kpot | 361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
Size

2.1MB
MD5

6a3fa4228ab6b7740ecd16784d655e50
SHA1

ba078f2c4dec393d9a15ecbc43d3102f00c47951
SHA256

361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3
SHA512

5ce3183952a364cb133e47e9334384c740601ead100f6cfe4d8c399407f6a5b6792def78d955378e0a1560d9959de9d8edd6802fe8e408a4e118518ea15d1f77
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rBU:GemTLkNdfE0pZaQ6

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00070000000235e1-18.dat	family_kpot
behavioral2/files/0x00070000000235e3-30.dat	family_kpot
behavioral2/files/0x00070000000235e4-34.dat	family_kpot
behavioral2/files/0x00070000000235e9-58.dat	family_kpot
behavioral2/files/0x00070000000235ec-75.dat	family_kpot
behavioral2/files/0x00070000000235ed-80.dat	family_kpot
behavioral2/files/0x00070000000235ef-90.dat	family_kpot
behavioral2/files/0x00070000000235f1-100.dat	family_kpot
behavioral2/files/0x00070000000235f2-104.dat	family_kpot
behavioral2/files/0x00070000000235f4-118.dat	family_kpot
behavioral2/files/0x00070000000235fa-148.dat	family_kpot
behavioral2/files/0x00070000000235fe-162.dat	family_kpot
behavioral2/files/0x00070000000235fc-158.dat	family_kpot
behavioral2/files/0x00070000000235fd-157.dat	family_kpot
behavioral2/files/0x00070000000235fb-152.dat	family_kpot
behavioral2/files/0x00070000000235f9-143.dat	family_kpot
behavioral2/files/0x00070000000235f8-138.dat	family_kpot
behavioral2/files/0x00070000000235f7-133.dat	family_kpot
behavioral2/files/0x00070000000235f6-125.dat	family_kpot
behavioral2/files/0x00070000000235f5-123.dat	family_kpot
behavioral2/files/0x00070000000235f3-110.dat	family_kpot
behavioral2/files/0x00070000000235f0-95.dat	family_kpot
behavioral2/files/0x00070000000235ee-85.dat	family_kpot
behavioral2/files/0x00070000000235eb-70.dat	family_kpot
behavioral2/files/0x00070000000235ea-63.dat	family_kpot
behavioral2/files/0x00070000000235e8-53.dat	family_kpot
behavioral2/files/0x00070000000235e7-51.dat	family_kpot
behavioral2/files/0x00070000000235e6-45.dat	family_kpot
behavioral2/files/0x00070000000235e5-40.dat	family_kpot
behavioral2/files/0x00070000000235e2-25.dat	family_kpot
behavioral2/files/0x00070000000235e0-15.dat	family_kpot
behavioral2/files/0x00070000000235df-10.dat	family_kpot
behavioral2/files/0x00080000000235db-5.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x00070000000235e1-18.dat	xmrig
behavioral2/files/0x00070000000235e3-30.dat	xmrig
behavioral2/files/0x00070000000235e4-34.dat	xmrig
behavioral2/files/0x00070000000235e9-58.dat	xmrig
behavioral2/files/0x00070000000235ec-75.dat	xmrig
behavioral2/files/0x00070000000235ed-80.dat	xmrig
behavioral2/files/0x00070000000235ef-90.dat	xmrig
behavioral2/files/0x00070000000235f1-100.dat	xmrig
behavioral2/files/0x00070000000235f2-104.dat	xmrig
behavioral2/files/0x00070000000235f4-118.dat	xmrig
behavioral2/files/0x00070000000235fa-148.dat	xmrig
behavioral2/files/0x00070000000235fe-162.dat	xmrig
behavioral2/files/0x00070000000235fc-158.dat	xmrig
behavioral2/files/0x00070000000235fd-157.dat	xmrig
behavioral2/files/0x00070000000235fb-152.dat	xmrig
behavioral2/files/0x00070000000235f9-143.dat	xmrig
behavioral2/files/0x00070000000235f8-138.dat	xmrig
behavioral2/files/0x00070000000235f7-133.dat	xmrig
behavioral2/files/0x00070000000235f6-125.dat	xmrig
behavioral2/files/0x00070000000235f5-123.dat	xmrig
behavioral2/files/0x00070000000235f3-110.dat	xmrig
behavioral2/files/0x00070000000235f0-95.dat	xmrig
behavioral2/files/0x00070000000235ee-85.dat	xmrig
behavioral2/files/0x00070000000235eb-70.dat	xmrig
behavioral2/files/0x00070000000235ea-63.dat	xmrig
behavioral2/files/0x00070000000235e8-53.dat	xmrig
behavioral2/files/0x00070000000235e7-51.dat	xmrig
behavioral2/files/0x00070000000235e6-45.dat	xmrig
behavioral2/files/0x00070000000235e5-40.dat	xmrig
behavioral2/files/0x00070000000235e2-25.dat	xmrig
behavioral2/files/0x00070000000235e0-15.dat	xmrig
behavioral2/files/0x00070000000235df-10.dat	xmrig
behavioral2/files/0x00080000000235db-5.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3376	yBKjCaJ.exe
8	dXZcUrG.exe
732	RHuPQEZ.exe
2600	TjqXMvN.exe
1220	gtatSvP.exe
4652	VehIPdZ.exe
3296	NouNGlr.exe
1032	DZksYXt.exe
1068	kVzbQkT.exe
2488	UTtdooS.exe
4144	IukePtD.exe
400	nbJxgFY.exe
1268	AEXwnqa.exe
3300	zCdLTvu.exe
3188	ylYXpPF.exe
644	blvgVeO.exe
4004	lnizJdt.exe
4700	SfBSUtK.exe
5056	rcteJOD.exe
4364	IckxoEv.exe
1708	trFtszp.exe
2884	Nstzbdz.exe
1680	uaTLAMf.exe
4804	xSKbmlR.exe
4156	XcGJNkV.exe
4112	QHLXaTx.exe
2724	sVvLnqa.exe
3648	ookHVXr.exe
4884	HZboRkV.exe
3384	QaIqiMc.exe
4592	wGIKORt.exe
1876	uXalSAf.exe
3168	niWxGfe.exe
4292	xoaujkw.exe
212	nvKzFRm.exe
3164	CmFeqHk.exe
1908	hRWOHyg.exe
840	OPAbfDF.exe
1352	iGzxbbp.exe
2968	SJqlFlV.exe
4736	bzPjkuc.exe
1484	QkigKGD.exe
4540	LIeslRP.exe
1456	pFfmqvm.exe
1668	huILvYM.exe
1468	JiJZaCA.exe
5048	EakrAgV.exe
4792	YQEYTgn.exe
884	ftOKazg.exe
4980	fPrgmvN.exe
3756	GlTQvFU.exe
3868	hSQdHYk.exe
2140	mjuDdqo.exe
2536	ebBSbuM.exe
1972	ssxSGsK.exe
4832	QipQWdQ.exe
5136	ykFlEOB.exe
5164	XofDKTz.exe
5188	RTVtDhH.exe
5224	xgcfqNU.exe
5248	gWBXogy.exe
5276	DyMenBN.exe
5296	yhsiVhW.exe
5320	ezkKDZe.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eYroNWq.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\WUyhUke.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\CwgeGNw.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\Nstzbdz.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\IECsbgJ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\OuTiwXo.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\wFBPBqZ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\RHTzeMZ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\yBKjCaJ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\ssxSGsK.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\AEXwnqa.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\qdsKtau.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\ADguXzB.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\RHuPQEZ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\nbJxgFY.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\myaYRqX.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\lqQmwIl.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\yhsiVhW.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\KkdHLsx.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\zsPHfzW.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\YDEsAWq.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\xSKbmlR.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\jJJGvaW.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\qJGHGOM.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\UCyuMuG.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\ThGSyKL.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\UjuYEjo.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\hGnpwkY.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\QyUTmua.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\EakrAgV.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\rGBllff.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\wGIKORt.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\aBedfVZ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\NETNJuy.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\UTtdooS.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\ookHVXr.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\YFyamkt.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\lVBqAll.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\gWBXogy.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\KvFRWWm.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\KsEYoWz.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\uIJMKHH.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\dWEyhxo.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\jissiKO.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\NjLHPUF.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\sQnyrSH.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\kcEGJsd.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\UFglesY.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\xTzflnx.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\SfBSUtK.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\AojdbpW.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\eWOOPFX.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\dZzyfMP.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\SbzpSJV.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\YmpIIvE.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\OaaXoXJ.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\JexSZPu.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\ueHOqKu.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\VMYfang.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\heGikvl.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\crnRUZk.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\KBWLMjH.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\NouNGlr.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
File created	C:\Windows\System\uaTLAMf.exe	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3376	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	90
PID 4448 wrote to memory of 3376	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	90
PID 4448 wrote to memory of 8	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	91
PID 4448 wrote to memory of 8	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	91
PID 4448 wrote to memory of 732	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	92
PID 4448 wrote to memory of 732	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	92
PID 4448 wrote to memory of 2600	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	93
PID 4448 wrote to memory of 2600	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	93
PID 4448 wrote to memory of 1220	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	94
PID 4448 wrote to memory of 1220	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	94
PID 4448 wrote to memory of 4652	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	95
PID 4448 wrote to memory of 4652	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	95
PID 4448 wrote to memory of 3296	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	96
PID 4448 wrote to memory of 3296	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	96
PID 4448 wrote to memory of 1032	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	97
PID 4448 wrote to memory of 1032	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	97
PID 4448 wrote to memory of 1068	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	98
PID 4448 wrote to memory of 1068	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	98
PID 4448 wrote to memory of 2488	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	99
PID 4448 wrote to memory of 2488	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	99
PID 4448 wrote to memory of 4144	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	100
PID 4448 wrote to memory of 4144	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	100
PID 4448 wrote to memory of 400	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	101
PID 4448 wrote to memory of 400	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	101
PID 4448 wrote to memory of 1268	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	102
PID 4448 wrote to memory of 1268	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	102
PID 4448 wrote to memory of 3300	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	103
PID 4448 wrote to memory of 3300	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	103
PID 4448 wrote to memory of 3188	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	104
PID 4448 wrote to memory of 3188	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	104
PID 4448 wrote to memory of 644	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	105
PID 4448 wrote to memory of 644	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	105
PID 4448 wrote to memory of 4004	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	106
PID 4448 wrote to memory of 4004	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	106
PID 4448 wrote to memory of 4700	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	107
PID 4448 wrote to memory of 4700	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	107
PID 4448 wrote to memory of 5056	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	108
PID 4448 wrote to memory of 5056	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	108
PID 4448 wrote to memory of 4364	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	109
PID 4448 wrote to memory of 4364	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	109
PID 4448 wrote to memory of 1708	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	111
PID 4448 wrote to memory of 1708	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	111
PID 4448 wrote to memory of 2884	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	112
PID 4448 wrote to memory of 2884	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	112
PID 4448 wrote to memory of 1680	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	114
PID 4448 wrote to memory of 1680	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	114
PID 4448 wrote to memory of 4804	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	115
PID 4448 wrote to memory of 4804	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	115
PID 4448 wrote to memory of 4156	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	116
PID 4448 wrote to memory of 4156	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	116
PID 4448 wrote to memory of 4112	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	117
PID 4448 wrote to memory of 4112	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	117
PID 4448 wrote to memory of 2724	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	118
PID 4448 wrote to memory of 2724	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	118
PID 4448 wrote to memory of 3648	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	119
PID 4448 wrote to memory of 3648	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	119
PID 4448 wrote to memory of 4884	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	120
PID 4448 wrote to memory of 4884	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	120
PID 4448 wrote to memory of 3384	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	121
PID 4448 wrote to memory of 3384	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	121
PID 4448 wrote to memory of 4592	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	122
PID 4448 wrote to memory of 4592	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	122
PID 4448 wrote to memory of 1876	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	123
PID 4448 wrote to memory of 1876	4448	361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe	123

