kpot | 097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
Size

2.0MB
MD5

9143922ff86a792fe609de51541048a0
SHA1

e5841ffa705547880be45616ce1f1fefc71a135a
SHA256

097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442
SHA512

44b2f9255dec6b2718df8f723d9609675f4eb008e1649824f60f19f7ae9d1f9aed3378f4e4bc1f1155dc11bba1ca462c1684041878fe0a28b8126b4a5cf50834
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rW:GemTLkNdfE0pZaQS

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233c1-5.dat	family_kpot
behavioral2/files/0x00070000000233e1-10.dat	family_kpot
behavioral2/files/0x00070000000233e3-18.dat	family_kpot
behavioral2/files/0x00070000000233e5-29.dat	family_kpot
behavioral2/files/0x00070000000233e6-35.dat	family_kpot
behavioral2/files/0x00070000000233e7-38.dat	family_kpot
behavioral2/files/0x00070000000233e8-45.dat	family_kpot
behavioral2/files/0x00070000000233e9-49.dat	family_kpot
behavioral2/files/0x00070000000233ec-64.dat	family_kpot
behavioral2/files/0x00070000000233ed-70.dat	family_kpot
behavioral2/files/0x0005000000022970-80.dat	family_kpot
behavioral2/files/0x0006000000022974-87.dat	family_kpot
behavioral2/files/0x00070000000233f2-105.dat	family_kpot
behavioral2/files/0x00070000000233f5-119.dat	family_kpot
behavioral2/files/0x00070000000233f4-124.dat	family_kpot
behavioral2/files/0x00070000000233fb-150.dat	family_kpot
behavioral2/files/0x00070000000233fa-148.dat	family_kpot
behavioral2/files/0x00070000000233f9-146.dat	family_kpot
behavioral2/files/0x00070000000233f8-144.dat	family_kpot
behavioral2/files/0x00070000000233f7-141.dat	family_kpot
behavioral2/files/0x00070000000233f6-133.dat	family_kpot
behavioral2/files/0x00070000000233f3-112.dat	family_kpot
behavioral2/files/0x00070000000233f1-103.dat	family_kpot
behavioral2/files/0x00070000000233f0-101.dat	family_kpot
behavioral2/files/0x00070000000233ef-92.dat	family_kpot
behavioral2/files/0x00070000000233ee-75.dat	family_kpot
behavioral2/files/0x000500000001e2ea-159.dat	family_kpot
behavioral2/files/0x00070000000233fc-157.dat	family_kpot
behavioral2/files/0x00070000000233eb-60.dat	family_kpot
behavioral2/files/0x00070000000233ea-55.dat	family_kpot
behavioral2/files/0x00070000000233e4-25.dat	family_kpot
behavioral2/files/0x00070000000233e2-15.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000233c1-5.dat	xmrig
behavioral2/files/0x00070000000233e1-10.dat	xmrig
behavioral2/files/0x00070000000233e3-18.dat	xmrig
behavioral2/files/0x00070000000233e5-29.dat	xmrig
behavioral2/files/0x00070000000233e6-35.dat	xmrig
behavioral2/files/0x00070000000233e7-38.dat	xmrig
behavioral2/files/0x00070000000233e8-45.dat	xmrig
behavioral2/files/0x00070000000233e9-49.dat	xmrig
behavioral2/files/0x00070000000233ec-64.dat	xmrig
behavioral2/files/0x00070000000233ed-70.dat	xmrig
behavioral2/files/0x0005000000022970-80.dat	xmrig
behavioral2/files/0x0006000000022974-87.dat	xmrig
behavioral2/files/0x00070000000233f2-105.dat	xmrig
behavioral2/files/0x00070000000233f5-119.dat	xmrig
behavioral2/files/0x00070000000233f4-124.dat	xmrig
behavioral2/files/0x00070000000233fb-150.dat	xmrig
behavioral2/files/0x00070000000233fa-148.dat	xmrig
behavioral2/files/0x00070000000233f9-146.dat	xmrig
behavioral2/files/0x00070000000233f8-144.dat	xmrig
behavioral2/files/0x00070000000233f7-141.dat	xmrig
behavioral2/files/0x00070000000233f6-133.dat	xmrig
behavioral2/files/0x00070000000233f3-112.dat	xmrig
behavioral2/files/0x00070000000233f1-103.dat	xmrig
behavioral2/files/0x00070000000233f0-101.dat	xmrig
behavioral2/files/0x00070000000233ef-92.dat	xmrig
behavioral2/files/0x00070000000233ee-75.dat	xmrig
behavioral2/files/0x000500000001e2ea-159.dat	xmrig
behavioral2/files/0x00070000000233fc-157.dat	xmrig
behavioral2/files/0x00070000000233eb-60.dat	xmrig
behavioral2/files/0x00070000000233ea-55.dat	xmrig
behavioral2/files/0x00070000000233e4-25.dat	xmrig
behavioral2/files/0x00070000000233e2-15.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2388	FxYoHRh.exe
3224	tyWjutw.exe
1928	SSDNLaX.exe
3528	yRPQlKE.exe
4656	GSssawo.exe
3932	YrLAtWf.exe
856	TkcXrwC.exe
2824	MBHRmko.exe
2616	imnwvbS.exe
4588	KXlpkQN.exe
5008	mFAkPDe.exe
2724	VaMUSAe.exe
1376	qRnsbOT.exe
2952	MMODIKJ.exe
468	yDqcwTU.exe
1572	mKqDOce.exe
2236	xnvcuzn.exe
628	OmUqSef.exe
4616	KecIyPK.exe
4508	CtKuQgG.exe
2060	qDMYExZ.exe
2324	nJPLbIV.exe
1368	MozQjJl.exe
4208	oYHUeYz.exe
2040	CAnhXoQ.exe
3476	pKQgCzR.exe
3236	PmtSBTx.exe
1580	JelCJfn.exe
1188	iQBQvSJ.exe
4568	xbXMRLn.exe
4928	CcyCKXB.exe
956	XbPVQgo.exe
2136	pXzLQEW.exe
2532	aJXuHXy.exe
4924	BANIifY.exe
4024	UGndtDr.exe
4524	enSnAmr.exe
4880	JIeWbbu.exe
4380	fLavmXn.exe
1524	uPcBbuK.exe
4312	ZTZonPZ.exe
4516	jrNxmFP.exe
2656	lgeNGZm.exe
4796	lmdhZaR.exe
404	mFChVkA.exe
4332	JYmiCvp.exe
2536	SLVsMhR.exe
2208	tLBDvAT.exe
4896	HOcQnoY.exe
3092	LCKMEkX.exe
1240	HWMecpA.exe
4620	qMZBynu.exe
5100	AosRRPM.exe
2584	ikFbBON.exe
2072	HJtSNRN.exe
4500	yHSXQzt.exe
3248	KcodoUI.exe
796	DqhdJjm.exe
1172	sYQwiEv.exe
876	CSCDGIE.exe
1156	vVJHWFZ.exe
1488	BBMIYGy.exe
4636	qNQrHGT.exe
4780	bcsfowF.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fLavmXn.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ZjHNyFl.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\VjIjRsi.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\GGhIktL.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\SSDNLaX.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\qMZBynu.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\TZNgTfF.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\FAgyNsu.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\yiGFjLU.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\DApWZvF.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\VGZLAJc.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\cZXrUYA.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\jrmcTCN.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\OmUqSef.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\GkovSPA.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\HGRodNP.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\AqthlBk.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\VlcSYvD.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\YCXUIDp.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ZSwpVxY.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\PNewPvH.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\AajfcEX.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\EZKEHbn.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ylQikGw.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\SmistSb.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\BYolRBP.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\lmdhZaR.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\pqHcKMe.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\tNPBpyP.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\NMyaMJY.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\nJbHMER.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\LUipGfz.