kpot | 053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
Size

2.0MB
MD5

6d5b8c69347f5e8ec7f94f70fb8cc3b0
SHA1

c882dfb70bca36c07449c25f99fd839a0d35938b
SHA256

053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408
SHA512

b672f4ed1c93696d3650246a2db99a1a4ee55aaa449c729e98026a3b3a9c1bddd59a22e45a07b10f152b7d167be68749b7b29b5dc4dfc3693dc56d2c2fa20f8e
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2r7:GemTLkNdfE0pZaQ/

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0005000000022975-4.dat	family_kpot
behavioral2/files/0x000900000002330e-8.dat	family_kpot
behavioral2/files/0x000800000002330f-6.dat	family_kpot
behavioral2/files/0x0008000000023310-19.dat	family_kpot
behavioral2/files/0x0008000000023313-25.dat	family_kpot
behavioral2/files/0x0008000000023314-30.dat	family_kpot
behavioral2/files/0x0002000000022a46-39.dat	family_kpot
behavioral2/files/0x0002000000022a48-43.dat	family_kpot
behavioral2/files/0x000c000000023302-50.dat	family_kpot
behavioral2/files/0x0008000000023317-55.dat	family_kpot
behavioral2/files/0x0008000000023316-35.dat	family_kpot
behavioral2/files/0x0009000000023318-62.dat	family_kpot
behavioral2/files/0x000a0000000232fe-68.dat	family_kpot
behavioral2/files/0x000800000002331d-78.dat	family_kpot
behavioral2/files/0x00080000000235e7-82.dat	family_kpot
behavioral2/files/0x00070000000235e8-88.dat	family_kpot
behavioral2/files/0x00070000000235ea-95.dat	family_kpot
behavioral2/files/0x00070000000235eb-99.dat	family_kpot
behavioral2/files/0x00070000000235ec-108.dat	family_kpot
behavioral2/files/0x00070000000235f5-147.dat	family_kpot
behavioral2/files/0x00070000000235f6-158.dat	family_kpot
behavioral2/files/0x00070000000235f8-162.dat	family_kpot
behavioral2/files/0x00070000000235f7-157.dat	family_kpot
behavioral2/files/0x00070000000235f4-148.dat	family_kpot
behavioral2/files/0x00070000000235f3-143.dat	family_kpot
behavioral2/files/0x00070000000235f2-138.dat	family_kpot
behavioral2/files/0x00070000000235f1-133.dat	family_kpot
behavioral2/files/0x00070000000235f0-128.dat	family_kpot
behavioral2/files/0x00070000000235ef-123.dat	family_kpot
behavioral2/files/0x00070000000235ee-117.dat	family_kpot
behavioral2/files/0x00070000000235ed-113.dat	family_kpot
behavioral2/files/0x00070000000235e9-93.dat	family_kpot
behavioral2/files/0x000800000002331c-73.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0005000000022975-4.dat	xmrig
behavioral2/files/0x000900000002330e-8.dat	xmrig
behavioral2/files/0x000800000002330f-6.dat	xmrig
behavioral2/files/0x0008000000023310-19.dat	xmrig
behavioral2/files/0x0008000000023313-25.dat	xmrig
behavioral2/files/0x0008000000023314-30.dat	xmrig
behavioral2/files/0x0002000000022a46-39.dat	xmrig
behavioral2/files/0x0002000000022a48-43.dat	xmrig
behavioral2/files/0x000c000000023302-50.dat	xmrig
behavioral2/files/0x0008000000023317-55.dat	xmrig
behavioral2/files/0x0008000000023316-35.dat	xmrig
behavioral2/files/0x0009000000023318-62.dat	xmrig
behavioral2/files/0x000a0000000232fe-68.dat	xmrig
behavioral2/files/0x000800000002331d-78.dat	xmrig
behavioral2/files/0x00080000000235e7-82.dat	xmrig
behavioral2/files/0x00070000000235e8-88.dat	xmrig
behavioral2/files/0x00070000000235ea-95.dat	xmrig
behavioral2/files/0x00070000000235eb-99.dat	xmrig
behavioral2/files/0x00070000000235ec-108.dat	xmrig
behavioral2/files/0x00070000000235f5-147.dat	xmrig
behavioral2/files/0x00070000000235f6-158.dat	xmrig
behavioral2/files/0x00070000000235f8-162.dat	xmrig
behavioral2/files/0x00070000000235f7-157.dat	xmrig
behavioral2/files/0x00070000000235f4-148.dat	xmrig
behavioral2/files/0x00070000000235f3-143.dat	xmrig
behavioral2/files/0x00070000000235f2-138.dat	xmrig
behavioral2/files/0x00070000000235f1-133.dat	xmrig
behavioral2/files/0x00070000000235f0-128.dat	xmrig
behavioral2/files/0x00070000000235ef-123.dat	xmrig
behavioral2/files/0x00070000000235ee-117.dat	xmrig
behavioral2/files/0x00070000000235ed-113.dat	xmrig
behavioral2/files/0x00070000000235e9-93.dat	xmrig
behavioral2/files/0x000800000002331c-73.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3412	OYptSsM.exe
3864	yzauwKZ.exe
2280	gMWfqZZ.exe
5048	RTPzyMy.exe
1320	pYMjkgm.exe
4832	VKhLwiZ.exe
3396	wUpPAZJ.exe
916	RHeRPNp.exe
4052	SQZblbc.exe
3064	ncDmcmh.exe
2256	ZePxgPK.exe
2220	TBReRiY.exe
4512	GULiGLs.exe
4704	JBzkPtk.exe
5108	XZMSzeB.exe
984	nxTleqf.exe
3676	YbABbrL.exe
2796	HUzHjxJ.exe
4796	hFSyNoE.exe
1844	yVskTXE.exe
3544	wVBrkoF.exe
5104	rsZvzlL.exe
228	EvUmUza.exe
3772	qiLpEoI.exe
2216	eUPijqz.exe
3248	paUGUJP.exe
4016	aDakuRN.exe
768	vlLtFqp.exe
4328	KPcFolX.exe
3756	jIdqVre.exe
1108	XugVsNY.exe
4640	csrhGPO.exe
5112	paNUUuc.exe
4860	HvqMcLm.exe
5068	KxXoSVT.exe
4300	WaGerHr.exe
2888	zkbQaOE.exe
428	ZdOpIzD.exe
3460	MuaqHqO.exe
3652	BULMBiq.exe
1984	hRHpsEl.exe
656	WGwzuac.exe
3164	VgUFThl.exe
1068	touLkZA.exe
5072	qIwiwwN.exe
3972	gRLrxhP.exe
3056	doWkVXd.exe
3848	GkdsAsZ.exe
772	fvftxxA.exe
1876	AcsprHQ.exe
5132	MylweDl.exe
5164	AOQnRnL.exe
5192	WScSAyd.exe
5220	YRmBPxj.exe
5248	tdhkjqt.exe
5276	WHVwzyn.exe
5304	QvrKtas.exe
5332	iYJwIoo.exe
5360	tcDJuhJ.exe
5396	cGSDfFd.exe
5416	WbnGJzc.exe
5444	ggFvbuD.exe
5472	BbGqzme.exe
5500	fgWanMC.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FJEhsqE.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\LTtyWga.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\ATLYHLI.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\VHtKyrV.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\nYrKhAo.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\YMEwRxu.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\paUGUJP.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\vlLtFqp.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\touLkZA.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\XeyGVUK.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\JMzfrau.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\JZsfZCc.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\WHVwzyn.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\IaMyDGl.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\FOGXZXc.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\ChqGxTh.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\AWhXkDv.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\tjHiCSq.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\fVUnaqn.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\DObIRNR.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\KFkUfHF.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\csrhGPO.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\bQNJbJA.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\NROgMyz.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\gMWfqZZ.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\WbnGJzc.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\TzOsdzX.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\hFSyNoE.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\WvcjTjM.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\BfaGMNX.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\ezSYikM.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\ZYgvbkf.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\eHgrsTD.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\doWkVXd.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\ezQgfvL.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\czHvjqj.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\SAKxuSG.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\WaGerHr.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\KnItSxL.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\knoOGxI.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\NzMeRza.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\UGuTrCt.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\BHbsUjl.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\gAnIeCE.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\paNUUuc.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\VYWVcGf.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\gEKXSFD.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\FLHTiYi.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\CiewYCb.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\uwHXFBa.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\pHNpxSg.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\VKaLYkf.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\dkOalel.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\RFxmWwg.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\TxqrBSX.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\jwtMjtT.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\JOITcgt.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\hRHpsEl.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\BLfICxA.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\cSADjLw.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\GULiGLs.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\XZMSzeB.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\XoaqKhZ.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
File created	C:\Windows\System\qiLpEoI.exe	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 3412	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 3412	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 3864	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 3864	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	92
PID 3904 wrote to memory of 2280	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	93
PID 3904 wrote to memory of 2280	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	93
PID 3904 wrote to memory of 5048	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	94
PID 3904 wrote to memory of 5048	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	94
PID 3904 wrote to memory of 1320	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	97
PID 3904 wrote to memory of 1320	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	97
PID 3904 wrote to memory of 4832	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	98
PID 3904 wrote to memory of 4832	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	98
PID 3904 wrote to memory of 3396	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	99
PID 3904 wrote to memory of 3396	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	99
PID 3904 wrote to memory of 916	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	100
PID 3904 wrote to memory of 916	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	100
PID 3904 wrote to memory of 4052	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	101
PID 3904 wrote to memory of 4052	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	101
PID 3904 wrote to memory of 3064	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	102
PID 3904 wrote to memory of 3064	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	102
PID 3904 wrote to memory of 2256	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 2256	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	103
PID 3904 wrote to memory of 2220	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	104
PID 3904 wrote to memory of 2220	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	104
PID 3904 wrote to memory of 4512	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	105
PID 3904 wrote to memory of 4512	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	105
PID 3904 wrote to memory of 4704	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	106
PID 3904 wrote to memory of 4704	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	106
PID 3904 wrote to memory of 5108	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	107
PID 3904 wrote to memory of 5108	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	107
PID 3904 wrote to memory of 984	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	108
PID 3904 wrote to memory of 984	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	108
PID 3904 wrote to memory of 3676	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	109
PID 3904 wrote to memory of 3676	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	109
PID 3904 wrote to memory of 2796	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	110
PID 3904 wrote to memory of 2796	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	110
PID 3904 wrote to memory of 4796	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	111
PID 3904 wrote to memory of 4796	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	111
PID 3904 wrote to memory of 1844	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 1844	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	112
PID 3904 wrote to memory of 3544	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	113
PID 3904 wrote to memory of 3544	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	113
PID 3904 wrote to memory of 5104	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	114
PID 3904 wrote to memory of 5104	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	114
PID 3904 wrote to memory of 228	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	115
PID 3904 wrote to memory of 228	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	115
PID 3904 wrote to memory of 3772	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	116
PID 3904 wrote to memory of 3772	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	116
PID 3904 wrote to memory of 2216	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	117
PID 3904 wrote to memory of 2216	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	117
PID 3904 wrote to memory of 3248	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	118
PID 3904 wrote to memory of 3248	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	118
PID 3904 wrote to memory of 4016	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	119
PID 3904 wrote to memory of 4016	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	119
PID 3904 wrote to memory of 768	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	120
PID 3904 wrote to memory of 768	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	120
PID 3904 wrote to memory of 4328	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	121
PID 3904 wrote to memory of 4328	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	121
PID 3904 wrote to memory of 3756	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	122
PID 3904 wrote to memory of 3756	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	122
PID 3904 wrote to memory of 1108	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	123
PID 3904 wrote to memory of 1108	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	123
PID 3904 wrote to memory of 4640	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	124
PID 3904 wrote to memory of 4640	3904	053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe	124

