kpot | 4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
Size

2.1MB
MD5

0cf7aecefd81e149d850c342fdce1eb0
SHA1

0d76b83bc449f98e43d48d5f06b3973c45e0e12a
SHA256

4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa
SHA512

c6e95167d9fbe2dabcdba6256e4c8443ff3305386dac8d7c2e248be6e9b5acdaf1a59215be6f76fbcf163ac3a412e3977a496f15790c16ccf0da058ff88b181e
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2ri:GemTLkNdfE0pZaQu

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000d000000023383-4.dat	family_kpot
behavioral2/files/0x00090000000233f3-9.dat	family_kpot
behavioral2/files/0x0007000000023402-8.dat	family_kpot
behavioral2/files/0x0007000000023403-19.dat	family_kpot
behavioral2/files/0x0007000000023404-24.dat	family_kpot
behavioral2/files/0x0007000000023405-29.dat	family_kpot
behavioral2/files/0x0007000000023406-33.dat	family_kpot
behavioral2/files/0x0007000000023407-36.dat	family_kpot
behavioral2/files/0x0007000000023408-45.dat	family_kpot
behavioral2/files/0x00090000000233fb-48.dat	family_kpot
behavioral2/files/0x0007000000023409-53.dat	family_kpot
behavioral2/files/0x000700000002340a-58.dat	family_kpot
behavioral2/files/0x000700000002340c-65.dat	family_kpot
behavioral2/files/0x000700000002340d-69.dat	family_kpot
behavioral2/files/0x000700000002340e-74.dat	family_kpot
behavioral2/files/0x000700000002340f-79.dat	family_kpot
behavioral2/files/0x0007000000023410-82.dat	family_kpot
behavioral2/files/0x0007000000023411-90.dat	family_kpot
behavioral2/files/0x0007000000023412-94.dat	family_kpot
behavioral2/files/0x000900000002336a-98.dat	family_kpot
behavioral2/files/0x000a000000023371-105.dat	family_kpot
behavioral2/files/0x0007000000023413-109.dat	family_kpot
behavioral2/files/0x000d000000023373-115.dat	family_kpot
behavioral2/files/0x0005000000022abf-119.dat	family_kpot
behavioral2/files/0x0007000000023414-124.dat	family_kpot
behavioral2/files/0x0007000000023415-129.dat	family_kpot
behavioral2/files/0x0007000000023416-135.dat	family_kpot
behavioral2/files/0x0007000000023417-138.dat	family_kpot
behavioral2/files/0x0007000000023418-145.dat	family_kpot
behavioral2/files/0x0007000000023419-150.dat	family_kpot
behavioral2/files/0x000700000002341a-154.dat	family_kpot
behavioral2/files/0x000700000002341b-158.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000d000000023383-4.dat	xmrig
behavioral2/files/0x00090000000233f3-9.dat	xmrig
behavioral2/files/0x0007000000023402-8.dat	xmrig
behavioral2/files/0x0007000000023403-19.dat	xmrig
behavioral2/files/0x0007000000023404-24.dat	xmrig
behavioral2/files/0x0007000000023405-29.dat	xmrig
behavioral2/files/0x0007000000023406-33.dat	xmrig
behavioral2/files/0x0007000000023407-36.dat	xmrig
behavioral2/files/0x0007000000023408-45.dat	xmrig
behavioral2/files/0x00090000000233fb-48.dat	xmrig
behavioral2/files/0x0007000000023409-53.dat	xmrig
behavioral2/files/0x000700000002340a-58.dat	xmrig
behavioral2/files/0x000700000002340c-65.dat	xmrig
behavioral2/files/0x000700000002340d-69.dat	xmrig
behavioral2/files/0x000700000002340e-74.dat	xmrig
behavioral2/files/0x000700000002340f-79.dat	xmrig
behavioral2/files/0x0007000000023410-82.dat	xmrig
behavioral2/files/0x0007000000023411-90.dat	xmrig
behavioral2/files/0x0007000000023412-94.dat	xmrig
behavioral2/files/0x000900000002336a-98.dat	xmrig
behavioral2/files/0x000a000000023371-105.dat	xmrig
behavioral2/files/0x0007000000023413-109.dat	xmrig
behavioral2/files/0x000d000000023373-115.dat	xmrig
behavioral2/files/0x0005000000022abf-119.dat	xmrig
behavioral2/files/0x0007000000023414-124.dat	xmrig
behavioral2/files/0x0007000000023415-129.dat	xmrig
behavioral2/files/0x0007000000023416-135.dat	xmrig
behavioral2/files/0x0007000000023417-138.dat	xmrig
behavioral2/files/0x0007000000023418-145.dat	xmrig
behavioral2/files/0x0007000000023419-150.dat	xmrig
behavioral2/files/0x000700000002341a-154.dat	xmrig
behavioral2/files/0x000700000002341b-158.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4188	VnaBklS.exe
904	GyKsqGp.exe
5040	PDknoqR.exe
1320	QWpRaKU.exe
2864	oVdyzmv.exe
4824	enrLeXQ.exe
1184	bBBlKLZ.exe
1000	CNHHEOR.exe
1408	SCMftgt.exe
3512	ZXQmupG.exe
8	zvTRJia.exe
5056	olmCbVN.exe
620	HteHDUe.exe
1272	BZRhikc.exe
4536	LZsMDuf.exe
1376	chKVTuu.exe
2072	AYWxmTB.exe
1208	HtiopuW.exe
4136	VsomcYC.exe
4924	iVvsHsp.exe
860	odWDlLw.exe
2948	iwYQHnN.exe
3564	rabDvEo.exe
5000	zniRNYz.exe
4044	ESvGQAT.exe
1988	TnXVFiD.exe
4792	iMnWDFy.exe
1076	EILHyTX.exe
4560	FIUxntW.exe
3368	lBgNtuv.exe
3824	PHkJVMX.exe
2856	mHWJGis.exe
3692	SsRhonn.exe
3340	YRJlkMl.exe
3248	mSxuvAM.exe
4268	KTkwzvX.exe
3740	xMsyjMp.exe
4436	kODijrU.exe
1268	Rjrqvpa.exe
672	SzVLJpy.exe
432	UXiHmMJ.exe
4192	gfCBLnA.exe
2176	YuGFTqd.exe
4312	lMiNWdz.exe
2564	AZydwNL.exe
3608	HajqIfC.exe
3464	xtnuTcp.exe
2060	SUnjjdF.exe
1212	jFlxIgT.exe
228	XWSCjfA.exe
4204	rPLfJAL.exe
1632	wYCJvMb.exe
2260	mYNKqMH.exe
1620	uyTkqhe.exe
988	omKrSAC.exe
5060	sgSpvoK.exe
2300	vInHhKj.exe
4084	quEJNBO.exe
1924	HaPcAPz.exe
1820	CwRDpOA.exe
632	klVECzq.exe
2380	acVMNmn.exe
1152	PczsHsf.exe
1144	JCEhzbc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PHkJVMX.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\SzVLJpy.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\omKrSAC.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\vInHhKj.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\DtQtuUh.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\wGjVTxS.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\brRvWqi.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\EOTnTFh.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\uzmSjJf.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\LAZXSij.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\pQRfaPa.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\IXDPVRv.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\olmCbVN.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\FAimxQG.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\IFHdDAn.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\fDRMIvz.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\zruzjoG.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\HCxGgXD.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\QWpRaKU.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\PczsHsf.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\eXmDpAC.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\EWwNbLf.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\WOxvsKo.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\AQciUNM.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\vwRgidX.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\TcXuKrm.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\ZSHQjCb.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\gKqPktq.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\MkbxZNj.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\ZXYTgJF.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\oVFzbvR.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\enrLeXQ.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\WmqqWjN.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\QQPABRK.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\pDxqkzz.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\lMiNWdz.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\JCDYGqg.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\wsbBfmS.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\WhqEkor.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\FjAmKUc.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\LnSEvRR.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\qJwwhqQ.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\qtcgvvA.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\ZHZEDOF.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\SDcwuuO.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\TBubhMj.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\bePPDcj.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\jSqejkl.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\PDknoqR.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\zniRNYz.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\UXiHmMJ.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\SnzIaxV.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\EmqFNnD.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\ZhSuvVe.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\yiEhKbx.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\SClbkOV.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\YcFZrrR.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\ewIIpwU.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\rxrJdEB.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\vOxUzLe.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\HByclTU.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\GVhjfSi.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\UqlMJMc.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
File created	C:\Windows\System\YhVMaoZ.exe	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4188	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	85
PID 2512 wrote to memory of 4188	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	85
PID 2512 wrote to memory of 904	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	86
PID 2512 wrote to memory of 904	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	86
PID 2512 wrote to memory of 5040	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	87
PID 2512 wrote to memory of 5040	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	87
PID 2512 wrote to memory of 1320	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	88
PID 2512 wrote to memory of 1320	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	88
PID 2512 wrote to memory of 2864	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	89
PID 2512 wrote to memory of 2864	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	89
PID 2512 wrote to memory of 4824	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	90
PID 2512 wrote to memory of 4824	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	90
PID 2512 wrote to memory of 1184	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	91
PID 2512 wrote to memory of 1184	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	91
PID 2512 wrote to memory of 1000	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	92
PID 2512 wrote to memory of 1000	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	92
PID 2512 wrote to memory of 1408	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	93
PID 2512 wrote to memory of 1408	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	93
PID 2512 wrote to memory of 3512	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	94
PID 2512 wrote to memory of 3512	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	94
PID 2512 wrote to memory of 8	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	95
PID 2512 wrote to memory of 8	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	95
PID 2512 wrote to memory of 5056	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	96
PID 2512 wrote to memory of 5056	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	96
PID 2512 wrote to memory of 620	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	98
PID 2512 wrote to memory of 620	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	98
PID 2512 wrote to memory of 1272	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	99
PID 2512 wrote to memory of 1272	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	99
PID 2512 wrote to memory of 4536	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	101
PID 2512 wrote to memory of 4536	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	101
PID 2512 wrote to memory of 1376	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	103
PID 2512 wrote to memory of 1376	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	103
PID 2512 wrote to memory of 2072	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	104
PID 2512 wrote to memory of 2072	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	104
PID 2512 wrote to memory of 1208	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	105
PID 2512 wrote to memory of 1208	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	105
PID 2512 wrote to memory of 4136	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	106
PID 2512 wrote to memory of 4136	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	106
PID 2512 wrote to memory of 4924	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	107
PID 2512 wrote to memory of 4924	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	107
PID 2512 wrote to memory of 860	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	108
PID 2512 wrote to memory of 860	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	108
PID 2512 wrote to memory of 2948	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	109
PID 2512 wrote to memory of 2948	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	109
PID 2512 wrote to memory of 3564	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	110
PID 2512 wrote to memory of 3564	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	110
PID 2512 wrote to memory of 5000	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	111
PID 2512 wrote to memory of 5000	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	111
PID 2512 wrote to memory of 4044	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	112
PID 2512 wrote to memory of 4044	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	112
PID 2512 wrote to memory of 1988	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	113
PID 2512 wrote to memory of 1988	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	113
PID 2512 wrote to memory of 4792	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	114
PID 2512 wrote to memory of 4792	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	114
PID 2512 wrote to memory of 1076	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	115
PID 2512 wrote to memory of 1076	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	115
PID 2512 wrote to memory of 4560	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	116
PID 2512 wrote to memory of 4560	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	116
PID 2512 wrote to memory of 3368	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	117
PID 2512 wrote to memory of 3368	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	117
PID 2512 wrote to memory of 3824	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	118
PID 2512 wrote to memory of 3824	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	118
PID 2512 wrote to memory of 2856	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	119
PID 2512 wrote to memory of 2856	2512	4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe	119

