kpot | 0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
Size

2.0MB
MD5

b97452b367366f7c6615265c6b6803f0
SHA1

2f79964047eb6d112cbfdf0202c7986c61712e64
SHA256

0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b
SHA512

272ce0b8192130f3966e358ebb93d9b55fb26be1b71afa1e221f443430144da7ad607120523e713bdb28d485d54bbfd4ac29e82c90c853fa4f472f3cb651dd4e
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rg9:GemTLkNdfE0pZaQU

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023413-8.dat	family_kpot
behavioral2/files/0x0007000000023414-9.dat	family_kpot
behavioral2/files/0x0007000000023415-20.dat	family_kpot
behavioral2/files/0x0007000000023416-23.dat	family_kpot
behavioral2/files/0x0007000000023417-32.dat	family_kpot
behavioral2/files/0x000700000002341a-42.dat	family_kpot
behavioral2/files/0x000700000002341c-55.dat	family_kpot
behavioral2/files/0x000700000002341e-68.dat	family_kpot
behavioral2/files/0x0007000000023423-92.dat	family_kpot
behavioral2/files/0x0007000000023428-114.dat	family_kpot
behavioral2/files/0x000700000002342c-138.dat	family_kpot
behavioral2/files/0x0007000000023432-162.dat	family_kpot
behavioral2/files/0x0007000000023430-160.dat	family_kpot
behavioral2/files/0x0007000000023431-157.dat	family_kpot
behavioral2/files/0x000700000002342f-155.dat	family_kpot
behavioral2/files/0x000700000002342e-150.dat	family_kpot
behavioral2/files/0x000700000002342d-145.dat	family_kpot
behavioral2/files/0x000700000002342b-133.dat	family_kpot
behavioral2/files/0x000700000002342a-128.dat	family_kpot
behavioral2/files/0x0007000000023429-123.dat	family_kpot
behavioral2/files/0x0007000000023427-110.dat	family_kpot
behavioral2/files/0x0007000000023426-108.dat	family_kpot
behavioral2/files/0x0007000000023425-102.dat	family_kpot
behavioral2/files/0x0007000000023424-98.dat	family_kpot
behavioral2/files/0x0007000000023422-88.dat	family_kpot
behavioral2/files/0x0007000000023421-83.dat	family_kpot
behavioral2/files/0x0007000000023420-78.dat	family_kpot
behavioral2/files/0x000700000002341f-73.dat	family_kpot
behavioral2/files/0x000700000002341d-60.dat	family_kpot
behavioral2/files/0x000700000002341b-53.dat	family_kpot
behavioral2/files/0x0007000000023419-43.dat	family_kpot
behavioral2/files/0x0007000000023418-38.dat	family_kpot
behavioral2/files/0x0008000000022f51-5.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0007000000023413-8.dat	xmrig
behavioral2/files/0x0007000000023414-9.dat	xmrig
behavioral2/files/0x0007000000023415-20.dat	xmrig
behavioral2/files/0x0007000000023416-23.dat	xmrig
behavioral2/files/0x0007000000023417-32.dat	xmrig
behavioral2/files/0x000700000002341a-42.dat	xmrig
behavioral2/files/0x000700000002341c-55.dat	xmrig
behavioral2/files/0x000700000002341e-68.dat	xmrig
behavioral2/files/0x0007000000023423-92.dat	xmrig
behavioral2/files/0x0007000000023428-114.dat	xmrig
behavioral2/files/0x000700000002342c-138.dat	xmrig
behavioral2/files/0x0007000000023432-162.dat	xmrig
behavioral2/files/0x0007000000023430-160.dat	xmrig
behavioral2/files/0x0007000000023431-157.dat	xmrig
behavioral2/files/0x000700000002342f-155.dat	xmrig
behavioral2/files/0x000700000002342e-150.dat	xmrig
behavioral2/files/0x000700000002342d-145.dat	xmrig
behavioral2/files/0x000700000002342b-133.dat	xmrig
behavioral2/files/0x000700000002342a-128.dat	xmrig
behavioral2/files/0x0007000000023429-123.dat	xmrig
behavioral2/files/0x0007000000023427-110.dat	xmrig
behavioral2/files/0x0007000000023426-108.dat	xmrig
behavioral2/files/0x0007000000023425-102.dat	xmrig
behavioral2/files/0x0007000000023424-98.dat	xmrig
behavioral2/files/0x0007000000023422-88.dat	xmrig
behavioral2/files/0x0007000000023421-83.dat	xmrig
behavioral2/files/0x0007000000023420-78.dat	xmrig
behavioral2/files/0x000700000002341f-73.dat	xmrig
behavioral2/files/0x000700000002341d-60.dat	xmrig
behavioral2/files/0x000700000002341b-53.dat	xmrig
behavioral2/files/0x0007000000023419-43.dat	xmrig
behavioral2/files/0x0007000000023418-38.dat	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
868	JjIlcmv.exe
2576	plYxBcg.exe
232	hedfdpp.exe
452	wvVYYLw.exe
5080	SuxsckT.exe
4508	zWbXqGG.exe
1032	lUmXudV.exe
3132	WpGxwpq.exe
5104	GWwvtHt.exe
3392	LxEzRBQ.exe
3276	YDepVlp.exe
4428	ZSDflEs.exe
3460	mRTekUr.exe
2132	SuyGshP.exe
4668	uPgkKbo.exe
4396	PpnWvJv.exe
3188	XKbViuU.exe
608	nzXBCGb.exe
1496	TQnCmNX.exe
444	llewhQI.exe
5040	KYAdKVd.exe
464	gMyHrBb.exe
4456	vzxUdPU.exe
4604	AxPIBkY.exe
1612	GSlJows.exe
2368	qUlrToR.exe
4652	XtGfMzn.exe
4568	mvJOPIO.exe
4040	NfLLPDX.exe
2004	zHzXRXf.exe
2932	dMbPBuS.exe
3004	lRuUXyF.exe
4836	ykxpGlN.exe
4804	aVmbzcB.exe
4940	KkoidtS.exe
4152	ASBeYbL.exe
3524	YWJPQPz.exe
4948	yJuiNCI.exe
2820	wYUZwbz.exe
2968	viPFyWM.exe
1592	ECmJVfA.exe
4776	KqnFlmv.exe
1608	EvsasrO.exe
3956	VhbFoFy.exe
1016	uZuCXLb.exe
2144	arUjPGI.exe
4488	LkeukUx.exe
1520	XpgyRRC.exe
1156	SGwzSno.exe
2784	tSzLOcU.exe
2792	QxxZOYk.exe
2104	QQWtEmJ.exe
4492	HubHCgy.exe
920	YOAstHf.exe
392	qaptCkG.exe
3608	ydFHGzF.exe
792	SQzPvQt.exe
3308	DiijCZF.exe
4792	NZCuBJT.exe
3640	gfMREyy.exe
4636	LljDRek.exe
2856	jwnnASA.exe
1412	cANbVVx.exe
3328	QmRvkqO.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VhbFoFy.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\pxyaCNx.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\pzTyHSh.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\kjwoBuF.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\DApuaan.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\wYUZwbz.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\hnBVtph.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\Fwglnqt.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\KUCkDrP.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\uAvadTl.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\EPfdRDx.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\uHYrDfv.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\TQnCmNX.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\viPFyWM.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\QmRvkqO.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\EEgSjVv.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\zgSnaQF.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\YIOgrzf.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\zHzXRXf.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\dmpEKCP.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\gXFrfEK.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\sPwxgDG.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\oHaXdcE.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\kNmZAHJ.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\uBNWqoB.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\aVmbzcB.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\uZuCXLb.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\dMjOlnG.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\euiUTQS.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\NhEIixW.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\RLBVbPf.