212a78fe9efc95a8af352e55efde01dc756ffd5fb646b2f0ac53abf7869b58a536afd077aff

Download Submit
memory/2060-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download