C:\Users\Admin\AppData\Local\Temp\4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4024ff2c7aba2fc43e4ae4f2d4b11788e1a628c81ee6a3f9d38945f2854ac4aa_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\System\VnaBklS.exe
  C:\Windows\System\VnaBklS.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\GyKsqGp.exe
  C:\Windows\System\GyKsqGp.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\PDknoqR.exe
  C:\Windows\System\PDknoqR.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\QWpRaKU.exe
  C:\Windows\System\QWpRaKU.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\oVdyzmv.exe
  C:\Windows\System\oVdyzmv.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\enrLeXQ.exe
  C:\Windows\System\enrLeXQ.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\bBBlKLZ.exe
  C:\Windows\System\bBBlKLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\CNHHEOR.exe
  C:\Windows\System\CNHHEOR.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\SCMftgt.exe
  C:\Windows\System\SCMftgt.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\ZXQmupG.exe
  C:\Windows\System\ZXQmupG.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\zvTRJia.exe
  C:\Windows\System\zvTRJia.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\olmCbVN.exe
  C:\Windows\System\olmCbVN.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\HteHDUe.exe
  C:\Windows\System\HteHDUe.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\BZRhikc.exe
  C:\Windows\System\BZRhikc.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\LZsMDuf.exe
  C:\Windows\System\LZsMDuf.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\chKVTuu.exe
  C:\Windows\System\chKVTuu.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\AYWxmTB.exe
  C:\Windows\System\AYWxmTB.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\HtiopuW.exe
  C:\Windows\System\HtiopuW.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\VsomcYC.exe
  C:\Windows\System\VsomcYC.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\iVvsHsp.exe
  C:\Windows\System\iVvsHsp.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\odWDlLw.exe
  C:\Windows\System\odWDlLw.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\iwYQHnN.exe
  C:\Windows\System\iwYQHnN.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\rabDvEo.exe
  C:\Windows\System\rabDvEo.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\zniRNYz.exe
  C:\Windows\System\zniRNYz.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\ESvGQAT.exe
  C:\Windows\System\ESvGQAT.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\TnXVFiD.exe
  C:\Windows\System\TnXVFiD.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\iMnWDFy.exe
  C:\Windows\System\iMnWDFy.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\EILHyTX.exe
  C:\Windows\System\EILHyTX.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\FIUxntW.exe
  C:\Windows\System\FIUxntW.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\lBgNtuv.exe
  C:\Windows\System\lBgNtuv.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\PHkJVMX.exe
  C:\Windows\System\PHkJVMX.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\mHWJGis.exe
  C:\Windows\System\mHWJGis.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\SsRhonn.exe
  C:\Windows\System\SsRhonn.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\YRJlkMl.exe
  C:\Windows\System\YRJlkMl.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\mSxuvAM.exe
  C:\Windows\System\mSxuvAM.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\KTkwzvX.exe
  C:\Windows\System\KTkwzvX.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\xMsyjMp.exe
  C:\Windows\System\xMsyjMp.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\kODijrU.exe
  C:\Windows\System\kODijrU.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\Rjrqvpa.exe
  C:\Windows\System\Rjrqvpa.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\SzVLJpy.exe
  C:\Windows\System\SzVLJpy.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\UXiHmMJ.exe
  C:\Windows\System\UXiHmMJ.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\gfCBLnA.exe
  C:\Windows\System\gfCBLnA.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\YuGFTqd.exe
  C:\Windows\System\YuGFTqd.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\lMiNWdz.exe
  C:\Windows\System\lMiNWdz.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\AZydwNL.exe
  C:\Windows\System\AZydwNL.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\HajqIfC.exe
  C:\Windows\System\HajqIfC.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\xtnuTcp.exe
  C:\Windows\System\xtnuTcp.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\SUnjjdF.exe
  C:\Windows\System\SUnjjdF.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\jFlxIgT.exe
  C:\Windows\System\jFlxIgT.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\XWSCjfA.exe
  C:\Windows\System\XWSCjfA.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\rPLfJAL.exe
  C:\Windows\System\rPLfJAL.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\wYCJvMb.exe
  C:\Windows\System\wYCJvMb.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\mYNKqMH.exe
  C:\Windows\System\mYNKqMH.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\uyTkqhe.exe
  C:\Windows\System\uyTkqhe.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\omKrSAC.exe
  C:\Windows\System\omKrSAC.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\sgSpvoK.exe
