kpot | a840d6c5a47d44744c84f4cb7d20d5df651547d71083cfea6b39e7a48db252a6

Analysis

max time kernel
149s
max time network
156s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
Size

2.0MB
MD5

af7ccf5b29bc7c06d25f7baa872c2ac0
SHA1

9b22e38faa9fcb7a5ce59428589f865800651d5d
SHA256

a840d6c5a47d44744c84f4cb7d20d5df651547d71083cfea6b39e7a48db252a6
SHA512

ef74029ed1fc355f70b11352d20eb68c6a66f63b8c666275f5776b149cf82755cd3bfdf890110546d3b927c82a02849aff43a536cdf2725f6fc8a37cfd7a7757
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Ev:GemTLkNdfE0pZaQC

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x002b000000015561-8.dat	family_kpot
behavioral1/files/0x002c000000015602-12.dat	family_kpot
behavioral1/files/0x0009000000015c2f-17.dat	family_kpot
behavioral1/files/0x0007000000015c60-27.dat	family_kpot
behavioral1/files/0x0007000000015c58-24.dat	family_kpot
behavioral1/files/0x0007000000015c68-33.dat	family_kpot
behavioral1/files/0x0009000000015c79-37.dat	family_kpot
behavioral1/files/0x000600000001644e-44.dat	family_kpot
behavioral1/files/0x00060000000165fd-52.dat	family_kpot
behavioral1/files/0x0006000000016c07-72.dat	family_kpot
behavioral1/files/0x0006000000016c76-89.dat	family_kpot
behavioral1/files/0x0006000000016c21-76.dat	family_kpot
behavioral1/files/0x0006000000016ccb-94.dat	family_kpot
behavioral1/files/0x0006000000016d5b-151.dat	family_kpot
behavioral1/files/0x0006000000016d2b-134.dat	family_kpot
behavioral1/files/0x0006000000016d94-160.dat	family_kpot
behavioral1/files/0x0006000000016d4c-158.dat	family_kpot
behavioral1/files/0x0006000000016cf8-128.dat	family_kpot
behavioral1/files/0x0006000000016d0a-124.dat	family_kpot
behavioral1/files/0x0006000000016d3c-140.dat	family_kpot
behavioral1/files/0x0006000000016d0f-131.dat	family_kpot
behavioral1/files/0x0006000000016ce4-105.dat	family_kpot
behavioral1/files/0x0006000000016c2a-84.dat	family_kpot
behavioral1/files/0x0006000000016cfe-119.dat	family_kpot
behavioral1/files/0x0006000000016cec-111.dat	family_kpot
behavioral1/files/0x0006000000016cdc-99.dat	family_kpot
behavioral1/files/0x000d000000015612-81.dat	family_kpot
behavioral1/files/0x0006000000016af1-60.dat	family_kpot
behavioral1/files/0x0006000000016812-56.dat	family_kpot
behavioral1/files/0x000600000001657c-48.dat	family_kpot
behavioral1/files/0x0008000000015c83-40.dat	family_kpot
behavioral1/files/0x0009000000012281-5.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x002b000000015561-8.dat	xmrig
behavioral1/files/0x002c000000015602-12.dat	xmrig
behavioral1/files/0x0009000000015c2f-17.dat	xmrig
behavioral1/files/0x0007000000015c60-27.dat	xmrig
behavioral1/files/0x0007000000015c58-24.dat	xmrig
behavioral1/files/0x0007000000015c68-33.dat	xmrig
behavioral1/files/0x0009000000015c79-37.dat	xmrig
behavioral1/files/0x000600000001644e-44.dat	xmrig
behavioral1/files/0x00060000000165fd-52.dat	xmrig
behavioral1/files/0x0006000000016c07-72.dat	xmrig
behavioral1/files/0x0006000000016c76-89.dat	xmrig
behavioral1/files/0x0006000000016c21-76.dat	xmrig
behavioral1/files/0x0006000000016ccb-94.dat	xmrig
behavioral1/files/0x0006000000016d5b-151.dat	xmrig
behavioral1/files/0x0006000000016d2b-134.dat	xmrig
behavioral1/files/0x0006000000016d94-160.dat	xmrig
behavioral1/files/0x0006000000016d4c-158.dat	xmrig
behavioral1/files/0x0006000000016cf8-128.dat	xmrig
behavioral1/files/0x0006000000016d0a-124.dat	xmrig
behavioral1/files/0x0006000000016d3c-140.dat	xmrig
behavioral1/files/0x0006000000016d0f-131.dat	xmrig
behavioral1/files/0x0006000000016ce4-105.dat	xmrig
behavioral1/files/0x0006000000016c2a-84.dat	xmrig
behavioral1/files/0x0006000000016cfe-119.dat	xmrig
behavioral1/files/0x0006000000016cec-111.dat	xmrig
behavioral1/files/0x0006000000016cdc-99.dat	xmrig
behavioral1/files/0x000d000000015612-81.dat	xmrig
behavioral1/files/0x0006000000016af1-60.dat	xmrig
behavioral1/files/0x0006000000016812-56.dat	xmrig
behavioral1/files/0x000600000001657c-48.dat	xmrig
behavioral1/files/0x0008000000015c83-40.dat	xmrig
behavioral1/files/0x0009000000012281-5.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1992	mBGkwAU.exe
2808	RiwgTme.exe
2020	NoAUaDV.exe
2720	cstrIPA.exe
2744	nrtbirS.exe
2644	ShJQlpN.exe
2696	cmtuhKO.exe
2964	eaLgjeg.exe
2336	NTlyVHM.exe
2948	rXqoHmp.exe
2624	mHQToNs.exe
2544	WRcuxyq.exe
2500	YROUaIv.exe
2560	QswMDYj.exe
1048	QvXzQRc.exe
1704	DZfAESe.exe
1044	plscgOi.exe
1688	muOqaHX.exe
1580	WYQONkn.exe
2388	AaxDIme.exe
2460	ouYzDCS.exe
1772	XVBURLY.exe
2436	rnnIABX.exe
748	eZejkKu.exe
2216	qAkjLPw.exe
1440	DEVhdfI.exe
928	JyoOqAP.exe
836	nTphjzy.exe
1672	necIYfO.exe
2448	eqLihjb.exe
1512	wGPSlfD.exe
2688	CecPWew.exe
2292	jcCveJV.exe
2272	UwwNjgt.exe
1848	rvQTWzK.exe
2264	uGrwGXR.exe
1856	JouWRHX.exe
2548	xkFltPu.exe
796	zxSZKOl.exe
2332	QfgymEJ.exe
2260	aoItiKA.exe
288	RWxAEAs.exe
1768	SNeewIU.exe
2556	tqXincm.exe
268	PukBqbh.exe
1520	tUhPltv.exe
1052	hssxtLA.exe
1864	HkfZFeD.exe
1696	mBnunlW.exe
892	TxdSMSY.exe
1572	sAbzIpv.exe
1764	haroGsT.exe
1868	WcpHEvm.exe
1304	oqsgMaQ.exe
2884	BSFsxAy.exe
1012	GvJZbNT.exe
2828	uYvfENN.exe
2816	dGuGORn.exe
1740	INMYcgm.exe
2044	xLnGqRe.exe
2172	IdtkXSQ.exe
840	QOpLtdg.exe
1532	EiOlRvG.exe
1560	jEauLiw.exe