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\zFpRRow.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\jjqhXLW.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\reVHqMP.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\VKKYoxt.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\HNJDOPB.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\ECmJVfA.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\ydFHGzF.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\SgjwzhH.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\txkbkJQ.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\yJXomQI.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\BUvOWYO.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\jjAfQTP.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\xkrJlqL.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\PlMgBRI.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\qUlrToR.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\qaptCkG.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\jwnnASA.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\SPVVRXn.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\igUtWeU.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\SaWLwZA.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\pmxHKXj.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\MhJyugp.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\KsqTlms.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\hfbogkc.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\asggUaR.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\NHUxNKL.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\UmhVAqX.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\zWbXqGG.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\vsoZwZa.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\MHtnUtg.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\zXvbSXt.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\WpGxwpq.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
File created	C:\Windows\System\bRySHKW.exe	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 868	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	83
PID 376 wrote to memory of 868	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	83
PID 376 wrote to memory of 2576	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	84
PID 376 wrote to memory of 2576	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	84
PID 376 wrote to memory of 232	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	86
PID 376 wrote to memory of 232	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	86
PID 376 wrote to memory of 452	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	87
PID 376 wrote to memory of 452	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	87
PID 376 wrote to memory of 5080	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	88
PID 376 wrote to memory of 5080	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	88
PID 376 wrote to memory of 4508	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	89
PID 376 wrote to memory of 4508	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	89
PID 376 wrote to memory of 1032	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	90
PID 376 wrote to memory of 1032	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	90
PID 376 wrote to memory of 3132	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	91
PID 376 wrote to memory of 3132	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	91
PID 376 wrote to memory of 5104	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	92
PID 376 wrote to memory of 5104	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	92
PID 376 wrote to memory of 3392	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	93
PID 376 wrote to memory of 3392	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	93
PID 376 wrote to memory of 3276	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	94
PID 376 wrote to memory of 3276	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	94
PID 376 wrote to memory of 4428	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	96
PID 376 wrote to memory of 4428	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	96
PID 376 wrote to memory of 3460	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	97
PID 376 wrote to memory of 3460	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	97
PID 376 wrote to memory of 2132	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	98
PID 376 wrote to memory of 2132	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	98
PID 376 wrote to memory of 4668	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	99
PID 376 wrote to memory of 4668	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	99
PID 376 wrote to memory of 4396	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	100
PID 376 wrote to memory of 4396	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	100
PID 376 wrote to memory of 3188	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	101
PID 376 wrote to memory of 3188	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	101
PID 376 wrote to memory of 608	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	102
PID 376 wrote to memory of 608	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	102
PID 376 wrote to memory of 1496	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	103
PID 376 wrote to memory of 1496	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	103
PID 376 wrote to memory of 444	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	104
PID 376 wrote to memory of 444	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	104
PID 376 wrote to memory of 5040	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	105
PID 376 wrote to memory of 5040	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	105
PID 376 wrote to memory of 464	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	106
PID 376 wrote to memory of 464	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	106
PID 376 wrote to memory of 4456	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	107
PID 376 wrote to memory of 4456	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	107
PID 376 wrote to memory of 4604	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	108
PID 376 wrote to memory of 4604	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	108
PID 376 wrote to memory of 1612	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	109
PID 376 wrote to memory of 1612	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	109
PID 376 wrote to memory of 2368	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	110
PID 376 wrote to memory of 2368	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	110
PID 376 wrote to memory of 4652	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	111
PID 376 wrote to memory of 4652	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	111
