kpot | 157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
Size

2.1MB
MD5

c13bb10a26c0145e957c6197c5333750
SHA1

110eb9cc0890e150f08ce846962736648569a4af
SHA256

157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835
SHA512

0c52f8f1a3a6cdea77b921bf0db863b566773ab35cadf1d31377a40f883e9288522249b0ae2fee4312f677aa75ab83c5027dc80ca009658e37150579975c4862
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2P1V:GemTLkNdfE0pZaQj

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233e2-4.dat	family_kpot
behavioral2/files/0x00080000000233f6-8.dat	family_kpot
behavioral2/files/0x00080000000233f5-10.dat	family_kpot
behavioral2/files/0x00070000000233fc-39.dat	family_kpot
behavioral2/files/0x00070000000233fb-41.dat	family_kpot
behavioral2/files/0x00070000000233fa-43.dat	family_kpot
behavioral2/files/0x00070000000233f9-36.dat	family_kpot
behavioral2/files/0x00070000000233f8-34.dat	family_kpot
behavioral2/files/0x00070000000233f7-32.dat	family_kpot
behavioral2/files/0x00070000000233fd-51.dat	family_kpot
behavioral2/files/0x00090000000233e9-55.dat	family_kpot
behavioral2/files/0x00070000000233fe-57.dat	family_kpot
behavioral2/files/0x00070000000233ff-62.dat	family_kpot
behavioral2/files/0x0007000000023400-68.dat	family_kpot
behavioral2/files/0x0007000000023401-74.dat	family_kpot
behavioral2/files/0x0007000000023403-82.dat	family_kpot
behavioral2/files/0x0007000000023402-87.dat	family_kpot
behavioral2/files/0x0007000000023404-89.dat	family_kpot
behavioral2/files/0x0007000000023406-99.dat	family_kpot
behavioral2/files/0x0007000000023405-95.dat	family_kpot
behavioral2/files/0x0007000000023407-103.dat	family_kpot
behavioral2/files/0x0007000000023408-109.dat	family_kpot
behavioral2/files/0x0007000000023409-112.dat	family_kpot
behavioral2/files/0x000700000002340a-120.dat	family_kpot
behavioral2/files/0x000700000002340b-122.dat	family_kpot
behavioral2/files/0x000700000002340c-128.dat	family_kpot
behavioral2/files/0x000700000002340d-133.dat	family_kpot
behavioral2/files/0x000700000002340e-138.dat	family_kpot
behavioral2/files/0x000700000002340f-143.dat	family_kpot
behavioral2/files/0x0007000000023410-148.dat	family_kpot
behavioral2/files/0x0007000000023411-153.dat	family_kpot
behavioral2/files/0x0007000000023412-157.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000233e2-4.dat	xmrig
behavioral2/files/0x00080000000233f6-8.dat	xmrig
behavioral2/files/0x00080000000233f5-10.dat	xmrig
behavioral2/files/0x00070000000233fc-39.dat	xmrig
behavioral2/files/0x00070000000233fb-41.dat	xmrig
behavioral2/files/0x00070000000233fa-43.dat	xmrig
behavioral2/files/0x00070000000233f9-36.dat	xmrig
behavioral2/files/0x00070000000233f8-34.dat	xmrig
behavioral2/files/0x00070000000233f7-32.dat	xmrig
behavioral2/files/0x00070000000233fd-51.dat	xmrig
behavioral2/files/0x00090000000233e9-55.dat	xmrig
behavioral2/files/0x00070000000233fe-57.dat	xmrig
behavioral2/files/0x00070000000233ff-62.dat	xmrig
behavioral2/files/0x0007000000023400-68.dat	xmrig
behavioral2/files/0x0007000000023401-74.dat	xmrig
behavioral2/files/0x0007000000023403-82.dat	xmrig
behavioral2/files/0x0007000000023402-87.dat	xmrig
behavioral2/files/0x0007000000023404-89.dat	xmrig
behavioral2/files/0x0007000000023406-99.dat	xmrig
behavioral2/files/0x0007000000023405-95.dat	xmrig
behavioral2/files/0x0007000000023407-103.dat	xmrig
behavioral2/files/0x0007000000023408-109.dat	xmrig
behavioral2/files/0x0007000000023409-112.dat	xmrig
behavioral2/files/0x000700000002340a-120.dat	xmrig
behavioral2/files/0x000700000002340b-122.dat	xmrig
behavioral2/files/0x000700000002340c-128.dat	xmrig
behavioral2/files/0x000700000002340d-133.dat	xmrig
behavioral2/files/0x000700000002340e-138.dat	xmrig
behavioral2/files/0x000700000002340f-143.dat	xmrig
behavioral2/files/0x0007000000023410-148.dat	xmrig
behavioral2/files/0x0007000000023411-153.dat	xmrig
behavioral2/files/0x0007000000023412-157.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4808	cRqreUE.exe
3512	rkXmUSz.exe
1552	SziLnmC.exe
3688	ApDMoEF.exe
1500	YrHXXHc.exe
3744	jRKJxpp.exe
3632	HMZHfsX.exe
4476	HIOwaPo.exe
2564	qjDbdyZ.exe
1408	gfqPIqD.exe
516	hhdzPau.exe
1900	OvFbphV.exe
2208	xpxsbcF.exe
3928	KjLSPOO.exe
3028	XYkZdLW.exe
904	pZwlDFS.exe
964	QUuEzEm.exe
4988	gociGOY.exe
4540	DvstJGT.exe
4480	LJmkKsG.exe
1516	rmLBRKY.exe
1616	BrnBlEc.exe
3924	gQZsgXC.exe
1912	EjjWuIB.exe
2908	hlaZNnM.exe
4080	dssnvBW.exe
4352	pmQvEHy.exe
4992	EFrTJyv.exe
4124	qXXpBbR.exe
4208	FRmWkGm.exe
4916	fdJXHBi.exe
2352	UmaPybW.exe
4312	VorLwjS.exe
2000	ZPaeSzo.exe
4216	NcukxKv.exe
1528	ZBQeDpz.exe
1388	rUTvrdK.exe
1692	IREuZVo.exe
2508	pSXSiCN.exe
3352	LJPXKBv.exe
3724	BLquBpz.exe
4660	RuFDAoB.exe
2716	zQMwgBy.exe
3640	ZqyLMoy.exe
3500	pgzLVNm.exe
2916	rifEFsI.exe
1800	khRpZyC.exe
2788	xlZEPjl.exe
4228	oYUvCGP.exe
5000	oaWJNgt.exe
1840	lggoNwR.exe
608	cvNeIxs.exe
1496	evuKaDW.exe
1056	ZsTxuEW.exe
4360	FZcluzA.exe
2392	RsDgnbs.exe
4004	xmwYROM.exe
2960	aahWDBy.exe
1536	HVRgIkG.exe
1484	RpIXEEt.exe
3664	AAgEIRW.exe
1264	NzItwur.exe
3404	TjHfFIt.exe
1432	JaaTBIh.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YxqwDQH.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\OvFbphV.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\blvMKms.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\mkbjQNl.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\ShfrHQU.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\NsYLbGk.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\uwmZuvC.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\ElQEQyS.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\JCINMif.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\DvstJGT.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\AAgEIRW.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\GrrhyuX.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\AIjJIWK.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\ogZQsGK.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\gtBZMmS.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\dBqidcK.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\yIgPiaB.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\MLEjESL.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\oITVKlW.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\RuFDAoB.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\TjHfFIt.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\NcukxKv.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\xBPMlSv.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\pwfxbEX.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\viPIsjT.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\zUBVKdq.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\AfoOXMR.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\BKytjiA.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\SCLdoSR.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\YpwWGTE.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\vKkpxMg.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\yPTANcf.