kpot | 25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
Size

2.1MB
MD5

7acc89226610d3d1c019b2dbeb97d1d0
SHA1

234459692602e2eb569c18749f77dff3033f6dad
SHA256

25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322
SHA512

676490cb4f02807b462fb6b41db5d4d1bc18755e078552da9635fcd9870b4b843ff31522b87c7bc72235a2590d5d4f9354484124c7606fc5ac4594a87f539b22
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Pa:GemTLkNdfE0pZaQa

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023252-5.dat	family_kpot
behavioral2/files/0x0008000000023255-9.dat	family_kpot
behavioral2/files/0x0008000000023258-8.dat	family_kpot
behavioral2/files/0x000800000002325a-19.dat	family_kpot
behavioral2/files/0x0008000000023256-23.dat	family_kpot
behavioral2/files/0x000700000002325b-28.dat	family_kpot
behavioral2/files/0x000700000002325c-34.dat	family_kpot
behavioral2/files/0x000700000002325d-40.dat	family_kpot
behavioral2/files/0x000700000002325e-43.dat	family_kpot
behavioral2/files/0x000700000002325f-50.dat	family_kpot
behavioral2/files/0x0007000000023260-54.dat	family_kpot
behavioral2/files/0x0007000000023261-58.dat	family_kpot
behavioral2/files/0x0007000000023262-64.dat	family_kpot
behavioral2/files/0x0007000000023265-67.dat	family_kpot
behavioral2/files/0x0007000000023266-74.dat	family_kpot
behavioral2/files/0x0007000000023267-78.dat	family_kpot
behavioral2/files/0x0007000000023268-87.dat	family_kpot
behavioral2/files/0x0007000000023269-89.dat	family_kpot
behavioral2/files/0x000700000002326a-91.dat	family_kpot
behavioral2/files/0x000700000002326b-99.dat	family_kpot
behavioral2/files/0x000700000002326c-104.dat	family_kpot
behavioral2/files/0x000700000002326d-109.dat	family_kpot
behavioral2/files/0x000700000002326e-114.dat	family_kpot
behavioral2/files/0x0007000000023270-124.dat	family_kpot
behavioral2/files/0x0007000000023271-127.dat	family_kpot
behavioral2/files/0x0007000000023272-133.dat	family_kpot
behavioral2/files/0x0007000000023273-137.dat	family_kpot
behavioral2/files/0x0007000000023274-141.dat	family_kpot
behavioral2/files/0x0007000000023276-155.dat	family_kpot
behavioral2/files/0x0007000000023277-157.dat	family_kpot
behavioral2/files/0x0007000000023275-154.dat	family_kpot
behavioral2/files/0x000700000002326f-122.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000023252-5.dat	xmrig
behavioral2/files/0x0008000000023255-9.dat	xmrig
behavioral2/files/0x0008000000023258-8.dat	xmrig
behavioral2/files/0x000800000002325a-19.dat	xmrig
behavioral2/files/0x0008000000023256-23.dat	xmrig
behavioral2/files/0x000700000002325b-28.dat	xmrig
behavioral2/files/0x000700000002325c-34.dat	xmrig
behavioral2/files/0x000700000002325d-40.dat	xmrig
behavioral2/files/0x000700000002325e-43.dat	xmrig
behavioral2/files/0x000700000002325f-50.dat	xmrig
behavioral2/files/0x0007000000023260-54.dat	xmrig
behavioral2/files/0x0007000000023261-58.dat	xmrig
behavioral2/files/0x0007000000023262-64.dat	xmrig
behavioral2/files/0x0007000000023265-67.dat	xmrig
behavioral2/files/0x0007000000023266-74.dat	xmrig
behavioral2/files/0x0007000000023267-78.dat	xmrig
behavioral2/files/0x0007000000023268-87.dat	xmrig
behavioral2/files/0x0007000000023269-89.dat	xmrig
behavioral2/files/0x000700000002326a-91.dat	xmrig
behavioral2/files/0x000700000002326b-99.dat	xmrig
behavioral2/files/0x000700000002326c-104.dat	xmrig
behavioral2/files/0x000700000002326d-109.dat	xmrig
behavioral2/files/0x000700000002326e-114.dat	xmrig
behavioral2/files/0x0007000000023270-124.dat	xmrig
behavioral2/files/0x0007000000023271-127.dat	xmrig
behavioral2/files/0x0007000000023272-133.dat	xmrig
behavioral2/files/0x0007000000023273-137.dat	xmrig
behavioral2/files/0x0007000000023274-141.dat	xmrig
behavioral2/files/0x0007000000023276-155.dat	xmrig
behavioral2/files/0x0007000000023277-157.dat	xmrig
behavioral2/files/0x0007000000023275-154.dat	xmrig
behavioral2/files/0x000700000002326f-122.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2412	vBNtSpg.exe
3348	NrNSBNn.exe
4824	NjDSpZr.exe
312	LsNIUVI.exe
1860	qDikEvV.exe
3568	JJCJTRE.exe
1684	wJkTlJQ.exe
1012	lvquIfL.exe
4760	OUemufe.exe
1720	UnPGogv.exe
1948	ybZOTcP.exe
1796	lRovmDb.exe
4092	mRSePMx.exe
368	ZjBnfSL.exe
4408	maUdgse.exe
4368	WgWEzRU.exe
1144	NkVeTZp.exe
2256	NqeCCNx.exe
4944	NEluPrD.exe
2372	luMTjZW.exe
3020	Flhikln.exe
3900	AcLVwYG.exe
3828	SSilktW.exe
224	kbiqOOW.exe
232	wWDMoAK.exe
4420	ZqbnoGD.exe
1612	zXeulZv.exe
4512	gvaxpWA.exe
3496	wDyMLZI.exe
3620	KwQrTDQ.exe
4540	MgtubiR.exe
4916	qOVjxfW.exe
1080	wdZmOon.exe
2800	DHyBicp.exe
4784	imEvcUI.exe
1068	cpaTXuu.exe
1912	FXfiRDD.exe
4484	AyctLgp.exe
1748	AmyqTEP.exe
3712	RBgibDC.exe
456	ISfeciu.exe
2528	gbMgwrF.exe
4324	ifXQYgC.exe
2224	KlDUIVm.exe
972	QANizni.exe
4456	aTuKylF.exe
4116	ZkYpDqL.exe
2168	KkaxBmy.exe
3352	IZlTRgj.exe
4088	dXaYxMr.exe
4744	RoluJPO.exe
1788	lKOLWgw.exe
2220	wFyhaJT.exe
2344	ZvpGykJ.exe
1240	LliJTGR.exe
4792	TZesURy.exe
216	hcIfFCc.exe
4740	EyHlPwy.exe
3500	RGLElbP.exe
3308	gTSkOve.exe
3932	EOziGdp.exe
3832	cNTzsXS.exe
4680	pPtHhks.exe
5100	KbtGTPH.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VAEEXMX.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\yZANAtA.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\DSZxzaD.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\SbZfZZF.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\nhPhdAO.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\vBNtSpg.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\TQFGemE.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\TUPUBDo.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\zhziVEQ.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\KwQrTDQ.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\XQJUbbu.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\hhVXzYq.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\VytXFdX.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\aSazmPP.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\aNmPlQN.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\GopMnoZ.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\NEluPrD.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\lcQgpex.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ZgODiZt.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\dETYjuX.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\fhbnBlG.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\fQlZXOI.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\yTwvlkm.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\KlDUIVm.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\YzMfvNw.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\OlTvfjT.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\iInmFnB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\cgTOTug.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\XOCFtgl.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\dKScOoM.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\BlXEyCB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ayehqBC.