kpot | 0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
Size

2.1MB
MD5

1bc0603142d75f283b047b689a9c5ef0
SHA1

5f02d4e827a4a78f1018b29cadad8d97c54d44fb
SHA256

0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16
SHA512

dddc48e7649ea51a54294c077798e3916f2e235bf927a00f23254f0bec9719f43ad9b0d21fdd7dc183e81a7c51fb903ff180f6b2b30c3b32ddd820f63aad0392
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2r5Pj:GemTLkNdfE0pZaQ5

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000800000002328e-4.dat	family_kpot
behavioral2/files/0x0007000000023429-9.dat	family_kpot
behavioral2/files/0x000700000002342a-8.dat	family_kpot
behavioral2/files/0x000700000002342b-20.dat	family_kpot
behavioral2/files/0x000700000002342c-23.dat	family_kpot
behavioral2/files/0x000700000002342d-29.dat	family_kpot
behavioral2/files/0x000700000002342e-34.dat	family_kpot
behavioral2/files/0x0009000000023421-40.dat	family_kpot
behavioral2/files/0x000700000002342f-43.dat	family_kpot
behavioral2/files/0x0007000000023430-49.dat	family_kpot
behavioral2/files/0x0007000000023431-52.dat	family_kpot
behavioral2/files/0x0007000000023432-58.dat	family_kpot
behavioral2/files/0x0007000000023433-63.dat	family_kpot
behavioral2/files/0x0007000000023434-69.dat	family_kpot
behavioral2/files/0x0007000000023435-74.dat	family_kpot
behavioral2/files/0x0007000000023436-80.dat	family_kpot
behavioral2/files/0x0007000000023437-83.dat	family_kpot
behavioral2/files/0x0007000000023438-89.dat	family_kpot
behavioral2/files/0x0007000000023439-94.dat	family_kpot
behavioral2/files/0x000700000002343a-100.dat	family_kpot
behavioral2/files/0x000700000002343b-103.dat	family_kpot
behavioral2/files/0x000700000002343c-110.dat	family_kpot
behavioral2/files/0x000700000002343d-115.dat	family_kpot
behavioral2/files/0x000700000002343f-124.dat	family_kpot
behavioral2/files/0x000700000002343e-120.dat	family_kpot
behavioral2/files/0x0007000000023440-130.dat	family_kpot
behavioral2/files/0x0007000000023442-140.dat	family_kpot
behavioral2/files/0x0007000000023441-135.dat	family_kpot
behavioral2/files/0x0007000000023444-148.dat	family_kpot
behavioral2/files/0x0007000000023443-145.dat	family_kpot
behavioral2/files/0x0007000000023445-155.dat	family_kpot
behavioral2/files/0x0007000000023446-160.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000800000002328e-4.dat	xmrig
behavioral2/files/0x0007000000023429-9.dat	xmrig
behavioral2/files/0x000700000002342a-8.dat	xmrig
behavioral2/files/0x000700000002342b-20.dat	xmrig
behavioral2/files/0x000700000002342c-23.dat	xmrig
behavioral2/files/0x000700000002342d-29.dat	xmrig
behavioral2/files/0x000700000002342e-34.dat	xmrig
behavioral2/files/0x0009000000023421-40.dat	xmrig
behavioral2/files/0x000700000002342f-43.dat	xmrig
behavioral2/files/0x0007000000023430-49.dat	xmrig
behavioral2/files/0x0007000000023431-52.dat	xmrig
behavioral2/files/0x0007000000023432-58.dat	xmrig
behavioral2/files/0x0007000000023433-63.dat	xmrig
behavioral2/files/0x0007000000023434-69.dat	xmrig
behavioral2/files/0x0007000000023435-74.dat	xmrig
behavioral2/files/0x0007000000023436-80.dat	xmrig
behavioral2/files/0x0007000000023437-83.dat	xmrig
behavioral2/files/0x0007000000023438-89.dat	xmrig
behavioral2/files/0x0007000000023439-94.dat	xmrig
behavioral2/files/0x000700000002343a-100.dat	xmrig
behavioral2/files/0x000700000002343b-103.dat	xmrig
behavioral2/files/0x000700000002343c-110.dat	xmrig
behavioral2/files/0x000700000002343d-115.dat	xmrig
behavioral2/files/0x000700000002343f-124.dat	xmrig
behavioral2/files/0x000700000002343e-120.dat	xmrig
behavioral2/files/0x0007000000023440-130.dat	xmrig
behavioral2/files/0x0007000000023442-140.dat	xmrig
behavioral2/files/0x0007000000023441-135.dat	xmrig
behavioral2/files/0x0007000000023444-148.dat	xmrig
behavioral2/files/0x0007000000023443-145.dat	xmrig
behavioral2/files/0x0007000000023445-155.dat	xmrig
behavioral2/files/0x0007000000023446-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3968	BoIWSPW.exe
116	wHkgjkX.exe
744	tddSnFs.exe
1612	OckotGe.exe
656	lPZuEWO.exe
1452	UaTStGM.exe
3024	mSRJLra.exe
2960	JTeFDXQ.exe
2992	NrJcYpp.exe
4520	BKWJhVL.exe
2104	gBlLaXz.exe
1000	cxeGjAr.exe
4540	sCpJJiN.exe
4836	tdadluP.exe
3324	KWzhoxa.exe
1688	eNcHrIH.exe
1008	DYzdMAg.exe
2632	wbmhlWg.exe
392	NpPaWAn.exe
4372	AfNmKGl.exe
4912	NmFUExk.exe
812	gzALIEV.exe
4884	qLmlNWW.exe
1592	yFRIwKl.exe
4340	JsplhJp.exe
4476	iSGkKKP.exe