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\odUNLkV.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\zYdhhxI.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\CtKuQgG.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\rLisvJq.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\IdoRsAU.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\uWYooDQ.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ADQrJZm.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\CcyCKXB.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\DidWcbG.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\RhNQjxj.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\kcTQVGl.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\WAHdLoi.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\KXlpkQN.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\wpxBGIo.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\urqDiMn.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\uHFzGzJ.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\UQABwEn.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\BjbnKVS.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\uaKmTuV.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ZnJOwsd.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\XPRgDux.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\maqlLng.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\NAUoBKn.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\iAmuinF.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\hcOCMoP.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\sGkLLoj.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\aaXzNPM.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\MozQjJl.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\DhgQaWJ.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\TCHdedl.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\lquFwjA.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
File created	C:\Windows\System\ACFhTCq.exe	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2388	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	82
PID 1540 wrote to memory of 2388	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	82
PID 1540 wrote to memory of 3224	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	83
PID 1540 wrote to memory of 3224	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	83
PID 1540 wrote to memory of 1928	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	84
PID 1540 wrote to memory of 1928	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	84
PID 1540 wrote to memory of 3528	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	86
PID 1540 wrote to memory of 3528	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	86
PID 1540 wrote to memory of 4656	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	87
PID 1540 wrote to memory of 4656	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	87
PID 1540 wrote to memory of 3932	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	88
PID 1540 wrote to memory of 3932	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	88
PID 1540 wrote to memory of 856	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	89
PID 1540 wrote to memory of 856	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	89
PID 1540 wrote to memory of 2824	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	90
PID 1540 wrote to memory of 2824	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	90
PID 1540 wrote to memory of 2616	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	91
PID 1540 wrote to memory of 2616	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	91
PID 1540 wrote to memory of 4588	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	92
PID 1540 wrote to memory of 4588	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	92
PID 1540 wrote to memory of 5008	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	94
PID 1540 wrote to memory of 5008	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	94
PID 1540 wrote to memory of 2724	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	95
PID 1540 wrote to memory of 2724	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	95
PID 1540 wrote to memory of 1376	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	96
PID 1540 wrote to memory of 1376	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	96
PID 1540 wrote to memory of 2952	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	97
PID 1540 wrote to memory of 2952	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	97
PID 1540 wrote to memory of 468	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	98
PID 1540 wrote to memory of 468	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	98
PID 1540 wrote to memory of 1572	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	100
PID 1540 wrote to memory of 1572	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	100
PID 1540 wrote to memory of 2236	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	101
PID 1540 wrote to memory of 2236	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	101
PID 1540 wrote to memory of 628	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	102
PID 1540 wrote to memory of 628	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	102
PID 1540 wrote to memory of 4616	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	103
PID 1540 wrote to memory of 4616	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	103
PID 1540 wrote to memory of 4508	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	104
PID 1540 wrote to memory of 4508	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	104
PID 1540 wrote to memory of 2060	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	105
PID 1540 wrote to memory of 2060	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	105
PID 1540 wrote to memory of 2324	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	106
PID 1540 wrote to memory of 2324	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	106
PID 1540 wrote to memory of 1368	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	107
PID 1540 wrote to memory of 1368	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	107
PID 1540 wrote to memory of 4208	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	108
PID 1540 wrote to memory of 4208	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	108
PID 1540 wrote to memory of 2040	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	109
PID 1540 wrote to memory of 2040	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	109
PID 1540 wrote to memory of 3476	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	110
PID 1540 wrote to memory of 3476	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	110
PID 1540 wrote to memory of 3236	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	111
PID 1540 wrote to memory of 3236	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	111
PID 1540 wrote to memory of 1580	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	112