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\rUTvrdK.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\OuTcrdl.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\LTJBLqR.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\XYkZdLW.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\NjcdTVZ.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\KPPktss.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\HFWSbAR.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\fEmCjuQ.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\WKlUElW.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\lTxmRYi.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\rXfnjra.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\JUbvWzo.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\dqeqadP.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\USurRJD.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\GwkFbnF.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\TAjxTYi.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\gfqPIqD.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\KWByUjw.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\dssnvBW.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\ZMhJuDD.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\xWUChch.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\fsCEbBE.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\RjLVYrz.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\QoTDsOq.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\YrHXXHc.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\pZwlDFS.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\wfBRApp.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\oyNpiGe.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\hAgDcaj.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\BdUKUYd.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\BQQqQpp.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
File created	C:\Windows\System\qjDbdyZ.exe	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 4808	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	81
PID 3300 wrote to memory of 4808	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	81
PID 3300 wrote to memory of 3512	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	82
PID 3300 wrote to memory of 3512	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	82
PID 3300 wrote to memory of 1552	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	83
PID 3300 wrote to memory of 1552	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	83
PID 3300 wrote to memory of 3688	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	84
PID 3300 wrote to memory of 3688	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	84
PID 3300 wrote to memory of 1500	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	85
PID 3300 wrote to memory of 1500	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	85
PID 3300 wrote to memory of 3744	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	86
PID 3300 wrote to memory of 3744	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	86
PID 3300 wrote to memory of 3632	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	87
PID 3300 wrote to memory of 3632	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	87
PID 3300 wrote to memory of 4476	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	88
PID 3300 wrote to memory of 4476	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	88
PID 3300 wrote to memory of 2564	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	89
PID 3300 wrote to memory of 2564	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	89
PID 3300 wrote to memory of 1408	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	90
PID 3300 wrote to memory of 1408	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	90
PID 3300 wrote to memory of 516	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	91
PID 3300 wrote to memory of 516	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	91
PID 3300 wrote to memory of 1900	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	92
PID 3300 wrote to memory of 1900	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	92
PID 3300 wrote to memory of 2208	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	93
PID 3300 wrote to memory of 2208	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	93
PID 3300 wrote to memory of 3928	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	94
PID 3300 wrote to memory of 3928	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	94
PID 3300 wrote to memory of 3028	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	95
PID 3300 wrote to memory of 3028	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	95
PID 3300 wrote to memory of 904	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	96
PID 3300 wrote to memory of 904	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	96
PID 3300 wrote to memory of 964	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	97
PID 3300 wrote to memory of 964	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	97
PID 3300 wrote to memory of 4988	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	98
PID 3300 wrote to memory of 4988	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	98
PID 3300 wrote to memory of 4540	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	99
PID 3300 wrote to memory of 4540	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	99
PID 3300 wrote to memory of 4480	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	100
PID 3300 wrote to memory of 4480	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	100
PID 3300 wrote to memory of 1516	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	101
PID 3300 wrote to memory of 1516	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	101
PID 3300 wrote to memory of 1616	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	102
PID 3300 wrote to memory of 1616	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	102
PID 3300 wrote to memory of 3924	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	103
PID 3300 wrote to memory of 3924	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	103
PID 3300 wrote to memory of 1912	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	104
PID 3300 wrote to memory of 1912	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	104
PID 3300 wrote to memory of 2908	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	105
PID 3300 wrote to memory of 2908	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	105
PID 3300 wrote to memory of 4080	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	106
PID 3300 wrote to memory of 4080	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	106
PID 3300 wrote to memory of 4352	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	107
PID 3300 wrote to memory of 4352	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	107
PID 3300 wrote to memory of 4992	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	108