  C:\Windows\System\sgSpvoK.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\vInHhKj.exe
  C:\Windows\System\vInHhKj.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\quEJNBO.exe
  C:\Windows\System\quEJNBO.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\HaPcAPz.exe
  C:\Windows\System\HaPcAPz.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\CwRDpOA.exe
  C:\Windows\System\CwRDpOA.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\klVECzq.exe
  C:\Windows\System\klVECzq.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\acVMNmn.exe
  C:\Windows\System\acVMNmn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\PczsHsf.exe
  C:\Windows\System\PczsHsf.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\JCEhzbc.exe
  C:\Windows\System\JCEhzbc.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\xGhsxnC.exe
  C:\Windows\System\xGhsxnC.exe
  2⤵
  PID:3296
- C:\Windows\System\EmqFNnD.exe
  C:\Windows\System\EmqFNnD.exe
  2⤵
  PID:960
- C:\Windows\System\KIefRMQ.exe
  C:\Windows\System\KIefRMQ.exe
  2⤵
  PID:1400
- C:\Windows\System\vZjSyZq.exe
  C:\Windows\System\vZjSyZq.exe
  2⤵
  PID:4004
- C:\Windows\System\mZpnSIU.exe
  C:\Windows\System\mZpnSIU.exe
  2⤵
  PID:2316
- C:\Windows\System\nKTDBVS.exe
  C:\Windows\System\nKTDBVS.exe
  2⤵
  PID:3328
- C:\Windows\System\BxJToQZ.exe
  C:\Windows\System\BxJToQZ.exe
  2⤵
  PID:2636
- C:\Windows\System\YhVMaoZ.exe
  C:\Windows\System\YhVMaoZ.exe
  2⤵
  PID:4408
- C:\Windows\System\BTiGZWl.exe
  C:\Windows\System\BTiGZWl.exe
  2⤵
  PID:3992
- C:\Windows\System\dSwIjQQ.exe
  C:\Windows\System\dSwIjQQ.exe
  2⤵
  PID:1916
- C:\Windows\System\EFgoroZ.exe
  C:\Windows\System\EFgoroZ.exe
  2⤵
  PID:744
- C:\Windows\System\OoKSlmG.exe
  C:\Windows\System\OoKSlmG.exe
  2⤵
  PID:3088
- C:\Windows\System\HWoaeVy.exe
  C:\Windows\System\HWoaeVy.exe
  2⤵
  PID:5084
- C:\Windows\System\JlqZfhF.exe
  C:\Windows\System\JlqZfhF.exe
  2⤵
  PID:2588
- C:\Windows\System\TRcceOJ.exe
  C:\Windows\System\TRcceOJ.exe
  2⤵
  PID:1372
- C:\Windows\System\eFtWwnl.exe
  C:\Windows\System\eFtWwnl.exe
  2⤵
  PID:3624
- C:\Windows\System\HJCGVEZ.exe
  C:\Windows\System\HJCGVEZ.exe
  2⤵
  PID:872
- C:\Windows\System\qHOtwRO.exe
  C:\Windows\System\qHOtwRO.exe
  2⤵
  PID:4544
- C:\Windows\System\EyQsiLp.exe
  C:\Windows\System\EyQsiLp.exe
  2⤵
  PID:1404
- C:\Windows\System\rhkTekh.exe
  C:\Windows\System\rhkTekh.exe
  2⤵
  PID:5092
- C:\Windows\System\vOxUzLe.exe
  C:\Windows\System\vOxUzLe.exe
  2⤵
  PID:2016
- C:\Windows\System\qtcgvvA.exe
  C:\Windows\System\qtcgvvA.exe
  2⤵
  PID:2780
- C:\Windows\System\thWKLGh.exe
  C:\Windows\System\thWKLGh.exe
  2⤵
  PID:3984
- C:\Windows\System\SmUpUpi.exe
  C:\Windows\System\SmUpUpi.exe
  2⤵
  PID:4528
- C:\Windows\System\DeXWfNo.exe
  C:\Windows\System\DeXWfNo.exe
  2⤵
  PID:3812
- C:\Windows\System\OCEgfhp.exe
  C:\Windows\System\OCEgfhp.exe
  2⤵
  PID:848
- C:\Windows\System\WmqqWjN.exe
  C:\Windows\System\WmqqWjN.exe
  2⤵
  PID:3336
- C:\Windows\System\zSJfOnR.exe
  C:\Windows\System\zSJfOnR.exe
  2⤵
  PID:1164
- C:\Windows\System\SnzIaxV.exe
  C:\Windows\System\SnzIaxV.exe
  2⤵
  PID:3356
- C:\Windows\System\xMPtwGZ.exe
  C:\Windows\System\xMPtwGZ.exe
  2⤵
  PID:4264
- C:\Windows\System\KlqeRWB.exe
  C:\Windows\System\KlqeRWB.exe
  2⤵
  PID:2904
- C:\Windows\System\UxkoTcB.exe
  C:\Windows\System\UxkoTcB.exe
  2⤵
  PID:4708
- C:\Windows\System\eVtQDkg.exe
  C:\Windows\System\eVtQDkg.exe
  2⤵
  PID:4736
- C:\Windows\System\QQPABRK.exe
  C:\Windows\System\QQPABRK.exe
  2⤵
  PID:3504
- C:\Windows\System\brRvWqi.exe
  C:\Windows\System\brRvWqi.exe
  2⤵
  PID:5124
- C:\Windows\System\WFyyBZQ.exe
  C:\Windows\System\WFyyBZQ.exe
  2⤵
  PID:5148
- C:\Windows\System\fegbLhj.exe
  C:\Windows\System\fegbLhj.exe
  2⤵
  PID:5176
- C:\Windows\System\NLLDXIs.exe
  C:\Windows\System\NLLDXIs.exe
  2⤵
  PID:5216
- C:\Windows\System\eXmDpAC.exe
  C:\Windows\System\eXmDpAC.exe
  2⤵
  PID:5240
- C:\Windows\System\ZDdlSXd.exe
  C:\Windows\System\ZDdlSXd.exe
  2⤵
  PID:5264
- C:\Windows\System\qwPgSjQ.exe
  C:\Windows\System\qwPgSjQ.exe
  2⤵
  PID:5296
- C:\Windows\System\MoZrUdf.exe
  C:\Windows\System\MoZrUdf.exe
  2⤵
  PID:5320
- C:\Windows\System\dKssJqG.exe
  C:\Windows\System\dKssJqG.exe
  2⤵
  PID:5348
- C:\Windows\System\iXZTArE.exe
  C:\Windows\System\iXZTArE.exe
  2⤵
  PID:5376
- C:\Windows\System\VxeSena.exe
  C:\Windows\System\VxeSena.exe
  2⤵
  PID:5404
- C:\Windows\System\ZSHQjCb.exe
  C:\Windows\System\ZSHQjCb.exe
  2⤵
  PID:5432
- C:\Windows\System\NkIfPXp.exe
  C:\Windows\System\NkIfPXp.exe
  2⤵
  PID:5460
- C:\Windows\System\zJTkijA.exe
  C:\Windows\System\zJTkijA.exe
  2⤵
  PID:5488
- C:\Windows\System\HByclTU.exe
  C:\Windows\System\HByclTU.exe
  2⤵
  PID:5524
- C:\Windows\System\EMIpdvn.exe
  C:\Windows\System\EMIpdvn.exe
  2⤵
  PID:5548
- C:\Windows\System\HcamKfu.exe
  C:\Windows\System\HcamKfu.exe
  2⤵
  PID:5576
- C:\Windows\System\eVkdsDx.exe
  C:\Windows\System\eVkdsDx.exe
  2⤵
  PID:5604
- C:\Windows\System\pDxqkzz.exe
  C:\Windows\System\pDxqkzz.exe
  2⤵
  PID:5632
- C:\Windows\System\fyYpbNa.exe
  C:\Windows\System\fyYpbNa.exe
  2⤵
  PID:5664
- C:\Windows\System\JCDYGqg.exe
  C:\Windows\System\JCDYGqg.exe
  2⤵
  PID:5688
- C:\Windows\System\RXuMcdE.exe
  C:\Windows\System\RXuMcdE.exe
  2⤵
  PID:5716
- C:\Windows\System\ZEepYFv.exe
  C:\Windows\System\ZEepYFv.exe
  2⤵
  PID:5752
- C:\Windows\System\ZHZEDOF.exe
  C:\Windows\System\ZHZEDOF.exe
  2⤵
  PID:5776
- C:\Windows\System\bhJHbTy.exe