C:\Users\Admin\AppData\Local\Temp\053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\053e3016b43c64d45f10816270e50e0a28ada173decd9580f7460a839c0a6408_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\System\OYptSsM.exe
  C:\Windows\System\OYptSsM.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\yzauwKZ.exe
  C:\Windows\System\yzauwKZ.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\gMWfqZZ.exe
  C:\Windows\System\gMWfqZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\RTPzyMy.exe
  C:\Windows\System\RTPzyMy.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\pYMjkgm.exe
  C:\Windows\System\pYMjkgm.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\VKhLwiZ.exe
  C:\Windows\System\VKhLwiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\wUpPAZJ.exe
  C:\Windows\System\wUpPAZJ.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\RHeRPNp.exe
  C:\Windows\System\RHeRPNp.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\SQZblbc.exe
  C:\Windows\System\SQZblbc.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\ncDmcmh.exe
  C:\Windows\System\ncDmcmh.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ZePxgPK.exe
  C:\Windows\System\ZePxgPK.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\TBReRiY.exe
  C:\Windows\System\TBReRiY.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\GULiGLs.exe
  C:\Windows\System\GULiGLs.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\JBzkPtk.exe
  C:\Windows\System\JBzkPtk.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\XZMSzeB.exe
  C:\Windows\System\XZMSzeB.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\nxTleqf.exe
  C:\Windows\System\nxTleqf.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\YbABbrL.exe
  C:\Windows\System\YbABbrL.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\HUzHjxJ.exe
  C:\Windows\System\HUzHjxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\hFSyNoE.exe
  C:\Windows\System\hFSyNoE.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\yVskTXE.exe
  C:\Windows\System\yVskTXE.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\wVBrkoF.exe
  C:\Windows\System\wVBrkoF.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\rsZvzlL.exe
  C:\Windows\System\rsZvzlL.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\EvUmUza.exe
  C:\Windows\System\EvUmUza.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\qiLpEoI.exe
  C:\Windows\System\qiLpEoI.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\eUPijqz.exe
  C:\Windows\System\eUPijqz.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\paUGUJP.exe
  C:\Windows\System\paUGUJP.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\aDakuRN.exe
  C:\Windows\System\aDakuRN.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\vlLtFqp.exe
  C:\Windows\System\vlLtFqp.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\KPcFolX.exe
  C:\Windows\System\KPcFolX.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\jIdqVre.exe
  C:\Windows\System\jIdqVre.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\XugVsNY.exe
  C:\Windows\System\XugVsNY.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\csrhGPO.exe
  C:\Windows\System\csrhGPO.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\paNUUuc.exe
  C:\Windows\System\paNUUuc.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\HvqMcLm.exe
  C:\Windows\System\HvqMcLm.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\KxXoSVT.exe
  C:\Windows\System\KxXoSVT.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\WaGerHr.exe
  C:\Windows\System\WaGerHr.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\zkbQaOE.exe
  C:\Windows\System\zkbQaOE.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ZdOpIzD.exe
  C:\Windows\System\ZdOpIzD.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\MuaqHqO.exe
  C:\Windows\System\MuaqHqO.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\BULMBiq.exe
  C:\Windows\System\BULMBiq.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\hRHpsEl.exe
  C:\Windows\System\hRHpsEl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\WGwzuac.exe
  C:\Windows\System\WGwzuac.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\VgUFThl.exe
  C:\Windows\System\VgUFThl.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\touLkZA.exe
  C:\Windows\System\touLkZA.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\qIwiwwN.exe
  C:\Windows\System\qIwiwwN.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\gRLrxhP.exe
  C:\Windows\System\gRLrxhP.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\doWkVXd.exe
  C:\Windows\System\doWkVXd.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\GkdsAsZ.exe
  C:\Windows\System\GkdsAsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\fvftxxA.exe
  C:\Windows\System\fvftxxA.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\AcsprHQ.exe
  C:\Windows\System\AcsprHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\MylweDl.exe
  C:\Windows\System\MylweDl.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\AOQnRnL.exe
  C:\Windows\System\AOQnRnL.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\WScSAyd.exe
  C:\Windows\System\WScSAyd.exe
  2⤵
  - Executes dropped EXE
  PID:5192
- C:\Windows\System\YRmBPxj.exe
  C:\Windows\System\YRmBPxj.exe
  2⤵
  - Executes dropped EXE
  PID:5220
- C:\Windows\System\tdhkjqt.exe
  C:\Windows\System\tdhkjqt.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\WHVwzyn.exe
  C:\Windows\System\WHVwzyn.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\QvrKtas.exe