PID 1540 wrote to memory of 1580	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	112
PID 1540 wrote to memory of 1188	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	113
PID 1540 wrote to memory of 1188	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	113
PID 1540 wrote to memory of 4568	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	114
PID 1540 wrote to memory of 4568	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	114
PID 1540 wrote to memory of 4928	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	115
PID 1540 wrote to memory of 4928	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	115
PID 1540 wrote to memory of 956	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	116
PID 1540 wrote to memory of 956	1540	097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\097a4e63e6f8a764aaac2a5331df6127890ca85f04a98444779251202f613442_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\System\FxYoHRh.exe
  C:\Windows\System\FxYoHRh.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\tyWjutw.exe
  C:\Windows\System\tyWjutw.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\SSDNLaX.exe
  C:\Windows\System\SSDNLaX.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\yRPQlKE.exe
  C:\Windows\System\yRPQlKE.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\GSssawo.exe
  C:\Windows\System\GSssawo.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\YrLAtWf.exe
  C:\Windows\System\YrLAtWf.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\TkcXrwC.exe
  C:\Windows\System\TkcXrwC.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\MBHRmko.exe
  C:\Windows\System\MBHRmko.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\imnwvbS.exe
  C:\Windows\System\imnwvbS.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KXlpkQN.exe
  C:\Windows\System\KXlpkQN.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\mFAkPDe.exe
  C:\Windows\System\mFAkPDe.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\VaMUSAe.exe
  C:\Windows\System\VaMUSAe.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\qRnsbOT.exe
  C:\Windows\System\qRnsbOT.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\MMODIKJ.exe
  C:\Windows\System\MMODIKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\yDqcwTU.exe
  C:\Windows\System\yDqcwTU.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\mKqDOce.exe
  C:\Windows\System\mKqDOce.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\xnvcuzn.exe
  C:\Windows\System\xnvcuzn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\OmUqSef.exe
  C:\Windows\System\OmUqSef.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\KecIyPK.exe
  C:\Windows\System\KecIyPK.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\CtKuQgG.exe
  C:\Windows\System\CtKuQgG.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\qDMYExZ.exe
  C:\Windows\System\qDMYExZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\nJPLbIV.exe
  C:\Windows\System\nJPLbIV.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\MozQjJl.exe
  C:\Windows\System\MozQjJl.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\oYHUeYz.exe
  C:\Windows\System\oYHUeYz.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\CAnhXoQ.exe
  C:\Windows\System\CAnhXoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\pKQgCzR.exe
  C:\Windows\System\pKQgCzR.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\PmtSBTx.exe
  C:\Windows\System\PmtSBTx.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\JelCJfn.exe
  C:\Windows\System\JelCJfn.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\iQBQvSJ.exe
  C:\Windows\System\iQBQvSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\xbXMRLn.exe
  C:\Windows\System\xbXMRLn.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\CcyCKXB.exe
  C:\Windows\System\CcyCKXB.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\XbPVQgo.exe
  C:\Windows\System\XbPVQgo.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\pXzLQEW.exe
  C:\Windows\System\pXzLQEW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\aJXuHXy.exe
  C:\Windows\System\aJXuHXy.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\BANIifY.exe
  C:\Windows\System\BANIifY.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\UGndtDr.exe
  C:\Windows\System\UGndtDr.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\enSnAmr.exe
  C:\Windows\System\enSnAmr.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\JIeWbbu.exe
  C:\Windows\System\JIeWbbu.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\fLavmXn.exe
  C:\Windows\System\fLavmXn.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\uPcBbuK.exe
  C:\Windows\System\uPcBbuK.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ZTZonPZ.exe
  C:\Windows\System\ZTZonPZ.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\jrNxmFP.exe
  C:\Windows\System\jrNxmFP.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\lgeNGZm.exe
  C:\Windows\System\lgeNGZm.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\lmdhZaR.exe
  C:\Windows\System\lmdhZaR.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\mFChVkA.exe
  C:\Windows\System\mFChVkA.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\JYmiCvp.exe
  C:\Windows\System\JYmiCvp.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\SLVsMhR.exe
  C:\Windows\System\SLVsMhR.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\tLBDvAT.exe
  C:\Windows\System\tLBDvAT.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HOcQnoY.exe
  C:\Windows\System\HOcQnoY.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\LCKMEkX.exe
  C:\Windows\System\LCKMEkX.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\HWMecpA.exe
  C:\Windows\System\HWMecpA.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\qMZBynu.exe
  C:\Windows\System\qMZBynu.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\AosRRPM.exe
  C:\Windows\System\AosRRPM.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\ikFbBON.exe
  C:\Windows\System\ikFbBON.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\HJtSNRN.exe
  C:\Windows\System\HJtSNRN.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\yHSXQzt.exe
  C:\Windows\System\yHSXQzt.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\KcodoUI.exe
  C:\Windows\System\KcodoUI.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\DqhdJjm.exe
  C:\Windows\System\DqhdJjm.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\sYQwiEv.exe
  C:\Windows\System\sYQwiEv.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\CSCDGIE.exe
  C:\Windows\System\CSCDGIE.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\vVJHWFZ.exe
  C:\Windows\System\vVJHWFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BBMIYGy.exe
  C:\Windows\System\BBMIYGy.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\qNQrHGT.exe
  C:\Windows\System\qNQrHGT.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\bcsfowF.exe
  C:\Windows\System\bcsfowF.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\VRfxvzM.exe