5036	PzwdIFr.exe
2796	jAJvDZu.exe
940	TOEZyQe.exe
2072	qbvpiLE.exe
2640	gOwwpGM.exe
2768	osZwjNZ.exe
4436	IkFXdAF.exe
2056	FvPplPd.exe
2904	RoQBErC.exe
3028	ERBDPMi.exe
1532	iLYONGj.exe
2192	hZnaIVl.exe
2172	ABgFmpk.exe
2920	lYjEfdn.exe
4628	NzcppBM.exe
4740	DbtyXkl.exe
4464	nnUwAuI.exe
1664	PTgaYpm.exe
428	dLgJoyG.exe
2008	wDGkDgU.exe
4020	KCaipJG.exe
4432	jOGRGRX.exe
1052	aFYSVLT.exe
4492	rjxUKpe.exe
1504	wHpdQbD.exe
5040	PBIarsu.exe
1788	yMehCME.exe
5032	hDJSxiP.exe
4076	ZzERMmn.exe
2616	YGDeEgR.exe
3128	wDYMXDl.exe
216	LEKrUTq.exe
1448	RxwbAXl.exe
4028	rGNpLzq.exe
4764	GCgQOPJ.exe
3932	bLtwwEN.exe
3312	HgjhYwY.exe
1928	LAoMwmU.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DCoNmZD.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\VeQEVkL.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\bfvvGtx.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\KCaipJG.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\YGDeEgR.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\bkFhQqP.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\sztsRPr.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\pgtuIFE.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\TUXjjnq.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\bLtwwEN.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\jVCfnSl.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\eDOnryy.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\Waojchm.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\YyZpVTh.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\ZnPFHZx.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\fBgdziT.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\iSGkKKP.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\mCgCtyf.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\xSuFVCO.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\fdYFixb.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\eNcHrIH.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\rGNpLzq.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\EATphnq.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\urNBJbc.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\SAcaVNe.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\yoFSHif.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\zfBwjZV.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\RoQBErC.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\UpJPAfI.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\KNbbUBX.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\fIzFNto.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\GUNTOaa.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\WhioqdV.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\LyUhZwg.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\ahnCVOV.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\tddSnFs.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\qLmlNWW.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\yVwSqJP.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\GaBkqaE.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\hTLfjkk.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\YrwKRYl.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\XOwQxyr.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\cKgdvQJ.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\dfYeLEK.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\YdMHLJd.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\TeeVRtn.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\NAcUVAt.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\HnwAxSd.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\ERBDPMi.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\QNcJmiD.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\hxHXJty.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\OrMAagz.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\xfNMmUg.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\DfCVjoa.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\iMzhVTy.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\HgjhYwY.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\kkYZdNF.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\ZHUyLnX.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\cPsAJru.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\hZnaIVl.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\GCgQOPJ.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\DiWITyX.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\BnfaXrZ.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