  C:\Windows\System\QvrKtas.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System\iYJwIoo.exe
  C:\Windows\System\iYJwIoo.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System\tcDJuhJ.exe
  C:\Windows\System\tcDJuhJ.exe
  2⤵
  - Executes dropped EXE
  PID:5360
- C:\Windows\System\cGSDfFd.exe
  C:\Windows\System\cGSDfFd.exe
  2⤵
  - Executes dropped EXE
  PID:5396
- C:\Windows\System\WbnGJzc.exe
  C:\Windows\System\WbnGJzc.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\ggFvbuD.exe
  C:\Windows\System\ggFvbuD.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System\BbGqzme.exe
  C:\Windows\System\BbGqzme.exe
  2⤵
  - Executes dropped EXE
  PID:5472
- C:\Windows\System\fgWanMC.exe
  C:\Windows\System\fgWanMC.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\bQNJbJA.exe
  C:\Windows\System\bQNJbJA.exe
  2⤵
  PID:5528
- C:\Windows\System\FPBrBUp.exe
  C:\Windows\System\FPBrBUp.exe
  2⤵
  PID:5556
- C:\Windows\System\UazyWfj.exe
  C:\Windows\System\UazyWfj.exe
  2⤵
  PID:5584
- C:\Windows\System\VYWVcGf.exe
  C:\Windows\System\VYWVcGf.exe
  2⤵
  PID:5612
- C:\Windows\System\KnItSxL.exe
  C:\Windows\System\KnItSxL.exe
  2⤵
  PID:5640
- C:\Windows\System\rcIPGQl.exe
  C:\Windows\System\rcIPGQl.exe
  2⤵
  PID:5664
- C:\Windows\System\tjHiCSq.exe
  C:\Windows\System\tjHiCSq.exe
  2⤵
  PID:5692
- C:\Windows\System\gEKXSFD.exe
  C:\Windows\System\gEKXSFD.exe
  2⤵
  PID:5720
- C:\Windows\System\knoOGxI.exe
  C:\Windows\System\knoOGxI.exe
  2⤵
  PID:5752
- C:\Windows\System\XeyGVUK.exe
  C:\Windows\System\XeyGVUK.exe
  2⤵
  PID:5780
- C:\Windows\System\KMPVMrY.exe
  C:\Windows\System\KMPVMrY.exe
  2⤵
  PID:5804
- C:\Windows\System\sumhLIc.exe
  C:\Windows\System\sumhLIc.exe
  2⤵
  PID:5832
- C:\Windows\System\TMBAywt.exe
  C:\Windows\System\TMBAywt.exe
  2⤵
  PID:5860
- C:\Windows\System\fVUnaqn.exe
  C:\Windows\System\fVUnaqn.exe
  2⤵
  PID:5892
- C:\Windows\System\wRzsTyz.exe
  C:\Windows\System\wRzsTyz.exe
  2⤵
  PID:5916
- C:\Windows\System\ADYSDIX.exe
  C:\Windows\System\ADYSDIX.exe
  2⤵
  PID:5936
- C:\Windows\System\cQGzCpz.exe
  C:\Windows\System\cQGzCpz.exe
  2⤵
  PID:5964
- C:\Windows\System\Mmeihhg.exe
  C:\Windows\System\Mmeihhg.exe
  2⤵
  PID:5992
- C:\Windows\System\KyyNgeb.exe
  C:\Windows\System\KyyNgeb.exe
  2⤵
  PID:6020
- C:\Windows\System\QYnlmJH.exe
  C:\Windows\System\QYnlmJH.exe
  2⤵
  PID:6048
- C:\Windows\System\KMhTVyB.exe
  C:\Windows\System\KMhTVyB.exe
  2⤵
  PID:6076
- C:\Windows\System\JomtkvU.exe
  C:\Windows\System\JomtkvU.exe
  2⤵
  PID:6104
- C:\Windows\System\iQpsVeg.exe
  C:\Windows\System\iQpsVeg.exe
  2⤵
  PID:6132
- C:\Windows\System\rgPgxJN.exe
  C:\Windows\System\rgPgxJN.exe
  2⤵
  PID:3044
- C:\Windows\System\FJEhsqE.exe
  C:\Windows\System\FJEhsqE.exe
  2⤵
  PID:3960
- C:\Windows\System\IaMyDGl.exe
  C:\Windows\System\IaMyDGl.exe
  2⤵
  PID:5004
- C:\Windows\System\ezQgfvL.exe
  C:\Windows\System\ezQgfvL.exe
  2⤵
  PID:2376
- C:\Windows\System\JMzfrau.exe
  C:\Windows\System\JMzfrau.exe
  2⤵
  PID:5156
- C:\Windows\System\NlDetIg.exe
  C:\Windows\System\NlDetIg.exe
  2⤵
  PID:5232
- C:\Windows\System\KKlgDbO.exe
  C:\Windows\System\KKlgDbO.exe
  2⤵
  PID:5292
- C:\Windows\System\jDZczzX.exe
  C:\Windows\System\jDZczzX.exe
  2⤵
  PID:5352
- C:\Windows\System\uWALzqY.exe
  C:\Windows\System\uWALzqY.exe
  2⤵
  PID:5428
- C:\Windows\System\POKuPjr.exe
  C:\Windows\System\POKuPjr.exe
  2⤵
  PID:5484
- C:\Windows\System\VLMMZjO.exe
  C:\Windows\System\VLMMZjO.exe
  2⤵
  PID:5544
- C:\Windows\System\sozihJZ.exe
  C:\Windows\System\sozihJZ.exe
  2⤵
  PID:5604
- C:\Windows\System\QxXtYpe.exe
  C:\Windows\System\QxXtYpe.exe
  2⤵
  PID:5660
- C:\Windows\System\JZsfZCc.exe
  C:\Windows\System\JZsfZCc.exe
  2⤵
  PID:5736
- C:\Windows\System\FLHTiYi.exe
  C:\Windows\System\FLHTiYi.exe
  2⤵
  PID:5796
- C:\Windows\System\dHsuWCA.exe
  C:\Windows\System\dHsuWCA.exe
  2⤵
  PID:5852
- C:\Windows\System\CiewYCb.exe
  C:\Windows\System\CiewYCb.exe
  2⤵
  PID:5908
- C:\Windows\System\jWuZDLa.exe
  C:\Windows\System\jWuZDLa.exe
  2⤵
  PID:5960
- C:\Windows\System\OCcwhAU.exe
  C:\Windows\System\OCcwhAU.exe
  2⤵
  PID:3640
- C:\Windows\System\aDiWIIB.exe
  C:\Windows\System\aDiWIIB.exe
  2⤵
  PID:6088
- C:\Windows\System\OCzOzpB.exe
  C:\Windows\System\OCzOzpB.exe
  2⤵
  PID:3600
- C:\Windows\System\NROgMyz.exe
  C:\Windows\System\NROgMyz.exe
  2⤵
  PID:4724
- C:\Windows\System\bXjpMlv.exe
  C:\Windows\System\bXjpMlv.exe
  2⤵
  PID:5184
- C:\Windows\System\AYDvIQH.exe
  C:\Windows\System\AYDvIQH.exe
  2⤵
  PID:5320
- C:\Windows\System\oIIefio.exe
  C:\Windows\System\oIIefio.exe
  2⤵
  PID:5460
- C:\Windows\System\xjbMKHz.exe
  C:\Windows\System\xjbMKHz.exe
  2⤵
  PID:5628
- C:\Windows\System\jeyzRhw.exe
  C:\Windows\System\jeyzRhw.exe
  2⤵
  PID:5768
- C:\Windows\System\nUQagac.exe
  C:\Windows\System\nUQagac.exe
  2⤵
  PID:5884
- C:\Windows\System\wUpbqxh.exe
  C:\Windows\System\wUpbqxh.exe
  2⤵
  PID:6040
- C:\Windows\System\VXBWnjT.exe
  C:\Windows\System\VXBWnjT.exe
  2⤵
  PID:912
- C:\Windows\System\boNJjUz.exe
  C:\Windows\System\boNJjUz.exe
  2⤵
  PID:5128
- C:\Windows\System\nYrKhAo.exe
  C:\Windows\System\nYrKhAo.exe
  2⤵
  PID:5408
- C:\Windows\System\ulFaqcQ.exe
  C:\Windows\System\ulFaqcQ.exe
  2⤵
  PID:1692
- C:\Windows\System\XJdQrwa.exe
  C:\Windows\System\XJdQrwa.exe
  2⤵
  PID:6004
- C:\Windows\System\OuPZhcH.exe
  C:\Windows\System\OuPZhcH.exe
  2⤵
  PID:5576
- C:\Windows\System\ZaWVRat.exe
