kpot | 238521fe23d9333a0a9681fff05ec4dc9e790e860ff53b5b4a58f5e0962c8c04

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 03:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
Size

2.0MB
MD5

9d34021f9f8c3797d88efbefb1274620
SHA1

dac3815ff80691cea88169cd6abaafdaa9b038ee
SHA256

238521fe23d9333a0a9681fff05ec4dc9e790e860ff53b5b4a58f5e0962c8c04
SHA512

8604d746570ba1088b16e9ec38f15d52682c1a14f2d198944bff2311fb4fe24d24ea3d3aec50a8ff916b891e62faf841a7f4570f11ed89876d1b980c52fa2ff9
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2c:GemTLkNdfE0pZaQk

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000b000000012280-2.dat	family_kpot
behavioral1/files/0x002d000000015c68-6.dat	family_kpot
behavioral1/files/0x0008000000015cb2-13.dat	family_kpot
behavioral1/files/0x0007000000015cb9-16.dat	family_kpot
behavioral1/files/0x0007000000015cd2-25.dat	family_kpot
behavioral1/files/0x0012000000015c83-27.dat	family_kpot
behavioral1/files/0x0007000000015cf2-33.dat	family_kpot
behavioral1/files/0x0009000000015dc5-39.dat	family_kpot
behavioral1/files/0x0008000000016c2a-44.dat	family_kpot
behavioral1/files/0x0006000000016c76-48.dat	family_kpot
behavioral1/files/0x0006000000016ce4-69.dat	family_kpot
behavioral1/files/0x0006000000016cdc-62.dat	family_kpot
behavioral1/files/0x0006000000016cec-74.dat	family_kpot
behavioral1/files/0x0006000000016d94-119.dat	family_kpot
behavioral1/files/0x00060000000170cf-137.dat	family_kpot
behavioral1/files/0x00050000000186a7-159.dat	family_kpot
behavioral1/files/0x001500000001861a-154.dat	family_kpot
behavioral1/files/0x0006000000017578-144.dat	family_kpot
behavioral1/files/0x00060000000177fe-149.dat	family_kpot
behavioral1/files/0x0006000000017090-134.dat	family_kpot
behavioral1/files/0x0006000000016e6b-129.dat	family_kpot
behavioral1/files/0x0006000000016d98-124.dat	family_kpot
behavioral1/files/0x0006000000016d5b-114.dat	family_kpot
behavioral1/files/0x0006000000016d3c-104.dat	family_kpot
behavioral1/files/0x0006000000016d4c-108.dat	family_kpot
behavioral1/files/0x0006000000016d0f-94.dat	family_kpot
behavioral1/files/0x0006000000016d2b-99.dat	family_kpot
behavioral1/files/0x0006000000016cfe-84.dat	family_kpot
behavioral1/files/0x0006000000016d0a-89.dat	family_kpot
behavioral1/files/0x0006000000016cf8-79.dat	family_kpot
behavioral1/files/0x0006000000016ccb-58.dat	family_kpot
behavioral1/files/0x0006000000016c9d-53.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000b000000012280-2.dat	xmrig
behavioral1/files/0x002d000000015c68-6.dat	xmrig
behavioral1/files/0x0008000000015cb2-13.dat	xmrig
behavioral1/files/0x0007000000015cb9-16.dat	xmrig
behavioral1/files/0x0007000000015cd2-25.dat	xmrig
behavioral1/files/0x0012000000015c83-27.dat	xmrig
behavioral1/files/0x0007000000015cf2-33.dat	xmrig
behavioral1/files/0x0009000000015dc5-39.dat	xmrig
behavioral1/files/0x0008000000016c2a-44.dat	xmrig
behavioral1/files/0x0006000000016c76-48.dat	xmrig
behavioral1/files/0x0006000000016ce4-69.dat	xmrig
behavioral1/files/0x0006000000016cdc-62.dat	xmrig
behavioral1/files/0x0006000000016cec-74.dat	xmrig
behavioral1/files/0x0006000000016d94-119.dat	xmrig
behavioral1/files/0x00060000000170cf-137.dat	xmrig
behavioral1/files/0x00050000000186a7-159.dat	xmrig
behavioral1/files/0x001500000001861a-154.dat	xmrig
behavioral1/files/0x0006000000017578-144.dat	xmrig
behavioral1/files/0x00060000000177fe-149.dat	xmrig
behavioral1/files/0x0006000000017090-134.dat	xmrig
behavioral1/files/0x0006000000016e6b-129.dat	xmrig
behavioral1/files/0x0006000000016d98-124.dat	xmrig
behavioral1/files/0x0006000000016d5b-114.dat	xmrig
behavioral1/files/0x0006000000016d3c-104.dat	xmrig
behavioral1/files/0x0006000000016d4c-108.dat	xmrig
behavioral1/files/0x0006000000016d0f-94.dat	xmrig
behavioral1/files/0x0006000000016d2b-99.dat	xmrig
behavioral1/files/0x0006000000016cfe-84.dat	xmrig
behavioral1/files/0x0006000000016d0a-89.dat	xmrig
behavioral1/files/0x0006000000016cf8-79.dat	xmrig
behavioral1/files/0x0006000000016ccb-58.dat	xmrig
behavioral1/files/0x0006000000016c9d-53.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2808	fZBlssY.exe
3004	qSpOBgf.exe
3040	XTyYClO.exe
2620	hJkhuFL.exe
2820	RPKFyEn.exe
1860	MKzgJzY.exe
2632	XnFBACC.exe
2500	AMZWRSW.exe
2608	SEZKoFH.exe
2476	BhpjnLw.exe
2516	UPMuEfk.exe
2936	huKmyap.exe
2948	LJbHxWx.exe
468	jBfCwgX.exe
1692	FQtLkcX.exe
680	BSOTqek.exe
1196	bddFjbo.exe
2712	DPWAbHn.exe
2932	sagITDo.exe
3028	yuLwvyK.exe
1656	zYkrjIz.exe
1632	KOYZXpN.exe
2008	yMaJgWa.exe
1684	fHLUCoR.exe
2044	VAlvqTD.exe
2388	ngCdrQU.exe
2412	qXzFQtW.exe
2540	WjTBdgQ.exe
1984	QkIAYGr.exe
1136	deZpOag.exe
1524	GWNzqbt.exe
1456	ceBTajK.exe
1120	acwYqYp.exe
1332	fSQsuXz.exe
2884	GvXklFK.exe
2880	JsETPBG.exe
3008	MUdoiQS.exe
1696	tUsFGVq.exe
1724	PRhfLoo.exe
2272	gtqwMvk.exe
2372	nKbVnLS.exe
2112	NpqloNX.exe
1052	TYRRjQO.exe
1780	fEvwzuM.exe
688	iWOLOqO.exe
1468	LtpAvdd.exe
1904	sOOgAQe.exe
1164	BGZsJxh.exe
2756	rGqcPlu.exe
2956	ogNlhWx.exe
1796	FdKPdpg.exe
1628	UoqgnoT.exe
284	AigPyIj.exe
2360	sKLPVAv.exe
1464	itXAaWs.exe
1728	LJNoSRe.exe
1012	zKqqiwL.exe
2088	NctYyKH.exe
1228	OgEslRG.exe
1260	xqzrDwk.exe
880	AzgTSZP.exe
1964	JdMgUFl.exe
2432	LqwRzhl.exe
1588	zOWuoWP.exe