Loads dropped DLL 64 IoCs

pid	Process
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JouWRHX.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\oGBWdiT.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ITFNkpk.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NoAUaDV.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\mHQToNs.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\eqLihjb.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NdWhbsg.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\qsYMETT.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\Jvcflre.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\RiwgTme.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\mBnunlW.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NQfEjZp.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\oZgfmVt.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\GBsMGoD.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\HszTpji.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\WYQONkn.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\zURSanM.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\OJsEenr.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\EWDPjUZ.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\xDKCAtJ.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\bktqbSs.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\aoItiKA.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\TxdSMSY.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\voGYGWX.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ndxeOvW.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\lbyfgfP.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\GzGkWDP.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\UwwNjgt.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\JKncVDM.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\RWxAEAs.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\WgOPclV.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\vxrbzVF.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ZUKgbeH.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\FJDIrhx.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\hOAOMtO.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\EbnDIJR.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\jzmuWQo.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\TtACdAm.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\DZfAESe.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\IXqytdQ.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\wshBQax.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\QKhRXIV.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\YJIedSc.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\rXqoHmp.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\kXerdSE.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NeHtykE.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\RTRGLdV.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NXGVcsg.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\qTglDsT.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\RIVqlaK.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\wRjWxwm.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\tCXoMIP.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\NCDNqZP.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\JUKnzmG.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\XVBURLY.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\xRdZKZP.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\VQVKgMt.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ihtcMLw.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\XUSKvsC.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\pGkUNCm.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\UEofDIq.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\ucBTKUr.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\lJsXdTs.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
File created	C:\Windows\System\EwGjmpt.exe	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 1992	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 1992	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 1992	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 2808	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	30
PID 1152 wrote to memory of 2808	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	30
PID 1152 wrote to memory of 2808	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	30
PID 1152 wrote to memory of 2020	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	31
PID 1152 wrote to memory of 2020	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	31
PID 1152 wrote to memory of 2020	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	31
PID 1152 wrote to memory of 2720	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2720	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2720	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2744	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	33
PID 1152 wrote to memory of 2744	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	33
PID 1152 wrote to memory of 2744	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	33
PID 1152 wrote to memory of 2644	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	34
PID 1152 wrote to memory of 2644	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	34
PID 1152 wrote to memory of 2644	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	34
PID 1152 wrote to memory of 2696	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	35
PID 1152 wrote to memory of 2696	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	35
PID 1152 wrote to memory of 2696	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	35
PID 1152 wrote to memory of 2964	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	36
PID 1152 wrote to memory of 2964	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	36
PID 1152 wrote to memory of 2964	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	36
PID 1152 wrote to memory of 2336	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 2336	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 2336	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 2948	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	38
PID 1152 wrote to memory of 2948	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	38
PID 1152 wrote to memory of 2948	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	38
PID 1152 wrote to memory of 2624	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	39
PID 1152 wrote to memory of 2624	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	39
PID 1152 wrote to memory of 2624	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	39
PID 1152 wrote to memory of 2544	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	40
PID 1152 wrote to memory of 2544	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	40
PID 1152 wrote to memory of 2544	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	40
PID 1152 wrote to memory of 2500	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	41
PID 1152 wrote to memory of 2500	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	41
PID 1152 wrote to memory of 2500	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	41