PID 3300 wrote to memory of 4992	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	108
PID 3300 wrote to memory of 4124	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	109
PID 3300 wrote to memory of 4124	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	109
PID 3300 wrote to memory of 4208	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	110
PID 3300 wrote to memory of 4208	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	110
PID 3300 wrote to memory of 4916	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	111
PID 3300 wrote to memory of 4916	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	111
PID 3300 wrote to memory of 2352	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	112
PID 3300 wrote to memory of 2352	3300	157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\157a5a11192f26593de4f372e7b60b06a56e0e176b57f09cbac974dc0b6d6835_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\System\cRqreUE.exe
  C:\Windows\System\cRqreUE.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\rkXmUSz.exe
  C:\Windows\System\rkXmUSz.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\SziLnmC.exe
  C:\Windows\System\SziLnmC.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\ApDMoEF.exe
  C:\Windows\System\ApDMoEF.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\YrHXXHc.exe
  C:\Windows\System\YrHXXHc.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\jRKJxpp.exe
  C:\Windows\System\jRKJxpp.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\HMZHfsX.exe
  C:\Windows\System\HMZHfsX.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\HIOwaPo.exe
  C:\Windows\System\HIOwaPo.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\qjDbdyZ.exe
  C:\Windows\System\qjDbdyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\gfqPIqD.exe
  C:\Windows\System\gfqPIqD.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\hhdzPau.exe
  C:\Windows\System\hhdzPau.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\OvFbphV.exe
  C:\Windows\System\OvFbphV.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\xpxsbcF.exe
  C:\Windows\System\xpxsbcF.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\KjLSPOO.exe
  C:\Windows\System\KjLSPOO.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\XYkZdLW.exe
  C:\Windows\System\XYkZdLW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\pZwlDFS.exe
  C:\Windows\System\pZwlDFS.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\QUuEzEm.exe
  C:\Windows\System\QUuEzEm.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\gociGOY.exe
  C:\Windows\System\gociGOY.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\DvstJGT.exe
  C:\Windows\System\DvstJGT.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\LJmkKsG.exe
  C:\Windows\System\LJmkKsG.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\rmLBRKY.exe
  C:\Windows\System\rmLBRKY.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\BrnBlEc.exe
  C:\Windows\System\BrnBlEc.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\gQZsgXC.exe
  C:\Windows\System\gQZsgXC.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\EjjWuIB.exe
  C:\Windows\System\EjjWuIB.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\hlaZNnM.exe
  C:\Windows\System\hlaZNnM.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\dssnvBW.exe
  C:\Windows\System\dssnvBW.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\pmQvEHy.exe
  C:\Windows\System\pmQvEHy.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\EFrTJyv.exe
  C:\Windows\System\EFrTJyv.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\qXXpBbR.exe
  C:\Windows\System\qXXpBbR.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\FRmWkGm.exe
  C:\Windows\System\FRmWkGm.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\fdJXHBi.exe
  C:\Windows\System\fdJXHBi.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\UmaPybW.exe
  C:\Windows\System\UmaPybW.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\VorLwjS.exe
  C:\Windows\System\VorLwjS.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\ZPaeSzo.exe
  C:\Windows\System\ZPaeSzo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\NcukxKv.exe
  C:\Windows\System\NcukxKv.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\ZBQeDpz.exe
  C:\Windows\System\ZBQeDpz.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\rUTvrdK.exe
  C:\Windows\System\rUTvrdK.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\IREuZVo.exe
  C:\Windows\System\IREuZVo.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\pSXSiCN.exe
  C:\Windows\System\pSXSiCN.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\LJPXKBv.exe
  C:\Windows\System\LJPXKBv.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\BLquBpz.exe
  C:\Windows\System\BLquBpz.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\RuFDAoB.exe
  C:\Windows\System\RuFDAoB.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\zQMwgBy.exe
  C:\Windows\System\zQMwgBy.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZqyLMoy.exe
  C:\Windows\System\ZqyLMoy.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\pgzLVNm.exe
  C:\Windows\System\pgzLVNm.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\rifEFsI.exe
  C:\Windows\System\rifEFsI.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\khRpZyC.exe
  C:\Windows\System\khRpZyC.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\xlZEPjl.exe
  C:\Windows\System\xlZEPjl.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\oYUvCGP.exe
  C:\Windows\System\oYUvCGP.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\oaWJNgt.exe
  C:\Windows\System\oaWJNgt.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\lggoNwR.exe
  C:\Windows\System\lggoNwR.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\cvNeIxs.exe
  C:\Windows\System\cvNeIxs.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\evuKaDW.exe
  C:\Windows\System\evuKaDW.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ZsTxuEW.exe
  C:\Windows\System\ZsTxuEW.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\FZcluzA.exe
  C:\Windows\System\FZcluzA.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\RsDgnbs.exe
  C:\Windows\System\RsDgnbs.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\xmwYROM.exe
  C:\Windows\System\xmwYROM.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\aahWDBy.exe
  C:\Windows\System\aahWDBy.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HVRgIkG.exe
  C:\Windows\System\HVRgIkG.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\RpIXEEt.exe
  C:\Windows\System\RpIXEEt.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\AAgEIRW.exe
  C:\Windows\System\AAgEIRW.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\NzItwur.exe
  C:\Windows\System\NzItwur.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\TjHfFIt.exe
  C:\Windows\System\TjHfFIt.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\JaaTBIh.exe
  C:\Windows\System\JaaTBIh.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\oSXbVNq.exe
