kpot | d503fe25b09ba66e093eb2715140b9f2ecb94696a8de4c99269720f126a9a5a7

Analysis

max time kernel
137s
max time network
147s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
Size

2.0MB
MD5

ce4a66c0af33b51cbe442fa650e54b60
SHA1

512d12e04ea5c22e2aa5dea0bdcc39b929f306ff
SHA256

d503fe25b09ba66e093eb2715140b9f2ecb94696a8de4c99269720f126a9a5a7
SHA512

b7a7f779271786c6c16ec9fbb03c65cee3c1d1f7e178074ce8ac8217e2c75acb9226ad922c21919295acb57f9661ad6b1ef5f15a78da8e5637fa48e2aa77e9a2
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PD:GemTLkNdfE0pZaQj

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000500000000b309-2.dat	family_kpot
behavioral1/files/0x004b00000001430e-8.dat	family_kpot
behavioral1/files/0x00260000000144d4-9.dat	family_kpot
behavioral1/files/0x00070000000144f6-17.dat	family_kpot
behavioral1/files/0x0007000000014583-21.dat	family_kpot
behavioral1/files/0x0007000000014651-26.dat	family_kpot
behavioral1/files/0x000b000000015649-34.dat	family_kpot
behavioral1/files/0x0007000000015670-37.dat	family_kpot
behavioral1/files/0x0006000000016cc7-39.dat	family_kpot
behavioral1/files/0x0006000000016d01-49.dat	family_kpot
behavioral1/files/0x0006000000016d25-61.dat	family_kpot
behavioral1/files/0x0006000000016d2a-65.dat	family_kpot
behavioral1/files/0x0006000000016d97-93.dat	family_kpot
behavioral1/files/0x0006000000016da9-101.dat	family_kpot
behavioral1/files/0x000600000001753d-125.dat	family_kpot
behavioral1/files/0x000d00000001863a-133.dat	family_kpot
behavioral1/files/0x001400000001862f-129.dat	family_kpot
behavioral1/files/0x00060000000173be-121.dat	family_kpot
behavioral1/files/0x00060000000173b3-117.dat	family_kpot
behavioral1/files/0x00060000000171c4-113.dat	family_kpot
behavioral1/files/0x0006000000017077-109.dat	family_kpot
behavioral1/files/0x0006000000017038-105.dat	family_kpot
behavioral1/files/0x0006000000016da2-97.dat	family_kpot
behavioral1/files/0x0006000000016d8e-89.dat	family_kpot
behavioral1/files/0x0006000000016d7f-85.dat	family_kpot
behavioral1/files/0x0006000000016d65-81.dat	family_kpot
behavioral1/files/0x0006000000016d51-77.dat	family_kpot
behavioral1/files/0x0006000000016d35-73.dat	family_kpot
behavioral1/files/0x0006000000016d2e-69.dat	family_kpot
behavioral1/files/0x0006000000016d11-57.dat	family_kpot
behavioral1/files/0x0006000000016d09-53.dat	family_kpot
behavioral1/files/0x0006000000016cf0-45.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral1/files/0x000500000000b309-2.dat	xmrig
behavioral1/files/0x004b00000001430e-8.dat	xmrig
behavioral1/files/0x00260000000144d4-9.dat	xmrig
behavioral1/files/0x00070000000144f6-17.dat	xmrig
behavioral1/files/0x0007000000014583-21.dat	xmrig
behavioral1/files/0x0007000000014651-26.dat	xmrig
behavioral1/files/0x000b000000015649-34.dat	xmrig
behavioral1/files/0x0007000000015670-37.dat	xmrig
behavioral1/files/0x0006000000016cc7-39.dat	xmrig
behavioral1/files/0x0006000000016d01-49.dat	xmrig
behavioral1/files/0x0006000000016d25-61.dat	xmrig
behavioral1/files/0x0006000000016d2a-65.dat	xmrig
behavioral1/files/0x0006000000016d97-93.dat	xmrig
behavioral1/files/0x0006000000016da9-101.dat	xmrig
behavioral1/files/0x000600000001753d-125.dat	xmrig
behavioral1/files/0x000d00000001863a-133.dat	xmrig
behavioral1/files/0x001400000001862f-129.dat	xmrig
behavioral1/files/0x00060000000173be-121.dat	xmrig
behavioral1/files/0x00060000000173b3-117.dat	xmrig
behavioral1/files/0x00060000000171c4-113.dat	xmrig
behavioral1/files/0x0006000000017077-109.dat	xmrig
behavioral1/files/0x0006000000017038-105.dat	xmrig
behavioral1/files/0x0006000000016da2-97.dat	xmrig
behavioral1/files/0x0006000000016d8e-89.dat	xmrig
behavioral1/files/0x0006000000016d7f-85.dat	xmrig
behavioral1/files/0x0006000000016d65-81.dat	xmrig
behavioral1/files/0x0006000000016d51-77.dat	xmrig
behavioral1/files/0x0006000000016d35-73.dat	xmrig
behavioral1/files/0x0006000000016d2e-69.dat	xmrig
behavioral1/files/0x0006000000016d11-57.dat	xmrig
behavioral1/files/0x0006000000016d09-53.dat	xmrig
behavioral1/files/0x0006000000016cf0-45.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2196	susvdNX.exe
2828	nbNWorN.exe
3064	wVlVlJG.exe
2688	OgjiUaH.exe
2784	SvwkpAi.exe
2696	NSiFObc.exe
2772	njveGnR.exe
2076	NVJTgQA.exe
2820	CJyqxRg.exe
2836	TwYmaQk.exe
2580	xkECEus.exe
2780	RfZjQvr.exe
2552	wPPrKto.exe
2612	JbAbETo.exe
2940	EKOYRUT.exe
2268	SVAOpku.exe
2352	sGZxpoj.exe
2896	dVUpjJT.exe
2720	nmwHxBE.exe
2248	rJHmQRY.exe
2068	RxqyduY.exe
1668	BPCuPvB.exe
2004	BbLZtRe.exe
1600	ZdUrWWq.exe
2884	mJqCjDj.exe
1336	mDZQbvd.exe
1516	rgBqjUS.exe
1636	HLRlPcS.exe
1760	DtolZTb.exe
2228	mxHtTBy.exe
2088	nYcdqNx.exe
2984	ByVhrgR.exe
2136	yRRHthG.exe
1096	uaKVuOD.exe
1908	zqMzYzP.exe
2216	aMUCCqg.exe
668	jZqdtMS.exe
768	PPDqijE.exe
1004	GXIEfrs.exe
1316	RwYqqnH.exe
1632	UHKfunJ.exe
1108	OwPqzrZ.exe
1856	hCAKvsq.exe
576	pMoRjnp.exe
1800	RRECVSw.exe
1092	KgBLQeK.exe
1540	EPVMVwu.exe
2144	YEokikM.exe
956	dqPEfzU.exe
2512	COLbdGZ.exe
800	sQLvdAy.exe
688	LDGfAxR.exe
304	qHhsBAQ.exe
1360	idNqcSI.exe
1768	HKmhxLM.exe
1544	KydOFKV.exe
1352	gtGvjkZ.exe
1640	xrRNcjw.exe
1036	HhSWqUH.exe
2716	UNMvaDK.exe
108	BSvQqRz.exe
1248	iRJexmE.exe
2256	NVQdQhT.exe
2312	YGsXXzF.exe