PID 1152 wrote to memory of 2560	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	42
PID 1152 wrote to memory of 2560	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	42
PID 1152 wrote to memory of 2560	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	42
PID 1152 wrote to memory of 1048	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	43
PID 1152 wrote to memory of 1048	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	43
PID 1152 wrote to memory of 1048	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	43
PID 1152 wrote to memory of 1044	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	44
PID 1152 wrote to memory of 1044	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	44
PID 1152 wrote to memory of 1044	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	44
PID 1152 wrote to memory of 1704	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	45
PID 1152 wrote to memory of 1704	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	45
PID 1152 wrote to memory of 1704	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	45
PID 1152 wrote to memory of 2388	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	46
PID 1152 wrote to memory of 2388	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	46
PID 1152 wrote to memory of 2388	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	46
PID 1152 wrote to memory of 1688	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	47
PID 1152 wrote to memory of 1688	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	47
PID 1152 wrote to memory of 1688	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	47
PID 1152 wrote to memory of 2460	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	48
PID 1152 wrote to memory of 2460	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	48
PID 1152 wrote to memory of 2460	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	48
PID 1152 wrote to memory of 1580	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	49
PID 1152 wrote to memory of 1580	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	49
PID 1152 wrote to memory of 1580	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	49
PID 1152 wrote to memory of 1772	1152	af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af7ccf5b29bc7c06d25f7baa872c2ac0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\System\mBGkwAU.exe
  C:\Windows\System\mBGkwAU.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\RiwgTme.exe
  C:\Windows\System\RiwgTme.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\NoAUaDV.exe
  C:\Windows\System\NoAUaDV.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\cstrIPA.exe
  C:\Windows\System\cstrIPA.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\nrtbirS.exe
  C:\Windows\System\nrtbirS.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ShJQlpN.exe
  C:\Windows\System\ShJQlpN.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\cmtuhKO.exe
  C:\Windows\System\cmtuhKO.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\eaLgjeg.exe
  C:\Windows\System\eaLgjeg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\NTlyVHM.exe
  C:\Windows\System\NTlyVHM.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rXqoHmp.exe
  C:\Windows\System\rXqoHmp.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\mHQToNs.exe
  C:\Windows\System\mHQToNs.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\WRcuxyq.exe
  C:\Windows\System\WRcuxyq.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YROUaIv.exe
  C:\Windows\System\YROUaIv.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\QswMDYj.exe
  C:\Windows\System\QswMDYj.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\QvXzQRc.exe
  C:\Windows\System\QvXzQRc.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\plscgOi.exe
  C:\Windows\System\plscgOi.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\DZfAESe.exe
  C:\Windows\System\DZfAESe.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\AaxDIme.exe
  C:\Windows\System\AaxDIme.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\muOqaHX.exe
  C:\Windows\System\muOqaHX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ouYzDCS.exe
  C:\Windows\System\ouYzDCS.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\WYQONkn.exe
  C:\Windows\System\WYQONkn.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\XVBURLY.exe
  C:\Windows\System\XVBURLY.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\rnnIABX.exe
  C:\Windows\System\rnnIABX.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\qAkjLPw.exe
  C:\Windows\System\qAkjLPw.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\eZejkKu.exe
  C:\Windows\System\eZejkKu.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\JyoOqAP.exe
  C:\Windows\System\JyoOqAP.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\DEVhdfI.exe
  C:\Windows\System\DEVhdfI.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\eqLihjb.exe
  C:\Windows\System\eqLihjb.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\nTphjzy.exe
  C:\Windows\System\nTphjzy.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\wGPSlfD.exe
  C:\Windows\System\wGPSlfD.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\necIYfO.exe
  C:\Windows\System\necIYfO.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\CecPWew.exe
  C:\Windows\System\CecPWew.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\jcCveJV.exe
  C:\Windows\System\jcCveJV.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\UwwNjgt.exe
  C:\Windows\System\UwwNjgt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\rvQTWzK.exe
  C:\Windows\System\rvQTWzK.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\uGrwGXR.exe
  C:\Windows\System\uGrwGXR.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\JouWRHX.exe
  C:\Windows\System\JouWRHX.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\xkFltPu.exe
  C:\Windows\System\xkFltPu.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\zxSZKOl.exe
  C:\Windows\System\zxSZKOl.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\aoItiKA.exe
  C:\Windows\System\aoItiKA.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\QfgymEJ.exe
  C:\Windows\System\QfgymEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\SNeewIU.exe
  C:\Windows\System\SNeewIU.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\RWxAEAs.exe
  C:\Windows\System\RWxAEAs.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\tUhPltv.exe
  C:\Windows\System\tUhPltv.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\tqXincm.exe
  C:\Windows\System\tqXincm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\hssxtLA.exe
  C:\Windows\System\hssxtLA.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\PukBqbh.exe
  C:\Windows\System\PukBqbh.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\HkfZFeD.exe
  C:\Windows\System\HkfZFeD.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\mBnunlW.exe
  C:\Windows\System\mBnunlW.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\TxdSMSY.exe
  C:\Windows\System\TxdSMSY.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\sAbzIpv.exe
  C:\Windows\System\sAbzIpv.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\haroGsT.exe
  C:\Windows\System\haroGsT.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WcpHEvm.exe
  C:\Windows\System\WcpHEvm.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\oqsgMaQ.exe