  C:\Windows\System\VRfxvzM.exe
  2⤵
  PID:2560
- C:\Windows\System\hDaIkyO.exe
  C:\Windows\System\hDaIkyO.exe
  2⤵
  PID:3168
- C:\Windows\System\PUtMsap.exe
  C:\Windows\System\PUtMsap.exe
  2⤵
  PID:2212
- C:\Windows\System\hrJJQHc.exe
  C:\Windows\System\hrJJQHc.exe
  2⤵
  PID:2396
- C:\Windows\System\rhtQgqE.exe
  C:\Windows\System\rhtQgqE.exe
  2⤵
  PID:2576
- C:\Windows\System\dyPQzPM.exe
  C:\Windows\System\dyPQzPM.exe
  2⤵
  PID:3440
- C:\Windows\System\ctslWME.exe
  C:\Windows\System\ctslWME.exe
  2⤵
  PID:4664
- C:\Windows\System\dLaihsJ.exe
  C:\Windows\System\dLaihsJ.exe
  2⤵
  PID:4764
- C:\Windows\System\PNewPvH.exe
  C:\Windows\System\PNewPvH.exe
  2⤵
  PID:4308
- C:\Windows\System\obMnraU.exe
  C:\Windows\System\obMnraU.exe
  2⤵
  PID:1472
- C:\Windows\System\pESrLPT.exe
  C:\Windows\System\pESrLPT.exe
  2⤵
  PID:1960
- C:\Windows\System\DhgQaWJ.exe
  C:\Windows\System\DhgQaWJ.exe
  2⤵
  PID:1832
- C:\Windows\System\ptvwPHY.exe
  C:\Windows\System\ptvwPHY.exe
  2⤵
  PID:4016
- C:\Windows\System\ltVhdEE.exe
  C:\Windows\System\ltVhdEE.exe
  2⤵
  PID:3264
- C:\Windows\System\KlHkRkC.exe
  C:\Windows\System\KlHkRkC.exe
  2⤵
  PID:1360
- C:\Windows\System\LgzWVbf.exe
  C:\Windows\System\LgzWVbf.exe
  2⤵
  PID:4048
- C:\Windows\System\RElNBGl.exe
  C:\Windows\System\RElNBGl.exe
  2⤵
  PID:4536
- C:\Windows\System\KoEOYOZ.exe
  C:\Windows\System\KoEOYOZ.exe
  2⤵
  PID:5108
- C:\Windows\System\pqHcKMe.exe
  C:\Windows\System\pqHcKMe.exe
  2⤵
  PID:3524
- C:\Windows\System\DidWcbG.exe
  C:\Windows\System\DidWcbG.exe
  2⤵
  PID:4424
- C:\Windows\System\vJLtmFX.exe
  C:\Windows\System\vJLtmFX.exe
  2⤵
  PID:1776
- C:\Windows\System\cGCzRyN.exe
  C:\Windows\System\cGCzRyN.exe
  2⤵
  PID:2372
- C:\Windows\System\dgCjvOf.exe
  C:\Windows\System\dgCjvOf.exe
  2⤵
  PID:4080
- C:\Windows\System\sWuzZbA.exe
  C:\Windows\System\sWuzZbA.exe
  2⤵
  PID:924
- C:\Windows\System\LJhbIuB.exe
  C:\Windows\System\LJhbIuB.exe
  2⤵
  PID:1720
- C:\Windows\System\LDjerBc.exe
  C:\Windows\System\LDjerBc.exe
  2⤵
  PID:4876
- C:\Windows\System\UzTZevZ.exe
  C:\Windows\System\UzTZevZ.exe
  2⤵
  PID:1812
- C:\Windows\System\bMJIrCD.exe
  C:\Windows\System\bMJIrCD.exe
  2⤵
  PID:5028
- C:\Windows\System\dPBePHy.exe
  C:\Windows\System\dPBePHy.exe
  2⤵
  PID:1320
- C:\Windows\System\ubFfMbC.exe
  C:\Windows\System\ubFfMbC.exe
  2⤵
  PID:2304
- C:\Windows\System\VfeiTYC.exe
  C:\Windows\System\VfeiTYC.exe
  2⤵
  PID:5020
- C:\Windows\System\uwumfcQ.exe
  C:\Windows\System\uwumfcQ.exe
  2⤵
  PID:5128
- C:\Windows\System\OAEyxBR.exe
  C:\Windows\System\OAEyxBR.exe
  2⤵
  PID:5160
- C:\Windows\System\kxoLYQR.exe
  C:\Windows\System\kxoLYQR.exe
  2⤵
  PID:5192
- C:\Windows\System\MkrKyHo.exe
  C:\Windows\System\MkrKyHo.exe
  2⤵
  PID:5216
- C:\Windows\System\xMhkVmb.exe
  C:\Windows\System\xMhkVmb.exe
  2⤵
  PID:5248
- C:\Windows\System\vuSBXmG.exe
  C:\Windows\System\vuSBXmG.exe
  2⤵
  PID:5276
- C:\Windows\System\TZNgTfF.exe
  C:\Windows\System\TZNgTfF.exe
  2⤵
  PID:5300
- C:\Windows\System\TLKmUgP.exe
  C:\Windows\System\TLKmUgP.exe
  2⤵
  PID:5332
- C:\Windows\System\EMguMKd.exe
  C:\Windows\System\EMguMKd.exe
  2⤵
  PID:5360
- C:\Windows\System\wpxBGIo.exe
  C:\Windows\System\wpxBGIo.exe
  2⤵
  PID:5384
- C:\Windows\System\cznQJZR.exe
  C:\Windows\System\cznQJZR.exe
  2⤵
  PID:5400
- C:\Windows\System\kbaqGPN.exe
  C:\Windows\System\kbaqGPN.exe
  2⤵
  PID:5436
- C:\Windows\System\pZyZhUj.exe
  C:\Windows\System\pZyZhUj.exe
  2⤵
  PID:5468
- C:\Windows\System\rLisvJq.exe
  C:\Windows\System\rLisvJq.exe
  2⤵
  PID:5492
- C:\Windows\System\NsOBAJW.exe
  C:\Windows\System\NsOBAJW.exe
  2⤵
  PID:5520
- C:\Windows\System\yKdOvQz.exe
  C:\Windows\System\yKdOvQz.exe
  2⤵
  PID:5556
- C:\Windows\System\RhNQjxj.exe
  C:\Windows\System\RhNQjxj.exe
  2⤵
  PID:5584
- C:\Windows\System\rZVvQpD.exe
  C:\Windows\System\rZVvQpD.exe
  2⤵
  PID:5608
- C:\Windows\System\urqDiMn.exe
  C:\Windows\System\urqDiMn.exe
  2⤵
  PID:5632
- C:\Windows\System\MEPlOuB.exe
  C:\Windows\System\MEPlOuB.exe
  2⤵
  PID:5668
- C:\Windows\System\AajfcEX.exe
  C:\Windows\System\AajfcEX.exe
  2⤵
  PID:5692
- C:\Windows\System\tnqIrte.exe
  C:\Windows\System\tnqIrte.exe
  2⤵
  PID:5720
- C:\Windows\System\jHSNZWu.exe
  C:\Windows\System\jHSNZWu.exe
  2⤵
  PID:5752
- C:\Windows\System\nBJxxTV.exe
  C:\Windows\System\nBJxxTV.exe
  2⤵
  PID:5776
- C:\Windows\System\xYpCNlT.exe
  C:\Windows\System\xYpCNlT.exe
  2⤵
  PID:5804
- C:\Windows\System\ixzXFqo.exe
  C:\Windows\System\ixzXFqo.exe
  2⤵
  PID:5836
- C:\Windows\System\NTWvCHh.exe
  C:\Windows\System\NTWvCHh.exe
  2⤵
  PID:5864
- C:\Windows\System\XFVQsuX.exe
  C:\Windows\System\XFVQsuX.exe
  2⤵
  PID:5892
- C:\Windows\System\DcGUDkC.exe
  C:\Windows\System\DcGUDkC.exe
  2⤵
  PID:5912
- C:\Windows\System\sLRoFZr.exe
  C:\Windows\System\sLRoFZr.exe
  2⤵
  PID:5940
- C:\Windows\System\FwUsWWk.exe
  C:\Windows\System\FwUsWWk.exe
  2⤵
  PID:5956
- C:\Windows\System\CCnVqtI.exe
  C:\Windows\System\CCnVqtI.exe
  2⤵
  PID:5996
- C:\Windows\System\bdGJcak.exe
  C:\Windows\System\bdGJcak.exe
  2⤵
  PID:6028
- C:\Windows\System\GkovSPA.exe
  C:\Windows\System\GkovSPA.exe
  2⤵
  PID:6056
- C:\Windows\System\miQPkWP.exe
  C:\Windows\System\miQPkWP.exe
  2⤵
  PID:6084
- C:\Windows\System\QvUBvFK.exe
  C:\Windows\System\QvUBvFK.exe
  2⤵
  PID:6116
- C:\Windows\System\aHeOCtg.exe
  C:\Windows\System\aHeOCtg.exe
  2⤵
  PID:6140
- C:\Windows\System\VlcSYvD.exe
  C:\Windows\System\VlcSYvD.exe
  2⤵
  PID:5168
- C:\Windows\System\UBZfFaP.exe
  C:\Windows\System\UBZfFaP.exe
  2⤵
  PID:5256
- C:\Windows\System\fZOEEyS.exe
  C:\Windows\System\fZOEEyS.exe
  2⤵
  PID:5308
- C:\Windows\System\JOyxxvd.exe
  C:\Windows\System\JOyxxvd.exe
  2⤵
  PID:5372
- C:\Windows\System\ZjHNyFl.exe
  C:\Windows\System\ZjHNyFl.exe
  2⤵
  PID:5424
- C:\Windows\System\RXIcAPC.exe
  C:\Windows\System\RXIcAPC.exe
  2⤵
  PID:5460
- C:\Windows\System\UgQBEbB.exe
  C:\Windows\System\UgQBEbB.exe
  2⤵
  PID:5532
- C:\Windows\System\ygiNuxF.exe
  C:\Windows\System\ygiNuxF.exe
  2⤵
  PID:5600
- C:\Windows\System\IdoRsAU.exe
  C:\Windows\System\IdoRsAU.exe
  2⤵
  PID:5656
- C:\Windows\System\EZKEHbn.exe
  C:\Windows\System\EZKEHbn.exe
  2⤵
  PID:5712
- C:\Windows\System\TCHdedl.exe
  C:\Windows\System\TCHdedl.exe
  2⤵
  PID:5784
- C:\Windows\System\HGRodNP.exe
  C:\Windows\System\HGRodNP.exe
  2⤵
  PID:5824
- C:\Windows\System\ylQikGw.exe
  C:\Windows\System\ylQikGw.exe
  2⤵
  PID:5900
- C:\Windows\System\GvQPtlh.exe
  C:\Windows\System\GvQPtlh.exe
  2⤵
  PID:5976
- C:\Windows\System\kzzKEIw.exe
  C:\Windows\System\kzzKEIw.exe
  2⤵
  PID:6044
- C:\Windows\System\lquFwjA.exe
  C:\Windows\System\lquFwjA.exe
  2⤵
  PID:6128
- C:\Windows\System\fRQtZQx.exe
  C:\Windows\System\fRQtZQx.exe
  2⤵
  PID:5208
- C:\Windows\System\XubLXcj.exe
  C:\Windows\System\XubLXcj.exe
  2⤵
  PID:5320
- C:\Windows\System\BjbnKVS.exe
  C:\Windows\System\BjbnKVS.exe
  2⤵
  PID:5420
- C:\Windows\System\AqthlBk.exe