Loads dropped DLL 64 IoCs

pid	Process
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RrcbxsC.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\Xjcsvwq.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\KsMKJtg.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\rtmlzIk.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\FdKPdpg.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\CCeJbNn.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\KfdrhAV.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\FmDSeGn.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\zKqqiwL.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\ZFvABbk.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\jBfCwgX.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\ZdEKFvF.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\UXMLlTr.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\IjGVCeo.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\DGoAgRC.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\ATTFGkb.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\siFYNaG.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\nHslRXS.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\mjTigSt.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\ALetExA.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\KeJJevI.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\eSSJCEB.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\thkVqOO.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\sBbDbXJ.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\NctYyKH.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\NjORfAa.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\DDiZwrm.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\eutJEoW.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\zYkrjIz.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\JdMgUFl.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\OzsodkI.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\fWtxUnB.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\XnFBACC.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\bPbvRFV.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\FxLkVLl.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\vYQSTuh.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\CxLyyNK.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\avvRbiY.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\XoegdKW.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\UDcFNfE.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\oVZFRFX.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\oExoYki.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\huKmyap.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\pGeBQJi.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\wzgVVvK.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\RUfdlkm.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\gqatesU.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\faYhgse.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\LLLuKaz.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\aQUmDCn.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\oxQTIMi.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\maJouPC.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\NLuzoCg.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\KlhhGyD.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\GaHTpKu.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\dSTAGdt.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\dZyYVWW.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\xarUNhV.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\acwYqYp.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\tUsFGVq.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\RPEfgTn.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\UFGWNPy.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\TdrziHn.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
File created	C:\Windows\System\vGvgEWk.exe	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2808	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 2808	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 2808	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 3004	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 3004	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 3004	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 3040	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 3040	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 3040	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 2620	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	32
PID 2184 wrote to memory of 2620	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	32
PID 2184 wrote to memory of 2620	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	32
PID 2184 wrote to memory of 2820	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	33
PID 2184 wrote to memory of 2820	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	33
PID 2184 wrote to memory of 2820	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	33
PID 2184 wrote to memory of 1860	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	34
PID 2184 wrote to memory of 1860	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	34
PID 2184 wrote to memory of 1860	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	34
PID 2184 wrote to memory of 2632	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	35
PID 2184 wrote to memory of 2632	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	35
PID 2184 wrote to memory of 2632	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	35
PID 2184 wrote to memory of 2500	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	36
PID 2184 wrote to memory of 2500	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	36
PID 2184 wrote to memory of 2500	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	36
PID 2184 wrote to memory of 2608	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	37
PID 2184 wrote to memory of 2608	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	37
PID 2184 wrote to memory of 2608	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	37
PID 2184 wrote to memory of 2476	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	38
PID 2184 wrote to memory of 2476	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	38
PID 2184 wrote to memory of 2476	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	38
PID 2184 wrote to memory of 2516	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	39
PID 2184 wrote to memory of 2516	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	39
PID 2184 wrote to memory of 2516	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	39
PID 2184 wrote to memory of 2936	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	40
PID 2184 wrote to memory of 2936	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	40
PID 2184 wrote to memory of 2936	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	40
PID 2184 wrote to memory of 2948	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	41
PID 2184 wrote to memory of 2948	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	41
PID 2184 wrote to memory of 2948	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	41