  C:\Windows\System\bhJHbTy.exe
  2⤵
  PID:5804
- C:\Windows\System\LaGiJnj.exe
  C:\Windows\System\LaGiJnj.exe
  2⤵
  PID:5828
- C:\Windows\System\PkhVIUY.exe
  C:\Windows\System\PkhVIUY.exe
  2⤵
  PID:5856
- C:\Windows\System\EncbDcB.exe
  C:\Windows\System\EncbDcB.exe
  2⤵
  PID:5884
- C:\Windows\System\aISBUpz.exe
  C:\Windows\System\aISBUpz.exe
  2⤵
  PID:5912
- C:\Windows\System\XhWlpjS.exe
  C:\Windows\System\XhWlpjS.exe
  2⤵
  PID:5940
- C:\Windows\System\eyOYqXa.exe
  C:\Windows\System\eyOYqXa.exe
  2⤵
  PID:5968
- C:\Windows\System\FAimxQG.exe
  C:\Windows\System\FAimxQG.exe
  2⤵
  PID:5996
- C:\Windows\System\xTATajh.exe
  C:\Windows\System\xTATajh.exe
  2⤵
  PID:6024
- C:\Windows\System\sBeBozd.exe
  C:\Windows\System\sBeBozd.exe
  2⤵
  PID:6052
- C:\Windows\System\XndNOkv.exe
  C:\Windows\System\XndNOkv.exe
  2⤵
  PID:6084
- C:\Windows\System\hNEhaBN.exe
  C:\Windows\System\hNEhaBN.exe
  2⤵
  PID:6112
- C:\Windows\System\EyHDpcm.exe
  C:\Windows\System\EyHDpcm.exe
  2⤵
  PID:6140
- C:\Windows\System\BgjUKLQ.exe
  C:\Windows\System\BgjUKLQ.exe
  2⤵
  PID:5188
- C:\Windows\System\JUtOVyQ.exe
  C:\Windows\System\JUtOVyQ.exe
  2⤵
  PID:5256
- C:\Windows\System\lpDaJsx.exe
  C:\Windows\System\lpDaJsx.exe
  2⤵
  PID:5316
- C:\Windows\System\dGVepGb.exe
  C:\Windows\System\dGVepGb.exe
  2⤵
  PID:5388
- C:\Windows\System\mDnvudY.exe
  C:\Windows\System\mDnvudY.exe
  2⤵
  PID:5448
- C:\Windows\System\VhzhWjw.exe
  C:\Windows\System\VhzhWjw.exe
  2⤵
  PID:5516
- C:\Windows\System\NVFjOhS.exe
  C:\Windows\System\NVFjOhS.exe
  2⤵
  PID:5596
- C:\Windows\System\bePPDcj.exe
  C:\Windows\System\bePPDcj.exe
  2⤵
  PID:5656
- C:\Windows\System\jgsabvC.exe
  C:\Windows\System\jgsabvC.exe
  2⤵
  PID:5708
- C:\Windows\System\zPheMKN.exe
  C:\Windows\System\zPheMKN.exe
  2⤵
  PID:5768
- C:\Windows\System\FYaiYOI.exe
  C:\Windows\System\FYaiYOI.exe
  2⤵
  PID:5840
- C:\Windows\System\WGoaSbu.exe
  C:\Windows\System\WGoaSbu.exe
  2⤵
  PID:5900
- C:\Windows\System\pdrvFKy.exe
  C:\Windows\System\pdrvFKy.exe
  2⤵
  PID:5980
- C:\Windows\System\lzggiRG.exe
  C:\Windows\System\lzggiRG.exe
  2⤵
  PID:6036
- C:\Windows\System\XmHRPWu.exe
  C:\Windows\System\XmHRPWu.exe
  2⤵
  PID:6104
- C:\Windows\System\ZhSuvVe.exe
  C:\Windows\System\ZhSuvVe.exe
  2⤵
  PID:5224
- C:\Windows\System\JUuJQUz.exe
  C:\Windows\System\JUuJQUz.exe
  2⤵
  PID:5340
- C:\Windows\System\gPRqJhU.exe
  C:\Windows\System\gPRqJhU.exe
  2⤵
  PID:5544
- C:\Windows\System\shxamNB.exe
  C:\Windows\System\shxamNB.exe
  2⤵
  PID:5644
- C:\Windows\System\SDcwuuO.exe
  C:\Windows\System\SDcwuuO.exe
  2⤵
  PID:5796
- C:\Windows\System\aUBwKGw.exe
  C:\Windows\System\aUBwKGw.exe
  2⤵
  PID:5952
- C:\Windows\System\GVhjfSi.exe
  C:\Windows\System\GVhjfSi.exe
  2⤵
  PID:6128
- C:\Windows\System\RnEXyFX.exe
  C:\Windows\System\RnEXyFX.exe
  2⤵
  PID:5424
- C:\Windows\System\eYOvEXX.exe
  C:\Windows\System\eYOvEXX.exe
  2⤵
  PID:5760
- C:\Windows\System\SmOrZjz.exe
  C:\Windows\System\SmOrZjz.exe
  2⤵
  PID:6076
- C:\Windows\System\rsLtOEu.exe
  C:\Windows\System\rsLtOEu.exe
  2⤵
  PID:5932
- C:\Windows\System\WOxvsKo.exe
  C:\Windows\System\WOxvsKo.exe
  2⤵
  PID:5700
- C:\Windows\System\bJOhulp.exe
  C:\Windows\System\bJOhulp.exe
  2⤵
  PID:6168
- C:\Windows\System\fvnuhac.exe
  C:\Windows\System\fvnuhac.exe
  2⤵
  PID:6200
- C:\Windows\System\EWwNbLf.exe
  C:\Windows\System\EWwNbLf.exe
  2⤵
  PID:6224
- C:\Windows\System\cZlKuoo.exe
  C:\Windows\System\cZlKuoo.exe
  2⤵
  PID:6260
- C:\Windows\System\MkbxZNj.exe
  C:\Windows\System\MkbxZNj.exe
  2⤵
  PID:6280
- C:\Windows\System\vCVXUPT.exe
  C:\Windows\System\vCVXUPT.exe
  2⤵
  PID:6308
- C:\Windows\System\UqlMJMc.exe
  C:\Windows\System\UqlMJMc.exe
  2⤵
  PID:6340
- C:\Windows\System\YcFZrrR.exe
  C:\Windows\System\YcFZrrR.exe
  2⤵
  PID:6368
- C:\Windows\System\pMlBAHw.exe
  C:\Windows\System\pMlBAHw.exe
  2⤵
  PID:6392
- C:\Windows\System\DLVfAIK.exe
  C:\Windows\System\DLVfAIK.exe
  2⤵
  PID:6420
- C:\Windows\System\NLbXlOI.exe
  C:\Windows\System\NLbXlOI.exe
  2⤵
  PID:6452
- C:\Windows\System\EOgEyWE.exe
  C:\Windows\System\EOgEyWE.exe
  2⤵
  PID:6476
- C:\Windows\System\mfwTyBS.exe
  C:\Windows\System\mfwTyBS.exe
  2⤵
  PID:6504
- C:\Windows\System\ENyodzX.exe
  C:\Windows\System\ENyodzX.exe
  2⤵
  PID:6532
- C:\Windows\System\Lpmkthy.exe
  C:\Windows\System\Lpmkthy.exe
  2⤵
  PID:6548
- C:\Windows\System\pYSUQEQ.exe
  C:\Windows\System\pYSUQEQ.exe
  2⤵
  PID:6576
- C:\Windows\System\bXMeMPi.exe
  C:\Windows\System\bXMeMPi.exe
  2⤵
  PID:6616
- C:\Windows\System\AQciUNM.exe
  C:\Windows\System\AQciUNM.exe
  2⤵
  PID:6640
- C:\Windows\System\SlErECY.exe
  C:\Windows\System\SlErECY.exe
  2⤵
  PID:6664
- C:\Windows\System\tuETtDn.exe
  C:\Windows\System\tuETtDn.exe
  2⤵
  PID:6696
- C:\Windows\System\nmjsxDl.exe
  C:\Windows\System\nmjsxDl.exe
  2⤵
  PID:6728
- C:\Windows\System\NkhVLkA.exe
  C:\Windows\System\NkhVLkA.exe
  2⤵
  PID:6756
- C:\Windows\System\oqTxmyo.exe
  C:\Windows\System\oqTxmyo.exe
  2⤵
  PID:6784
- C:\Windows\System\zruzjoG.exe
  C:\Windows\System\zruzjoG.exe
  2⤵
  PID:6812
- C:\Windows\System\efASwYw.exe
  C:\Windows\System\efASwYw.exe
  2⤵
  PID:6840
- C:\Windows\System\JtpmsLy.exe
  C:\Windows\System\JtpmsLy.exe
  2⤵
  PID:6872
- C:\Windows\System\dZKmTRU.exe
  C:\Windows\System\dZKmTRU.exe
  2⤵
  PID:6896
- C:\Windows\System\gTwMJkr.exe
  C:\Windows\System\gTwMJkr.exe
  2⤵
  PID:6924