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:952

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\361e54155d4032df67ff0339dbe286433820d502a29d78536cfbcb48d5444dd3_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\System\yBKjCaJ.exe
  C:\Windows\System\yBKjCaJ.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\dXZcUrG.exe
  C:\Windows\System\dXZcUrG.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\RHuPQEZ.exe
  C:\Windows\System\RHuPQEZ.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\TjqXMvN.exe
  C:\Windows\System\TjqXMvN.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\gtatSvP.exe
  C:\Windows\System\gtatSvP.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\VehIPdZ.exe
  C:\Windows\System\VehIPdZ.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\NouNGlr.exe
  C:\Windows\System\NouNGlr.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\DZksYXt.exe
  C:\Windows\System\DZksYXt.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\kVzbQkT.exe
  C:\Windows\System\kVzbQkT.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\UTtdooS.exe
  C:\Windows\System\UTtdooS.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\IukePtD.exe
  C:\Windows\System\IukePtD.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\nbJxgFY.exe
  C:\Windows\System\nbJxgFY.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\AEXwnqa.exe
  C:\Windows\System\AEXwnqa.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\zCdLTvu.exe
  C:\Windows\System\zCdLTvu.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\ylYXpPF.exe
  C:\Windows\System\ylYXpPF.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\blvgVeO.exe
  C:\Windows\System\blvgVeO.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\lnizJdt.exe
  C:\Windows\System\lnizJdt.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\SfBSUtK.exe
  C:\Windows\System\SfBSUtK.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\rcteJOD.exe
  C:\Windows\System\rcteJOD.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\IckxoEv.exe
  C:\Windows\System\IckxoEv.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\trFtszp.exe
  C:\Windows\System\trFtszp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\Nstzbdz.exe
  C:\Windows\System\Nstzbdz.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\uaTLAMf.exe
  C:\Windows\System\uaTLAMf.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\xSKbmlR.exe
  C:\Windows\System\xSKbmlR.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\XcGJNkV.exe
  C:\Windows\System\XcGJNkV.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\QHLXaTx.exe
  C:\Windows\System\QHLXaTx.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\sVvLnqa.exe
  C:\Windows\System\sVvLnqa.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ookHVXr.exe
  C:\Windows\System\ookHVXr.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\HZboRkV.exe
  C:\Windows\System\HZboRkV.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\QaIqiMc.exe
  C:\Windows\System\QaIqiMc.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\wGIKORt.exe
  C:\Windows\System\wGIKORt.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\uXalSAf.exe
  C:\Windows\System\uXalSAf.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\niWxGfe.exe
  C:\Windows\System\niWxGfe.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\xoaujkw.exe
  C:\Windows\System\xoaujkw.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\nvKzFRm.exe
  C:\Windows\System\nvKzFRm.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\CmFeqHk.exe
  C:\Windows\System\CmFeqHk.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\hRWOHyg.exe
  C:\Windows\System\hRWOHyg.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OPAbfDF.exe
  C:\Windows\System\OPAbfDF.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\iGzxbbp.exe
  C:\Windows\System\iGzxbbp.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\SJqlFlV.exe
  C:\Windows\System\SJqlFlV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\bzPjkuc.exe
  C:\Windows\System\bzPjkuc.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\QkigKGD.exe
  C:\Windows\System\QkigKGD.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LIeslRP.exe
  C:\Windows\System\LIeslRP.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\pFfmqvm.exe
  C:\Windows\System\pFfmqvm.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\huILvYM.exe
  C:\Windows\System\huILvYM.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\JiJZaCA.exe
  C:\Windows\System\JiJZaCA.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\EakrAgV.exe
  C:\Windows\System\EakrAgV.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\YQEYTgn.exe
  C:\Windows\System\YQEYTgn.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\ftOKazg.exe
  C:\Windows\System\ftOKazg.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\fPrgmvN.exe
  C:\Windows\System\fPrgmvN.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\GlTQvFU.exe
  C:\Windows\System\GlTQvFU.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\hSQdHYk.exe
  C:\Windows\System\hSQdHYk.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\mjuDdqo.exe
  C:\Windows\System\mjuDdqo.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ebBSbuM.exe
  C:\Windows\System\ebBSbuM.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ssxSGsK.exe
  C:\Windows\System\ssxSGsK.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\QipQWdQ.exe