  C:\Windows\System\oqsgMaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\BSFsxAy.exe
  C:\Windows\System\BSFsxAy.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\GvJZbNT.exe
  C:\Windows\System\GvJZbNT.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\uYvfENN.exe
  C:\Windows\System\uYvfENN.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\dGuGORn.exe
  C:\Windows\System\dGuGORn.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\INMYcgm.exe
  C:\Windows\System\INMYcgm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\xLnGqRe.exe
  C:\Windows\System\xLnGqRe.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\QOpLtdg.exe
  C:\Windows\System\QOpLtdg.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\IdtkXSQ.exe
  C:\Windows\System\IdtkXSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\EiOlRvG.exe
  C:\Windows\System\EiOlRvG.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\jEauLiw.exe
  C:\Windows\System\jEauLiw.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\pGkUNCm.exe
  C:\Windows\System\pGkUNCm.exe
  2⤵
  PID:2636
- C:\Windows\System\oGBWdiT.exe
  C:\Windows\System\oGBWdiT.exe
  2⤵
  PID:2716
- C:\Windows\System\QqOZVGV.exe
  C:\Windows\System\QqOZVGV.exe
  2⤵
  PID:2692
- C:\Windows\System\hDkogrt.exe
  C:\Windows\System\hDkogrt.exe
  2⤵
  PID:2796
- C:\Windows\System\BwrqKWd.exe
  C:\Windows\System\BwrqKWd.exe
  2⤵
  PID:2536
- C:\Windows\System\OTSxdgU.exe
  C:\Windows\System\OTSxdgU.exe
  2⤵
  PID:2076
- C:\Windows\System\qTglDsT.exe
  C:\Windows\System\qTglDsT.exe
  2⤵
  PID:1724
- C:\Windows\System\UEofDIq.exe
  C:\Windows\System\UEofDIq.exe
  2⤵
  PID:2204
- C:\Windows\System\RIVqlaK.exe
  C:\Windows\System\RIVqlaK.exe
  2⤵
  PID:1360
- C:\Windows\System\RELdwMS.exe
  C:\Windows\System\RELdwMS.exe
  2⤵
  PID:824
- C:\Windows\System\voGYGWX.exe
  C:\Windows\System\voGYGWX.exe
  2⤵
  PID:2420
- C:\Windows\System\EerRgET.exe
  C:\Windows\System\EerRgET.exe
  2⤵
  PID:1260
- C:\Windows\System\iXkufts.exe
  C:\Windows\System\iXkufts.exe
  2⤵
  PID:1464
- C:\Windows\System\EDgJATh.exe
  C:\Windows\System\EDgJATh.exe
  2⤵
  PID:1588
- C:\Windows\System\xScEZmc.exe
  C:\Windows\System\xScEZmc.exe
  2⤵
  PID:2408
- C:\Windows\System\fUzhRYp.exe
  C:\Windows\System\fUzhRYp.exe
  2⤵
  PID:1860
- C:\Windows\System\dmEYvuB.exe
  C:\Windows\System\dmEYvuB.exe
  2⤵
  PID:1484
- C:\Windows\System\YOElBkL.exe
  C:\Windows\System\YOElBkL.exe
  2⤵
  PID:1188
- C:\Windows\System\MLHxaBY.exe
  C:\Windows\System\MLHxaBY.exe
  2⤵
  PID:1116
- C:\Windows\System\RbfBatD.exe
  C:\Windows\System\RbfBatD.exe
  2⤵
  PID:1664
- C:\Windows\System\EtTUHss.exe
  C:\Windows\System\EtTUHss.exe
  2⤵
  PID:3024
- C:\Windows\System\VMHxNvM.exe
  C:\Windows\System\VMHxNvM.exe
  2⤵
  PID:1660
- C:\Windows\System\BhJncNi.exe
  C:\Windows\System\BhJncNi.exe
  2⤵
  PID:2004
- C:\Windows\System\iLeiyOh.exe
  C:\Windows\System\iLeiyOh.exe
  2⤵
  PID:2132
- C:\Windows\System\ycFQGnL.exe
  C:\Windows\System\ycFQGnL.exe
  2⤵
  PID:1592
- C:\Windows\System\FJDIrhx.exe
  C:\Windows\System\FJDIrhx.exe
  2⤵
  PID:1288
- C:\Windows\System\hbBLXbf.exe
  C:\Windows\System\hbBLXbf.exe
  2⤵
  PID:964
- C:\Windows\System\DliClXK.exe
  C:\Windows\System\DliClXK.exe
  2⤵
  PID:2868
- C:\Windows\System\bWgHgpv.exe
  C:\Windows\System\bWgHgpv.exe
  2⤵
  PID:2592
- C:\Windows\System\wCzUcoP.exe
  C:\Windows\System\wCzUcoP.exe
  2⤵
  PID:2668
- C:\Windows\System\uitMjmX.exe
  C:\Windows\System\uitMjmX.exe
  2⤵
  PID:2508
- C:\Windows\System\ERPDZFa.exe
  C:\Windows\System\ERPDZFa.exe
  2⤵
  PID:2192
- C:\Windows\System\xrUkELT.exe
  C:\Windows\System\xrUkELT.exe
  2⤵
  PID:1456
- C:\Windows\System\IXqytdQ.exe
  C:\Windows\System\IXqytdQ.exe
  2⤵
  PID:2124
- C:\Windows\System\SVvOWSH.exe
  C:\Windows\System\SVvOWSH.exe
  2⤵
  PID:2352
- C:\Windows\System\FXKCnne.exe
  C:\Windows\System\FXKCnne.exe
  2⤵
  PID:1268
- C:\Windows\System\VKvFkRZ.exe
  C:\Windows\System\VKvFkRZ.exe
  2⤵
  PID:1364
- C:\Windows\System\kigTMWi.exe
  C:\Windows\System\kigTMWi.exe
  2⤵
  PID:1684
- C:\Windows\System\mfuTaCw.exe
  C:\Windows\System\mfuTaCw.exe
  2⤵
  PID:1636
- C:\Windows\System\oaGObEk.exe
  C:\Windows\System\oaGObEk.exe
  2⤵
  PID:3016
- C:\Windows\System\JKthshe.exe
  C:\Windows\System\JKthshe.exe
  2⤵
  PID:2608
- C:\Windows\System\tberwJE.exe
  C:\Windows\System\tberwJE.exe
  2⤵
  PID:1936
- C:\Windows\System\bZtehRz.exe
  C:\Windows\System\bZtehRz.exe
  2⤵
  PID:1976
- C:\Windows\System\vqadmRb.exe
  C:\Windows\System\vqadmRb.exe
  2⤵
  PID:1816
- C:\Windows\System\wYZmWGg.exe
  C:\Windows\System\wYZmWGg.exe
  2⤵
  PID:2148
- C:\Windows\System\NXGVcsg.exe
  C:\Windows\System\NXGVcsg.exe
  2⤵
  PID:1968
- C:\Windows\System\jgVjjsd.exe
  C:\Windows\System\jgVjjsd.exe
  2⤵
  PID:2764
- C:\Windows\System\wFEeVAy.exe
  C:\Windows\System\wFEeVAy.exe
  2⤵
  PID:2232
- C:\Windows\System\TtACdAm.exe
  C:\Windows\System\TtACdAm.exe
  2⤵
  PID:884
- C:\Windows\System\zJIuWRv.exe
  C:\Windows\System\zJIuWRv.exe
  2⤵
  PID:2112
- C:\Windows\System\WdlsNkm.exe
  C:\Windows\System\WdlsNkm.exe
  2⤵
  PID:1972
- C:\Windows\System\JKncVDM.exe
  C:\Windows\System\JKncVDM.exe
  2⤵
  PID:2616
- C:\Windows\System\aWCVGWH.exe
  C:\Windows\System\aWCVGWH.exe
  2⤵
  PID:2580
- C:\Windows\System\twCiNWx.exe
  C:\Windows\System\twCiNWx.exe
  2⤵
  PID:2792
- C:\Windows\System\bktqbSs.exe
  C:\Windows\System\bktqbSs.exe
  2⤵
  PID:2800
- C:\Windows\System\hOAOMtO.exe
  C:\Windows\System\hOAOMtO.exe
  2⤵
  PID:2552
- C:\Windows\System\bsYbQYc.exe
  C:\Windows\System\bsYbQYc.exe
  2⤵
  PID:2188
- C:\Windows\System\bGAcysh.exe
  C:\Windows\System\bGAcysh.exe
  2⤵
  PID:2980
- C:\Windows\System\sqnGNcZ.exe
  C:\Windows\System\sqnGNcZ.exe
  2⤵
  PID:2904
- C:\Windows\System\rDYFNrY.exe
  C:\Windows\System\rDYFNrY.exe
  2⤵
  PID:2040
- C:\Windows\System\gZhcMgG.exe
  C:\Windows\System\gZhcMgG.exe
  2⤵
  PID:1788
- C:\Windows\System\geHxAxf.exe
  C:\Windows\System\geHxAxf.exe
  2⤵
  PID:2024
- C:\Windows\System\qpOPMFI.exe
  C:\Windows\System\qpOPMFI.exe
  2⤵
  PID:2772
- C:\Windows\System\wRjWxwm.exe
  C:\Windows\System\wRjWxwm.exe
  2⤵
  PID:2672
- C:\Windows\System\LwVGfwJ.exe
  C:\Windows\System\LwVGfwJ.exe
  2⤵
  PID:2212
- C:\Windows\System\fFjVgFM.exe
  C:\Windows\System\fFjVgFM.exe
  2⤵
  PID:2368
- C:\Windows\System\zURSanM.exe
  C:\Windows\System\zURSanM.exe
  2⤵
  PID:456
- C:\Windows\System\kXerdSE.exe
  C:\Windows\System\kXerdSE.exe
  2⤵
  PID:432
- C:\Windows\System\jALKrfb.exe
  C:\Windows\System\jALKrfb.exe
  2⤵
  PID:316
- C:\Windows\System\PzVNsHA.exe
  C:\Windows\System\PzVNsHA.exe
  2⤵
  PID:2628
- C:\Windows\System\eNKKoGt.exe
  C:\Windows\System\eNKKoGt.exe
  2⤵
  PID:516
- C:\Windows\System\XCqitXD.exe
  C:\Windows\System\XCqitXD.exe
  2⤵
  PID:2924
- C:\Windows\System\EszZNpa.exe
  C:\Windows\System\EszZNpa.exe
  2⤵
  PID:2656
- C:\Windows\System\XUSKvsC.exe
  C:\Windows\System\XUSKvsC.exe
  2⤵
  PID:852
- C:\Windows\System\nkdGJmJ.exe
  C:\Windows\System\nkdGJmJ.exe
  2⤵
  PID:1428
- C:\Windows\System\jliTGJJ.exe
  C:\Windows\System\jliTGJJ.exe
  2⤵
  PID:1488
- C:\Windows\System\NdWhbsg.exe
  C:\Windows\System\NdWhbsg.exe
  2⤵
  PID:480
- C:\Windows\System\uPXNdph.exe
  C:\Windows\System\uPXNdph.exe
  2⤵
  PID:2768
- C:\Windows\System\BLFDvEJ.exe
  C:\Windows\System\BLFDvEJ.exe
  2⤵
  PID:1276