Loads dropped DLL 64 IoCs

pid	Process
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ByVhrgR.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\lSDsueM.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\oLfTqDz.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\rbfwbrZ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\DjLmwPC.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\wlwpHQk.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\jRzBKxv.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\yDawJlL.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\mDZQbvd.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\sQLvdAy.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\hYBGEha.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\sGZxpoj.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\UNMvaDK.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\qmjgpUQ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\mazdIXz.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\vavoUkY.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\tCdAPfe.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\UHKfunJ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\xrRNcjw.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\KFmNAzT.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\eGrCPrU.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\fNWwNBS.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\jXXmfJS.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\gQTAznp.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\ClhGruD.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\MdfcGNE.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\MXLqgmP.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\aMUCCqg.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\YBjxghR.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\tJFqZOu.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\cclRXSa.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\nbNWorN.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\wPPrKto.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\yRRHthG.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\oUTYWOu.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\ecuSRdE.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\iwXteFk.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\BbLZtRe.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\owhnTKG.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\LUcpWZi.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\vRDCaHl.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\uHMdbHk.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\bxXXMkb.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\gLAJYSO.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\MEVnxxj.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\PPDqijE.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\SvyRJlg.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\ubxeSWD.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\RcvUtrz.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\RwYqqnH.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\HmNCvLa.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\xsOhHCh.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\EKOYRUT.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\qHhsBAQ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\dAizWYY.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\QFKhala.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\TQtSqFo.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\qCKEGvq.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\KydOFKV.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\gtGvjkZ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\xFSDVKv.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\OwPqzrZ.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\vtaMxtK.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
File created	C:\Windows\System\lQkqlYp.exe	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2196	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2196	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2196	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2828	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	30
PID 1936 wrote to memory of 2828	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	30
PID 1936 wrote to memory of 2828	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	30
PID 1936 wrote to memory of 3064	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	31
PID 1936 wrote to memory of 3064	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	31
PID 1936 wrote to memory of 3064	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	31
PID 1936 wrote to memory of 2688	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	32
PID 1936 wrote to memory of 2688	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	32
PID 1936 wrote to memory of 2688	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	32
PID 1936 wrote to memory of 2784	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	33
PID 1936 wrote to memory of 2784	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	33
PID 1936 wrote to memory of 2784	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	33
PID 1936 wrote to memory of 2696	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	34
PID 1936 wrote to memory of 2696	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	34
PID 1936 wrote to memory of 2696	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	34
PID 1936 wrote to memory of 2772	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	35
PID 1936 wrote to memory of 2772	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	35
PID 1936 wrote to memory of 2772	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	35
PID 1936 wrote to memory of 2076	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	36
PID 1936 wrote to memory of 2076	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	36
PID 1936 wrote to memory of 2076	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	36
PID 1936 wrote to memory of 2820	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	37
PID 1936 wrote to memory of 2820	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	37
PID 1936 wrote to memory of 2820	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	37
PID 1936 wrote to memory of 2836	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	38
PID 1936 wrote to memory of 2836	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	38
PID 1936 wrote to memory of 2836	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	38
PID 1936 wrote to memory of 2580	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	39
PID 1936 wrote to memory of 2580	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	39
PID 1936 wrote to memory of 2580	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	39
PID 1936 wrote to memory of 2780	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	40
PID 1936 wrote to memory of 2780	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	40
PID 1936 wrote to memory of 2780	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	40
PID 1936 wrote to memory of 2552	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	41
PID 1936 wrote to memory of 2552	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	41