  C:\Windows\System\QipQWdQ.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\ykFlEOB.exe
  C:\Windows\System\ykFlEOB.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\XofDKTz.exe
  C:\Windows\System\XofDKTz.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\RTVtDhH.exe
  C:\Windows\System\RTVtDhH.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\xgcfqNU.exe
  C:\Windows\System\xgcfqNU.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\gWBXogy.exe
  C:\Windows\System\gWBXogy.exe
  2⤵
  - Executes dropped EXE
  PID:5248
- C:\Windows\System\DyMenBN.exe
  C:\Windows\System\DyMenBN.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\yhsiVhW.exe
  C:\Windows\System\yhsiVhW.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\ezkKDZe.exe
  C:\Windows\System\ezkKDZe.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\SDPZsBH.exe
  C:\Windows\System\SDPZsBH.exe
  2⤵
  PID:5352
- C:\Windows\System\rJuqGpT.exe
  C:\Windows\System\rJuqGpT.exe
  2⤵
  PID:5376
- C:\Windows\System\KvFRWWm.exe
  C:\Windows\System\KvFRWWm.exe
  2⤵
  PID:5404
- C:\Windows\System\oukzReH.exe
  C:\Windows\System\oukzReH.exe
  2⤵
  PID:5428
- C:\Windows\System\jjdgzRK.exe
  C:\Windows\System\jjdgzRK.exe
  2⤵
  PID:5460
- C:\Windows\System\VtxfhgE.exe
  C:\Windows\System\VtxfhgE.exe
  2⤵
  PID:5488
- C:\Windows\System\kcEGJsd.exe
  C:\Windows\System\kcEGJsd.exe
  2⤵
  PID:5512
- C:\Windows\System\InRVDNS.exe
  C:\Windows\System\InRVDNS.exe
  2⤵
  PID:5540
- C:\Windows\System\aBedfVZ.exe
  C:\Windows\System\aBedfVZ.exe
  2⤵
  PID:5568
- C:\Windows\System\HSnSmps.exe
  C:\Windows\System\HSnSmps.exe
  2⤵
  PID:5596
- C:\Windows\System\FKuNhQl.exe
  C:\Windows\System\FKuNhQl.exe
  2⤵
  PID:5624
- C:\Windows\System\JexSZPu.exe
  C:\Windows\System\JexSZPu.exe
  2⤵
  PID:5652
- C:\Windows\System\KkdHLsx.exe
  C:\Windows\System\KkdHLsx.exe
  2⤵
  PID:5684
- C:\Windows\System\fqadpGn.exe
  C:\Windows\System\fqadpGn.exe
  2⤵
  PID:5712
- C:\Windows\System\ueHOqKu.exe
  C:\Windows\System\ueHOqKu.exe
  2⤵
  PID:5736
- C:\Windows\System\DcSdWPu.exe
  C:\Windows\System\DcSdWPu.exe
  2⤵
  PID:5764
- C:\Windows\System\VRZrOKs.exe
  C:\Windows\System\VRZrOKs.exe
  2⤵
  PID:5796
- C:\Windows\System\HiHejJV.exe
  C:\Windows\System\HiHejJV.exe
  2⤵
  PID:5824
- C:\Windows\System\IECsbgJ.exe
  C:\Windows\System\IECsbgJ.exe
  2⤵
  PID:5852
- C:\Windows\System\myaYRqX.exe
  C:\Windows\System\myaYRqX.exe
  2⤵
  PID:5880
- C:\Windows\System\NtzsiuZ.exe
  C:\Windows\System\NtzsiuZ.exe
  2⤵
  PID:5908
- C:\Windows\System\MkPATBa.exe
  C:\Windows\System\MkPATBa.exe
  2⤵
  PID:5936
- C:\Windows\System\DrsHqqO.exe
  C:\Windows\System\DrsHqqO.exe
  2⤵
  PID:5964
- C:\Windows\System\UlgXOxF.exe
  C:\Windows\System\UlgXOxF.exe
  2⤵
  PID:5992
- C:\Windows\System\meMhsnd.exe
  C:\Windows\System\meMhsnd.exe
  2⤵
  PID:6020
- C:\Windows\System\uIJMKHH.exe
  C:\Windows\System\uIJMKHH.exe
  2⤵
  PID:6048
- C:\Windows\System\oiDKjgo.exe
  C:\Windows\System\oiDKjgo.exe
  2⤵
  PID:6076
- C:\Windows\System\SVniGDi.exe
  C:\Windows\System\SVniGDi.exe
  2⤵
  PID:6104
- C:\Windows\System\rGBllff.exe
  C:\Windows\System\rGBllff.exe
  2⤵
  PID:6132
- C:\Windows\System\JgRKzir.exe
  C:\Windows\System\JgRKzir.exe
  2⤵
  PID:632
- C:\Windows\System\bcVqiVy.exe
  C:\Windows\System\bcVqiVy.exe
  2⤵
  PID:4436
- C:\Windows\System\rCUzPaF.exe
  C:\Windows\System\rCUzPaF.exe
  2⤵
  PID:1764
- C:\Windows\System\lLopvPn.exe
  C:\Windows\System\lLopvPn.exe
  2⤵
  PID:5180
- C:\Windows\System\urODZsc.exe
  C:\Windows\System\urODZsc.exe
  2⤵
  PID:5244
- C:\Windows\System\yocsToo.exe
  C:\Windows\System\yocsToo.exe
  2⤵
  PID:5312
- C:\Windows\System\QRFQpid.exe
  C:\Windows\System\QRFQpid.exe
  2⤵
  PID:5372
- C:\Windows\System\YFyamkt.exe
  C:\Windows\System\YFyamkt.exe
  2⤵
  PID:5424
- C:\Windows\System\nRyEYaG.exe
  C:\Windows\System\nRyEYaG.exe
  2⤵
  PID:5500
- C:\Windows\System\ZvhySZA.exe
  C:\Windows\System\ZvhySZA.exe
  2⤵
  PID:5564
- C:\Windows\System\WUyhUke.exe
  C:\Windows\System\WUyhUke.exe
  2⤵
  PID:5640
- C:\Windows\System\dVaxwNP.exe
  C:\Windows\System\dVaxwNP.exe
  2⤵
  PID:5700
- C:\Windows\System\QVozTHX.exe
  C:\Windows\System\QVozTHX.exe
  2⤵
  PID:5760
- C:\Windows\System\YmpIIvE.exe
  C:\Windows\System\YmpIIvE.exe
  2⤵
  PID:5836
- C:\Windows\System\OuTiwXo.exe
  C:\Windows\System\OuTiwXo.exe
  2⤵
  PID:5892
- C:\Windows\System\BuZtjkv.exe
  C:\Windows\System\BuZtjkv.exe
  2⤵
  PID:5956
- C:\Windows\System\JUWrFUz.exe
  C:\Windows\System\JUWrFUz.exe
  2⤵
  PID:6032
- C:\Windows\System\NywbcfQ.exe
  C:\Windows\System\NywbcfQ.exe
  2⤵
  PID:6092
- C:\Windows\System\UFglesY.exe
  C:\Windows\System\UFglesY.exe
  2⤵
  PID:2700
- C:\Windows\System\JCGAFYm.exe
  C:\Windows\System\JCGAFYm.exe
  2⤵
  PID:2356
- C:\Windows\System\KPIrdFp.exe
  C:\Windows\System\KPIrdFp.exe
  2⤵
  PID:5268
- C:\Windows\System\GZbpUZi.exe
  C:\Windows\System\GZbpUZi.exe
  2⤵
  PID:5420
- C:\Windows\System\tvMbbvI.exe
  C:\Windows\System\tvMbbvI.exe
  2⤵
  PID:5556
- C:\Windows\System\bQhMHse.exe
  C:\Windows\System\bQhMHse.exe
  2⤵
  PID:5728
- C:\Windows\System\zKoVmvq.exe
  C:\Windows\System\zKoVmvq.exe
  2⤵
  PID:5872
- C:\Windows\System\ULCacQj.exe
  C:\Windows\System\ULCacQj.exe
  2⤵
  PID:6060
- C:\Windows\System\qJGHGOM.exe
  C:\Windows\System\qJGHGOM.exe
  2⤵
  PID:5212
- C:\Windows\System\knHmcsq.exe
  C:\Windows\System\knHmcsq.exe
  2⤵
  PID:2640
- C:\Windows\System\WUHdQbX.exe
  C:\Windows\System\WUHdQbX.exe
  2⤵
  PID:1080
- C:\Windows\System\RrypQSU.exe