PID 376 wrote to memory of 4568	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	112
PID 376 wrote to memory of 4568	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	112
PID 376 wrote to memory of 4040	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	113
PID 376 wrote to memory of 4040	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	113
PID 376 wrote to memory of 2004	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	114
PID 376 wrote to memory of 2004	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	114
PID 376 wrote to memory of 2932	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	115
PID 376 wrote to memory of 2932	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	115
PID 376 wrote to memory of 3004	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	116
PID 376 wrote to memory of 3004	376	0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0442059637a83fd81432dbf3c69418340a07f4c445ad6f14e89ca5ccf66e167b_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\System\JjIlcmv.exe
  C:\Windows\System\JjIlcmv.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\plYxBcg.exe
  C:\Windows\System\plYxBcg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hedfdpp.exe
  C:\Windows\System\hedfdpp.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\wvVYYLw.exe
  C:\Windows\System\wvVYYLw.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\SuxsckT.exe
  C:\Windows\System\SuxsckT.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\zWbXqGG.exe
  C:\Windows\System\zWbXqGG.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\lUmXudV.exe
  C:\Windows\System\lUmXudV.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\WpGxwpq.exe
  C:\Windows\System\WpGxwpq.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\GWwvtHt.exe
  C:\Windows\System\GWwvtHt.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\LxEzRBQ.exe
  C:\Windows\System\LxEzRBQ.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\YDepVlp.exe
  C:\Windows\System\YDepVlp.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\ZSDflEs.exe
  C:\Windows\System\ZSDflEs.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\mRTekUr.exe
  C:\Windows\System\mRTekUr.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\SuyGshP.exe
  C:\Windows\System\SuyGshP.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\uPgkKbo.exe
  C:\Windows\System\uPgkKbo.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\PpnWvJv.exe
  C:\Windows\System\PpnWvJv.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\XKbViuU.exe
  C:\Windows\System\XKbViuU.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\nzXBCGb.exe
  C:\Windows\System\nzXBCGb.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\TQnCmNX.exe
  C:\Windows\System\TQnCmNX.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\llewhQI.exe
  C:\Windows\System\llewhQI.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\KYAdKVd.exe
  C:\Windows\System\KYAdKVd.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\gMyHrBb.exe
  C:\Windows\System\gMyHrBb.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\vzxUdPU.exe
  C:\Windows\System\vzxUdPU.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\AxPIBkY.exe
  C:\Windows\System\AxPIBkY.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\GSlJows.exe
  C:\Windows\System\GSlJows.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qUlrToR.exe
  C:\Windows\System\qUlrToR.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\XtGfMzn.exe
  C:\Windows\System\XtGfMzn.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\mvJOPIO.exe
  C:\Windows\System\mvJOPIO.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\NfLLPDX.exe
  C:\Windows\System\NfLLPDX.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\zHzXRXf.exe
  C:\Windows\System\zHzXRXf.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\dMbPBuS.exe
  C:\Windows\System\dMbPBuS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\lRuUXyF.exe
  C:\Windows\System\lRuUXyF.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ykxpGlN.exe
  C:\Windows\System\ykxpGlN.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\aVmbzcB.exe
  C:\Windows\System\aVmbzcB.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\KkoidtS.exe
  C:\Windows\System\KkoidtS.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\ASBeYbL.exe
  C:\Windows\System\ASBeYbL.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\YWJPQPz.exe
  C:\Windows\System\YWJPQPz.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\yJuiNCI.exe
  C:\Windows\System\yJuiNCI.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\wYUZwbz.exe
  C:\Windows\System\wYUZwbz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\viPFyWM.exe
  C:\Windows\System\viPFyWM.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ECmJVfA.exe
  C:\Windows\System\ECmJVfA.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\KqnFlmv.exe
  C:\Windows\System\KqnFlmv.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\EvsasrO.exe
  C:\Windows\System\EvsasrO.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\VhbFoFy.exe
  C:\Windows\System\VhbFoFy.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\uZuCXLb.exe
  C:\Windows\System\uZuCXLb.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\arUjPGI.exe
  C:\Windows\System\arUjPGI.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\LkeukUx.exe
  C:\Windows\System\LkeukUx.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\XpgyRRC.exe
  C:\Windows\System\XpgyRRC.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\SGwzSno.exe
  C:\Windows\System\SGwzSno.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\tSzLOcU.exe
  C:\Windows\System\tSzLOcU.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\QxxZOYk.exe
  C:\Windows\System\QxxZOYk.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\QQWtEmJ.exe
  C:\Windows\System\QQWtEmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\HubHCgy.exe
  C:\Windows\System\HubHCgy.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\YOAstHf.exe
  C:\Windows\System\YOAstHf.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\qaptCkG.exe
  C:\Windows\System\qaptCkG.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\ydFHGzF.exe
  C:\Windows\System\ydFHGzF.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\SQzPvQt.exe
  C:\Windows\System\SQzPvQt.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\DiijCZF.exe
  C:\Windows\System\DiijCZF.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\NZCuBJT.exe
  C:\Windows\System\NZCuBJT.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\gfMREyy.exe
  C:\Windows\System\gfMREyy.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\LljDRek.exe
  C:\Windows\System\LljDRek.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\jwnnASA.exe
  C:\Windows\System\jwnnASA.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\cANbVVx.exe
  C:\Windows\System\cANbVVx.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\QmRvkqO.exe
  C:\Windows\System\QmRvkqO.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\QIaOMmz.exe