File created	C:\Windows\System\TFJROAH.exe	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3968	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	82
PID 4060 wrote to memory of 3968	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	82
PID 4060 wrote to memory of 116	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	83
PID 4060 wrote to memory of 116	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	83
PID 4060 wrote to memory of 744	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	84
PID 4060 wrote to memory of 744	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	84
PID 4060 wrote to memory of 1612	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	85
PID 4060 wrote to memory of 1612	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	85
PID 4060 wrote to memory of 656	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	86
PID 4060 wrote to memory of 656	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	86
PID 4060 wrote to memory of 1452	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	87
PID 4060 wrote to memory of 1452	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	87
PID 4060 wrote to memory of 3024	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	88
PID 4060 wrote to memory of 3024	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	88
PID 4060 wrote to memory of 2960	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	89
PID 4060 wrote to memory of 2960	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	89
PID 4060 wrote to memory of 2992	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	90
PID 4060 wrote to memory of 2992	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	90
PID 4060 wrote to memory of 4520	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	91
PID 4060 wrote to memory of 4520	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	91
PID 4060 wrote to memory of 2104	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	92
PID 4060 wrote to memory of 2104	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	92
PID 4060 wrote to memory of 1000	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	93
PID 4060 wrote to memory of 1000	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	93
PID 4060 wrote to memory of 4540	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	94
PID 4060 wrote to memory of 4540	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	94
PID 4060 wrote to memory of 4836	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	95
PID 4060 wrote to memory of 4836	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	95
PID 4060 wrote to memory of 3324	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	96
PID 4060 wrote to memory of 3324	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	96
PID 4060 wrote to memory of 1688	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	97
PID 4060 wrote to memory of 1688	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	97
PID 4060 wrote to memory of 1008	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	98
PID 4060 wrote to memory of 1008	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	98
PID 4060 wrote to memory of 2632	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	99
PID 4060 wrote to memory of 2632	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	99
PID 4060 wrote to memory of 392	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	100
PID 4060 wrote to memory of 392	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	100
PID 4060 wrote to memory of 4372	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	101
PID 4060 wrote to memory of 4372	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	101
PID 4060 wrote to memory of 4912	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	102
PID 4060 wrote to memory of 4912	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	102
PID 4060 wrote to memory of 812	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	103
PID 4060 wrote to memory of 812	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	103
PID 4060 wrote to memory of 4884	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	104