  C:\Windows\System\RrypQSU.exe
  2⤵
  PID:4576
- C:\Windows\System\vDcngLY.exe
  C:\Windows\System\vDcngLY.exe
  2⤵
  PID:6172
- C:\Windows\System\fcuDNFH.exe
  C:\Windows\System\fcuDNFH.exe
  2⤵
  PID:6196
- C:\Windows\System\YpZjUxx.exe
  C:\Windows\System\YpZjUxx.exe
  2⤵
  PID:6216
- C:\Windows\System\nufcrpC.exe
  C:\Windows\System\nufcrpC.exe
  2⤵
  PID:6232
- C:\Windows\System\EtfZSiy.exe
  C:\Windows\System\EtfZSiy.exe
  2⤵
  PID:6264
- C:\Windows\System\CHPasNb.exe
  C:\Windows\System\CHPasNb.exe
  2⤵
  PID:6312
- C:\Windows\System\rEJZMig.exe
  C:\Windows\System\rEJZMig.exe
  2⤵
  PID:6340
- C:\Windows\System\jlyIUvE.exe
  C:\Windows\System\jlyIUvE.exe
  2⤵
  PID:6360
- C:\Windows\System\EXmKTWn.exe
  C:\Windows\System\EXmKTWn.exe
  2⤵
  PID:6388
- C:\Windows\System\veOwEaE.exe
  C:\Windows\System\veOwEaE.exe
  2⤵
  PID:6412
- C:\Windows\System\MSUFAgw.exe
  C:\Windows\System\MSUFAgw.exe
  2⤵
  PID:6428
- C:\Windows\System\neaCEgB.exe
  C:\Windows\System\neaCEgB.exe
  2⤵
  PID:6444
- C:\Windows\System\jGVQqGv.exe
  C:\Windows\System\jGVQqGv.exe
  2⤵
  PID:6472
- C:\Windows\System\jJJGvaW.exe
  C:\Windows\System\jJJGvaW.exe
  2⤵
  PID:6492
- C:\Windows\System\UCyuMuG.exe
  C:\Windows\System\UCyuMuG.exe
  2⤵
  PID:6512
- C:\Windows\System\vSziPiv.exe
  C:\Windows\System\vSziPiv.exe
  2⤵
  PID:6532
- C:\Windows\System\GBdSHmB.exe
  C:\Windows\System\GBdSHmB.exe
  2⤵
  PID:6556
- C:\Windows\System\qMAHmoX.exe
  C:\Windows\System\qMAHmoX.exe
  2⤵
  PID:6572
- C:\Windows\System\rmMmAeT.exe
  C:\Windows\System\rmMmAeT.exe
  2⤵
  PID:6600
- C:\Windows\System\YJxYNBE.exe
  C:\Windows\System\YJxYNBE.exe
  2⤵
  PID:6616
- C:\Windows\System\zsPHfzW.exe
  C:\Windows\System\zsPHfzW.exe
  2⤵
  PID:6652
- C:\Windows\System\VKbbTbh.exe
  C:\Windows\System\VKbbTbh.exe
  2⤵
  PID:6740
- C:\Windows\System\lKfcNDF.exe
  C:\Windows\System\lKfcNDF.exe
  2⤵
  PID:6772
- C:\Windows\System\mkOcfMM.exe
  C:\Windows\System\mkOcfMM.exe
  2⤵
  PID:6804
- C:\Windows\System\wSgUohK.exe
  C:\Windows\System\wSgUohK.exe
  2⤵
  PID:6836
- C:\Windows\System\WAbWuLa.exe
  C:\Windows\System\WAbWuLa.exe
  2⤵
  PID:6872
- C:\Windows\System\jeBBdWT.exe
  C:\Windows\System\jeBBdWT.exe
  2⤵
  PID:6892
- C:\Windows\System\mzJGgkM.exe
  C:\Windows\System\mzJGgkM.exe
  2⤵
  PID:6924
- C:\Windows\System\BpYsGEJ.exe
  C:\Windows\System\BpYsGEJ.exe
  2⤵
  PID:6956
- C:\Windows\System\wfOSEDy.exe
  C:\Windows\System\wfOSEDy.exe
  2⤵
  PID:6980
- C:\Windows\System\GyGPJaJ.exe
  C:\Windows\System\GyGPJaJ.exe
  2⤵
  PID:6996
- C:\Windows\System\ZcBGiBq.exe
  C:\Windows\System\ZcBGiBq.exe
  2⤵
  PID:7036
- C:\Windows\System\gByKjEj.exe
  C:\Windows\System\gByKjEj.exe
  2⤵
  PID:7052
- C:\Windows\System\pjhcZyU.exe
  C:\Windows\System\pjhcZyU.exe
  2⤵
  PID:7112
- C:\Windows\System\hxFriMt.exe
  C:\Windows\System\hxFriMt.exe
  2⤵
  PID:7132
- C:\Windows\System\xTOuaqZ.exe
  C:\Windows\System\xTOuaqZ.exe
  2⤵
  PID:3184
- C:\Windows\System\RGJbzez.exe
  C:\Windows\System\RGJbzez.exe
  2⤵
  PID:1688
- C:\Windows\System\SqHItkv.exe
  C:\Windows\System\SqHItkv.exe
  2⤵
  PID:6204
- C:\Windows\System\MCsZSCF.exe
  C:\Windows\System\MCsZSCF.exe
  2⤵
  PID:6328
- C:\Windows\System\qdsKtau.exe
  C:\Windows\System\qdsKtau.exe
  2⤵
  PID:6380
- C:\Windows\System\KOZNZCQ.exe
  C:\Windows\System\KOZNZCQ.exe
  2⤵
  PID:6480
- C:\Windows\System\lqQmwIl.exe
  C:\Windows\System\lqQmwIl.exe
  2⤵
  PID:6540
- C:\Windows\System\jissiKO.exe
  C:\Windows\System\jissiKO.exe
  2⤵
  PID:6592
- C:\Windows\System\DnTiiHd.exe
  C:\Windows\System\DnTiiHd.exe
  2⤵
  PID:3684
- C:\Windows\System\PmNfeuL.exe
  C:\Windows\System\PmNfeuL.exe
  2⤵
  PID:6724
- C:\Windows\System\KlpuZAx.exe
  C:\Windows\System\KlpuZAx.exe
  2⤵
  PID:6760
- C:\Windows\System\VMYfang.exe
  C:\Windows\System\VMYfang.exe
  2⤵
  PID:6816
- C:\Windows\System\XADKzpI.exe
  C:\Windows\System\XADKzpI.exe
  2⤵
  PID:6900
- C:\Windows\System\zqPaXwJ.exe
  C:\Windows\System\zqPaXwJ.exe
  2⤵
  PID:3336
- C:\Windows\System\HijwdGh.exe
  C:\Windows\System\HijwdGh.exe
  2⤵
  PID:952
- C:\Windows\System\oUnQNWw.exe
  C:\Windows\System\oUnQNWw.exe
  2⤵
  PID:7028
- C:\Windows\System\wFBPBqZ.exe
  C:\Windows\System\wFBPBqZ.exe
  2⤵
  PID:7104
- C:\Windows\System\BjWEYsm.exe
  C:\Windows\System\BjWEYsm.exe
  2⤵
  PID:3112
- C:\Windows\System\OvjZRta.exe
  C:\Windows\System\OvjZRta.exe
  2⤵
  PID:6224
- C:\Windows\System\nbfMTVF.exe
  C:\Windows\System\nbfMTVF.exe
  2⤵
  PID:6404
- C:\Windows\System\OaaXoXJ.exe
  C:\Windows\System\OaaXoXJ.exe
  2⤵
  PID:6508
- C:\Windows\System\YbgngmZ.exe
  C:\Windows\System\YbgngmZ.exe
  2⤵
  PID:1180
- C:\Windows\System\wpuCBkF.exe
  C:\Windows\System\wpuCBkF.exe
  2⤵
  PID:6832
- C:\Windows\System\XrEUWgu.exe
  C:\Windows\System\XrEUWgu.exe
  2⤵
  PID:3052
- C:\Windows\System\AojdbpW.exe
  C:\Windows\System\AojdbpW.exe
  2⤵
  PID:1664
- C:\Windows\System\NlZXZiE.exe
  C:\Windows\System\NlZXZiE.exe
  2⤵
  PID:6184
- C:\Windows\System\lVBqAll.exe
  C:\Windows\System\lVBqAll.exe
  2⤵
  PID:6544
- C:\Windows\System\iwhxNZb.exe
  C:\Windows\System\iwhxNZb.exe
  2⤵
  PID:6920
- C:\Windows\System\jbBWdmE.exe
  C:\Windows\System\jbBWdmE.exe
  2⤵
  PID:7120
- C:\Windows\System\xoHWiKG.exe
  C:\Windows\System\xoHWiKG.exe
  2⤵
  PID:6528
- C:\Windows\System\jJBoYFR.exe
  C:\Windows\System\jJBoYFR.exe
  2⤵
  PID:6828
- C:\Windows\System\AIRDDeH.exe
  C:\Windows\System\AIRDDeH.exe
  2⤵
  PID:7192
- C:\Windows\System\ThGSyKL.exe
  C:\Windows\System\ThGSyKL.exe