  C:\Windows\System\QIaOMmz.exe
  2⤵
  PID:744
- C:\Windows\System\PCItmRT.exe
  C:\Windows\System\PCItmRT.exe
  2⤵
  PID:3464
- C:\Windows\System\dzQHvJL.exe
  C:\Windows\System\dzQHvJL.exe
  2⤵
  PID:1988
- C:\Windows\System\hkYudPa.exe
  C:\Windows\System\hkYudPa.exe
  2⤵
  PID:4460
- C:\Windows\System\pCEIZgb.exe
  C:\Windows\System\pCEIZgb.exe
  2⤵
  PID:1900
- C:\Windows\System\FiBPNfi.exe
  C:\Windows\System\FiBPNfi.exe
  2⤵
  PID:3520
- C:\Windows\System\rBFbNeg.exe
  C:\Windows\System\rBFbNeg.exe
  2⤵
  PID:3320
- C:\Windows\System\ibirEJY.exe
  C:\Windows\System\ibirEJY.exe
  2⤵
  PID:4984
- C:\Windows\System\zyWADtt.exe
  C:\Windows\System\zyWADtt.exe
  2⤵
  PID:1692
- C:\Windows\System\PqXxoIV.exe
  C:\Windows\System\PqXxoIV.exe
  2⤵
  PID:3624
- C:\Windows\System\LnNyzze.exe
  C:\Windows\System\LnNyzze.exe
  2⤵
  PID:4644
- C:\Windows\System\dmpEKCP.exe
  C:\Windows\System\dmpEKCP.exe
  2⤵
  PID:552
- C:\Windows\System\vaGHQdB.exe
  C:\Windows\System\vaGHQdB.exe
  2⤵
  PID:2860
- C:\Windows\System\ElvlAtm.exe
  C:\Windows\System\ElvlAtm.exe
  2⤵
  PID:1780
- C:\Windows\System\zuWLxoh.exe
  C:\Windows\System\zuWLxoh.exe
  2⤵
  PID:2340
- C:\Windows\System\RfdnsVn.exe
  C:\Windows\System\RfdnsVn.exe
  2⤵
  PID:1672
- C:\Windows\System\PaJQkQG.exe
  C:\Windows\System\PaJQkQG.exe
  2⤵
  PID:1240
- C:\Windows\System\uvMyxTA.exe
  C:\Windows\System\uvMyxTA.exe
  2⤵
  PID:2704
- C:\Windows\System\zFpRRow.exe
  C:\Windows\System\zFpRRow.exe
  2⤵
  PID:4044
- C:\Windows\System\iQMVacZ.exe
  C:\Windows\System\iQMVacZ.exe
  2⤵
  PID:4012
- C:\Windows\System\iRDthMV.exe
  C:\Windows\System\iRDthMV.exe
  2⤵
  PID:460
- C:\Windows\System\jQQMFFZ.exe
  C:\Windows\System\jQQMFFZ.exe
  2⤵
  PID:5148
- C:\Windows\System\HNigyPB.exe
  C:\Windows\System\HNigyPB.exe
  2⤵
  PID:5176
- C:\Windows\System\mGUKXVo.exe
  C:\Windows\System\mGUKXVo.exe
  2⤵
  PID:5204
- C:\Windows\System\hnBVtph.exe
  C:\Windows\System\hnBVtph.exe
  2⤵
  PID:5232
- C:\Windows\System\UEyORQp.exe
  C:\Windows\System\UEyORQp.exe
  2⤵
  PID:5260
- C:\Windows\System\dMjOlnG.exe
  C:\Windows\System\dMjOlnG.exe
  2⤵
  PID:5288
- C:\Windows\System\EEgSjVv.exe
  C:\Windows\System\EEgSjVv.exe
  2⤵
  PID:5316
- C:\Windows\System\wnqUKcn.exe
  C:\Windows\System\wnqUKcn.exe
  2⤵
  PID:5344
- C:\Windows\System\ffiCEtA.exe
  C:\Windows\System\ffiCEtA.exe
  2⤵
  PID:5372
- C:\Windows\System\EHmQOKg.exe
  C:\Windows\System\EHmQOKg.exe
  2⤵
  PID:5400
- C:\Windows\System\ckApeJK.exe
  C:\Windows\System\ckApeJK.exe
  2⤵
  PID:5428
- C:\Windows\System\mGeAAfi.exe
  C:\Windows\System\mGeAAfi.exe
  2⤵
  PID:5456
- C:\Windows\System\pxyaCNx.exe
  C:\Windows\System\pxyaCNx.exe
  2⤵
  PID:5484
- C:\Windows\System\sDXpTNF.exe
  C:\Windows\System\sDXpTNF.exe
  2⤵
  PID:5512
- C:\Windows\System\iknCjxF.exe
  C:\Windows\System\iknCjxF.exe
  2⤵
  PID:5536
- C:\Windows\System\euiUTQS.exe
  C:\Windows\System\euiUTQS.exe
  2⤵
  PID:5568
- C:\Windows\System\sqvwWWR.exe
  C:\Windows\System\sqvwWWR.exe
  2⤵
  PID:5596
- C:\Windows\System\OhsdmNh.exe
  C:\Windows\System\OhsdmNh.exe
  2⤵
  PID:5624
- C:\Windows\System\dnySRhT.exe
  C:\Windows\System\dnySRhT.exe
  2⤵
  PID:5652
- C:\Windows\System\bRySHKW.exe
  C:\Windows\System\bRySHKW.exe
  2⤵
  PID:5680
- C:\Windows\System\SPVVRXn.exe
  C:\Windows\System\SPVVRXn.exe
  2⤵
  PID:5704
- C:\Windows\System\jvKxPDS.exe
  C:\Windows\System\jvKxPDS.exe
  2⤵
  PID:5736
- C:\Windows\System\UwOvMDo.exe
  C:\Windows\System\UwOvMDo.exe
  2⤵
  PID:5764
- C:\Windows\System\tNVuiOz.exe
  C:\Windows\System\tNVuiOz.exe
  2⤵
  PID:5792
- C:\Windows\System\KynePqR.exe
  C:\Windows\System\KynePqR.exe
  2⤵
  PID:5820
- C:\Windows\System\akwDogS.exe
  C:\Windows\System\akwDogS.exe
  2⤵
  PID:5848
- C:\Windows\System\Fwglnqt.exe
  C:\Windows\System\Fwglnqt.exe
  2⤵
  PID:5876
- C:\Windows\System\KLNEWcK.exe
  C:\Windows\System\KLNEWcK.exe
  2⤵
  PID:5904
- C:\Windows\System\HNoSURG.exe
  C:\Windows\System\HNoSURG.exe
  2⤵
  PID:5928
- C:\Windows\System\ttbKTWj.exe
  C:\Windows\System\ttbKTWj.exe
  2⤵
  PID:5960
- C:\Windows\System\SgjwzhH.exe
  C:\Windows\System\SgjwzhH.exe
  2⤵
  PID:5988
- C:\Windows\System\XjociFG.exe
  C:\Windows\System\XjociFG.exe
  2⤵
  PID:6016
- C:\Windows\System\AjaAIqN.exe
  C:\Windows\System\AjaAIqN.exe
  2⤵
  PID:6040
- C:\Windows\System\SXXoctW.exe
  C:\Windows\System\SXXoctW.exe
  2⤵
  PID:6072
- C:\Windows\System\KUCkDrP.exe
  C:\Windows\System\KUCkDrP.exe
  2⤵
  PID:6096
- C:\Windows\System\nkdYfTx.exe
  C:\Windows\System\nkdYfTx.exe
  2⤵
  PID:6124
- C:\Windows\System\Bnhotrs.exe
  C:\Windows\System\Bnhotrs.exe
  2⤵
  PID:3812
- C:\Windows\System\iZmSYOy.exe
  C:\Windows\System\iZmSYOy.exe
  2⤵
  PID:4860
- C:\Windows\System\VjpqfUW.exe
  C:\Windows\System\VjpqfUW.exe
  2⤵
  PID:668
- C:\Windows\System\IQjTWTl.exe
  C:\Windows\System\IQjTWTl.exe
  2⤵
  PID:4832
- C:\Windows\System\erDBPhb.exe
  C:\Windows\System\erDBPhb.exe
  2⤵
  PID:4696
- C:\Windows\System\AEjKrUb.exe
  C:\Windows\System\AEjKrUb.exe
  2⤵
  PID:5188
- C:\Windows\System\XPGlYnF.exe
  C:\Windows\System\XPGlYnF.exe
  2⤵
  PID:5248
- C:\Windows\System\IrlfIyA.exe
  C:\Windows\System\IrlfIyA.exe
  2⤵
  PID:5308
- C:\Windows\System\txkbkJQ.exe
  C:\Windows\System\txkbkJQ.exe
  2⤵
  PID:5384
- C:\Windows\System\YRbpUcD.exe
  C:\Windows\System\YRbpUcD.exe
  2⤵
  PID:5444
- C:\Windows\System\zgSnaQF.exe
  C:\Windows\System\zgSnaQF.exe
  2⤵
  PID:5504
- C:\Windows\System\bHbqUuV.exe
  C:\Windows\System\bHbqUuV.exe
  2⤵
  PID:5580
- C:\Windows\System\LFJKYiQ.exe
  C:\Windows\System\LFJKYiQ.exe
  2⤵
  PID:5640
- C:\Windows\System\jWibLMV.exe
  C:\Windows\System\jWibLMV.exe
  2⤵
  PID:5700
- C:\Windows\System\uWJHJDR.exe
  C:\Windows\System\uWJHJDR.exe
  2⤵
  PID:5776
- C:\Windows\System\wRHyZhB.exe
  C:\Windows\System\wRHyZhB.exe
  2⤵
  PID:5836
- C:\Windows\System\eUbNQGE.exe
  C:\Windows\System\eUbNQGE.exe
  2⤵
  PID:5896
- C:\Windows\System\KEuujoF.exe
  C:\Windows\System\KEuujoF.exe
  2⤵
  PID:5972
- C:\Windows\System\KduKmhH.exe
  C:\Windows\System\KduKmhH.exe
  2⤵
  PID:6028
- C:\Windows\System\MhJyugp.exe
  C:\Windows\System\MhJyugp.exe
  2⤵
  PID:6088
- C:\Windows\System\jKUlUpC.exe
  C:\Windows\System\jKUlUpC.exe
  2⤵
  PID:4936
- C:\Windows\System\vAjuGbW.exe
  C:\Windows\System\vAjuGbW.exe
  2⤵
  PID:4868
- C:\Windows\System\GfQDLvV.exe
  C:\Windows\System\GfQDLvV.exe
  2⤵
  PID:424
- C:\Windows\System\tliDaHc.exe
  C:\Windows\System\tliDaHc.exe
  2⤵
  PID:5220
- C:\Windows\System\SpGhmAD.exe
  C:\Windows\System\SpGhmAD.exe
  2⤵
  PID:5360
- C:\Windows\System\igUtWeU.exe
  C:\Windows\System\igUtWeU.exe
  2⤵
  PID:5476
- C:\Windows\System\EeljLpn.exe
  C:\Windows\System\EeljLpn.exe
  2⤵
  PID:5612
- C:\Windows\System\VsfHCnw.exe
  C:\Windows\System\VsfHCnw.exe
  2⤵
  PID:916
- C:\Windows\System\LXhStaw.exe
  C:\Windows\System\LXhStaw.exe
  2⤵
  PID:4784
- C:\Windows\System\aWdTPNI.exe
  C:\Windows\System\aWdTPNI.exe
  2⤵
  PID:6056
- C:\Windows\System\gXFrfEK.exe