  C:\Windows\System\oSXbVNq.exe
  2⤵
  PID:748
- C:\Windows\System\MNMmTUS.exe
  C:\Windows\System\MNMmTUS.exe
  2⤵
  PID:3932
- C:\Windows\System\fYyqRFZ.exe
  C:\Windows\System\fYyqRFZ.exe
  2⤵
  PID:4400
- C:\Windows\System\dIQjvBH.exe
  C:\Windows\System\dIQjvBH.exe
  2⤵
  PID:2540
- C:\Windows\System\ontuWNN.exe
  C:\Windows\System\ontuWNN.exe
  2⤵
  PID:432
- C:\Windows\System\mkbjQNl.exe
  C:\Windows\System\mkbjQNl.exe
  2⤵
  PID:1556
- C:\Windows\System\wePRVCB.exe
  C:\Windows\System\wePRVCB.exe
  2⤵
  PID:4760
- C:\Windows\System\NQJIiVk.exe
  C:\Windows\System\NQJIiVk.exe
  2⤵
  PID:1672
- C:\Windows\System\yGRKmIg.exe
  C:\Windows\System\yGRKmIg.exe
  2⤵
  PID:1352
- C:\Windows\System\wRkPcaR.exe
  C:\Windows\System\wRkPcaR.exe
  2⤵
  PID:2464
- C:\Windows\System\gVaojqb.exe
  C:\Windows\System\gVaojqb.exe
  2⤵
  PID:1196
- C:\Windows\System\efuGeRx.exe
  C:\Windows\System\efuGeRx.exe
  2⤵
  PID:636
- C:\Windows\System\tZUzqJj.exe
  C:\Windows\System\tZUzqJj.exe
  2⤵
  PID:5056
- C:\Windows\System\IkAaQGK.exe
  C:\Windows\System\IkAaQGK.exe
  2⤵
  PID:4264
- C:\Windows\System\xnUAYvo.exe
  C:\Windows\System\xnUAYvo.exe
  2⤵
  PID:3896
- C:\Windows\System\aBGIOSP.exe
  C:\Windows\System\aBGIOSP.exe
  2⤵
  PID:4268
- C:\Windows\System\HpYwzNY.exe
  C:\Windows\System\HpYwzNY.exe
  2⤵
  PID:396
- C:\Windows\System\vJonpcZ.exe
  C:\Windows\System\vJonpcZ.exe
  2⤵
  PID:3556
- C:\Windows\System\oXBcGIm.exe
  C:\Windows\System\oXBcGIm.exe
  2⤵
  PID:2636
- C:\Windows\System\IuGKtoe.exe
  C:\Windows\System\IuGKtoe.exe
  2⤵
  PID:4412
- C:\Windows\System\fcUILfe.exe
  C:\Windows\System\fcUILfe.exe
  2⤵
  PID:3068
- C:\Windows\System\UKmbRss.exe
  C:\Windows\System\UKmbRss.exe
  2⤵
  PID:3412
- C:\Windows\System\VLEEFyi.exe
  C:\Windows\System\VLEEFyi.exe
  2⤵
  PID:5108
- C:\Windows\System\fEyzSbz.exe
  C:\Windows\System\fEyzSbz.exe
  2⤵
  PID:3920
- C:\Windows\System\JNxJdeY.exe
  C:\Windows\System\JNxJdeY.exe
  2⤵
  PID:4604
- C:\Windows\System\XzDVgTb.exe
  C:\Windows\System\XzDVgTb.exe
  2⤵
  PID:4152
- C:\Windows\System\zvKqsVr.exe
  C:\Windows\System\zvKqsVr.exe
  2⤵
  PID:3784
- C:\Windows\System\kFmwxDL.exe
  C:\Windows\System\kFmwxDL.exe
  2⤵
  PID:3192
- C:\Windows\System\wfBRApp.exe
  C:\Windows\System\wfBRApp.exe
  2⤵
  PID:2360
- C:\Windows\System\qaRrTTX.exe
  C:\Windows\System\qaRrTTX.exe
  2⤵
  PID:3100
- C:\Windows\System\lTuvjiT.exe
  C:\Windows\System\lTuvjiT.exe
  2⤵
  PID:4964
- C:\Windows\System\ShfrHQU.exe
  C:\Windows\System\ShfrHQU.exe
  2⤵
  PID:3852
- C:\Windows\System\xTcezCB.exe
  C:\Windows\System\xTcezCB.exe
  2⤵
  PID:2808
- C:\Windows\System\EecjzIt.exe
  C:\Windows\System\EecjzIt.exe
  2⤵
  PID:1404
- C:\Windows\System\DEbchhw.exe
  C:\Windows\System\DEbchhw.exe
  2⤵
  PID:4796
- C:\Windows\System\WKlUElW.exe
  C:\Windows\System\WKlUElW.exe
  2⤵
  PID:3260
- C:\Windows\System\ZMhJuDD.exe
  C:\Windows\System\ZMhJuDD.exe
  2⤵
  PID:4440
- C:\Windows\System\ziOvAbw.exe
  C:\Windows\System\ziOvAbw.exe
  2⤵
  PID:4976
- C:\Windows\System\wMSWMcv.exe
  C:\Windows\System\wMSWMcv.exe
  2⤵
  PID:4288
- C:\Windows\System\RMnUPXd.exe
  C:\Windows\System\RMnUPXd.exe
  2⤵
  PID:5048
- C:\Windows\System\KWJWtTB.exe
  C:\Windows\System\KWJWtTB.exe
  2⤵
  PID:836
- C:\Windows\System\IEiJkBn.exe
  C:\Windows\System\IEiJkBn.exe
  2⤵
  PID:2544
- C:\Windows\System\NsYLbGk.exe
  C:\Windows\System\NsYLbGk.exe
  2⤵
  PID:3052
- C:\Windows\System\qJQUgIs.exe
  C:\Windows\System\qJQUgIs.exe
  2⤵
  PID:1284
- C:\Windows\System\uDLLGxa.exe
  C:\Windows\System\uDLLGxa.exe
  2⤵
  PID:2856
- C:\Windows\System\eWtFgsH.exe
  C:\Windows\System\eWtFgsH.exe
  2⤵
  PID:1720
- C:\Windows\System\OBNodCS.exe
  C:\Windows\System\OBNodCS.exe
  2⤵
  PID:1948
- C:\Windows\System\VmSyBiS.exe
  C:\Windows\System\VmSyBiS.exe
  2⤵
  PID:468
- C:\Windows\System\bCfbvKp.exe
  C:\Windows\System\bCfbvKp.exe
  2⤵
  PID:1180
- C:\Windows\System\HxbsNWA.exe
  C:\Windows\System\HxbsNWA.exe
  2⤵
  PID:4284
- C:\Windows\System\OuDzHhL.exe
  C:\Windows\System\OuDzHhL.exe
  2⤵
  PID:5100
- C:\Windows\System\JiBPwrA.exe
  C:\Windows\System\JiBPwrA.exe
  2⤵
  PID:2672
- C:\Windows\System\NeWIoFM.exe
  C:\Windows\System\NeWIoFM.exe
  2⤵
  PID:4116
- C:\Windows\System\SgOfvqW.exe
  C:\Windows\System\SgOfvqW.exe
  2⤵
  PID:5144
- C:\Windows\System\rwazemy.exe
  C:\Windows\System\rwazemy.exe
  2⤵
  PID:5172
- C:\Windows\System\BPjekms.exe
  C:\Windows\System\BPjekms.exe
  2⤵
  PID:5200
- C:\Windows\System\CmhCUJz.exe
  C:\Windows\System\CmhCUJz.exe
  2⤵
  PID:5224
- C:\Windows\System\fyqrMUT.exe
  C:\Windows\System\fyqrMUT.exe
  2⤵
  PID:5256
- C:\Windows\System\vKNFISS.exe
  C:\Windows\System\vKNFISS.exe
  2⤵
  PID:5280
- C:\Windows\System\VARODGg.exe
  C:\Windows\System\VARODGg.exe
  2⤵
  PID:5316
- C:\Windows\System\SszZQmo.exe
  C:\Windows\System\SszZQmo.exe
  2⤵
  PID:5336
- C:\Windows\System\MEtkdfz.exe
  C:\Windows\System\MEtkdfz.exe
  2⤵
  PID:5368
- C:\Windows\System\MTcPCDQ.exe
  C:\Windows\System\MTcPCDQ.exe
  2⤵
  PID:5396
- C:\Windows\System\eaqijqa.exe
  C:\Windows\System\eaqijqa.exe
  2⤵
  PID:5424
- C:\Windows\System\oyNpiGe.exe
  C:\Windows\System\oyNpiGe.exe
  2⤵
  PID:5448
- C:\Windows\System\vKeMpQV.exe
  C:\Windows\System\vKeMpQV.exe
  2⤵
  PID:5476
- C:\Windows\System\KbjTLfg.exe
  C:\Windows\System\KbjTLfg.exe
  2⤵
  PID:5504
- C:\Windows\System\AelNdwY.exe
  C:\Windows\System\AelNdwY.exe
  2⤵
  PID:5532
- C:\Windows\System\JnqfYwa.exe
  C:\Windows\System\JnqfYwa.exe
  2⤵
  PID:5560
- C:\Windows\System\VKQAlxL.exe
  C:\Windows\System\VKQAlxL.exe
  2⤵
  PID:5592
- C:\Windows\System\lTxmRYi.exe
  C:\Windows\System\lTxmRYi.exe
  2⤵
  PID:5620
- C:\Windows\System\YIeqxWR.exe
  C:\Windows\System\YIeqxWR.exe
  2⤵
  PID:5644
- C:\Windows\System\dJKrFOG.exe
  C:\Windows\System\dJKrFOG.exe
  2⤵
  PID:5672
- C:\Windows\System\BvsVkdr.exe
  C:\Windows\System\BvsVkdr.exe
  2⤵
  PID:5700
- C:\Windows\System\xWUChch.exe
  C:\Windows\System\xWUChch.exe
  2⤵
  PID:5732
- C:\Windows\System\odGNVaK.exe
  C:\Windows\System\odGNVaK.exe
  2⤵
  PID:5756
- C:\Windows\System\XHcMRsx.exe
  C:\Windows\System\XHcMRsx.exe
  2⤵
  PID:5784
- C:\Windows\System\MkwZhmE.exe
  C:\Windows\System\MkwZhmE.exe
  2⤵
  PID:5812
- C:\Windows\System\bYwSUVE.exe
  C:\Windows\System\bYwSUVE.exe
  2⤵
  PID:5840
- C:\Windows\System\RGmRAGn.exe
  C:\Windows\System\RGmRAGn.exe
  2⤵
  PID:5872
- C:\Windows\System\OEvwtPb.exe
  C:\Windows\System\OEvwtPb.exe
  2⤵
  PID:5896
- C:\Windows\System\TDujWRu.exe
  C:\Windows\System\TDujWRu.exe
  2⤵
  PID:5928
- C:\Windows\System\WDJlhoC.exe
  C:\Windows\System\WDJlhoC.exe
  2⤵
  PID:5956
- C:\Windows\System\taSLFAw.exe
  C:\Windows\System\taSLFAw.exe
  2⤵
  PID:5980
- C:\Windows\System\gTviADI.exe
  C:\Windows\System\gTviADI.exe
  2⤵
  PID:6008
- C:\Windows\System\NjcdTVZ.exe
  C:\Windows\System\NjcdTVZ.exe
  2⤵
  PID:6036
- C:\Windows\System\hAgDcaj.exe
  C:\Windows\System\hAgDcaj.exe
  2⤵
  PID:6064
- C:\Windows\System\TFfKQUx.exe