- C:\Windows\System\vpLAZFz.exe
  C:\Windows\System\vpLAZFz.exe
  2⤵
  PID:6952
- C:\Windows\System\RDYMMNl.exe
  C:\Windows\System\RDYMMNl.exe
  2⤵
  PID:6980
- C:\Windows\System\cWRVuye.exe
  C:\Windows\System\cWRVuye.exe
  2⤵
  PID:7012
- C:\Windows\System\JBabmaY.exe
  C:\Windows\System\JBabmaY.exe
  2⤵
  PID:7036
- C:\Windows\System\yJmCYWE.exe
  C:\Windows\System\yJmCYWE.exe
  2⤵
  PID:7064
- C:\Windows\System\lqcRuvv.exe
  C:\Windows\System\lqcRuvv.exe
  2⤵
  PID:7096
- C:\Windows\System\ghWCXnE.exe
  C:\Windows\System\ghWCXnE.exe
  2⤵
  PID:7124
- C:\Windows\System\IFHdDAn.exe
  C:\Windows\System\IFHdDAn.exe
  2⤵
  PID:7148
- C:\Windows\System\BPPdBXa.exe
  C:\Windows\System\BPPdBXa.exe
  2⤵
  PID:6180
- C:\Windows\System\ZKJDDrN.exe
  C:\Windows\System\ZKJDDrN.exe
  2⤵
  PID:6268
- C:\Windows\System\zHCUfRA.exe
  C:\Windows\System\zHCUfRA.exe
  2⤵
  PID:6356
- C:\Windows\System\IavbQgs.exe
  C:\Windows\System\IavbQgs.exe
  2⤵
  PID:6404
- C:\Windows\System\AiHfVlO.exe
  C:\Windows\System\AiHfVlO.exe
  2⤵
  PID:6460
- C:\Windows\System\eDbNubO.exe
  C:\Windows\System\eDbNubO.exe
  2⤵
  PID:6520
- C:\Windows\System\qHCjbWZ.exe
  C:\Windows\System\qHCjbWZ.exe
  2⤵
  PID:6592
- C:\Windows\System\HCxGgXD.exe
  C:\Windows\System\HCxGgXD.exe
  2⤵
  PID:6672
- C:\Windows\System\ZXYTgJF.exe
  C:\Windows\System\ZXYTgJF.exe
  2⤵
  PID:6720
- C:\Windows\System\DSHGPRB.exe
  C:\Windows\System\DSHGPRB.exe
  2⤵
  PID:6776
- C:\Windows\System\cmFjxol.exe
  C:\Windows\System\cmFjxol.exe
  2⤵
  PID:6836
- C:\Windows\System\zAfrqTs.exe
  C:\Windows\System\zAfrqTs.exe
  2⤵
  PID:6908
- C:\Windows\System\HoFLzvh.exe
  C:\Windows\System\HoFLzvh.exe
  2⤵
  PID:6972
- C:\Windows\System\UicNGzP.exe
  C:\Windows\System\UicNGzP.exe
  2⤵
  PID:7032
- C:\Windows\System\yiEhKbx.exe
  C:\Windows\System\yiEhKbx.exe
  2⤵
  PID:7112
- C:\Windows\System\ewIIpwU.exe
  C:\Windows\System\ewIIpwU.exe
  2⤵
  PID:6160
- C:\Windows\System\xGtEOoM.exe
  C:\Windows\System\xGtEOoM.exe
  2⤵
  PID:1708
- C:\Windows\System\HtIUFaC.exe
  C:\Windows\System\HtIUFaC.exe
  2⤵
  PID:6304
- C:\Windows\System\dQldWMF.exe
  C:\Windows\System\dQldWMF.exe
  2⤵
  PID:6384
- C:\Windows\System\ihmVexj.exe
  C:\Windows\System\ihmVexj.exe
  2⤵
  PID:6492
- C:\Windows\System\EOTnTFh.exe
  C:\Windows\System\EOTnTFh.exe
  2⤵
  PID:6684
- C:\Windows\System\XnLfMYv.exe
  C:\Windows\System\XnLfMYv.exe
  2⤵
  PID:6824
- C:\Windows\System\CmAlMIB.exe
  C:\Windows\System\CmAlMIB.exe
  2⤵
  PID:6964
- C:\Windows\System\vfbWXPK.exe
  C:\Windows\System\vfbWXPK.exe
  2⤵
  PID:7132
- C:\Windows\System\DjoTzqK.exe
  C:\Windows\System\DjoTzqK.exe
  2⤵
  PID:3432
- C:\Windows\System\vpgKVjE.exe
  C:\Windows\System\vpgKVjE.exe
  2⤵
  PID:6524
- C:\Windows\System\amLbfyA.exe
  C:\Windows\System\amLbfyA.exe
  2⤵
  PID:6892
- C:\Windows\System\wLTiXwh.exe
  C:\Windows\System\wLTiXwh.exe
  2⤵
  PID:1436
- C:\Windows\System\uzmSjJf.exe
  C:\Windows\System\uzmSjJf.exe
  2⤵
  PID:6804
- C:\Windows\System\SClbkOV.exe
  C:\Windows\System\SClbkOV.exe
  2⤵
  PID:1724
- C:\Windows\System\IsVOwJB.exe
  C:\Windows\System\IsVOwJB.exe
  2⤵
  PID:7192
- C:\Windows\System\XPleNyd.exe
  C:\Windows\System\XPleNyd.exe
  2⤵
  PID:7216
- C:\Windows\System\rOvGxpT.exe
  C:\Windows\System\rOvGxpT.exe
  2⤵
  PID:7244
- C:\Windows\System\lzBAnDC.exe
  C:\Windows\System\lzBAnDC.exe
  2⤵
  PID:7272
- C:\Windows\System\URmIjRs.exe
  C:\Windows\System\URmIjRs.exe
  2⤵
  PID:7300
- C:\Windows\System\GLSeydF.exe
  C:\Windows\System\GLSeydF.exe
  2⤵
  PID:7328
- C:\Windows\System\UNPvIJQ.exe
  C:\Windows\System\UNPvIJQ.exe
  2⤵
  PID:7356
- C:\Windows\System\LDcgPfY.exe
  C:\Windows\System\LDcgPfY.exe
  2⤵
  PID:7384
- C:\Windows\System\stoXZtf.exe
  C:\Windows\System\stoXZtf.exe
  2⤵
  PID:7412
- C:\Windows\System\kEsKEeS.exe
  C:\Windows\System\kEsKEeS.exe
  2⤵
  PID:7444
- C:\Windows\System\gKqPktq.exe
  C:\Windows\System\gKqPktq.exe
  2⤵
  PID:7468
- C:\Windows\System\LAZXSij.exe
  C:\Windows\System\LAZXSij.exe
  2⤵
  PID:7500
- C:\Windows\System\hafKQqw.exe
  C:\Windows\System\hafKQqw.exe
  2⤵
  PID:7524
- C:\Windows\System\UvczMyf.exe
  C:\Windows\System\UvczMyf.exe
  2⤵
  PID:7552
- C:\Windows\System\iVWxHYJ.exe
  C:\Windows\System\iVWxHYJ.exe
  2⤵
  PID:7580
- C:\Windows\System\vfvNXBC.exe
  C:\Windows\System\vfvNXBC.exe
  2⤵
  PID:7612
- C:\Windows\System\vxwWsjc.exe
  C:\Windows\System\vxwWsjc.exe
  2⤵
  PID:7636
- C:\Windows\System\sCiDNsL.exe
  C:\Windows\System\sCiDNsL.exe
  2⤵
  PID:7664
- C:\Windows\System\fDRMIvz.exe
  C:\Windows\System\fDRMIvz.exe
  2⤵
  PID:7700
- C:\Windows\System\pQRfaPa.exe
  C:\Windows\System\pQRfaPa.exe
  2⤵
  PID:7728
- C:\Windows\System\cDWmPCZ.exe
  C:\Windows\System\cDWmPCZ.exe
  2⤵
  PID:7756
- C:\Windows\System\wxXNsXR.exe
  C:\Windows\System\wxXNsXR.exe
  2⤵
  PID:7788
- C:\Windows\System\wYqwSdU.exe
  C:\Windows\System\wYqwSdU.exe
  2⤵
  PID:7816
- C:\Windows\System\YceDCqF.exe
  C:\Windows\System\YceDCqF.exe
  2⤵
  PID:7844
- C:\Windows\System\lBbGHHa.exe
  C:\Windows\System\lBbGHHa.exe
  2⤵
  PID:7872
- C:\Windows\System\ITCiKfW.exe
  C:\Windows\System\ITCiKfW.exe
  2⤵
  PID:7904
- C:\Windows\System\MPSUhgL.exe
  C:\Windows\System\MPSUhgL.exe
  2⤵
  PID:7920
- C:\Windows\System\pHvGAGH.exe
  C:\Windows\System\pHvGAGH.exe
  2⤵
  PID:7960
- C:\Windows\System\vQaMhXC.exe
  C:\Windows\System\vQaMhXC.exe
  2⤵
  PID:7984
- C:\Windows\System\EdrAUFM.exe
  C:\Windows\System\EdrAUFM.exe
  2⤵
  PID:8016