PID 1936 wrote to memory of 2552	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	41
PID 1936 wrote to memory of 2612	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	42
PID 1936 wrote to memory of 2612	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	42
PID 1936 wrote to memory of 2612	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	42
PID 1936 wrote to memory of 2940	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	43
PID 1936 wrote to memory of 2940	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	43
PID 1936 wrote to memory of 2940	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	43
PID 1936 wrote to memory of 2268	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	44
PID 1936 wrote to memory of 2268	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	44
PID 1936 wrote to memory of 2268	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	44
PID 1936 wrote to memory of 2352	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	45
PID 1936 wrote to memory of 2352	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	45
PID 1936 wrote to memory of 2352	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	45
PID 1936 wrote to memory of 2896	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	46
PID 1936 wrote to memory of 2896	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	46
PID 1936 wrote to memory of 2896	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	46
PID 1936 wrote to memory of 2720	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	47
PID 1936 wrote to memory of 2720	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	47
PID 1936 wrote to memory of 2720	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	47
PID 1936 wrote to memory of 2248	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	48
PID 1936 wrote to memory of 2248	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	48
PID 1936 wrote to memory of 2248	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	48
PID 1936 wrote to memory of 2068	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	49
PID 1936 wrote to memory of 2068	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	49
PID 1936 wrote to memory of 2068	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	49
PID 1936 wrote to memory of 1668	1936	ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ce4a66c0af33b51cbe442fa650e54b60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\System\susvdNX.exe
  C:\Windows\System\susvdNX.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\nbNWorN.exe
  C:\Windows\System\nbNWorN.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\wVlVlJG.exe
  C:\Windows\System\wVlVlJG.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\OgjiUaH.exe
  C:\Windows\System\OgjiUaH.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\SvwkpAi.exe
  C:\Windows\System\SvwkpAi.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NSiFObc.exe
  C:\Windows\System\NSiFObc.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\njveGnR.exe
  C:\Windows\System\njveGnR.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\NVJTgQA.exe
  C:\Windows\System\NVJTgQA.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\CJyqxRg.exe
  C:\Windows\System\CJyqxRg.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\TwYmaQk.exe
  C:\Windows\System\TwYmaQk.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\xkECEus.exe
  C:\Windows\System\xkECEus.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\RfZjQvr.exe
  C:\Windows\System\RfZjQvr.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\wPPrKto.exe
  C:\Windows\System\wPPrKto.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\JbAbETo.exe
  C:\Windows\System\JbAbETo.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EKOYRUT.exe
  C:\Windows\System\EKOYRUT.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SVAOpku.exe
  C:\Windows\System\SVAOpku.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\sGZxpoj.exe
  C:\Windows\System\sGZxpoj.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\dVUpjJT.exe
  C:\Windows\System\dVUpjJT.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nmwHxBE.exe
  C:\Windows\System\nmwHxBE.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\rJHmQRY.exe
  C:\Windows\System\rJHmQRY.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\RxqyduY.exe
  C:\Windows\System\RxqyduY.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\BPCuPvB.exe
  C:\Windows\System\BPCuPvB.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\BbLZtRe.exe
  C:\Windows\System\BbLZtRe.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ZdUrWWq.exe
  C:\Windows\System\ZdUrWWq.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\mJqCjDj.exe
  C:\Windows\System\mJqCjDj.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\mDZQbvd.exe
  C:\Windows\System\mDZQbvd.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\rgBqjUS.exe
  C:\Windows\System\rgBqjUS.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\HLRlPcS.exe
  C:\Windows\System\HLRlPcS.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\DtolZTb.exe
  C:\Windows\System\DtolZTb.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\mxHtTBy.exe
  C:\Windows\System\mxHtTBy.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\nYcdqNx.exe
  C:\Windows\System\nYcdqNx.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ByVhrgR.exe
  C:\Windows\System\ByVhrgR.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yRRHthG.exe
  C:\Windows\System\yRRHthG.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\uaKVuOD.exe
  C:\Windows\System\uaKVuOD.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zqMzYzP.exe
  C:\Windows\System\zqMzYzP.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\aMUCCqg.exe
  C:\Windows\System\aMUCCqg.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\jZqdtMS.exe
  C:\Windows\System\jZqdtMS.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\PPDqijE.exe
  C:\Windows\System\PPDqijE.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\GXIEfrs.exe
  C:\Windows\System\GXIEfrs.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\RwYqqnH.exe
  C:\Windows\System\RwYqqnH.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\UHKfunJ.exe
  C:\Windows\System\UHKfunJ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\OwPqzrZ.exe
  C:\Windows\System\OwPqzrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\hCAKvsq.exe
  C:\Windows\System\hCAKvsq.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\pMoRjnp.exe
  C:\Windows\System\pMoRjnp.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\RRECVSw.exe
  C:\Windows\System\RRECVSw.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\KgBLQeK.exe
  C:\Windows\System\KgBLQeK.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\EPVMVwu.exe
  C:\Windows\System\EPVMVwu.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\YEokikM.exe
  C:\Windows\System\YEokikM.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\dqPEfzU.exe
  C:\Windows\System\dqPEfzU.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\COLbdGZ.exe
  C:\Windows\System\COLbdGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\sQLvdAy.exe
  C:\Windows\System\sQLvdAy.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\LDGfAxR.exe
  C:\Windows\System\LDGfAxR.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\qHhsBAQ.exe