  C:\Windows\System\TFfKQUx.exe
  2⤵
  PID:6092
- C:\Windows\System\zUBVKdq.exe
  C:\Windows\System\zUBVKdq.exe
  2⤵
  PID:6120
- C:\Windows\System\KPPktss.exe
  C:\Windows\System\KPPktss.exe
  2⤵
  PID:5152
- C:\Windows\System\hBdKglv.exe
  C:\Windows\System\hBdKglv.exe
  2⤵
  PID:5208
- C:\Windows\System\SwhVWdd.exe
  C:\Windows\System\SwhVWdd.exe
  2⤵
  PID:5272
- C:\Windows\System\vltfmJd.exe
  C:\Windows\System\vltfmJd.exe
  2⤵
  PID:5332
- C:\Windows\System\OuTcrdl.exe
  C:\Windows\System\OuTcrdl.exe
  2⤵
  PID:5404
- C:\Windows\System\tpzeBbH.exe
  C:\Windows\System\tpzeBbH.exe
  2⤵
  PID:5468
- C:\Windows\System\ZtiwcDZ.exe
  C:\Windows\System\ZtiwcDZ.exe
  2⤵
  PID:5528
- C:\Windows\System\ogZQsGK.exe
  C:\Windows\System\ogZQsGK.exe
  2⤵
  PID:5600
- C:\Windows\System\nCTqmHC.exe
  C:\Windows\System\nCTqmHC.exe
  2⤵
  PID:5664
- C:\Windows\System\OMGOMiO.exe
  C:\Windows\System\OMGOMiO.exe
  2⤵
  PID:5724
- C:\Windows\System\tdqiBaA.exe
  C:\Windows\System\tdqiBaA.exe
  2⤵
  PID:5780
- C:\Windows\System\ogopMkM.exe
  C:\Windows\System\ogopMkM.exe
  2⤵
  PID:5852
- C:\Windows\System\xBPMlSv.exe
  C:\Windows\System\xBPMlSv.exe
  2⤵
  PID:5916
- C:\Windows\System\uwmZuvC.exe
  C:\Windows\System\uwmZuvC.exe
  2⤵
  PID:5976
- C:\Windows\System\xTKGsXz.exe
  C:\Windows\System\xTKGsXz.exe
  2⤵
  PID:6048
- C:\Windows\System\erFmSti.exe
  C:\Windows\System\erFmSti.exe
  2⤵
  PID:6112
- C:\Windows\System\LTJBLqR.exe
  C:\Windows\System\LTJBLqR.exe
  2⤵
  PID:5236
- C:\Windows\System\EtKYSxd.exe
  C:\Windows\System\EtKYSxd.exe
  2⤵
  PID:5388
- C:\Windows\System\OmzsuNJ.exe
  C:\Windows\System\OmzsuNJ.exe
  2⤵
  PID:5500
- C:\Windows\System\gaZRGUi.exe
  C:\Windows\System\gaZRGUi.exe
  2⤵
  PID:5712
- C:\Windows\System\BdUKUYd.exe
  C:\Windows\System\BdUKUYd.exe
  2⤵
  PID:5888
- C:\Windows\System\wopHudn.exe
  C:\Windows\System\wopHudn.exe
  2⤵
  PID:6028
- C:\Windows\System\bDWhPTa.exe
  C:\Windows\System\bDWhPTa.exe
  2⤵
  PID:5192
- C:\Windows\System\MnJaZSe.exe
  C:\Windows\System\MnJaZSe.exe
  2⤵
  PID:5584
- C:\Windows\System\IuCMsqD.exe
  C:\Windows\System\IuCMsqD.exe
  2⤵
  PID:5944
- C:\Windows\System\dBvIIdE.exe
  C:\Windows\System\dBvIIdE.exe
  2⤵
  PID:5808
- C:\Windows\System\NbdctSL.exe
  C:\Windows\System\NbdctSL.exe
  2⤵
  PID:5948
- C:\Windows\System\ElQEQyS.exe
  C:\Windows\System\ElQEQyS.exe
  2⤵
  PID:6164
- C:\Windows\System\LnQRhtY.exe
  C:\Windows\System\LnQRhtY.exe
  2⤵
  PID:6192
- C:\Windows\System\tNQQnij.exe
  C:\Windows\System\tNQQnij.exe
  2⤵
  PID:6220
- C:\Windows\System\KWByUjw.exe
  C:\Windows\System\KWByUjw.exe
  2⤵
  PID:6248
- C:\Windows\System\GoTUfoQ.exe
  C:\Windows\System\GoTUfoQ.exe
  2⤵
  PID:6276
- C:\Windows\System\BKytjiA.exe
  C:\Windows\System\BKytjiA.exe
  2⤵
  PID:6304
- C:\Windows\System\tkwgHkn.exe
  C:\Windows\System\tkwgHkn.exe
  2⤵
  PID:6332
- C:\Windows\System\lrONPAR.exe
  C:\Windows\System\lrONPAR.exe
  2⤵
  PID:6360
- C:\Windows\System\eLscUZy.exe
  C:\Windows\System\eLscUZy.exe
  2⤵
  PID:6388
- C:\Windows\System\aLdXYpB.exe
  C:\Windows\System\aLdXYpB.exe
  2⤵
  PID:6416
- C:\Windows\System\oBJqIrl.exe
  C:\Windows\System\oBJqIrl.exe
  2⤵
  PID:6448
- C:\Windows\System\MfAhbLQ.exe
  C:\Windows\System\MfAhbLQ.exe
  2⤵
  PID:6472
- C:\Windows\System\fsCEbBE.exe
  C:\Windows\System\fsCEbBE.exe
  2⤵
  PID:6500
- C:\Windows\System\blvMKms.exe
  C:\Windows\System\blvMKms.exe
  2⤵
  PID:6528
- C:\Windows\System\mZrRQIA.exe
  C:\Windows\System\mZrRQIA.exe
  2⤵
  PID:6560
- C:\Windows\System\rXfnjra.exe
  C:\Windows\System\rXfnjra.exe
  2⤵
  PID:6588
- C:\Windows\System\DjhJlDb.exe
  C:\Windows\System\DjhJlDb.exe
  2⤵
  PID:6612
- C:\Windows\System\mLGtSeO.exe
  C:\Windows\System\mLGtSeO.exe
  2⤵
  PID:6644
- C:\Windows\System\UqibyjZ.exe
  C:\Windows\System\UqibyjZ.exe
  2⤵
  PID:6668
- C:\Windows\System\IamtXGF.exe
  C:\Windows\System\IamtXGF.exe
  2⤵
  PID:6700
- C:\Windows\System\CWItBhN.exe
  C:\Windows\System\CWItBhN.exe
  2⤵
  PID:6724
- C:\Windows\System\nKmDuDl.exe
  C:\Windows\System\nKmDuDl.exe
  2⤵
  PID:6756
- C:\Windows\System\DnFtvZm.exe
  C:\Windows\System\DnFtvZm.exe
  2⤵
  PID:6784
- C:\Windows\System\aaTjhrh.exe
  C:\Windows\System\aaTjhrh.exe
  2⤵
  PID:6808
- C:\Windows\System\ShXGemc.exe
  C:\Windows\System\ShXGemc.exe
  2⤵
  PID:6836
- C:\Windows\System\AGFQsTJ.exe
  C:\Windows\System\AGFQsTJ.exe
  2⤵
  PID:6864
- C:\Windows\System\wYwZGfe.exe
  C:\Windows\System\wYwZGfe.exe
  2⤵
  PID:6892
- C:\Windows\System\NYFfJMD.exe
  C:\Windows\System\NYFfJMD.exe
  2⤵
  PID:6920
- C:\Windows\System\riFXXZp.exe
  C:\Windows\System\riFXXZp.exe
  2⤵
  PID:6952
- C:\Windows\System\YxqwDQH.exe
  C:\Windows\System\YxqwDQH.exe
  2⤵
  PID:6984
- C:\Windows\System\GguHXnx.exe
  C:\Windows\System\GguHXnx.exe
  2⤵
  PID:7008
- C:\Windows\System\QwmzfBA.exe
  C:\Windows\System\QwmzfBA.exe
  2⤵
  PID:7036
- C:\Windows\System\iXsoMFS.exe
  C:\Windows\System\iXsoMFS.exe
  2⤵
  PID:7064
- C:\Windows\System\JUbvWzo.exe
  C:\Windows\System\JUbvWzo.exe
  2⤵
  PID:7092
- C:\Windows\System\IVUybeS.exe
  C:\Windows\System\IVUybeS.exe
  2⤵
  PID:7120
- C:\Windows\System\dqeqadP.exe
  C:\Windows\System\dqeqadP.exe
  2⤵
  PID:7148
- C:\Windows\System\JCINMif.exe
  C:\Windows\System\JCINMif.exe
  2⤵
  PID:6160
- C:\Windows\System\DXKysbl.exe
  C:\Windows\System\DXKysbl.exe
  2⤵
  PID:6232
- C:\Windows\System\qHOUqTA.exe
  C:\Windows\System\qHOUqTA.exe
  2⤵
  PID:6296
- C:\Windows\System\HJcFJzN.exe
  C:\Windows\System\HJcFJzN.exe
  2⤵
  PID:6356
- C:\Windows\System\jrMLTcm.exe
  C:\Windows\System\jrMLTcm.exe
  2⤵
  PID:6428
- C:\Windows\System\yxidgnm.exe
  C:\Windows\System\yxidgnm.exe
  2⤵
  PID:6460
- C:\Windows\System\BQQqQpp.exe
  C:\Windows\System\BQQqQpp.exe
  2⤵
  PID:6548
- C:\Windows\System\pSbSkVj.exe
  C:\Windows\System\pSbSkVj.exe
  2⤵
  PID:6140
- C:\Windows\System\bgfPOmx.exe
  C:\Windows\System\bgfPOmx.exe
  2⤵
  PID:6680
- C:\Windows\System\LiNSQFU.exe
  C:\Windows\System\LiNSQFU.exe
  2⤵
  PID:6744
- C:\Windows\System\WeblmhT.exe
  C:\Windows\System\WeblmhT.exe
  2⤵
  PID:6804
- C:\Windows\System\nIbfMjj.exe
  C:\Windows\System\nIbfMjj.exe
  2⤵
  PID:6876
- C:\Windows\System\dBqidcK.exe
  C:\Windows\System\dBqidcK.exe
  2⤵
  PID:6944
- C:\Windows\System\yXhVHWU.exe
  C:\Windows\System\yXhVHWU.exe
  2⤵
  PID:7004
- C:\Windows\System\nTiwieo.exe
  C:\Windows\System\nTiwieo.exe
  2⤵
  PID:7084
- C:\Windows\System\ZSmCbux.exe
  C:\Windows\System\ZSmCbux.exe
  2⤵
  PID:7140
- C:\Windows\System\iMwthdY.exe
  C:\Windows\System\iMwthdY.exe
  2⤵
  PID:6208
- C:\Windows\System\USurRJD.exe
  C:\Windows\System\USurRJD.exe
  2⤵
  PID:6384
- C:\Windows\System\ZLauDYr.exe
  C:\Windows\System\ZLauDYr.exe
  2⤵
  PID:6492
- C:\Windows\System\RjLVYrz.exe
  C:\Windows\System\RjLVYrz.exe
  2⤵
  PID:6632
- C:\Windows\System\MGAINZz.exe
  C:\Windows\System\MGAINZz.exe
  2⤵
  PID:6772
- C:\Windows\System\emTfRuc.exe
  C:\Windows\System\emTfRuc.exe
  2⤵
  PID:6912
- C:\Windows\System\gtBZMmS.exe