  C:\Windows\System\ZaWVRat.exe
  2⤵
  PID:4884
- C:\Windows\System\uqOZqvs.exe
  C:\Windows\System\uqOZqvs.exe
  2⤵
  PID:6212
- C:\Windows\System\jxZiirg.exe
  C:\Windows\System\jxZiirg.exe
  2⤵
  PID:6240
- C:\Windows\System\HwhMeLN.exe
  C:\Windows\System\HwhMeLN.exe
  2⤵
  PID:6256
- C:\Windows\System\jnBzhkk.exe
  C:\Windows\System\jnBzhkk.exe
  2⤵
  PID:6284
- C:\Windows\System\uMwFBzP.exe
  C:\Windows\System\uMwFBzP.exe
  2⤵
  PID:6312
- C:\Windows\System\XLVAMmN.exe
  C:\Windows\System\XLVAMmN.exe
  2⤵
  PID:6344
- C:\Windows\System\dkOalel.exe
  C:\Windows\System\dkOalel.exe
  2⤵
  PID:6368
- C:\Windows\System\RZPSlAZ.exe
  C:\Windows\System\RZPSlAZ.exe
  2⤵
  PID:6384
- C:\Windows\System\liMekFx.exe
  C:\Windows\System\liMekFx.exe
  2⤵
  PID:6416
- C:\Windows\System\pfaRjsZ.exe
  C:\Windows\System\pfaRjsZ.exe
  2⤵
  PID:6460
- C:\Windows\System\pCXzuZP.exe
  C:\Windows\System\pCXzuZP.exe
  2⤵
  PID:6520
- C:\Windows\System\RZGZhQN.exe
  C:\Windows\System\RZGZhQN.exe
  2⤵
  PID:6548
- C:\Windows\System\YqcasOo.exe
  C:\Windows\System\YqcasOo.exe
  2⤵
  PID:6580
- C:\Windows\System\qVGBJLJ.exe
  C:\Windows\System\qVGBJLJ.exe
  2⤵
  PID:6608
- C:\Windows\System\EwbBpFA.exe
  C:\Windows\System\EwbBpFA.exe
  2⤵
  PID:6628
- C:\Windows\System\fSGzjxn.exe
  C:\Windows\System\fSGzjxn.exe
  2⤵
  PID:6660
- C:\Windows\System\pZjrnZO.exe
  C:\Windows\System\pZjrnZO.exe
  2⤵
  PID:6696
- C:\Windows\System\xayIeYT.exe
  C:\Windows\System\xayIeYT.exe
  2⤵
  PID:6720
- C:\Windows\System\RFxmWwg.exe
  C:\Windows\System\RFxmWwg.exe
  2⤵
  PID:6736
- C:\Windows\System\YAWhtkM.exe
  C:\Windows\System\YAWhtkM.exe
  2⤵
  PID:6772
- C:\Windows\System\Kmocvhv.exe
  C:\Windows\System\Kmocvhv.exe
  2⤵
  PID:6812
- C:\Windows\System\EMfBePR.exe
  C:\Windows\System\EMfBePR.exe
  2⤵
  PID:6840
- C:\Windows\System\KgofWHj.exe
  C:\Windows\System\KgofWHj.exe
  2⤵
  PID:6880
- C:\Windows\System\fZrGyiC.exe
  C:\Windows\System\fZrGyiC.exe
  2⤵
  PID:6912
- C:\Windows\System\FOGXZXc.exe
  C:\Windows\System\FOGXZXc.exe
  2⤵
  PID:6952
- C:\Windows\System\KEikCCt.exe
  C:\Windows\System\KEikCCt.exe
  2⤵
  PID:6988
- C:\Windows\System\mGUnaWP.exe
  C:\Windows\System\mGUnaWP.exe
  2⤵
  PID:7024
- C:\Windows\System\TkSqPOs.exe
  C:\Windows\System\TkSqPOs.exe
  2⤵
  PID:7040
- C:\Windows\System\lXCycMy.exe
  C:\Windows\System\lXCycMy.exe
  2⤵
  PID:7056
- C:\Windows\System\nkSXqmj.exe
  C:\Windows\System\nkSXqmj.exe
  2⤵
  PID:7092
- C:\Windows\System\ZqHAVVD.exe
  C:\Windows\System\ZqHAVVD.exe
  2⤵
  PID:7132
- C:\Windows\System\nfVBUkG.exe
  C:\Windows\System\nfVBUkG.exe
  2⤵
  PID:7164
- C:\Windows\System\DJzcXpS.exe
  C:\Windows\System\DJzcXpS.exe
  2⤵
  PID:3984
- C:\Windows\System\pvcVBRt.exe
  C:\Windows\System\pvcVBRt.exe
  2⤵
  PID:5052
- C:\Windows\System\ZPVRGPt.exe
  C:\Windows\System\ZPVRGPt.exe
  2⤵
  PID:3240
- C:\Windows\System\LfjLLyA.exe
  C:\Windows\System\LfjLLyA.exe
  2⤵
  PID:3468
- C:\Windows\System\WRfPfXP.exe
  C:\Windows\System\WRfPfXP.exe
  2⤵
  PID:6220
- C:\Windows\System\VMsLPAE.exe
  C:\Windows\System\VMsLPAE.exe
  2⤵
  PID:1300
- C:\Windows\System\DokFpVm.exe
  C:\Windows\System\DokFpVm.exe
  2⤵
  PID:4852
- C:\Windows\System\QvSFELz.exe
  C:\Windows\System\QvSFELz.exe
  2⤵
  PID:864
- C:\Windows\System\BLfICxA.exe
  C:\Windows\System\BLfICxA.exe
  2⤵
  PID:3132
- C:\Windows\System\wfvUwZk.exe
  C:\Windows\System\wfvUwZk.exe
  2⤵
  PID:2748
- C:\Windows\System\HgAoIao.exe
  C:\Windows\System\HgAoIao.exe
  2⤵
  PID:2276
- C:\Windows\System\MmrxtCc.exe
  C:\Windows\System\MmrxtCc.exe
  2⤵
  PID:6480
- C:\Windows\System\cUceGdh.exe
  C:\Windows\System\cUceGdh.exe
  2⤵
  PID:6512
- C:\Windows\System\wVsgect.exe
  C:\Windows\System\wVsgect.exe
  2⤵
  PID:6572
- C:\Windows\System\ErHweUb.exe
  C:\Windows\System\ErHweUb.exe
  2⤵
  PID:6636
- C:\Windows\System\EDZlgZK.exe
  C:\Windows\System\EDZlgZK.exe
  2⤵
  PID:6704
- C:\Windows\System\OrcIQBx.exe
  C:\Windows\System\OrcIQBx.exe
  2⤵
  PID:6784
- C:\Windows\System\qGWLjTp.exe
  C:\Windows\System\qGWLjTp.exe
  2⤵
  PID:6852
- C:\Windows\System\YMEwRxu.exe
  C:\Windows\System\YMEwRxu.exe
  2⤵
  PID:6928
- C:\Windows\System\RGEtVej.exe
  C:\Windows\System\RGEtVej.exe
  2⤵
  PID:7032
- C:\Windows\System\bxcxhGq.exe
  C:\Windows\System\bxcxhGq.exe
  2⤵
  PID:7076
- C:\Windows\System\DObIRNR.exe
  C:\Windows\System\DObIRNR.exe
  2⤵
  PID:7148
- C:\Windows\System\ZEzLlxr.exe
  C:\Windows\System\ZEzLlxr.exe
  2⤵
  PID:6168
- C:\Windows\System\jXlNeEb.exe
  C:\Windows\System\jXlNeEb.exe
  2⤵
  PID:3236
- C:\Windows\System\bBROwrt.exe
  C:\Windows\System\bBROwrt.exe
  2⤵
  PID:6292
- C:\Windows\System\VlwYWnp.exe
  C:\Windows\System\VlwYWnp.exe
  2⤵
  PID:6352
- C:\Windows\System\eVVUofQ.exe
  C:\Windows\System\eVVUofQ.exe
  2⤵
  PID:6380
- C:\Windows\System\zJsQAuR.exe
  C:\Windows\System\zJsQAuR.exe
  2⤵
  PID:6532
- C:\Windows\System\yFvLhJZ.exe
  C:\Windows\System\yFvLhJZ.exe
  2⤵
  PID:6732
- C:\Windows\System\hyCWtbX.exe
  C:\Windows\System\hyCWtbX.exe
  2⤵
  PID:6896
- C:\Windows\System\TxqrBSX.exe
  C:\Windows\System\TxqrBSX.exe
  2⤵
  PID:7140
- C:\Windows\System\TZMYTaq.exe
  C:\Windows\System\TZMYTaq.exe
  2⤵
  PID:6148
- C:\Windows\System\XoaqKhZ.exe
  C:\Windows\System\XoaqKhZ.exe
  2⤵
  PID:2560
- C:\Windows\System\uYZPmCp.exe
  C:\Windows\System\uYZPmCp.exe
  2⤵
  PID:4740
- C:\Windows\System\NqByuGE.exe
  C:\Windows\System\NqByuGE.exe
  2⤵
  PID:6824
- C:\Windows\System\RCpMHXw.exe
  C:\Windows\System\RCpMHXw.exe