  2⤵
  PID:7232
- C:\Windows\System\KntOYWi.exe
  C:\Windows\System\KntOYWi.exe
  2⤵
  PID:7252
- C:\Windows\System\sBLgYuG.exe
  C:\Windows\System\sBLgYuG.exe
  2⤵
  PID:7300
- C:\Windows\System\PYTGAyN.exe
  C:\Windows\System\PYTGAyN.exe
  2⤵
  PID:7328
- C:\Windows\System\CKVCRbu.exe
  C:\Windows\System\CKVCRbu.exe
  2⤵
  PID:7356
- C:\Windows\System\zAVNeHx.exe
  C:\Windows\System\zAVNeHx.exe
  2⤵
  PID:7384
- C:\Windows\System\ANtZAdz.exe
  C:\Windows\System\ANtZAdz.exe
  2⤵
  PID:7412
- C:\Windows\System\liEstkz.exe
  C:\Windows\System\liEstkz.exe
  2⤵
  PID:7440
- C:\Windows\System\dWEyhxo.exe
  C:\Windows\System\dWEyhxo.exe
  2⤵
  PID:7468
- C:\Windows\System\CJrIwRM.exe
  C:\Windows\System\CJrIwRM.exe
  2⤵
  PID:7496
- C:\Windows\System\cmgXNsU.exe
  C:\Windows\System\cmgXNsU.exe
  2⤵
  PID:7512
- C:\Windows\System\RbXTVNY.exe
  C:\Windows\System\RbXTVNY.exe
  2⤵
  PID:7552
- C:\Windows\System\TOGtzne.exe
  C:\Windows\System\TOGtzne.exe
  2⤵
  PID:7580
- C:\Windows\System\eWOOPFX.exe
  C:\Windows\System\eWOOPFX.exe
  2⤵
  PID:7608
- C:\Windows\System\uVShoYh.exe
  C:\Windows\System\uVShoYh.exe
  2⤵
  PID:7636
- C:\Windows\System\JstcIjd.exe
  C:\Windows\System\JstcIjd.exe
  2⤵
  PID:7668
- C:\Windows\System\OfgRMJU.exe
  C:\Windows\System\OfgRMJU.exe
  2⤵
  PID:7684
- C:\Windows\System\xQOXTOS.exe
  C:\Windows\System\xQOXTOS.exe
  2⤵
  PID:7724
- C:\Windows\System\bxhiSFU.exe
  C:\Windows\System\bxhiSFU.exe
  2⤵
  PID:7764
- C:\Windows\System\syBnTMh.exe
  C:\Windows\System\syBnTMh.exe
  2⤵
  PID:7780
- C:\Windows\System\dZzyfMP.exe
  C:\Windows\System\dZzyfMP.exe
  2⤵
  PID:7808
- C:\Windows\System\pePGPVP.exe
  C:\Windows\System\pePGPVP.exe
  2⤵
  PID:7840
- C:\Windows\System\lXOdybH.exe
  C:\Windows\System\lXOdybH.exe
  2⤵
  PID:7864
- C:\Windows\System\YuyxPUv.exe
  C:\Windows\System\YuyxPUv.exe
  2⤵
  PID:7880
- C:\Windows\System\hKnRgfs.exe
  C:\Windows\System\hKnRgfs.exe
  2⤵
  PID:7916
- C:\Windows\System\HuyLJBh.exe
  C:\Windows\System\HuyLJBh.exe
  2⤵
  PID:7948
- C:\Windows\System\BulqATa.exe
  C:\Windows\System\BulqATa.exe
  2⤵
  PID:7984
- C:\Windows\System\jVBnQAj.exe
  C:\Windows\System\jVBnQAj.exe
  2⤵
  PID:8012
- C:\Windows\System\gPZkZQR.exe
  C:\Windows\System\gPZkZQR.exe
  2⤵
  PID:8044
- C:\Windows\System\hEGBOGu.exe
  C:\Windows\System\hEGBOGu.exe
  2⤵
  PID:8076
- C:\Windows\System\civEJDx.exe
  C:\Windows\System\civEJDx.exe
  2⤵
  PID:8104
- C:\Windows\System\wFWLlPY.exe
  C:\Windows\System\wFWLlPY.exe
  2⤵
  PID:8120
- C:\Windows\System\ryPaYTi.exe
  C:\Windows\System\ryPaYTi.exe
  2⤵
  PID:8160
- C:\Windows\System\wCcBLGl.exe
  C:\Windows\System\wCcBLGl.exe
  2⤵
  PID:8188
- C:\Windows\System\mYpUEZI.exe
  C:\Windows\System\mYpUEZI.exe
  2⤵
  PID:7176
- C:\Windows\System\kVlxOnC.exe
  C:\Windows\System\kVlxOnC.exe
  2⤵
  PID:7244
- C:\Windows\System\Qraydns.exe
  C:\Windows\System\Qraydns.exe
  2⤵
  PID:7272
- C:\Windows\System\WOJKbzB.exe
  C:\Windows\System\WOJKbzB.exe
  2⤵
  PID:7312
- C:\Windows\System\TPsdiKO.exe
  C:\Windows\System\TPsdiKO.exe
  2⤵
  PID:7348
- C:\Windows\System\zphIprI.exe
  C:\Windows\System\zphIprI.exe
  2⤵
  PID:7452
- C:\Windows\System\dBxSneJ.exe
  C:\Windows\System\dBxSneJ.exe
  2⤵
  PID:7540
- C:\Windows\System\heGikvl.exe
  C:\Windows\System\heGikvl.exe
  2⤵
  PID:7620
- C:\Windows\System\mIEfXFA.exe
  C:\Windows\System\mIEfXFA.exe
  2⤵
  PID:7696
- C:\Windows\System\crnRUZk.exe
  C:\Windows\System\crnRUZk.exe
  2⤵
  PID:7752
- C:\Windows\System\XLDJuhh.exe
  C:\Windows\System\XLDJuhh.exe
  2⤵
  PID:7820
- C:\Windows\System\OwIGjyn.exe
  C:\Windows\System\OwIGjyn.exe
  2⤵
  PID:7876
- C:\Windows\System\moMRvKc.exe
  C:\Windows\System\moMRvKc.exe
  2⤵
  PID:7908
- C:\Windows\System\yYBJSRW.exe
  C:\Windows\System\yYBJSRW.exe
  2⤵
  PID:7996
- C:\Windows\System\wmOnDLR.exe
  C:\Windows\System\wmOnDLR.exe
  2⤵
  PID:8068
- C:\Windows\System\XCDxmto.exe
  C:\Windows\System\XCDxmto.exe
  2⤵
  PID:8132
- C:\Windows\System\hVvSDfQ.exe
  C:\Windows\System\hVvSDfQ.exe
  2⤵
  PID:1964
- C:\Windows\System\YYEmMfF.exe
  C:\Windows\System\YYEmMfF.exe
  2⤵
  PID:7340
- C:\Windows\System\UjuYEjo.exe
  C:\Windows\System\UjuYEjo.exe
  2⤵
  PID:7408
- C:\Windows\System\OyAcGON.exe
  C:\Windows\System\OyAcGON.exe
  2⤵
  PID:7524
- C:\Windows\System\veaaGIU.exe
  C:\Windows\System\veaaGIU.exe
  2⤵
  PID:7720
- C:\Windows\System\yngKASZ.exe
  C:\Windows\System\yngKASZ.exe
  2⤵
  PID:2524
- C:\Windows\System\KsEYoWz.exe
  C:\Windows\System\KsEYoWz.exe
  2⤵
  PID:8028
- C:\Windows\System\hGnpwkY.exe
  C:\Windows\System\hGnpwkY.exe
  2⤵
  PID:8116
- C:\Windows\System\KOoBZou.exe
  C:\Windows\System\KOoBZou.exe
  2⤵
  PID:7208
- C:\Windows\System\oRhaFGz.exe
  C:\Windows\System\oRhaFGz.exe
  2⤵
  PID:7592
- C:\Windows\System\bguptFx.exe
  C:\Windows\System\bguptFx.exe
  2⤵
  PID:7904
- C:\Windows\System\NETNJuy.exe
  C:\Windows\System\NETNJuy.exe
  2⤵
  PID:1464
- C:\Windows\System\EQWjPrq.exe
  C:\Windows\System\EQWjPrq.exe
  2⤵
  PID:8096
- C:\Windows\System\KBWLMjH.exe
  C:\Windows\System\KBWLMjH.exe
  2⤵
  PID:2948
- C:\Windows\System\ablHvEo.exe
  C:\Windows\System\ablHvEo.exe
  2⤵
  PID:8204
- C:\Windows\System\GZJcVZK.exe
  C:\Windows\System\GZJcVZK.exe
  2⤵
  PID:8236
- C:\Windows\System\KrIlaDm.exe
  C:\Windows\System\KrIlaDm.exe
  2⤵
  PID:8284
- C:\Windows\System\VbTdIUG.exe
  C:\Windows\System\VbTdIUG.exe
  2⤵
  PID:8308
- C:\Windows\System\axjMRVX.exe
  C:\Windows\System\axjMRVX.exe
  2⤵
  PID:8344