  C:\Windows\System\gtBZMmS.exe
  2⤵
  PID:7104
- C:\Windows\System\VBrabKH.exe
  C:\Windows\System\VBrabKH.exe
  2⤵
  PID:6272
- C:\Windows\System\SCLdoSR.exe
  C:\Windows\System\SCLdoSR.exe
  2⤵
  PID:6776
- C:\Windows\System\mqvGnkm.exe
  C:\Windows\System\mqvGnkm.exe
  2⤵
  PID:7028
- C:\Windows\System\NIaPcbt.exe
  C:\Windows\System\NIaPcbt.exe
  2⤵
  PID:6860
- C:\Windows\System\AqZJzys.exe
  C:\Windows\System\AqZJzys.exe
  2⤵
  PID:6520
- C:\Windows\System\RtoWoRA.exe
  C:\Windows\System\RtoWoRA.exe
  2⤵
  PID:7192
- C:\Windows\System\zNnvRtl.exe
  C:\Windows\System\zNnvRtl.exe
  2⤵
  PID:7216
- C:\Windows\System\ukxNNvN.exe
  C:\Windows\System\ukxNNvN.exe
  2⤵
  PID:7248
- C:\Windows\System\UKRPzDQ.exe
  C:\Windows\System\UKRPzDQ.exe
  2⤵
  PID:7272
- C:\Windows\System\pNxFAFz.exe
  C:\Windows\System\pNxFAFz.exe
  2⤵
  PID:7328
- C:\Windows\System\IynaeHR.exe
  C:\Windows\System\IynaeHR.exe
  2⤵
  PID:7348
- C:\Windows\System\LfENJsD.exe
  C:\Windows\System\LfENJsD.exe
  2⤵
  PID:7364
- C:\Windows\System\AHLLErE.exe
  C:\Windows\System\AHLLErE.exe
  2⤵
  PID:7380
- C:\Windows\System\GwkFbnF.exe
  C:\Windows\System\GwkFbnF.exe
  2⤵
  PID:7396
- C:\Windows\System\HFWSbAR.exe
  C:\Windows\System\HFWSbAR.exe
  2⤵
  PID:7412
- C:\Windows\System\HSuRwzg.exe
  C:\Windows\System\HSuRwzg.exe
  2⤵
  PID:7444
- C:\Windows\System\yIgPiaB.exe
  C:\Windows\System\yIgPiaB.exe
  2⤵
  PID:7468
- C:\Windows\System\YpwWGTE.exe
  C:\Windows\System\YpwWGTE.exe
  2⤵
  PID:7508
- C:\Windows\System\cEmZygc.exe
  C:\Windows\System\cEmZygc.exe
  2⤵
  PID:7552
- C:\Windows\System\bhOOATX.exe
  C:\Windows\System\bhOOATX.exe
  2⤵
  PID:7568
- C:\Windows\System\BPIsmPH.exe
  C:\Windows\System\BPIsmPH.exe
  2⤵
  PID:7596
- C:\Windows\System\WVtVWMc.exe
  C:\Windows\System\WVtVWMc.exe
  2⤵
  PID:7612
- C:\Windows\System\vKkpxMg.exe
  C:\Windows\System\vKkpxMg.exe
  2⤵
  PID:7644
- C:\Windows\System\DtwQdnS.exe
  C:\Windows\System\DtwQdnS.exe
  2⤵
  PID:7684
- C:\Windows\System\JozKAVh.exe
  C:\Windows\System\JozKAVh.exe
  2⤵
  PID:7732
- C:\Windows\System\vpyKWJX.exe
  C:\Windows\System\vpyKWJX.exe
  2⤵
  PID:7768
- C:\Windows\System\imGAkMD.exe
  C:\Windows\System\imGAkMD.exe
  2⤵
  PID:7800
- C:\Windows\System\itZicdE.exe
  C:\Windows\System\itZicdE.exe
  2⤵
  PID:7816
- C:\Windows\System\uRNlThP.exe
  C:\Windows\System\uRNlThP.exe
  2⤵
  PID:7844
- C:\Windows\System\ajUSnfu.exe
  C:\Windows\System\ajUSnfu.exe
  2⤵
  PID:7864
- C:\Windows\System\DnWHwRr.exe
  C:\Windows\System\DnWHwRr.exe
  2⤵
  PID:7892
- C:\Windows\System\MLEjESL.exe
  C:\Windows\System\MLEjESL.exe
  2⤵
  PID:7936
- C:\Windows\System\SeJDRFM.exe
  C:\Windows\System\SeJDRFM.exe
  2⤵
  PID:7964
- C:\Windows\System\AfoOXMR.exe
  C:\Windows\System\AfoOXMR.exe
  2⤵
  PID:7984
- C:\Windows\System\WspiLSZ.exe
  C:\Windows\System\WspiLSZ.exe
  2⤵
  PID:8016
- C:\Windows\System\iyySxth.exe
  C:\Windows\System\iyySxth.exe
  2⤵
  PID:8040
- C:\Windows\System\rBDItDu.exe
  C:\Windows\System\rBDItDu.exe
  2⤵
  PID:8080
- C:\Windows\System\CnQJoOY.exe
  C:\Windows\System\CnQJoOY.exe
  2⤵
  PID:8100
- C:\Windows\System\JfJgCVe.exe
  C:\Windows\System\JfJgCVe.exe
  2⤵
  PID:8136
- C:\Windows\System\bHcNYzH.exe
  C:\Windows\System\bHcNYzH.exe
  2⤵
  PID:8164
- C:\Windows\System\TAjxTYi.exe
  C:\Windows\System\TAjxTYi.exe
  2⤵
  PID:8184
- C:\Windows\System\SuYsnet.exe
  C:\Windows\System\SuYsnet.exe
  2⤵
  PID:7180
- C:\Windows\System\oITVKlW.exe
  C:\Windows\System\oITVKlW.exe
  2⤵
  PID:7292
- C:\Windows\System\TWivQdR.exe
  C:\Windows\System\TWivQdR.exe
  2⤵
  PID:7324
- C:\Windows\System\IFTVcrr.exe
  C:\Windows\System\IFTVcrr.exe
  2⤵
  PID:7388
- C:\Windows\System\MOANshC.exe
  C:\Windows\System\MOANshC.exe
  2⤵
  PID:7488
- C:\Windows\System\xntluOh.exe
  C:\Windows\System\xntluOh.exe
  2⤵
  PID:7504
- C:\Windows\System\TXJFsUV.exe
  C:\Windows\System\TXJFsUV.exe
  2⤵
  PID:7560
- C:\Windows\System\fEmCjuQ.exe
  C:\Windows\System\fEmCjuQ.exe
  2⤵
  PID:7660
- C:\Windows\System\IKwQhjm.exe
  C:\Windows\System\IKwQhjm.exe
  2⤵
  PID:7700
- C:\Windows\System\AYREaWh.exe
  C:\Windows\System\AYREaWh.exe
  2⤵
  PID:7792
- C:\Windows\System\YzCqkYp.exe
  C:\Windows\System\YzCqkYp.exe
  2⤵
  PID:7876
- C:\Windows\System\ZkddAht.exe
  C:\Windows\System\ZkddAht.exe
  2⤵
  PID:7928
- C:\Windows\System\HmGtRSv.exe
  C:\Windows\System\HmGtRSv.exe
  2⤵
  PID:7952
- C:\Windows\System\GrrhyuX.exe
  C:\Windows\System\GrrhyuX.exe
  2⤵
  PID:8076
- C:\Windows\System\ocGzbiU.exe
  C:\Windows\System\ocGzbiU.exe
  2⤵
  PID:8108
- C:\Windows\System\LvlESAo.exe
  C:\Windows\System\LvlESAo.exe
  2⤵
  PID:8172
- C:\Windows\System\UGQoktZ.exe
  C:\Windows\System\UGQoktZ.exe
  2⤵
  PID:7236
- C:\Windows\System\eiGGSvR.exe
  C:\Windows\System\eiGGSvR.exe
  2⤵
  PID:7484
- C:\Windows\System\GVYirdZ.exe
  C:\Windows\System\GVYirdZ.exe
  2⤵
  PID:7536
- C:\Windows\System\glGBcNg.exe
  C:\Windows\System\glGBcNg.exe
  2⤵
  PID:7808
- C:\Windows\System\AnepPpf.exe
  C:\Windows\System\AnepPpf.exe
  2⤵
  PID:7924
- C:\Windows\System\WOqDUkG.exe
  C:\Windows\System\WOqDUkG.exe
  2⤵
  PID:8032
- C:\Windows\System\bdNqbno.exe
  C:\Windows\System\bdNqbno.exe
  2⤵
  PID:7404
- C:\Windows\System\pwfxbEX.exe
  C:\Windows\System\pwfxbEX.exe
  2⤵
  PID:7440
- C:\Windows\System\CUCcJPS.exe
  C:\Windows\System\CUCcJPS.exe
  2⤵
  PID:7960
- C:\Windows\System\AIjJIWK.exe
  C:\Windows\System\AIjJIWK.exe
  2⤵
  PID:7208
- C:\Windows\System\psuoLEr.exe
  C:\Windows\System\psuoLEr.exe
  2⤵
  PID:8208
- C:\Windows\System\ahatiSL.exe
  C:\Windows\System\ahatiSL.exe
  2⤵
  PID:8248
- C:\Windows\System\fGnpHHP.exe
  C:\Windows\System\fGnpHHP.exe
  2⤵
  PID:8272
- C:\Windows\System\eduMJhj.exe
  C:\Windows\System\eduMJhj.exe
  2⤵
  PID:8296
- C:\Windows\System\uWzdkci.exe
  C:\Windows\System\uWzdkci.exe
  2⤵
  PID:8312
- C:\Windows\System\TurSNpp.exe
  C:\Windows\System\TurSNpp.exe
  2⤵
  PID:8348
- C:\Windows\System\rlrCmOl.exe
  C:\Windows\System\rlrCmOl.exe
  2⤵
  PID:8384
- C:\Windows\System\QoTDsOq.exe
  C:\Windows\System\QoTDsOq.exe
  2⤵
  PID:8424
- C:\Windows\System\vOXTKOA.exe
  C:\Windows\System\vOXTKOA.exe
  2⤵
  PID:8440
- C:\Windows\System\aDYdmyl.exe
  C:\Windows\System\aDYdmyl.exe
  2⤵
  PID:8468
- C:\Windows\System\cpBfVcf.exe
  C:\Windows\System\cpBfVcf.exe
  2⤵
  PID:8496
- C:\Windows\System\viPIsjT.exe
  C:\Windows\System\viPIsjT.exe
  2⤵
  PID:8536
- C:\Windows\System\hWMUgIp.exe
  C:\Windows\System\hWMUgIp.exe
  2⤵
  PID:8568
- C:\Windows\System\CGayVwr.exe
  C:\Windows\System\CGayVwr.exe
  2⤵
  PID:8584
- C:\Windows\System\ZFlHpzP.exe
  C:\Windows\System\ZFlHpzP.exe
  2⤵
  PID:8616
- C:\Windows\System\yPTANcf.exe
  C:\Windows\System\yPTANcf.exe
  2⤵
  PID:8644
- C:\Windows\System\NBmQbkn.exe
  C:\Windows\System\NBmQbkn.exe
  2⤵
  PID:8668
- C:\Windows\System\npCFmzh.exe
  C:\Windows\System\npCFmzh.exe
  2⤵
  PID:8684
- C:\Windows\System\aSUrNoq.exe
  C:\Windows\System\aSUrNoq.exe
  2⤵
  PID:8716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ApDMoEF.exe