  C:\Windows\System\AqthlBk.exe
  2⤵
  PID:5512
- C:\Windows\System\eiCpIhL.exe
  C:\Windows\System\eiCpIhL.exe
  2⤵
  PID:5708
- C:\Windows\System\tNPBpyP.exe
  C:\Windows\System\tNPBpyP.exe
  2⤵
  PID:5904
- C:\Windows\System\DApWZvF.exe
  C:\Windows\System\DApWZvF.exe
  2⤵
  PID:6072
- C:\Windows\System\mxjRkuv.exe
  C:\Windows\System\mxjRkuv.exe
  2⤵
  PID:5264
- C:\Windows\System\HoRqkmd.exe
  C:\Windows\System\HoRqkmd.exe
  2⤵
  PID:5488
- C:\Windows\System\FdrvuLC.exe
  C:\Windows\System\FdrvuLC.exe
  2⤵
  PID:5764
- C:\Windows\System\VGZLAJc.exe
  C:\Windows\System\VGZLAJc.exe
  2⤵
  PID:5140
- C:\Windows\System\hRqJboC.exe
  C:\Windows\System\hRqJboC.exe
  2⤵
  PID:5852
- C:\Windows\System\lxJitTx.exe
  C:\Windows\System\lxJitTx.exe
  2⤵
  PID:5396
- C:\Windows\System\maqlLng.exe
  C:\Windows\System\maqlLng.exe
  2⤵
  PID:6152
- C:\Windows\System\qVuSQVa.exe
  C:\Windows\System\qVuSQVa.exe
  2⤵
  PID:6184
- C:\Windows\System\mKFvBCs.exe
  C:\Windows\System\mKFvBCs.exe
  2⤵
  PID:6208
- C:\Windows\System\wTOALpw.exe
  C:\Windows\System\wTOALpw.exe
  2⤵
  PID:6252
- C:\Windows\System\rZTmicj.exe
  C:\Windows\System\rZTmicj.exe
  2⤵
  PID:6280
- C:\Windows\System\EvuIGGj.exe
  C:\Windows\System\EvuIGGj.exe
  2⤵
  PID:6300
- C:\Windows\System\KRRMHhe.exe
  C:\Windows\System\KRRMHhe.exe
  2⤵
  PID:6328
- C:\Windows\System\uWrOyWV.exe
  C:\Windows\System\uWrOyWV.exe
  2⤵
  PID:6356
- C:\Windows\System\xwNOzAC.exe
  C:\Windows\System\xwNOzAC.exe
  2⤵
  PID:6388
- C:\Windows\System\ywHwxYb.exe
  C:\Windows\System\ywHwxYb.exe
  2⤵
  PID:6416
- C:\Windows\System\bXWGFYd.exe
  C:\Windows\System\bXWGFYd.exe
  2⤵
  PID:6440
- C:\Windows\System\DiAJjij.exe
  C:\Windows\System\DiAJjij.exe
  2⤵
  PID:6472
- C:\Windows\System\aMxvxlk.exe
  C:\Windows\System\aMxvxlk.exe
  2⤵
  PID:6504
- C:\Windows\System\wQxRunS.exe
  C:\Windows\System\wQxRunS.exe
  2⤵
  PID:6524
- C:\Windows\System\JMFbski.exe
  C:\Windows\System\JMFbski.exe
  2⤵
  PID:6540
- C:\Windows\System\FAgyNsu.exe
  C:\Windows\System\FAgyNsu.exe
  2⤵
  PID:6572
- C:\Windows\System\kcTQVGl.exe
  C:\Windows\System\kcTQVGl.exe
  2⤵
  PID:6592
- C:\Windows\System\YoTqWZI.exe
  C:\Windows\System\YoTqWZI.exe
  2⤵
  PID:6612
- C:\Windows\System\bAwsxXV.exe
  C:\Windows\System\bAwsxXV.exe
  2⤵
  PID:6640
- C:\Windows\System\RHYpfpP.exe
  C:\Windows\System\RHYpfpP.exe
  2⤵
  PID:6672
- C:\Windows\System\OUznVrg.exe
  C:\Windows\System\OUznVrg.exe
  2⤵
  PID:6696
- C:\Windows\System\xXAdkLC.exe
  C:\Windows\System\xXAdkLC.exe
  2⤵
  PID:6720
- C:\Windows\System\uGgetTL.exe
  C:\Windows\System\uGgetTL.exe
  2⤵
  PID:6748
- C:\Windows\System\HatZZaE.exe
  C:\Windows\System\HatZZaE.exe
  2⤵
  PID:6776
- C:\Windows\System\HxNcVZG.exe
  C:\Windows\System\HxNcVZG.exe
  2⤵
  PID:6796
- C:\Windows\System\jDZLULq.exe
  C:\Windows\System\jDZLULq.exe
  2⤵
  PID:6824
- C:\Windows\System\NMyaMJY.exe
  C:\Windows\System\NMyaMJY.exe
  2⤵
  PID:6856
- C:\Windows\System\UOFrpwU.exe
  C:\Windows\System\UOFrpwU.exe
  2⤵
  PID:6884
- C:\Windows\System\zSOokHq.exe
  C:\Windows\System\zSOokHq.exe
  2⤵
  PID:6928
- C:\Windows\System\jqhMVBa.exe
  C:\Windows\System\jqhMVBa.exe
  2⤵
  PID:6968
- C:\Windows\System\mUgiADq.exe
  C:\Windows\System\mUgiADq.exe
  2⤵
  PID:6996
- C:\Windows\System\uWYooDQ.exe
  C:\Windows\System\uWYooDQ.exe
  2⤵
  PID:7028
- C:\Windows\System\SmistSb.exe
  C:\Windows\System\SmistSb.exe
  2⤵
  PID:7060
- C:\Windows\System\YCXUIDp.exe
  C:\Windows\System\YCXUIDp.exe
  2⤵
  PID:7092
- C:\Windows\System\dCNfXwJ.exe
  C:\Windows\System\dCNfXwJ.exe
  2⤵
  PID:7116
- C:\Windows\System\CLmSJbM.exe
  C:\Windows\System\CLmSJbM.exe
  2⤵
  PID:7144
- C:\Windows\System\BOPQyVW.exe
  C:\Windows\System\BOPQyVW.exe
  2⤵
  PID:6008
- C:\Windows\System\ztuTSYZ.exe
  C:\Windows\System\ztuTSYZ.exe
  2⤵
  PID:6192
- C:\Windows\System\wqzSeOY.exe
  C:\Windows\System\wqzSeOY.exe
  2⤵
  PID:3896
- C:\Windows\System\RgPqScc.exe
  C:\Windows\System\RgPqScc.exe
  2⤵
  PID:6224
- C:\Windows\System\VpZOOzi.exe
  C:\Windows\System\VpZOOzi.exe
  2⤵
  PID:3772
- C:\Windows\System\DuXAzab.exe
  C:\Windows\System\DuXAzab.exe
  2⤵
  PID:6320
- C:\Windows\System\CFLZihy.exe
  C:\Windows\System\CFLZihy.exe
  2⤵
  PID:6396
- C:\Windows\System\qzRxfsO.exe
  C:\Windows\System\qzRxfsO.exe
  2⤵
  PID:6460
- C:\Windows\System\AQDXAMw.exe
  C:\Windows\System\AQDXAMw.exe
  2⤵
  PID:3196
- C:\Windows\System\yiGFjLU.exe
  C:\Windows\System\yiGFjLU.exe
  2⤵
  PID:6552
- C:\Windows\System\jCIwred.exe
  C:\Windows\System\jCIwred.exe
  2⤵
  PID:6656
- C:\Windows\System\dtTLejf.exe
  C:\Windows\System\dtTLejf.exe
  2⤵
  PID:6680
- C:\Windows\System\uHFzGzJ.exe
  C:\Windows\System\uHFzGzJ.exe
  2⤵
  PID:6740
- C:\Windows\System\ytzVXrR.exe
  C:\Windows\System\ytzVXrR.exe
  2⤵
  PID:6792
- C:\Windows\System\RdKcsMm.exe
  C:\Windows\System\RdKcsMm.exe
  2⤵
  PID:6848
- C:\Windows\System\TdEfqKl.exe
  C:\Windows\System\TdEfqKl.exe
  2⤵
  PID:6920
- C:\Windows\System\nJbHMER.exe
  C:\Windows\System\nJbHMER.exe
  2⤵
  PID:7004
- C:\Windows\System\lpMHJlZ.exe
  C:\Windows\System\lpMHJlZ.exe
  2⤵
  PID:7048
- C:\Windows\System\ACFhTCq.exe
  C:\Windows\System\ACFhTCq.exe
  2⤵
  PID:7132
- C:\Windows\System\GtRvBdO.exe
  C:\Windows\System\GtRvBdO.exe
  2⤵
  PID:7160
- C:\Windows\System\DgDTEWQ.exe
  C:\Windows\System\DgDTEWQ.exe
  2⤵
  PID:6216
- C:\Windows\System\HfoamSP.exe
  C:\Windows\System\HfoamSP.exe
  2⤵
  PID:6264
- C:\Windows\System\cZXrUYA.exe
  C:\Windows\System\cZXrUYA.exe
  2⤵
  PID:6380
- C:\Windows\System\GGhIktL.exe
  C:\Windows\System\GGhIktL.exe
  2⤵
  PID:6512
- C:\Windows\System\ivbbwlK.exe
  C:\Windows\System\ivbbwlK.exe
  2⤵
  PID:6608
- C:\Windows\System\noWktQi.exe
  C:\Windows\System\noWktQi.exe
  2⤵
  PID:6768
- C:\Windows\System\EcLvIPP.exe
  C:\Windows\System\EcLvIPP.exe
  2⤵
  PID:6904
- C:\Windows\System\xVEBSPG.exe
  C:\Windows\System\xVEBSPG.exe
  2⤵
  PID:7076
- C:\Windows\System\IpMtvmp.exe
  C:\Windows\System\IpMtvmp.exe
  2⤵
  PID:640
- C:\Windows\System\ofeMcPn.exe
  C:\Windows\System\ofeMcPn.exe
  2⤵
  PID:6368
- C:\Windows\System\ajsqAUR.exe
  C:\Windows\System\ajsqAUR.exe
  2⤵
  PID:6580
- C:\Windows\System\pVbFRXR.exe
  C:\Windows\System\pVbFRXR.exe
  2⤵
  PID:6840
- C:\Windows\System\NAUoBKn.exe
  C:\Windows\System\NAUoBKn.exe
  2⤵
  PID:7152
- C:\Windows\System\jWzvkFs.exe
  C:\Windows\System\jWzvkFs.exe
  2⤵
  PID:1560
- C:\Windows\System\koGADne.exe
  C:\Windows\System\koGADne.exe
  2⤵
  PID:3160
- C:\Windows\System\ADQrJZm.exe
  C:\Windows\System\ADQrJZm.exe
  2⤵
  PID:7124
- C:\Windows\System\qWrRymm.exe
  C:\Windows\System\qWrRymm.exe
  2⤵
  PID:7196
- C:\Windows\System\ZSwpVxY.exe
  C:\Windows\System\ZSwpVxY.exe
  2⤵
  PID:7220
- C:\Windows\System\XAEmtJk.exe
  C:\Windows\System\XAEmtJk.exe
  2⤵
  PID:7248
- C:\Windows\System\bblkJdj.exe
  C:\Windows\System\bblkJdj.exe
  2⤵
  PID:7276
- C:\Windows\System\ZObOqmn.exe
  C:\Windows\System\ZObOqmn.exe
  2⤵
  PID:7308
- C:\Windows\System\oWyfRUq.exe