- C:\Windows\System\dPfDoNH.exe
  C:\Windows\System\dPfDoNH.exe
  2⤵
  PID:1468
- C:\Windows\System\RBESZMZ.exe
  C:\Windows\System\RBESZMZ.exe
  2⤵
  PID:684
- C:\Windows\System\tCXoMIP.exe
  C:\Windows\System\tCXoMIP.exe
  2⤵
  PID:2280
- C:\Windows\System\iYthIdd.exe
  C:\Windows\System\iYthIdd.exe
  2⤵
  PID:772
- C:\Windows\System\lCenGTg.exe
  C:\Windows\System\lCenGTg.exe
  2⤵
  PID:2848
- C:\Windows\System\uVHPIFp.exe
  C:\Windows\System\uVHPIFp.exe
  2⤵
  PID:2936
- C:\Windows\System\ZxtEmiF.exe
  C:\Windows\System\ZxtEmiF.exe
  2⤵
  PID:2000
- C:\Windows\System\ARLRDFT.exe
  C:\Windows\System\ARLRDFT.exe
  2⤵
  PID:1228
- C:\Windows\System\RGqRYDu.exe
  C:\Windows\System\RGqRYDu.exe
  2⤵
  PID:2640
- C:\Windows\System\wFYEUoA.exe
  C:\Windows\System\wFYEUoA.exe
  2⤵
  PID:2700
- C:\Windows\System\RPYXbjm.exe
  C:\Windows\System\RPYXbjm.exe
  2⤵
  PID:364
- C:\Windows\System\QVGiLJa.exe
  C:\Windows\System\QVGiLJa.exe
  2⤵
  PID:2532
- C:\Windows\System\OJsEenr.exe
  C:\Windows\System\OJsEenr.exe
  2⤵
  PID:1256
- C:\Windows\System\fdsmQRr.exe
  C:\Windows\System\fdsmQRr.exe
  2⤵
  PID:1948
- C:\Windows\System\NQfEjZp.exe
  C:\Windows\System\NQfEjZp.exe
  2⤵
  PID:1112
- C:\Windows\System\EDRoqsh.exe
  C:\Windows\System\EDRoqsh.exe
  2⤵
  PID:1744
- C:\Windows\System\SzPXHmH.exe
  C:\Windows\System\SzPXHmH.exe
  2⤵
  PID:1824
- C:\Windows\System\ucBTKUr.exe
  C:\Windows\System\ucBTKUr.exe
  2⤵
  PID:1396
- C:\Windows\System\DyxjedW.exe
  C:\Windows\System\DyxjedW.exe
  2⤵
  PID:396
- C:\Windows\System\RLDVgcw.exe
  C:\Windows\System\RLDVgcw.exe
  2⤵
  PID:2676
- C:\Windows\System\EbnDIJR.exe
  C:\Windows\System\EbnDIJR.exe
  2⤵
  PID:2144
- C:\Windows\System\VFeZhkT.exe
  C:\Windows\System\VFeZhkT.exe
  2⤵
  PID:2512
- C:\Windows\System\RdnNMge.exe
  C:\Windows\System\RdnNMge.exe
  2⤵
  PID:828
- C:\Windows\System\LmSLtCh.exe
  C:\Windows\System\LmSLtCh.exe
  2⤵
  PID:532
- C:\Windows\System\zAtnWhG.exe
  C:\Windows\System\zAtnWhG.exe
  2⤵
  PID:2300
- C:\Windows\System\NmBoeiA.exe
  C:\Windows\System\NmBoeiA.exe
  2⤵
  PID:1720
- C:\Windows\System\NeHtykE.exe
  C:\Windows\System\NeHtykE.exe
  2⤵
  PID:2356
- C:\Windows\System\ubXwPHI.exe
  C:\Windows\System\ubXwPHI.exe
  2⤵
  PID:2840
- C:\Windows\System\AaviOFr.exe
  C:\Windows\System\AaviOFr.exe
  2⤵
  PID:1556
- C:\Windows\System\riwLnOK.exe
  C:\Windows\System\riwLnOK.exe
  2⤵
  PID:2484
- C:\Windows\System\YsPgvkG.exe
  C:\Windows\System\YsPgvkG.exe
  2⤵
  PID:1324
- C:\Windows\System\hMukhxS.exe
  C:\Windows\System\hMukhxS.exe
  2⤵
  PID:3020
- C:\Windows\System\oJnQXbU.exe
  C:\Windows\System\oJnQXbU.exe
  2⤵
  PID:2784
- C:\Windows\System\yuEawub.exe
  C:\Windows\System\yuEawub.exe
  2⤵
  PID:2620
- C:\Windows\System\oZgfmVt.exe
  C:\Windows\System\oZgfmVt.exe
  2⤵
  PID:2900
- C:\Windows\System\IdMGosk.exe
  C:\Windows\System\IdMGosk.exe
  2⤵
  PID:2788
- C:\Windows\System\UvBONwW.exe
  C:\Windows\System\UvBONwW.exe
  2⤵
  PID:1932
- C:\Windows\System\qYxMBuf.exe
  C:\Windows\System\qYxMBuf.exe
  2⤵
  PID:2888
- C:\Windows\System\wXIHBRz.exe
  C:\Windows\System\wXIHBRz.exe
  2⤵
  PID:2732
- C:\Windows\System\UJsbsQr.exe
  C:\Windows\System\UJsbsQr.exe
  2⤵
  PID:1104
- C:\Windows\System\RpggSeJ.exe
  C:\Windows\System\RpggSeJ.exe
  2⤵
  PID:2648
- C:\Windows\System\yNwKLPc.exe
  C:\Windows\System\yNwKLPc.exe
  2⤵
  PID:2064
- C:\Windows\System\JmMzltx.exe
  C:\Windows\System\JmMzltx.exe
  2⤵
  PID:3084
- C:\Windows\System\xGDNREH.exe
  C:\Windows\System\xGDNREH.exe
  2⤵
  PID:3100
- C:\Windows\System\bYcrfQP.exe
  C:\Windows\System\bYcrfQP.exe
  2⤵
  PID:3124
- C:\Windows\System\ITFNkpk.exe
  C:\Windows\System\ITFNkpk.exe
  2⤵
  PID:3144
- C:\Windows\System\eQvxFQj.exe
  C:\Windows\System\eQvxFQj.exe
  2⤵
  PID:3160
- C:\Windows\System\zBRLrTe.exe
  C:\Windows\System\zBRLrTe.exe
  2⤵
  PID:3176
- C:\Windows\System\kRKvGMC.exe
  C:\Windows\System\kRKvGMC.exe
  2⤵
  PID:3192
- C:\Windows\System\WgOPclV.exe
  C:\Windows\System\WgOPclV.exe
  2⤵
  PID:3212
- C:\Windows\System\DQvseln.exe
  C:\Windows\System\DQvseln.exe
  2⤵
  PID:3228
- C:\Windows\System\ydBsAdW.exe
  C:\Windows\System\ydBsAdW.exe
  2⤵
  PID:3248
- C:\Windows\System\NCDNqZP.exe
  C:\Windows\System\NCDNqZP.exe
  2⤵
  PID:3264
- C:\Windows\System\pgwWstE.exe
  C:\Windows\System\pgwWstE.exe
  2⤵
  PID:3284
- C:\Windows\System\nJfjUZB.exe
  C:\Windows\System\nJfjUZB.exe
  2⤵
  PID:3304
- C:\Windows\System\ohbeSkl.exe
  C:\Windows\System\ohbeSkl.exe
  2⤵
  PID:3320
- C:\Windows\System\ZolqhMn.exe
  C:\Windows\System\ZolqhMn.exe
  2⤵
  PID:3340
- C:\Windows\System\odteNEH.exe
  C:\Windows\System\odteNEH.exe
  2⤵
  PID:3356
- C:\Windows\System\hEyMZli.exe
  C:\Windows\System\hEyMZli.exe
  2⤵
  PID:3372
- C:\Windows\System\YwJMDLy.exe
  C:\Windows\System\YwJMDLy.exe
  2⤵
  PID:3388
- C:\Windows\System\lJsXdTs.exe
  C:\Windows\System\lJsXdTs.exe
  2⤵
  PID:3404
- C:\Windows\System\IvutxUH.exe
  C:\Windows\System\IvutxUH.exe
  2⤵
  PID:3424
- C:\Windows\System\uFGbisJ.exe
  C:\Windows\System\uFGbisJ.exe
  2⤵
  PID:3440
- C:\Windows\System\qeSJZJC.exe
  C:\Windows\System\qeSJZJC.exe
  2⤵
  PID:3460
- C:\Windows\System\MlABdDw.exe
  C:\Windows\System\MlABdDw.exe
  2⤵
  PID:3488
- C:\Windows\System\TZbOsbn.exe
  C:\Windows\System\TZbOsbn.exe
  2⤵
  PID:3516
- C:\Windows\System\dpknRJf.exe
  C:\Windows\System\dpknRJf.exe
  2⤵
  PID:3544
- C:\Windows\System\wshBQax.exe
  C:\Windows\System\wshBQax.exe
  2⤵
  PID:3564
- C:\Windows\System\SOEaOwz.exe
  C:\Windows\System\SOEaOwz.exe
  2⤵
  PID:3584
- C:\Windows\System\cFsqKUh.exe
  C:\Windows\System\cFsqKUh.exe
  2⤵
  PID:3608
- C:\Windows\System\DDOivRr.exe
  C:\Windows\System\DDOivRr.exe
  2⤵
  PID:3628
- C:\Windows\System\WGUFLFQ.exe
  C:\Windows\System\WGUFLFQ.exe
  2⤵
  PID:3644
- C:\Windows\System\RYyBPqi.exe
  C:\Windows\System\RYyBPqi.exe
  2⤵
  PID:3660
- C:\Windows\System\UPhCmAH.exe
  C:\Windows\System\UPhCmAH.exe
  2⤵
  PID:3676
- C:\Windows\System\UhqqFXS.exe
  C:\Windows\System\UhqqFXS.exe
  2⤵
  PID:3692
- C:\Windows\System\zwEdapU.exe
  C:\Windows\System\zwEdapU.exe
  2⤵
  PID:3712
- C:\Windows\System\fjyteKA.exe
  C:\Windows\System\fjyteKA.exe
  2⤵
  PID:3728
- C:\Windows\System\PENWZzm.exe
  C:\Windows\System\PENWZzm.exe
  2⤵
  PID:3744
- C:\Windows\System\EnVLWhU.exe
  C:\Windows\System\EnVLWhU.exe
  2⤵
  PID:3760
- C:\Windows\System\AvIikSs.exe
  C:\Windows\System\AvIikSs.exe
  2⤵
  PID:3776
- C:\Windows\System\xRdZKZP.exe
  C:\Windows\System\xRdZKZP.exe
  2⤵
  PID:3792
- C:\Windows\System\gTRuPuo.exe
  C:\Windows\System\gTRuPuo.exe
  2⤵
  PID:3808
- C:\Windows\System\fhNwppD.exe
  C:\Windows\System\fhNwppD.exe
  2⤵
  PID:3824
- C:\Windows\System\AcjSUTn.exe
  C:\Windows\System\AcjSUTn.exe
  2⤵
  PID:3844
- C:\Windows\System\QYsfZQV.exe
  C:\Windows\System\QYsfZQV.exe
  2⤵
  PID:3860
- C:\Windows\System\ZSlVsyY.exe
  C:\Windows\System\ZSlVsyY.exe
  2⤵
  PID:3876
- C:\Windows\System\kBxFASU.exe
  C:\Windows\System\kBxFASU.exe
  2⤵
  PID:3892
- C:\Windows\System\qfwKVtH.exe
  C:\Windows\System\qfwKVtH.exe
  2⤵
  PID:3912
- C:\Windows\System\SBIJAHs.exe
  C:\Windows\System\SBIJAHs.exe
  2⤵
  PID:3928
- C:\Windows\System\qsYMETT.exe
  C:\Windows\System\qsYMETT.exe
  2⤵
  PID:3944
- C:\Windows\System\VXCPjgL.exe
  C:\Windows\System\VXCPjgL.exe
  2⤵
  PID:3960
- C:\Windows\System\lxmmwzx.exe