Filesize
2.1MB

MD5
2ef4addcead80b5ad3f3097d4d1b331c

SHA1
393c9ddf9d0450c6f75b9569058002ef7b5d4c27

SHA256
f9a27f16a7c55b1efd240a2eeb6df926b28cc39189c06ff7c4b48fb92f0e22e0

SHA512
c88ab5640f238690ce5d5df0cf5a22bbc1779af2243add6ffa4ea620bb3377be684bc7c7eb0c52fc89eb498673b5fc4f4956a85280587617a51cbeb0bc573210

Download Submit
C:\Windows\System\BrnBlEc.exe

Filesize
2.1MB

MD5
70eec40c05cf1a103f6af569dfe81b00

SHA1
922b8aa11beafd91b2ccfe7baf2a857ac2f9099b

SHA256
2d0acaf556d0eb33613cee4cb78398e027903d2a9748bb7c90a932cc13db835a

SHA512
0869af0cc3e90ed179b50d083dc7cf6c9fa7911d3725f527f61eb010a73304f44fae6fe80ab6c861a64c69d7ea45d63cbbd558fa889c2a09bbf8908f9b34fd4b

Download Submit
C:\Windows\System\DvstJGT.exe

Filesize
2.1MB

MD5
341b9c48cfdc68116a6f2d1f49808db5

SHA1
ea7f110608f73537d4515700c5e761456cea0fee

SHA256
ea5c58a8bf574f3e6f3aab3cad03e06b1b3ecd201e4b45cd845be1795569326d

SHA512
e8b4cf3672acaecc4df02b043f9b7774d06a69eed3b773df657f52636d068aaecabef7b5d7d60c406f517fb6ee06d6dbbd5da7f8a7f64a1d7e7f4339435f7440

Download Submit
C:\Windows\System\EFrTJyv.exe

Filesize
2.1MB

MD5
cf2146eadaf58df3264c3b8b5d8d5ce8

SHA1
d855b2492baf4a841ef85ed728f5b89499d9b289

SHA256
3586c3e2ccd5bd78cd4a6b727cdd9ee5125ac6ea6c4c40724df13286237b00af

SHA512
7273a6db55cf6ae40a3ba89073cb553a2094c06ebefb155badb2eec6eaa6bb655484e90cc6473030889f9d83bcd0d0b476a0bcdd56afa305d9bfdb7c12e5c4f9

Download Submit
C:\Windows\System\EjjWuIB.exe

Filesize
2.1MB

MD5
5c8b5c1ccf013755e498607452632751

SHA1
ea9bc853d49d60ee9265a9185453e89b0395d342

SHA256
0e25dee867ca1448f2c563979f605b5dd752a25f8c53469a225315cbe05c1513

SHA512
774c1f491a3722e5935e86c08eb436ba79ceb3c64fb3d7c94fc21778ce8369216412d2d0d31221bc192223c85b35e7bcf05fe50ec0a5166468986707d283a868

Download Submit
C:\Windows\System\FRmWkGm.exe

Filesize
2.1MB

MD5
a9398d0ed6524bc807a868dfeb856ef0

SHA1
d0a489f3a8e4b5d179f5387740fbde516b219f52

SHA256
501cd4e59395ed292d077ec7a9a5f0303c02d504252122580c4d8242ecf916a0

SHA512
547810b75c459e10a6f76839427b49e611ba2c1cc71956ba8ea481118ef330c4e177adb3e023d8ec93080daf28e5116beedea3bfb5d88826f673b6e3f59c06af

Download Submit
C:\Windows\System\HIOwaPo.exe

Filesize
2.1MB

MD5
15fd5531acf7ee060a8b2a183cd920da

SHA1
e514dd6645da5e6b14a5e8a7eb66069a696c8d94

SHA256
959e61c3ba5562b93cb7f67d1279d232cd99ce890c8c12b1c61aaa27e2686eeb

SHA512
1d73db002511d119a7a0d07bf94fb544222dd38f35de1f0cbc2ee5f6d4a892dc7395dcaaf116137754195ec146f2d0fed40a00f1e49c471827afaf3a732881dc

Download Submit
C:\Windows\System\HMZHfsX.exe

Filesize
2.1MB

MD5
354f6ab86a51b7c407fde2e92cbc4125

SHA1
1f877477afd76919895a54c5c23e62f1a6442b23

SHA256
2c228423036bcd846b27360807de4e54dbac38aff44f8859ced9dd2419bed4af

SHA512
4a88ac9e56841c3233e4bce3518da5bd1e4b3ebea5606f7e971bd9a9be03ee1260464a2e80da02211d7571f937be71a9cee36ef4c69cbec86dbd1b865e159f8c

Download Submit
C:\Windows\System\KjLSPOO.exe

Filesize
2.1MB

MD5
b7c8751f182d591d51dd64516e602ac3

SHA1
3b7e215914ca6ccac5317e1f4bc5adc05c118806

SHA256
b9a021d039f72a22c57d66fbec27a038c6114461802db794f0c50ccdaf3a30c1

SHA512
d608a4bf72230b391a059bd4051bca26f7738c23634d2ef69d26077c6502f0e37da74ed0510e1740761f9eaca5c739e9be0895aad2ed106740f70d6780db9ed2

Download Submit
C:\Windows\System\LJmkKsG.exe

Filesize
2.1MB

MD5
283de49aa8d3c8e2fdb91e0e1494446e

SHA1
d2eb8c59ab96b486d764007dd62abbd0379789dd

SHA256
32023ba081976ca9fc2da1d3990fdbca397c9b309ea718df2ce3c89ea9405880

SHA512
eff115ceced4ca334d443d156e2469f06034b99a0b1575947f0eac7f8759f96840621b83f71ab52ff57a286a15f91a40f3fe4acbb700a9530186cb2fb5c58d12

Download Submit
C:\Windows\System\OvFbphV.exe

Filesize
2.1MB

MD5
22455d74f998eb0f3aa4a317bb11d738

SHA1
909c5a5b05ba1c86021122ca497ecef4601afb62

SHA256
12395e76a55cb15551f5c4b9c2b28dc72bd08fd8df63e416bc409ff45230e5a4

SHA512
9f210503767a86d07f14cfda9fd0c80d450dcc83cad9ecabb0530b4093120682fa8b3b7fbbdc4fd388d32ad4abeeaafbe4ad5b4716fb6a5ea285b226f4115da3

Download Submit
C:\Windows\System\QUuEzEm.exe

Filesize
2.1MB

MD5
07eb840326c3a418bd6153b14abd3699

SHA1
fbe2e8d26452369177185797ea79f22e8764ac33

SHA256
5f154162a420bf7112d154a256ba91167dc62e724ea69b91462963666ea9183c

SHA512
69e209a1c1dd740c4f1562ccee04d833997a1e367365652980993c600d4c60a94b4b02eddb212399311ca2b66a9b6935f454e80d6326253764e24cdf2da2d331

Download Submit
C:\Windows\System\SziLnmC.exe

Filesize
2.1MB

MD5
37c3f05abaf66fed79acd7a37a696745

SHA1
def36292d9f756b46586688cd7d56a1bccb615a1

SHA256
f97cad6663d06ca59ab0c8d2c23347c37c539385c4f0f2b82fbbbc665ef9940d

SHA512
9fc8d813c03ebfb2068f9d08ca35ed2d0518aeccc3904d49563bec1464992b65f3da4249ff47dc51b9a1dd3150819b70cdb0761311d72ccb64f6c66b655949e2

Download Submit
C:\Windows\System\UmaPybW.exe

Filesize
2.1MB

MD5
07db87581b2a14fba595c80e5e1444f8

SHA1
3b3bedebc5aec5d1c27d43bd2cb19b782059ec02

SHA256
bc33982533e10678db5cf0f75d812047cb6914679130676382c78551f150ef0a

SHA512
d45a5eeddc8a9e32af26629d8fd324cdefae81c81c8512bcff177712a161f2d43b15a2f4e51f47f36e789278d72c230aafb1c4958e61cea0d226ea3856da2851

Download Submit
C:\Windows\System\XYkZdLW.exe

Filesize
2.1MB

MD5
c054e10bd3dd46866a9da39f57caa678

SHA1
119b44b6af972f7ee71bac0a9ba4b7e4bca73825

SHA256
5c982c9e6375046b4e49f47a3d0202cf22335c41d1207ac309f13d783683c67d

SHA512
96380b56c5993ae0864268e992c0781ec41c6429064eeef0d7b10828c1260b30586d436742c0bac50e5b781ebfc936b941b26efde2dd1317b33a7c47a6f65f76

Download Submit
C:\Windows\System\YrHXXHc.exe

Filesize
2.1MB

MD5
4b8bb99929d7be9358d6e58950112fc5

SHA1
18a41de3586503e3194ec1c8196792b7b164f3cc

SHA256
2139e12e2d615dceea65f322c5a66c1e8a3e09e58ea31b97826682ceb2653bbe

SHA512
9bb364c236516ec94bacf9f93cf39a44873df854ea2f7fd2a805f5ad9c1f82dbc28d316f9f910219249c95cd7dcba6e3c21e5006e638d3ba5297ca28c37e2b0e

Download Submit
C:\Windows\System\cRqreUE.exe

Filesize
2.1MB

MD5
c357d1e878c474ac4a848f831ca9e9dc

SHA1
912e86de740a84f9f0b645742ce42c71f0f35d46

SHA256
a24061823179e7e1de14f9a941db819b90f3d020075f392f6ea02d0f9b974da6

SHA512
6ab1a2d11d0bf2502f1975b90ce707130ef990185c172d64c077ee090b7662604cf48dbb4ad68c0b31ef41e3ab743fe2221857d0a2f0f400bb110cf806e85cf9