PID 4060 wrote to memory of 4884	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	104
PID 4060 wrote to memory of 1592	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	105
PID 4060 wrote to memory of 1592	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	105
PID 4060 wrote to memory of 4340	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	106
PID 4060 wrote to memory of 4340	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	106
PID 4060 wrote to memory of 4476	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	107
PID 4060 wrote to memory of 4476	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	107
PID 4060 wrote to memory of 5036	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	108
PID 4060 wrote to memory of 5036	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	108
PID 4060 wrote to memory of 2796	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	109
PID 4060 wrote to memory of 2796	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	109
PID 4060 wrote to memory of 940	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	110
PID 4060 wrote to memory of 940	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	110
PID 4060 wrote to memory of 2072	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	111
PID 4060 wrote to memory of 2072	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	111
PID 4060 wrote to memory of 2640	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	112
PID 4060 wrote to memory of 2640	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	112
PID 4060 wrote to memory of 2768	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	113
PID 4060 wrote to memory of 2768	4060	0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d3a94ff2becb40b10cfe83ed9cd013abbb73bcd79eda65cd42bb65bb5e6ad16_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\System\BoIWSPW.exe
  C:\Windows\System\BoIWSPW.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\wHkgjkX.exe
  C:\Windows\System\wHkgjkX.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\tddSnFs.exe
  C:\Windows\System\tddSnFs.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\OckotGe.exe
  C:\Windows\System\OckotGe.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\lPZuEWO.exe
  C:\Windows\System\lPZuEWO.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\UaTStGM.exe
  C:\Windows\System\UaTStGM.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\mSRJLra.exe
  C:\Windows\System\mSRJLra.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\JTeFDXQ.exe
  C:\Windows\System\JTeFDXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\NrJcYpp.exe
  C:\Windows\System\NrJcYpp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\BKWJhVL.exe
  C:\Windows\System\BKWJhVL.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\gBlLaXz.exe
  C:\Windows\System\gBlLaXz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\cxeGjAr.exe
  C:\Windows\System\cxeGjAr.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\sCpJJiN.exe
  C:\Windows\System\sCpJJiN.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\tdadluP.exe
  C:\Windows\System\tdadluP.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\KWzhoxa.exe
  C:\Windows\System\KWzhoxa.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\eNcHrIH.exe
  C:\Windows\System\eNcHrIH.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\DYzdMAg.exe
  C:\Windows\System\DYzdMAg.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\wbmhlWg.exe
  C:\Windows\System\wbmhlWg.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\NpPaWAn.exe
  C:\Windows\System\NpPaWAn.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\AfNmKGl.exe
  C:\Windows\System\AfNmKGl.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\NmFUExk.exe
  C:\Windows\System\NmFUExk.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\gzALIEV.exe
  C:\Windows\System\gzALIEV.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\qLmlNWW.exe
  C:\Windows\System\qLmlNWW.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\yFRIwKl.exe
  C:\Windows\System\yFRIwKl.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\JsplhJp.exe
  C:\Windows\System\JsplhJp.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\iSGkKKP.exe
  C:\Windows\System\iSGkKKP.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\PzwdIFr.exe
  C:\Windows\System\PzwdIFr.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\jAJvDZu.exe