  2⤵
  PID:3256
- C:\Windows\System\GhBSzgD.exe
  C:\Windows\System\GhBSzgD.exe
  2⤵
  PID:6796
- C:\Windows\System\KFkUfHF.exe
  C:\Windows\System\KFkUfHF.exe
  2⤵
  PID:6360
- C:\Windows\System\XRBugBO.exe
  C:\Windows\System\XRBugBO.exe
  2⤵
  PID:7176
- C:\Windows\System\EVgkTDH.exe
  C:\Windows\System\EVgkTDH.exe
  2⤵
  PID:7216
- C:\Windows\System\gADLtxG.exe
  C:\Windows\System\gADLtxG.exe
  2⤵
  PID:7236
- C:\Windows\System\czHvjqj.exe
  C:\Windows\System\czHvjqj.exe
  2⤵
  PID:7264
- C:\Windows\System\VCTnPYY.exe
  C:\Windows\System\VCTnPYY.exe
  2⤵
  PID:7292
- C:\Windows\System\tKIMVrF.exe
  C:\Windows\System\tKIMVrF.exe
  2⤵
  PID:7324
- C:\Windows\System\docSuTu.exe
  C:\Windows\System\docSuTu.exe
  2⤵
  PID:7348
- C:\Windows\System\eqAgJqB.exe
  C:\Windows\System\eqAgJqB.exe
  2⤵
  PID:7380
- C:\Windows\System\azOFRUa.exe
  C:\Windows\System\azOFRUa.exe
  2⤵
  PID:7404
- C:\Windows\System\uwHXFBa.exe
  C:\Windows\System\uwHXFBa.exe
  2⤵
  PID:7432
- C:\Windows\System\VHomAYO.exe
  C:\Windows\System\VHomAYO.exe
  2⤵
  PID:7460
- C:\Windows\System\AXlWtGV.exe
  C:\Windows\System\AXlWtGV.exe
  2⤵
  PID:7488
- C:\Windows\System\rfusqDY.exe
  C:\Windows\System\rfusqDY.exe
  2⤵
  PID:7516
- C:\Windows\System\PeFVsaH.exe
  C:\Windows\System\PeFVsaH.exe
  2⤵
  PID:7548
- C:\Windows\System\qtKoPNc.exe
  C:\Windows\System\qtKoPNc.exe
  2⤵
  PID:7576
- C:\Windows\System\SSxSfRW.exe
  C:\Windows\System\SSxSfRW.exe
  2⤵
  PID:7604
- C:\Windows\System\GqEpCpb.exe
  C:\Windows\System\GqEpCpb.exe
  2⤵
  PID:7632
- C:\Windows\System\mLHUHZx.exe
  C:\Windows\System\mLHUHZx.exe
  2⤵
  PID:7648
- C:\Windows\System\qCUTmqH.exe
  C:\Windows\System\qCUTmqH.exe
  2⤵
  PID:7688
- C:\Windows\System\roWPetV.exe
  C:\Windows\System\roWPetV.exe
  2⤵
  PID:7704
- C:\Windows\System\nKZENiU.exe
  C:\Windows\System\nKZENiU.exe
  2⤵
  PID:7724
- C:\Windows\System\fSIIePq.exe
  C:\Windows\System\fSIIePq.exe
  2⤵
  PID:7760
- C:\Windows\System\hGThSHe.exe
  C:\Windows\System\hGThSHe.exe
  2⤵
  PID:7792
- C:\Windows\System\AnXFxrx.exe
  C:\Windows\System\AnXFxrx.exe
  2⤵
  PID:7828
- C:\Windows\System\WvcjTjM.exe
  C:\Windows\System\WvcjTjM.exe
  2⤵
  PID:7860
- C:\Windows\System\BHbsUjl.exe
  C:\Windows\System\BHbsUjl.exe
  2⤵
  PID:7884
- C:\Windows\System\XVLlDCc.exe
  C:\Windows\System\XVLlDCc.exe
  2⤵
  PID:7912
- C:\Windows\System\yGsZdZq.exe
  C:\Windows\System\yGsZdZq.exe
  2⤵
  PID:7940
- C:\Windows\System\LTtyWga.exe
  C:\Windows\System\LTtyWga.exe
  2⤵
  PID:7968
- C:\Windows\System\tBwJUxY.exe
  C:\Windows\System\tBwJUxY.exe
  2⤵
  PID:7996
- C:\Windows\System\LotFWgt.exe
  C:\Windows\System\LotFWgt.exe
  2⤵
  PID:8024
- C:\Windows\System\JlWYZST.exe
  C:\Windows\System\JlWYZST.exe
  2⤵
  PID:8056
- C:\Windows\System\jCGwwiL.exe
  C:\Windows\System\jCGwwiL.exe
  2⤵
  PID:8080
- C:\Windows\System\NXyeuAR.exe
  C:\Windows\System\NXyeuAR.exe
  2⤵
  PID:8112
- C:\Windows\System\lcwvdhU.exe
  C:\Windows\System\lcwvdhU.exe
  2⤵
  PID:8140
- C:\Windows\System\kplGtLw.exe
  C:\Windows\System\kplGtLw.exe
  2⤵
  PID:8168
- C:\Windows\System\BfaGMNX.exe
  C:\Windows\System\BfaGMNX.exe
  2⤵
  PID:7172
- C:\Windows\System\zQNMBfO.exe
  C:\Windows\System\zQNMBfO.exe
  2⤵
  PID:7248
- C:\Windows\System\onXWcbL.exe
  C:\Windows\System\onXWcbL.exe
  2⤵
  PID:7332
- C:\Windows\System\Ijvfali.exe
  C:\Windows\System\Ijvfali.exe
  2⤵
  PID:7396
- C:\Windows\System\DwfVHSf.exe
  C:\Windows\System\DwfVHSf.exe
  2⤵
  PID:7476
- C:\Windows\System\jAIBktb.exe
  C:\Windows\System\jAIBktb.exe
  2⤵
  PID:7596
- C:\Windows\System\FWtehay.exe
  C:\Windows\System\FWtehay.exe
  2⤵
  PID:7680
- C:\Windows\System\jNIHKCf.exe
  C:\Windows\System\jNIHKCf.exe
  2⤵
  PID:7772
- C:\Windows\System\hvCKKiq.exe
  C:\Windows\System\hvCKKiq.exe
  2⤵
  PID:7820
- C:\Windows\System\ezSYikM.exe
  C:\Windows\System\ezSYikM.exe
  2⤵
  PID:7880
- C:\Windows\System\HebChxd.exe
  C:\Windows\System\HebChxd.exe
  2⤵
  PID:7960
- C:\Windows\System\PILPpQA.exe
  C:\Windows\System\PILPpQA.exe
  2⤵
  PID:8020
- C:\Windows\System\TzOsdzX.exe
  C:\Windows\System\TzOsdzX.exe
  2⤵
  PID:8092
- C:\Windows\System\wWEuzRv.exe
  C:\Windows\System\wWEuzRv.exe
  2⤵
  PID:8160
- C:\Windows\System\ZYKwIOz.exe
  C:\Windows\System\ZYKwIOz.exe
  2⤵
  PID:7232
- C:\Windows\System\jwtMjtT.exe
  C:\Windows\System\jwtMjtT.exe
  2⤵
  PID:7424
- C:\Windows\System\UdgTyDA.exe
  C:\Windows\System\UdgTyDA.exe
  2⤵
  PID:7660
- C:\Windows\System\zUSCcto.exe
  C:\Windows\System\zUSCcto.exe
  2⤵
  PID:7780
- C:\Windows\System\MwKEDNu.exe
  C:\Windows\System\MwKEDNu.exe
  2⤵
  PID:7852
- C:\Windows\System\uSEMpnV.exe
  C:\Windows\System\uSEMpnV.exe
  2⤵
  PID:8076
- C:\Windows\System\ZYgvbkf.exe
  C:\Windows\System\ZYgvbkf.exe
  2⤵
  PID:7304
- C:\Windows\System\RYPzZRL.exe
  C:\Windows\System\RYPzZRL.exe
  2⤵
  PID:7868
- C:\Windows\System\jBeXjko.exe
  C:\Windows\System\jBeXjko.exe
  2⤵
  PID:8072
- C:\Windows\System\NzMeRza.exe
  C:\Windows\System\NzMeRza.exe
  2⤵
  PID:7936
- C:\Windows\System\rfBjixi.exe
  C:\Windows\System\rfBjixi.exe
  2⤵
  PID:7748
- C:\Windows\System\JcckHen.exe
  C:\Windows\System\JcckHen.exe
  2⤵
  PID:8220
- C:\Windows\System\ATLYHLI.exe
  C:\Windows\System\ATLYHLI.exe
  2⤵
  PID:8248
- C:\Windows\System\EZkOktr.exe
  C:\Windows\System\EZkOktr.exe
  2⤵
  PID:8276
- C:\Windows\System\ZrLgnXe.exe
  C:\Windows\System\ZrLgnXe.exe
  2⤵
  PID:8304
- C:\Windows\System\LJgsJZJ.exe
  C:\Windows\System\LJgsJZJ.exe
  2⤵
  PID:8332