  C:\Windows\System\qHhsBAQ.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\idNqcSI.exe
  C:\Windows\System\idNqcSI.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\HKmhxLM.exe
  C:\Windows\System\HKmhxLM.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\KydOFKV.exe
  C:\Windows\System\KydOFKV.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\gtGvjkZ.exe
  C:\Windows\System\gtGvjkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\xrRNcjw.exe
  C:\Windows\System\xrRNcjw.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HhSWqUH.exe
  C:\Windows\System\HhSWqUH.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\UNMvaDK.exe
  C:\Windows\System\UNMvaDK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\BSvQqRz.exe
  C:\Windows\System\BSvQqRz.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\iRJexmE.exe
  C:\Windows\System\iRJexmE.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\NVQdQhT.exe
  C:\Windows\System\NVQdQhT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\YGsXXzF.exe
  C:\Windows\System\YGsXXzF.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\zXBTpkr.exe
  C:\Windows\System\zXBTpkr.exe
  2⤵
  PID:1204
- C:\Windows\System\VHFZWde.exe
  C:\Windows\System\VHFZWde.exe
  2⤵
  PID:572
- C:\Windows\System\lLWulPw.exe
  C:\Windows\System\lLWulPw.exe
  2⤵
  PID:1868
- C:\Windows\System\QfZjACL.exe
  C:\Windows\System\QfZjACL.exe
  2⤵
  PID:2968
- C:\Windows\System\eFMufeP.exe
  C:\Windows\System\eFMufeP.exe
  2⤵
  PID:1720
- C:\Windows\System\jahXmuL.exe
  C:\Windows\System\jahXmuL.exe
  2⤵
  PID:600
- C:\Windows\System\aVfcAax.exe
  C:\Windows\System\aVfcAax.exe
  2⤵
  PID:884
- C:\Windows\System\zXDIJvV.exe
  C:\Windows\System\zXDIJvV.exe
  2⤵
  PID:1984
- C:\Windows\System\YBjxghR.exe
  C:\Windows\System\YBjxghR.exe
  2⤵
  PID:1704
- C:\Windows\System\DhRXBGn.exe
  C:\Windows\System\DhRXBGn.exe
  2⤵
  PID:2996
- C:\Windows\System\dJSddpg.exe
  C:\Windows\System\dJSddpg.exe
  2⤵
  PID:1592
- C:\Windows\System\SvyRJlg.exe
  C:\Windows\System\SvyRJlg.exe
  2⤵
  PID:1584
- C:\Windows\System\RqDaAqx.exe
  C:\Windows\System\RqDaAqx.exe
  2⤵
  PID:2320
- C:\Windows\System\xFSDVKv.exe
  C:\Windows\System\xFSDVKv.exe
  2⤵
  PID:3044
- C:\Windows\System\owhnTKG.exe
  C:\Windows\System\owhnTKG.exe
  2⤵
  PID:2328
- C:\Windows\System\rXQOSZn.exe
  C:\Windows\System\rXQOSZn.exe
  2⤵
  PID:2684
- C:\Windows\System\ezbuzou.exe
  C:\Windows\System\ezbuzou.exe
  2⤵
  PID:2740
- C:\Windows\System\hhPsQQe.exe
  C:\Windows\System\hhPsQQe.exe
  2⤵
  PID:2744
- C:\Windows\System\PvSkHOW.exe
  C:\Windows\System\PvSkHOW.exe
  2⤵
  PID:2816
- C:\Windows\System\yejbDqy.exe
  C:\Windows\System\yejbDqy.exe
  2⤵
  PID:2672
- C:\Windows\System\JipkpyJ.exe
  C:\Windows\System\JipkpyJ.exe
  2⤵
  PID:2852
- C:\Windows\System\mjawoGI.exe
  C:\Windows\System\mjawoGI.exe
  2⤵
  PID:2652
- C:\Windows\System\QFKhala.exe
  C:\Windows\System\QFKhala.exe
  2⤵
  PID:2604
- C:\Windows\System\oDhiPpQ.exe
  C:\Windows\System\oDhiPpQ.exe
  2⤵
  PID:2424
- C:\Windows\System\QSFQfUk.exe
  C:\Windows\System\QSFQfUk.exe
  2⤵
  PID:2904
- C:\Windows\System\YJbIiGD.exe
  C:\Windows\System\YJbIiGD.exe
  2⤵
  PID:1428
- C:\Windows\System\JmLrtIh.exe
  C:\Windows\System\JmLrtIh.exe
  2⤵
  PID:3052
- C:\Windows\System\DTlFnTg.exe
  C:\Windows\System\DTlFnTg.exe
  2⤵
  PID:2072
- C:\Windows\System\NIHBTZa.exe
  C:\Windows\System\NIHBTZa.exe
  2⤵
  PID:2864
- C:\Windows\System\OLbailm.exe
  C:\Windows\System\OLbailm.exe
  2⤵
  PID:2096
- C:\Windows\System\SCYVSrn.exe
  C:\Windows\System\SCYVSrn.exe
  2⤵
  PID:1308
- C:\Windows\System\LUcpWZi.exe
  C:\Windows\System\LUcpWZi.exe
  2⤵
  PID:1724
- C:\Windows\System\VYBDdCW.exe
  C:\Windows\System\VYBDdCW.exe
  2⤵
  PID:2724
- C:\Windows\System\MguQooB.exe
  C:\Windows\System\MguQooB.exe
  2⤵
  PID:2524
- C:\Windows\System\lfymRUj.exe
  C:\Windows\System\lfymRUj.exe
  2⤵
  PID:484
- C:\Windows\System\MhBgOwJ.exe
  C:\Windows\System\MhBgOwJ.exe
  2⤵
  PID:1040
- C:\Windows\System\ubxeSWD.exe
  C:\Windows\System\ubxeSWD.exe
  2⤵
  PID:680
- C:\Windows\System\dAizWYY.exe
  C:\Windows\System\dAizWYY.exe
  2⤵
  PID:1852
- C:\Windows\System\LoinQfK.exe
  C:\Windows\System\LoinQfK.exe
  2⤵
  PID:820
- C:\Windows\System\rgSUMRp.exe
  C:\Windows\System\rgSUMRp.exe
  2⤵
  PID:628
- C:\Windows\System\DONtXzN.exe
  C:\Windows\System\DONtXzN.exe
  2⤵
  PID:408
- C:\Windows\System\ZdLCmRo.exe
  C:\Windows\System\ZdLCmRo.exe
  2⤵
  PID:2360
- C:\Windows\System\zXZrMsS.exe
  C:\Windows\System\zXZrMsS.exe
  2⤵
  PID:1400
- C:\Windows\System\rjjhTSp.exe
  C:\Windows\System\rjjhTSp.exe
  2⤵
  PID:1816
- C:\Windows\System\iSdFxyk.exe
  C:\Windows\System\iSdFxyk.exe
  2⤵
  PID:1772
- C:\Windows\System\nBJwIBY.exe
  C:\Windows\System\nBJwIBY.exe
  2⤵
  PID:3004
- C:\Windows\System\kavfAdy.exe
  C:\Windows\System\kavfAdy.exe
  2⤵
  PID:1644
- C:\Windows\System\oHEWtOo.exe
  C:\Windows\System\oHEWtOo.exe
  2⤵
  PID:1156
- C:\Windows\System\eRhVtdM.exe
  C:\Windows\System\eRhVtdM.exe
  2⤵
  PID:860
- C:\Windows\System\usfzbsa.exe
  C:\Windows\System\usfzbsa.exe
  2⤵
  PID:1928
- C:\Windows\System\VzxIJZF.exe
  C:\Windows\System\VzxIJZF.exe
  2⤵
  PID:1056
- C:\Windows\System\tVukUVA.exe
  C:\Windows\System\tVukUVA.exe
  2⤵
  PID:1748
- C:\Windows\System\SwbOJKN.exe
  C:\Windows\System\SwbOJKN.exe
  2⤵
  PID:1252
- C:\Windows\System\GypIaLg.exe
  C:\Windows\System\GypIaLg.exe
  2⤵
  PID:2192
- C:\Windows\System\IsyeMDD.exe
  C:\Windows\System\IsyeMDD.exe
  2⤵
  PID:1588
- C:\Windows\System\BfcpDQp.exe
  C:\Windows\System\BfcpDQp.exe
  2⤵
  PID:2920
- C:\Windows\System\gYLrGlN.exe
  C:\Windows\System\gYLrGlN.exe
  2⤵
  PID:2668
- C:\Windows\System\epibjDq.exe
  C:\Windows\System\epibjDq.exe
  2⤵
  PID:2976
- C:\Windows\System\jXXmfJS.exe
  C:\Windows\System\jXXmfJS.exe
  2⤵
  PID:2664
- C:\Windows\System\KFmNAzT.exe
  C:\Windows\System\KFmNAzT.exe
  2⤵
  PID:2704
- C:\Windows\System\ggMMhqN.exe
  C:\Windows\System\ggMMhqN.exe
  2⤵
  PID:2856
- C:\Windows\System\rHDBjGb.exe
  C:\Windows\System\rHDBjGb.exe
  2⤵
  PID:2932
- C:\Windows\System\YUYdktq.exe
  C:\Windows\System\YUYdktq.exe
  2⤵
  PID:1976
- C:\Windows\System\QAqqWdv.exe
  C:\Windows\System\QAqqWdv.exe
  2⤵
  PID:1552
- C:\Windows\System\VnCniXs.exe
  C:\Windows\System\VnCniXs.exe
  2⤵
  PID:2284
- C:\Windows\System\oUTYWOu.exe
  C:\Windows\System\oUTYWOu.exe
  2⤵
  PID:536
- C:\Windows\System\EnYlIsq.exe
  C:\Windows\System\EnYlIsq.exe
  2⤵
  PID:780
- C:\Windows\System\ZtKEMuO.exe
  C:\Windows\System\ZtKEMuO.exe
  2⤵
  PID:2108
- C:\Windows\System\MXLqgmP.exe
  C:\Windows\System\MXLqgmP.exe
  2⤵
  PID:1652
- C:\Windows\System\MdfcGNE.exe
  C:\Windows\System\MdfcGNE.exe
  2⤵
  PID:1948
- C:\Windows\System\UNgKQeC.exe
  C:\Windows\System\UNgKQeC.exe
  2⤵
  PID:1528
- C:\Windows\System\hWeeBQF.exe
  C:\Windows\System\hWeeBQF.exe
  2⤵
  PID:1028
- C:\Windows\System\xvsULtF.exe
  C:\Windows\System\xvsULtF.exe
  2⤵
  PID:1388
- C:\Windows\System\AKRveCH.exe
  C:\Windows\System\AKRveCH.exe
  2⤵
  PID:2548
- C:\Windows\System\xPBZpGA.exe
  C:\Windows\System\xPBZpGA.exe
  2⤵
  PID:2456
- C:\Windows\System\GJLzMEY.exe
  C:\Windows\System\GJLzMEY.exe
  2⤵
  PID:2128
- C:\Windows\System\wFalRZb.exe
  C:\Windows\System\wFalRZb.exe
  2⤵
  PID:1700
- C:\Windows\System\kFMOLBN.exe
  C:\Windows\System\kFMOLBN.exe
  2⤵
  PID:2776