Download Submit
C:\Windows\System\dssnvBW.exe

Filesize
2.1MB

MD5
67c591431ef5ccde3c828e449d4b8fcd

SHA1
045d02afc098effcacdd4ba3e6478a573b9c1dc9

SHA256
90764bd04aa7ec68c15358d3b20864c7cfee9611b1851c3d99f89438be0564b3

SHA512
df59537dddb0314f80010d9889c44619fa0709a7d525c24d47ab1c5d11bee770d4c8e1bad36c4b68a99cef751fb906c71a1a2dea9739b2e63459b4f958ea7aa0

Download Submit
C:\Windows\System\fdJXHBi.exe

Filesize
2.1MB

MD5
a6086de0f6169d22344ea201376e1dde

SHA1
10f59e3d402c74e4473e3fe8118a1ff47af87ab5

SHA256
cca19f63fab22b5a82c97f636c33bb8441d6fce5e025f6c42d3005e927ea7b83

SHA512
78ef0a78eb55bac606a0c365beab4d4cb0698eef61bf8f4c202f84d0475e46572f6b8d76601b71fe65326cb7c6d2b74e093074edc19fe7dd66ffcf7e57d2b8ba

Download Submit
C:\Windows\System\gQZsgXC.exe

Filesize
2.1MB

MD5
656d0639f9038c64effc27fb98b05dac

SHA1
01f3841d754e396730b80a5e383aa52aab9efb04

SHA256
9ad7e2ae4eed75ba6ae720751dd71fb6747905355eac5e5f24db2c3b281ea522

SHA512
7ab225ac8f49bf5443cb3314115afc3a3479a335c84a1f0c6718f7ad7dc0d8105db19eb48c31afebaf6f1903a0c47c72a01236e55d1f0d609cac957b502858bb

Download Submit
C:\Windows\System\gfqPIqD.exe

Filesize
2.1MB

MD5
cb2a6e0903585ed780b6660358a4d92e

SHA1
95f1074988d8a9dfb6df603ee54b2b77c7e15513

SHA256
29e5b336cc6291fcc97f84c1b09461bdd71df86de8d27971ae800d5da30c61dd

SHA512
f224f65546e32f5da148913f9f06df339c1c92b62c6385ae08c138371b4de7bf0f805193fd4e0ede411d655014a10e8b59acf7499534b1650aac06cbe46aeb1e

Download Submit
C:\Windows\System\gociGOY.exe

Filesize
2.1MB

MD5
b783719f9db1e39e180e0a784f5e6ef9

SHA1
d085fb027eb9b2de30fba875824a24bb9a26edc0

SHA256
1cf98aae8b0a7584a91b7dc5b9224eb7ac651f684847e922258d398cd860cb02

SHA512
0f0cf837776cced3fcb36fd248ed327267fc5829798bcc6dc6ee1cfd7942894ff4e627f8a0324a500748d4a740f60ece2e2e68f63b452485ba97514be3a1bd4b

Download Submit
C:\Windows\System\hhdzPau.exe

Filesize
2.1MB

MD5
5e446454f3f4544a30da5988a66beaf1

SHA1
fddbf6329e92e2ae4d00e5a6627fdc66e2fe53f2

SHA256
1a8743eb74d32ee688c0325d0d5b86478a182e9a055a287325389cd1aa98bfb1

SHA512
6b1d0e332206e26b3077e1806f8a7d2a26d06528d1033ca7170f1711015ed71f05196b2095b1e04bc08c0f392f4efe319e20fb89a2b4e2a99f35020725359cbf

Download Submit
C:\Windows\System\hlaZNnM.exe

Filesize
2.1MB

MD5
d1f4f7a437aaf6c753ed4011f4aac421

SHA1
454b91eb6a42c80fbdccb24903212ed48a1d6218

SHA256
133794b8486b049d4f7decabe9a25043e7e651bd1085aa5d4b69e49c6283d4fb

SHA512
cc5fb4a08a9a4978f9020e313fe53802296dcfa06ca46f105d7294cb615b9db56c9e10f63eb034f59ddfbce640188f85f350d55ed62cb6b431beb7ddb6e2cda8

Download Submit
C:\Windows\System\jRKJxpp.exe

Filesize
2.1MB

MD5
e2e6ae8a39a36d12931a9da4399ea484

SHA1
92ecc9fb8f9f49efc144401de7092a4e05725773

SHA256
61d57bd879acf6496a816e66297cbd50e426681feebcb0cd98cf2c83da8b1251

SHA512
324baf38c7a9068ba6f9043a1abd3981fb03a52290f8df4c599c1c3bf0b725e9f098cdb058490485bd410f05fd379d2a312d76e7004fbbea708e49947923bfa6

Download Submit
C:\Windows\System\pZwlDFS.exe

Filesize
2.1MB

MD5
386ddc8a415028eba94d0463072bfe1b

SHA1
7d5d0b08085e8dadfb6f33e2e7fa43a6ce2a5337

SHA256
ce2ab786492515a3475c67662f21d9cd7930e08fb869fd3904e3a44552eee06e

SHA512
20e2993354ce648760653cbe15b4103bccee83490891ee2d3ae17fbc0de5913c3528be73021bb25ad63d6e8d84976b82bca8d28beb7074da54368ed5a9d70af5

Download Submit
C:\Windows\System\pmQvEHy.exe

Filesize
2.1MB

MD5
7b9e4eb52b8bc7909f1b6bd2cddd28c0

SHA1
631ab4853b4570e49e9aeb78d797663b450c41ae

SHA256
4f60c5450c42ff10e09c5e0483fd1425737600a584c19bf5dcc3998001ed1b5a

SHA512
839b85bfa9acf6c16b10846daa547ac8d2852064351a91631424161cbc127399b0c30584b9917a79ae034646aa79d3c5d45a6d17598225876f9158a8454440e2

Download Submit
C:\Windows\System\qXXpBbR.exe

Filesize
2.1MB

MD5
d527cc271745dcfc6a640ed0a22a0b2e

SHA1
25c62bd9a9fba09aa9991a9b5c687e5a50d67058

SHA256
d0bfbbe07e7ae7cdaf4f9bc6a1db41d75af8592ee36c5d6050426c7e34377237

SHA512
42f3f88d21fc897f1491b1de7f5823dc7a225d2406f368e7896a2751c493bab41ca76800950c440ea9defb2941fcd97b45a0de040041e8239624d65749590572

Download Submit
C:\Windows\System\qjDbdyZ.exe

Filesize
2.1MB

MD5
35d3ab6a7c15bac75a6df1963e42cc80

SHA1
cd71d903ff08533e96fe01dc8ee4a9019732ea01

SHA256
62df712a01a14347aa501af1342bec2d988bdc8cf4b961998bdb75bd59c43d41

SHA512
e115fd3194817faa57298c47a996ec714003f67086e669cc0db6b4f01b16d527e712da22b3300a6b38bc53e2882db77d42c9d0a2e89f997798e5a0f8c572b4c0

Download Submit
C:\Windows\System\rkXmUSz.exe

Filesize
2.1MB

MD5
4ac505d225144cdeb7ca6a44129a76bb

SHA1
5db00e5f2f2eee0a171a979bdf4efca4f386bb48

SHA256
ba9992b6da2ea3fcffa42b6d78823535083bdcaf5b4198c50364adbc2001d0ae

SHA512
672b668ca89b943d4f189012fd0880e04c113574d3adcc2526796602b31be21b178ce3258b17a8a134d75275e72a365e4771d8075906fd434ec06e6b46ca6071

Download Submit
C:\Windows\System\rmLBRKY.exe

Filesize
2.1MB

MD5
8795c70bd634fdc998a3de500a3c4a58

SHA1
91aca70e9b7f4c1fc1575297c95b93d4e9c5147b

SHA256
5b3541e2290197322e7983ae789004696f205bebcb1745c0eca528ee7ad1f425

SHA512
6f84b6047755ef994cc7973c71c45c4a6bba81b94d3b75d86c7b92e15057540ee0df347998a2eec0920cead36a59aa6f2d8860d0e10953f7fd8172308e129110

Download Submit
C:\Windows\System\xpxsbcF.exe

Filesize
2.1MB

MD5
d3545842ddbc50c43f301ee7150ad8dd

SHA1
7b08c70ad6bba06ebc2f31a575e3cab2546a0451

SHA256
c9a0efcfe591e1ed894d12e6389ecf77b8ce07d369cb026d92c4d8fb74f34ba8

SHA512
9add39c9fd371659475a5803a41315aabdde26cd217c9e9d8b2b75e226aa38707b150b1a4a3a626f4d054f124b941b9b565031102f3dad71a0792c0e53166fd7

Download Submit
memory/3300-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download