- C:\Windows\System\JwasKBd.exe
  C:\Windows\System\JwasKBd.exe
  2⤵
  PID:8364
- C:\Windows\System\VHtKyrV.exe
  C:\Windows\System\VHtKyrV.exe
  2⤵
  PID:8388
- C:\Windows\System\hBqytvy.exe
  C:\Windows\System\hBqytvy.exe
  2⤵
  PID:8416
- C:\Windows\System\XpHTOGM.exe
  C:\Windows\System\XpHTOGM.exe
  2⤵
  PID:8444
- C:\Windows\System\zrjIrmQ.exe
  C:\Windows\System\zrjIrmQ.exe
  2⤵
  PID:8476
- C:\Windows\System\yRDHmCH.exe
  C:\Windows\System\yRDHmCH.exe
  2⤵
  PID:8500
- C:\Windows\System\SOwzPGI.exe
  C:\Windows\System\SOwzPGI.exe
  2⤵
  PID:8528
- C:\Windows\System\WzyIKIR.exe
  C:\Windows\System\WzyIKIR.exe
  2⤵
  PID:8556
- C:\Windows\System\oodTuvc.exe
  C:\Windows\System\oodTuvc.exe
  2⤵
  PID:8584
- C:\Windows\System\ISGmufD.exe
  C:\Windows\System\ISGmufD.exe
  2⤵
  PID:8612
- C:\Windows\System\LcbmxOF.exe
  C:\Windows\System\LcbmxOF.exe
  2⤵
  PID:8640
- C:\Windows\System\huhZoMI.exe
  C:\Windows\System\huhZoMI.exe
  2⤵
  PID:8668
- C:\Windows\System\ChqGxTh.exe
  C:\Windows\System\ChqGxTh.exe
  2⤵
  PID:8696
- C:\Windows\System\cbLOuxw.exe
  C:\Windows\System\cbLOuxw.exe
  2⤵
  PID:8724
- C:\Windows\System\XNJKlFX.exe
  C:\Windows\System\XNJKlFX.exe
  2⤵
  PID:8752
- C:\Windows\System\hzuYUTA.exe
  C:\Windows\System\hzuYUTA.exe
  2⤵
  PID:8780
- C:\Windows\System\dJfgExx.exe
  C:\Windows\System\dJfgExx.exe
  2⤵
  PID:8808
- C:\Windows\System\hdULpiF.exe
  C:\Windows\System\hdULpiF.exe
  2⤵
  PID:8836
- C:\Windows\System\CGWNyWz.exe
  C:\Windows\System\CGWNyWz.exe
  2⤵
  PID:8864
- C:\Windows\System\ujaOPgL.exe
  C:\Windows\System\ujaOPgL.exe
  2⤵
  PID:8896
- C:\Windows\System\ZfupgHX.exe
  C:\Windows\System\ZfupgHX.exe
  2⤵
  PID:8924
- C:\Windows\System\Bkdyxhw.exe
  C:\Windows\System\Bkdyxhw.exe
  2⤵
  PID:8956
- C:\Windows\System\VMTUXoi.exe
  C:\Windows\System\VMTUXoi.exe
  2⤵
  PID:8980
- C:\Windows\System\MNEdrxc.exe
  C:\Windows\System\MNEdrxc.exe
  2⤵
  PID:9008
- C:\Windows\System\rLXaUbM.exe
  C:\Windows\System\rLXaUbM.exe
  2⤵
  PID:9036
- C:\Windows\System\AWhXkDv.exe
  C:\Windows\System\AWhXkDv.exe
  2⤵
  PID:9068
- C:\Windows\System\UGuTrCt.exe
  C:\Windows\System\UGuTrCt.exe
  2⤵
  PID:9092
- C:\Windows\System\XyJnfUp.exe
  C:\Windows\System\XyJnfUp.exe
  2⤵
  PID:9120
- C:\Windows\System\FoYQcDw.exe
  C:\Windows\System\FoYQcDw.exe
  2⤵
  PID:9148
- C:\Windows\System\BQYpMRw.exe
  C:\Windows\System\BQYpMRw.exe
  2⤵
  PID:9192
- C:\Windows\System\gAnIeCE.exe
  C:\Windows\System\gAnIeCE.exe
  2⤵
  PID:8204
- C:\Windows\System\fgxIbzH.exe
  C:\Windows\System\fgxIbzH.exe
  2⤵
  PID:8300
- C:\Windows\System\UYpGZNm.exe
  C:\Windows\System\UYpGZNm.exe
  2⤵
  PID:8400
- C:\Windows\System\lEEWiXg.exe
  C:\Windows\System\lEEWiXg.exe
  2⤵
  PID:8492
- C:\Windows\System\PxzzEoA.exe
  C:\Windows\System\PxzzEoA.exe
  2⤵
  PID:8596
- C:\Windows\System\pNAODUy.exe
  C:\Windows\System\pNAODUy.exe
  2⤵
  PID:8680
- C:\Windows\System\JOITcgt.exe
  C:\Windows\System\JOITcgt.exe
  2⤵
  PID:8736
- C:\Windows\System\QMSZkHp.exe
  C:\Windows\System\QMSZkHp.exe
  2⤵
  PID:8860
- C:\Windows\System\batPwfb.exe
  C:\Windows\System\batPwfb.exe
  2⤵
  PID:8920
- C:\Windows\System\cSADjLw.exe
  C:\Windows\System\cSADjLw.exe
  2⤵
  PID:8992
- C:\Windows\System\cEmAczN.exe
  C:\Windows\System\cEmAczN.exe
  2⤵
  PID:9032
- C:\Windows\System\avEWnZh.exe
  C:\Windows\System\avEWnZh.exe
  2⤵
  PID:9184
- C:\Windows\System\pRTntwZ.exe
  C:\Windows\System\pRTntwZ.exe
  2⤵
  PID:8380
- C:\Windows\System\hLLaVnA.exe
  C:\Windows\System\hLLaVnA.exe
  2⤵
  PID:8468
- C:\Windows\System\QJQwxKg.exe
  C:\Windows\System\QJQwxKg.exe
  2⤵
  PID:8660
- C:\Windows\System\eUXlKoi.exe
  C:\Windows\System\eUXlKoi.exe
  2⤵
  PID:2972
- C:\Windows\System\WmrLwVO.exe
  C:\Windows\System\WmrLwVO.exe
  2⤵
  PID:5028
- C:\Windows\System\uGtVnoi.exe
  C:\Windows\System\uGtVnoi.exe
  2⤵
  PID:2808
- C:\Windows\System\mTcvUOk.exe
  C:\Windows\System\mTcvUOk.exe
  2⤵
  PID:8976
- C:\Windows\System\RnAxsha.exe
  C:\Windows\System\RnAxsha.exe
  2⤵
  PID:7228
- C:\Windows\System\doYKtHC.exe
  C:\Windows\System\doYKtHC.exe
  2⤵
  PID:3520
- C:\Windows\System\VvAzQde.exe
  C:\Windows\System\VvAzQde.exe
  2⤵
  PID:4552
- C:\Windows\System\zBkcETT.exe
  C:\Windows\System\zBkcETT.exe
  2⤵
  PID:9220
- C:\Windows\System\SAKxuSG.exe
  C:\Windows\System\SAKxuSG.exe
  2⤵
  PID:9252
- C:\Windows\System\MUcdxbX.exe
  C:\Windows\System\MUcdxbX.exe
  2⤵
  PID:9276
- C:\Windows\System\pHNpxSg.exe
  C:\Windows\System\pHNpxSg.exe
  2⤵
  PID:9296
- C:\Windows\System\CRintoR.exe
  C:\Windows\System\CRintoR.exe
  2⤵
  PID:9328
- C:\Windows\System\eHgrsTD.exe
  C:\Windows\System\eHgrsTD.exe
  2⤵
  PID:9388
- C:\Windows\System\zjGfQVG.exe
  C:\Windows\System\zjGfQVG.exe
  2⤵
  PID:9412
- C:\Windows\System\wIUIUij.exe
  C:\Windows\System\wIUIUij.exe
  2⤵
  PID:9428
- C:\Windows\System\yJoYPOR.exe
  C:\Windows\System\yJoYPOR.exe
  2⤵
  PID:9460
- C:\Windows\System\NUURlkT.exe
  C:\Windows\System\NUURlkT.exe
  2⤵
  PID:9488
- C:\Windows\System\VKaLYkf.exe
  C:\Windows\System\VKaLYkf.exe
  2⤵
  PID:9524
- C:\Windows\System\IuhFVSQ.exe
  C:\Windows\System\IuhFVSQ.exe
  2⤵
  PID:9552
- C:\Windows\System\qLdwtmK.exe
  C:\Windows\System\qLdwtmK.exe
  2⤵
  PID:9580
- C:\Windows\System\uJeyFqI.exe
  C:\Windows\System\uJeyFqI.exe
  2⤵
  PID:9608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4360,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3244 /prefetch:8
1⤵
PID:6328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EvUmUza.exe