PID 2184 wrote to memory of 468	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	42
PID 2184 wrote to memory of 468	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	42
PID 2184 wrote to memory of 468	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	42
PID 2184 wrote to memory of 1692	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	43
PID 2184 wrote to memory of 1692	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	43
PID 2184 wrote to memory of 1692	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	43
PID 2184 wrote to memory of 680	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	44
PID 2184 wrote to memory of 680	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	44
PID 2184 wrote to memory of 680	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	44
PID 2184 wrote to memory of 1196	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	45
PID 2184 wrote to memory of 1196	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	45
PID 2184 wrote to memory of 1196	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	45
PID 2184 wrote to memory of 2712	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	46
PID 2184 wrote to memory of 2712	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	46
PID 2184 wrote to memory of 2712	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	46
PID 2184 wrote to memory of 2932	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	47
PID 2184 wrote to memory of 2932	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	47
PID 2184 wrote to memory of 2932	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	47
PID 2184 wrote to memory of 3028	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	48
PID 2184 wrote to memory of 3028	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	48
PID 2184 wrote to memory of 3028	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	48
PID 2184 wrote to memory of 1656	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	49
PID 2184 wrote to memory of 1656	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	49
PID 2184 wrote to memory of 1656	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	49
PID 2184 wrote to memory of 1632	2184	9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d34021f9f8c3797d88efbefb1274620_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\System\fZBlssY.exe
  C:\Windows\System\fZBlssY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qSpOBgf.exe
  C:\Windows\System\qSpOBgf.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\XTyYClO.exe
  C:\Windows\System\XTyYClO.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\hJkhuFL.exe
  C:\Windows\System\hJkhuFL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\RPKFyEn.exe
  C:\Windows\System\RPKFyEn.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\MKzgJzY.exe
  C:\Windows\System\MKzgJzY.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\XnFBACC.exe
  C:\Windows\System\XnFBACC.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\AMZWRSW.exe
  C:\Windows\System\AMZWRSW.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\SEZKoFH.exe
  C:\Windows\System\SEZKoFH.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\BhpjnLw.exe
  C:\Windows\System\BhpjnLw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\UPMuEfk.exe
  C:\Windows\System\UPMuEfk.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\huKmyap.exe
  C:\Windows\System\huKmyap.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LJbHxWx.exe
  C:\Windows\System\LJbHxWx.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\jBfCwgX.exe
  C:\Windows\System\jBfCwgX.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\FQtLkcX.exe
  C:\Windows\System\FQtLkcX.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\BSOTqek.exe
  C:\Windows\System\BSOTqek.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\bddFjbo.exe
  C:\Windows\System\bddFjbo.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\DPWAbHn.exe
  C:\Windows\System\DPWAbHn.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\sagITDo.exe
  C:\Windows\System\sagITDo.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\yuLwvyK.exe
  C:\Windows\System\yuLwvyK.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\zYkrjIz.exe
  C:\Windows\System\zYkrjIz.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\KOYZXpN.exe
  C:\Windows\System\KOYZXpN.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\yMaJgWa.exe
  C:\Windows\System\yMaJgWa.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\fHLUCoR.exe
  C:\Windows\System\fHLUCoR.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\VAlvqTD.exe
  C:\Windows\System\VAlvqTD.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ngCdrQU.exe
  C:\Windows\System\ngCdrQU.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\qXzFQtW.exe
  C:\Windows\System\qXzFQtW.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\WjTBdgQ.exe
  C:\Windows\System\WjTBdgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QkIAYGr.exe
  C:\Windows\System\QkIAYGr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\deZpOag.exe
  C:\Windows\System\deZpOag.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\GWNzqbt.exe
  C:\Windows\System\GWNzqbt.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ceBTajK.exe
  C:\Windows\System\ceBTajK.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\acwYqYp.exe
  C:\Windows\System\acwYqYp.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\fSQsuXz.exe
  C:\Windows\System\fSQsuXz.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\GvXklFK.exe
  C:\Windows\System\GvXklFK.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\JsETPBG.exe
  C:\Windows\System\JsETPBG.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\MUdoiQS.exe
  C:\Windows\System\MUdoiQS.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\tUsFGVq.exe
  C:\Windows\System\tUsFGVq.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\PRhfLoo.exe
  C:\Windows\System\PRhfLoo.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\gtqwMvk.exe
  C:\Windows\System\gtqwMvk.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\nKbVnLS.exe
  C:\Windows\System\nKbVnLS.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\NpqloNX.exe
  C:\Windows\System\NpqloNX.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\TYRRjQO.exe
  C:\Windows\System\TYRRjQO.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\fEvwzuM.exe
  C:\Windows\System\fEvwzuM.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iWOLOqO.exe
  C:\Windows\System\iWOLOqO.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\LtpAvdd.exe
  C:\Windows\System\LtpAvdd.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\sOOgAQe.exe
  C:\Windows\System\sOOgAQe.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\BGZsJxh.exe
  C:\Windows\System\BGZsJxh.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\rGqcPlu.exe
  C:\Windows\System\rGqcPlu.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ogNlhWx.exe
  C:\Windows\System\ogNlhWx.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\FdKPdpg.exe
  C:\Windows\System\FdKPdpg.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\UoqgnoT.exe
  C:\Windows\System\UoqgnoT.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\AigPyIj.exe
  C:\Windows\System\AigPyIj.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\sKLPVAv.exe