  C:\Windows\System\jAJvDZu.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\TOEZyQe.exe
  C:\Windows\System\TOEZyQe.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\qbvpiLE.exe
  C:\Windows\System\qbvpiLE.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\gOwwpGM.exe
  C:\Windows\System\gOwwpGM.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\osZwjNZ.exe
  C:\Windows\System\osZwjNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\IkFXdAF.exe
  C:\Windows\System\IkFXdAF.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\FvPplPd.exe
  C:\Windows\System\FvPplPd.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\RoQBErC.exe
  C:\Windows\System\RoQBErC.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ERBDPMi.exe
  C:\Windows\System\ERBDPMi.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\iLYONGj.exe
  C:\Windows\System\iLYONGj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\hZnaIVl.exe
  C:\Windows\System\hZnaIVl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\ABgFmpk.exe
  C:\Windows\System\ABgFmpk.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lYjEfdn.exe
  C:\Windows\System\lYjEfdn.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\NzcppBM.exe
  C:\Windows\System\NzcppBM.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\DbtyXkl.exe
  C:\Windows\System\DbtyXkl.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\nnUwAuI.exe
  C:\Windows\System\nnUwAuI.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\PTgaYpm.exe
  C:\Windows\System\PTgaYpm.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\dLgJoyG.exe
  C:\Windows\System\dLgJoyG.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\wDGkDgU.exe
  C:\Windows\System\wDGkDgU.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\KCaipJG.exe
  C:\Windows\System\KCaipJG.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\jOGRGRX.exe
  C:\Windows\System\jOGRGRX.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\aFYSVLT.exe
  C:\Windows\System\aFYSVLT.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\rjxUKpe.exe
  C:\Windows\System\rjxUKpe.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\wHpdQbD.exe
  C:\Windows\System\wHpdQbD.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\PBIarsu.exe
  C:\Windows\System\PBIarsu.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\yMehCME.exe
  C:\Windows\System\yMehCME.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\hDJSxiP.exe
  C:\Windows\System\hDJSxiP.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\ZzERMmn.exe
  C:\Windows\System\ZzERMmn.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\YGDeEgR.exe
  C:\Windows\System\YGDeEgR.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\wDYMXDl.exe
  C:\Windows\System\wDYMXDl.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\LEKrUTq.exe
  C:\Windows\System\LEKrUTq.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\RxwbAXl.exe
  C:\Windows\System\RxwbAXl.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\rGNpLzq.exe
  C:\Windows\System\rGNpLzq.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\GCgQOPJ.exe
  C:\Windows\System\GCgQOPJ.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\bLtwwEN.exe
  C:\Windows\System\bLtwwEN.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\HgjhYwY.exe
  C:\Windows\System\HgjhYwY.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\LAoMwmU.exe
  C:\Windows\System\LAoMwmU.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\EATphnq.exe
  C:\Windows\System\EATphnq.exe
  2⤵
  PID:3596
- C:\Windows\System\zuEofkt.exe
  C:\Windows\System\zuEofkt.exe
  2⤵
  PID:3572
- C:\Windows\System\TouCyha.exe
  C:\Windows\System\TouCyha.exe
  2⤵
  PID:1096
- C:\Windows\System\yVwSqJP.exe
  C:\Windows\System\yVwSqJP.exe
  2⤵
  PID:4920
- C:\Windows\System\ivEiClS.exe
  C:\Windows\System\ivEiClS.exe
  2⤵
  PID:4624
- C:\Windows\System\XPdWjND.exe
  C:\Windows\System\XPdWjND.exe
  2⤵
  PID:1540
- C:\Windows\System\BKgTbUr.exe
  C:\Windows\System\BKgTbUr.exe
  2⤵
  PID:3668
- C:\Windows\System\QitzKyv.exe
  C:\Windows\System\QitzKyv.exe
  2⤵
  PID:1956
- C:\Windows\System\evgnHxm.exe
  C:\Windows\System\evgnHxm.exe
  2⤵
  PID:2572
- C:\Windows\System\XDvPboF.exe
  C:\Windows\System\XDvPboF.exe
  2⤵
  PID:4792
- C:\Windows\System\flYKINf.exe
  C:\Windows\System\flYKINf.exe
  2⤵
  PID:2800
- C:\Windows\System\OZAoKvq.exe
  C:\Windows\System\OZAoKvq.exe