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\RFnEhEq.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\wqVNQeR.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\djETqnF.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ScNAazG.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\WiwKPIU.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\vknneBf.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\XvsdbeB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\KlBvThO.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\KpOgHVV.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\iOIYLVY.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\EkonPYz.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\yBpzgaR.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ZjBnfSL.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\WsBldQa.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ygqAeiM.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\htUKzjw.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ckktwkC.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\ZvpGykJ.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\dUTHxJz.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\thqRZkj.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\aIPmrHl.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\XEFHPRB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\sTFRoRS.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\kQRZjgB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\GBWlXHS.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\rsFQjrw.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\CZXXMnB.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\VDVFDEA.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\NjLbDqa.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\GKXgctM.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\SRfqTvb.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
File created	C:\Windows\System\LZSAiKo.exe	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 2412	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	91
PID 4404 wrote to memory of 2412	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	91
PID 4404 wrote to memory of 3348	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	92
PID 4404 wrote to memory of 3348	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	92
PID 4404 wrote to memory of 4824	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	93
PID 4404 wrote to memory of 4824	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	93
PID 4404 wrote to memory of 312	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	94
PID 4404 wrote to memory of 312	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	94
PID 4404 wrote to memory of 1860	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	95
PID 4404 wrote to memory of 1860	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	95
PID 4404 wrote to memory of 3568	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	96
PID 4404 wrote to memory of 3568	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	96
PID 4404 wrote to memory of 1684	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	97
PID 4404 wrote to memory of 1684	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	97
PID 4404 wrote to memory of 1012	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	98
PID 4404 wrote to memory of 1012	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	98
PID 4404 wrote to memory of 4760	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	99
PID 4404 wrote to memory of 4760	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	99
PID 4404 wrote to memory of 1720	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	100
PID 4404 wrote to memory of 1720	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	100
PID 4404 wrote to memory of 1948	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	101
PID 4404 wrote to memory of 1948	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	101
PID 4404 wrote to memory of 1796	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	102
PID 4404 wrote to memory of 1796	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	102
PID 4404 wrote to memory of 4092	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	103
PID 4404 wrote to memory of 4092	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	103
PID 4404 wrote to memory of 368	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	104
PID 4404 wrote to memory of 368	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	104
PID 4404 wrote to memory of 4408	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	105
PID 4404 wrote to memory of 4408	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	105
PID 4404 wrote to memory of 4368	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	106
PID 4404 wrote to memory of 4368	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	106
PID 4404 wrote to memory of 1144	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	107
PID 4404 wrote to memory of 1144	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	107
PID 4404 wrote to memory of 2256	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	108
PID 4404 wrote to memory of 2256	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	108
PID 4404 wrote to memory of 4944	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	109
PID 4404 wrote to memory of 4944	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	109
PID 4404 wrote to memory of 2372	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	110
PID 4404 wrote to memory of 2372	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	110
PID 4404 wrote to memory of 3020	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	111
PID 4404 wrote to memory of 3020	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	111
PID 4404 wrote to memory of 3900	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	112
PID 4404 wrote to memory of 3900	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	112
PID 4404 wrote to memory of 3828	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	113
PID 4404 wrote to memory of 3828	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	113
PID 4404 wrote to memory of 224	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	114
PID 4404 wrote to memory of 224	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	114
PID 4404 wrote to memory of 232	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	115
PID 4404 wrote to memory of 232	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	115
PID 4404 wrote to memory of 4420	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	116
PID 4404 wrote to memory of 4420	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	116
PID 4404 wrote to memory of 1612	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	117
PID 4404 wrote to memory of 1612	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	117
PID 4404 wrote to memory of 4512	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	118