  C:\Windows\System\lxmmwzx.exe
  2⤵
  PID:3976
- C:\Windows\System\CHiCjod.exe
  C:\Windows\System\CHiCjod.exe
  2⤵
  PID:3992
- C:\Windows\System\qfcBybr.exe
  C:\Windows\System\qfcBybr.exe
  2⤵
  PID:4008
- C:\Windows\System\BeTSegN.exe
  C:\Windows\System\BeTSegN.exe
  2⤵
  PID:4024
- C:\Windows\System\aWVXDax.exe
  C:\Windows\System\aWVXDax.exe
  2⤵
  PID:4040
- C:\Windows\System\BZuibwg.exe
  C:\Windows\System\BZuibwg.exe
  2⤵
  PID:4056
- C:\Windows\System\vxrbzVF.exe
  C:\Windows\System\vxrbzVF.exe
  2⤵
  PID:4072
- C:\Windows\System\ZkalJEq.exe
  C:\Windows\System\ZkalJEq.exe
  2⤵
  PID:4088
- C:\Windows\System\KdkMlXm.exe
  C:\Windows\System\KdkMlXm.exe
  2⤵
  PID:3092
- C:\Windows\System\ofWvxyC.exe
  C:\Windows\System\ofWvxyC.exe
  2⤵
  PID:3068
- C:\Windows\System\rutwvbn.exe
  C:\Windows\System\rutwvbn.exe
  2⤵
  PID:2220
- C:\Windows\System\CsZTiwK.exe
  C:\Windows\System\CsZTiwK.exe
  2⤵
  PID:1640
- C:\Windows\System\zfCneav.exe
  C:\Windows\System\zfCneav.exe
  2⤵
  PID:2896
- C:\Windows\System\ZvBiXqS.exe
  C:\Windows\System\ZvBiXqS.exe
  2⤵
  PID:3108
- C:\Windows\System\PYrkQtK.exe
  C:\Windows\System\PYrkQtK.exe
  2⤵
  PID:3120
- C:\Windows\System\DaUvykB.exe
  C:\Windows\System\DaUvykB.exe
  2⤵
  PID:3156
- C:\Windows\System\SuwdKjJ.exe
  C:\Windows\System\SuwdKjJ.exe
  2⤵
  PID:3280
- C:\Windows\System\erHTqxn.exe
  C:\Windows\System\erHTqxn.exe
  2⤵
  PID:3312
- C:\Windows\System\EWDPjUZ.exe
  C:\Windows\System\EWDPjUZ.exe
  2⤵
  PID:3380
- C:\Windows\System\bojPuGI.exe
  C:\Windows\System\bojPuGI.exe
  2⤵
  PID:3220
- C:\Windows\System\ybYfexK.exe
  C:\Windows\System\ybYfexK.exe
  2⤵
  PID:3448
- C:\Windows\System\BVCwklW.exe
  C:\Windows\System\BVCwklW.exe
  2⤵
  PID:3256
- C:\Windows\System\IWNLOSf.exe
  C:\Windows\System\IWNLOSf.exe
  2⤵
  PID:3328
- C:\Windows\System\rGDQCOi.exe
  C:\Windows\System\rGDQCOi.exe
  2⤵
  PID:3368
- C:\Windows\System\VWKSJVT.exe
  C:\Windows\System\VWKSJVT.exe
  2⤵
  PID:3468
- C:\Windows\System\chbujbv.exe
  C:\Windows\System\chbujbv.exe
  2⤵
  PID:3500
- C:\Windows\System\EwGjmpt.exe
  C:\Windows\System\EwGjmpt.exe
  2⤵
  PID:3524
- C:\Windows\System\BQQJMrz.exe
  C:\Windows\System\BQQJMrz.exe
  2⤵
  PID:3536
- C:\Windows\System\dLPMTFF.exe
  C:\Windows\System\dLPMTFF.exe
  2⤵
  PID:3528
- C:\Windows\System\YRaeLnu.exe
  C:\Windows\System\YRaeLnu.exe
  2⤵
  PID:3604
- C:\Windows\System\nryuNWg.exe
  C:\Windows\System\nryuNWg.exe
  2⤵
  PID:3668
- C:\Windows\System\HvDDQMg.exe
  C:\Windows\System\HvDDQMg.exe
  2⤵
  PID:3672
- C:\Windows\System\JUKnzmG.exe
  C:\Windows\System\JUKnzmG.exe
  2⤵
  PID:3740
- C:\Windows\System\VQVKgMt.exe
  C:\Windows\System\VQVKgMt.exe
  2⤵
  PID:3800
- C:\Windows\System\XUrJlyW.exe
  C:\Windows\System\XUrJlyW.exe
  2⤵
  PID:3840
- C:\Windows\System\okvAnyj.exe
  C:\Windows\System\okvAnyj.exe
  2⤵
  PID:3720
- C:\Windows\System\RTRGLdV.exe
  C:\Windows\System\RTRGLdV.exe
  2⤵
  PID:3852
- C:\Windows\System\SnWrIbl.exe
  C:\Windows\System\SnWrIbl.exe
  2⤵
  PID:3908
- C:\Windows\System\XjShPIG.exe
  C:\Windows\System\XjShPIG.exe
  2⤵
  PID:3968
- C:\Windows\System\WByfhoN.exe
  C:\Windows\System\WByfhoN.exe
  2⤵
  PID:3952
- C:\Windows\System\WchFrCv.exe
  C:\Windows\System\WchFrCv.exe
  2⤵
  PID:4080
- C:\Windows\System\CtZZOxD.exe
  C:\Windows\System\CtZZOxD.exe
  2⤵
  PID:1780
- C:\Windows\System\GomuvEk.exe
  C:\Windows\System\GomuvEk.exe
  2⤵
  PID:2012
- C:\Windows\System\wHDfIgT.exe
  C:\Windows\System\wHDfIgT.exe
  2⤵
  PID:1756
- C:\Windows\System\GBsMGoD.exe
  C:\Windows\System\GBsMGoD.exe
  2⤵
  PID:4032
- C:\Windows\System\FCguFGl.exe
  C:\Windows\System\FCguFGl.exe
  2⤵
  PID:3208
- C:\Windows\System\erCnQhf.exe
  C:\Windows\System\erCnQhf.exe
  2⤵
  PID:3172
- C:\Windows\System\JiiqVkJ.exe
  C:\Windows\System\JiiqVkJ.exe
  2⤵
  PID:3348
- C:\Windows\System\ONEBOWZ.exe
  C:\Windows\System\ONEBOWZ.exe
  2⤵
  PID:3352
- C:\Windows\System\vLXxfZT.exe
  C:\Windows\System\vLXxfZT.exe
  2⤵
  PID:3432
- C:\Windows\System\TuTGFHU.exe
  C:\Windows\System\TuTGFHU.exe
  2⤵
  PID:3508
- C:\Windows\System\yLCUpBQ.exe
  C:\Windows\System\yLCUpBQ.exe
  2⤵
  PID:3532
- C:\Windows\System\VDmWQHA.exe
  C:\Windows\System\VDmWQHA.exe
  2⤵
  PID:3556
- C:\Windows\System\nPrSche.exe
  C:\Windows\System\nPrSche.exe
  2⤵
  PID:3704
- C:\Windows\System\FEoWlmu.exe
  C:\Windows\System\FEoWlmu.exe
  2⤵
  PID:3684
- C:\Windows\System\jzmuWQo.exe
  C:\Windows\System\jzmuWQo.exe
  2⤵
  PID:3900
- C:\Windows\System\ndxeOvW.exe
  C:\Windows\System\ndxeOvW.exe
  2⤵
  PID:3888
- C:\Windows\System\GKolquC.exe
  C:\Windows\System\GKolquC.exe
  2⤵
  PID:4016
- C:\Windows\System\pEZSdww.exe
  C:\Windows\System\pEZSdww.exe
  2⤵
  PID:4052
- C:\Windows\System\lbyfgfP.exe
  C:\Windows\System\lbyfgfP.exe
  2⤵
  PID:3140
- C:\Windows\System\gBCTtAm.exe
  C:\Windows\System\gBCTtAm.exe
  2⤵
  PID:3244
- C:\Windows\System\hGdobuZ.exe
  C:\Windows\System\hGdobuZ.exe
  2⤵
  PID:3412
- C:\Windows\System\GzGkWDP.exe
  C:\Windows\System\GzGkWDP.exe
  2⤵
  PID:1732
- C:\Windows\System\dJpehaV.exe
  C:\Windows\System\dJpehaV.exe
  2⤵
  PID:3184
- C:\Windows\System\QKhRXIV.exe
  C:\Windows\System\QKhRXIV.exe
  2⤵
  PID:3576
- C:\Windows\System\nSgoQTU.exe
  C:\Windows\System\nSgoQTU.exe
  2⤵
  PID:3768
- C:\Windows\System\ZUKgbeH.exe
  C:\Windows\System\ZUKgbeH.exe
  2⤵
  PID:3756
- C:\Windows\System\EeaalYa.exe
  C:\Windows\System\EeaalYa.exe
  2⤵
  PID:3936
- C:\Windows\System\YJIedSc.exe
  C:\Windows\System\YJIedSc.exe
  2⤵
  PID:3972
- C:\Windows\System\ZRblxzw.exe
  C:\Windows\System\ZRblxzw.exe
  2⤵
  PID:4036
- C:\Windows\System\KWNQxew.exe
  C:\Windows\System\KWNQxew.exe
  2⤵
  PID:3416
- C:\Windows\System\Jvcflre.exe
  C:\Windows\System\Jvcflre.exe
  2⤵
  PID:3132
- C:\Windows\System\shFvFPq.exe
  C:\Windows\System\shFvFPq.exe
  2⤵
  PID:3336
- C:\Windows\System\HszTpji.exe
  C:\Windows\System\HszTpji.exe
  2⤵
  PID:3596
- C:\Windows\System\bvpQjvF.exe
  C:\Windows\System\bvpQjvF.exe
  2⤵
  PID:3640
- C:\Windows\System\inwdzuG.exe
  C:\Windows\System\inwdzuG.exe
  2⤵
  PID:3772
- C:\Windows\System\DHgdULs.exe
  C:\Windows\System\DHgdULs.exe
  2⤵
  PID:3832
- C:\Windows\System\dtzpCvv.exe
  C:\Windows\System\dtzpCvv.exe
  2⤵
  PID:3080
- C:\Windows\System\ihtcMLw.exe
  C:\Windows\System\ihtcMLw.exe
  2⤵
  PID:3300
- C:\Windows\System\tlevZAr.exe
  C:\Windows\System\tlevZAr.exe
  2⤵
  PID:3364
- C:\Windows\System\HlSBSHd.exe
  C:\Windows\System\HlSBSHd.exe
  2⤵
  PID:3904
- C:\Windows\System\eflONyM.exe
  C:\Windows\System\eflONyM.exe
  2⤵
  PID:4100
- C:\Windows\System\AstuIYc.exe
  C:\Windows\System\AstuIYc.exe
  2⤵
  PID:4116
- C:\Windows\System\eZScnTz.exe
  C:\Windows\System\eZScnTz.exe
  2⤵
  PID:4132
- C:\Windows\System\brdktuP.exe
  C:\Windows\System\brdktuP.exe
  2⤵
  PID:4148
- C:\Windows\System\tcvjdAA.exe
  C:\Windows\System\tcvjdAA.exe
  2⤵
  PID:4164
- C:\Windows\System\kFMJwjV.exe
  C:\Windows\System\kFMJwjV.exe
  2⤵
  PID:4180
- C:\Windows\System\vwxooSI.exe
  C:\Windows\System\vwxooSI.exe
  2⤵
  PID:4196
- C:\Windows\System\xnZWAeD.exe
  C:\Windows\System\xnZWAeD.exe
  2⤵
  PID:4212
- C:\Windows\System\xDKCAtJ.exe
  C:\Windows\System\xDKCAtJ.exe
  2⤵
  PID:4228
- C:\Windows\System\WLVgujs.exe
  C:\Windows\System\WLVgujs.exe
  2⤵
  PID:4244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CecPWew.exe