  2⤵
  PID:380
- C:\Windows\System\umYTNia.exe
  C:\Windows\System\umYTNia.exe
  2⤵
  PID:3816
- C:\Windows\System\YdMHLJd.exe
  C:\Windows\System\YdMHLJd.exe
  2⤵
  PID:1544
- C:\Windows\System\kkYZdNF.exe
  C:\Windows\System\kkYZdNF.exe
  2⤵
  PID:1960
- C:\Windows\System\MvLeHUq.exe
  C:\Windows\System\MvLeHUq.exe
  2⤵
  PID:1400
- C:\Windows\System\DQhIJHf.exe
  C:\Windows\System\DQhIJHf.exe
  2⤵
  PID:2012
- C:\Windows\System\FGtUPfF.exe
  C:\Windows\System\FGtUPfF.exe
  2⤵
  PID:1016
- C:\Windows\System\qRiHdYG.exe
  C:\Windows\System\qRiHdYG.exe
  2⤵
  PID:2488
- C:\Windows\System\DiWITyX.exe
  C:\Windows\System\DiWITyX.exe
  2⤵
  PID:2748
- C:\Windows\System\YIWCjEz.exe
  C:\Windows\System\YIWCjEz.exe
  2⤵
  PID:1196
- C:\Windows\System\UpJPAfI.exe
  C:\Windows\System\UpJPAfI.exe
  2⤵
  PID:4724
- C:\Windows\System\bkFhQqP.exe
  C:\Windows\System\bkFhQqP.exe
  2⤵
  PID:4736
- C:\Windows\System\nUTaxfo.exe
  C:\Windows\System\nUTaxfo.exe
  2⤵
  PID:2016
- C:\Windows\System\zhUSiuh.exe
  C:\Windows\System\zhUSiuh.exe
  2⤵
  PID:464
- C:\Windows\System\vrOvLze.exe
  C:\Windows\System\vrOvLze.exe
  2⤵
  PID:4396
- C:\Windows\System\pSjJhuL.exe
  C:\Windows\System\pSjJhuL.exe
  2⤵
  PID:3920
- C:\Windows\System\UxaXllt.exe
  C:\Windows\System\UxaXllt.exe
  2⤵
  PID:2124
- C:\Windows\System\jJTepqc.exe
  C:\Windows\System\jJTepqc.exe
  2⤵
  PID:4596
- C:\Windows\System\QNcJmiD.exe
  C:\Windows\System\QNcJmiD.exe
  2⤵
  PID:3052
- C:\Windows\System\nRkVENG.exe
  C:\Windows\System\nRkVENG.exe
  2⤵
  PID:872
- C:\Windows\System\yhVJkBL.exe
  C:\Windows\System\yhVJkBL.exe
  2⤵
  PID:3488
- C:\Windows\System\HzzdxDx.exe
  C:\Windows\System\HzzdxDx.exe
  2⤵
  PID:2764
- C:\Windows\System\yanNvAU.exe
  C:\Windows\System\yanNvAU.exe
  2⤵
  PID:4228
- C:\Windows\System\BjOppgJ.exe
  C:\Windows\System\BjOppgJ.exe
  2⤵
  PID:2256
- C:\Windows\System\sQotazH.exe
  C:\Windows\System\sQotazH.exe
  2⤵
  PID:2760
- C:\Windows\System\qVBYfof.exe
  C:\Windows\System\qVBYfof.exe
  2⤵
  PID:4212
- C:\Windows\System\VxFdQEA.exe
  C:\Windows\System\VxFdQEA.exe
  2⤵
  PID:2972
- C:\Windows\System\pexkZXP.exe
  C:\Windows\System\pexkZXP.exe
  2⤵
  PID:3680
- C:\Windows\System\RsWPAGv.exe
  C:\Windows\System\RsWPAGv.exe
  2⤵
  PID:4460
- C:\Windows\System\boYdroi.exe
  C:\Windows\System\boYdroi.exe
  2⤵
  PID:1916
- C:\Windows\System\hxHXJty.exe
  C:\Windows\System\hxHXJty.exe
  2⤵
  PID:2540
- C:\Windows\System\CRRavMH.exe
  C:\Windows\System\CRRavMH.exe
  2⤵
  PID:2956
- C:\Windows\System\IsvuObr.exe
  C:\Windows\System\IsvuObr.exe
  2⤵
  PID:4000
- C:\Windows\System\suHgSrV.exe
  C:\Windows\System\suHgSrV.exe
  2⤵
  PID:4576
- C:\Windows\System\yMMMwSt.exe
  C:\Windows\System\yMMMwSt.exe
  2⤵
  PID:1108
- C:\Windows\System\QzqWUdN.exe
  C:\Windows\System\QzqWUdN.exe
  2⤵
  PID:3088
- C:\Windows\System\AXnLDMl.exe
  C:\Windows\System\AXnLDMl.exe
  2⤵
  PID:4260
- C:\Windows\System\PRhBXGS.exe
  C:\Windows\System\PRhBXGS.exe
  2⤵
  PID:3564
- C:\Windows\System\hNQrOsU.exe
  C:\Windows\System\hNQrOsU.exe
  2⤵
  PID:4440
- C:\Windows\System\PjbmOEH.exe
  C:\Windows\System\PjbmOEH.exe
  2⤵
  PID:2732
- C:\Windows\System\yDkrVUg.exe
  C:\Windows\System\yDkrVUg.exe
  2⤵
  PID:2452
- C:\Windows\System\XYtbmyK.exe
  C:\Windows\System\XYtbmyK.exe
  2⤵
  PID:944
- C:\Windows\System\SQVWiAx.exe
  C:\Windows\System\SQVWiAx.exe
  2⤵
  PID:1640
- C:\Windows\System\dJwWWVK.exe
  C:\Windows\System\dJwWWVK.exe
  2⤵
  PID:5160
- C:\Windows\System\qYVgnGJ.exe
  C:\Windows\System\qYVgnGJ.exe
  2⤵
  PID:5188
- C:\Windows\System\tinGsRb.exe
  C:\Windows\System\tinGsRb.exe
  2⤵
  PID:5216
- C:\Windows\System\PngVZPv.exe
  C:\Windows\System\PngVZPv.exe
  2⤵
  PID:5248
- C:\Windows\System\urNBJbc.exe
  C:\Windows\System\urNBJbc.exe
  2⤵
  PID:5272
- C:\Windows\System\KNbbUBX.exe
  C:\Windows\System\KNbbUBX.exe
  2⤵
  PID:5304
- C:\Windows\System\OsKCHin.exe
  C:\Windows\System\OsKCHin.exe
  2⤵
  PID:5328
- C:\Windows\System\MlDukOF.exe
  C:\Windows\System\MlDukOF.exe
  2⤵
  PID:5356
- C:\Windows\System\jVKxlLi.exe
  C:\Windows\System\jVKxlLi.exe
  2⤵
  PID:5384
- C:\Windows\System\BunsdJI.exe
  C:\Windows\System\BunsdJI.exe
  2⤵
  PID:5412
- C:\Windows\System\jyoymGq.exe
  C:\Windows\System\jyoymGq.exe
  2⤵
  PID:5440
- C:\Windows\System\ZBoEQSh.exe
  C:\Windows\System\ZBoEQSh.exe
  2⤵
  PID:5468
- C:\Windows\System\bPHrRHa.exe