- C:\Windows\System\fRjqfYe.exe
  C:\Windows\System\fRjqfYe.exe
  2⤵
  PID:2788
- C:\Windows\System\qmjgpUQ.exe
  C:\Windows\System\qmjgpUQ.exe
  2⤵
  PID:2324
- C:\Windows\System\vjhzljf.exe
  C:\Windows\System\vjhzljf.exe
  2⤵
  PID:2264
- C:\Windows\System\hhgJYyk.exe
  C:\Windows\System\hhgJYyk.exe
  2⤵
  PID:1536
- C:\Windows\System\lsGPgRs.exe
  C:\Windows\System\lsGPgRs.exe
  2⤵
  PID:2008
- C:\Windows\System\QugDLxq.exe
  C:\Windows\System\QugDLxq.exe
  2⤵
  PID:2044
- C:\Windows\System\XDJwpWH.exe
  C:\Windows\System\XDJwpWH.exe
  2⤵
  PID:3084
- C:\Windows\System\aGVqOSs.exe
  C:\Windows\System\aGVqOSs.exe
  2⤵
  PID:3100
- C:\Windows\System\eCcdQGQ.exe
  C:\Windows\System\eCcdQGQ.exe
  2⤵
  PID:3116
- C:\Windows\System\DCMBLLv.exe
  C:\Windows\System\DCMBLLv.exe
  2⤵
  PID:3132
- C:\Windows\System\BdQRltA.exe
  C:\Windows\System\BdQRltA.exe
  2⤵
  PID:3148
- C:\Windows\System\EHnKBUZ.exe
  C:\Windows\System\EHnKBUZ.exe
  2⤵
  PID:3164
- C:\Windows\System\vRDCaHl.exe
  C:\Windows\System\vRDCaHl.exe
  2⤵
  PID:3180
- C:\Windows\System\bSMFHrp.exe
  C:\Windows\System\bSMFHrp.exe
  2⤵
  PID:3196
- C:\Windows\System\hYBGEha.exe
  C:\Windows\System\hYBGEha.exe
  2⤵
  PID:3212
- C:\Windows\System\RUnfrGR.exe
  C:\Windows\System\RUnfrGR.exe
  2⤵
  PID:3228
- C:\Windows\System\EWAtzKg.exe
  C:\Windows\System\EWAtzKg.exe
  2⤵
  PID:3244
- C:\Windows\System\xqRfIoU.exe
  C:\Windows\System\xqRfIoU.exe
  2⤵
  PID:3260
- C:\Windows\System\DNuLfsp.exe
  C:\Windows\System\DNuLfsp.exe
  2⤵
  PID:3276
- C:\Windows\System\grJNqQQ.exe
  C:\Windows\System\grJNqQQ.exe
  2⤵
  PID:3292
- C:\Windows\System\PpZCSkr.exe
  C:\Windows\System\PpZCSkr.exe
  2⤵
  PID:3308
- C:\Windows\System\gQTAznp.exe
  C:\Windows\System\gQTAznp.exe
  2⤵
  PID:3324
- C:\Windows\System\upGRzco.exe
  C:\Windows\System\upGRzco.exe
  2⤵
  PID:3340
- C:\Windows\System\pRhIzpz.exe
  C:\Windows\System\pRhIzpz.exe
  2⤵
  PID:3356
- C:\Windows\System\fzUPfrr.exe
  C:\Windows\System\fzUPfrr.exe
  2⤵
  PID:3372
- C:\Windows\System\iBrbmpY.exe
  C:\Windows\System\iBrbmpY.exe
  2⤵
  PID:3388
- C:\Windows\System\CUYBBAE.exe
  C:\Windows\System\CUYBBAE.exe
  2⤵
  PID:3404
- C:\Windows\System\RHWYTrv.exe
  C:\Windows\System\RHWYTrv.exe
  2⤵
  PID:3420
- C:\Windows\System\OtHKcvy.exe
  C:\Windows\System\OtHKcvy.exe
  2⤵
  PID:3436
- C:\Windows\System\VQfQQsw.exe
  C:\Windows\System\VQfQQsw.exe
  2⤵
  PID:3452
- C:\Windows\System\BkIafhM.exe
  C:\Windows\System\BkIafhM.exe
  2⤵
  PID:3468
- C:\Windows\System\kdhRUVN.exe
  C:\Windows\System\kdhRUVN.exe
  2⤵
  PID:3484
- C:\Windows\System\ecuSRdE.exe
  C:\Windows\System\ecuSRdE.exe
  2⤵
  PID:3500
- C:\Windows\System\NWSiIPJ.exe
  C:\Windows\System\NWSiIPJ.exe
  2⤵
  PID:3516
- C:\Windows\System\rlDyHzX.exe
  C:\Windows\System\rlDyHzX.exe
  2⤵
  PID:3532
- C:\Windows\System\unWBNJm.exe
  C:\Windows\System\unWBNJm.exe
  2⤵
  PID:3548
- C:\Windows\System\rbfwbrZ.exe
  C:\Windows\System\rbfwbrZ.exe
  2⤵
  PID:3564
- C:\Windows\System\qSTrAOV.exe
  C:\Windows\System\qSTrAOV.exe
  2⤵
  PID:3580
- C:\Windows\System\mazdIXz.exe
  C:\Windows\System\mazdIXz.exe
  2⤵
  PID:3596
- C:\Windows\System\FCESYta.exe
  C:\Windows\System\FCESYta.exe
  2⤵
  PID:3612
- C:\Windows\System\zwbAlJc.exe
  C:\Windows\System\zwbAlJc.exe
  2⤵
  PID:3628
- C:\Windows\System\FIAeZFi.exe
  C:\Windows\System\FIAeZFi.exe
  2⤵
  PID:3644
- C:\Windows\System\uHMdbHk.exe
  C:\Windows\System\uHMdbHk.exe
  2⤵
  PID:3660
- C:\Windows\System\ZEtslid.exe
  C:\Windows\System\ZEtslid.exe
  2⤵
  PID:3676
- C:\Windows\System\UiaLMyR.exe
  C:\Windows\System\UiaLMyR.exe
  2⤵
  PID:3692
- C:\Windows\System\DjLmwPC.exe
  C:\Windows\System\DjLmwPC.exe
  2⤵
  PID:3708
- C:\Windows\System\EOzirJn.exe
  C:\Windows\System\EOzirJn.exe
  2⤵
  PID:3724
- C:\Windows\System\LHlYejw.exe
  C:\Windows\System\LHlYejw.exe
  2⤵
  PID:3740
- C:\Windows\System\lSDsueM.exe
  C:\Windows\System\lSDsueM.exe
  2⤵
  PID:3756
- C:\Windows\System\xuiLseB.exe
  C:\Windows\System\xuiLseB.exe
  2⤵
  PID:3772
- C:\Windows\System\SuXywLE.exe
  C:\Windows\System\SuXywLE.exe
  2⤵
  PID:3788
- C:\Windows\System\gNriteX.exe
  C:\Windows\System\gNriteX.exe
  2⤵
  PID:3804
- C:\Windows\System\DPBqzMo.exe
  C:\Windows\System\DPBqzMo.exe
  2⤵
  PID:3820
- C:\Windows\System\NyoFufb.exe
  C:\Windows\System\NyoFufb.exe
  2⤵
  PID:3836
- C:\Windows\System\vavoUkY.exe
  C:\Windows\System\vavoUkY.exe
  2⤵
  PID:3852
- C:\Windows\System\sXiwMZs.exe
  C:\Windows\System\sXiwMZs.exe
  2⤵
  PID:3868
- C:\Windows\System\iTgXFWN.exe
  C:\Windows\System\iTgXFWN.exe
  2⤵
  PID:3884
- C:\Windows\System\gloyAMS.exe
  C:\Windows\System\gloyAMS.exe
  2⤵
  PID:3900
- C:\Windows\System\KQRLTCu.exe
  C:\Windows\System\KQRLTCu.exe
  2⤵
  PID:3916
- C:\Windows\System\vAODDBq.exe
  C:\Windows\System\vAODDBq.exe
  2⤵
  PID:3932
- C:\Windows\System\eNPChGV.exe
  C:\Windows\System\eNPChGV.exe
  2⤵
  PID:3948
- C:\Windows\System\tCdAPfe.exe
  C:\Windows\System\tCdAPfe.exe
  2⤵
  PID:3964
- C:\Windows\System\vJefxAZ.exe
  C:\Windows\System\vJefxAZ.exe
  2⤵
  PID:3980
- C:\Windows\System\iwXteFk.exe
  C:\Windows\System\iwXteFk.exe
  2⤵
  PID:3996
- C:\Windows\System\asacFoh.exe
  C:\Windows\System\asacFoh.exe
  2⤵
  PID:4012
- C:\Windows\System\tekbTvB.exe
  C:\Windows\System\tekbTvB.exe
  2⤵
  PID:4028
- C:\Windows\System\bxXXMkb.exe
  C:\Windows\System\bxXXMkb.exe
  2⤵
  PID:4044
- C:\Windows\System\ObUUTiD.exe
  C:\Windows\System\ObUUTiD.exe
  2⤵
  PID:4060
- C:\Windows\System\cmgrUfa.exe
  C:\Windows\System\cmgrUfa.exe
  2⤵
  PID:4076
- C:\Windows\System\hwcKvwZ.exe
  C:\Windows\System\hwcKvwZ.exe
  2⤵
  PID:4092
- C:\Windows\System\epwagYJ.exe
  C:\Windows\System\epwagYJ.exe
  2⤵
  PID:1664
- C:\Windows\System\UjRrNiX.exe
  C:\Windows\System\UjRrNiX.exe
  2⤵
  PID:1864
- C:\Windows\System\jhSQrbs.exe
  C:\Windows\System\jhSQrbs.exe
  2⤵
  PID:876
- C:\Windows\System\sJeLCDF.exe
  C:\Windows\System\sJeLCDF.exe
  2⤵
  PID:940
- C:\Windows\System\RXHtwsW.exe
  C:\Windows\System\RXHtwsW.exe
  2⤵
  PID:2700
- C:\Windows\System\JaBFLAk.exe
  C:\Windows\System\JaBFLAk.exe
  2⤵
  PID:2608
- C:\Windows\System\TQtSqFo.exe
  C:\Windows\System\TQtSqFo.exe
  2⤵
  PID:1152
- C:\Windows\System\SLTYBLv.exe
  C:\Windows\System\SLTYBLv.exe
  2⤵
  PID:3080
- C:\Windows\System\hMttHwq.exe
  C:\Windows\System\hMttHwq.exe
  2⤵
  PID:2712
- C:\Windows\System\DAjkwHd.exe
  C:\Windows\System\DAjkwHd.exe
  2⤵
  PID:3140
- C:\Windows\System\RZrUJhi.exe
  C:\Windows\System\RZrUJhi.exe
  2⤵
  PID:3156
- C:\Windows\System\tJFqZOu.exe
  C:\Windows\System\tJFqZOu.exe
  2⤵
  PID:3204
- C:\Windows\System\gJvOtKG.exe
  C:\Windows\System\gJvOtKG.exe
  2⤵
  PID:3208
- C:\Windows\System\NqiXfzL.exe
  C:\Windows\System\NqiXfzL.exe
  2⤵
  PID:3240
- C:\Windows\System\oLfTqDz.exe
  C:\Windows\System\oLfTqDz.exe
  2⤵
  PID:3256
- C:\Windows\System\UKxxxqb.exe
  C:\Windows\System\UKxxxqb.exe
  2⤵
  PID:3304
- C:\Windows\System\fotVqQQ.exe
  C:\Windows\System\fotVqQQ.exe
  2⤵
  PID:3336
- C:\Windows\System\tvkcNgj.exe
  C:\Windows\System\tvkcNgj.exe
  2⤵
  PID:3368
- C:\Windows\System\ZZnauIF.exe
  C:\Windows\System\ZZnauIF.exe
  2⤵
  PID:3384
- C:\Windows\System\lDSgXgL.exe
  C:\Windows\System\lDSgXgL.exe
  2⤵
  PID:3416
- C:\Windows\System\QYnuIdM.exe
  C:\Windows\System\QYnuIdM.exe
  2⤵
  PID:3460
- C:\Windows\System\KpGUTvD.exe
  C:\Windows\System\KpGUTvD.exe
  2⤵