  C:\Windows\System\gXFrfEK.exe
  2⤵
  PID:2252
- C:\Windows\System\FfLWSQg.exe
  C:\Windows\System\FfLWSQg.exe
  2⤵
  PID:5168
- C:\Windows\System\qiAwxUW.exe
  C:\Windows\System\qiAwxUW.exe
  2⤵
  PID:5420
- C:\Windows\System\KsqTlms.exe
  C:\Windows\System\KsqTlms.exe
  2⤵
  PID:5812
- C:\Windows\System\gnyDuMx.exe
  C:\Windows\System\gnyDuMx.exe
  2⤵
  PID:6172
- C:\Windows\System\LofwqwF.exe
  C:\Windows\System\LofwqwF.exe
  2⤵
  PID:6200
- C:\Windows\System\NhEIixW.exe
  C:\Windows\System\NhEIixW.exe
  2⤵
  PID:6228
- C:\Windows\System\FYvtRfz.exe
  C:\Windows\System\FYvtRfz.exe
  2⤵
  PID:6252
- C:\Windows\System\yJXomQI.exe
  C:\Windows\System\yJXomQI.exe
  2⤵
  PID:6284
- C:\Windows\System\XXdjiuP.exe
  C:\Windows\System\XXdjiuP.exe
  2⤵
  PID:6312
- C:\Windows\System\hfbogkc.exe
  C:\Windows\System\hfbogkc.exe
  2⤵
  PID:6340
- C:\Windows\System\BUvOWYO.exe
  C:\Windows\System\BUvOWYO.exe
  2⤵
  PID:6368
- C:\Windows\System\BSkGBwN.exe
  C:\Windows\System\BSkGBwN.exe
  2⤵
  PID:6396
- C:\Windows\System\docXPMI.exe
  C:\Windows\System\docXPMI.exe
  2⤵
  PID:6424
- C:\Windows\System\jjqhXLW.exe
  C:\Windows\System\jjqhXLW.exe
  2⤵
  PID:6456
- C:\Windows\System\VFrJwwI.exe
  C:\Windows\System\VFrJwwI.exe
  2⤵
  PID:6492
- C:\Windows\System\HxrhBHy.exe
  C:\Windows\System\HxrhBHy.exe
  2⤵
  PID:6520
- C:\Windows\System\LgYIVCd.exe
  C:\Windows\System\LgYIVCd.exe
  2⤵
  PID:6536
- C:\Windows\System\luLyKaO.exe
  C:\Windows\System\luLyKaO.exe
  2⤵
  PID:6560
- C:\Windows\System\lYpdTxI.exe
  C:\Windows\System\lYpdTxI.exe
  2⤵
  PID:6592
- C:\Windows\System\sPwxgDG.exe
  C:\Windows\System\sPwxgDG.exe
  2⤵
  PID:6624
- C:\Windows\System\ImJwPpN.exe
  C:\Windows\System\ImJwPpN.exe
  2⤵
  PID:6648
- C:\Windows\System\RLBVbPf.exe
  C:\Windows\System\RLBVbPf.exe
  2⤵
  PID:6676
- C:\Windows\System\asggUaR.exe
  C:\Windows\System\asggUaR.exe
  2⤵
  PID:6704
- C:\Windows\System\aIlBHmP.exe
  C:\Windows\System\aIlBHmP.exe
  2⤵
  PID:6732
- C:\Windows\System\BINNpRs.exe
  C:\Windows\System\BINNpRs.exe
  2⤵
  PID:6828
- C:\Windows\System\IEmMwBH.exe
  C:\Windows\System\IEmMwBH.exe
  2⤵
  PID:6860
- C:\Windows\System\aeaCbIY.exe
  C:\Windows\System\aeaCbIY.exe
  2⤵
  PID:6896
- C:\Windows\System\QbLsGtK.exe
  C:\Windows\System\QbLsGtK.exe
  2⤵
  PID:6928
- C:\Windows\System\SaWLwZA.exe
  C:\Windows\System\SaWLwZA.exe
  2⤵
  PID:6944
- C:\Windows\System\NICrqBI.exe
  C:\Windows\System\NICrqBI.exe
  2⤵
  PID:6996
- C:\Windows\System\TMXjNTz.exe
  C:\Windows\System\TMXjNTz.exe
  2⤵
  PID:7032
- C:\Windows\System\ykzgluf.exe
  C:\Windows\System\ykzgluf.exe
  2⤵
  PID:7064
- C:\Windows\System\ykBYsSa.exe
  C:\Windows\System\ykBYsSa.exe
  2⤵
  PID:7092
- C:\Windows\System\rpyLGYd.exe
  C:\Windows\System\rpyLGYd.exe
  2⤵
  PID:7120
- C:\Windows\System\QRvokOX.exe
  C:\Windows\System\QRvokOX.exe
  2⤵
  PID:7148
- C:\Windows\System\ILBjKrK.exe
  C:\Windows\System\ILBjKrK.exe
  2⤵
  PID:5948
- C:\Windows\System\YDUOJfg.exe
  C:\Windows\System\YDUOJfg.exe
  2⤵
  PID:4216
- C:\Windows\System\LBTDiCL.exe
  C:\Windows\System\LBTDiCL.exe
  2⤵
  PID:5692
- C:\Windows\System\uLzNhYP.exe
  C:\Windows\System\uLzNhYP.exe
  2⤵
  PID:6188
- C:\Windows\System\FwfdtPH.exe
  C:\Windows\System\FwfdtPH.exe
  2⤵
  PID:4592
- C:\Windows\System\ueUUgwe.exe
  C:\Windows\System\ueUUgwe.exe
  2⤵
  PID:6300
- C:\Windows\System\mmJYFMR.exe
  C:\Windows\System\mmJYFMR.exe
  2⤵
  PID:6360
- C:\Windows\System\nJjaWLu.exe
  C:\Windows\System\nJjaWLu.exe
  2⤵
  PID:1624
- C:\Windows\System\zPXlySR.exe
  C:\Windows\System\zPXlySR.exe
  2⤵
  PID:2888
- C:\Windows\System\SRTHhsW.exe
  C:\Windows\System\SRTHhsW.exe
  2⤵
  PID:4472
- C:\Windows\System\sUvKXau.exe
  C:\Windows\System\sUvKXau.exe
  2⤵
  PID:6552
- C:\Windows\System\NhWftTO.exe
  C:\Windows\System\NhWftTO.exe
  2⤵
  PID:6608
- C:\Windows\System\qviZsNB.exe
  C:\Windows\System\qviZsNB.exe
  2⤵
  PID:6688
- C:\Windows\System\sjvIGVq.exe
  C:\Windows\System\sjvIGVq.exe
  2⤵
  PID:4880
- C:\Windows\System\VXbMODK.exe
  C:\Windows\System\VXbMODK.exe
  2⤵
  PID:6744
- C:\Windows\System\khXHgBP.exe
  C:\Windows\System\khXHgBP.exe
  2⤵
  PID:6812
- C:\Windows\System\WHZYCeQ.exe
  C:\Windows\System\WHZYCeQ.exe
  2⤵
  PID:6844
- C:\Windows\System\EQFTFak.exe
  C:\Windows\System\EQFTFak.exe
  2⤵
  PID:4220
- C:\Windows\System\sjesXLy.exe
  C:\Windows\System\sjesXLy.exe
  2⤵
  PID:1956
- C:\Windows\System\kNmZAHJ.exe
  C:\Windows\System\kNmZAHJ.exe
  2⤵
  PID:3804
- C:\Windows\System\XvTMUti.exe
  C:\Windows\System\XvTMUti.exe
  2⤵
  PID:1908
- C:\Windows\System\UUBSobr.exe
  C:\Windows\System\UUBSobr.exe
  2⤵
  PID:3616
- C:\Windows\System\NDQqVwd.exe
  C:\Windows\System\NDQqVwd.exe
  2⤵
  PID:4932
- C:\Windows\System\ZozgkXH.exe
  C:\Windows\System\ZozgkXH.exe
  2⤵
  PID:7020
- C:\Windows\System\zuowInK.exe
  C:\Windows\System\zuowInK.exe
  2⤵
  PID:7076
- C:\Windows\System\IDbHEEK.exe
  C:\Windows\System\IDbHEEK.exe
  2⤵
  PID:7132
- C:\Windows\System\xJIIywH.exe
  C:\Windows\System\xJIIywH.exe
  2⤵
  PID:5868
- C:\Windows\System\qWfGIjf.exe
  C:\Windows\System\qWfGIjf.exe
  2⤵
  PID:4484
- C:\Windows\System\qaCJFTI.exe
  C:\Windows\System\qaCJFTI.exe
  2⤵
  PID:6328
- C:\Windows\System\reVHqMP.exe
  C:\Windows\System\reVHqMP.exe
  2⤵
  PID:6452
- C:\Windows\System\YIOgrzf.exe
  C:\Windows\System\YIOgrzf.exe
  2⤵
  PID:6604
- C:\Windows\System\TFxeVIJ.exe
  C:\Windows\System\TFxeVIJ.exe
  2⤵
  PID:540
- C:\Windows\System\OanIgEM.exe
  C:\Windows\System\OanIgEM.exe
  2⤵
  PID:1552
- C:\Windows\System\pxspjji.exe
  C:\Windows\System\pxspjji.exe
  2⤵
  PID:6872
- C:\Windows\System\YzMKxyM.exe
  C:\Windows\System\YzMKxyM.exe
  2⤵
  PID:524
- C:\Windows\System\wxLKhOO.exe
  C:\Windows\System\wxLKhOO.exe
  2⤵
  PID:6988
- C:\Windows\System\czOtERS.exe
  C:\Windows\System\czOtERS.exe
  2⤵
  PID:7104
- C:\Windows\System\pzTyHSh.exe
  C:\Windows\System\pzTyHSh.exe
  2⤵
  PID:5416
- C:\Windows\System\kWIvLXe.exe
  C:\Windows\System\kWIvLXe.exe
  2⤵
  PID:2456
- C:\Windows\System\uGDpDSL.exe
  C:\Windows\System\uGDpDSL.exe
  2⤵
  PID:2320
- C:\Windows\System\iKoJsVd.exe
  C:\Windows\System\iKoJsVd.exe
  2⤵
  PID:7056
- C:\Windows\System\CrGpwvE.exe
  C:\Windows\System\CrGpwvE.exe
  2⤵
  PID:6528
- C:\Windows\System\BXsXQaZ.exe
  C:\Windows\System\BXsXQaZ.exe
  2⤵
  PID:844
- C:\Windows\System\RcMZhfD.exe
  C:\Windows\System\RcMZhfD.exe
  2⤵
  PID:1068
- C:\Windows\System\AQXSvBv.exe
  C:\Windows\System\AQXSvBv.exe
  2⤵
  PID:7188
- C:\Windows\System\GmpSSDE.exe
  C:\Windows\System\GmpSSDE.exe
  2⤵
  PID:7216
- C:\Windows\System\rKxahdP.exe
  C:\Windows\System\rKxahdP.exe
  2⤵
  PID:7244
- C:\Windows\System\LDUMlLh.exe
  C:\Windows\System\LDUMlLh.exe
  2⤵
  PID:7280
- C:\Windows\System\mkhzHsB.exe
  C:\Windows\System\mkhzHsB.exe
  2⤵
  PID:7304
- C:\Windows\System\OwFMdrZ.exe
  C:\Windows\System\OwFMdrZ.exe
  2⤵
  PID:7344
- C:\Windows\System\UTRFKmi.exe
  C:\Windows\System\UTRFKmi.exe
  2⤵
  PID:7376
- C:\Windows\System\EqyNPUD.exe