PID 4404 wrote to memory of 4512	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	118
PID 4404 wrote to memory of 3496	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	119
PID 4404 wrote to memory of 3496	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	119
PID 4404 wrote to memory of 3620	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	120
PID 4404 wrote to memory of 3620	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	120
PID 4404 wrote to memory of 4540	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	121
PID 4404 wrote to memory of 4540	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	121
PID 4404 wrote to memory of 4916	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	122
PID 4404 wrote to memory of 4916	4404	25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25ec9117d6524e78d2dc337d8cc3d4c1e9f78a1e1d4d8e2de2e1d7860288a322_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Windows\System\vBNtSpg.exe
  C:\Windows\System\vBNtSpg.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\NrNSBNn.exe
  C:\Windows\System\NrNSBNn.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\NjDSpZr.exe
  C:\Windows\System\NjDSpZr.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\LsNIUVI.exe
  C:\Windows\System\LsNIUVI.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\qDikEvV.exe
  C:\Windows\System\qDikEvV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\JJCJTRE.exe
  C:\Windows\System\JJCJTRE.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\wJkTlJQ.exe
  C:\Windows\System\wJkTlJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\lvquIfL.exe
  C:\Windows\System\lvquIfL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\OUemufe.exe
  C:\Windows\System\OUemufe.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\UnPGogv.exe
  C:\Windows\System\UnPGogv.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ybZOTcP.exe
  C:\Windows\System\ybZOTcP.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\lRovmDb.exe
  C:\Windows\System\lRovmDb.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\mRSePMx.exe
  C:\Windows\System\mRSePMx.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\ZjBnfSL.exe
  C:\Windows\System\ZjBnfSL.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\maUdgse.exe
  C:\Windows\System\maUdgse.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\WgWEzRU.exe
  C:\Windows\System\WgWEzRU.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\NkVeTZp.exe
  C:\Windows\System\NkVeTZp.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\NqeCCNx.exe
  C:\Windows\System\NqeCCNx.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\NEluPrD.exe
  C:\Windows\System\NEluPrD.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\luMTjZW.exe
  C:\Windows\System\luMTjZW.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\Flhikln.exe
  C:\Windows\System\Flhikln.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\AcLVwYG.exe
  C:\Windows\System\AcLVwYG.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\SSilktW.exe
  C:\Windows\System\SSilktW.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\kbiqOOW.exe
  C:\Windows\System\kbiqOOW.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\wWDMoAK.exe
  C:\Windows\System\wWDMoAK.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\ZqbnoGD.exe
  C:\Windows\System\ZqbnoGD.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\zXeulZv.exe
  C:\Windows\System\zXeulZv.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\gvaxpWA.exe
  C:\Windows\System\gvaxpWA.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\wDyMLZI.exe
  C:\Windows\System\wDyMLZI.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\KwQrTDQ.exe
  C:\Windows\System\KwQrTDQ.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\MgtubiR.exe
  C:\Windows\System\MgtubiR.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\qOVjxfW.exe
  C:\Windows\System\qOVjxfW.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\wdZmOon.exe
  C:\Windows\System\wdZmOon.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\DHyBicp.exe
  C:\Windows\System\DHyBicp.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\imEvcUI.exe
  C:\Windows\System\imEvcUI.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\cpaTXuu.exe
  C:\Windows\System\cpaTXuu.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\FXfiRDD.exe
  C:\Windows\System\FXfiRDD.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\AyctLgp.exe
  C:\Windows\System\AyctLgp.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\AmyqTEP.exe
  C:\Windows\System\AmyqTEP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\RBgibDC.exe
  C:\Windows\System\RBgibDC.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\ISfeciu.exe
  C:\Windows\System\ISfeciu.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\gbMgwrF.exe
  C:\Windows\System\gbMgwrF.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\ifXQYgC.exe
  C:\Windows\System\ifXQYgC.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\KlDUIVm.exe
  C:\Windows\System\KlDUIVm.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\QANizni.exe
  C:\Windows\System\QANizni.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\aTuKylF.exe
  C:\Windows\System\aTuKylF.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\ZkYpDqL.exe
  C:\Windows\System\ZkYpDqL.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\KkaxBmy.exe
  C:\Windows\System\KkaxBmy.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\IZlTRgj.exe
  C:\Windows\System\IZlTRgj.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\dXaYxMr.exe
  C:\Windows\System\dXaYxMr.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\RoluJPO.exe
  C:\Windows\System\RoluJPO.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\lKOLWgw.exe
  C:\Windows\System\lKOLWgw.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\wFyhaJT.exe
  C:\Windows\System\wFyhaJT.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ZvpGykJ.exe
  C:\Windows\System\ZvpGykJ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\LliJTGR.exe
  C:\Windows\System\LliJTGR.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\TZesURy.exe
  C:\Windows\System\TZesURy.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\hcIfFCc.exe
  C:\Windows\System\hcIfFCc.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\EyHlPwy.exe
  C:\Windows\System\EyHlPwy.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\RGLElbP.exe
  C:\Windows\System\RGLElbP.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\gTSkOve.exe
  C:\Windows\System\gTSkOve.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\EOziGdp.exe
  C:\Windows\System\EOziGdp.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\cNTzsXS.exe
  C:\Windows\System\cNTzsXS.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\pPtHhks.exe
  C:\Windows\System\pPtHhks.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\KbtGTPH.exe
  C:\Windows\System\KbtGTPH.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\LQjwjEE.exe