  PID:3492
- C:\Windows\System\OYUGncz.exe
  C:\Windows\System\OYUGncz.exe
  2⤵
  PID:3496
- C:\Windows\System\VwSHmAt.exe
  C:\Windows\System\VwSHmAt.exe
  2⤵
  PID:2936
- C:\Windows\System\BCSUpak.exe
  C:\Windows\System\BCSUpak.exe
  2⤵
  PID:3608
- C:\Windows\System\znJSCVU.exe
  C:\Windows\System\znJSCVU.exe
  2⤵
  PID:3688
- C:\Windows\System\MJIMevE.exe
  C:\Windows\System\MJIMevE.exe
  2⤵
  PID:3732
- C:\Windows\System\qCKEGvq.exe
  C:\Windows\System\qCKEGvq.exe
  2⤵
  PID:3040
- C:\Windows\System\ClhGruD.exe
  C:\Windows\System\ClhGruD.exe
  2⤵
  PID:3784
- C:\Windows\System\ELHFqEf.exe
  C:\Windows\System\ELHFqEf.exe
  2⤵
  PID:3816
- C:\Windows\System\HDSFpFZ.exe
  C:\Windows\System\HDSFpFZ.exe
  2⤵
  PID:1220
- C:\Windows\System\vigbZfd.exe
  C:\Windows\System\vigbZfd.exe
  2⤵
  PID:3864
- C:\Windows\System\DwZVPqN.exe
  C:\Windows\System\DwZVPqN.exe
  2⤵
  PID:3896
- C:\Windows\System\nlRPcQJ.exe
  C:\Windows\System\nlRPcQJ.exe
  2⤵
  PID:3928
- C:\Windows\System\aXXtqOH.exe
  C:\Windows\System\aXXtqOH.exe
  2⤵
  PID:3956
- C:\Windows\System\vtaMxtK.exe
  C:\Windows\System\vtaMxtK.exe
  2⤵
  PID:2912
- C:\Windows\System\wMdIUax.exe
  C:\Windows\System\wMdIUax.exe
  2⤵
  PID:4040
- C:\Windows\System\UzKSCgr.exe
  C:\Windows\System\UzKSCgr.exe
  2⤵
  PID:2388
- C:\Windows\System\POvOUZp.exe
  C:\Windows\System\POvOUZp.exe
  2⤵
  PID:2148
- C:\Windows\System\bTcjAbf.exe
  C:\Windows\System\bTcjAbf.exe
  2⤵
  PID:1296
- C:\Windows\System\lQkqlYp.exe
  C:\Windows\System\lQkqlYp.exe
  2⤵
  PID:3108
- C:\Windows\System\jCIbyQv.exe
  C:\Windows\System\jCIbyQv.exe
  2⤵
  PID:1780
- C:\Windows\System\iuPEZwv.exe
  C:\Windows\System\iuPEZwv.exe
  2⤵
  PID:2764
- C:\Windows\System\IRdJkRD.exe
  C:\Windows\System\IRdJkRD.exe
  2⤵
  PID:3704
- C:\Windows\System\PzAZDsi.exe
  C:\Windows\System\PzAZDsi.exe
  2⤵
  PID:3832
- C:\Windows\System\FPtZTQg.exe
  C:\Windows\System\FPtZTQg.exe
  2⤵
  PID:2872
- C:\Windows\System\gLAJYSO.exe
  C:\Windows\System\gLAJYSO.exe
  2⤵
  PID:3752
- C:\Windows\System\dBJBcRG.exe
  C:\Windows\System\dBJBcRG.exe
  2⤵
  PID:3960
- C:\Windows\System\eRlLbpd.exe
  C:\Windows\System\eRlLbpd.exe
  2⤵
  PID:2296
- C:\Windows\System\vzOMXmN.exe
  C:\Windows\System\vzOMXmN.exe
  2⤵
  PID:2236
- C:\Windows\System\yldwCzv.exe
  C:\Windows\System\yldwCzv.exe
  2⤵
  PID:2564
- C:\Windows\System\VxQEOem.exe
  C:\Windows\System\VxQEOem.exe
  2⤵
  PID:2708
- C:\Windows\System\JcettQp.exe
  C:\Windows\System\JcettQp.exe
  2⤵
  PID:3096
- C:\Windows\System\bGqujSF.exe
  C:\Windows\System\bGqujSF.exe
  2⤵
  PID:2768
- C:\Windows\System\FQmWvJN.exe
  C:\Windows\System\FQmWvJN.exe
  2⤵
  PID:1520
- C:\Windows\System\bdCJMfG.exe
  C:\Windows\System\bdCJMfG.exe
  2⤵
  PID:3332
- C:\Windows\System\gWcakUk.exe
  C:\Windows\System\gWcakUk.exe
  2⤵
  PID:3320
- C:\Windows\System\raxbvNC.exe
  C:\Windows\System\raxbvNC.exe
  2⤵
  PID:1292
- C:\Windows\System\HmNCvLa.exe
  C:\Windows\System\HmNCvLa.exe
  2⤵
  PID:3364
- C:\Windows\System\NyPzxjq.exe
  C:\Windows\System\NyPzxjq.exe
  2⤵
  PID:2464
- C:\Windows\System\OeBXpNo.exe
  C:\Windows\System\OeBXpNo.exe
  2⤵
  PID:1952
- C:\Windows\System\RZaZxJG.exe
  C:\Windows\System\RZaZxJG.exe
  2⤵
  PID:3464
- C:\Windows\System\wlwpHQk.exe
  C:\Windows\System\wlwpHQk.exe
  2⤵
  PID:3512
- C:\Windows\System\llJJJQZ.exe
  C:\Windows\System\llJJJQZ.exe
  2⤵
  PID:3524
- C:\Windows\System\yLhGhBr.exe
  C:\Windows\System\yLhGhBr.exe
  2⤵
  PID:2560
- C:\Windows\System\GnqphPA.exe
  C:\Windows\System\GnqphPA.exe
  2⤵
  PID:3636
- C:\Windows\System\nzFTfuK.exe
  C:\Windows\System\nzFTfuK.exe
  2⤵
  PID:2676
- C:\Windows\System\GVFmAeI.exe
  C:\Windows\System\GVFmAeI.exe
  2⤵
  PID:3572
- C:\Windows\System\cLbpbee.exe
  C:\Windows\System\cLbpbee.exe
  2⤵
  PID:3604
- C:\Windows\System\SaxaczS.exe
  C:\Windows\System\SaxaczS.exe
  2⤵
  PID:3844
- C:\Windows\System\MEVnxxj.exe
  C:\Windows\System\MEVnxxj.exe
  2⤵
  PID:3924
- C:\Windows\System\DbTLUIz.exe
  C:\Windows\System\DbTLUIz.exe
  2⤵
  PID:3876
- C:\Windows\System\jRzBKxv.exe
  C:\Windows\System\jRzBKxv.exe
  2⤵
  PID:4056
- C:\Windows\System\oOzgLIj.exe
  C:\Windows\System\oOzgLIj.exe
  2⤵
  PID:4088
- C:\Windows\System\hGTfltX.exe
  C:\Windows\System\hGTfltX.exe
  2⤵
  PID:2636
- C:\Windows\System\CUqXpOk.exe
  C:\Windows\System\CUqXpOk.exe
  2⤵
  PID:936
- C:\Windows\System\wPBZBxx.exe
  C:\Windows\System\wPBZBxx.exe
  2⤵
  PID:3268
- C:\Windows\System\DWunfBK.exe
  C:\Windows\System\DWunfBK.exe
  2⤵
  PID:3048
- C:\Windows\System\hWDqBZr.exe
  C:\Windows\System\hWDqBZr.exe
  2⤵
  PID:2892
- C:\Windows\System\DLKZoOf.exe
  C:\Windows\System\DLKZoOf.exe
  2⤵
  PID:3352
- C:\Windows\System\ZsHHteV.exe
  C:\Windows\System\ZsHHteV.exe
  2⤵
  PID:1348
- C:\Windows\System\jxvoxvZ.exe
  C:\Windows\System\jxvoxvZ.exe
  2⤵
  PID:3560
- C:\Windows\System\vuSVGVy.exe
  C:\Windows\System\vuSVGVy.exe
  2⤵
  PID:3444
- C:\Windows\System\vRzarRZ.exe
  C:\Windows\System\vRzarRZ.exe
  2⤵
  PID:3556
- C:\Windows\System\dPzekbO.exe
  C:\Windows\System\dPzekbO.exe
  2⤵
  PID:3668
- C:\Windows\System\cclRXSa.exe
  C:\Windows\System\cclRXSa.exe
  2⤵
  PID:4052
- C:\Windows\System\rTDMBkb.exe
  C:\Windows\System\rTDMBkb.exe
  2⤵
  PID:1672
- C:\Windows\System\hnWmFYE.exe
  C:\Windows\System\hnWmFYE.exe
  2⤵
  PID:2824
- C:\Windows\System\LpVkqyw.exe
  C:\Windows\System\LpVkqyw.exe
  2⤵
  PID:1500
- C:\Windows\System\KYSGlCF.exe
  C:\Windows\System\KYSGlCF.exe
  2⤵
  PID:3188
- C:\Windows\System\OEjKtFm.exe
  C:\Windows\System\OEjKtFm.exe
  2⤵
  PID:3684
- C:\Windows\System\ZeMkPhT.exe
  C:\Windows\System\ZeMkPhT.exe
  2⤵
  PID:3076
- C:\Windows\System\tfvyAtG.exe
  C:\Windows\System\tfvyAtG.exe
  2⤵
  PID:3528
- C:\Windows\System\PHpWxvo.exe
  C:\Windows\System\PHpWxvo.exe
  2⤵
  PID:3620
- C:\Windows\System\bonLCly.exe
  C:\Windows\System\bonLCly.exe
  2⤵
  PID:2380
- C:\Windows\System\jsZucNC.exe
  C:\Windows\System\jsZucNC.exe
  2⤵
  PID:3008
- C:\Windows\System\SjpQwpr.exe
  C:\Windows\System\SjpQwpr.exe
  2⤵
  PID:3400
- C:\Windows\System\lypARfv.exe
  C:\Windows\System\lypARfv.exe
  2⤵
  PID:2568
- C:\Windows\System\YsglZhc.exe
  C:\Windows\System\YsglZhc.exe
  2⤵
  PID:2408
- C:\Windows\System\RcvUtrz.exe
  C:\Windows\System\RcvUtrz.exe
  2⤵
  PID:3656
- C:\Windows\System\BkDGGJE.exe
  C:\Windows\System\BkDGGJE.exe
  2⤵
  PID:1364
- C:\Windows\System\srKyPoi.exe
  C:\Windows\System\srKyPoi.exe
  2⤵
  PID:4068
- C:\Windows\System\eGrCPrU.exe
  C:\Windows\System\eGrCPrU.exe
  2⤵
  PID:4112
- C:\Windows\System\yDawJlL.exe
  C:\Windows\System\yDawJlL.exe
  2⤵
  PID:4132
- C:\Windows\System\AXvTtcb.exe
  C:\Windows\System\AXvTtcb.exe
  2⤵
  PID:4152
- C:\Windows\System\xsOhHCh.exe
  C:\Windows\System\xsOhHCh.exe
  2⤵
  PID:4168
- C:\Windows\System\uVXalqx.exe
  C:\Windows\System\uVXalqx.exe
  2⤵
  PID:4188
- C:\Windows\System\XthFozZ.exe
  C:\Windows\System\XthFozZ.exe
  2⤵
  PID:4208
- C:\Windows\System\yLpIzai.exe
  C:\Windows\System\yLpIzai.exe
  2⤵
  PID:4224
- C:\Windows\System\otBZFhx.exe
  C:\Windows\System\otBZFhx.exe
  2⤵
  PID:4240
- C:\Windows\System\uUYcRXM.exe
  C:\Windows\System\uUYcRXM.exe
  2⤵
  PID:4256
- C:\Windows\System\jTLlsDH.exe
  C:\Windows\System\jTLlsDH.exe
  2⤵
  PID:4272
- C:\Windows\System\fNWwNBS.exe
  C:\Windows\System\fNWwNBS.exe
  2⤵
  PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BPCuPvB.exe