- C:\Windows\System\HetxUqB.exe
  C:\Windows\System\HetxUqB.exe
  2⤵
  PID:8044
- C:\Windows\System\cnHQLam.exe
  C:\Windows\System\cnHQLam.exe
  2⤵
  PID:8060
- C:\Windows\System\TBubhMj.exe
  C:\Windows\System\TBubhMj.exe
  2⤵
  PID:8084
- C:\Windows\System\VScGzGm.exe
  C:\Windows\System\VScGzGm.exe
  2⤵
  PID:8104
- C:\Windows\System\WhqEkor.exe
  C:\Windows\System\WhqEkor.exe
  2⤵
  PID:8136
- C:\Windows\System\wDzDwDT.exe
  C:\Windows\System\wDzDwDT.exe
  2⤵
  PID:8188
- C:\Windows\System\FumgdvI.exe
  C:\Windows\System\FumgdvI.exe
  2⤵
  PID:7232
- C:\Windows\System\aycMMlt.exe
  C:\Windows\System\aycMMlt.exe
  2⤵
  PID:7296
- C:\Windows\System\vwRgidX.exe
  C:\Windows\System\vwRgidX.exe
  2⤵
  PID:7340
- C:\Windows\System\QEBJVbE.exe
  C:\Windows\System\QEBJVbE.exe
  2⤵
  PID:7376
- C:\Windows\System\jEhWdlr.exe
  C:\Windows\System\jEhWdlr.exe
  2⤵
  PID:7520
- C:\Windows\System\FjAmKUc.exe
  C:\Windows\System\FjAmKUc.exe
  2⤵
  PID:7548
- C:\Windows\System\gpLkDkQ.exe
  C:\Windows\System\gpLkDkQ.exe
  2⤵
  PID:7620
- C:\Windows\System\CaXJorj.exe
  C:\Windows\System\CaXJorj.exe
  2⤵
  PID:7696
- C:\Windows\System\DtQtuUh.exe
  C:\Windows\System\DtQtuUh.exe
  2⤵
  PID:7744
- C:\Windows\System\seTjshO.exe
  C:\Windows\System\seTjshO.exe
  2⤵
  PID:7812
- C:\Windows\System\fOJIBcX.exe
  C:\Windows\System\fOJIBcX.exe
  2⤵
  PID:7868
- C:\Windows\System\YbjNDSv.exe
  C:\Windows\System\YbjNDSv.exe
  2⤵
  PID:7956
- C:\Windows\System\STDUHhF.exe
  C:\Windows\System\STDUHhF.exe
  2⤵
  PID:8028
- C:\Windows\System\xPfhroL.exe
  C:\Windows\System\xPfhroL.exe
  2⤵
  PID:8072
- C:\Windows\System\LnSEvRR.exe
  C:\Windows\System\LnSEvRR.exe
  2⤵
  PID:8144
- C:\Windows\System\vcWcvmQ.exe
  C:\Windows\System\vcWcvmQ.exe
  2⤵
  PID:7212
- C:\Windows\System\wGjVTxS.exe
  C:\Windows\System\wGjVTxS.exe
  2⤵
  PID:7396
- C:\Windows\System\TxnLEus.exe
  C:\Windows\System\TxnLEus.exe
  2⤵
  PID:7540
- C:\Windows\System\eQSFJFW.exe
  C:\Windows\System\eQSFJFW.exe
  2⤵
  PID:7660
- C:\Windows\System\NDPzSUm.exe
  C:\Windows\System\NDPzSUm.exe
  2⤵
  PID:7832
- C:\Windows\System\YVDbPLm.exe
  C:\Windows\System\YVDbPLm.exe
  2⤵
  PID:8004
- C:\Windows\System\ycBXYoI.exe
  C:\Windows\System\ycBXYoI.exe
  2⤵
  PID:8168
- C:\Windows\System\VfxYgMw.exe
  C:\Windows\System\VfxYgMw.exe
  2⤵
  PID:7404
- C:\Windows\System\nGbsVDL.exe
  C:\Windows\System\nGbsVDL.exe
  2⤵
  PID:7936
- C:\Windows\System\aKFLgDa.exe
  C:\Windows\System\aKFLgDa.exe
  2⤵
  PID:7324
- C:\Windows\System\lGmUUvU.exe
  C:\Windows\System\lGmUUvU.exe
  2⤵
  PID:7912
- C:\Windows\System\IXDPVRv.exe
  C:\Windows\System\IXDPVRv.exe
  2⤵
  PID:8212
- C:\Windows\System\pdmWKce.exe
  C:\Windows\System\pdmWKce.exe
  2⤵
  PID:8240
- C:\Windows\System\jSqejkl.exe
  C:\Windows\System\jSqejkl.exe
  2⤵
  PID:8268
- C:\Windows\System\MygoKHi.exe
  C:\Windows\System\MygoKHi.exe
  2⤵
  PID:8300
- C:\Windows\System\DAgoboA.exe
  C:\Windows\System\DAgoboA.exe
  2⤵
  PID:8324
- C:\Windows\System\luZRjnY.exe
  C:\Windows\System\luZRjnY.exe
  2⤵
  PID:8352
- C:\Windows\System\dkQDkns.exe
  C:\Windows\System\dkQDkns.exe
  2⤵
  PID:8380
- C:\Windows\System\PMGbrMz.exe
  C:\Windows\System\PMGbrMz.exe
  2⤵
  PID:8408
- C:\Windows\System\WwdoSib.exe
  C:\Windows\System\WwdoSib.exe
  2⤵
  PID:8436
- C:\Windows\System\nARHONK.exe
  C:\Windows\System\nARHONK.exe
  2⤵
  PID:8464
- C:\Windows\System\XRAHOAh.exe
  C:\Windows\System\XRAHOAh.exe
  2⤵
  PID:8496
- C:\Windows\System\tNuOdkH.exe
  C:\Windows\System\tNuOdkH.exe
  2⤵
  PID:8520
- C:\Windows\System\geiyVHa.exe
  C:\Windows\System\geiyVHa.exe
  2⤵
  PID:8548
- C:\Windows\System\GycDrbd.exe
  C:\Windows\System\GycDrbd.exe
  2⤵
  PID:8576
- C:\Windows\System\wsbBfmS.exe
  C:\Windows\System\wsbBfmS.exe
  2⤵
  PID:8604
- C:\Windows\System\rxrJdEB.exe
  C:\Windows\System\rxrJdEB.exe
  2⤵
  PID:8632
- C:\Windows\System\QSdgnph.exe
  C:\Windows\System\QSdgnph.exe
  2⤵
  PID:8660
- C:\Windows\System\IDPthEB.exe
  C:\Windows\System\IDPthEB.exe
  2⤵
  PID:8688
- C:\Windows\System\TcXuKrm.exe
  C:\Windows\System\TcXuKrm.exe
  2⤵
  PID:8716
- C:\Windows\System\ozKYIYc.exe
  C:\Windows\System\ozKYIYc.exe
  2⤵
  PID:8744
- C:\Windows\System\HJBzpBc.exe
  C:\Windows\System\HJBzpBc.exe
  2⤵
  PID:8776
- C:\Windows\System\DWaIrvW.exe
  C:\Windows\System\DWaIrvW.exe
  2⤵
  PID:8804
- C:\Windows\System\CmXdbdJ.exe
  C:\Windows\System\CmXdbdJ.exe
  2⤵
  PID:8832
- C:\Windows\System\RJZrCqL.exe
  C:\Windows\System\RJZrCqL.exe
  2⤵
  PID:8860
- C:\Windows\System\xzJyMrS.exe
  C:\Windows\System\xzJyMrS.exe
  2⤵
  PID:8888
- C:\Windows\System\ZcazIYo.exe
  C:\Windows\System\ZcazIYo.exe
  2⤵
  PID:8916
- C:\Windows\System\JwoxAiG.exe
  C:\Windows\System\JwoxAiG.exe
  2⤵
  PID:8944
- C:\Windows\System\GYvyStg.exe
  C:\Windows\System\GYvyStg.exe
  2⤵
  PID:8972
- C:\Windows\System\npMOkqQ.exe
  C:\Windows\System\npMOkqQ.exe
  2⤵
  PID:9000
- C:\Windows\System\omdglFL.exe
  C:\Windows\System\omdglFL.exe
  2⤵
  PID:9028
- C:\Windows\System\XxFNbAe.exe
  C:\Windows\System\XxFNbAe.exe
  2⤵
  PID:9056
- C:\Windows\System\PAzoMIa.exe
  C:\Windows\System\PAzoMIa.exe
  2⤵
  PID:9084
- C:\Windows\System\qJwwhqQ.exe
  C:\Windows\System\qJwwhqQ.exe
  2⤵
  PID:9112
- C:\Windows\System\oVFzbvR.exe
  C:\Windows\System\oVFzbvR.exe
  2⤵
  PID:9140
- C:\Windows\System\GvrocJY.exe
  C:\Windows\System\GvrocJY.exe
  2⤵
  PID:9168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AYWxmTB.exe