  C:\Windows\System\LQjwjEE.exe
  2⤵
  PID:2848
- C:\Windows\System\aWUWuAs.exe
  C:\Windows\System\aWUWuAs.exe
  2⤵
  PID:2968
- C:\Windows\System\VnmhdgL.exe
  C:\Windows\System\VnmhdgL.exe
  2⤵
  PID:2072
- C:\Windows\System\KKYvhRV.exe
  C:\Windows\System\KKYvhRV.exe
  2⤵
  PID:400
- C:\Windows\System\RTtascS.exe
  C:\Windows\System\RTtascS.exe
  2⤵
  PID:3336
- C:\Windows\System\gXLwgaL.exe
  C:\Windows\System\gXLwgaL.exe
  2⤵
  PID:4284
- C:\Windows\System\JKnGOxG.exe
  C:\Windows\System\JKnGOxG.exe
  2⤵
  PID:1616
- C:\Windows\System\KINILll.exe
  C:\Windows\System\KINILll.exe
  2⤵
  PID:4808
- C:\Windows\System\thqRZkj.exe
  C:\Windows\System\thqRZkj.exe
  2⤵
  PID:3112
- C:\Windows\System\THXDnYS.exe
  C:\Windows\System\THXDnYS.exe
  2⤵
  PID:2096
- C:\Windows\System\SQNJCPu.exe
  C:\Windows\System\SQNJCPu.exe
  2⤵
  PID:3612
- C:\Windows\System\PJaNfoS.exe
  C:\Windows\System\PJaNfoS.exe
  2⤵
  PID:3052
- C:\Windows\System\Uhmnywg.exe
  C:\Windows\System\Uhmnywg.exe
  2⤵
  PID:3984
- C:\Windows\System\lLHIhTs.exe
  C:\Windows\System\lLHIhTs.exe
  2⤵
  PID:2708
- C:\Windows\System\jLPJlvD.exe
  C:\Windows\System\jLPJlvD.exe
  2⤵
  PID:1184
- C:\Windows\System\VAEEXMX.exe
  C:\Windows\System\VAEEXMX.exe
  2⤵
  PID:5128
- C:\Windows\System\sgglyoQ.exe
  C:\Windows\System\sgglyoQ.exe
  2⤵
  PID:5160
- C:\Windows\System\lcQgpex.exe
  C:\Windows\System\lcQgpex.exe
  2⤵
  PID:5184
- C:\Windows\System\yZANAtA.exe
  C:\Windows\System\yZANAtA.exe
  2⤵
  PID:5212
- C:\Windows\System\xDyTBuU.exe
  C:\Windows\System\xDyTBuU.exe
  2⤵
  PID:5236
- C:\Windows\System\VDdJnqB.exe
  C:\Windows\System\VDdJnqB.exe
  2⤵
  PID:5276
- C:\Windows\System\xYWnkgb.exe
  C:\Windows\System\xYWnkgb.exe
  2⤵
  PID:5308
- C:\Windows\System\ytIYhuH.exe
  C:\Windows\System\ytIYhuH.exe
  2⤵
  PID:5328
- C:\Windows\System\IrkGEhD.exe
  C:\Windows\System\IrkGEhD.exe
  2⤵
  PID:5352
- C:\Windows\System\KlBvThO.exe
  C:\Windows\System\KlBvThO.exe
  2⤵
  PID:5368
- C:\Windows\System\ArqKLxZ.exe
  C:\Windows\System\ArqKLxZ.exe
  2⤵
  PID:5396
- C:\Windows\System\jYpQcWK.exe
  C:\Windows\System\jYpQcWK.exe
  2⤵
  PID:5428
- C:\Windows\System\WpbSOfe.exe
  C:\Windows\System\WpbSOfe.exe
  2⤵
  PID:5444
- C:\Windows\System\YiobZni.exe
  C:\Windows\System\YiobZni.exe
  2⤵
  PID:5468
- C:\Windows\System\huhMhEw.exe
  C:\Windows\System\huhMhEw.exe
  2⤵
  PID:5500
- C:\Windows\System\bqKxUlj.exe
  C:\Windows\System\bqKxUlj.exe
  2⤵
  PID:5524
- C:\Windows\System\rsFQjrw.exe
  C:\Windows\System\rsFQjrw.exe
  2⤵
  PID:5556
- C:\Windows\System\MAItaXv.exe
  C:\Windows\System\MAItaXv.exe
  2⤵
  PID:5584
- C:\Windows\System\YzMfvNw.exe
  C:\Windows\System\YzMfvNw.exe
  2⤵
  PID:5620
- C:\Windows\System\OGRIYsX.exe
  C:\Windows\System\OGRIYsX.exe
  2⤵
  PID:5648
- C:\Windows\System\mPyOMfS.exe
  C:\Windows\System\mPyOMfS.exe
  2⤵
  PID:5672
- C:\Windows\System\CZXXMnB.exe
  C:\Windows\System\CZXXMnB.exe
  2⤵
  PID:5704
- C:\Windows\System\qkbUbZe.exe
  C:\Windows\System\qkbUbZe.exe
  2⤵
  PID:5732
- C:\Windows\System\mAYrbvZ.exe
  C:\Windows\System\mAYrbvZ.exe
  2⤵
  PID:5764
- C:\Windows\System\GbVtGZr.exe
  C:\Windows\System\GbVtGZr.exe
  2⤵
  PID:5788
- C:\Windows\System\IRqbpJb.exe
  C:\Windows\System\IRqbpJb.exe
  2⤵
  PID:5808
- C:\Windows\System\FqsYFHd.exe
  C:\Windows\System\FqsYFHd.exe
  2⤵
  PID:5832
- C:\Windows\System\oOAvSZn.exe
  C:\Windows\System\oOAvSZn.exe
  2⤵
  PID:5860
- C:\Windows\System\VjxHKEx.exe
  C:\Windows\System\VjxHKEx.exe
  2⤵
  PID:5896
- C:\Windows\System\xsLpTVU.exe
  C:\Windows\System\xsLpTVU.exe
  2⤵
  PID:5916
- C:\Windows\System\SQXVyNS.exe
  C:\Windows\System\SQXVyNS.exe
  2⤵
  PID:5936
- C:\Windows\System\JYZZsuF.exe
  C:\Windows\System\JYZZsuF.exe
  2⤵
  PID:5964
- C:\Windows\System\XStBMYP.exe
  C:\Windows\System\XStBMYP.exe
  2⤵
  PID:5996
- C:\Windows\System\igSqMIw.exe
  C:\Windows\System\igSqMIw.exe
  2⤵
  PID:6028
- C:\Windows\System\BuinCqW.exe
  C:\Windows\System\BuinCqW.exe
  2⤵
  PID:6060
- C:\Windows\System\qWTaTPS.exe
  C:\Windows\System\qWTaTPS.exe
  2⤵
  PID:6092
- C:\Windows\System\oGaHkFw.exe
  C:\Windows\System\oGaHkFw.exe
  2⤵
  PID:6124
- C:\Windows\System\idTTrSC.exe
  C:\Windows\System\idTTrSC.exe
  2⤵
  PID:3988
- C:\Windows\System\dKScOoM.exe
  C:\Windows\System\dKScOoM.exe
  2⤵
  PID:5196
- C:\Windows\System\MiDKadv.exe
  C:\Windows\System\MiDKadv.exe
  2⤵
  PID:5264
- C:\Windows\System\zuCpSyN.exe
  C:\Windows\System\zuCpSyN.exe
  2⤵
  PID:5336
- C:\Windows\System\wpeopxw.exe
  C:\Windows\System\wpeopxw.exe
  2⤵
  PID:5404
- C:\Windows\System\hGOnYqd.exe
  C:\Windows\System\hGOnYqd.exe
  2⤵
  PID:5484
- C:\Windows\System\Lyidfbf.exe
  C:\Windows\System\Lyidfbf.exe
  2⤵
  PID:5540
- C:\Windows\System\DHVTJul.exe
  C:\Windows\System\DHVTJul.exe
  2⤵
  PID:5568
- C:\Windows\System\MyMqJIX.exe
  C:\Windows\System\MyMqJIX.exe
  2⤵
  PID:5660
- C:\Windows\System\sJbSILj.exe
  C:\Windows\System\sJbSILj.exe
  2⤵
  PID:5716
- C:\Windows\System\DkPSxHE.exe
  C:\Windows\System\DkPSxHE.exe
  2⤵
  PID:5752
- C:\Windows\System\cjxqBHt.exe
  C:\Windows\System\cjxqBHt.exe
  2⤵
  PID:5856
- C:\Windows\System\yCPQTxW.exe
  C:\Windows\System\yCPQTxW.exe
  2⤵
  PID:5908
- C:\Windows\System\DSZxzaD.exe
  C:\Windows\System\DSZxzaD.exe
  2⤵
  PID:5988
- C:\Windows\System\ZgODiZt.exe
  C:\Windows\System\ZgODiZt.exe
  2⤵
  PID:5952
- C:\Windows\System\TQFGemE.exe
  C:\Windows\System\TQFGemE.exe
  2⤵
  PID:6040
- C:\Windows\System\XQVXxPd.exe
  C:\Windows\System\XQVXxPd.exe
  2⤵
  PID:6140
- C:\Windows\System\ZlXDkgq.exe
  C:\Windows\System\ZlXDkgq.exe
  2⤵
  PID:5256
- C:\Windows\System\wqVNQeR.exe
  C:\Windows\System\wqVNQeR.exe
  2⤵
  PID:5388
- C:\Windows\System\qepFiBp.exe
  C:\Windows\System\qepFiBp.exe
  2⤵
  PID:5592
- C:\Windows\System\JZwnbmR.exe
  C:\Windows\System\JZwnbmR.exe
  2⤵
  PID:5668
- C:\Windows\System\SRfqTvb.exe
  C:\Windows\System\SRfqTvb.exe
  2⤵
  PID:5800
- C:\Windows\System\mKevjYU.exe
  C:\Windows\System\mKevjYU.exe
  2⤵
  PID:5924
- C:\Windows\System\fELPfiJ.exe
  C:\Windows\System\fELPfiJ.exe
  2⤵
  PID:5300
- C:\Windows\System\dZuCuLy.exe
  C:\Windows\System\dZuCuLy.exe
  2⤵
  PID:5516
- C:\Windows\System\KOwdPCG.exe
  C:\Windows\System\KOwdPCG.exe
  2⤵
  PID:5720
- C:\Windows\System\ODtdbIL.exe
  C:\Windows\System\ODtdbIL.exe
  2⤵
  PID:6148
- C:\Windows\System\DULndjx.exe
  C:\Windows\System\DULndjx.exe
  2⤵
  PID:6180
- C:\Windows\System\wXKLdXT.exe
  C:\Windows\System\wXKLdXT.exe
  2⤵
  PID:6208
- C:\Windows\System\dETYjuX.exe
  C:\Windows\System\dETYjuX.exe
  2⤵
  PID:6248
- C:\Windows\System\fzIaiWb.exe
  C:\Windows\System\fzIaiWb.exe
  2⤵
  PID:6276
- C:\Windows\System\iLnvrxX.exe
  C:\Windows\System\iLnvrxX.exe
  2⤵
  PID:6304
- C:\Windows\System\eLKCzDq.exe
  C:\Windows\System\eLKCzDq.exe
  2⤵
  PID:6332
- C:\Windows\System\EeIxPdc.exe
  C:\Windows\System\EeIxPdc.exe
  2⤵
  PID:6364
- C:\Windows\System\djETqnF.exe
  C:\Windows\System\djETqnF.exe
  2⤵
  PID:6384
- C:\Windows\System\XQJUbbu.exe
  C:\Windows\System\XQJUbbu.exe