Filesize
2.0MB

MD5
bbf790e2370281a09ad86d3a1fea5cb8

SHA1
9180d125fc42bd7b21ae28fd778ca3b7bb71f4f1

SHA256
8b32e18582d17371e523b49c358598ac9929cfd2ea041110f1b13cf7873c39f7

SHA512
9016b7648a89319f6e94c8519022760103ba16ff0debab270f5ebf3dbda02375caf550d6c3d8b57d19bd598d19dd5473e9067f7006ef4d73525749c5b8d1cbb9

Download Submit
C:\Windows\system\DEVhdfI.exe

Filesize
2.0MB

MD5
c6bf1213149c3392b3ba781619cfbfed

SHA1
9f9922a4d18a15b5e30d35a275543f57a56c210e

SHA256
190bf2b753140831ced648267e3131f39d7d0860b093e4be1cb1a97074728484

SHA512
f663f4da8638434cb22fcf2ae9814c41ef4c2ac04bc07cf4a1c26b6fd73570876b1c1503064f05487ff15c851b6431b2c5d6aaa5349c47859170cdcb0b083abc

Download Submit
C:\Windows\system\DZfAESe.exe

Filesize
2.0MB

MD5
a945e8cdee21f8fb4fe6654b9aa67d88

SHA1
3caf6783f276bdb27720c95769965b71550f2b31

SHA256
6c5382a3f5bbf7c7bf49a882ac551a5e3a8b93e40affd3cd9eed92b3690b0d4b

SHA512
eb0dd9299137c066a681c31e858b18368c6bcb074e2260bebdb77274aa78de0887285ab25e247eab3418c84faf9c67d817fbf8c6c9a6724a89410030614308cb

Download Submit
C:\Windows\system\NTlyVHM.exe

Filesize
2.0MB

MD5
2ceb48a8b6e853f23ae24a286e692118

SHA1
791e7a5740210c048cd50096270a639c089626ab

SHA256
1237e005b6cb75f6a61eb6f9a54c5ea1a5f8f92ec4d39884abc7a220f81a2b26

SHA512
0e2aad5d9eace3be5378c5600519432d880ee5e934d6897b77313e2afd8739b74cf9e6c1450f3351cd05a0ff89bc1f3336ea70a475cf5678f944255688a11381

Download Submit
C:\Windows\system\NoAUaDV.exe

Filesize
2.0MB

MD5
63e3fe1ca27bf733b0f5d5cf3c75a366

SHA1
6c9265e64c143a13172e7cd2d4e04891d3e36d38

SHA256
a1c9042970455dfb59a16c89af468f8fd9553aef86afc684dc1a7ffbe9a8d72a

SHA512
ff95aaae546a8fc07621d199c689d61ce10c29aa95ffb86a1d9d22350e0236b95eb2e91efe35dab6b0671c906b68a0ca751dd0dc1139c4433a77545809c38c17

Download Submit
C:\Windows\system\QswMDYj.exe

Filesize
2.0MB

MD5
dae6d5945f8d00bb5aa173a81960c636

SHA1
5aca5059afb69c93e8d7bff4cb6760b1dd1aedad

SHA256
154d1926f7596c20736449e5ee642b2c4e5ef4c116d1b3b463ea0a7ec4650106

SHA512
2cbbe120a558a9a42e632e2d9ccf647396f2030025c73f539a4b03a1410b668fbbdb1eaab5fc0f8d14bf83f7f12960be79b3fe807da5ef71408b6f851334581a

Download Submit
C:\Windows\system\RiwgTme.exe

Filesize
2.0MB

MD5
4966f8829f2b61c49cf39baa1d908c27

SHA1
2354ae72c4c182631f8bea221d132ab10b82c5e0

SHA256
1f4f4b8a45409660e53800a4f50dfbc2798f2500179cb2e0c6d0ef7dce741f6f

SHA512
cc31eb552ca4ef82531e3c63236b82a0de2dab6a681c0b851743cdfb32e904ae4418b3eaf389177dcbd29e9675ba6b9a4fa7089c9bc3daf0228fba1cd7680819

Download Submit
C:\Windows\system\ShJQlpN.exe

Filesize
2.0MB

MD5
091ba638a076cc802e7c9a6d22df680a

SHA1
cd2e59046c09a1ee861f8baed90388bf0a9e0ac1

SHA256
4fc4120c511b0c7d69e72d2a77a02e4eabaf44dfe0b4224202e5d6b82f968f39

SHA512
4c41a29134bc2b2d86313874dcc20e6e818a912be7904c8dd25cb1734eb85b027a454744fd55f2009e506b3157c79f1a5f1b887c8b48a1c5528d0842beb75ba2

Download Submit
C:\Windows\system\WRcuxyq.exe

Filesize
2.0MB

MD5
dbd40a3c63d74603deca97550e323b56

SHA1
8e2e3abda7a8a8b0a23f2963a179addd61ee6811

SHA256
3eb3fe00ec091d41dfdb3939c1d2ebb0c419b846889fa5741efdde4d0daf47cf

SHA512
d48ea07b869dcd39ba7a731ce88f3384391cc3ed658984b7c02eb7c5fe3ffb5f21b81ffb5c5085aafce635ecb018d0f62b9ff8ef957918c580206f2579de282c

Download Submit
C:\Windows\system\WYQONkn.exe

Filesize
2.0MB

MD5
412dd977031075ffc3bb5e0ceb0e027a

SHA1
a4109e30946b816b4d05330d6ff04433d99b4be5

SHA256
86bcb85b29e41584cc0558c75767846cc7d262396288515b7546bd9a3540dece

SHA512
1d124266bb882da3d9e79280f01dac16cec6739d678522ae1924c62c2d7f37fae86b5a9e45acc78d5aed341d53ad7d35c271041b5efc93562a4f8a204a0c4962

Download Submit
C:\Windows\system\XVBURLY.exe

Filesize
2.0MB

MD5
74fe34d66cbd7e4875fb5d647e1b6bff

SHA1
2281a24d01449c8d5869b9ab979b0ab477c727dd

SHA256
80731a67b841da015eb4879f369d9f3a8916e4902f2d852f0f28a9a4ace3fc34

SHA512
1bd475dead5c6cdb92ce2d40a4291080ea620ac2901930ecad2b7f0beece19fdc3867e89fa941cf4744a8227f3f2ed67fae2214e548f93fe572b4586d2d19811

Download Submit
C:\Windows\system\YROUaIv.exe

Filesize
2.0MB

MD5
7083de64bf945e67df398c5eb8f504b5

SHA1
b5f0795b75fafbf3756a287e4ed34c78463fa81c

SHA256
4cdde189aa5513514c7e49a78bc7298ba8a3603ff74f35f19a6484b57aa77202

SHA512
0c807ab81b66a5e7798f0dc6e629a1cf5283e00595cd5d63ff6499686d3ae339b46487a6bdeabdcb606612299ae619568f430b3761bf9cecf56cd7a6aac9615a

Download Submit
C:\Windows\system\cmtuhKO.exe

Filesize
2.0MB

MD5
faa11e9fb8bec6bbebbe040ae3c362d0

SHA1
b1d3ad44b2928f890fed6c94351139b8a02f73cd

SHA256
403d7ba9520a55bb3aee395d38ddfe4c978369176ca8f3bafd31b4ad013ab1fc

SHA512
d5298bd6afde5027d22622bc245a627624ef1559616a8adfaa8df24f6b224881e98c2987ba9d28448bab52e4d8db027e82135eff7b5c5ecafd45115e5b46df43

Download Submit
C:\Windows\system\eZejkKu.exe

Filesize
2.0MB

MD5
5b9699fc15f913df7448defafcbe8260

SHA1
0e232bf81ee24ed6d4abaa49d9663bb63110e8dd

SHA256
5822ff97908e87d61c36d538396982739334926afccc54c409590872196b0871

SHA512
0c8897497e0b934a11f21fe5b6e49502c23d1185dcfb157ed5c91d16df1dcce4cdbcda9548b28139e77abb09e53049c6731c735f6e9f1e4384c242dd90d150ca

Download Submit
C:\Windows\system\eaLgjeg.exe

Filesize
2.0MB

MD5
b7621992c919159329406bc8b27a5942

SHA1
b99305ed5da21be16b92f9ef66d00bd16b98a307

SHA256
fc04c7313016e4c61efc8030f82febf953e2170c80d7ac959f7c3cdc74979cd6

SHA512
fb2493c9feb7b25881a15ff33f9e1d22e7d172a24b61c20ff9403ad7da5e5d368d72a233de625db997867ad493bd0ab350387baaead902bcc23e3ee5b351851f

Download Submit
C:\Windows\system\mBGkwAU.exe

Filesize
2.0MB

MD5
97b93f318e7fad7ddb04a23a4f3da19a

SHA1
8733fcc163523594d4db0bf2c5c3aaa86f68afc7

SHA256
50076bce2c10d3f7b0af4a5fe5f4a6247e92800147c08a134226416f6b952e81

SHA512
56223d3cd86bbcc44665df711dbdaa4633c411ba04dd8779e85900db91ead0a559f6b678c9acdf4124759bfe690cc73d33f61dee2d46bfa3e4aa26afa3962647

Download Submit
C:\Windows\system\mHQToNs.exe

Filesize
2.0MB

MD5
4a7fff9364eb7f93258fedb4c38f85cb

SHA1
c33678a306cfc704b533b6c9cd90f72e68fe7518

SHA256
77aad353e8bd249bf843414a4df0f299c7941a2191a58c81191664f7fcaf61e6

SHA512
a5dcd7e60ffeeb97566b752e184e34d140d88c853aade08695b1e226b2d1c5fe2269730e2ac9e00bdc03f6de47c8401669881f750e384dd16d92f64abae8726f