  C:\Windows\System\EqyNPUD.exe
  2⤵
  PID:7408
- C:\Windows\System\SFDkQZD.exe
  C:\Windows\System\SFDkQZD.exe
  2⤵
  PID:7432
- C:\Windows\System\BcTahAD.exe
  C:\Windows\System\BcTahAD.exe
  2⤵
  PID:7460
- C:\Windows\System\NxwQtli.exe
  C:\Windows\System\NxwQtli.exe
  2⤵
  PID:7488
- C:\Windows\System\vgKwwpQ.exe
  C:\Windows\System\vgKwwpQ.exe
  2⤵
  PID:7520
- C:\Windows\System\VKKYoxt.exe
  C:\Windows\System\VKKYoxt.exe
  2⤵
  PID:7544
- C:\Windows\System\FmRwzYd.exe
  C:\Windows\System\FmRwzYd.exe
  2⤵
  PID:7584
- C:\Windows\System\bgYjpGQ.exe
  C:\Windows\System\bgYjpGQ.exe
  2⤵
  PID:7612
- C:\Windows\System\WwfnxqM.exe
  C:\Windows\System\WwfnxqM.exe
  2⤵
  PID:7640
- C:\Windows\System\uBNWqoB.exe
  C:\Windows\System\uBNWqoB.exe
  2⤵
  PID:7668
- C:\Windows\System\jHfRwqP.exe
  C:\Windows\System\jHfRwqP.exe
  2⤵
  PID:7700
- C:\Windows\System\NcGostl.exe
  C:\Windows\System\NcGostl.exe
  2⤵
  PID:7724
- C:\Windows\System\NHUxNKL.exe
  C:\Windows\System\NHUxNKL.exe
  2⤵
  PID:7752
- C:\Windows\System\VVnwUzj.exe
  C:\Windows\System\VVnwUzj.exe
  2⤵
  PID:7780
- C:\Windows\System\IrVqhRa.exe
  C:\Windows\System\IrVqhRa.exe
  2⤵
  PID:7812
- C:\Windows\System\prIGMXU.exe
  C:\Windows\System\prIGMXU.exe
  2⤵
  PID:7836
- C:\Windows\System\OaycSFm.exe
  C:\Windows\System\OaycSFm.exe
  2⤵
  PID:7864
- C:\Windows\System\avFTwqE.exe
  C:\Windows\System\avFTwqE.exe
  2⤵
  PID:7892
- C:\Windows\System\tYBNfDY.exe
  C:\Windows\System\tYBNfDY.exe
  2⤵
  PID:7924
- C:\Windows\System\nbnWimA.exe
  C:\Windows\System\nbnWimA.exe
  2⤵
  PID:7948
- C:\Windows\System\udAolkw.exe
  C:\Windows\System\udAolkw.exe
  2⤵
  PID:7976
- C:\Windows\System\BNCfKRV.exe
  C:\Windows\System\BNCfKRV.exe
  2⤵
  PID:8004
- C:\Windows\System\rsMOoFy.exe
  C:\Windows\System\rsMOoFy.exe
  2⤵
  PID:8032
- C:\Windows\System\WVZahzg.exe
  C:\Windows\System\WVZahzg.exe
  2⤵
  PID:8060
- C:\Windows\System\AkBfWwD.exe
  C:\Windows\System\AkBfWwD.exe
  2⤵
  PID:8088
- C:\Windows\System\xkrJlqL.exe
  C:\Windows\System\xkrJlqL.exe
  2⤵
  PID:8116
- C:\Windows\System\NtVmLDz.exe
  C:\Windows\System\NtVmLDz.exe
  2⤵
  PID:8144
- C:\Windows\System\XHgwWUm.exe
  C:\Windows\System\XHgwWUm.exe
  2⤵
  PID:8172
- C:\Windows\System\ywYbDAw.exe
  C:\Windows\System\ywYbDAw.exe
  2⤵
  PID:7184
- C:\Windows\System\uAvadTl.exe
  C:\Windows\System\uAvadTl.exe
  2⤵
  PID:7256
- C:\Windows\System\IRRuWwi.exe
  C:\Windows\System\IRRuWwi.exe
  2⤵
  PID:7328
- C:\Windows\System\eDEESaz.exe
  C:\Windows\System\eDEESaz.exe
  2⤵
  PID:7400
- C:\Windows\System\PlMgBRI.exe
  C:\Windows\System\PlMgBRI.exe
  2⤵
  PID:7480
- C:\Windows\System\whHMKmZ.exe
  C:\Windows\System\whHMKmZ.exe
  2⤵
  PID:7536
- C:\Windows\System\FlfZpQO.exe
  C:\Windows\System\FlfZpQO.exe
  2⤵
  PID:7608
- C:\Windows\System\EPfdRDx.exe
  C:\Windows\System\EPfdRDx.exe
  2⤵
  PID:7664
- C:\Windows\System\oFDRwMQ.exe
  C:\Windows\System\oFDRwMQ.exe
  2⤵
  PID:7736
- C:\Windows\System\VCaqEji.exe
  C:\Windows\System\VCaqEji.exe
  2⤵
  PID:7792
- C:\Windows\System\vsoZwZa.exe
  C:\Windows\System\vsoZwZa.exe
  2⤵
  PID:7860
- C:\Windows\System\wiatGrb.exe
  C:\Windows\System\wiatGrb.exe
  2⤵
  PID:7940
- C:\Windows\System\QZDJUPH.exe
  C:\Windows\System\QZDJUPH.exe
  2⤵
  PID:8000
- C:\Windows\System\fKMCcBE.exe
  C:\Windows\System\fKMCcBE.exe
  2⤵
  PID:8072
- C:\Windows\System\WxMgiZS.exe
  C:\Windows\System\WxMgiZS.exe
  2⤵
  PID:8136
- C:\Windows\System\xvWTiBC.exe
  C:\Windows\System\xvWTiBC.exe
  2⤵
  PID:7180
- C:\Windows\System\MHtnUtg.exe
  C:\Windows\System\MHtnUtg.exe
  2⤵
  PID:7356
- C:\Windows\System\JkHZqcv.exe
  C:\Windows\System\JkHZqcv.exe
  2⤵
  PID:7512
- C:\Windows\System\zsltPBF.exe
  C:\Windows\System\zsltPBF.exe
  2⤵
  PID:7660
- C:\Windows\System\JETFiEj.exe
  C:\Windows\System\JETFiEj.exe
  2⤵
  PID:7832
- C:\Windows\System\UBJPUhf.exe
  C:\Windows\System\UBJPUhf.exe
  2⤵
  PID:7988
- C:\Windows\System\dauIwJG.exe
  C:\Windows\System\dauIwJG.exe
  2⤵
  PID:8128
- C:\Windows\System\uTDFMAD.exe
  C:\Windows\System\uTDFMAD.exe
  2⤵
  PID:7428
- C:\Windows\System\OCKNzdW.exe
  C:\Windows\System\OCKNzdW.exe
  2⤵
  PID:7772
- C:\Windows\System\mGcmJzK.exe
  C:\Windows\System\mGcmJzK.exe
  2⤵
  PID:8112
- C:\Windows\System\xCTNiWV.exe
  C:\Windows\System\xCTNiWV.exe
  2⤵
  PID:7932
- C:\Windows\System\UmhVAqX.exe
  C:\Windows\System\UmhVAqX.exe
  2⤵
  PID:8196
- C:\Windows\System\DGtJYVo.exe
  C:\Windows\System\DGtJYVo.exe
  2⤵
  PID:8224
- C:\Windows\System\TakmvYj.exe
  C:\Windows\System\TakmvYj.exe
  2⤵
  PID:8252
- C:\Windows\System\JcJuzqq.exe
  C:\Windows\System\JcJuzqq.exe
  2⤵
  PID:8280
- C:\Windows\System\Bjxomlb.exe
  C:\Windows\System\Bjxomlb.exe
  2⤵
  PID:8312
- C:\Windows\System\pmxHKXj.exe
  C:\Windows\System\pmxHKXj.exe
  2⤵
  PID:8340
- C:\Windows\System\hagFBEV.exe
  C:\Windows\System\hagFBEV.exe
  2⤵
  PID:8364
- C:\Windows\System\mtQBGKo.exe
  C:\Windows\System\mtQBGKo.exe
  2⤵
  PID:8392
- C:\Windows\System\oHaXdcE.exe
  C:\Windows\System\oHaXdcE.exe
  2⤵
  PID:8420
- C:\Windows\System\OTvocdx.exe
  C:\Windows\System\OTvocdx.exe
  2⤵
  PID:8468
- C:\Windows\System\MwnCOgW.exe
  C:\Windows\System\MwnCOgW.exe
  2⤵
  PID:8484
- C:\Windows\System\PIZZHDl.exe
  C:\Windows\System\PIZZHDl.exe
  2⤵
  PID:8512
- C:\Windows\System\jjAfQTP.exe
  C:\Windows\System\jjAfQTP.exe
  2⤵
  PID:8544
- C:\Windows\System\hIXHcjg.exe
  C:\Windows\System\hIXHcjg.exe
  2⤵
  PID:8568
- C:\Windows\System\bQmMfJe.exe
  C:\Windows\System\bQmMfJe.exe
  2⤵
  PID:8596
- C:\Windows\System\zXvbSXt.exe
  C:\Windows\System\zXvbSXt.exe
  2⤵
  PID:8624
- C:\Windows\System\nrUHIah.exe
  C:\Windows\System\nrUHIah.exe
  2⤵
  PID:8652
- C:\Windows\System\AqdbaUI.exe
  C:\Windows\System\AqdbaUI.exe
  2⤵
  PID:8680
- C:\Windows\System\DDwqtOP.exe
  C:\Windows\System\DDwqtOP.exe
  2⤵
  PID:8708
- C:\Windows\System\NLUSYCr.exe
  C:\Windows\System\NLUSYCr.exe
  2⤵
  PID:8736
- C:\Windows\System\pEIqUYd.exe
  C:\Windows\System\pEIqUYd.exe
  2⤵
  PID:8768
- C:\Windows\System\WIszMBn.exe
  C:\Windows\System\WIszMBn.exe
  2⤵
  PID:8796
- C:\Windows\System\RueDpgi.exe
  C:\Windows\System\RueDpgi.exe
  2⤵
  PID:8824
- C:\Windows\System\DbPZGMx.exe
  C:\Windows\System\DbPZGMx.exe
  2⤵
  PID:8856
- C:\Windows\System\kVPpMPj.exe
  C:\Windows\System\kVPpMPj.exe
  2⤵
  PID:8880
- C:\Windows\System\kjwoBuF.exe
  C:\Windows\System\kjwoBuF.exe
  2⤵
  PID:8908
- C:\Windows\System\uHYrDfv.exe
  C:\Windows\System\uHYrDfv.exe
  2⤵
  PID:8936
- C:\Windows\System\gSzjcgH.exe
  C:\Windows\System\gSzjcgH.exe
  2⤵
  PID:8964
- C:\Windows\System\DApuaan.exe
  C:\Windows\System\DApuaan.exe
  2⤵
  PID:8992
- C:\Windows\System\HNJDOPB.exe
  C:\Windows\System\HNJDOPB.exe
  2⤵
  PID:9020
- C:\Windows\System\ozFgPFE.exe
  C:\Windows\System\ozFgPFE.exe
  2⤵
  PID:9048
- C:\Windows\System\ligtKRW.exe
  C:\Windows\System\ligtKRW.exe
  2⤵
  PID:9076
- C:\Windows\System\ltNCwxI.exe
  C:\Windows\System\ltNCwxI.exe
  2⤵
  PID:9104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AxPIBkY.exe