  2⤵
  PID:6412
- C:\Windows\System\iPeuRbn.exe
  C:\Windows\System\iPeuRbn.exe
  2⤵
  PID:6440
- C:\Windows\System\DNxEXGW.exe
  C:\Windows\System\DNxEXGW.exe
  2⤵
  PID:6472
- C:\Windows\System\GPxgaOM.exe
  C:\Windows\System\GPxgaOM.exe
  2⤵
  PID:6500
- C:\Windows\System\KpOgHVV.exe
  C:\Windows\System\KpOgHVV.exe
  2⤵
  PID:6528
- C:\Windows\System\QGjwdzr.exe
  C:\Windows\System\QGjwdzr.exe
  2⤵
  PID:6556
- C:\Windows\System\OWEJjjS.exe
  C:\Windows\System\OWEJjjS.exe
  2⤵
  PID:6584
- C:\Windows\System\sTFRoRS.exe
  C:\Windows\System\sTFRoRS.exe
  2⤵
  PID:6612
- C:\Windows\System\bDpsUWD.exe
  C:\Windows\System\bDpsUWD.exe
  2⤵
  PID:6648
- C:\Windows\System\BJyhuAL.exe
  C:\Windows\System\BJyhuAL.exe
  2⤵
  PID:6664
- C:\Windows\System\FoqbCtH.exe
  C:\Windows\System\FoqbCtH.exe
  2⤵
  PID:6692
- C:\Windows\System\GgnLGDR.exe
  C:\Windows\System\GgnLGDR.exe
  2⤵
  PID:6712
- C:\Windows\System\WsBldQa.exe
  C:\Windows\System\WsBldQa.exe
  2⤵
  PID:6736
- C:\Windows\System\eIzOMDq.exe
  C:\Windows\System\eIzOMDq.exe
  2⤵
  PID:6768
- C:\Windows\System\RtsfUkX.exe
  C:\Windows\System\RtsfUkX.exe
  2⤵
  PID:6792
- C:\Windows\System\aCZkpyQ.exe
  C:\Windows\System\aCZkpyQ.exe
  2⤵
  PID:6820
- C:\Windows\System\OlTvfjT.exe
  C:\Windows\System\OlTvfjT.exe
  2⤵
  PID:6848
- C:\Windows\System\lGzHRaN.exe
  C:\Windows\System\lGzHRaN.exe
  2⤵
  PID:6876
- C:\Windows\System\avwicNw.exe
  C:\Windows\System\avwicNw.exe
  2⤵
  PID:6904
- C:\Windows\System\ZrtLeee.exe
  C:\Windows\System\ZrtLeee.exe
  2⤵
  PID:6928
- C:\Windows\System\SbZfZZF.exe
  C:\Windows\System\SbZfZZF.exe
  2⤵
  PID:6952
- C:\Windows\System\GROlIVy.exe
  C:\Windows\System\GROlIVy.exe
  2⤵
  PID:6976
- C:\Windows\System\BlXEyCB.exe
  C:\Windows\System\BlXEyCB.exe
  2⤵
  PID:7008
- C:\Windows\System\iInmFnB.exe
  C:\Windows\System\iInmFnB.exe
  2⤵
  PID:7044
- C:\Windows\System\rSgadWS.exe
  C:\Windows\System\rSgadWS.exe
  2⤵
  PID:7068
- C:\Windows\System\efRkHMq.exe
  C:\Windows\System\efRkHMq.exe
  2⤵
  PID:7104
- C:\Windows\System\JOjYYUT.exe
  C:\Windows\System\JOjYYUT.exe
  2⤵
  PID:5628
- C:\Windows\System\TppVqNk.exe
  C:\Windows\System\TppVqNk.exe
  2⤵
  PID:6204
- C:\Windows\System\cqMzBQZ.exe
  C:\Windows\System\cqMzBQZ.exe
  2⤵
  PID:6240
- C:\Windows\System\VHoWWax.exe
  C:\Windows\System\VHoWWax.exe
  2⤵
  PID:6296
- C:\Windows\System\bcxOVOA.exe
  C:\Windows\System\bcxOVOA.exe
  2⤵
  PID:6344
- C:\Windows\System\fhbnBlG.exe
  C:\Windows\System\fhbnBlG.exe
  2⤵
  PID:6428
- C:\Windows\System\ygqAeiM.exe
  C:\Windows\System\ygqAeiM.exe
  2⤵
  PID:6452
- C:\Windows\System\EceRxml.exe
  C:\Windows\System\EceRxml.exe
  2⤵
  PID:6576
- C:\Windows\System\SmJMcbU.exe
  C:\Windows\System\SmJMcbU.exe
  2⤵
  PID:6596
- C:\Windows\System\IfHtYjz.exe
  C:\Windows\System\IfHtYjz.exe
  2⤵
  PID:6708
- C:\Windows\System\blcXDTY.exe
  C:\Windows\System\blcXDTY.exe
  2⤵
  PID:6756
- C:\Windows\System\kSpgJSb.exe
  C:\Windows\System\kSpgJSb.exe
  2⤵
  PID:6872
- C:\Windows\System\VDVFDEA.exe
  C:\Windows\System\VDVFDEA.exe
  2⤵
  PID:6920
- C:\Windows\System\nhPhdAO.exe
  C:\Windows\System\nhPhdAO.exe
  2⤵
  PID:6948
- C:\Windows\System\aptcUFu.exe
  C:\Windows\System\aptcUFu.exe
  2⤵
  PID:6968
- C:\Windows\System\JoibWmQ.exe
  C:\Windows\System\JoibWmQ.exe
  2⤵
  PID:7024
- C:\Windows\System\kQRZjgB.exe
  C:\Windows\System\kQRZjgB.exe
  2⤵
  PID:7080
- C:\Windows\System\QKKLNVv.exe
  C:\Windows\System\QKKLNVv.exe
  2⤵
  PID:7160
- C:\Windows\System\xQuBKYq.exe
  C:\Windows\System\xQuBKYq.exe
  2⤵
  PID:6228
- C:\Windows\System\KKOJEyv.exe
  C:\Windows\System\KKOJEyv.exe
  2⤵
  PID:6356
- C:\Windows\System\fOeiVrC.exe
  C:\Windows\System\fOeiVrC.exe
  2⤵
  PID:6516
- C:\Windows\System\gVFlwIU.exe
  C:\Windows\System\gVFlwIU.exe
  2⤵
  PID:6568
- C:\Windows\System\GtFQEoI.exe
  C:\Windows\System\GtFQEoI.exe
  2⤵
  PID:6656
- C:\Windows\System\bZQiVBn.exe
  C:\Windows\System\bZQiVBn.exe
  2⤵
  PID:6940
- C:\Windows\System\dUTHxJz.exe
  C:\Windows\System\dUTHxJz.exe
  2⤵
  PID:7016
- C:\Windows\System\FVgXStN.exe
  C:\Windows\System\FVgXStN.exe
  2⤵
  PID:5224
- C:\Windows\System\leGUHJe.exe
  C:\Windows\System\leGUHJe.exe
  2⤵
  PID:6268
- C:\Windows\System\mXbMFAv.exe
  C:\Windows\System\mXbMFAv.exe
  2⤵
  PID:6784
- C:\Windows\System\BcgrkVZ.exe
  C:\Windows\System\BcgrkVZ.exe
  2⤵
  PID:7196
- C:\Windows\System\WLhqMOl.exe
  C:\Windows\System\WLhqMOl.exe
  2⤵
  PID:7220
- C:\Windows\System\dijbQoC.exe
  C:\Windows\System\dijbQoC.exe
  2⤵
  PID:7244
- C:\Windows\System\upnOAcY.exe
  C:\Windows\System\upnOAcY.exe
  2⤵
  PID:7280
- C:\Windows\System\VVqmZhj.exe
  C:\Windows\System\VVqmZhj.exe
  2⤵
  PID:7308
- C:\Windows\System\fLIuWLd.exe
  C:\Windows\System\fLIuWLd.exe
  2⤵
  PID:7336
- C:\Windows\System\hizLsQa.exe
  C:\Windows\System\hizLsQa.exe
  2⤵
  PID:7352
- C:\Windows\System\ezQJgmq.exe
  C:\Windows\System\ezQJgmq.exe
  2⤵
  PID:7380
- C:\Windows\System\NEwzmsu.exe
  C:\Windows\System\NEwzmsu.exe
  2⤵
  PID:7404
- C:\Windows\System\cgTOTug.exe
  C:\Windows\System\cgTOTug.exe
  2⤵
  PID:7436
- C:\Windows\System\iOIYLVY.exe
  C:\Windows\System\iOIYLVY.exe
  2⤵
  PID:7464
- C:\Windows\System\fQlZXOI.exe
  C:\Windows\System\fQlZXOI.exe
  2⤵
  PID:7488
- C:\Windows\System\ScNAazG.exe
  C:\Windows\System\ScNAazG.exe
  2⤵
  PID:7520
- C:\Windows\System\pauTJOk.exe
  C:\Windows\System\pauTJOk.exe
  2⤵
  PID:7544
- C:\Windows\System\TFgmPBA.exe
  C:\Windows\System\TFgmPBA.exe
  2⤵
  PID:7568
- C:\Windows\System\sTGHKXe.exe
  C:\Windows\System\sTGHKXe.exe
  2⤵
  PID:7600
- C:\Windows\System\ZeSTgLz.exe
  C:\Windows\System\ZeSTgLz.exe
  2⤵
  PID:7632
- C:\Windows\System\bfGAIeK.exe
  C:\Windows\System\bfGAIeK.exe
  2⤵
  PID:7660
- C:\Windows\System\TsVddom.exe
  C:\Windows\System\TsVddom.exe
  2⤵
  PID:7688
- C:\Windows\System\vGikRiL.exe
  C:\Windows\System\vGikRiL.exe
  2⤵
  PID:7716
- C:\Windows\System\BqmMafw.exe
  C:\Windows\System\BqmMafw.exe
  2⤵
  PID:7740
- C:\Windows\System\JeCARJy.exe
  C:\Windows\System\JeCARJy.exe
  2⤵
  PID:7768
- C:\Windows\System\TUPUBDo.exe
  C:\Windows\System\TUPUBDo.exe
  2⤵
  PID:7804
- C:\Windows\System\aFsUSFh.exe
  C:\Windows\System\aFsUSFh.exe
  2⤵
  PID:7840
- C:\Windows\System\KmlTjkx.exe
  C:\Windows\System\KmlTjkx.exe
  2⤵
  PID:7864
- C:\Windows\System\fTBuYPs.exe
  C:\Windows\System\fTBuYPs.exe
  2⤵
  PID:7904
- C:\Windows\System\aNmPlQN.exe
  C:\Windows\System\aNmPlQN.exe
  2⤵
  PID:7928
- C:\Windows\System\nHjIozD.exe
  C:\Windows\System\nHjIozD.exe
  2⤵
  PID:7956
- C:\Windows\System\fkJCliJ.exe
  C:\Windows\System\fkJCliJ.exe
  2⤵
  PID:7988
- C:\Windows\System\aIPmrHl.exe
  C:\Windows\System\aIPmrHl.exe
  2⤵
  PID:8012
- C:\Windows\System\NjLbDqa.exe
  C:\Windows\System\NjLbDqa.exe
  2⤵
  PID:8044
- C:\Windows\System\XEFHPRB.exe
  C:\Windows\System\XEFHPRB.exe
  2⤵
  PID:8072
- C:\Windows\System\VEqEJcs.exe
  C:\Windows\System\VEqEJcs.exe
  2⤵
  PID:8100
- C:\Windows\System\pzZKClU.exe
  C:\Windows\System\pzZKClU.exe
  2⤵
  PID:8120