  C:\Windows\System\oWyfRUq.exe
  2⤵
  PID:7332
- C:\Windows\System\ZQaLjLE.exe
  C:\Windows\System\ZQaLjLE.exe
  2⤵
  PID:7360
- C:\Windows\System\ZpByVnZ.exe
  C:\Windows\System\ZpByVnZ.exe
  2⤵
  PID:7384
- C:\Windows\System\VjIjRsi.exe
  C:\Windows\System\VjIjRsi.exe
  2⤵
  PID:7416
- C:\Windows\System\UQABwEn.exe
  C:\Windows\System\UQABwEn.exe
  2⤵
  PID:7444
- C:\Windows\System\UIYJvTv.exe
  C:\Windows\System\UIYJvTv.exe
  2⤵
  PID:7472
- C:\Windows\System\pYMgVFi.exe
  C:\Windows\System\pYMgVFi.exe
  2⤵
  PID:7508
- C:\Windows\System\TNadAaq.exe
  C:\Windows\System\TNadAaq.exe
  2⤵
  PID:7540
- C:\Windows\System\tZKRDTr.exe
  C:\Windows\System\tZKRDTr.exe
  2⤵
  PID:7568
- C:\Windows\System\YNcRGYr.exe
  C:\Windows\System\YNcRGYr.exe
  2⤵
  PID:7596
- C:\Windows\System\OBibBuJ.exe
  C:\Windows\System\OBibBuJ.exe
  2⤵
  PID:7620
- C:\Windows\System\khvLuHb.exe
  C:\Windows\System\khvLuHb.exe
  2⤵
  PID:7648
- C:\Windows\System\aaXzNPM.exe
  C:\Windows\System\aaXzNPM.exe
  2⤵
  PID:7676
- C:\Windows\System\pMMAhbX.exe
  C:\Windows\System\pMMAhbX.exe
  2⤵
  PID:7704
- C:\Windows\System\wrmNHmr.exe
  C:\Windows\System\wrmNHmr.exe
  2⤵
  PID:7740
- C:\Windows\System\ekvIGdM.exe
  C:\Windows\System\ekvIGdM.exe
  2⤵
  PID:7760
- C:\Windows\System\uaKmTuV.exe
  C:\Windows\System\uaKmTuV.exe
  2⤵
  PID:7788
- C:\Windows\System\ZDzsfzX.exe
  C:\Windows\System\ZDzsfzX.exe
  2⤵
  PID:7820
- C:\Windows\System\DYmNiRJ.exe
  C:\Windows\System\DYmNiRJ.exe
  2⤵
  PID:7844
- C:\Windows\System\pzMoYwB.exe
  C:\Windows\System\pzMoYwB.exe
  2⤵
  PID:7860
- C:\Windows\System\wLnGzNn.exe
  C:\Windows\System\wLnGzNn.exe
  2⤵
  PID:7900
- C:\Windows\System\tdzNQcD.exe
  C:\Windows\System\tdzNQcD.exe
  2⤵
  PID:7928
- C:\Windows\System\XJidEnM.exe
  C:\Windows\System\XJidEnM.exe
  2⤵
  PID:7956
- C:\Windows\System\jrmcTCN.exe
  C:\Windows\System\jrmcTCN.exe
  2⤵
  PID:7984
- C:\Windows\System\ZnJOwsd.exe
  C:\Windows\System\ZnJOwsd.exe
  2⤵
  PID:8012
- C:\Windows\System\sDMKqLN.exe
  C:\Windows\System\sDMKqLN.exe
  2⤵
  PID:8044
- C:\Windows\System\XklYsbT.exe
  C:\Windows\System\XklYsbT.exe
  2⤵
  PID:8072
- C:\Windows\System\iAmuinF.exe
  C:\Windows\System\iAmuinF.exe
  2⤵
  PID:8100
- C:\Windows\System\hcOCMoP.exe
  C:\Windows\System\hcOCMoP.exe
  2⤵
  PID:8128
- C:\Windows\System\pCvihXH.exe
  C:\Windows\System\pCvihXH.exe
  2⤵
  PID:8156
- C:\Windows\System\sGkLLoj.exe
  C:\Windows\System\sGkLLoj.exe
  2⤵
  PID:8184
- C:\Windows\System\eSdikxR.exe
  C:\Windows\System\eSdikxR.exe
  2⤵
  PID:7212
- C:\Windows\System\GhrmnbI.exe
  C:\Windows\System\GhrmnbI.exe
  2⤵
  PID:7272
- C:\Windows\System\PrrWPiu.exe
  C:\Windows\System\PrrWPiu.exe
  2⤵
  PID:7344
- C:\Windows\System\BYolRBP.exe
  C:\Windows\System\BYolRBP.exe
  2⤵
  PID:7404
- C:\Windows\System\WcnBaEf.exe
  C:\Windows\System\WcnBaEf.exe
  2⤵
  PID:7468
- C:\Windows\System\Ywkbnlt.exe
  C:\Windows\System\Ywkbnlt.exe
  2⤵
  PID:7532
- C:\Windows\System\XPRgDux.exe
  C:\Windows\System\XPRgDux.exe
  2⤵
  PID:7588
- C:\Windows\System\rnuXYrf.exe
  C:\Windows\System\rnuXYrf.exe
  2⤵
  PID:7660
- C:\Windows\System\IsBfpdY.exe
  C:\Windows\System\IsBfpdY.exe
  2⤵
  PID:7724
- C:\Windows\System\kGSjIyB.exe
  C:\Windows\System\kGSjIyB.exe
  2⤵
  PID:7780
- C:\Windows\System\fAyPjfS.exe
  C:\Windows\System\fAyPjfS.exe
  2⤵
  PID:7852
- C:\Windows\System\MkDhQCR.exe
  C:\Windows\System\MkDhQCR.exe
  2⤵
  PID:7920
- C:\Windows\System\wMpPKxD.exe
  C:\Windows\System\wMpPKxD.exe
  2⤵
  PID:7980
- C:\Windows\System\iWErEos.exe
  C:\Windows\System\iWErEos.exe
  2⤵
  PID:8036
- C:\Windows\System\yprZpfa.exe
  C:\Windows\System\yprZpfa.exe
  2⤵
  PID:8092
- C:\Windows\System\HxXpEHM.exe
  C:\Windows\System\HxXpEHM.exe
  2⤵
  PID:8164
- C:\Windows\System\QEdbecE.exe
  C:\Windows\System\QEdbecE.exe
  2⤵
  PID:7260
- C:\Windows\System\jdyAdQa.exe
  C:\Windows\System\jdyAdQa.exe
  2⤵
  PID:7400
- C:\Windows\System\fwQubtD.exe
  C:\Windows\System\fwQubtD.exe
  2⤵
  PID:7560
- C:\Windows\System\LUipGfz.exe
  C:\Windows\System\LUipGfz.exe
  2⤵
  PID:7696
- C:\Windows\System\tonEJIR.exe
  C:\Windows\System\tonEJIR.exe
  2⤵
  PID:7840
- C:\Windows\System\efONdoe.exe
  C:\Windows\System\efONdoe.exe
  2⤵
  PID:8008
- C:\Windows\System\zfJyDGH.exe
  C:\Windows\System\zfJyDGH.exe
  2⤵
  PID:8136
- C:\Windows\System\mURVNQg.exe
  C:\Windows\System\mURVNQg.exe
  2⤵
  PID:7392
- C:\Windows\System\wCHaUNW.exe
  C:\Windows\System\wCHaUNW.exe
  2⤵
  PID:7808
- C:\Windows\System\QAMSGRq.exe
  C:\Windows\System\QAMSGRq.exe
  2⤵
  PID:8084
- C:\Windows\System\lQbnagU.exe
  C:\Windows\System\lQbnagU.exe
  2⤵
  PID:7672
- C:\Windows\System\cGUwMWL.exe
  C:\Windows\System\cGUwMWL.exe
  2⤵
  PID:8060
- C:\Windows\System\qGHLPXU.exe
  C:\Windows\System\qGHLPXU.exe
  2⤵
  PID:8216
- C:\Windows\System\nISsqBk.exe
  C:\Windows\System\nISsqBk.exe
  2⤵
  PID:8240
- C:\Windows\System\gwlzYDM.exe
  C:\Windows\System\gwlzYDM.exe
  2⤵
  PID:8272
- C:\Windows\System\vYgRQAx.exe
  C:\Windows\System\vYgRQAx.exe
  2⤵
  PID:8296
- C:\Windows\System\WAHdLoi.exe
  C:\Windows\System\WAHdLoi.exe
  2⤵
  PID:8328
- C:\Windows\System\lzvyTKy.exe
  C:\Windows\System\lzvyTKy.exe
  2⤵
  PID:8352
- C:\Windows\System\oFXGUZM.exe
  C:\Windows\System\oFXGUZM.exe
  2⤵
  PID:8380
- C:\Windows\System\emiNhoW.exe
  C:\Windows\System\emiNhoW.exe
  2⤵
  PID:8408
- C:\Windows\System\HbSkwcd.exe
  C:\Windows\System\HbSkwcd.exe
  2⤵
  PID:8436
- C:\Windows\System\YaNGgqo.exe
  C:\Windows\System\YaNGgqo.exe
  2⤵
  PID:8464
- C:\Windows\System\jIKvwre.exe
  C:\Windows\System\jIKvwre.exe
  2⤵
  PID:8492
- C:\Windows\System\MCzhQck.exe
  C:\Windows\System\MCzhQck.exe
  2⤵
  PID:8520
- C:\Windows\System\CFcvaRy.exe
  C:\Windows\System\CFcvaRy.exe
  2⤵
  PID:8548
- C:\Windows\System\SWixVkV.exe
  C:\Windows\System\SWixVkV.exe
  2⤵
  PID:8576
- C:\Windows\System\dqJagfx.exe
  C:\Windows\System\dqJagfx.exe
  2⤵
  PID:8604
- C:\Windows\System\LzalhIH.exe
  C:\Windows\System\LzalhIH.exe
  2⤵
  PID:8632
- C:\Windows\System\BSHkUMe.exe
  C:\Windows\System\BSHkUMe.exe
  2⤵
  PID:8660
- C:\Windows\System\dqZRIPg.exe
  C:\Windows\System\dqZRIPg.exe
  2⤵
  PID:8688
- C:\Windows\System\bzwFNaL.exe
  C:\Windows\System\bzwFNaL.exe
  2⤵
  PID:8716
- C:\Windows\System\odUNLkV.exe
  C:\Windows\System\odUNLkV.exe
  2⤵
  PID:8744
- C:\Windows\System\jgbojZs.exe
  C:\Windows\System\jgbojZs.exe
  2⤵
  PID:8772
- C:\Windows\System\zYdhhxI.exe
  C:\Windows\System\zYdhhxI.exe
  2⤵
  PID:8800
- C:\Windows\System\TgLwXPO.exe
  C:\Windows\System\TgLwXPO.exe
  2⤵
  PID:8828
- C:\Windows\System\usjLEEv.exe
  C:\Windows\System\usjLEEv.exe
  2⤵
  PID:8856
- C:\Windows\System\stodRSK.exe
  C:\Windows\System\stodRSK.exe
  2⤵
  PID:8884
- C:\Windows\System\DBzVKCw.exe
  C:\Windows\System\DBzVKCw.exe
  2⤵
  PID:8924
- C:\Windows\System\LyQKxNN.exe
  C:\Windows\System\LyQKxNN.exe
  2⤵
  PID:8940
- C:\Windows\System\PFyJpOC.exe
  C:\Windows\System\PFyJpOC.exe
  2⤵
  PID:8968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CAnhXoQ.exe