- C:\Windows\System\RHTzeMZ.exe
  C:\Windows\System\RHTzeMZ.exe
  2⤵
  PID:8388
- C:\Windows\System\GRuRmfu.exe
  C:\Windows\System\GRuRmfu.exe
  2⤵
  PID:8416
- C:\Windows\System\CwgeGNw.exe
  C:\Windows\System\CwgeGNw.exe
  2⤵
  PID:8444
- C:\Windows\System\meyyaqw.exe
  C:\Windows\System\meyyaqw.exe
  2⤵
  PID:8472
- C:\Windows\System\SdGPVYd.exe
  C:\Windows\System\SdGPVYd.exe
  2⤵
  PID:8500
- C:\Windows\System\bzDQnXN.exe
  C:\Windows\System\bzDQnXN.exe
  2⤵
  PID:8528
- C:\Windows\System\IkPFoHm.exe
  C:\Windows\System\IkPFoHm.exe
  2⤵
  PID:8556
- C:\Windows\System\HIKlvyh.exe
  C:\Windows\System\HIKlvyh.exe
  2⤵
  PID:8584
- C:\Windows\System\pRSiHNz.exe
  C:\Windows\System\pRSiHNz.exe
  2⤵
  PID:8612
- C:\Windows\System\MPhNqOA.exe
  C:\Windows\System\MPhNqOA.exe
  2⤵
  PID:8640
- C:\Windows\System\jYfMCcd.exe
  C:\Windows\System\jYfMCcd.exe
  2⤵
  PID:8668
- C:\Windows\System\GPTjVGn.exe
  C:\Windows\System\GPTjVGn.exe
  2⤵
  PID:8696
- C:\Windows\System\gtkJFrG.exe
  C:\Windows\System\gtkJFrG.exe
  2⤵
  PID:8724
- C:\Windows\System\ZbgFiXt.exe
  C:\Windows\System\ZbgFiXt.exe
  2⤵
  PID:8752
- C:\Windows\System\MzhkvEB.exe
  C:\Windows\System\MzhkvEB.exe
  2⤵
  PID:8780
- C:\Windows\System\SbzpSJV.exe
  C:\Windows\System\SbzpSJV.exe
  2⤵
  PID:8808
- C:\Windows\System\pXpFHdZ.exe
  C:\Windows\System\pXpFHdZ.exe
  2⤵
  PID:8836
- C:\Windows\System\AzLBQGv.exe
  C:\Windows\System\AzLBQGv.exe
  2⤵
  PID:8864
- C:\Windows\System\lNgdHWg.exe
  C:\Windows\System\lNgdHWg.exe
  2⤵
  PID:8892
- C:\Windows\System\vHQQNyG.exe
  C:\Windows\System\vHQQNyG.exe
  2⤵
  PID:8920
- C:\Windows\System\NjLHPUF.exe
  C:\Windows\System\NjLHPUF.exe
  2⤵
  PID:8948
- C:\Windows\System\tVTFmgp.exe
  C:\Windows\System\tVTFmgp.exe
  2⤵
  PID:8976
- C:\Windows\System\tRDVyZl.exe
  C:\Windows\System\tRDVyZl.exe
  2⤵
  PID:9008
- C:\Windows\System\gXzcOaA.exe
  C:\Windows\System\gXzcOaA.exe
  2⤵
  PID:9036
- C:\Windows\System\RRWPSUL.exe
  C:\Windows\System\RRWPSUL.exe
  2⤵
  PID:9064
- C:\Windows\System\sQnyrSH.exe
  C:\Windows\System\sQnyrSH.exe
  2⤵
  PID:9092
- C:\Windows\System\eHeCCuV.exe
  C:\Windows\System\eHeCCuV.exe
  2⤵
  PID:9120
- C:\Windows\System\DTcdvVx.exe
  C:\Windows\System\DTcdvVx.exe
  2⤵
  PID:9148
- C:\Windows\System\EHpYRXf.exe
  C:\Windows\System\EHpYRXf.exe
  2⤵
  PID:9172
- C:\Windows\System\RRIOtyw.exe
  C:\Windows\System\RRIOtyw.exe
  2⤵
  PID:9204
- C:\Windows\System\kigyaOf.exe
  C:\Windows\System\kigyaOf.exe
  2⤵
  PID:8232
- C:\Windows\System\OGnkVPt.exe
  C:\Windows\System\OGnkVPt.exe
  2⤵
  PID:8292
- C:\Windows\System\aQKmqYt.exe
  C:\Windows\System\aQKmqYt.exe
  2⤵
  PID:8384
- C:\Windows\System\JNqFWof.exe
  C:\Windows\System\JNqFWof.exe
  2⤵
  PID:8440
- C:\Windows\System\tDXQpIg.exe
  C:\Windows\System\tDXQpIg.exe
  2⤵
  PID:8516
- C:\Windows\System\lOTdGOK.exe
  C:\Windows\System\lOTdGOK.exe
  2⤵
  PID:8576
- C:\Windows\System\MuNzBDO.exe
  C:\Windows\System\MuNzBDO.exe
  2⤵
  PID:8624
- C:\Windows\System\QyUTmua.exe
  C:\Windows\System\QyUTmua.exe
  2⤵
  PID:8688
- C:\Windows\System\TKEgSGI.exe
  C:\Windows\System\TKEgSGI.exe
  2⤵
  PID:8744
- C:\Windows\System\ADguXzB.exe
  C:\Windows\System\ADguXzB.exe
  2⤵
  PID:8820
- C:\Windows\System\dpRmEoA.exe
  C:\Windows\System\dpRmEoA.exe
  2⤵
  PID:8884
- C:\Windows\System\riyvcym.exe
  C:\Windows\System\riyvcym.exe
  2⤵
  PID:8932
- C:\Windows\System\vyDFMUL.exe
  C:\Windows\System\vyDFMUL.exe
  2⤵
  PID:9028
- C:\Windows\System\OirSygf.exe
  C:\Windows\System\OirSygf.exe
  2⤵
  PID:9112
- C:\Windows\System\zttzOaz.exe
  C:\Windows\System\zttzOaz.exe
  2⤵
  PID:9156
- C:\Windows\System\xuwDdiQ.exe
  C:\Windows\System\xuwDdiQ.exe
  2⤵
  PID:8380
- C:\Windows\System\HNHKwcl.exe
  C:\Windows\System\HNHKwcl.exe
  2⤵
  PID:8552
- C:\Windows\System\vFpeiSD.exe
  C:\Windows\System\vFpeiSD.exe
  2⤵
  PID:8736
- C:\Windows\System\sfBswzf.exe
  C:\Windows\System\sfBswzf.exe
  2⤵
  PID:8988
- C:\Windows\System\AhAjPpC.exe
  C:\Windows\System\AhAjPpC.exe
  2⤵
  PID:5088
- C:\Windows\System\BmYfysh.exe
  C:\Windows\System\BmYfysh.exe
  2⤵
  PID:8544
- C:\Windows\System\PaeypIm.exe
  C:\Windows\System\PaeypIm.exe
  2⤵
  PID:8912
- C:\Windows\System\DnCAlJR.exe
  C:\Windows\System\DnCAlJR.exe
  2⤵
  PID:9236
- C:\Windows\System\iWmZkXO.exe
  C:\Windows\System\iWmZkXO.exe
  2⤵
  PID:9264
- C:\Windows\System\abbZlGw.exe
  C:\Windows\System\abbZlGw.exe
  2⤵
  PID:9312
- C:\Windows\System\zWpNIOG.exe
  C:\Windows\System\zWpNIOG.exe
  2⤵
  PID:9344
- C:\Windows\System\xTzflnx.exe
  C:\Windows\System\xTzflnx.exe
  2⤵
  PID:9392
- C:\Windows\System\rXVYFwY.exe
  C:\Windows\System\rXVYFwY.exe
  2⤵
  PID:9424
- C:\Windows\System\gIfexYi.exe
  C:\Windows\System\gIfexYi.exe
  2⤵
  PID:9440
- C:\Windows\System\YDEsAWq.exe
  C:\Windows\System\YDEsAWq.exe
  2⤵
  PID:9456
- C:\Windows\System\eYroNWq.exe
  C:\Windows\System\eYroNWq.exe
  2⤵
  PID:9472
- C:\Windows\System\vfwVVVt.exe
  C:\Windows\System\vfwVVVt.exe
  2⤵
  PID:9516
- C:\Windows\System\cYwBXtb.exe
  C:\Windows\System\cYwBXtb.exe
  2⤵
  PID:9544
- C:\Windows\System\nQetIGF.exe
  C:\Windows\System\nQetIGF.exe
  2⤵
  PID:9592
- C:\Windows\System\aVhZrto.exe
  C:\Windows\System\aVhZrto.exe
  2⤵
  PID:9620
- C:\Windows\System\pNVdUcZ.exe
  C:\Windows\System\pNVdUcZ.exe
  2⤵
  PID:9648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4216,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
1⤵
PID:7016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AEXwnqa.exe