Filesize
2.0MB

MD5
81be66ce5249da298dec76e33d45cea1

SHA1
a98ac60c8a19d25885b22fd24d864d86415cbc14

SHA256
065e71036b87cb22b7d80dbe97b65e010a010978c2f6a5f1379acad32b50f0bb

SHA512
a738df6334fc2cd40e6176f6180e93c23cb32cec4fcbdb533fbb6b58b11172bb830235ef050f03e899c310a95a127d763c629f35278ec14b3899d064eb560ffe

Download Submit
C:\Windows\system\BbLZtRe.exe

Filesize
2.0MB

MD5
290e41dce5043b151b7ecc8b6fb85a17

SHA1
e05d36bdf0f11f9fbae40806a2bfab4301492858

SHA256
3e4760a3992c60b3a4580cc786c57d0e511f4597017122518b071fc9ff93a30d

SHA512
5e1e046ad3a42486483784e3fa4cb83fd2153ff001858a075dc763b395e02f563a568f406ca14f0424a1d7704f3194de20bcfdd06dcffabf8abf7d03277f5669

Download Submit
C:\Windows\system\ByVhrgR.exe

Filesize
2.0MB

MD5
43b7e6426ea9ef491d72e08e7b63e967

SHA1
5557a3194c16584dd5db106640d5e25c36e8c474

SHA256
7fab3f8178ac80ebf061f6d058e6319f86a0571229ecca33db2fcb121257e824

SHA512
59d929b7817f1771815f993da244821a07b9b2486d813aa66c913ebe16f2ec7ebe7532958d48ed0281c21956648898e20b4da84568125d749b4e461a4b579e17

Download Submit
C:\Windows\system\DtolZTb.exe

Filesize
2.0MB

MD5
eb63545abc529eef3059c6b68e649a6b

SHA1
b00f1b644ad28d570e58803daa8f29e7a9de3066

SHA256
c524381ee02a508f1a97e6809b8dab3b16e44233b44232823995592e7d14dd14

SHA512
17a2f6fe72edd36e35ea8ac7138957f7325bab070f7d3fade9b9fd3e805fadd8d1023126c832c1d6e24f6b79884291f12d2da5a35e4d1fcdd419b799862fd40f

Download Submit
C:\Windows\system\EKOYRUT.exe

Filesize
2.0MB

MD5
fe0cc7d7ae33e8ce75b850af8e47bb8b

SHA1
0fa8a41d14ebd732753279afd0face0734a852cb

SHA256
071b2954f0e52e072f78c68c176ee08bce391e706f86aaea55c24509293073c2

SHA512
017a622f1371766c9be359e4970ab36a9f640d2b12439277afa51400ddc1b1b9f4f26bad64281f39dda6406bef249c6803941d35ab822b863d15c81ad277b4b8

Download Submit
C:\Windows\system\HLRlPcS.exe

Filesize
2.0MB

MD5
02a583d0c169c9b1c24c5f90dc3498c4

SHA1
f6c6d80aaad8159b1760afa289f6600fe26a9262

SHA256
4dbf897e8268061c1ce2559d914ba4d9bb36e004a26002653085ca5509301bca

SHA512
d031ddae44329650145894a57258f892471487aa7d22f08315fd2367c3f1f1c174b5da299246d92afc3a1a6b4fd7fb18a26532fe48f27c1c67f1b0b436f37aad

Download Submit
C:\Windows\system\JbAbETo.exe

Filesize
2.0MB

MD5
c934e63d1174a6195d246fe35342ee56

SHA1
f0e7487142fdbde1bc2694c413c6c61900246409

SHA256
678e2da360136c255bf91c60962180d6e1aacc769c89ffc1b64240c65317dc88

SHA512
f8d2dd4cd0d36fd8edf2fea3ea6ff39f350502b5f3ca458dc935d5d3f1833b5c532072f4fcc8540407ff71622ed61ad36674f4ca150b1999672d795ec10868b2

Download Submit
C:\Windows\system\NVJTgQA.exe

Filesize
2.0MB

MD5
f1d1516c46d2a761313341cb43847a47

SHA1
76fc1b3fd3540d511846d5f1734eaf92c0cda3e6

SHA256
9360257bf983d853c62b913c77a5c6d12266742f4b0549deca80a8bcbba1249a

SHA512
8dd215b67ba9a4013e086350915f86fce007e126409a67c6271bd0604a3b4c5171616e325185dadd7cfc60617733c9ba944ddd11272c265b921a41ffdeb38e94

Download Submit
C:\Windows\system\RfZjQvr.exe

Filesize
2.0MB

MD5
97090d2c4a42f6b9b63b5b2a21345e8b

SHA1
74f252877d506f83b9cbfa6b1f249790be4a4a90

SHA256
473259f39b0851188354499f0b8248bad0bc8bdf90ce595ff5312065124e8f23

SHA512
758d9e25cbcb492943ab3dd8da21d24a58da2677ab0cfdd22035cc2606641c371365d7998877b50cb996ab22dbad86d65b971cebb2629792e3b20826115ad919

Download Submit
C:\Windows\system\RxqyduY.exe

Filesize
2.0MB

MD5
c0dc25313cf6e8c0d2740ff3a922add6

SHA1
76a98efdf5648347981c70e8764f7e78814a7c9b

SHA256
8764a71e1d4708e030bd95695909999fecdb18a6ff8734ea74e484e2172e2ae5

SHA512
a4f61ce6963b5fe210d86476bb3e3e266f7720d012985792192dbefe7a2a8c90caa806ddd4de3de049c546866252b191adc465554e8f5936d3527a05f5b5cce4

Download Submit
C:\Windows\system\SVAOpku.exe

Filesize
2.0MB

MD5
d44118d6ab721d18577e2dea9bce8d33

SHA1
50c44c0df554baf5e949e0790fd3f1651c2fe618

SHA256
775c81cf7aad5c8cef1c5055dd96cf20f03045b6d534041cd3cdea884ecb82bd

SHA512
3aef3f27f5ad3d6ba8228b8963360461027cfd159181627aeef0a5658a1ad1a6d79790e709e91ec222cfd21d2881ccad16ea2d86dd7bef02d467e0eb6cae3d7f

Download Submit
C:\Windows\system\TwYmaQk.exe

Filesize
2.0MB

MD5
f13b2df7b38e71210d3ec3f00f956dd8

SHA1
e5a109770a9d9e06bda44154668ea1c87f766286

SHA256
fac7df6898a2e1268a65b551de3b8047f2f05122d0bd67b4a22545a6bdc6b49f

SHA512
7eebee98483dff3566ad29090dfa3255d5e6ee014e1563e93f10f873466a941548fbfdd4be851aa52526c3e24643128be3ce6851949ab0f340d9a77262411e50

Download Submit
C:\Windows\system\ZdUrWWq.exe

Filesize
2.0MB

MD5
48e0a0794edf2b2c637daa170fa41998

SHA1
f03078a45aedba2648400e2fa19c72cba1844e14

SHA256
4c84820352120c499c013cb298fb194fb40355d97e77d5766f23bd6e143c5fd6

SHA512
4ce5c5d99a47db96d121088bf11aebbf5daecb89f250341ee0742332bf2ebfb00c1db565e91c12f54f520df8bf95ebf510c67681e78ffaab27a9f976d03aa211

Download Submit
C:\Windows\system\dVUpjJT.exe

Filesize
2.0MB

MD5
10c8066736a166afc6a5f1b32404f211

SHA1
370f04fe6f18ddf9401117f4e62c3ff341e7abf4

SHA256
f4b1f1874f38950a2b9dcd15821ba5f54a327a92a3516760488644d4194cbc31

SHA512
698d6960dd0e1e7d30005565f1c51fae9f7c59eb5b5a86b3c788a0db88db86a08a29941ad267707288afff5d788cd0fb1b04148416e23e5c29063d513e7d2910

Download Submit
C:\Windows\system\mDZQbvd.exe

Filesize
2.0MB

MD5
99c62fc4df98d4eba8240bcd3c4860eb

SHA1
0f8c9f6b40865bebc1bf0b8509ef457d42dea919

SHA256
2b78837d9f0e817945a28da6d595252f279a468c2118cd2598162232b7cd2318

SHA512
5b0e4e4ec29cf6e6a78b837baabe83765bf08c716ff2d3cd994faa96edb0dd3123f5336490fa114adf345842d1dd866fac1c9169b78de99bbf611d4c626be39f

Download Submit
C:\Windows\system\mJqCjDj.exe

Filesize
2.0MB

MD5
e0b4fb861b68fd8ffd069f6d5632cb6a

SHA1
2facc8d0ba42f68e13d313199c0bcc91c82e605a

SHA256
186439c0aec00375f58c2471e02f0793509722dffce0b3aa5dc139f051290a12

SHA512
99f2152da72d7c390d8fe8c74d721d1a051d64b82bcfba0cab9e4efb2a5660df710012a7d38f4c25bc1246af0344a6eff6f1a9c0c9ec86a7758ba2c69db5a680

Download Submit
C:\Windows\system\mxHtTBy.exe

Filesize
2.0MB

MD5
1bf78ea98180797ea5744e5153a2e497

SHA1
115e58f07ee9aed975c34212f327cf3b6996b4b7

SHA256
918ed47628ed997cdfde7e2d715e2704b61fa4edaa401adc32064f88620b9169

SHA512
50afb357a876ab09b362db9de53ece738f4d4a364723fc05373f25576d854ae4302812ae3f574e2c2ba0f671811c4aa86ae2e758cd6a8c79738a8974a3290fa8