- C:\Windows\System\WiwKPIU.exe
  C:\Windows\System\WiwKPIU.exe
  2⤵
  PID:8144
- C:\Windows\System\TwjTFVp.exe
  C:\Windows\System\TwjTFVp.exe
  2⤵
  PID:8168
- C:\Windows\System\EkonPYz.exe
  C:\Windows\System\EkonPYz.exe
  2⤵
  PID:6748
- C:\Windows\System\DNHNvHa.exe
  C:\Windows\System\DNHNvHa.exe
  2⤵
  PID:7212
- C:\Windows\System\hhVXzYq.exe
  C:\Windows\System\hhVXzYq.exe
  2⤵
  PID:7176
- C:\Windows\System\ayehqBC.exe
  C:\Windows\System\ayehqBC.exe
  2⤵
  PID:7332
- C:\Windows\System\GKXgctM.exe
  C:\Windows\System\GKXgctM.exe
  2⤵
  PID:7424
- C:\Windows\System\wkJlPCJ.exe
  C:\Windows\System\wkJlPCJ.exe
  2⤵
  PID:7364
- C:\Windows\System\dzPFvIZ.exe
  C:\Windows\System\dzPFvIZ.exe
  2⤵
  PID:7504
- C:\Windows\System\OjIelgT.exe
  C:\Windows\System\OjIelgT.exe
  2⤵
  PID:7564
- C:\Windows\System\PQFHhHh.exe
  C:\Windows\System\PQFHhHh.exe
  2⤵
  PID:7532
- C:\Windows\System\JQkuKWM.exe
  C:\Windows\System\JQkuKWM.exe
  2⤵
  PID:7676
- C:\Windows\System\VytXFdX.exe
  C:\Windows\System\VytXFdX.exe
  2⤵
  PID:7752
- C:\Windows\System\goaAAPd.exe
  C:\Windows\System\goaAAPd.exe
  2⤵
  PID:7736
- C:\Windows\System\hcrZqTz.exe
  C:\Windows\System\hcrZqTz.exe
  2⤵
  PID:7828
- C:\Windows\System\UpuhNpv.exe
  C:\Windows\System\UpuhNpv.exe
  2⤵
  PID:7760
- C:\Windows\System\YcCZAzu.exe
  C:\Windows\System\YcCZAzu.exe
  2⤵
  PID:7952
- C:\Windows\System\vknneBf.exe
  C:\Windows\System\vknneBf.exe
  2⤵
  PID:8008
- C:\Windows\System\Uursocl.exe
  C:\Windows\System\Uursocl.exe
  2⤵
  PID:8096
- C:\Windows\System\LhbRpxS.exe
  C:\Windows\System\LhbRpxS.exe
  2⤵
  PID:8160
- C:\Windows\System\dEgouAK.exe
  C:\Windows\System\dEgouAK.exe
  2⤵
  PID:8180
- C:\Windows\System\zhziVEQ.exe
  C:\Windows\System\zhziVEQ.exe
  2⤵
  PID:8132
- C:\Windows\System\jeMJAPq.exe
  C:\Windows\System\jeMJAPq.exe
  2⤵
  PID:7416
- C:\Windows\System\GcMQRLB.exe
  C:\Windows\System\GcMQRLB.exe
  2⤵
  PID:7648
- C:\Windows\System\GBWlXHS.exe
  C:\Windows\System\GBWlXHS.exe
  2⤵
  PID:7728
- C:\Windows\System\OrbxXdZ.exe
  C:\Windows\System\OrbxXdZ.exe
  2⤵
  PID:7612
- C:\Windows\System\wwxzcKe.exe
  C:\Windows\System\wwxzcKe.exe
  2⤵
  PID:7924
- C:\Windows\System\kdShuQh.exe
  C:\Windows\System\kdShuQh.exe
  2⤵
  PID:8204
- C:\Windows\System\ZnUSjJe.exe
  C:\Windows\System\ZnUSjJe.exe
  2⤵
  PID:8224
- C:\Windows\System\KitvMam.exe
  C:\Windows\System\KitvMam.exe
  2⤵
  PID:8252
- C:\Windows\System\qtaQJCY.exe
  C:\Windows\System\qtaQJCY.exe
  2⤵
  PID:8284
- C:\Windows\System\YGLCUML.exe
  C:\Windows\System\YGLCUML.exe
  2⤵
  PID:8308
- C:\Windows\System\bqjKJRh.exe
  C:\Windows\System\bqjKJRh.exe
  2⤵
  PID:8328
- C:\Windows\System\KiahimB.exe
  C:\Windows\System\KiahimB.exe
  2⤵
  PID:8364
- C:\Windows\System\wLBvKTC.exe
  C:\Windows\System\wLBvKTC.exe
  2⤵
  PID:8392
- C:\Windows\System\bHRnMyK.exe
  C:\Windows\System\bHRnMyK.exe
  2⤵
  PID:8412
- C:\Windows\System\dNyHNVF.exe
  C:\Windows\System\dNyHNVF.exe
  2⤵
  PID:8436
- C:\Windows\System\usjaUZU.exe
  C:\Windows\System\usjaUZU.exe
  2⤵
  PID:8460
- C:\Windows\System\PdoFBPd.exe
  C:\Windows\System\PdoFBPd.exe
  2⤵
  PID:8476
- C:\Windows\System\CkVmPpT.exe
  C:\Windows\System\CkVmPpT.exe
  2⤵
  PID:8504
- C:\Windows\System\RWPvWBI.exe
  C:\Windows\System\RWPvWBI.exe
  2⤵
  PID:8528
- C:\Windows\System\GofMcmu.exe
  C:\Windows\System\GofMcmu.exe
  2⤵
  PID:8556
- C:\Windows\System\pdCCOvE.exe
  C:\Windows\System\pdCCOvE.exe
  2⤵
  PID:8572
- C:\Windows\System\EOfrWQH.exe
  C:\Windows\System\EOfrWQH.exe
  2⤵
  PID:8596
- C:\Windows\System\OcAQWlo.exe
  C:\Windows\System\OcAQWlo.exe
  2⤵
  PID:8620
- C:\Windows\System\LZSAiKo.exe
  C:\Windows\System\LZSAiKo.exe
  2⤵
  PID:8676
- C:\Windows\System\RFnEhEq.exe
  C:\Windows\System\RFnEhEq.exe
  2⤵
  PID:8700
- C:\Windows\System\PrPwnQO.exe
  C:\Windows\System\PrPwnQO.exe
  2⤵
  PID:8732
- C:\Windows\System\qJzYFuX.exe
  C:\Windows\System\qJzYFuX.exe
  2⤵
  PID:8756
- C:\Windows\System\nOZcIxc.exe
  C:\Windows\System\nOZcIxc.exe
  2⤵
  PID:8792
- C:\Windows\System\lJSkElU.exe
  C:\Windows\System\lJSkElU.exe
  2⤵
  PID:8816
- C:\Windows\System\kytvzeR.exe
  C:\Windows\System\kytvzeR.exe
  2⤵
  PID:8848
- C:\Windows\System\CHzvhre.exe
  C:\Windows\System\CHzvhre.exe
  2⤵
  PID:8872
- C:\Windows\System\aSazmPP.exe
  C:\Windows\System\aSazmPP.exe
  2⤵
  PID:8904
- C:\Windows\System\Ryzufhc.exe
  C:\Windows\System\Ryzufhc.exe
  2⤵
  PID:8932
- C:\Windows\System\KbbvmhF.exe
  C:\Windows\System\KbbvmhF.exe
  2⤵
  PID:8972
- C:\Windows\System\GOVBdIj.exe
  C:\Windows\System\GOVBdIj.exe
  2⤵
  PID:9004
- C:\Windows\System\fDdZoVm.exe
  C:\Windows\System\fDdZoVm.exe
  2⤵
  PID:9032
- C:\Windows\System\bjbxPXt.exe
  C:\Windows\System\bjbxPXt.exe
  2⤵
  PID:9052
- C:\Windows\System\XfBsOeV.exe
  C:\Windows\System\XfBsOeV.exe
  2⤵
  PID:9072
- C:\Windows\System\JSIvMBv.exe
  C:\Windows\System\JSIvMBv.exe
  2⤵
  PID:9096
- C:\Windows\System\bnRgAfs.exe
  C:\Windows\System\bnRgAfs.exe
  2⤵
  PID:9120
- C:\Windows\System\yfvHkbj.exe
  C:\Windows\System\yfvHkbj.exe
  2⤵
  PID:9136
- C:\Windows\System\iqkruoB.exe
  C:\Windows\System\iqkruoB.exe
  2⤵
  PID:9168
- C:\Windows\System\GopMnoZ.exe
  C:\Windows\System\GopMnoZ.exe
  2⤵
  PID:9184
- C:\Windows\System\htUKzjw.exe
  C:\Windows\System\htUKzjw.exe
  2⤵
  PID:9204
- C:\Windows\System\XOCFtgl.exe
  C:\Windows\System\XOCFtgl.exe
  2⤵
  PID:7428
- C:\Windows\System\XGngGAd.exe
  C:\Windows\System\XGngGAd.exe
  2⤵
  PID:6984
- C:\Windows\System\oKFzXFY.exe
  C:\Windows\System\oKFzXFY.exe
  2⤵
  PID:7856
- C:\Windows\System\kyRtsLN.exe
  C:\Windows\System\kyRtsLN.exe
  2⤵
  PID:8164
- C:\Windows\System\QyfuSCR.exe
  C:\Windows\System\QyfuSCR.exe
  2⤵
  PID:8256
- C:\Windows\System\iGyqOIo.exe
  C:\Windows\System\iGyqOIo.exe
  2⤵
  PID:7252
- C:\Windows\System\XvsdbeB.exe
  C:\Windows\System\XvsdbeB.exe
  2⤵
  PID:8300
- C:\Windows\System\yBpzgaR.exe
  C:\Windows\System\yBpzgaR.exe
  2⤵
  PID:8248
- C:\Windows\System\fTeYIac.exe
  C:\Windows\System\fTeYIac.exe
  2⤵
  PID:8380
- C:\Windows\System\CjNKNIp.exe
  C:\Windows\System\CjNKNIp.exe
  2⤵
  PID:8428
- C:\Windows\System\RnRTyUY.exe
  C:\Windows\System\RnRTyUY.exe
  2⤵
  PID:8424
- C:\Windows\System\HzgOMwK.exe
  C:\Windows\System\HzgOMwK.exe
  2⤵
  PID:8568
- C:\Windows\System\mFvYZqF.exe
  C:\Windows\System\mFvYZqF.exe
  2⤵
  PID:8832
- C:\Windows\System\ckktwkC.exe
  C:\Windows\System\ckktwkC.exe
  2⤵
  PID:8640
- C:\Windows\System\VEwfSQE.exe
  C:\Windows\System\VEwfSQE.exe
  2⤵
  PID:8660
- C:\Windows\System\yTwvlkm.exe
  C:\Windows\System\yTwvlkm.exe
  2⤵
  PID:8860
- C:\Windows\System\gOZFnvZ.exe
  C:\Windows\System\gOZFnvZ.exe
  2⤵
  PID:8984
- C:\Windows\System\uJQhzIJ.exe
  C:\Windows\System\uJQhzIJ.exe
  2⤵
  PID:7092
- C:\Windows\System\TmqgGsa.exe
  C:\Windows\System\TmqgGsa.exe
  2⤵
  PID:8944
- C:\Windows\System\hZhUUVD.exe
  C:\Windows\System\hZhUUVD.exe
  2⤵
  PID:9152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:9804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AcLVwYG.exe