  C:\Windows\System\sKLPVAv.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\itXAaWs.exe
  C:\Windows\System\itXAaWs.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\LJNoSRe.exe
  C:\Windows\System\LJNoSRe.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\zKqqiwL.exe
  C:\Windows\System\zKqqiwL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\NctYyKH.exe
  C:\Windows\System\NctYyKH.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\OgEslRG.exe
  C:\Windows\System\OgEslRG.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\xqzrDwk.exe
  C:\Windows\System\xqzrDwk.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\AzgTSZP.exe
  C:\Windows\System\AzgTSZP.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\JdMgUFl.exe
  C:\Windows\System\JdMgUFl.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\LqwRzhl.exe
  C:\Windows\System\LqwRzhl.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\zOWuoWP.exe
  C:\Windows\System\zOWuoWP.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\YrUdoRw.exe
  C:\Windows\System\YrUdoRw.exe
  2⤵
  PID:1580
- C:\Windows\System\aJdUCHZ.exe
  C:\Windows\System\aJdUCHZ.exe
  2⤵
  PID:2612
- C:\Windows\System\ZrZZgTl.exe
  C:\Windows\System\ZrZZgTl.exe
  2⤵
  PID:2748
- C:\Windows\System\PwSrIjK.exe
  C:\Windows\System\PwSrIjK.exe
  2⤵
  PID:2796
- C:\Windows\System\AwccUlb.exe
  C:\Windows\System\AwccUlb.exe
  2⤵
  PID:2784
- C:\Windows\System\RjKlPSi.exe
  C:\Windows\System\RjKlPSi.exe
  2⤵
  PID:2976
- C:\Windows\System\VSRSrMY.exe
  C:\Windows\System\VSRSrMY.exe
  2⤵
  PID:2564
- C:\Windows\System\UzcJbsb.exe
  C:\Windows\System\UzcJbsb.exe
  2⤵
  PID:3068
- C:\Windows\System\justFot.exe
  C:\Windows\System\justFot.exe
  2⤵
  PID:2548
- C:\Windows\System\penDmCG.exe
  C:\Windows\System\penDmCG.exe
  2⤵
  PID:2068
- C:\Windows\System\IIrkorR.exe
  C:\Windows\System\IIrkorR.exe
  2⤵
  PID:556
- C:\Windows\System\aatQOVA.exe
  C:\Windows\System\aatQOVA.exe
  2⤵
  PID:1020
- C:\Windows\System\nHslRXS.exe
  C:\Windows\System\nHslRXS.exe
  2⤵
  PID:1016
- C:\Windows\System\LjefyLV.exe
  C:\Windows\System\LjefyLV.exe
  2⤵
  PID:932
- C:\Windows\System\BkzimSF.exe
  C:\Windows\System\BkzimSF.exe
  2⤵
  PID:2512
- C:\Windows\System\FxLkVLl.exe
  C:\Windows\System\FxLkVLl.exe
  2⤵
  PID:1144
- C:\Windows\System\zNqYzIL.exe
  C:\Windows\System\zNqYzIL.exe
  2⤵
  PID:2000
- C:\Windows\System\HqhKxdw.exe
  C:\Windows\System\HqhKxdw.exe
  2⤵
  PID:944
- C:\Windows\System\HJEqYbR.exe
  C:\Windows\System\HJEqYbR.exe
  2⤵
  PID:2520
- C:\Windows\System\CkRFjXP.exe
  C:\Windows\System\CkRFjXP.exe
  2⤵
  PID:2460
- C:\Windows\System\AhMbtKb.exe
  C:\Windows\System\AhMbtKb.exe
  2⤵
  PID:1648
- C:\Windows\System\uZWeoYq.exe
  C:\Windows\System\uZWeoYq.exe
  2⤵
  PID:2288
- C:\Windows\System\NLuzoCg.exe
  C:\Windows\System\NLuzoCg.exe
  2⤵
  PID:1080
- C:\Windows\System\DmVZlwl.exe
  C:\Windows\System\DmVZlwl.exe
  2⤵
  PID:2036
- C:\Windows\System\WAkjHTl.exe
  C:\Windows\System\WAkjHTl.exe
  2⤵
  PID:2872
- C:\Windows\System\NylUTMT.exe
  C:\Windows\System\NylUTMT.exe
  2⤵
  PID:1212
- C:\Windows\System\KuJCKgP.exe
  C:\Windows\System\KuJCKgP.exe
  2⤵
  PID:764
- C:\Windows\System\EuWAyBz.exe
  C:\Windows\System\EuWAyBz.exe
  2⤵
  PID:2816
- C:\Windows\System\MWMNNJw.exe
  C:\Windows\System\MWMNNJw.exe
  2⤵
  PID:1236
- C:\Windows\System\uLjCwTz.exe
  C:\Windows\System\uLjCwTz.exe
  2⤵
  PID:2716
- C:\Windows\System\iMNCsKD.exe
  C:\Windows\System\iMNCsKD.exe
  2⤵
  PID:1676
- C:\Windows\System\PYQeQJa.exe
  C:\Windows\System\PYQeQJa.exe
  2⤵
  PID:972
- C:\Windows\System\cUuJksh.exe
  C:\Windows\System\cUuJksh.exe
  2⤵
  PID:968
- C:\Windows\System\pocGqBG.exe
  C:\Windows\System\pocGqBG.exe
  2⤵
  PID:1764
- C:\Windows\System\maJouPC.exe
  C:\Windows\System\maJouPC.exe
  2⤵
  PID:1452
- C:\Windows\System\NMljzpF.exe
  C:\Windows\System\NMljzpF.exe
  2⤵
  PID:3048
- C:\Windows\System\GClYRWi.exe
  C:\Windows\System\GClYRWi.exe
  2⤵
  PID:2020
- C:\Windows\System\bqvAaSM.exe
  C:\Windows\System\bqvAaSM.exe
  2⤵
  PID:1880
- C:\Windows\System\gAuQOTF.exe
  C:\Windows\System\gAuQOTF.exe
  2⤵
  PID:2996
- C:\Windows\System\GbqloMy.exe
  C:\Windows\System\GbqloMy.exe
  2⤵
  PID:1152
- C:\Windows\System\LHUhXKa.exe
  C:\Windows\System\LHUhXKa.exe
  2⤵
  PID:1960
- C:\Windows\System\mjTigSt.exe
  C:\Windows\System\mjTigSt.exe
  2⤵
  PID:2416
- C:\Windows\System\PupYcFi.exe
  C:\Windows\System\PupYcFi.exe
  2⤵
  PID:2132
- C:\Windows\System\vYQSTuh.exe
  C:\Windows\System\vYQSTuh.exe
  2⤵
  PID:2348
- C:\Windows\System\fXrpJet.exe
  C:\Windows\System\fXrpJet.exe
  2⤵
  PID:2644
- C:\Windows\System\jTBhAWB.exe
  C:\Windows\System\jTBhAWB.exe
  2⤵
  PID:2812
- C:\Windows\System\Novpgmt.exe
  C:\Windows\System\Novpgmt.exe
  2⤵
  PID:2828
- C:\Windows\System\ZdEKFvF.exe
  C:\Windows\System\ZdEKFvF.exe
  2⤵
  PID:2740
- C:\Windows\System\ALetExA.exe
  C:\Windows\System\ALetExA.exe
  2⤵
  PID:2484
- C:\Windows\System\KeJJevI.exe
  C:\Windows\System\KeJJevI.exe
  2⤵
  PID:2028
- C:\Windows\System\iKCgMYW.exe
  C:\Windows\System\iKCgMYW.exe
  2⤵
  PID:804
- C:\Windows\System\RPEfgTn.exe
  C:\Windows\System\RPEfgTn.exe
  2⤵
  PID:2680
- C:\Windows\System\RUfdlkm.exe
  C:\Windows\System\RUfdlkm.exe
  2⤵
  PID:1652
- C:\Windows\System\BaFqkGk.exe
  C:\Windows\System\BaFqkGk.exe
  2⤵
  PID:1108
- C:\Windows\System\TLEKiqk.exe
  C:\Windows\System\TLEKiqk.exe
  2⤵
  PID:1928
- C:\Windows\System\JXEsjJw.exe
  C:\Windows\System\JXEsjJw.exe
  2⤵
  PID:1664
- C:\Windows\System\PWqijtw.exe
  C:\Windows\System\PWqijtw.exe
  2⤵
  PID:620
- C:\Windows\System\fLWZrby.exe
  C:\Windows\System\fLWZrby.exe
  2⤵
  PID:836
- C:\Windows\System\fYhDoOH.exe
  C:\Windows\System\fYhDoOH.exe
  2⤵
  PID:2876
- C:\Windows\System\VxjJIVa.exe
  C:\Windows\System\VxjJIVa.exe
  2⤵
  PID:2308
- C:\Windows\System\RrcbxsC.exe
  C:\Windows\System\RrcbxsC.exe
  2⤵
  PID:392
- C:\Windows\System\lKjBGju.exe
  C:\Windows\System\lKjBGju.exe
  2⤵
  PID:2328
- C:\Windows\System\LOkGDXT.exe
  C:\Windows\System\LOkGDXT.exe
  2⤵
  PID:1532
- C:\Windows\System\CxLyyNK.exe
  C:\Windows\System\CxLyyNK.exe
  2⤵
  PID:3020
- C:\Windows\System\yhWBvbU.exe
  C:\Windows\System\yhWBvbU.exe
  2⤵
  PID:892
- C:\Windows\System\CtCJOse.exe
  C:\Windows\System\CtCJOse.exe
  2⤵
  PID:2144
- C:\Windows\System\yIchgFW.exe
  C:\Windows\System\yIchgFW.exe
  2⤵
  PID:2920
- C:\Windows\System\UFGWNPy.exe
  C:\Windows\System\UFGWNPy.exe
  2⤵
  PID:2148
- C:\Windows\System\OLnsptW.exe
  C:\Windows\System\OLnsptW.exe
  2⤵
  PID:2892
- C:\Windows\System\QGMDAaI.exe
  C:\Windows\System\QGMDAaI.exe
  2⤵
  PID:1668
- C:\Windows\System\kJTDacL.exe
  C:\Windows\System\kJTDacL.exe
  2⤵
  PID:2928
- C:\Windows\System\IcENjwS.exe
  C:\Windows\System\IcENjwS.exe
  2⤵
  PID:2596
- C:\Windows\System\eeakJIP.exe
  C:\Windows\System\eeakJIP.exe
  2⤵
  PID:2824
- C:\Windows\System\CgvEaJz.exe
  C:\Windows\System\CgvEaJz.exe
  2⤵
  PID:1448
- C:\Windows\System\TPFsSZQ.exe
  C:\Windows\System\TPFsSZQ.exe
  2⤵
  PID:3000
- C:\Windows\System\FmDSeGn.exe
  C:\Windows\System\FmDSeGn.exe
  2⤵
  PID:2700
- C:\Windows\System\Oupmfqu.exe
  C:\Windows\System\Oupmfqu.exe
  2⤵
  PID:1336
- C:\Windows\System\hRXzWQp.exe
  C:\Windows\System\hRXzWQp.exe
  2⤵
  PID:2792
- C:\Windows\System\avvRbiY.exe
  C:\Windows\System\avvRbiY.exe
  2⤵
  PID:1128