Filesize
2.0MB

MD5
ed4f8dd50ee3fb771fab478293f5eed5

SHA1
bf656c60722c8029978d6c0b9118439651bedd26

SHA256
353ab7f05d49fbff83f9f5655392e5a2cf5acc4e514e7efbfbd51b596c466ab7

SHA512
660265343c48aac3b34ef3f779c38b35cb92ed8cec8beb63d1fc407fe38c0799bbdb14f89662c800eeb9bc8ceb1b5922a19f0f1ed0194238bb67c1664ab609f0

Download Submit
C:\Windows\System\GULiGLs.exe

Filesize
2.0MB

MD5
cfd9e9f38ec1f5057d16d4b4f9ea6d9f

SHA1
952001a9989946cafca50e7388f82492c5940d10

SHA256
4a03dd4a357d41d533cd366caa847e62d3121946a2cc74c3c05fb4be50dc4b7c

SHA512
c573fbae8b468c33eae4086a2e730cd9647a2961f34dacee7b23260b150f22f79f38ba3704dd613022a9858ad52c30f4fb5df820d2f1984cf84582a2c51fe971

Download Submit
C:\Windows\System\HUzHjxJ.exe

Filesize
2.0MB

MD5
19476a1f06994d6e912f9a312f6ad54d

SHA1
9b73620b3bb2e0c1d1fa02100358ba0dfbdbe0d1

SHA256
e8b197e53753dd4e9e1e9481eb2b9fb2d02e1541c3387dfa60f6c52d9d5bbc94

SHA512
b2e249f82f656f3db78d2346e4fb610d83f7f1455b437ded810207d8943affadfba2326e664bbed13984cc99fa09c42cb40e2dd2ba1e2fc5dadf22eaee0e4ecc

Download Submit
C:\Windows\System\JBzkPtk.exe

Filesize
2.0MB

MD5
79983e24dbc964e9cdfa52e5620b2a9f

SHA1
c79374ce28daeb1282115f1c876ebad916ad9a99

SHA256
97c0223d0620d13fe7c8ee925897c5cb963022b3bec8682311b5a22e09c482c7

SHA512
700cb54291509508878d7976816bb7a9aeb3228327b1cdb8f2f00928c08d1d6974354df5e0bdf7bbb607814bb2b8ebdf8e8fa0783a7f22113f909e1f7b4cf319

Download Submit
C:\Windows\System\KPcFolX.exe

Filesize
2.0MB

MD5
482e4a9e97234684592c3d2fca00a08e

SHA1
8f741a37b63d59aff4cc28c8ac2d901465134c3e

SHA256
7226f349045ac1cfbe7e246d6f52458a928fba4e2247c7530321c7fe95d15b7c

SHA512
8e544b1cea7ee7346bab420743267e4b6c7f9150f20aea28edbbc691f09dd85e871592a84e031c61efcfa105996e5544011511aa4c3bd2d6ce89b6e6c768fe56

Download Submit
C:\Windows\System\OYptSsM.exe

Filesize
2.0MB

MD5
60c0ec60743ed157e5bae1b6a09445d5

SHA1
1ec614db01fb1e3b39b6a732c2d673c3400bf198

SHA256
0de13d3b2be9431b5c9cbf199a45dcc2cceadd0f454a8e9928d024c3397a489c

SHA512
d04e556ec94681d757da997db86b00be814150b0447a89a9ae0fdeca908091e10995befcdabf35452d69161b143cd2c04432e32caf697a5621126e6bd819c337

Download Submit
C:\Windows\System\RHeRPNp.exe

Filesize
2.0MB

MD5
2374e2791a45878b989715ae9b115db1

SHA1
cf67ee59e45c13100c0fd23f0c96155574de515d

SHA256
4e23b49b7e1f51ce90500f8c1a62a79ad796eadc2124fed0fa1f83b65b8e2af4

SHA512
4a704b4b4646fa3ca7c35efa064f963124f2e665e75e90a6589c3405850fda4f2f9ddf0179a293aab09b15634850976623c290baf593c664919efae60f1543cb

Download Submit
C:\Windows\System\RTPzyMy.exe

Filesize
2.0MB

MD5
0f90a1f7d173aa212eab30a3ed537ca5

SHA1
b349108620719701eaa192823be2cf3aa8c38f7e

SHA256
6f702eae56d54bacaccce6a0e3e43749c8792e074534a8734c1e7e23f6fb6fb6

SHA512
e1171a150917ca020386e7bccd4f0fe92dd7bf07e7bfd747756370e41729354679c6261f2fc99396c3532c535fed99740409d606a3bfa72b910a39b34b6f7d72

Download Submit
C:\Windows\System\SQZblbc.exe

Filesize
2.0MB

MD5
693cc0b0b0b430d06c67c36bb42c6f2f

SHA1
c3dc6e287f4a81094c09b930f874a0c061a30fad

SHA256
6c536f4b1c6ed87d18d63e8f9a58fdbd29e235eae433959b02d5dc5aca7af9f0

SHA512
63590fa022e08fdf452c178e34339b725126ede9111e04769974ce21ef1b84b6d34d345369e38f2d617b156afd8809db2f3ce4d7d528dfc5d9ef49567dc17abd

Download Submit
C:\Windows\System\TBReRiY.exe

Filesize
2.0MB

MD5
bb68c3114efa4fdba96773b17208550e

SHA1
342fac3053cf42e6223d4b83f5e2ebea0f430e8f

SHA256
2a21efc999061b182a9316c66e233a47a781b00e186f8d2b89514e40ad6b793d

SHA512
9c38e756871ab2cd7a59e8b23e392a57e694a2c9407f6054cb8a1e44d07d1adbe84360cd7c11da919ceecebd608a96b6ceb7a5d993e9b9632e614024b47ccb8c

Download Submit
C:\Windows\System\VKhLwiZ.exe

Filesize
2.0MB

MD5
67c6e2edbb638c8e53c99856c7ae1b98

SHA1
382b067db50df2b578d860e29842135f5b2edad3

SHA256
51ef3c4ceed6a6f09ceb0e67542d429837b79431f2c2383a7562663259856acc

SHA512
9ecbe78a2bcdc1fded074568465830b7108e37744b86ff64477d789ace09aa0e33430240995d687a8a9a85c2e4263a78a2514f32644fc7d5acbf3950fb162f50

Download Submit
C:\Windows\System\XZMSzeB.exe

Filesize
2.0MB

MD5
8c656ad3094db3de84caf0e344570dc1

SHA1
69617802e54ee8047386ce2de08d61bb4c4c2f21

SHA256
0f2647660fd6a2e52afdfffabe0fd8a6631ed61336d61bad12d9c5e954869e84

SHA512
32523f3b093e1a61d58d7370a79d034cf425d021d2ff393bd3601f50d8c16e5638eb029fb762118c5eab73c63e0ee2b15b4b168da4c1ab65de7f24f7c69aa4d3

Download Submit
C:\Windows\System\XugVsNY.exe

Filesize
2.0MB

MD5
05e34d495b3f8ad7572dc90e35aed8aa

SHA1
3588a28c872988658b405c042d7f324d3a1b394f

SHA256
ae83fb9be141f7349c0066da16d629d43a309fd7e07757928bf48304e7d255b2

SHA512
c1291eddf59d8e83531285547eee988f3b6a4dea76a0402b968b313e8aa1cfed166c305e926c4405203ffecac1ee83dfca3fea0896a398324a51bf610f223b1e

Download Submit
C:\Windows\System\YbABbrL.exe

Filesize
2.0MB

MD5
c2552d2408f15990e6897bda82939039

SHA1
92cd2cc14c6695516a8e42f6e4bc647d4bcbef6f

SHA256
dd7ce34c2d56ab1d03d3b790fea6d94ec4865b530feab41180d61118e3b2a825

SHA512
15a6776f5d4d97c6124796d920b5fd3f81cf904fa0ff0f24ca83fd6f1a8df47c058f00161fa5c70cbd69125748cb8b6cc423db39aa48657a547e802aefd1d5b5

Download Submit
C:\Windows\System\ZePxgPK.exe

Filesize
2.0MB

MD5
1ba384b30d3bd4bc47566780fd8acdd3

SHA1
554d76bd7504e2c2dcaa08c8063084ec6dd4453a

SHA256
3dbd62ef75741bd0c86b93dda9aca784d06e54b90fc0883502fdf04c1c36b15c

SHA512
7af208dac7abdb80a5f252e83e12def270929e96cef5705e5403a0d5d2404820f6f3d167ca54452629a2297206fe10d18d6032570db0e7c8e90b4e89a24e5ee8

Download Submit
C:\Windows\System\aDakuRN.exe

Filesize
2.0MB

MD5
dc272177e54b1be438ecb2ba7457baf7

SHA1
2bd53f5f4d1c1701f28355a947f6b84c5dd6012a

SHA256
08026f84755bb8c3915c5598ac2081f26cc8fe799f25597b80f16bad36d2e6d0

SHA512
fd0d1c881de1cb5f85aecf345a495d761fcbd6c32399211e4a84dd5146b1fb498e38fff563f6b6118edbd320325eaa81ea720915d1dbfce0a170c2845d4d5014

Download Submit
C:\Windows\System\csrhGPO.exe

Filesize
2.0MB

MD5
31eccb0e538955a40caee4cccccfdf56

SHA1
bfcfe2d3cc026de2623f3879172543606a71323f

SHA256
960251edd19e1569989c956aec5ec35fb77e343142835d49c09f6f4bd3d9e545

SHA512
84014c9f7fd7500b22ea1d5b0060b78d6f1c86b6a87b61e171dbaf2cf18b307c7600873defb3f6001defa93e2eae44da6c34681ed857327b2ebc91beb0f16d19

Download Submit
C:\Windows\System\eUPijqz.exe

Filesize
2.0MB

MD5
06317355455709b2dbfbe53b139d3da3

SHA1
839a44e1ab1a3a0aad185823b991f1955b1b0070

SHA256
4b80faa9e79fdb060e2e48184c9f80b4aee588be770e528329967c7fe17b2bff

SHA512
75a768a9d2fc047fed2ed418e37a3aa5afa87a69b28c7bdb88242a9f58dd9fdef92ecb1f5153cec50a90e48a16f63d3f9f7d1211103dc15f2a5c108b25eec9d9