Download Submit
C:\Windows\system\nYcdqNx.exe

Filesize
2.0MB

MD5
d6253e83d3e536bbd91132014b9c8771

SHA1
ecbb31b3c1e4de2d8b651bf014cee11c2e630f00

SHA256
f0f79ee70991439a278cf3c774fe2e74fd8dc15c53b090113d789ddf573cd45b

SHA512
c664ed28c292df3e782d1c3691a27f1584febc38c140cc4390517879702b6c453d97e137e6f126b57ecd626be532866ffd14885dda766ef16ad40853dd59e6e1

Download Submit
C:\Windows\system\nbNWorN.exe

Filesize
2.0MB

MD5
17389169ba52e0539ebd1cd451978226

SHA1
0385f56226078fdf726bfb586fe74eac9f2dd422

SHA256
78c84683734584ec1280a469bbc47ee65a11b71616d377f30e0bdf1a783f153b

SHA512
034f32ae391d6ba07248865847cce717a504357b49aad1be18d8c921d6274e1907031d43e868cefac3bac7773c837b6030f1d73312a129cec4be7804e218d922

Download Submit
C:\Windows\system\njveGnR.exe

Filesize
2.0MB

MD5
ce2543167cb2d03ac1ddac17f9b521fd

SHA1
a27ed46d04a7c2b2fc0e8a11a5ec5e745e568dd0

SHA256
850b3d67d00f311386f2525d8c30b9d30abd8b66eb79797d597073dfcae4c7d2

SHA512
c746ee782b8b418b13ea279556a6deb50a4612dc810ea5a1c5a2c75b0ac112a32c3399a77e0cf01a81126afd56242d0cf57f69e596797d4469cdee00df5fd146

Download Submit
C:\Windows\system\nmwHxBE.exe

Filesize
2.0MB

MD5
9d64834fc3f5bed6ff3aeba9519b9fbb

SHA1
c19f8c5d36f0e78eaa6ee1a45c682b76f1ee1a6a

SHA256
0e1a4f39a04d69f0d3c1ca40f3483b6d3cecad349a8d4a593c0e5228ea7e7574

SHA512
7b6429aa9418585fbe9fead64dc6e6af492d0882cc4f2a0eb598ba52693401e027e8177f8170eba1557c286ab8df330cae6d41e34900471304eee56e7de8690f

Download Submit
C:\Windows\system\rJHmQRY.exe

Filesize
2.0MB

MD5
e505ee22fbf9afdde768c0dd983785bb

SHA1
769cd6c1c49767281060ad4e867d239f942217c9

SHA256
9ccc1b735f0ee639cd9e8220be3e5affd5188e69c2c782019b936aa64891ece1

SHA512
f699d715b2e25cc56caf6a09340070092f550403e93ae559fb814492f898ab4dbebd5f1fd0c4ab49746ac066ad6af8f36601993accb1b0ed54c66c65a5a21e11

Download Submit
C:\Windows\system\rgBqjUS.exe

Filesize
2.0MB

MD5
50e8ec4af4c98bbaea1e75a99a590e3c

SHA1
5611e0a2c1ae9a4aabacef1ad2357470d51fe457

SHA256
8e374cf1a9dec0af146732d537ff9033d9544c8032d7903494f41c868284e5db

SHA512
3fde9ff62e13a47db5257159e0d5eb006aaaa08880fe63bd2c065561875384c48afb103463828c083b57d7cc0f7b19f8193ed0398b2a4a81347d4a6266db98d2

Download Submit
C:\Windows\system\sGZxpoj.exe

Filesize
2.0MB

MD5
b894ae1ffc980317001edfb373c35d32

SHA1
0ab6345bc3e4012d540fa4c770b5ea3b072a0ab9

SHA256
73ba683850f7d66ab6b45ea7536eb216e04b5cf8fce3eddcc63c6fe9d0c31271

SHA512
94aaaf71ca84bdf09a4243ce84523684127f6df464e29a78fbc9a770909276ac66ddc3a2e36dbeb070fca8aef60d31312e97173f89a8e5fd4acb7b7d43389d83

Download Submit
C:\Windows\system\wPPrKto.exe

Filesize
2.0MB

MD5
79c4320c8223810e70a56c1cbb880182

SHA1
2abb0b32bd6bbefc47886af6d66d87d5fe681ae3

SHA256
f1ee9eb942a239f1085580352f99636c21c06351b79cef7e3772f3c911272321

SHA512
88f55bac8b76bc8f5678a08c1fdd1d11b5cd998784cb867eb8ad75dd20ce34e25d444028f4178729adcf679fecce207fed2cbf4b6d3904aeadb38661b6b7c1c6

Download Submit
C:\Windows\system\wVlVlJG.exe

Filesize
2.0MB

MD5
eb79e13951c9957617938aee519a2830

SHA1
e72ce0c52754b057854b55ebb6223cef25ac5aa3

SHA256
e4cd97c7eb35f0c9d3706b2dc75db90c99ebe20d71b5c7589be1a2ae6e2d3476

SHA512
34953005b6cf0598a9010d576321d26c3aff6d49549152fd2577b752580cb1e9a72428f3ad9afce80b07cb7a9d217ae88302b6ff4a457c8c5080346f6ae20785

Download Submit
C:\Windows\system\xkECEus.exe

Filesize
2.0MB

MD5
50bdcf2505975d565d92aa13b343e979

SHA1
6cc6eb296e8cf52af8bf75ca965bb7db08ec174c

SHA256
1124ff92e115f55d562ea752e7fc6e6dd23c27a5948b50929f0eb82f7f334997

SHA512
0bde54f93696fc8fffab634118899055fae8719b20e8f15eee275cb4dddadabd2ca186bf66e96926f41aca91ecda3d70635da962af7e290bd4c51076275edc2f

Download Submit
\Windows\system\CJyqxRg.exe

Filesize
2.0MB

MD5
c2fea7c45763937be9c9f0cf75e71fc1

SHA1
29e1448378d0c2d239d8b3aec53db45ed0050768

SHA256
a7930afb9f3b35d99e546697b324417b96b0fce9501d817132b846ca2876903c

SHA512
c7bcb1ec9b93e9384574c422ea99238d7612de0f4adfd5964d572c9a82da905e5c9eccb18ab24f7617fa2b6ff922a21dace05990fee86e7fe270a3bde0de2c24

Download Submit
\Windows\system\NSiFObc.exe

Filesize
2.0MB

MD5
19f4f697ad8e1ab8a45b76a67091ac31

SHA1
51453799404b83d1a69e8598701ce7cda9db5e9b

SHA256
2a6ec3d2a8b975a63a9d7476e5ba34dcd2a6d06447ebdde69e9f9bb0ac8ab129

SHA512
0b57173083a989aa3545e04b3300361557f7639b35d3d288a0c7a90e69d07576847d399d45c63b5c31aaf1dae159d385a9f42c12fabba8f145a5b6edc4bec0f0

Download Submit
\Windows\system\OgjiUaH.exe

Filesize
2.0MB

MD5
d7508c0a8b866ef7a1f945273b94c746

SHA1
c6ff170799e1df1f45caf88bb777b0fab1ea69ff

SHA256
b97b7ad9e0703f1fe16a1b513720083c04b330c03c01a28f6376b45d53dadadf

SHA512
6eab0e03b7103adaac2da5305098a423128a2ddfbfe27890cc7eaa595f50e8d4ce3283e4fe62ad8499bb7b7dea013283bb216a44de14a3222f083a11a197a91c

Download Submit
\Windows\system\SvwkpAi.exe

Filesize
2.0MB

MD5
9fed594b4ad40278af7a75c729e031c9

SHA1
7617c4d46053ade1a88456cb9aa41f4b5685439e

SHA256
6e98b4f9af8a113c5d9d7c5397f6b35488a7fbc2c30c8a8a4600670ce5cf045f

SHA512
665d0b8d6195ac0f74d824287adc76e4aa78383c0f4e043123044cf2b3e57c9772b9de761a34edab8ff43d867d37a852d18edf0cb52f758d1048a729d74cd2f8

Download Submit
\Windows\system\susvdNX.exe

Filesize
2.0MB

MD5
7a1d5d408b41099c38423c63aa278803

SHA1
9eab6b9540fc0a2b6022b08c458a904cedcae765

SHA256
60c70c35e3ddfc94ccd7a2bbbafaadd822fc82feb9d455cba9e8d18bca22c39d

SHA512
7803bcd5f4dfba6028604e56d14421f64667215a2a2b9ad750b22833f27f7fc4e41f186b5395955f95f46df8a41570966b59a07d5b8be759b664dea3884568bc

Download Submit
memory/1936-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download