- C:\Windows\System\BpAnBaR.exe
  C:\Windows\System\BpAnBaR.exe
  2⤵
  PID:1872
- C:\Windows\System\RdKECXW.exe
  C:\Windows\System\RdKECXW.exe
  2⤵
  PID:2040
- C:\Windows\System\yTpRYdB.exe
  C:\Windows\System\yTpRYdB.exe
  2⤵
  PID:1488
- C:\Windows\System\mgUSaVs.exe
  C:\Windows\System\mgUSaVs.exe
  2⤵
  PID:1976
- C:\Windows\System\gqatesU.exe
  C:\Windows\System\gqatesU.exe
  2⤵
  PID:2136
- C:\Windows\System\FvZhpQc.exe
  C:\Windows\System\FvZhpQc.exe
  2⤵
  PID:3056
- C:\Windows\System\cWvwdgT.exe
  C:\Windows\System\cWvwdgT.exe
  2⤵
  PID:1088
- C:\Windows\System\kYIVUrP.exe
  C:\Windows\System\kYIVUrP.exe
  2⤵
  PID:3036
- C:\Windows\System\OzsodkI.exe
  C:\Windows\System\OzsodkI.exe
  2⤵
  PID:2656
- C:\Windows\System\RrFcohz.exe
  C:\Windows\System\RrFcohz.exe
  2⤵
  PID:288
- C:\Windows\System\iWwyVed.exe
  C:\Windows\System\iWwyVed.exe
  2⤵
  PID:1988
- C:\Windows\System\feIeGeP.exe
  C:\Windows\System\feIeGeP.exe
  2⤵
  PID:1772
- C:\Windows\System\TdrziHn.exe
  C:\Windows\System\TdrziHn.exe
  2⤵
  PID:2356
- C:\Windows\System\HaUEbrs.exe
  C:\Windows\System\HaUEbrs.exe
  2⤵
  PID:2076
- C:\Windows\System\BosPuNS.exe
  C:\Windows\System\BosPuNS.exe
  2⤵
  PID:2552
- C:\Windows\System\TpIJtil.exe
  C:\Windows\System\TpIJtil.exe
  2⤵
  PID:2924
- C:\Windows\System\SATOvic.exe
  C:\Windows\System\SATOvic.exe
  2⤵
  PID:2072
- C:\Windows\System\bPbvRFV.exe
  C:\Windows\System\bPbvRFV.exe
  2⤵
  PID:432
- C:\Windows\System\OWdaEOI.exe
  C:\Windows\System\OWdaEOI.exe
  2⤵
  PID:1504
- C:\Windows\System\ZVovsRg.exe
  C:\Windows\System\ZVovsRg.exe
  2⤵
  PID:572
- C:\Windows\System\eAZQaTp.exe
  C:\Windows\System\eAZQaTp.exe
  2⤵
  PID:1140
- C:\Windows\System\TiyFSAA.exe
  C:\Windows\System\TiyFSAA.exe
  2⤵
  PID:2264
- C:\Windows\System\aUkAtkC.exe
  C:\Windows\System\aUkAtkC.exe
  2⤵
  PID:1808
- C:\Windows\System\eutJEoW.exe
  C:\Windows\System\eutJEoW.exe
  2⤵
  PID:2452
- C:\Windows\System\rKKZzQW.exe
  C:\Windows\System\rKKZzQW.exe
  2⤵
  PID:2572
- C:\Windows\System\EjPozfT.exe
  C:\Windows\System\EjPozfT.exe
  2⤵
  PID:1572
- C:\Windows\System\GJpxhTC.exe
  C:\Windows\System\GJpxhTC.exe
  2⤵
  PID:1352
- C:\Windows\System\aVHdbhZ.exe
  C:\Windows\System\aVHdbhZ.exe
  2⤵
  PID:2708
- C:\Windows\System\Uojwvjf.exe
  C:\Windows\System\Uojwvjf.exe
  2⤵
  PID:924
- C:\Windows\System\cRxQRQv.exe
  C:\Windows\System\cRxQRQv.exe
  2⤵
  PID:2900
- C:\Windows\System\DMjdJbj.exe
  C:\Windows\System\DMjdJbj.exe
  2⤵
  PID:2724
- C:\Windows\System\kZzSboY.exe
  C:\Windows\System\kZzSboY.exe
  2⤵
  PID:2568
- C:\Windows\System\ZGESJUU.exe
  C:\Windows\System\ZGESJUU.exe
  2⤵
  PID:2964
- C:\Windows\System\nUqPxCs.exe
  C:\Windows\System\nUqPxCs.exe
  2⤵
  PID:3052
- C:\Windows\System\ERpcQTu.exe
  C:\Windows\System\ERpcQTu.exe
  2⤵
  PID:2960
- C:\Windows\System\XoegdKW.exe
  C:\Windows\System\XoegdKW.exe
  2⤵
  PID:1600
- C:\Windows\System\UDcFNfE.exe
  C:\Windows\System\UDcFNfE.exe
  2⤵
  PID:2092
- C:\Windows\System\ZqGMNrL.exe
  C:\Windows\System\ZqGMNrL.exe
  2⤵
  PID:2424
- C:\Windows\System\UhpybMF.exe
  C:\Windows\System\UhpybMF.exe
  2⤵
  PID:2652
- C:\Windows\System\pIfMCMy.exe
  C:\Windows\System\pIfMCMy.exe
  2⤵
  PID:2688
- C:\Windows\System\ebLimAw.exe
  C:\Windows\System\ebLimAw.exe
  2⤵
  PID:2864
- C:\Windows\System\NUJHkns.exe
  C:\Windows\System\NUJHkns.exe
  2⤵
  PID:2660
- C:\Windows\System\UXMLlTr.exe
  C:\Windows\System\UXMLlTr.exe
  2⤵
  PID:1744
- C:\Windows\System\rkyooBG.exe
  C:\Windows\System\rkyooBG.exe
  2⤵
  PID:1944
- C:\Windows\System\vvaJYoc.exe
  C:\Windows\System\vvaJYoc.exe
  2⤵
  PID:2152
- C:\Windows\System\KlhhGyD.exe
  C:\Windows\System\KlhhGyD.exe
  2⤵
  PID:1100
- C:\Windows\System\aFdrEJs.exe
  C:\Windows\System\aFdrEJs.exe
  2⤵
  PID:1112
- C:\Windows\System\hNeTixh.exe
  C:\Windows\System\hNeTixh.exe
  2⤵
  PID:1560
- C:\Windows\System\EphDzcL.exe
  C:\Windows\System\EphDzcL.exe
  2⤵
  PID:1892
- C:\Windows\System\eOmBeeV.exe
  C:\Windows\System\eOmBeeV.exe
  2⤵
  PID:2004
- C:\Windows\System\pXLcjhF.exe
  C:\Windows\System\pXLcjhF.exe
  2⤵
  PID:3084
- C:\Windows\System\GaHTpKu.exe
  C:\Windows\System\GaHTpKu.exe
  2⤵
  PID:3108
- C:\Windows\System\mChdWfD.exe
  C:\Windows\System\mChdWfD.exe
  2⤵
  PID:3124
- C:\Windows\System\TPmfPzI.exe
  C:\Windows\System\TPmfPzI.exe
  2⤵
  PID:3140
- C:\Windows\System\UZdAFbq.exe
  C:\Windows\System\UZdAFbq.exe
  2⤵
  PID:3164
- C:\Windows\System\pjgJdBC.exe
  C:\Windows\System\pjgJdBC.exe
  2⤵
  PID:3180
- C:\Windows\System\zKcIcIg.exe
  C:\Windows\System\zKcIcIg.exe
  2⤵
  PID:3200
- C:\Windows\System\GFqoFBW.exe
  C:\Windows\System\GFqoFBW.exe
  2⤵
  PID:3216
- C:\Windows\System\yrLwALr.exe
  C:\Windows\System\yrLwALr.exe
  2⤵
  PID:3232
- C:\Windows\System\WipySKm.exe
  C:\Windows\System\WipySKm.exe
  2⤵
  PID:3264
- C:\Windows\System\ZFvABbk.exe
  C:\Windows\System\ZFvABbk.exe
  2⤵
  PID:3280
- C:\Windows\System\dSTAGdt.exe
  C:\Windows\System\dSTAGdt.exe
  2⤵
  PID:3296
- C:\Windows\System\RauHbuc.exe
  C:\Windows\System\RauHbuc.exe
  2⤵
  PID:3324
- C:\Windows\System\CWycVjU.exe
  C:\Windows\System\CWycVjU.exe
  2⤵
  PID:3340
- C:\Windows\System\oCGUGQm.exe
  C:\Windows\System\oCGUGQm.exe
  2⤵
  PID:3360
- C:\Windows\System\MDBcNCa.exe
  C:\Windows\System\MDBcNCa.exe
  2⤵
  PID:3384
- C:\Windows\System\CoCiyxc.exe
  C:\Windows\System\CoCiyxc.exe
  2⤵
  PID:3404
- C:\Windows\System\tZRoZzF.exe
  C:\Windows\System\tZRoZzF.exe
  2⤵
  PID:3420
- C:\Windows\System\kelKJbF.exe
  C:\Windows\System\kelKJbF.exe
  2⤵
  PID:3440
- C:\Windows\System\eSSJCEB.exe
  C:\Windows\System\eSSJCEB.exe
  2⤵
  PID:3464
- C:\Windows\System\IjGVCeo.exe
  C:\Windows\System\IjGVCeo.exe
  2⤵
  PID:3480
- C:\Windows\System\KBFEoxD.exe
  C:\Windows\System\KBFEoxD.exe
  2⤵
  PID:3500
- C:\Windows\System\thkVqOO.exe
  C:\Windows\System\thkVqOO.exe
  2⤵
  PID:3520
- C:\Windows\System\iNJYprX.exe
  C:\Windows\System\iNJYprX.exe
  2⤵
  PID:3536
- C:\Windows\System\faYhgse.exe
  C:\Windows\System\faYhgse.exe
  2⤵
  PID:3552
- C:\Windows\System\Xjcsvwq.exe
  C:\Windows\System\Xjcsvwq.exe
  2⤵
  PID:3568
- C:\Windows\System\PPICeqg.exe
  C:\Windows\System\PPICeqg.exe
  2⤵
  PID:3592
- C:\Windows\System\OWBZrga.exe
  C:\Windows\System\OWBZrga.exe
  2⤵
  PID:3608
- C:\Windows\System\tHvUTkK.exe
  C:\Windows\System\tHvUTkK.exe
  2⤵
  PID:3628
- C:\Windows\System\aFmUqLs.exe
  C:\Windows\System\aFmUqLs.exe
  2⤵
  PID:3656
- C:\Windows\System\wowZcrp.exe
  C:\Windows\System\wowZcrp.exe
  2⤵
  PID:3676
- C:\Windows\System\YNTdyLa.exe
  C:\Windows\System\YNTdyLa.exe
  2⤵
  PID:3704
- C:\Windows\System\vGvgEWk.exe
  C:\Windows\System\vGvgEWk.exe
  2⤵
  PID:3724
- C:\Windows\System\DGoAgRC.exe
  C:\Windows\System\DGoAgRC.exe
  2⤵
  PID:3740
- C:\Windows\System\BiTtBWe.exe
  C:\Windows\System\BiTtBWe.exe
  2⤵
  PID:3764
- C:\Windows\System\ZOzNtka.exe
  C:\Windows\System\ZOzNtka.exe
  2⤵
  PID:3780
- C:\Windows\System\jwQDHsR.exe
  C:\Windows\System\jwQDHsR.exe
  2⤵
  PID:3796
- C:\Windows\System\qfMmXVs.exe
  C:\Windows\System\qfMmXVs.exe
  2⤵
  PID:3816
- C:\Windows\System\oDGPbsu.exe
  C:\Windows\System\oDGPbsu.exe
  2⤵
  PID:3840
- C:\Windows\System\LOwAHow.exe
  C:\Windows\System\LOwAHow.exe
  2⤵
  PID:3860
- C:\Windows\System\KdzGTqN.exe
  C:\Windows\System\KdzGTqN.exe
  2⤵
  PID:3876
- C:\Windows\System\hVwYPsS.exe