Filesize
2.1MB

MD5
85178ea52cd38c8488e5db279fe7dd6d

SHA1
5d95e48add8c88e32342726d655faffce6a6ddc8

SHA256
e1d134b13997d7547d55618258ad0073a1330e35f1f3eef6f6460b79d00987ff

SHA512
5bcbe4855aa7f11e708bbf41acfbffd12e3889fc6b4c0575612253200ece8d7bf5621d0268ea6ff861dc9ad241e05a4ff3dbbe7ae518e9ebd976f1183b7e9e9a

Download Submit
C:\Windows\System\Flhikln.exe

Filesize
2.1MB

MD5
328b86526f46c66a25b777cb41cfb004

SHA1
d6078e8d4647b514f896a37c21a1c32b877c0de6

SHA256
7d14f32f516a91007479e8a697acb054ffd3fa7850a67c2408db9b8c949759d2

SHA512
06ae9185cff97c0226d6c5d2420559205d44f1ee5355366c65c919840d024f3706aa6226f6ffe6587dceb10f3473381e2a0b9c4df755263b5c442d7ef56859bb

Download Submit
C:\Windows\System\JJCJTRE.exe

Filesize
2.1MB

MD5
ef81ed233510f06bde419233a70e5c06

SHA1
7402d34d113fcf0682a690d1a448a234e8227a98

SHA256
0bdb8490e676bf487a42d1595e912dc611808b7262c5681b5f0b622af38370da

SHA512
21ac7571308840ff366b397662e5511078c3598fc140240033f98f728a735218bbed95431ae224eae06fead35538f39032cf23f07f43d97e61ff18eaa7e4eae0

Download Submit
C:\Windows\System\KwQrTDQ.exe

Filesize
2.1MB

MD5
eea5fa7dd34a03c02628ad9da23f785a

SHA1
4da77b698abb88d054066f910e934eb28247ea1e

SHA256
5c7f97c3085cbc56a161bffbcebb7308d96e4ca78b840ed8cfa435204d225ccd

SHA512
69dcf64b351894b6320ae18414f52177dc52d582cbcfde7882dd728252f44fcb1a3dd32ea6bf3542ce68339668a983a6a88f9d553a23690ba0b6561379108cb2

Download Submit
C:\Windows\System\LsNIUVI.exe

Filesize
2.1MB

MD5
dc718ea035c4087390b24354b5a84f57

SHA1
35c5ee94f6a86aa46c90fb68ef517c1f004cdac9

SHA256
b0b08b332db728f5b6c59941b9db9a663ef44a79a1ad05dacb929d107bf940ca

SHA512
e0fa775c6b278ddff7f539dfabaf4bf97f8e91df1c762a07fbe39956bd90e5d733fc85eea3d26d61420f9c4637b6f4c02c295192d1abc5857fc85fb00ac99710

Download Submit
C:\Windows\System\MgtubiR.exe

Filesize
2.1MB

MD5
87dc2ac27c3846204c9d277b8c388370

SHA1
7053ad104ea24d5ea130467faf846037714d5dea

SHA256
97ce259c3336e07da26b0e768af5f8c4ac68a3b7ee989adc1483b363b63ee300

SHA512
133a206cb2e7edb284390474bcf4cfc7c1de9b34f640ace1ede660a6ff6293bfdad4bb911823310120d58cb69b20cf436cd7b999499909468a79c4fc02826095

Download Submit
C:\Windows\System\NEluPrD.exe

Filesize
2.1MB

MD5
f8b2a313f404b50cea85866df580849e

SHA1
555934868602fb914a7456840c4f89ef5b3d0344

SHA256
cceb3a2ca2b0daa883f20fcd6614e88d911d3a7c2344ec98844ed4c39383ee14

SHA512
fc1c99de70714d9aa3ae3206c57f6999f38e6d30de9216a0b0a89911312fd1517ff1e0636b58bd3e96c0663d0caba1bde62e64a1bd4007fc2b95a7a97c43cb7f

Download Submit
C:\Windows\System\NjDSpZr.exe

Filesize
2.1MB

MD5
71b98bb29730af0aaa530261aeac3e83

SHA1
256d0f8d2408ee3301106485525e66859e64ea8e

SHA256
519e6df78ab10d2a11eb62fb72d21e447eb4c6bd726f5ead134cf2c20b10508d

SHA512
faa29073f1ec39a7a542d8e438ea811d2f28a90ad877164941b7ad7900515530fba4ece58ce9be6ea9a5d9706339afdde2527eea8e8402af6e88d479c0c8dcd1

Download Submit
C:\Windows\System\NkVeTZp.exe

Filesize
2.1MB

MD5
cc94cc41e4f044db6698eed017f33ada

SHA1
4712df1626cd727e950c893e927418dbdb4fe98c

SHA256
05a17b7944ba66ed32463b68747149d861e59ef37016b7024870764ed468abfc

SHA512
e4b4e67cb33117c4f5d4c5924db7dbeffac0d73ca24c8b37f79bd35a34197ced975ab11c10cd9e1080c063e569642559fd3244555d5be9993bea0c2bb53c83e3

Download Submit
C:\Windows\System\NqeCCNx.exe

Filesize
2.1MB

MD5
2766a9fd5f29dbb2834883999a401872

SHA1
4bb1a0bee4c4c0df6d681eaf5caa6452965bde4c

SHA256
4111f016d3e7e637df3ca12c77369473293be4304ed780617f2884479e79f772

SHA512
bc4f823415dba9e98f1c44cbffca51ff7cda137945b2e0816def51c9af4602c50cd0f82eaa131f8c9c1129fab760e050dfd0e6436040a0d4690ab1b97ef399c0

Download Submit
C:\Windows\System\NrNSBNn.exe

Filesize
2.1MB

MD5
2b71b7540d15eafa54b42f2fe98e4900

SHA1
206d04f4714c6fd0db8fe4d1fc3dc9c1bc4f12d9

SHA256
5d71d592c4be0ae73388ba0b779e1de8e67eb139109f292285911af0314676c7

SHA512
663fd06975abad346c8d4758657403c7cd5c9577a1c7e2968e206a7b42f7c664aca2108795f27ee8cacf00a9746509458f38b57e6390cfd6af44e88456d9a403

Download Submit
C:\Windows\System\OUemufe.exe

Filesize
2.1MB

MD5
de18fc99cdd61b70743b349b40f9c150

SHA1
fbe8037aefc8aa02d9afbc199cc9a66ee800fea3

SHA256
4abfa0a2f1eab3c4559c1586d63fd14120d63c559caade12a8be0a57fd895c71

SHA512
575beae761e6c85216ee41051e53806d1ba1f85c57c9ab97936f13d7f0ccd44f338c7d6ca7f58e6d877a68bb4577ba5cb43a9b7a37f0e672ed35d9e406eca2e7

Download Submit
C:\Windows\System\SSilktW.exe

Filesize
2.1MB

MD5
7eca8f70c616524042b1eb206f291d19

SHA1
d4bfe978bb95a07e57d6d294f519d84487e27a1d

SHA256
b4dbb9c3b257afeffe3aedfc5ea654462dff7fc65fab57a0b76b73c0396c6b33

SHA512
52cf6cb6df2d13efeb79908cd43f388264ab132c9254b3648f9136842f8c269969fbad58fddcf922437cf3a774742b900eba4dde7e5755460ab1b6640ebc4569

Download Submit
C:\Windows\System\UnPGogv.exe

Filesize
2.1MB

MD5
b3eefead9d7b4e74fc17116be9c1933b

SHA1
334c286eb0059978369221beae86c41bcf4cfe79

SHA256
34ec969da470830948566bde8d96c6164cc87a0edea9280ca713427d90d56b44

SHA512
110bad3bea36f63888fd4c45364a499731162e947fd7a1d15dc50dfcc8732b8dfdba464e8fa0e66136a7062159b80a2f6f6235b1f82c25cc91f49f58d80abb04

Download Submit
C:\Windows\System\WgWEzRU.exe

Filesize
2.1MB

MD5
864049b94739bc58d22fe0bd5dd499b4

SHA1
0e600ffe483b8d75352f12930de5c1ee5497f1ee

SHA256
cfe141b0bb605fa3f657859f13db46ab6b7af374d02bb2eea6095491f8d7dda1

SHA512
9486f7d7dd18f480cdf64c1b8537b6dd63006a256a4b5a28b8dc0bf53244671bf6e66f83846e8924c692a466ebb90e63b3b229165c57715953a115b2d4eb24f8

Download Submit
C:\Windows\System\ZjBnfSL.exe

Filesize
2.1MB

MD5
3c97f6dec75239ae0f7450d7d9847d7e

SHA1
0608ba72da4f208f11dc8aaa6307e9f835ca0d6c

SHA256
831e3eddcd4b39da34ca19b49ec906a344ba5e5034dbf6e78b6e4b11858dbac2

SHA512
47600eb5d924e46247b3bc9b725a459db3a8ad987c8efd2afaabeb31fc15c505d1bbc0ec62792df3dfd2166f93f9f4e42e45157167138be07c92c9d80acaf7c1

Download Submit
C:\Windows\System\ZqbnoGD.exe

Filesize
2.1MB

MD5
9a2377abfc4ae55d7aa421de0cd477a2

SHA1
36ebb82861600176b3ed4a587cb476a30d232e44

SHA256
7270170ffe1c75173484c5763f798c908b851bd11014bca36a2f98d19ed5200d

SHA512
499678ba6fda32eec0652534a0c90a742762850cbc8fc13e9a89d276e8b391b76685c6fc076fde0e85f34773d918a82b3a203ce6e699c76b981e20409931b2be