Filesize
2.1MB

MD5
96fe2e8672f7eb39ca0d9d53962a9615

SHA1
e5ed8961df6d7de1405abe4c65d067c2a3242ca5

SHA256
6aa2cb001266519cb744236de02fb91fd5cce137950dd384274375de2e3a15d0

SHA512
3ac2f024814e0ea99bfe951542fffb9edc956adb6256529c3b13d79c07f356c4e8c49ce8469571703aa827b85f4f1cedc0b55d93402eb09717822726575854ce

Download Submit
C:\Windows\System\DZksYXt.exe

Filesize
2.1MB

MD5
593112ffefec7fd15dd76109fc90a479

SHA1
a9aebbcd2307c1d88e2d2ebf665248758ae5a64f

SHA256
41124a355f807a1a6d3fd9cc0728b41da857031ef2177425cae79c692239a434

SHA512
922c08facc874c7eb721e245e753fc0b53b37b80c1a4f2532336fd3d92d08a72a0cfb6ce235ae2261f6fcf5293e9b7d7065d01a81eb9db0de091918020a60424

Download Submit
C:\Windows\System\HZboRkV.exe

Filesize
2.1MB

MD5
5e8c8f9129a39966cb9b8440117e9880

SHA1
80ddd9a4d48de909ee458bedb76fdf48da965437

SHA256
5f01e2f1238545a5a263a6fda44b10dc38937b26b1ae8811d28a2950a7882fdd

SHA512
b1a2e5bd869f90bf28c8564040e0372d02e5283bea3efd2f010b3834915861df367a0ebda07d50e18a6cad41fbfa0ba23ae7a1a5719bf4bc821fc6ce4bb9d9c4

Download Submit
C:\Windows\System\IckxoEv.exe

Filesize
2.1MB

MD5
8d08d98c5ba1cbb98778a92b2f7cbe89

SHA1
11a0525966255b9a75ac58e4b3b1dd84663cf5fb

SHA256
47a4df86aef5ef97d7b315039624ad79f1a9c4576787b4f2883b1711582a5eae

SHA512
3331899edb883ca3eded19678f930e06af9e415783ce71b2e590b872f99f2be8783cb732051b51028744af28a03f8fa085d5f14625d154d0c34a0f81a1c795de

Download Submit
C:\Windows\System\IukePtD.exe

Filesize
2.1MB

MD5
de4255c054c796dd6a0ff296449a3b3f

SHA1
149d6a1557243b1492f0a17909df81122cff0e12

SHA256
ecad3c89bc323d42f514d397370913eb5d7354e8c1a001dd8f13de8d6eee4f53

SHA512
c4a1cfdf0be9c7525dc92c3032494ef60e4ad111160392057ff1aea811cedfade8f7e4841972c71462267f60dbf3606ceb56495d59ab5cb792d4ab133da3ab66

Download Submit
C:\Windows\System\NouNGlr.exe

Filesize
2.1MB

MD5
a3e903d2130826cc181a78388426ba16

SHA1
0c6a4fc3828d84ad2f059fd4d44173a1f5133ecf

SHA256
e934e96fdae642e5ebaecb84b8226a98b577dbbe96876f22f93c80f2353c0c28

SHA512
31ac938bfb38b189dd68081bd1e2bda2f87ad407706e3474c3a4a5e9cb011ec52b2401f66cbf8e977829cb9291c7455a178e2050c7ed957d1e16a483e5968fba

Download Submit
C:\Windows\System\Nstzbdz.exe

Filesize
2.1MB

MD5
e59253f2cf7e1a7371c15d80431ac472

SHA1
a9b39e1dd3e824c6c77d4ac7a1589e34f97d436f

SHA256
0ea0dd1f3139905c7e5c4b02986a9166ac822ff1b8301b781ce8d7a01b8b1263

SHA512
3f428ee66382e533a78ff538afc35e89ed673445fad9590706c519f36e5e4fb5f5f8fa492f415b90ff96de1bfa4519654c541c1b6b2af18c874db5f9d2499a6d

Download Submit
C:\Windows\System\QHLXaTx.exe

Filesize
2.1MB

MD5
52889ee35b653470c0bca715b9219145

SHA1
beabd1cdc0062ff58a024aeb666a9caeea29a814

SHA256
e87f92ac23aabbd766b1ed01a2647b33ad1f970a307007204d9904aa6ab7904c

SHA512
b0989b60c55a66e6b416eb917fb70694e8c8f599c1176a4c0a5d87d1e91adaff1b9f976e111f9e927228dd3b7259aefe27d8c8aac5470b408fcef887b275be95

Download Submit
C:\Windows\System\QaIqiMc.exe

Filesize
2.1MB

MD5
6191aa397c52e27d7788ca39ca9356b0

SHA1
2f7cd300c66838fd9b0976f75b19e8954615a346

SHA256
95431c9e9d604ed1d3ab8cbf7ca7c7f8a0b597a93c8b44e38c7acb9f4dfdc6b6

SHA512
516952abf92fe42c3b7229c1618b228ec96f467bf793a64d386c9351221b15bdae9a798d3f6b92dba1a6504bfe0fb220346f80dcd86ac2b1a15faaffe1ab9501

Download Submit
C:\Windows\System\RHuPQEZ.exe

Filesize
2.1MB

MD5
d952a27f161b1b1eb653099db20ec977

SHA1
5416a454e9512cce4a62f6e51d09a6520daa3635

SHA256
4ce5d319fe3c95908366a3c49f0d6a670471c383f9aad89e9c5e3971d2987a71

SHA512
de50c0b2ad03d0670194a5a9c72fe242f62d74b4321e535e571c718685b595d7574ad93daf4ecdfb47d6ae3ab71596a699bc3fb3131ab76789ece6a301450d85

Download Submit
C:\Windows\System\SfBSUtK.exe

Filesize
2.1MB

MD5
0c03417edf4b500f33b9046186642cbd

SHA1
710cebc5093c516790e98b2f7484e176396e35a6

SHA256
339ffab0823599116b8ccd2310de4b56dcb95bda38a6001612022077d1f82d81

SHA512
5eb798826f33c17266776a291265da67ada58b121e008f6a336550ed3ba98e844141b3e8544e2a54b3ed4dc730afaf524bd20b92343cba1ba435be790d2f4228

Download Submit
C:\Windows\System\TjqXMvN.exe

Filesize
2.1MB

MD5
a02015614290d60662884244bf02b91c

SHA1
ab0771015652bfa6f9948af2de8eefe8fd79a477

SHA256
704aba3becc3f8ac65864f54bc9e80b494b4f098e7198cb6183ac3b316abe7eb

SHA512
38e54b5729d05d85d0ad5785a3d695de7a40a8bd9b211b594ba993cc2db22bb2e1780f7ab5f12c85f713132414558c2b667bdd531106a9ac68609d18d0eaebac

Download Submit
C:\Windows\System\UTtdooS.exe

Filesize
2.1MB

MD5
b5c32e1e2fd798d19cd5a0a92a8f662f

SHA1
fd1981e2db45e0533081eaf3380ca576fa029024

SHA256
c019a42ea525be102fb89d74bcf65c6b9f83196b09a2b2dfbd051834edd24652

SHA512
be74ec896aa8f03580a13345e5e868476a66b56608b9f9ad273eaf2874a52af212e53d2ebb93405db5ebafcf4c5582a4c739ea21f466a9fafaab1c3928939b75

Download Submit
C:\Windows\System\VehIPdZ.exe

Filesize
2.1MB

MD5
cbef5f35eabdd054bac8a411cbedcb89

SHA1
94878fb8d2fff977fc3411c00f928a914e899b8c

SHA256
148e2e0171763e9e056998c85fd0a167febdcf70c62d3249faf8cc1330d5caaa

SHA512
811df4907e51767ba82d11ea6936c35102622209b8d78fee1458f1e88fed7491c7cf6f56cfb4e7d6095428b6e999a10e5424465eaf911e3f2356e8f42db4dbe4

Download Submit
C:\Windows\System\XcGJNkV.exe

Filesize
2.1MB

MD5
ac39e6422df0e731c468f10873b687c0

SHA1
96bfa48ab3e78eba4a7dab65f4d70dd3677fb84f

SHA256
49204eff9814a8da319904c2c46adf55402df7df7c9326235f1992713c9e6117

SHA512
adc89882f6c56e3ce73dae6dce440ab5e245e5c99872053fa815c6ccd39aba24228672e1b53fc1257178d75af2947ba58845f542c18d8eb5610d2442609d0e61

Download Submit
C:\Windows\System\blvgVeO.exe

Filesize
2.1MB

MD5
210921611bfd95feab6c6ddd30a2bf13

SHA1
5a27d5e614494a6035ce1d7a7d58b26f518e5129

SHA256
5409ab475941ed6b771a7cb8291aea93601fcade730c51e93f0121e0bbe2eec1

SHA512
6898694556c87008d0e1c6c9d52d6aadcb08da99d96eff222a01df2f4ea0ac781ba8aaff9658a84e1fd5609892309aba7105b02460ea3b1dbae62b271187ea2e

Download Submit
C:\Windows\System\dXZcUrG.exe

Filesize
2.1MB

MD5
5806f48399874a3c81839871fa74cb3f

SHA1
e1d5377c263c34ea85aeac7bcdfbbc5cc0ddec85

SHA256
8167a64f713418d53a76fe1f5315a96bfa7cfcd5e295e060d613eedb6588db56

SHA512
2cab3f4073df57b42d5cbbd0de3f74f450d270b05dbd91e6b49a6796d796d6fd4cca57219892247318befd502f305addae087d085c8d64fcb8d1aff23ef9d228