Filesize
2.1MB

MD5
bbb8cf76a7027a5246fccc452080416e

SHA1
4b746a3001acd1cd333d795fcb685942d72cc703

SHA256
961646e37b8bb0eaa3c88dc1fc0dc2c13db42e85569475cb50aaf9d7e8058fc0

SHA512
c6f0f6ee67d5294ef931740040da597ae87965ec40b1ba4b0ead31946dfb2721cb80d035c9f11df7ef6d16df83997dc483e8fb17bc73f479a55925f0b9611b09

Download Submit
C:\Windows\System\CcyCKXB.exe

Filesize
2.1MB

MD5
20b40f49420547a8d2c991824b4a3db9

SHA1
90dc20e81eaa827a6688c921c56fc381e4038b4b

SHA256
1270078c5ffa08c073586760e669dd9f358934b9e4eb1f0bb6310a36b4fab476

SHA512
274a8bde1e3ed0c32f6b209e25df4e6b4d1532616396637bede42fd7b6ed9ebc3575ce8bd0f99e634b0dac461463035e133c41bdaed74d89c9c625f00cfcca0b

Download Submit
C:\Windows\System\CtKuQgG.exe

Filesize
2.1MB

MD5
44118797e61b869d923103b25f448df2

SHA1
16d2a4053f859ffd73276eae447746ffde64dc1b

SHA256
f31146d47547550bf1c7a77f27e64065bbadfe7d1dc086f21c938892752b1205

SHA512
e9f4d55bfe4ef89cd015a95c1d31c08b07eb446e0a185c82411d5e9baa46a74b838b5b660aafd2cf926a1bd366c357aef414fa1fe99cff9a5eb4feb29913cb08

Download Submit
C:\Windows\System\FxYoHRh.exe

Filesize
2.0MB

MD5
59023997366b1d5c96ecee844ae7c24f

SHA1
57867b98f4d8343d605b82960cbc24f3c5459cde

SHA256
6d4ec4511260e14ac6110b4f92fee339e2ab80de26f7b6687f60bbc37db6d20a

SHA512
5e8e9e73f91ae73cbd96223cdb69d3b2a4e01ff80b67efe53bdd04016796e4fb26109af660cbac1731d368df4734b895d82aeeb9c58ea438dbf944f2a4ab7e48

Download Submit
C:\Windows\System\GSssawo.exe

Filesize
2.0MB

MD5
3986b8db556841ee9760b4508953e042

SHA1
4ebeb02327e2207f4af6e89f6b4b8d779df7ee57

SHA256
4cd004c24e0c0af031c88c849d0ce0fd89b950195f13e9337d64f01fde14b6fa

SHA512
04e68ef54984ada1428cd862c4a4dbe3053845ecca313a457c361b4df455240ba3fd791432babfaa0be80978b4bb82a88a5e294488c4dc25966a6558d9d73fdc

Download Submit
C:\Windows\System\JelCJfn.exe

Filesize
2.1MB

MD5
5c5a42dfa62d96f2106c4c687827e000

SHA1
eecc7467c2881d40d06b2bab974ace61855865d9

SHA256
f729f19031ad85b8fa429a87e56c64234dcd3d331cfb0f5eb64017d29897a63f

SHA512
a5431bc102a1aa2bd4935117a2979e4953fbd402504b44ed025a0171c84d427e6499cda733f297c7aafbf93b83a4bc2cc701c0026d7e11b1a76b309e501a7169

Download Submit
C:\Windows\System\KXlpkQN.exe

Filesize
2.0MB

MD5
0d78705ed0fd85e908a2543989834b43

SHA1
4672002e1011d4bffab0821e0b6a0d42a1da3ff2

SHA256
a3bed49182ebc0d2f0d0efb9d9cda5da03704afe5dd4d58d068b65fb92855a7d

SHA512
d1506576ff6ffe573682009f9dc23e2308bfb5b85d54d7abbb3607fb6d6da74aaa9e8b93e54c4fabf18c49c3f0cb9104a079a4383406c20b45ef896129bff37a

Download Submit
C:\Windows\System\KecIyPK.exe

Filesize
2.1MB

MD5
04485c20d43e5d9b45c4f57aa35ae5e9

SHA1
7bf42cd886056a4bfd77be91ad5c0c8aec0ad041

SHA256
c44de4ebac4d744a463ef74357c8fd328a5cfae33c3f027698a92329e69ba8ab

SHA512
47d0cb82bf7a594fb69f2b001a94bc485d8b29c9e1bdc6c38987d4756839d96a46d0e5c18a7dc9afb1d6e6f01d933a8b1ac4f9485186f4ea27e4d7c6ff85af1d

Download Submit
C:\Windows\System\MBHRmko.exe

Filesize
2.0MB

MD5
96ae58bbfa6fe1690660e74d6e4f2ab9

SHA1
00d8107ea5c043b6375ff230a2a6d3a615f853c1

SHA256
51e279a3f5d996ddbbd4dbd8ef686d045591973399d70b74ceccb27252d1fc3e

SHA512
7ef74f466b27437aed5391a854cffa7cea7241bea8295541e3b27b7f685db5cea84fb27cfa39dd5fa253beb841cae3e15a78c1e9036cf5d937f43ccab5aca50a

Download Submit
C:\Windows\System\MMODIKJ.exe

Filesize
2.1MB

MD5
983afb1517a554f5e3ea5faa2a21eeb1

SHA1
2fa7ec0e15cd6490a7f8fd16f53f7c22a05a9ed8

SHA256
692dda3e2b4d3c2fe31f9d2684f8e64bf74a158c0de87c2075abd7ad881d5e56

SHA512
7893f2c6ab898dd48c3203156f8cad17fe1e6d6ad7f89094550a52d02ee4912f140d969bcca68e8fbc10d5a54f3c19c5ab60d436fe7b62a067e2e1e1328e7cbe

Download Submit
C:\Windows\System\MozQjJl.exe

Filesize
2.1MB

MD5
ba1d7824df901c01dfb448416f61ebbf

SHA1
4a3c0c5301181c3e7b1eefa6d2b635a990ec3dcf

SHA256
0d051430a14f0ca7cef0c49cb19ef4bac46c647babfb1754a544b021aafcf0ec

SHA512
f5e4c2a4048cbbe13f5b9b5f225e6718cc98dbeb8701b1348c82939c089ef6f3a895ea3117efd8b45c708058ec3cb4e02a03c703506d1a4a99659bd24353d6b4

Download Submit
C:\Windows\System\OmUqSef.exe

Filesize
2.1MB

MD5
8be850442e2605ae9ff8b6321a5061b1

SHA1
5ed28b06163cdae7f9514d1a33a7c68cbbe4b215

SHA256
d27ffc59e585d9339bfe13a5895c5f1f173bef43afdf0bfbfe7f126acb989c66

SHA512
21eedea93b39cb3348e3c5ae8f28beb22e8e91151ef34bd7533400a7d3e4c76ae41a376ab86ec0680cfd3160eab5a5138bed50851a3f7a0bed2752736783028c

Download Submit
C:\Windows\System\PmtSBTx.exe

Filesize
2.1MB

MD5
70919e111333388543af5cb03c02d06e

SHA1
6e0d69b1c88975546e30f5dcb47a03eb0e7be458

SHA256
80f6ac19bc9ad19d3b1c553d25e66cc040549143e8c46b915839d546af388ff4

SHA512
87be983f044732b7d1e927b7d4600bc7a89df5fea1ebb069e512fcf30404fedc374d32702d190e529204ba3a2429735f03768fb2ad7e43393c7f22aecfaac5d8

Download Submit
C:\Windows\System\SSDNLaX.exe

Filesize
2.0MB

MD5
79505919619532ed3c8712415e563b56

SHA1
93699077cfbeccb8bc079a3053b9aab2ebf00fbc

SHA256
4a157261d38ea69dfe6a9b02eb7cccdfa2d76084843107cf65907c997ffb945f

SHA512
7aaa892f37aa9e20273495b018c697befedd7995b57bed043be67ee75e165f3b40efdeb7952d2c48ef98b4b7d61c81630a81f7e99a223925163f25e4cf3fe267

Download Submit
C:\Windows\System\TkcXrwC.exe

Filesize
2.0MB

MD5
e1e14fe3b4e7f8c72f21e86c2380882a

SHA1
f368e800129b295f200b785fd1d0d74ee8572fdb

SHA256
f3e5cc7daea86b135962975dcf8ebba2468ca9978466f66a30e6b59d57512ed8

SHA512
1195cd321138ee6e2d6e689f74de128cfddae80657ae70cdbe93a883c2c2431874b4c584bca308b43b3e4969ce7b4774b6961b9c1ba8dd49440ab2fd8b5978a4

Download Submit
C:\Windows\System\VaMUSAe.exe

Filesize
2.0MB

MD5
401a9db133602147e55f16e534ab3d20

SHA1
5f97ee93c966dd521351f753c54fb0d25f827edc

SHA256
38618342b3ac47363aec0ef4336003ea987505e1cf8e72087ec81b1b8e7563c3

SHA512
ff3b745e8b35a3f25f7cdaa49bab1cfc91b225ea47c4a72acacda24e86136ec3b6021ca1ae5cc28e6ac04d404a2d1673319d00629d1ac7f28c838f0064d3f6b4

Download Submit
C:\Windows\System\XbPVQgo.exe

Filesize
2.1MB

MD5
6c30675f1153ec413cf9bd41d5bf2f9b

SHA1
751eceb21fb1b4f05490c5130fd9afd9b6a6a3ce

SHA256
44199a2fc9b1424cf88851b015eed34dfb11ea90eb868d89e1e8869260285a72

SHA512
54c6c2b2afeef6362824e92773e875d08da581009b3e808dc0888ee30ea2441a9ff6b14a53b75b8dd7e0bea8d75cbb5929d12b3ee0a09fdcf57eaed2e7bd8be3