Download Submit
C:\Windows\System\gMWfqZZ.exe

Filesize
2.0MB

MD5
bb202410ea198789e839eba22b21aa6a

SHA1
d2ffabbb87ca6b76d1a543a6e274ced718601dfa

SHA256
d98e057d07dd5d78ebc00542bca3798f84436f61f2bd1822d098a67d0072a222

SHA512
af4dc208af47509b1f7378b70cc5bb6d15031e7ce93cd3098d65912dae718192dbd5288cecd54f6d38386f96bbeb1cef15219a6127e107c15702d1edbcc0dd83

Download Submit
C:\Windows\System\hFSyNoE.exe

Filesize
2.0MB

MD5
44af9c180dde213c5f62cd4d7be74651

SHA1
88d34ab41d1dd04dfab0fe67279368b07bb7eae1

SHA256
3929f165aa223ec1460b65f2d43148b2432987eff81c3af98e9d2870da1d977e

SHA512
31a2c40e3dbf4b3384789ca6f38157ac478c8128786a962070526f2a4b9f800b48c7ec41e11783b7a57f10c82f3d6f8aa22d4092145263bc691353b4e1e10ad3

Download Submit
C:\Windows\System\jIdqVre.exe

Filesize
2.0MB

MD5
95a0ee1ec82c0254866a3faf01dbb498

SHA1
b7fe74ea9fc5bc603c8362ec97f12461cb21f35a

SHA256
9c5cbe67cba01e5201f737568111ac308cba872a389d73ff18ec31dfa63196a9

SHA512
1896ef5001f4716a385544c18ca5e39ba6b2e1d790f7678a1c1683608c8c70aa3b21bd4da2146f1e216b2e02870155240860717baca52ddbbb52de9b3f05e05b

Download Submit
C:\Windows\System\ncDmcmh.exe

Filesize
2.0MB

MD5
7e224bd061ee6c645f2d7042a5b906b5

SHA1
1ae1efd4ee06ac7a5a7d423eb3250c6bb42c0714

SHA256
4413845d4465f2e732613007e5cb5187ced0d2cef957806800246bee7206d514

SHA512
c0bc5a4080745de74b980c7367fbb6e5ce0d0b03f1f408a67c46d53f52a1297026ee962531292a2cc6f85ca2393789c7525e0695eabfa97cb02a6374eecb7a2f

Download Submit
C:\Windows\System\nxTleqf.exe

Filesize
2.0MB

MD5
d084264625c00ce2923f123ec38674a1

SHA1
44e79e5d020cdedcba14a9c0ef21f89925fac0e3

SHA256
dda502e72eaf5d0047c22c3a21b6579dde83fdd25d94b6674ddfa278b986a8d4

SHA512
f39c296ab79fbffe0cc88e8326f2a6e10956cc7774babcedf712eb2024151819d0a804802832e04728c2dff2852e5c0073cd569ada6d188960787447e2573941

Download Submit
C:\Windows\System\pYMjkgm.exe

Filesize
2.0MB

MD5
34e029a6374217bef208ea24216c326e

SHA1
4cfaac23322b4d83e6c5ef044301cec370f4b4ec

SHA256
32f02286f851ebbd333ebf5887db42c3fdf93b48b791ff42e73c277fc10d923e

SHA512
245a80cbb54a7e01ea8df763729c11ebf9e0da7cdd4c6c4482316d92070ef0d2a2cafad64b42e261d53b8d45470b4c0bbc63662b00044c9d492bd6487eaeebbb

Download Submit
C:\Windows\System\paNUUuc.exe

Filesize
2.0MB

MD5
8c37f19993da8853a56ce236aeb9c781

SHA1
f9472f25a6ac3031b74269925cfec0dd87bc1e5e

SHA256
023e0918690bf0b5b7b45b0041b67a27a4a38dc3abf9b24b7f3ffb7e9604cf3e

SHA512
e484a1c26734e598df2d4a540545f48caea4dc5b1736426223d81d9f3a2c5b1e581501b0430d2f2ae9a8de63298f787167db3980cd2c7c8c615a7f483a016403

Download Submit
C:\Windows\System\paUGUJP.exe

Filesize
2.0MB

MD5
4a2fabff0e43cc36f95ef492ef5ced3f

SHA1
33a25ecd9f3d5b03631444e94bbd442bdd1c46a3

SHA256
8aee4c4b2a5a72654caa089f492f9ff4e23be1bb567ffd5525c4aab270add9bc

SHA512
7ca1dcaceacb65bc93bcae570641d935956c2f315d23e2cdc640e1d631aa8cf7007c3467c04895ad37dbb51fd4235e215285db447a8dc4a9dab6dfa8a4c68500

Download Submit
C:\Windows\System\qiLpEoI.exe

Filesize
2.0MB

MD5
124fa8a52b9819bfa42d4001c7eda518

SHA1
71b00f20a140704fe1807861e324c65221818fcc

SHA256
2ad9c44e823d4c458c3a764f0fae6e26dd7852aa003ee4442f79680f2c409980

SHA512
503d75f00805b147f30ba4e25b137ff2d8e3df946ccf4e278b50b9296a511a8bc6cc3130ab02c5886ba975f94972852ae1c107b4804b2c23e170583e5b8d4a62

Download Submit
C:\Windows\System\rsZvzlL.exe

Filesize
2.0MB

MD5
ce7e0aac726efbc15159d26acca69749

SHA1
14c642d5f89453487c1147fac9d1c1546de64c32

SHA256
517a90ece3f54a5ecf5a0c4cd1ae7c05673dcedcc4e7e6a0be005d7e8605a1f3

SHA512
447fb868e06da70119342850d013703a8e99a6b327424ce7d47ba905b216da92259813bf37655f32893b4256ef6a2d0f8153c67e5d970bf2485f71c0bf2a3e4c

Download Submit
C:\Windows\System\vlLtFqp.exe

Filesize
2.0MB

MD5
9a3e198ac0ca6e0574a39933a7d74b8d

SHA1
267d7c14fb7cb13008192475267dce9a27e8f180

SHA256
8921d3e430a4e625049b291c4393cba5e57556aade4f97aca461160ed1513216

SHA512
c068857a8417b03af9ed710de705dde9f7e1222af3d8d06ccfcaaa22dea66f867e2c2b7f8db4aec52f948c741dd176fcfac9f34f2b207b95b8ff69de8c0001c8

Download Submit
C:\Windows\System\wUpPAZJ.exe

Filesize
2.0MB

MD5
bb6808c264892628b9fc2de75c26100a

SHA1
a1faf1a17a49b9cce1d538006820132a9b0814a6

SHA256
5bbd261489e4339d14b61036d0cd2179c09614ba0144ab67bb7f52a7cb8139c2

SHA512
fa7b4c0ceb467ead3b3990cd4ff4ef1d52d30f0763bfa5dcdf4a72f18de168b580f52530ee54ccf5524ac0cd32aeaa7ff5f7006eb9714ed39acc98a55efba727

Download Submit
C:\Windows\System\wVBrkoF.exe

Filesize
2.0MB

MD5
54038c2ec953c8c5a5dc138164047e14

SHA1
4dec869c27e6ff3573980a4e556484ac6fb0d8c9

SHA256
2f0063eb6cb1c06ffa40b426628fd4fb22f441b0157c318864b76d9bee4de645

SHA512
143a3a0827dabf7a5ed1e585966ecb533f15dbee01a8bdb7fa8786c95932c71bdb8eaf5a3f698c9ecb09959fa965f5d1dd88659e4778709bf7629f9b1a63e87c

Download Submit
C:\Windows\System\yVskTXE.exe

Filesize
2.0MB

MD5
bfa55723b652d60e5296ad02ddcf6e0a

SHA1
f94764c8187005133c499c30b11bae1ea82e54b2

SHA256
b50a1b31a69fb7c7f2eeac5ebb6f83a48a6d0a7e7c9ac57c561e23ff245019d9

SHA512
01e6bb3c7167b7cb2eae5bee515a2a1cf74145687d2384e442fd2442a65572b593a903eb3b6e3cf378a8077a7bf9d263d3329dcd10928992b52331e4515bd2f4

Download Submit
C:\Windows\System\yzauwKZ.exe

Filesize
2.0MB

MD5
4b2c06a6bc6f8615a11e75beb869950f

SHA1
c6ca1671399b7034583faf57176832eb9ae9fddc

SHA256
c20a3ffce7f7b57be5560fea4b94d4cc044eb5034e9a5e6df464bf755e7d469f

SHA512
be98a14bfdb34b79f7e6a06b60836a03c21041dfa19f4eccc63fd687e0a2bda05d7ca7a1e793358d1f64e6728a7092f010227e44be1e1fa7c0b896b63b6c3ff5

Download Submit
memory/3904-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download