Download Submit
C:\Windows\System\gtatSvP.exe

Filesize
2.1MB

MD5
f89f97c03cdc4d048a2c0f5e71117db5

SHA1
877db0680fa282044a8170872067ed7b0276dc28

SHA256
fa8b4097940e861daf20c81e518287df971df659d177cf542396446dda94ab65

SHA512
956f799bb1f4435aab0ad1f7217753d76ce9628217abaeb02ad59c86db14a851e74a7e5f5b7eb635d1b9f961e882b39e8111529b3b1cb2973dfecf299484d62e

Download Submit
C:\Windows\System\kVzbQkT.exe

Filesize
2.1MB

MD5
f06ae68857ae93aead4e899fd838a63c

SHA1
5ca319a708f564762fd38b8cf44d43e212c51db2

SHA256
5d3465ce4e3fbd5415051226b05ae78c00520766b8cbd304befb3c4e1283ce4c

SHA512
03b5ae0dbcc50d85beb0900345a2edb304e146f1a02b6ee46f71275eb7eda9c9e09b28ec7c24e6fed74c29fad1abede82c8b855eab922e2f915a9d83d4e456a2

Download Submit
C:\Windows\System\lnizJdt.exe

Filesize
2.1MB

MD5
64d443f4f44e7e042f054449bf49648e

SHA1
9c64c10e8801f2daf53246c6132efba8e5c30b28

SHA256
70b57a0d317c624a171f3861394e14479aa36ea222ec01d05e3f59b7fd85da3e

SHA512
c0346496ccb7e43b9a59f1eb4c4486c8f8ec760d77c56aaaa089d799cf9b0a78362904a4d202333800273fe68260e0bd724a8d9757d4b8e1cfc009894ee007eb

Download Submit
C:\Windows\System\nbJxgFY.exe

Filesize
2.1MB

MD5
ce35e619e03c77256647914edcfef542

SHA1
45c6a35ed6c2eb1ad501c0ce40113718ee4adb6d

SHA256
d048162cc3e33680923dd745924eb4ccc0d054af784bcb2152147659009a0e48

SHA512
39720c3dd25f8ee9a271e911552d9336adffd269b762014d4805a8c83d042bc656b850151eebdd0c83168ccef24e4ec694243ad2d169a24c9ed9a32517448b53

Download Submit
C:\Windows\System\niWxGfe.exe

Filesize
2.1MB

MD5
758b05e7cf7cf1264ca0f261ace5cf38

SHA1
648e4dac6d607bf131d0fc52659b17df06b635f6

SHA256
33a9df3d293613581af9765c9543f16244d10ed429a3c870187ec2cd5fad1919

SHA512
1d432b7a5b4aeb647a4dc53287b2d5e2352fa0c441dce12cda7eb72bb360615eef3f51ba3a60e22c06e28bbd95eef3b3878abef0916930a159eac9840248650c

Download Submit
C:\Windows\System\ookHVXr.exe

Filesize
2.1MB

MD5
08c977c69df7430ef66a04290bb49eb1

SHA1
50d537efcbca68a6f456ebea76019f6df91c025b

SHA256
f2506c49849fa632ed32e6cc7055b1667bb36b34f33248c6c47f2606526bb243

SHA512
079f902dfacbea027da2db28908abf3de28e122aa25027d707f2d0736c7334556eee11b48be58d5fe9ea9b5f97db9452605502a710bb21a697ff00d84749636d

Download Submit
C:\Windows\System\rcteJOD.exe

Filesize
2.1MB

MD5
a46cc11af2b9c6b802a99c94c14ddcf2

SHA1
48637e7c8eba7633e1f5e13a818075301b3a447c

SHA256
2e948dfe404509d910d3ed19d1e947ce711d54de7fbc6167fa7531a507d36c88

SHA512
39dd65dcdae818967967119b174fd3db928ee355d9cfb797d81add2b8ac2a8a5115dcdf0ac7e2d5af9f6e9f7b9f27fddc3b471bbda239f1901c2616c1e12442a

Download Submit
C:\Windows\System\sVvLnqa.exe

Filesize
2.1MB

MD5
40f354267c2a92e23f789a47f0b714ac

SHA1
b2eab0c35772f11e41a1244365373d9680b7be97

SHA256
1d8acd7eb01b6035c9e146eda00874e2ef10c2360a75605cc6a9daf425359477

SHA512
7b2f1630fe8ea263f578eed1db6d170b959ecf4bb2ff0a957282948521cd14163e2541cdb78c1acc4194508dc99d8885fec8ac5ce0e05dac2e778f636137fde9

Download Submit
C:\Windows\System\trFtszp.exe

Filesize
2.1MB

MD5
94e508b55a9d5aeb814c30482c507be9

SHA1
bbc386fec106ab4088f5c383a3009251b47eee47

SHA256
7f28346a2f400ea39293cbfe469c02c80581c0fa745bec2443a06ebf1ec5dd18

SHA512
7ed96df671b56fd4f2c31cc36556137ec7adf2fddecf055bbb6921674fda2fd93e17bde3d6b4f7789f91933945772a441e29b14b41a9b2e1f21aed129855d41b

Download Submit
C:\Windows\System\uXalSAf.exe

Filesize
2.1MB

MD5
0850e79d9b239070557cefb1c44364c1

SHA1
337de5eecb1b8d7b208225c372aac7c7dd54052a

SHA256
09eefd462c55cf0a72319191c057e6a7aac6246d52f2cbd29e05df47e9d4a96c

SHA512
406ce2e2066e81fa69e53a0ded97347cdd340b9d403b60ed3c9b73da755ab4730838ebac122189a3df0c6398406bee0d8c7ac846560e90995de61fadd7ef029a

Download Submit
C:\Windows\System\uaTLAMf.exe

Filesize
2.1MB

MD5
ad788a263e0364333998e9c7b3819e88

SHA1
f4b563d519e1a05ec8f863bf2c80b402442cf65f

SHA256
4d4c41124e859420acdb8a3caee1dcd320c25795e397837350eb09912f3ed7d9

SHA512
e2368968823761aea027d348e8158b0ad1215ae43a11220f7ba35d0402e3eb7410aa5e42882a7426c518ac3a1bf0491dfbdf13e602f33ac7d8b808113913e0cf

Download Submit
C:\Windows\System\wGIKORt.exe

Filesize
2.1MB

MD5
88abcb3c154b763162569404a812288b

SHA1
f9e92192bf80d048e48885d7b4f1d79828c17419

SHA256
8de8b157a62884116a188aaf78c909cbe3d1367a28e49fd0ab93a4049e840c22

SHA512
a05a6601704546d946c3a7e13e29bda13e8cb6368792fabf49ff01d4dee6cb27b6940be48fdd4d2d2072ef7167a8266559801010dde1af535b83547da9466c34

Download Submit
C:\Windows\System\xSKbmlR.exe

Filesize
2.1MB

MD5
6ef721bcd16e4d73805de00297af574a

SHA1
def33389d81795a0408f9ba22c3663be20aae414

SHA256
9f021c8fc3a4b84785b46b1d6df0c9aa04820ad1d1161e3ec119f9b79baaa419

SHA512
8b8625eeca607471f10429e8e3fcc68788d935d02af434d1bca762927dd97ef52b805fade447dbf6e2b021ef80e4bae45e8cbb7927f221b2f1209d89daad3db4

Download Submit
C:\Windows\System\yBKjCaJ.exe

Filesize
2.1MB

MD5
2249975c1e27ab7a10d888e6cf264349

SHA1
4842d951488bad2eb7271ee649699f1ebd9877d8

SHA256
113c2928c4a003d9624587000048cf3b3a28d1866342e646a9056281313ba45d

SHA512
7f4c6f34b057f47611220673b184891475717e9c1fe8dfc82c2bc655adb23b14d0759c758bbc00346b1c4aeba25d2e0faaa0bf3abb835631b129992354cd3487

Download Submit
C:\Windows\System\ylYXpPF.exe

Filesize
2.1MB

MD5
5bd1eba8e1e6d29a6fd955258f06a032

SHA1
14a038b599e11d654c2c1e2dd986f2b42542a3a2

SHA256
8a9791a1bcc38404858d5e070c4a4ad4d44eb493f0e98f4e75fc8b955e7dad02

SHA512
19d36bd832d1a77a4515afac538e5d9e917e36ba81eb3237524c1d5e1471e9f260014b75febb934f553056bc5eb52ce55f071c108e165cbe40877d40c91f0be2

Download Submit
C:\Windows\System\zCdLTvu.exe

Filesize
2.1MB

MD5
2de16de7a1c723c51c9327a60bd406b3

SHA1
16cfc3463886849ea9591bee4109fe7e9ee283b5

SHA256
1cfac1906644205b2f4d429a746c96fa8bdc39ba0914f54b4937cae3c919eef4

SHA512
b5275b1b52b1bd74533da6c00bd16bdf7f78e35720bcca4249efd960c2cac17c41391224b8e3abe1a5896b36cf90a85098b20e2d8ebf07ab346fe9a03867f9bf

Download Submit
memory/4448-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download