Filesize
2.1MB

MD5
8c5a5632b3203f9a93cceb2320faea75

SHA1
621a4d8b96a2edbde1ee7a919a1bd53bf096b166

SHA256
45c3e43066bd171c82261d01db21cf66c28ab1920f349d7a951ac2767881f205

SHA512
8763b803759dd97eacb6720de130be9308591c406e15f92fded28b89f3817383a014eee7014fae7734bf618db8e20c9c726bbb62b4b2a505cbabb6c5419faab0

Download Submit
C:\Windows\System\GSlJows.exe

Filesize
2.1MB

MD5
ab39ccb376c4fa4f6eb6517be8472093

SHA1
587daa72b551f183279e897e783ea6a503a0c684

SHA256
4613271c9ffeb7611f1ed95623ec088d7eebacae7ff02c383a673def07bbbb83

SHA512
08996ef2a264b0ebddb2494cd66a42bfe3f6b9d0a1e227cbd740f0a8a470d0330b25dbcea408d4b2062bec25555d8e075c6723d217845821e235a73ae6cae10b

Download Submit
C:\Windows\System\GWwvtHt.exe

Filesize
2.1MB

MD5
ef09c986107dd31b93df4690b04807e8

SHA1
00ddc9c68d1faec994716c6a613aa1a4d42aa380

SHA256
c0e24ea527f4892692fed8f54191775585eb0185b0d7edc2a65ff4979874def4

SHA512
296a2696c97580006eb8a6ce8d29f54dab26019a08aec2c33bc7f353e66032e37610b491ad64a88fa35bea16d2856247c0850753c22fdfb66e6c2056b3813cbe

Download Submit
C:\Windows\System\JjIlcmv.exe

Filesize
2.0MB

MD5
f9ca651028f1a0f56a43cd7d5b354d73

SHA1
ba926dacdd5568c19e9cfc6f66a25d418440b9ef

SHA256
81d4a4eff7d03fcad4b4b47f6ba368f96a544351e303d3855762bf5e334076fa

SHA512
4a167d9ac43824eeafa72eb7abbb1a4bbcfdada3469c79cf7f75f3e71fa56507c060757fa1e76794dcb6ea1dbe52bb805c54e4b09537d00d601fec5be518545e

Download Submit
C:\Windows\System\KYAdKVd.exe

Filesize
2.1MB

MD5
ff0d0c229ecd5cd7d4787a024674792d

SHA1
a091c865e77657f5ff1faded1da838f326be4095

SHA256
a73f63192dca5876f97078a8c7b4eacd991caeab0dad2d8ce7ee47bd2ebce48a

SHA512
b73323c5ceefaea34c411abb9955659b87adad5499e51f596b17cefb4171f966e5759df88ad8bc72a06ed512e070108705b449d99b643ab08779fdf7bb695674

Download Submit
C:\Windows\System\LxEzRBQ.exe

Filesize
2.1MB

MD5
484d608f021443280bd85c5ea79a8949

SHA1
eca2c53aa0df8b6410e22bf6b98985824539d9cc

SHA256
512c24f52bad5d89eb2529438f30adb4d81cf2229521bcdd14af089fc94c4d55

SHA512
5e24fe67ac7b2d63c2c278be79224f9b29e87d8be01a5c7d1df445f4d2b1101d50bd951d173d4e5e67dbf2a3b5c60d1ff5ed8a41e60f557f9a16fe4b4c4027c5

Download Submit
C:\Windows\System\NfLLPDX.exe

Filesize
2.1MB

MD5
f4f1a3a3d7832ea794be301985d237e8

SHA1
e8df7bb1ae67e9a785ca9139bed0e51779a2324c

SHA256
4bd3e85b742e2ed6c0aaf48fde2f7ef0413dfcfff5f8941c83a268cd83e643a9

SHA512
457833d73bc5ed5080724b83c74ffb68d2820c10200122adce795b25e9c5598a0762c8c84b0db43941f7f9e259ebf82d44856b1d35eef212fe322ceb7403d696

Download Submit
C:\Windows\System\PpnWvJv.exe

Filesize
2.1MB

MD5
0816e96bd18787762b13aaccc69c6a78

SHA1
9c85d806196adac3b0803d2da1fa6d31e5b58bd9

SHA256
232e674fde159d52a7cca96dc59a2c513ebf1069d9cf9d9c358ed0c4a0d7cc0a

SHA512
57c67cdbc70233a02a344acfa63efc919e330b5525b72d08ef0d6e6dcb5b398d8d98d9554ec2b3368487ec98f0f2764e813d2a5649f79b434404f710666582bf

Download Submit
C:\Windows\System\SuxsckT.exe

Filesize
2.1MB

MD5
3733b06f7a467d854cc8f52de601fb96

SHA1
559194ddbc483598141d7c1dfec945325c7f14c0

SHA256
e81a5f91df36f9cf759bfe77a7bff8734632c8314cbaa34f7b5551be7e11474e

SHA512
818ea2164c09bdadcabb4f0682fce0fc6a9ddec4ff557c6606dca5ead900580eb7005258321ece22567af8aecb6c71f9ea52247243a0b9abce15d346e310d5ba

Download Submit
C:\Windows\System\SuyGshP.exe

Filesize
2.1MB

MD5
c6b0e1ab8ac6cf546851ce2d09baaf40

SHA1
f398355be7f72fcec4ccc52e6a6f040ddead07d7

SHA256
c73cc9cd2d34e08b28622a6763470281197b0755e7f50c71327d8586674e72df

SHA512
90dd41f674e753029636e8c4d240da91473b00e1f99bd5f4be090672538b3273be206f34cc9315fd6f08da79ac88e2bda970ec7849984cf89df10151ffd8312f

Download Submit
C:\Windows\System\TQnCmNX.exe

Filesize
2.1MB

MD5
67a4970ca6870cd646e451d9492c1feb

SHA1
6dcb361546948e0505072d68da1a756e50007d46

SHA256
77ac7eff7198944db4893b86339abf3dc2f312ab8abdbea57396dc12ad929304

SHA512
9c1648f6d58aef7815b69e0ebf5bf1dcb5119f44ef6f0b82c2e4037b57143088a5a55448f9efb02c560d9bd6bbde97b5ee70c69e7487783409062765e5a8c09f

Download Submit
C:\Windows\System\WpGxwpq.exe

Filesize
2.1MB

MD5
8b6f1fb8ef8f4c4c3147a63e1c536267

SHA1
4a154b5e4eb33e5a778e6b2220e3af885a76c0eb

SHA256
51de557a3261836e8b0865948344ad84ccb6d772a4a977c98c43c47ef1ce4137

SHA512
a36ad0a19f57ad336e79d5a486b4019a3248bee40df68b2ce5797fdeb33f1d92d108203f26d1b6ec9f0208a8dd4d37df352647a21a509c23dc03ebd423f5f56d

Download Submit
C:\Windows\System\XKbViuU.exe

Filesize
2.1MB

MD5
06a8458a5ee4be62591cc3b1ccee0107

SHA1
b94ef9c2e329294dfd4aaad5f6de62e40645d99e

SHA256
58f70971f2d186f1e406bfcb28ee84392a5dca9bb4220462e7407b4fc2608986

SHA512
d590b2b2a3a625b971d28bfaa534f28beb4399f3d6e3a38422f1ac108ccc52334791f573d5a2044da111aeca0bc88cb2eff5c6dbd2e7bc4d0f378065730ea95c

Download Submit
C:\Windows\System\XtGfMzn.exe

Filesize
2.1MB

MD5
a95eefe0e7705977e65894038130359e

SHA1
684be32e40c92ea5172c0bfbdfe779054338bfd3

SHA256
f8bb40d12e1bc47709c1d99de5db1d45395c534f242db06048db66f7170651a8

SHA512
40f6148d6a6ca2e81e4e31a8ebfd04b3db898fbb5ef7ea6e79c022b256ce8273f0378b17c604f74ecca20d511c14c29bc29301dba7cef2392002b48789614efe

Download Submit
C:\Windows\System\YDepVlp.exe

Filesize
2.1MB

MD5
00454d06c3ff527486ea812170691dcf

SHA1
8f909ec46d3186a8ce770697c00eb9405d548a1b

SHA256
ed433ecbcd7da9a51941a9460627a2152701e743534c4fbeb110f8ad2928825d

SHA512
932babcbdb8e2caee89067939d1195e9038706e11ec45d0615b723be4681eb752d529d63a5465f08cd2729da3ebcc13df2d6e08462916999618d9afc6dd87c9a

Download Submit
C:\Windows\System\ZSDflEs.exe

Filesize
2.1MB

MD5
304749e062c450715245405238fd2dd6

SHA1
b35408f539a823412ac94d86aa081cd00646e016

SHA256
c29c43a89f7eeb1453a61d7269b2c77361602af4d3bdb27dac4197787c775524

SHA512
a4c4d7e8c81fba3494eb974b6344bd6ffcd9f6fb488d5ae6afd8e168bdd9b044bb50987928221ddc4ad7a34a924c4ce10f2d588effe1022df742d8810a3925c5

Download Submit
C:\Windows\System\dMbPBuS.exe

Filesize
2.1MB

MD5
c66fe53ee7d120041348bdf4d175506e

SHA1
57b52df414e29f61710d9b4f6f31d2d72a646cc6

SHA256
5c052cf6bce20bad7d248c4933c8fbd0ea5d5fa9a5bdc0fa16c2a543316bd6d7

SHA512
f158f317cbece606b69320e18b76758673a062de059d5a96f825a47ddd1a11fde835f2e9e65921d332bd84fc2d52af190ef46a66dd614c4982d300f69b3abd74

Download Submit
C:\Windows\System\gMyHrBb.exe

Filesize
2.1MB

MD5
16818de89fd807a533f328b2363944f4

SHA1
017dbd6fa3a4591347fd6120f0fb56cb3bc73b1f

SHA256
0a157334d77f0e4c497c9f2b7f52d10b5efbc49b23b9740e36ee545481e6b7d9

SHA512
4cb8045459efe0e8f94714ea591b65fb4af4bc919b33b9330ff1017a4238c49f5181ea502b4b310de4007b5f76c184b2fccd5073448aad9370d818517138e77e