  C:\Windows\System\bPHrRHa.exe
  2⤵
  PID:5500
- C:\Windows\System\yHWcXnk.exe
  C:\Windows\System\yHWcXnk.exe
  2⤵
  PID:5524
- C:\Windows\System\qfmoMWF.exe
  C:\Windows\System\qfmoMWF.exe
  2⤵
  PID:5552
- C:\Windows\System\TeeVRtn.exe
  C:\Windows\System\TeeVRtn.exe
  2⤵
  PID:5580
- C:\Windows\System\lwhcWAn.exe
  C:\Windows\System\lwhcWAn.exe
  2⤵
  PID:5608
- C:\Windows\System\ZKXXNIU.exe
  C:\Windows\System\ZKXXNIU.exe
  2⤵
  PID:5636
- C:\Windows\System\aNtMoGa.exe
  C:\Windows\System\aNtMoGa.exe
  2⤵
  PID:5664
- C:\Windows\System\sbbLdcl.exe
  C:\Windows\System\sbbLdcl.exe
  2⤵
  PID:5696
- C:\Windows\System\gBbiGKo.exe
  C:\Windows\System\gBbiGKo.exe
  2⤵
  PID:5720
- C:\Windows\System\BnfaXrZ.exe
  C:\Windows\System\BnfaXrZ.exe
  2⤵
  PID:5748
- C:\Windows\System\WhLCtBG.exe
  C:\Windows\System\WhLCtBG.exe
  2⤵
  PID:5776
- C:\Windows\System\dnztGxM.exe
  C:\Windows\System\dnztGxM.exe
  2⤵
  PID:5808
- C:\Windows\System\fIzFNto.exe
  C:\Windows\System\fIzFNto.exe
  2⤵
  PID:5832
- C:\Windows\System\lxBWYlj.exe
  C:\Windows\System\lxBWYlj.exe
  2⤵
  PID:5860
- C:\Windows\System\MfAvchS.exe
  C:\Windows\System\MfAvchS.exe
  2⤵
  PID:5888
- C:\Windows\System\sADTFDk.exe
  C:\Windows\System\sADTFDk.exe
  2⤵
  PID:5916
- C:\Windows\System\mCgCtyf.exe
  C:\Windows\System\mCgCtyf.exe
  2⤵
  PID:5948
- C:\Windows\System\eXQYfOt.exe
  C:\Windows\System\eXQYfOt.exe
  2⤵
  PID:5976
- C:\Windows\System\seeeiGM.exe
  C:\Windows\System\seeeiGM.exe
  2⤵
  PID:6004
- C:\Windows\System\ihYDDFS.exe
  C:\Windows\System\ihYDDFS.exe
  2⤵
  PID:6028
- C:\Windows\System\sztsRPr.exe
  C:\Windows\System\sztsRPr.exe
  2⤵
  PID:6056
- C:\Windows\System\GaBkqaE.exe
  C:\Windows\System\GaBkqaE.exe
  2⤵
  PID:6084
- C:\Windows\System\mZUpKiJ.exe
  C:\Windows\System\mZUpKiJ.exe
  2⤵
  PID:6120
- C:\Windows\System\zXKPkiK.exe
  C:\Windows\System\zXKPkiK.exe
  2⤵
  PID:2100
- C:\Windows\System\lGeZDll.exe
  C:\Windows\System\lGeZDll.exe
  2⤵
  PID:5172
- C:\Windows\System\hZpvJYs.exe
  C:\Windows\System\hZpvJYs.exe
  2⤵
  PID:5236
- C:\Windows\System\IQxdEeK.exe
  C:\Windows\System\IQxdEeK.exe
  2⤵
  PID:5296
- C:\Windows\System\ypKBJKt.exe
  C:\Windows\System\ypKBJKt.exe
  2⤵
  PID:5372
- C:\Windows\System\TFJROAH.exe
  C:\Windows\System\TFJROAH.exe
  2⤵
  PID:5432
- C:\Windows\System\PpWgiDy.exe
  C:\Windows\System\PpWgiDy.exe
  2⤵
  PID:5508
- C:\Windows\System\nYPXgDh.exe
  C:\Windows\System\nYPXgDh.exe
  2⤵
  PID:5564
- C:\Windows\System\YKeWizo.exe
  C:\Windows\System\YKeWizo.exe
  2⤵
  PID:5628
- C:\Windows\System\WqHDvDt.exe
  C:\Windows\System\WqHDvDt.exe
  2⤵
  PID:5704
- C:\Windows\System\cWRrISU.exe
  C:\Windows\System\cWRrISU.exe
  2⤵
  PID:5760
- C:\Windows\System\GLJQRsE.exe
  C:\Windows\System\GLJQRsE.exe
  2⤵
  PID:5828
- C:\Windows\System\OrMAagz.exe
  C:\Windows\System\OrMAagz.exe
  2⤵
  PID:5880
- C:\Windows\System\jVCfnSl.exe
  C:\Windows\System\jVCfnSl.exe
  2⤵
  PID:5940
- C:\Windows\System\wYxvOQR.exe
  C:\Windows\System\wYxvOQR.exe
  2⤵
  PID:6016
- C:\Windows\System\bidBLHs.exe
  C:\Windows\System\bidBLHs.exe
  2⤵
  PID:6076
- C:\Windows\System\pgtuIFE.exe
  C:\Windows\System\pgtuIFE.exe
  2⤵
  PID:6136
- C:\Windows\System\HLFQmTj.exe
  C:\Windows\System\HLFQmTj.exe
  2⤵
  PID:5256
- C:\Windows\System\agbJDQX.exe
  C:\Windows\System\agbJDQX.exe
  2⤵
  PID:5408
- C:\Windows\System\BCikZTx.exe
  C:\Windows\System\BCikZTx.exe
  2⤵
  PID:5548
- C:\Windows\System\BfkLrnJ.exe
  C:\Windows\System\BfkLrnJ.exe
  2⤵
  PID:5716
- C:\Windows\System\DCoNmZD.exe
  C:\Windows\System\DCoNmZD.exe
  2⤵
  PID:4296
- C:\Windows\System\rjPSAgp.exe
  C:\Windows\System\rjPSAgp.exe
  2⤵
  PID:6040
- C:\Windows\System\UmfjIYl.exe
  C:\Windows\System\UmfjIYl.exe
  2⤵
  PID:5184
- C:\Windows\System\hTLfjkk.exe
  C:\Windows\System\hTLfjkk.exe
  2⤵
  PID:5520
- C:\Windows\System\NQVtnbA.exe
  C:\Windows\System\NQVtnbA.exe
  2⤵
  PID:5852
- C:\Windows\System\ZgJDPoS.exe
  C:\Windows\System\ZgJDPoS.exe
  2⤵
  PID:5396
- C:\Windows\System\XkHlBrS.exe
  C:\Windows\System\XkHlBrS.exe
  2⤵
  PID:6132
- C:\Windows\System\UzORDDn.exe
  C:\Windows\System\UzORDDn.exe
  2⤵
  PID:6152
- C:\Windows\System\tGhDKEk.exe
  C:\Windows\System\tGhDKEk.exe
  2⤵
  PID:6180
- C:\Windows\System\eDOnryy.exe
  C:\Windows\System\eDOnryy.exe
  2⤵
  PID:6208
- C:\Windows\System\uKVnvsZ.exe
  C:\Windows\System\uKVnvsZ.exe
  2⤵
  PID:6236