Download Submit
C:\Windows\System\YrLAtWf.exe

Filesize
2.0MB

MD5
09e2fdc2b0be4b2f7e7bb14a52a54802

SHA1
bb062c8a3e2e4b13e6a507c0d1aa768a1ec429f7

SHA256
d81ce07480fb76ede2a86fcfa932c78308580c84c8bf1a4b16a1886b577f8682

SHA512
ba4ff82ab613d30faf52b2d63dde6531e9d818bf09d39ec204084d1dd602426dc66774d6e6302efbb77056629a66253bf4cbc7e4acb299dfbeeff882ab1ae7ba

Download Submit
C:\Windows\System\iQBQvSJ.exe

Filesize
2.1MB

MD5
9ac92ae274ee83d666971b284802d29f

SHA1
76758b90340ecd9ed3d67038b248aef3dce05445

SHA256
796ec9953242ea6fee300d4f0f238e2e12a02f67b4d6519669badd68e343fc9a

SHA512
bd92a78c0d50a451e97c2d92592c0e03f4afe4f0f1c80219cf6291bd24b12ba154b62fb46091bc37816beb4dd3c02825199babfc1969c09de7d4b318b8a7f299

Download Submit
C:\Windows\System\imnwvbS.exe

Filesize
2.0MB

MD5
7df912303e9f9f7ab9c359bae268a92b

SHA1
f69a66aa8241e63754472000484fabfcf59b2ca6

SHA256
e3c670a508232b63ee0bd2797e47b3c1e947dfe7824f50d5b0170dc9ed7e21e6

SHA512
3f3e0e4a1ecb3949fd3e29b9b01eef22109aafb8008b5ca91011247578394e206545e3d6d3d03b0447ceeeeaa33349bba09606ea6333a783c7e44460cea2752c

Download Submit
C:\Windows\System\mFAkPDe.exe

Filesize
2.0MB

MD5
2f2e95f52f71e4e69eee61da295ef7d6

SHA1
c101c9db6f32a4937448c047f31c9eb38af88c0e

SHA256
abe666e85384dbad0daef5d0cbf404a0f20df37a360abb69db9d45b4c8afbdea

SHA512
2c9e6fca3c1be727cf03a857130c5958414f4ca1e8e998077f7a8402304cd840d9859343d7673c1c1913eb14efabd462125c1e8e026c0a3511d62f24dd1e9ab9

Download Submit
C:\Windows\System\mKqDOce.exe

Filesize
2.1MB

MD5
71b29ecc3a5887997d59152bc6b4094f

SHA1
7a956381a256a1f3057f3a794599beba384989b9

SHA256
dc7381aa01cf05b96667aa36c84b61d9bf7129e77fc5f646cb85c6d094b6c95d

SHA512
e314458569823a62e98d8656ef153ef8da87d079e1ffcccc30d95c96186ae639a17fa4a7887bdba56e13334bda88ced211f25d4438aa280ac48ff3650c2efc8e

Download Submit
C:\Windows\System\nJPLbIV.exe

Filesize
2.1MB

MD5
3e56da66e84133b0db78e17c512bf53a

SHA1
395e69274081933973519610c254dee62d7d9fc0

SHA256
1b19303cd6c335b89fc23dd4d17b28da8e86a15653ec45a9ef8e26aa37cdcbd5

SHA512
d994cd930635f36cbdda075eefd9838dd747cec61e9f5f11e8045ef60ef50c0663d2b9b96b3ea697af039a8e337f54f312e224ede9ab9840d21906b738e413d1

Download Submit
C:\Windows\System\oYHUeYz.exe

Filesize
2.1MB

MD5
f3bdbef011227d167cf92f0e98d2a334

SHA1
79978099aa3d2fb6a14e99bb971130dfb58d6956

SHA256
79f8224663711cfae3c141bbd56a5d31a29fcc026d9a0991ef463369a358b4c7

SHA512
8f486e720bdaf73a5809246972e605c7ccaca440389a21a33d352b839ca4f37ddf02121107296ac10eb9e9ee32ff63187cde77b9d70a9f589bcfa959491f3ca8

Download Submit
C:\Windows\System\pKQgCzR.exe

Filesize
2.1MB

MD5
67c39d5b6672b1198a6834a751915733

SHA1
a3718582156d158ee3674d848528c7e88902ca8b

SHA256
3ad566b1e8953a1b00abef087aa36ce73c1e384b726a0b6c9fab954f0a7bfa08

SHA512
fd5c71a366c5826331efef3b51f909a6dcaf4dce65798d2a4301d17257bef89c8a01e42cbccbb367f61b0b0974b10dd66c7172070051190852597673beeae0d0

Download Submit
C:\Windows\System\qDMYExZ.exe

Filesize
2.1MB

MD5
30f46927765efafedaa2bc5557d72e7d

SHA1
bcc4be805195db662ba74e0a5fe562aa925baa66

SHA256
20e06d4cd21fc9856b9115c524f63a315ca269cadccf1106706c07f64bad8e59

SHA512
d84ae37b680fb28627b33a25206c7150a866ccaf08ac23d3c0637c269febaff4e08a418b1c6489104afd2319cd08cdcadc446c16e7de42beed63e9934bd1005c

Download Submit
C:\Windows\System\qRnsbOT.exe

Filesize
2.0MB

MD5
b66c455e6cc27b329b6587ade2c1c5d1

SHA1
4b07f67a499df9ba4253c18e79403c8eae0213e1

SHA256
7c9ceba464ad8473616147f1e8e40c6030f5e4f42d727ebb50107fa721c75920

SHA512
3024c7d975e6dab8fe6c4d5861b5fd489dc87bcfb6bb5fae12685af0efe2767c71a979f518908110d26ff0eceb6ed787cbdd32a2658ad5b26b6f2eccafc7b904

Download Submit
C:\Windows\System\tyWjutw.exe

Filesize
2.0MB

MD5
3fe673b95f9bf8dea57497d95a355f72

SHA1
823689fbc00e316410129002ffd9d552acfc3a16

SHA256
af25136b7c4fe97cdd435f0564c2bfc63a2f1cf589f249700a8a08957da1ba12

SHA512
440fac0b07b0e8c18f840a5cf9e819b046e15a4319341a8988e99b00cdebab0098630fecaf4bb52b82805300e9146058e1101983f304567bd86cc2e6f77927bc

Download Submit
C:\Windows\System\xbXMRLn.exe

Filesize
2.1MB

MD5
5cdbe9aecd83fd7894b909be3e236578

SHA1
e36fadfc3731c129016ac46fed810aeb04de0ba3

SHA256
734b3d9a4911f63a5b46025324cebe22c988262458d41b9528c5b95514c2f41c

SHA512
00b21ffac32259640d382b1879995efa57adaf9478e949c91dfd202650ce9a8c86ac033ecc98bec18b87768cb80d016bad5efba5340896840d9759683021d324

Download Submit
C:\Windows\System\xnvcuzn.exe

Filesize
2.1MB

MD5
6e41c36fab90a078fcee7f20cafa7a48

SHA1
6a77d4e661a001079942150e9ab0f5c04b3b773d

SHA256
9d4a29061f5bca7e8b0fbb2693681d60322f820bdca5e94d543086d4420220b2

SHA512
3e557a512a0d98f2093d58875beb4f72df2016ccc7eb6f2e9bdb4f0795411937feccc9f784b8d3448df6d9bcc2c0d4665fb0ba84b739e474b28d7e79f5afaf53

Download Submit
C:\Windows\System\yDqcwTU.exe

Filesize
2.1MB

MD5
782ba5fe5ab052344c97a8d55a1046a1

SHA1
1cda0e4f5cb0d05682cd9d16ce547e44aeb8b1d8

SHA256
961a3abf2e6c250dabe126932820044927bfe71c6423827e3a8c63c19de816bc

SHA512
0e860835356b313163cad5acb0990ea127dd4fab70cfd9be00238ab264c9cd7123ddc8637047f0e9ed45140c2b084719534a0003eb629655d4b968b2442cfcfa

Download Submit
C:\Windows\System\yRPQlKE.exe

Filesize
2.0MB

MD5
eec2f7146dbc94ae01fa31e1d867f9c3

SHA1
e81f6b471727e310c1357aee1ee0570d2e233184

SHA256
1c245e1bc4d7c1ae063dd861ca0932d784e082bff4e1a691cbeca3d829c3db87

SHA512
45ef09466006de372891e824c720a74be2a3242d479382efb430b3b12c075bb5fdcd009e4ed24a11c58b451dc95159de25bb3a334cfbffe512320b43c366c6d0

Download Submit
memory/1540-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download