  C:\Windows\System\hVwYPsS.exe
  2⤵
  PID:3900
- C:\Windows\System\XKJCemN.exe
  C:\Windows\System\XKJCemN.exe
  2⤵
  PID:3924
- C:\Windows\System\MrXJLrP.exe
  C:\Windows\System\MrXJLrP.exe
  2⤵
  PID:3948
- C:\Windows\System\OAsBhFp.exe
  C:\Windows\System\OAsBhFp.exe
  2⤵
  PID:3964
- C:\Windows\System\cNpfuzg.exe
  C:\Windows\System\cNpfuzg.exe
  2⤵
  PID:3992
- C:\Windows\System\UTMkcoN.exe
  C:\Windows\System\UTMkcoN.exe
  2⤵
  PID:4008
- C:\Windows\System\zxQFSco.exe
  C:\Windows\System\zxQFSco.exe
  2⤵
  PID:4024
- C:\Windows\System\dZyYVWW.exe
  C:\Windows\System\dZyYVWW.exe
  2⤵
  PID:4040
- C:\Windows\System\rzLFfnh.exe
  C:\Windows\System\rzLFfnh.exe
  2⤵
  PID:4060
- C:\Windows\System\MRHUaQS.exe
  C:\Windows\System\MRHUaQS.exe
  2⤵
  PID:4076
- C:\Windows\System\CCeJbNn.exe
  C:\Windows\System\CCeJbNn.exe
  2⤵
  PID:4092
- C:\Windows\System\ATTFGkb.exe
  C:\Windows\System\ATTFGkb.exe
  2⤵
  PID:2840
- C:\Windows\System\hAtfRvz.exe
  C:\Windows\System\hAtfRvz.exe
  2⤵
  PID:3104
- C:\Windows\System\LLLuKaz.exe
  C:\Windows\System\LLLuKaz.exe
  2⤵
  PID:3132
- C:\Windows\System\IOewwmi.exe
  C:\Windows\System\IOewwmi.exe
  2⤵
  PID:3176
- C:\Windows\System\pYGzZiT.exe
  C:\Windows\System\pYGzZiT.exe
  2⤵
  PID:3208
- C:\Windows\System\yagLuMQ.exe
  C:\Windows\System\yagLuMQ.exe
  2⤵
  PID:3148
- C:\Windows\System\mYAUgEu.exe
  C:\Windows\System\mYAUgEu.exe
  2⤵
  PID:3256
- C:\Windows\System\OsyhJyv.exe
  C:\Windows\System\OsyhJyv.exe
  2⤵
  PID:3320
- C:\Windows\System\RkKkFxS.exe
  C:\Windows\System\RkKkFxS.exe
  2⤵
  PID:2160
- C:\Windows\System\xarUNhV.exe
  C:\Windows\System\xarUNhV.exe
  2⤵
  PID:3376
- C:\Windows\System\eKzLRaT.exe
  C:\Windows\System\eKzLRaT.exe
  2⤵
  PID:3400
- C:\Windows\System\siFYNaG.exe
  C:\Windows\System\siFYNaG.exe
  2⤵
  PID:3456
- C:\Windows\System\oVZFRFX.exe
  C:\Windows\System\oVZFRFX.exe
  2⤵
  PID:3432
- C:\Windows\System\PyIPMyw.exe
  C:\Windows\System\PyIPMyw.exe
  2⤵
  PID:3472
- C:\Windows\System\mSGAntY.exe
  C:\Windows\System\mSGAntY.exe
  2⤵
  PID:3564
- C:\Windows\System\skikuJR.exe
  C:\Windows\System\skikuJR.exe
  2⤵
  PID:3600
- C:\Windows\System\SbweJdF.exe
  C:\Windows\System\SbweJdF.exe
  2⤵
  PID:3644
- C:\Windows\System\QIUSbDS.exe
  C:\Windows\System\QIUSbDS.exe
  2⤵
  PID:3580
- C:\Windows\System\ShxBLjU.exe
  C:\Windows\System\ShxBLjU.exe
  2⤵
  PID:3664
- C:\Windows\System\oExoYki.exe
  C:\Windows\System\oExoYki.exe
  2⤵
  PID:3684
- C:\Windows\System\SHLKTQq.exe
  C:\Windows\System\SHLKTQq.exe
  2⤵
  PID:3700
- C:\Windows\System\JzdnnjL.exe
  C:\Windows\System\JzdnnjL.exe
  2⤵
  PID:3712
- C:\Windows\System\jjWuYeA.exe
  C:\Windows\System\jjWuYeA.exe
  2⤵
  PID:3756
- C:\Windows\System\rAqtPOj.exe
  C:\Windows\System\rAqtPOj.exe
  2⤵
  PID:3812
- C:\Windows\System\qJVIvdJ.exe
  C:\Windows\System\qJVIvdJ.exe
  2⤵
  PID:3828
- C:\Windows\System\vHoLRxp.exe
  C:\Windows\System\vHoLRxp.exe
  2⤵
  PID:3872
- C:\Windows\System\rRhHOyP.exe
  C:\Windows\System\rRhHOyP.exe
  2⤵
  PID:3936
- C:\Windows\System\pJbYULG.exe
  C:\Windows\System\pJbYULG.exe
  2⤵
  PID:3984
- C:\Windows\System\pPbuFzt.exe
  C:\Windows\System\pPbuFzt.exe
  2⤵
  PID:4016
- C:\Windows\System\DSWtvUZ.exe
  C:\Windows\System\DSWtvUZ.exe
  2⤵
  PID:4052
- C:\Windows\System\xOsnwHg.exe
  C:\Windows\System\xOsnwHg.exe
  2⤵
  PID:3100
- C:\Windows\System\uyscVgo.exe
  C:\Windows\System\uyscVgo.exe
  2⤵
  PID:4032
- C:\Windows\System\lbELWQz.exe
  C:\Windows\System\lbELWQz.exe
  2⤵
  PID:3120
- C:\Windows\System\kBgibBD.exe
  C:\Windows\System\kBgibBD.exe
  2⤵
  PID:3244
- C:\Windows\System\YEAldkS.exe
  C:\Windows\System\YEAldkS.exe
  2⤵
  PID:3336
- C:\Windows\System\wzgVVvK.exe
  C:\Windows\System\wzgVVvK.exe
  2⤵
  PID:3224
- C:\Windows\System\oQNOFlJ.exe
  C:\Windows\System\oQNOFlJ.exe
  2⤵
  PID:3372
- C:\Windows\System\OJoYZYD.exe
  C:\Windows\System\OJoYZYD.exe
  2⤵
  PID:3492
- C:\Windows\System\psCJeKV.exe
  C:\Windows\System\psCJeKV.exe
  2⤵
  PID:3652
- C:\Windows\System\YcXgsRc.exe
  C:\Windows\System\YcXgsRc.exe
  2⤵
  PID:3736
- C:\Windows\System\SCNWAoD.exe
  C:\Windows\System\SCNWAoD.exe
  2⤵
  PID:3380
- C:\Windows\System\OATgHmA.exe
  C:\Windows\System\OATgHmA.exe
  2⤵
  PID:3832
- C:\Windows\System\OaYSvWE.exe
  C:\Windows\System\OaYSvWE.exe
  2⤵
  PID:3532
- C:\Windows\System\eHdjaSc.exe
  C:\Windows\System\eHdjaSc.exe
  2⤵
  PID:3624
- C:\Windows\System\QrWseyw.exe
  C:\Windows\System\QrWseyw.exe
  2⤵
  PID:3852
- C:\Windows\System\xwtzGJZ.exe
  C:\Windows\System\xwtzGJZ.exe
  2⤵
  PID:3760
- C:\Windows\System\aQUmDCn.exe
  C:\Windows\System\aQUmDCn.exe
  2⤵
  PID:3692
- C:\Windows\System\KfdrhAV.exe
  C:\Windows\System\KfdrhAV.exe
  2⤵
  PID:3636
- C:\Windows\System\CYzHixM.exe
  C:\Windows\System\CYzHixM.exe
  2⤵
  PID:4084
- C:\Windows\System\XohMpoK.exe
  C:\Windows\System\XohMpoK.exe
  2⤵
  PID:3932
- C:\Windows\System\NkzbBmH.exe
  C:\Windows\System\NkzbBmH.exe
  2⤵
  PID:3976
- C:\Windows\System\ccYkSzK.exe
  C:\Windows\System\ccYkSzK.exe
  2⤵
  PID:3240
- C:\Windows\System\pGeBQJi.exe
  C:\Windows\System\pGeBQJi.exe
  2⤵
  PID:3288
- C:\Windows\System\LXjyKLK.exe
  C:\Windows\System\LXjyKLK.exe
  2⤵
  PID:3396
- C:\Windows\System\IAVAoVZ.exe
  C:\Windows\System\IAVAoVZ.exe
  2⤵
  PID:3512
- C:\Windows\System\NjORfAa.exe
  C:\Windows\System\NjORfAa.exe
  2⤵
  PID:3616
- C:\Windows\System\KsMKJtg.exe
  C:\Windows\System\KsMKJtg.exe
  2⤵
  PID:3892
- C:\Windows\System\KMusBwx.exe
  C:\Windows\System\KMusBwx.exe
  2⤵
  PID:3868
- C:\Windows\System\fWtxUnB.exe
  C:\Windows\System\fWtxUnB.exe
  2⤵
  PID:4004
- C:\Windows\System\ocNHbHp.exe
  C:\Windows\System\ocNHbHp.exe
  2⤵
  PID:3896
- C:\Windows\System\SuAjmEx.exe
  C:\Windows\System\SuAjmEx.exe
  2⤵
  PID:4036
- C:\Windows\System\XftIbIK.exe
  C:\Windows\System\XftIbIK.exe
  2⤵
  PID:3956
- C:\Windows\System\OWMfDaZ.exe
  C:\Windows\System\OWMfDaZ.exe
  2⤵
  PID:2788
- C:\Windows\System\irmxfmt.exe
  C:\Windows\System\irmxfmt.exe
  2⤵
  PID:3152
- C:\Windows\System\ixYRspO.exe
  C:\Windows\System\ixYRspO.exe
  2⤵
  PID:3544
- C:\Windows\System\DDiZwrm.exe
  C:\Windows\System\DDiZwrm.exe
  2⤵
  PID:3436
- C:\Windows\System\ApHZAQA.exe
  C:\Windows\System\ApHZAQA.exe
  2⤵
  PID:3944
- C:\Windows\System\KDmYkGk.exe
  C:\Windows\System\KDmYkGk.exe
  2⤵
  PID:3980
- C:\Windows\System\lCpCjIJ.exe
  C:\Windows\System\lCpCjIJ.exe
  2⤵
  PID:3332
- C:\Windows\System\iMPohah.exe
  C:\Windows\System\iMPohah.exe
  2⤵
  PID:3316
- C:\Windows\System\oxQTIMi.exe
  C:\Windows\System\oxQTIMi.exe
  2⤵
  PID:3620
- C:\Windows\System\eEsfZyh.exe
  C:\Windows\System\eEsfZyh.exe
  2⤵
  PID:3308
- C:\Windows\System\NahOmmN.exe
  C:\Windows\System\NahOmmN.exe
  2⤵
  PID:3584
- C:\Windows\System\WXXKgiF.exe
  C:\Windows\System\WXXKgiF.exe
  2⤵
  PID:3228
- C:\Windows\System\IIfVIPS.exe
  C:\Windows\System\IIfVIPS.exe
  2⤵
  PID:3080
- C:\Windows\System\rtmlzIk.exe
  C:\Windows\System\rtmlzIk.exe
  2⤵
  PID:3312
- C:\Windows\System\LVkcFkr.exe
  C:\Windows\System\LVkcFkr.exe
  2⤵
  PID:3888
- C:\Windows\System\bmwxURl.exe
  C:\Windows\System\bmwxURl.exe
  2⤵
  PID:4120
- C:\Windows\System\sBbDbXJ.exe
  C:\Windows\System\sBbDbXJ.exe
  2⤵
  PID:4136
- C:\Windows\System\tOKTjPw.exe
  C:\Windows\System\tOKTjPw.exe
  2⤵
  PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMZWRSW.exe