Filesize
2.1MB

MD5
687af67266c44b535f51b087befd5059

SHA1
e482718bcc3b6631c05e5bfca20a3f53d62aeb48

SHA256
66af40d29c0954f05487733ba03d2b203c68e5672b18da888351074411b07670

SHA512
95aaa6a827df3f63e1ec6df4c6924dcea1aa9711f438862fc41734b62c811948dc575c22a2c3d33e842dc85f73e6af65db9cb3ce70e2285547592eabf19105ff

Download Submit
C:\Windows\System\BZRhikc.exe

Filesize
2.1MB

MD5
4f48680445443ccca8358ec289983648

SHA1
8c5d170876406c76d1fb19a5e1e22999530af6b7

SHA256
b1e54f613e6e6cb13510284a938da09ece6b9b71597a5af9832e23b23e7b96d8

SHA512
c2929a2b629b872d8c21e681ab7c1ecee96f41b7ebde304ac90b0a898435dfb58b29a4ae4373215f7cdc41914a333a6e3a4359c71b1e37dda1c7cf0d827d7fda

Download Submit
C:\Windows\System\CNHHEOR.exe

Filesize
2.1MB

MD5
8c765ecad34489c800b37ea897cfe9ae

SHA1
2335c5a1bb8369692b369b32aad75829b4a8ef84

SHA256
52d3f4af19da0bcb8547ac938d55e91ce981d9958174712d7f27cdacc41ed904

SHA512
f587eb02b6ff74cdf88aa337b255fa723f6521300db10ebf356ed1ae5db40ef045bdfcb636dd2f97ca8c96ea45d62ac8f534016a64be53ddd5309b0439606864

Download Submit
C:\Windows\System\EILHyTX.exe

Filesize
2.1MB

MD5
d6ce7c920ab453c410f084bf7090d522

SHA1
35960cb5bf6556b26913bc88b385de94990de1e3

SHA256
34fdaa7a3b4b19cbe30af6b599b43b0a2631ce73a9d8d1e38b85f0917d12e704

SHA512
f4c03037af7d264ba3ebf1be7edd94255ecef0c54e4aa5a2a30f8660f9e6f814270c774b7df21fd083cd1298f7d75a65fcaa81f261a02b630bb4370432a02846

Download Submit
C:\Windows\System\ESvGQAT.exe

Filesize
2.1MB

MD5
8145296877f9655c86a8e85994002f08

SHA1
8d5ee8546ea4cdf76be5241c5cfcad5c24ab1759

SHA256
4474fd004f3d4cd6580f22a1d19a69f26dfbc3ed7de615fc21f41131451a955e

SHA512
2769300b01de9affd3f13e68cf96b8780b8d04ef2502d20a5fa2afbff5a6d03e6dd48db36871f1788f7ce510b7c88dedff1d7356045c54db54e470b7bad80682

Download Submit
C:\Windows\System\FIUxntW.exe

Filesize
2.1MB

MD5
2937068c370d02c3b5ed30af80da5d0a

SHA1
91306754bfa8b08ef45d20551bef217e26059897

SHA256
29fd956f3ffbd0b1bad45d2b433f1f6d79df15f570287bc725d2b63d42bf3efe

SHA512
afcbc1c7a904e83d0c75a8c3bbf422df34b3ac16411ad5a20df4fe2c4b6107fe6fd25077088e37e60090549c34fcbd0058caa90846ac63a74c053c8ee01f50d1

Download Submit
C:\Windows\System\GyKsqGp.exe

Filesize
2.1MB

MD5
4dc556987cb30dc0d366aa7de6dcf0b3

SHA1
4ac8e186342ca75d775cd386594713698e0955cd

SHA256
519bf9ff2344ce22ccad1733808b6c8f5619f2538e3f84712e18f4101f34376e

SHA512
ec4e2d61e1df48967e9fbcd1fe2fe99255246d928127798a19f6f20fdac0aeec74fbd6bcea88ffabd996cf29afc6e7649850677deab80c725ddc40ab32878cff

Download Submit
C:\Windows\System\HteHDUe.exe

Filesize
2.1MB

MD5
ad11fe4e0f516034eaa11d1e631ef203

SHA1
dcef2fab7bf8e9e7789932c96ca314d044a5bb2c

SHA256
d7ab72a9ebc6a4095abfb0c40008033a2152259bafc619b0d6dfdda9274604dd

SHA512
b64bc11537f5e23be0a9a885a842651adb75115c1d81b136aa584be052e698ea85f0df655241b9e9486d434da94e6325c5f62176bf6552255336ab6f2aade566

Download Submit
C:\Windows\System\HtiopuW.exe

Filesize
2.1MB

MD5
f8ade64acd4d11965397f4838ec01b24

SHA1
017b406d86ff184ba5877436d00549ef342ef63c

SHA256
9a5fab014a6ac7a529492b26b5245e351fe90baa0c4c1613233a4afa5a95072b

SHA512
681aa212e8ba838b2dc087e4ec6a6f9c7a3b6c9d08bfff935a5f7d78abed5e97f9da6f302ec0addcd385d0955a92e40bc72678b114127fa581c85a75e1409a21

Download Submit
C:\Windows\System\LZsMDuf.exe

Filesize
2.1MB

MD5
3fd73b227ffb04806050009b922bb7d2

SHA1
0d19091f7af8b5f8fe93549d1b569f82f199e32f

SHA256
d8bbf98ffcd8cda7720bad8b77505e1bd882d2d08c0cf7047c96a834b3e9b6a1

SHA512
8cc617c24906100507b8ceffde17cf504a2f87ffa26b58a5784fa0daabf1c657d8706ff5d9ced31b4b5af8512c995762f60d5f4dbf54c44827327f963237b7fa

Download Submit
C:\Windows\System\PDknoqR.exe

Filesize
2.1MB

MD5
2c1d111e784b951f4057919e4805adf2

SHA1
322124fe1a9416b4ab59d4f106e73d5b8d86e460

SHA256
e8ae31cb7728a8f8bfec1717527456b442d115406dbe15027efef980f0ba3fe9

SHA512
366acc9a22bfabe61fbde3f62f014c0392bdecf4616fe30cb8be283281b9cc97d6eef5942cdc9e895de8573193f4dd2576900e6859f5d3df37479c25b48be918

Download Submit
C:\Windows\System\PHkJVMX.exe

Filesize
2.1MB

MD5
6965612500a985e967a795cd270f8386

SHA1
04dc5574a0210bd50ff465cae8733a2893b8c498

SHA256
90542b2720402be862d655625c7100470d15cc13dd525bce7f79b7723b579b61

SHA512
f819fc824e3ddb0e0160cf50b2c07795d867656f91af83b73a73c779dd4f05a5d8d4803fd868669c4900b6721baff6c4bcfa77f2639b716ab580efba34be9b92

Download Submit
C:\Windows\System\QWpRaKU.exe

Filesize
2.1MB

MD5
c5517e29a1dcaac43722eb4f624004d2

SHA1
6dc26b4393b7fe315c1087f20f43390dd29859fd

SHA256
54b7d696821632ab62fa0e9b7b315e7d1bb7a3f9312d6ce77fe292b5a85f7d15

SHA512
64294acfd6c242158171306435440030b3178f5374724ae0f318165562b9c01cc19c568505a08e4aadd06691280c917142f1576915a2dbd30afcf5da048c1cbe

Download Submit
C:\Windows\System\SCMftgt.exe

Filesize
2.1MB

MD5
637c36fc727c98896a8975cf9a133ef6

SHA1
d06698d8c38a85b01b55c93e5414093a35b58298

SHA256
76471291383de0828e827de58bae8be38bbafbf12d2b50559a959a7c0a6feca4

SHA512
67305e9ec2314140715380a7ba606026a891a0d83949d4e735d11759fba918d8aff57acac28002835a79ddaa6ed547f06f600ecd74a73e30438c3fefe0481302

Download Submit
C:\Windows\System\TnXVFiD.exe

Filesize
2.1MB

MD5
446b2dfdee552a58e722b384b4e0d7bd

SHA1
edb93da425c78c6200571af82eca244c3e52ebff

SHA256
e037db886ac64d7bc4eee27c488fb336346f0be120022d4545992771bef1c4c1

SHA512
0132601adc0178583a451f9f72963f44124b65a7c87ae1f097451b0fb3ef98336c9151c1b533f0fad287cdaaacfc1f71f8f94029aab8e043e749dabe4302f0c8

Download Submit
C:\Windows\System\VnaBklS.exe

Filesize
2.1MB

MD5
66c8fea52f8b39ba7632f323d14db40b

SHA1
1fd6735beb8948861a32d205cbe7fcb60e1d5583

SHA256
1f7a9bf04da3de1eb3340da1cf607408afd8923973e8de2f494cf8a0ab39e7da

SHA512
961d9666cef83e1d588dad1a4e08fea3829593d3724426303fe1f7f616045d9172144720cd3d78a02918fb6f9099b8fcd93e744f58d0f6df2eb7e8aa3edc6038

Download Submit
C:\Windows\System\VsomcYC.exe

Filesize
2.1MB

MD5
41c5e8e11fd226241cbb8c441d410851

SHA1
87ddfd8e9804e35f3dc3db800e7de20a613f623e

SHA256
ea2eddfbfbd5bd25b849c8fab04d8eddf34362b4031a36023224cf33fc807f52

SHA512
1cc1f8eb8400ec8458c0f14b1ba8a01e88ea5e1dc811a3489e3002e489c4bb02cc61fc01fc8337d7d1768348d780af2cce312448d8bdb9dafbed8a99a787f494