Download Submit
C:\Windows\system\nTphjzy.exe

Filesize
2.0MB

MD5
4498960ce2c6751a744558323f81f6d7

SHA1
13a051aa8b4a7d9241277b58477a2ef30ae1b74f

SHA256
19610af2fcc4d5dc4cebeae990c0be7cb90f01e2a77c124a91325f8480e79126

SHA512
8649b7064c486542f6c7f0f4a769b03d5781b5d23276e3c9d79cf4473a9bea7cd5c5c13efa2f54852f8efad0aceb60aee2f9516eac00c1a2c96c86125fd2c4f8

Download Submit
C:\Windows\system\necIYfO.exe

Filesize
2.0MB

MD5
daafe566c49e7fb15d3af63751952277

SHA1
60612ddf9a514da13d46945aa5274370c05743d8

SHA256
d0b36171e3593f2763ffa9198b6cd7511fecf38ba2e03a4c78acbebd7efb2081

SHA512
43b8725dc34d32b99188056df9b961e46de6a6f868cd7f6f019f4bcedc0b7e581a43118133bcc2948325203fc8e6c6a2af5a8e05dd6b1ba82ce62aa8e81ea0a9

Download Submit
C:\Windows\system\nrtbirS.exe

Filesize
2.0MB

MD5
7fa928e2c1b3eddad4dfb093b7f46767

SHA1
f15ed59f554c7172c03454168f1daa44a41f86b2

SHA256
13e4f63c2341f0a964ffaff0d266680a20e18ff75c3eaaec77267cec6b875cf2

SHA512
c16e1cfec95540ba17501643d17748a72cc5923b827f0acc318f41c1857ca9abb49dbab8bf57c1b2d552a474a3a0f8d7ca87178706170d585eaaf9aab948bdb9

Download Submit
C:\Windows\system\qAkjLPw.exe

Filesize
2.0MB

MD5
81013bb46964f7c3052394c9c244fc07

SHA1
ed89db36430c4f51d1d6292d73a719138a6a9d92

SHA256
082d7193994d50cce6b7484b0d1f3a13ae6b7ce2fe96d8530447160ea8c0ce49

SHA512
f4ad24f9547226f7bd403251d35a0b98b66fe05ee41cfd9147aa64e381535d72d0ad9197a35c9367d172dbdcd745f755b1766694ba5a755a35d58de0b093be39

Download Submit
C:\Windows\system\rXqoHmp.exe

Filesize
2.0MB

MD5
d49ba575065ca9e76e38fbb50f38d087

SHA1
7e7d6484cefd0416eb736589feee8bfbd0914732

SHA256
19321fb6c3ac54a79acb44b2435732d7e9810506b4d3eb4bb8571f3135fd331f

SHA512
7c48a7b7d5eb030dbbe319b364fe66a20e00c3c708abfffe3b6362b160ece1dda40dc2b6281f6c60aae64d16ba0f75c9e655d42442210112df6074c6e6c96e26

Download Submit
C:\Windows\system\rnnIABX.exe

Filesize
2.0MB

MD5
274b053a6ebf224ff2a8e092fde36f41

SHA1
0b6442a947a851e82af5954affc9b9c77d152cc7

SHA256
9da0366b309c5d3536373bd02f7ea1947004b9fa80679b8d615a4eb9b8e05e66

SHA512
d751ec9b4d0020c01f051bf4c5fb032cb8c6fc8c74cfd36fc764401ccaae7bc98d48744d2512fb5a72eccf245e19a8e0cbd8f871217a02d6867be41108523bf6

Download Submit
C:\Windows\system\wGPSlfD.exe

Filesize
2.0MB

MD5
b3c5b7b9320baec90bd1f209d21d35f2

SHA1
462cdf62075357892d0c75516ac66932a87ce9da

SHA256
76578eb74e6f68ac9cddefc8f2ff55d97c23f48ace42239032b868c8ba25093a

SHA512
14500d2c714686bdadf5fd0d519038125c9ac2a52852cf586e32529552027109bb6df74c9aeb5c716c0c9d4f00b8383d89785ada2a2a20b074fb39f96a2d982b

Download Submit
\Windows\system\AaxDIme.exe

Filesize
2.0MB

MD5
eef479282c57d13edcb129a9d4c9fab2

SHA1
552c0db99cb1f3dd40aa327edae5d3756bd00e8c

SHA256
952d2c5906936aebecad63e16fc8bc452bda55106d3cca2938b9e81618fa5715

SHA512
e42724d82f671a690868c1e6e0d54bfdfd75d6ab1f4a849af3f18375df5b89d39a2d5a0b37e95c27b15d873e0e01f5517e7b7ce0c84163d855d792c6531297a9

Download Submit
\Windows\system\JyoOqAP.exe

Filesize
2.0MB

MD5
daf4f3c1ca376004064025f11e967269

SHA1
db617359c801a05a5645e1efd42f6cbd0f687f94

SHA256
9f902e05cef08c06bb2fbf60c031b43c5b6127cdbe0e9da41f341d1192eadb04

SHA512
7b750a46d3f165e84e29318bc9a03d407ed79162eb21ed9780e4821acff40cb03d5a387cd3a3d5e434adcd577df6b4d2e8913ed429ad2e2ff8547465d4d865ca

Download Submit
\Windows\system\QvXzQRc.exe

Filesize
2.0MB

MD5
742bdfa15fee9c0050d14664dd1221ff

SHA1
72a26ddeca30aac304fbed330de1ce34078e5b8a

SHA256
f900c2134aa9e67cba22981ff755c58f3ab79632d39040fb7192488f91044cde

SHA512
63f38429665dc3ca062a8b098e3401075399b85055c0deaef59d3794da2373a85b750f2ea7a8415e8c27bf9dedeec376625787bcb0dbeedb38bb8546fe505de1

Download Submit
\Windows\system\cstrIPA.exe

Filesize
2.0MB

MD5
19ba17e59961bd88a216acfa27d82cf7

SHA1
efddb64f5c681876224193d455c23b75a5a96be3

SHA256
263c9f98d9fe8653c9d1f82756221fec7c54c09251690179c284a0000fb60754

SHA512
4ecb2cf365016d667bfd61b1172af98d2323f0b17635dc7e507fc68b9e4f1f32c344258ce16858ace00c940d9fd44d808dff64daf480fa2a59f26f910ecd8168

Download Submit
\Windows\system\eqLihjb.exe

Filesize
2.0MB

MD5
159668fae2c17eb0c6b5659df5b025c5

SHA1
9626e0e378c8c72dc1843e6dcec85df44256ba5c

SHA256
27d344173460a2ac7851286bacba2a21407173eb85a084a69dc9a69ae1d957e3

SHA512
066bc8f7e3878fbd41380817e08f6e46b5b3d1e955145f05219b2c46de45989c1a59ef5f70264c7c207300bb0dc94c6a57233cbcd33fe835d9295171b2f817cf

Download Submit
\Windows\system\muOqaHX.exe

Filesize
2.0MB

MD5
13719608f8085fe1e59f29dd0d1810b5

SHA1
b14a6d21bc99da90d76ee8817e013757cdb77a8c

SHA256
476034b9b89453c845f1857f505bc54e1de754700dfa21d5e2c45f0edfd5e2c2

SHA512
d2cae04fa63e3e644b76dc88491f45859286da0d92afc00b7f58b1573e58fd5ae72a296269cbae85081bd290726c645ef462938bd121e852b511cda4575b9c52

Download Submit
\Windows\system\ouYzDCS.exe

Filesize
2.0MB

MD5
88bb2b0b41e947580b637bf2c4dd7c32

SHA1
4f910096de3e6bdf97f8ef5b038ff256d1904c64

SHA256
509af855acffe426d0d1eba872fcb4fe4b92929c6efe7768eea91b137de3ef5d

SHA512
794cd1b836284f6275652dcf5458c38a76a0c165d29f56aeaf1961287a6a5fc5124d8146ff8af7c87c5bd63e44a643d2024d61d6fc4de867a53dd366cb3b21ab

Download Submit
\Windows\system\plscgOi.exe

Filesize
2.0MB

MD5
7ef87530293e895f14b650104bb4911b

SHA1
067c1a4ed90ff84b8163739ecec44c5bf44dddb3

SHA256
6a11a12ad7066676e08e9e85f0b608b11c5ec89d75cd1f7c2a93e8e58db0983b

SHA512
c3165c39fb38a67ab8422b566c9460fcbf8bd8eb45328a208ecce024e0dff214f37fa6cc8f46b1f38a038973c32765eaa7e9a5f7f53f701d18a43711cca3154a

Download Submit
memory/1152-0-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download