Download Submit
C:\Windows\System\gvaxpWA.exe

Filesize
2.1MB

MD5
2c97227c04ad1c970c3105e9ac51396f

SHA1
e44355b200e86b17bbb08e6743f552107a5e119c

SHA256
60070b4ac45e22f7b5007c219a264ba950836f82cd75c13d22ce5c0cbd958ff4

SHA512
3a9e19cabb6354cdde7edfb6e511ca7f37a8234df67d015bbf377c723477f806d0d1e3c8108ffc3c62f94265c5cd8378984a172e9873459ac84d3b09678ec756

Download Submit
C:\Windows\System\kbiqOOW.exe

Filesize
2.1MB

MD5
2815c5d9af3398c97e37869061d4ec33

SHA1
513eb1e99be3f073ba606d054c9ec8f35a3a752f

SHA256
2cf7eb578b8fda97ea7232dc93d381ac7afd372362bab58f8016dd60456bed89

SHA512
8c8bef811bc275714757114bd5094fc1b4eb230848c40c988676c1336b9953deb0d7eb24fa9e4ac87a93e0048ee64d9f27410252effc2549e086bf3c054a5379

Download Submit
C:\Windows\System\lRovmDb.exe

Filesize
2.1MB

MD5
70378dd61e9c292a4ad9d8d5971d2ba6

SHA1
a3344e48e8d9051a0fa35942ceb029c16c9c0053

SHA256
5e14c632d99dbfec1574453e2d24a62c32cf418d72855d765ee9d9efc2713a4d

SHA512
3175ce2e165b2e2c2bafea1c421c61dcd91e7fb9cd7d19296855c96aac4e2ce220824f314261d0bdeb3bd16e366b4f501a644e4cd0fa9f4662ba3c4edb35d90b

Download Submit
C:\Windows\System\luMTjZW.exe

Filesize
2.1MB

MD5
ee211a58001de7c92fb69ec1628a8294

SHA1
4945367476fb693f2ea286073041be4e1bc4be51

SHA256
6c2f0ffc48df322e572131dd3f197bcd82b8feaa870df2caf8bb0d6f60af42dd

SHA512
da0fd52165447ea9d32be3047f877aafba0d51166f44150f7e38e30594de0e59f03b8dbf51715ca86d802710ac869c74985f0dc363fc8d51f9d252c20b56ef2b

Download Submit
C:\Windows\System\lvquIfL.exe

Filesize
2.1MB

MD5
1919a6f199b014c371f1ec4b02fd7d68

SHA1
75a506269990ceafa5449a468fb46fe5b444469c

SHA256
7ae4cc3e0b33423fac63ed2d0927185b0544372386cda9eab3609188d1670b45

SHA512
6f944f59550aa331db4c72189f528a84f62f18185bebf3aff657a168d976c11d97f5c103c9597178e248ef926b0442422af5b1cb2ea3c1f9cc0ed73068eca3bb

Download Submit
C:\Windows\System\mRSePMx.exe

Filesize
2.1MB

MD5
a738b255ff4839b1a12f2c705ab6634b

SHA1
2d6c050c4ff5193e439c617599d42f85064fbd99

SHA256
e700afc73f12e47538f6c3d7d87f7bc5bc917e03876503e4fc98c8ffdb8b5f5a

SHA512
a9cbbed9b65488660071ef37d9e1b07774459e676d8665aacb909afcf60e4d994a401182304903131df11b592909d49fc8fdca951691cba6729bc05f094d7020

Download Submit
C:\Windows\System\maUdgse.exe

Filesize
2.1MB

MD5
e7b89d199eb58bf6547068f151f4a21f

SHA1
6cdee8618695681120b416b3a5048781b0a140a8

SHA256
5bc811076c7ad328635569e6491ea4bf8afa93dcd665cc29441e7d90215b12ad

SHA512
b65d8b67a08469da3e27d6fa4ea76415cb83848f6e5ec7d7446ea39c259d5d446bfaf2f004d0d659438681e34f5a9d10ef827f1d0ab21aee044318428ecfd870

Download Submit
C:\Windows\System\qDikEvV.exe

Filesize
2.1MB

MD5
443d23a83fe541f9def89328b37f9aab

SHA1
3aef2bba3a51ec2d90185f0f05f5e857657f4112

SHA256
c5e0817ed624ac2ea97271e7231a392fe9ecfeafd060835e17c3b11dc7511116

SHA512
0415f24cdf42c7d9681c01a43f2449947a9e0c1c7a1d6fa7be0dec38f0a5b6e0b3a60eb3b287f54d78ba81c45066e90eabe0662fddbe608b738b2a584007f149

Download Submit
C:\Windows\System\qOVjxfW.exe

Filesize
2.1MB

MD5
9b4f798e17f7e70516c5d4be72925dd8

SHA1
0f9c6759acb6b7d4728dcfe8dc20f33ead54920d

SHA256
2c5760bbf312c334e2f1882266eefb59035d1875a1199994c4b3acac32aa0b4b

SHA512
7359db79de4a99e05a0dfd2b6709b3ed96d8728ee4348825372a85c36d68a7c313085ec953a2668f02d3af0d4624c7ff3bb9a5da97e8bca614e20b9d73d3de1f

Download Submit
C:\Windows\System\vBNtSpg.exe

Filesize
2.1MB

MD5
b80d5ce637e72e3695ed7f229143936d

SHA1
4f43aa2481f91989fa7b5c6e0e2b5c255b7b9be9

SHA256
f356d90c65345d1b27d93af453d4c1ad354294376a8b4cea1310ab517debd423

SHA512
ad4af4a0c44f91cb82575236a50ad7351476678e7a565c09416f3a0f3ee1b29ac6b721b356863da4d6546421d8af53d68fbf5d9570eed4660a9b850a2758499d

Download Submit
C:\Windows\System\wDyMLZI.exe

Filesize
2.1MB

MD5
9b601fd695b8cba40290b6ad2fd3841e

SHA1
0532ea4c410fc3a045138e432a8264def2326ca5

SHA256
7d65881725622cc7834623454ef43b75e4b0e2c1533edb021c696cf98a82c155

SHA512
a15f83eafc3144ae1218c40610a0226c0173006d19c448a0f8ec49b4ab73f39e49ed445963a8e2a3073e7fab33a5e0b386e42afa8e74fd0a58250b47b9cdd0a3

Download Submit
C:\Windows\System\wJkTlJQ.exe

Filesize
2.1MB

MD5
ae46f4274a69ee1f694e3cec48c824a3

SHA1
70c32ec3b470d01c881eb26fba9c9437a5be537e

SHA256
f66efd8fd33484913ea2dfafdbe1a471f6b0bac9c7bc48d179fb8363c5beaa60

SHA512
db4c0be2cca0bbb155216db643bb2fb05c272cd7b36b3ae4f6ee9eb885dc71b801f493f8ed4ccb8204c350da1cf921ab26f1e7362f5b031a6ce46412f6fdd4fb

Download Submit
C:\Windows\System\wWDMoAK.exe

Filesize
2.1MB

MD5
28e64b4ac4bd716c87e27e1eda4ccc5b

SHA1
ed0f3cec0f2d4712adb38e067d1aad1dd62a3b34

SHA256
b2954e74fe17d3357554c52886c8c3798fb9cafb1c93f493d0462a3a234d4ddf

SHA512
35ce3882275aa3d50d2818a4399eb2475fede98aa1ebec387054d17d05fcb2bcc5ec5b516566839c87f3150c9d7e31bff1ec893216b217636e4c24ed53344399

Download Submit
C:\Windows\System\ybZOTcP.exe

Filesize
2.1MB

MD5
648b458093dc4911cb053af78243d2f6

SHA1
0eaf96ad186ff5df661c90381a72fc2774cf8aa0

SHA256
834122b161839f1981aefbf1b0301f979a2541c4890c47d768b95f1eea620e92

SHA512
6784bc96f32e032cf0619f52c38f8409675e1da0386fbd3e958a4b08b9b4c95dc79db9212e7ed8d2d76a2b6dc6ab6e3ba95d1dca5c75e328d0efb63775c08987

Download Submit
C:\Windows\System\zXeulZv.exe

Filesize
2.1MB

MD5
c31439d4072c461c9e3caa15f7f4f194

SHA1
4632d1a4fbbbff51749dda4d3dc5656710808ae9

SHA256
ad12e0c01746fedf7f28a36d2e9eefe936304739d98463606b66d563e5b59a55

SHA512
fbfadc77813cee795af438711e0fa914f01c56a4ed72d750a8e9fafd69920070658454df888a6a8097a3ec0cb5e373d17cc4ac0a9c68913aa26dc51fdc2614c9

Download Submit
memory/4404-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download