Download Submit
C:\Windows\System\ZXQmupG.exe

Filesize
2.1MB

MD5
61f34810a1e85a1765a5065ab47fd3bb

SHA1
575d9bb59d01a1d6cc16cac50c3315738c0888e1

SHA256
63f86b3ff3a4786eb12d59709b3c3f602f9f6dbc73c33cece07e133c2a6dc549

SHA512
3e8fbbdb5b11ae01bb279b65cf3e4f60fd34e7de2e39c9403dd99bb4c2f01d82c27938526bcbc4a8f2c21bbd11d524fc097f44cbfb4464ccfee4b49b074ca107

Download Submit
C:\Windows\System\bBBlKLZ.exe

Filesize
2.1MB

MD5
af9742df76876f3e566ce200150d4b2e

SHA1
f1caa2973c77bd3fc2dfe5af7ca843456450979b

SHA256
bd8b97890bc1e13ade42b4efab062dd00b05969517219b4815cb6d4f5e98b0b8

SHA512
f2df7dc1089aed62b5214dd7bff9de720d822efb9bc328d66573694d925f262010a9a12160c936a757bb2c30bc7cf2cd3cc2e17057731a08f4740732f8761429

Download Submit
C:\Windows\System\chKVTuu.exe

Filesize
2.1MB

MD5
6803a0dbd7e7ac83038434f98b226f28

SHA1
abebf9c8a34da394d052598be38cbd597c5806da

SHA256
f824d0088b1318661e159ee2d28e72b121f9745ad88a716ef959d23755ce9f60

SHA512
737d2a353630db1b91e680bcd797bdace023120a2f1fe56aa53fd116361a1727ae401f3c6e8b19f695c7c26c9449067a2069113762394db81b1a3dcc6f5bc8b1

Download Submit
C:\Windows\System\enrLeXQ.exe

Filesize
2.1MB

MD5
3c407190a4b6005f2db846065ab807fa

SHA1
d75515bd02bd5e50ee015c13b8a6b6f8b0354cd3

SHA256
2b6fecfdac8dd02786840205aca260037a7e18ea682d280365cdbbde2cc87f88

SHA512
5963c1ec907b7026a16edea5edfe4292ddc9ce35a12c75f44492c6eff058c1660408cee13a11d481498c1398c7396efdc4ec923275da8b74a3a76771fa4d3ec5

Download Submit
C:\Windows\System\iMnWDFy.exe

Filesize
2.1MB

MD5
69a4784ab92d4671da7abfb00dac9850

SHA1
0f5f1916d36714bbf2818b6eb8efb66ee8fcb376

SHA256
d921aaef8786d098424e7667eeb35399579412d38392e20f730d3d2d121d9444

SHA512
38cc8748d29a922712c263591fb1dcdd4089785cc8dff6307036433f872bc4245933c85ea3bcb09fe8fe20b2c69b6be2ba013e06070dffad0725398179b03caf

Download Submit
C:\Windows\System\iVvsHsp.exe

Filesize
2.1MB

MD5
8e8db6a9d23381bd22909bc94c41da1e

SHA1
d0350cca000e4807bd58f57d4ac1828f1c4ed813

SHA256
1da78757a4b9773ec194459160bb9143cbbe93ba6b7e89a798ae61b34616d3ca

SHA512
9130e29d8c3bd32bccd605eea6358b400907dfe01b70dab3a9ef3db3ada1ccf716f6933231fc1da8ff0132cbfdf8c08a3702754c74eb96c9003d1209adc73326

Download Submit
C:\Windows\System\iwYQHnN.exe

Filesize
2.1MB

MD5
4dbad39307e176f75e7505ee5e5e66b7

SHA1
14054e0e84bc6bc843b45237261584dc48f5e4d9

SHA256
5ea1c73b7abbbc10578522df2e89ba11d13f826e0bd538f2c2c5b43953cae7d5

SHA512
d66abdfb0bb0cccca0bbfbbe85768963367b9e6aeb6f702f1d237bb7a69778f41c0671acf33508d79dc87782dfb759788303e5a053cc2230fae6e6f2e8881c7c

Download Submit
C:\Windows\System\lBgNtuv.exe

Filesize
2.1MB

MD5
7ace7652715522da5f2ad45c5dc7a953

SHA1
2999686a61d1c264ba887408deaca1c6368f8650

SHA256
deb999c0486836a8e16d515be34cebdca3ad146f2d5be78c2ed85baff8affbea

SHA512
cdd95ff0c57be93e570029fb1b9a40d3369296e3c2bd947e1be09cde1e72f278600a0ca3dfd75ca161bdd8c592bb13c105f3f70d9925544dfd4d0717b9cd94a1

Download Submit
C:\Windows\System\mHWJGis.exe

Filesize
2.1MB

MD5
38ff607ab4f9389751bfb4324c59888b

SHA1
3921a225986c9cfb9cb0027a6b066872436e57d4

SHA256
3e997ad7f64e6c38c5c34143ba48deb8f407b9475e9d7443bf4f403854dc8072

SHA512
2e72d32603b9f1a244d7522e3085186b81499c2004dfbc59dd80f0fe8cefc2b046ce735b572a2c523c015b47fb23d4c017de9cb6176b62e8cb1c3ff458802399

Download Submit
C:\Windows\System\oVdyzmv.exe

Filesize
2.1MB

MD5
4659e23151a5a793da6cd3fd58cc16a4

SHA1
13ae26456118f82778e764f02f995fb058d84e04

SHA256
203ee1f4c0b24784f40243469c9c0fdea1dc7ed09754088ba02b0a7b9101e31a

SHA512
48c32f43775c9b91619427defba48d25945877e14f7df94a5bbcaeb136b7f8a2f6d52ad32f1385cd7f9589d9bfea1fdc4d83b7b27a07d10595f6f15604d0e8ff

Download Submit
C:\Windows\System\odWDlLw.exe

Filesize
2.1MB

MD5
75e1ed18766aabfd2128cdeae942e43e

SHA1
c0bae517eb5ec417fbd494ba78685f3b5416df2b

SHA256
9998f141fa2fa8290c39a3749563a5bd821208dfd4279962e2fea267f4ca043e

SHA512
4a5b5d941ddc437eecbe4bf079bb46d771fedff7ad99bf112ae3669421339def34c8aa3f0532c2b2aeff6dc0db2e3715b4ceb1d8452506985ba55d32187790aa

Download Submit
C:\Windows\System\olmCbVN.exe

Filesize
2.1MB

MD5
4566f79c9300ffea711178dde6de5b71

SHA1
a6b9fc664755f3fd80dd84183fe38366eb71a3b1

SHA256
8259c83e63547bbb40f54dc9927dab058f03f2b8b2eec164734e8107f4e7ccf7

SHA512
f2f0bab2e58c693ae22c33aa18cd4aae370e38af3f77ad00f9142a1b5a98ed4ae886899f5acfe0131955299da9706ed0e17c31e03abeb24f767363fe84277045

Download Submit
C:\Windows\System\rabDvEo.exe

Filesize
2.1MB

MD5
e46857d743f44b2e93e685ca15a5c62b

SHA1
731451dceb2b010b2e50c5d196c745ea0643566f

SHA256
c5d6ca061c3e2f61bd9e075688e4465469a2c35a5a038e9cd8350a42bb707ea3

SHA512
2531533fb8223935a818235cfde6408db3725afb1772ec8346753413d68a108fc0ef67679060ac3746f57501b315ae5d89f5fe3e2f54d87633dcf2117502e3b2

Download Submit
C:\Windows\System\zniRNYz.exe

Filesize
2.1MB

MD5
da558d99d59f049104ae11068b567328

SHA1
f3509dafc5803706fcc774f17591c3b0ad67cbd2

SHA256
9b0db1c9cf25c2efb4b7593a9cdeb54db706e1059320b9e7ef282b6651587565

SHA512
0db7f663b382135c4a8208e73f3e57ad904dd9ba165fe52de93caeade78da51aee2446a733a040e353537ace99f2aec409fa862ba6e52af698a9c4040b793f76

Download Submit
C:\Windows\System\zvTRJia.exe

Filesize
2.1MB

MD5
f052b6b3b99f63626ca020f465b13036

SHA1
95623640c25ece1a9324a058c0d3f18fae6a61eb

SHA256
14c44049242d5951318c0dae8378a06a9eb232b5e8ea29cc7e7722d61f2f0e14

SHA512
4031ee45132fb54b341673483bfb66d22ae1d5e4294735785a96cefef1dbb1fa309912276742a1a7c4ae2db9affb0eaef4afa1023a7ae3e55f3d0b52c61514fd

Download Submit
memory/2512-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download