Filesize
2.0MB

MD5
c92d29bf14c5f7dbd6818fdc28048936

SHA1
3be992b514e4a8d173e835bfb2daea6184fe5317

SHA256
6373a310699dfe355ff7724537358b5d6f99bd3af1dc1269e6c0053182d2cde2

SHA512
44ff92242f172fb7966dfe92955f62a6d609f9f8e8d5a8022c47701affabad64a87251f1790d65a07839309f8f2d271421402ea643f40c7301e89d5d6ee60578

Download Submit
C:\Windows\system\BSOTqek.exe

Filesize
2.0MB

MD5
f29f93396d561bfd2ae4f7af07edfb85

SHA1
bc52c91b536439bae52d551233a764395e81a336

SHA256
65fac350626cbf9a6e9a8c2c2a2f22aba9b7a80534d25bf852597f6121f65435

SHA512
cdcbc5bb9cb119e69f30e50e10ff2ac5f111569c867f9d7df39522dbe9d1a756fddaddb2923cddf5d6cfd259d4a77f0d462878a01c6c33a8568c884c22735b9a

Download Submit
C:\Windows\system\BhpjnLw.exe

Filesize
2.0MB

MD5
709350b7a552a012ce991bb976e7859f

SHA1
e9e017f75726b32e67e149be3d049adbb0cdebd1

SHA256
36951cf1c8d682ec7c14d48d8aa67ca3a8788e5cce20de5dea1df45893b5491f

SHA512
0274f57070f1764f9b7349f9ac7bb2b95fc433a02eb77a069cee07975839546fdeb2db0c7a3db9a52e38ceb331795a83f8f96fcf26e14cc5d656e87831cc8fdd

Download Submit
C:\Windows\system\DPWAbHn.exe

Filesize
2.0MB

MD5
94713f5b5cffc2f3e754464651e8032a

SHA1
b682dc8b3a63a82b5e490cfc41f8465ff35fdb95

SHA256
bdf62d8876d94911ebece0b4af8f1668e3c44fc99f312c564c0ade5656329d5f

SHA512
d910eb4d3f2ea8250a5b09f7902649ba7edaad6ccb2990ee8431fcf122c72b498036fdb65ef34bbac227b634e834b8286bfcf7491987008eaea813a0c0c59853

Download Submit
C:\Windows\system\FQtLkcX.exe

Filesize
2.0MB

MD5
086b79fd6112d7cf955170ae5cad6fd1

SHA1
94b4c0e49f6363755536c53018012f8968dd5265

SHA256
2114d4ff916f56104df941dc13b529d3d5d91475d80a13362d366088da165a86

SHA512
932070dece9b1ef3183720e868e25b7461ae84f9db457f5196b72364844303869253dec213224596f6c1dd07775c9168d85f20994bc6b8af4e13b54dbb8422bd

Download Submit
C:\Windows\system\GWNzqbt.exe

Filesize
2.0MB

MD5
40f2a85a16e44ebf3a60c81689a61cd1

SHA1
0f65e526e4c43ccd2f672b42d98b5b358311b9d1

SHA256
4011fb001b15a3e0d6da97f10e80c1f8e777cd14147bfeea1eb146db9c25a287

SHA512
4db3f6b153f8ed6b8294a97d2bdc00cd3cc0b69332f0cd8aa646deb556498838c778dec8768be6a3842c2e72dbcf2595389f9b2a8fcecd1c50844992cd4860ae

Download Submit
C:\Windows\system\KOYZXpN.exe

Filesize
2.0MB

MD5
f5f46a707ba305bd23861dbb87fc7e3f

SHA1
07c7ee8e8532c2126636ebeef05f86bb51534996

SHA256
0638b20b5728e056a10197db018a52dd0f9bba52f0d83f887c40bf24b222ca4f

SHA512
150d7b35360031aad19094a8b5ec735229ccba3b80ee36a916adb2a7a05e738da886a6efb8ddb5ddc361d2cb6f10563885a6c64483b757a6bb691507a8e5b76c

Download Submit
C:\Windows\system\QkIAYGr.exe

Filesize
2.0MB

MD5
30991bacaec88a8f72e756a3272489d0

SHA1
45a43957224d7deea2c6b57d7bb223000c9eb57e

SHA256
5e5af197d85ba0c52f3f3ab3c5e4ac4c82a39bc695617fb7ab58641882b35e56

SHA512
9369773eb91ca9f89c3af201fda443127961adf051911806e80425f932a6788e3f20da9540f2ed3b3c9ca5e9fef1293f904fe6838de76129f4676067f45e1f58

Download Submit
C:\Windows\system\RPKFyEn.exe

Filesize
2.0MB

MD5
1b052fce526d8e9d923ad432b2db862c

SHA1
8b8f171c21fed907073036d62c8059ca0885de78

SHA256
ba01a437eadcdfad171582d33c411f838a6e9eb1875185a13c31f57a39d6e484

SHA512
3858a6ee6d32e97d0cca0851498cd6b75a1e18dfce2c08e06bc3a660dbd94ac0f83e500a3125b16dd0c3d255e8484409d51f5087a5692b9735b0da17f98642b0

Download Submit
C:\Windows\system\SEZKoFH.exe

Filesize
2.0MB

MD5
06488f47e8d88865828b47371deadd38

SHA1
3ac54b481135f9be0bf6839406c8b45a1060508f

SHA256
f1bc388f9dceb7eaacbb982d160978ce9be14dc5192d07433aea15256b1b6118

SHA512
bcfa44d1ab4007c582f83ac4f6d7576b9c68421a4873280a699a317613e0634b9c882dc922198e7893a02f24dc0b0eec25466b369d492a8922a5d7d998476b27

Download Submit
C:\Windows\system\UPMuEfk.exe

Filesize
2.0MB

MD5
c1711b99b4bc7ff5e441f0fb622d9128

SHA1
4c33b3870ea64a7492a4fbe8a76309e3037e6a1a

SHA256
2cebd583f0ef1eff34b0f37efce1825e6ae8a7beff0d3ae08862edc7435f3480

SHA512
aca8466a2dea507281e8c51486d7ac414a2ca793149075e1a19b77fd6442e8dbf6845ea93e081e76df1f33639b209a0225ca1feabf1f34755e2e88999341ac25

Download Submit
C:\Windows\system\VAlvqTD.exe

Filesize
2.0MB

MD5
1a6dce07067ba4084a2962ae36b89521

SHA1
57e49e650d1ca01cd037e4ebf3ea2efbfbe81345

SHA256
efa5617c126cf6d1f2c48f3124178739296fd660c40a1108814546d88dac2283

SHA512
21aee68ba00581bd4c5562875f0d0a8d842a7ee404328ea4b588e3e848a68476a476078ce9cbd22a7ddc8c8ee964962919595dd31d9a55f67d88061b9351353a

Download Submit
C:\Windows\system\XTyYClO.exe

Filesize
2.0MB

MD5
af215a4282969175dbbe805ddc61b124

SHA1
158e0f767d852f3de10ec52e8565e920476ee911

SHA256
f8114d7c6a0ef377687a93d04737aaaa963e4c9c5d1ef6105fc227a714a9bac8

SHA512
16f618fec65c943148e6cbb734bdec1d55d6211ff9b01a51c6dac5684e0a2b6a5ec89aee9194d874e77ac58ee927613ac2c02e17dbe08512c48dbefc755f0e72

Download Submit
C:\Windows\system\XnFBACC.exe

Filesize
2.0MB

MD5
dbf61cf154004450370e856dbf45bf0c

SHA1
bd4fed4fd162b94c1139fd3de8d05119f7a1056b

SHA256
06d645091bfc39f6cde25544c9497b7b9fd30ce67ce8aa0481723b4cb9f6e306

SHA512
fc7a3bbcc083c9addd31663819fed97e4cc35dcf801fb15afdd18bf8315bd770263c8c93a97958d0cce914949f7fc3b9cdcceabbc33574eea5413e83a4fc3314

Download Submit
C:\Windows\system\bddFjbo.exe

Filesize
2.0MB

MD5
4bab456e6c100d50840acc48597839a3

SHA1
68d09671a6209ad3a55a750b6d405e5371decad5

SHA256
3686d9f769a6abee328766b73d06ca4f2b32887f7b40847a71d6341f4341d813

SHA512
a49f20b853e67f4dd46a06fc9f29bc3dba85588c8a6f2f87a2c92b6edf2f3300e4bafa1ec3b5e213e1e618c42d70fca3dcfb48077233228a7383070381b33d78

Download Submit
C:\Windows\system\ceBTajK.exe

Filesize
2.0MB

MD5
f4cab537728bccfc5ea1d7f0e4351e72

SHA1
60916b0b6da1abc3f71047cb30cbd68d2309891f

SHA256
4e448f2af7ed9e32d0a58c2d00f36f381299baebb058ddeef514d61bfbd67b9b

SHA512
03d341166b416a7ec4e86d5a39ec33e822d64a0ae9343050b195d63f8cde1d3d4b6f86aab8450e62233f90a614812751d392a78a91e48fce8cb31c9f48e5729f

Download Submit
C:\Windows\system\deZpOag.exe

Filesize
2.0MB

MD5
80837abb1307928e1d6e9c4bfb55b324

SHA1
4df2157b987174cb682daed9e620a74097091b5b

SHA256
1b113d50688d04d157b99e47bccb9e35345f487bb26bafa0aa5c8fe890197b03

SHA512
cc25548ac5ae0008c3a71141765136aadfdb5e3206c54a751c1597d547579720850071efc24bb42c783f255d237a2d6f1fbcdcf5ca719ebacb2ee4e83124e441