Download Submit
C:\Windows\System\hedfdpp.exe

Filesize
2.0MB

MD5
9606c732a9b33260767ae254674be8e2

SHA1
3d32276b3891740197358fe3ef286a2e0635cff7

SHA256
add7bcb35a93e488cdbbae767cf571e72620bd771927c793ea789d26ee194a91

SHA512
a012dae32d160a5b567665058ea29c759edd57c86bf9b80a69973634c8d9ba809dde1ee36a6376ffd3721d813cf01fe8436d81f9acbcab7f65abbc3a1f7e70be

Download Submit
C:\Windows\System\lRuUXyF.exe

Filesize
2.1MB

MD5
e6ffdf95c3f913dd6924921c413c6227

SHA1
6d88574ba941c5b71ce798b1bfa75b42cdf2abab

SHA256
a9b54c374d53772edfbda5f14ad4c2f215842c94f67953216be4ad9f53329706

SHA512
48ebce7d8d6b170d88d49e38d535a132929a50e08845586449c4d6d866f270cd3b2ced87bd4a324d4b8e7169326d5833670d32389c7b06c00dba555d8ad681b8

Download Submit
C:\Windows\System\lUmXudV.exe

Filesize
2.1MB

MD5
13eec8c61d17fdb0c22f3b298ba7140e

SHA1
5ab313a652841defa5465b4a314926417757bf15

SHA256
87709cd69687a854b02eaf69c42af51eed05eca0310e8f918b494981290ae9c4

SHA512
88a0d3548381c54e8fb196642bd10d63a6e87233bef672fadd7b70469586f37ff39ef38a7ce3079fd5d5e241139a3b4e83b4e9e85b476f91d6f2825e1daaf449

Download Submit
C:\Windows\System\llewhQI.exe

Filesize
2.1MB

MD5
303fe16000153331305754ae3b14b735

SHA1
f6e02840add6bbb38711ee5f661c90579de245dd

SHA256
347abc5356ff91e36014cbee4ed6113d1ecd412f11e30f3a36c3d01c347aec86

SHA512
c9bb9c5c50d062a1e49f9c22eff5b5f584170b38f580a4e6550be7b6c401efdf4abc9c98d39b0c12a41475922b726e7733b6b8e4b38a808d8a67f4eea5cb0646

Download Submit
C:\Windows\System\mRTekUr.exe

Filesize
2.1MB

MD5
a823e113bcdfb491afb167679d2b7e22

SHA1
e3ac7ca14ab856a9b99fedbc747fd81ff21e2415

SHA256
9ac12d411f67232368c0a39dbd10690c40b5d774f83845f8d197608bc0a23cb8

SHA512
6bc9b061a86e319ede48991ff5a96a0f20f94403e979d30bd0b9810acc8d1e663f77787352aaf42a45b9cbf374c290d37d6aa55c38878b493cab89ef7640ecf4

Download Submit
C:\Windows\System\mvJOPIO.exe

Filesize
2.1MB

MD5
84b84d1015a41f0fd7db33e65c28cac2

SHA1
600a13d8483cfe520967bd0fa1011122ff029630

SHA256
2228ffc7784d7ac86876edb4d4e993f4ba8a6897b3e8440810b610c543eebc44

SHA512
3b15ef0b5d52ed73a13293c1960e649cd29fa305240bc9f844073a22acdcbbd8df5899daf9afee8f5ac7eb90966dbfab6cbda886ec9d1ba70975b04c2966edac

Download Submit
C:\Windows\System\nzXBCGb.exe

Filesize
2.1MB

MD5
bb653eb821229acb0d74dc2425e51cdd

SHA1
f7fd234763185bdd3b5765600fe43cad7bd61231

SHA256
242f1c049db7306c3be8fbd5889f1958c874454d6672fa43f164386b54e6a963

SHA512
4fcd4ab3b47b971d4e5f38468b3b7e60a46b12186925b30f8cd8d31c22d04d3f787e34fb00f11d9d8797e805c93a1125bc7d61de5c5e4a859f3066bfdec4866a

Download Submit
C:\Windows\System\plYxBcg.exe

Filesize
2.0MB

MD5
8882d1b0dc2bc1cbb9dc7e0d99ffd3de

SHA1
a0cae8a6c66c78568990e3430ba31a4475a95290

SHA256
acca8cf4fcacca918a7d70b12e5fdf9c5bedcf3e4f7621f914f7c95e331b07fb

SHA512
4b9d2b79dc6422caf883fc3347adfc2058d8270eee4fa2cd5dde11614928588b30d362c581b3dea0d7ee2f4b99e5c594a21d59006ce6f1dc31acba88362672a9

Download Submit
C:\Windows\System\qUlrToR.exe

Filesize
2.1MB

MD5
189826be4b42f915e8bfea45e921a2ae

SHA1
b8505bdbe5b6e4acd75af6f5f673e4e9160f917e

SHA256
afb5d276c5d3d8ce70589290f58a0228fd2768e0ae0bd68e0e852a94a4f276f6

SHA512
d060a13c3b151dbbebe8f29f99a69c3ac6e2570f91fb2fa0521f5e20bf7a4add7757c3c4251560a653d1787d1a5c45fddf48328cedc594e9d2d2562c3141e2a3

Download Submit
C:\Windows\System\uPgkKbo.exe

Filesize
2.1MB

MD5
a4fd08cf0471e387432e9a2a2aee259b

SHA1
45b5191d15d7ea515f4bf31e87da338d7409a81a

SHA256
827b082c109201770e318e46bd151250d38c9e04366f570888b35458e1cb5862

SHA512
5ed8a3f3f3fb2e30f8a118e9f9005cb7892f6bba980a60b3802730456f3e0da16a94a22a0c543f24fd6e2d17b4e6df5108101985596b46b5ac54bc90f9a30c2b

Download Submit
C:\Windows\System\vzxUdPU.exe

Filesize
2.1MB

MD5
c68c5688a2768c8a603b653d566a584f

SHA1
a26ff7b622f5e0907c195dce2b9065756e33e977

SHA256
81e8d6e523702fd858055f58d5b3efa95b8e55c8c95028a27b314ef1cdea8021

SHA512
bea68f507510df769dfea4561b606c947a048666e608705528ae23f32d571f3cc74ab29dac1dc83e1c261abdddf8e039d6f09a85e081e06c5251a32d6c3895e1

Download Submit
C:\Windows\System\wvVYYLw.exe

Filesize
2.0MB

MD5
ad0432150e8444cba4ff265cc62b472f

SHA1
3768a2e58d7b986956534ed25e59f45cbece47a5

SHA256
4cc799c255aaf23b3aa1c42503b8a0474e26908cdf646cf39d051e89546d1064

SHA512
8cb7799cce10849e63bcb1e216ffcbd6d81ee3eec48ce658fa9d3b67a892ed528655c83d341407f78d7cced0baeeefff68dd3466416f828fea0297768b89895c

Download Submit
C:\Windows\System\ykxpGlN.exe

Filesize
2.1MB

MD5
9841f19a2560ed5a1b3eaa5ae167eda3

SHA1
d945c5672e3baee808903f2eef9ddff149a12aea

SHA256
d9ecf69e36553842b9f9a7699137fe1cc973086138b5bc6363412bf86266ceda

SHA512
222a38e6e4d6d198926c133fd6f316e2e675e8b9a8aad944935306b86413c310b26e565b704663f920905915316897605a9c146b3b4d2c9080b8cb9fa609ecd2

Download Submit
C:\Windows\System\zHzXRXf.exe

Filesize
2.1MB

MD5
afd5a7b39a8b5ed3c5ea48bb13c2d911

SHA1
0d82f9e55f6091ae78f995638244245ee56ff5c4

SHA256
9e84e642abb935891325b80d793207e8bf587705055ec7d595bf9f0a014ce579

SHA512
40f2c981a10cf34030b4c186c37f04f065a3a8e19695c0aa2273b0fd5c97b0c7f5167413a687e08d5288ae24f5d337b2e80db087dffedc56103f57faca321a24

Download Submit
C:\Windows\System\zWbXqGG.exe

Filesize
2.1MB

MD5
cc8cb19801192ef41b98313d237c2d98

SHA1
cc22d5a7ac8375ac8475559059a979cac9c742c6

SHA256
27997714be8572c446b3fe77ddf49c1912ef19dce20007dd5611716d5073063c

SHA512
f8970b138ae9bf9ed2c7f550d6b94c6686d6e3e2316d67d8555f919f4df50f47da0e8bbba7a1f86005759b501d401e892a750f0036fb4d1a7c4f7ee64fd2090f

Download Submit
memory/376-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download