Download Submit
C:\Windows\system\fHLUCoR.exe

Filesize
2.0MB

MD5
6d69f88bdc6efef550c798064f6285ec

SHA1
7e854371aa18fd388008c9c592310ca671a31465

SHA256
8b9d5c6c399eec6f0e022c94128cbde9062f2d6d05699d3ab88e99492708b2b0

SHA512
1224c90b549edbd3ac9ffc31ea471751ebf570a089d77842382d6b4a110efc2c85fe5fb1b1a6b5220f31891cc4ec04b7134ce58457d75cd796b9ba85d5aff607

Download Submit
C:\Windows\system\huKmyap.exe

Filesize
2.0MB

MD5
7ffdd8d719c591ab050b768425216ad0

SHA1
69270c252285b30c0b926f8e112a97061286f56c

SHA256
16e7fc2ba2dbf057849335cdfba1865632e035a02c19bd0d93c9f3d3ba0d8bf8

SHA512
b7848d2f018b6921a89b94be0c6eaea00c09a733deabe7d5ac7e7becaa613f8c9e40820a5a415f111ed58a1449a02ff9133d78f4ad8a697eeb79175171c83b24

Download Submit
C:\Windows\system\jBfCwgX.exe

Filesize
2.0MB

MD5
260362025034185d43fb5f35fbd5d651

SHA1
d3231d0b2883c9c552b6e61a0dface72de7eae5e

SHA256
6242cc4da208c9c7521a2f8a7f35a6c5f6579ee0791ec249c41f372a5b30fd1f

SHA512
df46c65fc416331814fa130aceada61707ee2b5117df54858f94fc69b4f0a1afd645307266d48063d049ad0e8cb0ed92f55555a324381a61bc89974f294a6948

Download Submit
C:\Windows\system\ngCdrQU.exe

Filesize
2.0MB

MD5
49b8bda90f5c030bcff67652c87c8846

SHA1
5b7c6a24e060adcb266d96e7e48d98129d6930de

SHA256
3082b322aa3d15aecbe69241c1eced7d3452098f6e39b704c6b6f79175baa88f

SHA512
f6047fe7a672137af223c92b07d66a208bda666c67baf0ca312c12abb6c1bb904caef28a785971f77482347e18bf7fbb4a578b2de8ff86a3a41d534e7ffd2db6

Download Submit
C:\Windows\system\qXzFQtW.exe

Filesize
2.0MB

MD5
1f9c29d5fe4d4e953ca990439b128c0d

SHA1
c0e3a30d1920ac001a95fef57642906843240453

SHA256
f284003b5697fa06885bc5bec26f685170a327e3066dc4682d31789f8a31ccea

SHA512
62113db7e56bf0907b4bebfc3a0758b24e9843c5d8b317cf396ca20c52d9c5aa99e0fc424f56b7e6bb2d708ac913619d082fe56d6c4f84e490ebd13103b5560f

Download Submit
C:\Windows\system\sagITDo.exe

Filesize
2.0MB

MD5
a84644fcec99eaff451ee370a6e9b7ee

SHA1
6a96a0c7c0271a7dbdf7cc2d171b9fe34f4906b6

SHA256
277246e56b0d2ec690afb9800a59a7a651be6976b96a4496c912df99e7997c8c

SHA512
01cb4e6b8639945567219a5aaaff628c608c6b3ea3e330cadb7fb95677e732b39dc2ec348b4090cd36f6f9e76ad8c6dc51a9127005da9fcc0e9fedd373ec0b4f

Download Submit
C:\Windows\system\yMaJgWa.exe

Filesize
2.0MB

MD5
3fa85501d0c74f7ff0b2e4dbeb3a10a1

SHA1
3e9916afd9ef5e610f2e42dc825bbcc6b0f700f9

SHA256
ac1f0ee9c9a0166413af7d2caaacc7d77d55b03f3ef745e779df23b6304d6568

SHA512
6ac58262c7ea6dcb4de57d827eb9ad71b0f920328be60cfd9843b11177697146fdd076e49eb3fb7a2b0a0c549ce3b2fe5c8d8b47d94ba434fabba2b71f006a07

Download Submit
C:\Windows\system\yuLwvyK.exe

Filesize
2.0MB

MD5
1886b7ac2aba5e5e4d01ee36ce098cdb

SHA1
1a1cf36e4dff238556bb7548fc5ae5989f8a3b3a

SHA256
b006c36966c57c698337ae461fa35f7a104ec4989155097c7eede881c1335859

SHA512
a4ec26dd2031b0c442418db1ff47a048c7e4438c691397d3c89fa08b6202e049db28a06e9d8807e96ec6392fa83d154a2cab18d535b8737035bb3c5635fdbfc1

Download Submit
C:\Windows\system\zYkrjIz.exe

Filesize
2.0MB

MD5
1c7c2ceeb8ef7894a4db6b3cbd14d03d

SHA1
234b381d4d836d0ec40efa28c6c11183bf903860

SHA256
eef6466c8ed47b0a3cccebfce433f3ea8906c27ee14702f004ac649354d249cb

SHA512
56e1dbc4a8c1d919b3d41dbdf408ed47a3fc4aa8100981d9fcc5ae93c1063ef84b11106021ca98a0ac9d20001d0c4fa35d5a3dbbd2df0350f984995d46c7e115

Download Submit
\Windows\system\LJbHxWx.exe

Filesize
2.0MB

MD5
5b47c25b5f9c9ab6c1530a02762763ee

SHA1
0f25a223d75e8efd4edee933ec978dec231597fa

SHA256
30836d31668000e56f48df6baa8a71d900da15739122f8358a59e4d4d45f3117

SHA512
f18c8404a6a870e72b7aa915d051a83b0983a8c3c6e32837666449c1e844b0bdae972a3477f554d4bef7bead51b5d6af5429c931c24f230a1e2e316c168fd585

Download Submit
\Windows\system\MKzgJzY.exe

Filesize
2.0MB

MD5
d79df36e93e02c1efa62d98217d37d31

SHA1
b2bb37faf6f5b9fb14d051c8200c59a721382e51

SHA256
cdf9e3ab4ede7e961044ee6d21e2dd97a04f17f09c711d9b464c76b91dbbcdb8

SHA512
746feb7f416c49795793eeadb880dc51d69531f131da1e08f1c9d59866fed1c2fb61b04ec374d0ec62b7b1ffaacf9585d4fbe11a1fd1b37edd2c7849422e3cf8

Download Submit
\Windows\system\WjTBdgQ.exe

Filesize
2.0MB

MD5
ec1eca6698a56ac08f77c65d2fd5cc31

SHA1
7ddf2431e8666ec436596de404db85ddffd9786a

SHA256
20197ae6ae81bbd6b1ce21819111c08a360c74c954df959e4c43ca23dff2a544

SHA512
41ea22fdaec34135b9dc8ba1947521bf56e50b6b4c0a9edd78241660cd4351b1071d68fcff7bf7d20420b511089368afb8320c5be1955fcc6b404c56e2761b4e

Download Submit
\Windows\system\fZBlssY.exe

Filesize
2.0MB

MD5
6217665b85eeba49c75fa7eaf6f79fb0

SHA1
39daf721dab496fd0656a76f0f1c783199a30c4d

SHA256
1959fbb021090340c7d4bece2f0608552c3fe814dea728e4499d58b593301f9d

SHA512
a9623981266fbd48030d1c4bb686911a52aefccb25cd2323862eb88757f603d22f746e6c2c1c7ae9946f9634242332e7c24e2df7f5e4603572b78a647fe5e322

Download Submit
\Windows\system\hJkhuFL.exe

Filesize
2.0MB

MD5
fd9ded496a132a41e12e45490bd2f8de

SHA1
7d42c3c6b66a8f9211ef7ee1e19540bae4527038

SHA256
43c4583d8fc989688e896faa3c8077a532c671e6f76c00e76b49148cd44209c6

SHA512
8555a29654549b8201f0a094a486d75f7ceecfd0baa1cbcf440dfda207674668185bdbb8c8da6019a2821e9a48605d4fd7146c15d6c9b43fabab9aa4ca1d5ae1

Download Submit
\Windows\system\qSpOBgf.exe

Filesize
2.0MB

MD5
13ed123fd349e4382d270e3fc1f28757

SHA1
c0baac41788e0075a93f4f3bd83565bc4d85e18e

SHA256
58e1b38863820fee103b67edc8f1db82b39332293f5e5ab90e9959867648c28a

SHA512
fab0d39661cc8dc033a156a9cff9d290ac73fe92b29c4553f4fddde297343d4e2314455ab017c0b32b176551f73df17500c119a28fc68b554149958d4bf47b86

Download Submit
memory/2184-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download