- C:\Windows\System\aFyLfBb.exe
  C:\Windows\System\aFyLfBb.exe
  2⤵
  PID:6264
- C:\Windows\System\ClqMcxF.exe
  C:\Windows\System\ClqMcxF.exe
  2⤵
  PID:6292
- C:\Windows\System\hWerbLs.exe
  C:\Windows\System\hWerbLs.exe
  2⤵
  PID:6324
- C:\Windows\System\pjQtUzy.exe
  C:\Windows\System\pjQtUzy.exe
  2⤵
  PID:6348
- C:\Windows\System\ceGLFbV.exe
  C:\Windows\System\ceGLFbV.exe
  2⤵
  PID:6376
- C:\Windows\System\bIOVESD.exe
  C:\Windows\System\bIOVESD.exe
  2⤵
  PID:6404
- C:\Windows\System\tJdhnam.exe
  C:\Windows\System\tJdhnam.exe
  2⤵
  PID:6432
- C:\Windows\System\jOnLGqR.exe
  C:\Windows\System\jOnLGqR.exe
  2⤵
  PID:6460
- C:\Windows\System\FhzhdyO.exe
  C:\Windows\System\FhzhdyO.exe
  2⤵
  PID:6492
- C:\Windows\System\SikpxMf.exe
  C:\Windows\System\SikpxMf.exe
  2⤵
  PID:6516
- C:\Windows\System\boZhpOl.exe
  C:\Windows\System\boZhpOl.exe
  2⤵
  PID:6548
- C:\Windows\System\BLQqbeZ.exe
  C:\Windows\System\BLQqbeZ.exe
  2⤵
  PID:6576
- C:\Windows\System\YrwKRYl.exe
  C:\Windows\System\YrwKRYl.exe
  2⤵
  PID:6600
- C:\Windows\System\lYAtTdT.exe
  C:\Windows\System\lYAtTdT.exe
  2⤵
  PID:6628
- C:\Windows\System\BCuvxIX.exe
  C:\Windows\System\BCuvxIX.exe
  2⤵
  PID:6656
- C:\Windows\System\wxsdUPp.exe
  C:\Windows\System\wxsdUPp.exe
  2⤵
  PID:6684
- C:\Windows\System\IQWIILP.exe
  C:\Windows\System\IQWIILP.exe
  2⤵
  PID:6712
- C:\Windows\System\kdVzGEb.exe
  C:\Windows\System\kdVzGEb.exe
  2⤵
  PID:6740
- C:\Windows\System\ZHUyLnX.exe
  C:\Windows\System\ZHUyLnX.exe
  2⤵
  PID:6768
- C:\Windows\System\ZduLHVX.exe
  C:\Windows\System\ZduLHVX.exe
  2⤵
  PID:6800
- C:\Windows\System\SAcaVNe.exe
  C:\Windows\System\SAcaVNe.exe
  2⤵
  PID:6828
- C:\Windows\System\Waojchm.exe
  C:\Windows\System\Waojchm.exe
  2⤵
  PID:6852
- C:\Windows\System\QsfQpBK.exe
  C:\Windows\System\QsfQpBK.exe
  2⤵
  PID:6880
- C:\Windows\System\xfNMmUg.exe
  C:\Windows\System\xfNMmUg.exe
  2⤵
  PID:6912
- C:\Windows\System\BWWgRIA.exe
  C:\Windows\System\BWWgRIA.exe
  2⤵
  PID:6936
- C:\Windows\System\xSuFVCO.exe
  C:\Windows\System\xSuFVCO.exe
  2⤵
  PID:6964
- C:\Windows\System\XOwQxyr.exe
  C:\Windows\System\XOwQxyr.exe
  2⤵
  PID:6992
- C:\Windows\System\ssOfzeq.exe
  C:\Windows\System\ssOfzeq.exe
  2⤵
  PID:7020
- C:\Windows\System\siMedMj.exe
  C:\Windows\System\siMedMj.exe
  2⤵
  PID:7056
- C:\Windows\System\bJrONoj.exe
  C:\Windows\System\bJrONoj.exe
  2⤵
  PID:7080
- C:\Windows\System\zFGoUrW.exe
  C:\Windows\System\zFGoUrW.exe
  2⤵
  PID:7108
- C:\Windows\System\Kaewsrx.exe
  C:\Windows\System\Kaewsrx.exe
  2⤵
  PID:7136
- C:\Windows\System\dcaAKjw.exe
  C:\Windows\System\dcaAKjw.exe
  2⤵
  PID:7164
- C:\Windows\System\MqJWyeg.exe
  C:\Windows\System\MqJWyeg.exe
  2⤵
  PID:6200
- C:\Windows\System\DfCVjoa.exe
  C:\Windows\System\DfCVjoa.exe
  2⤵
  PID:6260
- C:\Windows\System\pzSpTwL.exe
  C:\Windows\System\pzSpTwL.exe
  2⤵
  PID:6312
- C:\Windows\System\iqrUayL.exe
  C:\Windows\System\iqrUayL.exe
  2⤵
  PID:6368
- C:\Windows\System\AjhpuXU.exe
  C:\Windows\System\AjhpuXU.exe
  2⤵
  PID:6456
- C:\Windows\System\PqqMJwn.exe
  C:\Windows\System\PqqMJwn.exe
  2⤵
  PID:6504
- C:\Windows\System\kPcLOTs.exe
  C:\Windows\System\kPcLOTs.exe
  2⤵
  PID:6584
- C:\Windows\System\ydhAtlq.exe
  C:\Windows\System\ydhAtlq.exe
  2⤵
  PID:6640
- C:\Windows\System\rFPZBdP.exe
  C:\Windows\System\rFPZBdP.exe
  2⤵
  PID:6680
- C:\Windows\System\mtPzMZc.exe
  C:\Windows\System\mtPzMZc.exe
  2⤵
  PID:6788
- C:\Windows\System\MtBlNbr.exe
  C:\Windows\System\MtBlNbr.exe
  2⤵
  PID:6844
- C:\Windows\System\DXFNgvy.exe
  C:\Windows\System\DXFNgvy.exe
  2⤵
  PID:6920
- C:\Windows\System\SSGljdj.exe
  C:\Windows\System\SSGljdj.exe
  2⤵
  PID:6976
- C:\Windows\System\djnwwxV.exe
  C:\Windows\System\djnwwxV.exe
  2⤵
  PID:7048
- C:\Windows\System\GUNTOaa.exe
  C:\Windows\System\GUNTOaa.exe
  2⤵
  PID:7100
- C:\Windows\System\greJLmR.exe
  C:\Windows\System\greJLmR.exe
  2⤵
  PID:6172
- C:\Windows\System\WhioqdV.exe
  C:\Windows\System\WhioqdV.exe
  2⤵
  PID:6304
- C:\Windows\System\MRVDmmv.exe
  C:\Windows\System\MRVDmmv.exe
  2⤵
  PID:6428
- C:\Windows\System\VeQEVkL.exe
  C:\Windows\System\VeQEVkL.exe
  2⤵
  PID:6612
- C:\Windows\System\wFGGVBN.exe
  C:\Windows\System\wFGGVBN.exe
  2⤵
  PID:6764
- C:\Windows\System\bfvvGtx.exe
  C:\Windows\System\bfvvGtx.exe
  2⤵
  PID:6900
- C:\Windows\System\iMzhVTy.exe
  C:\Windows\System\iMzhVTy.exe
  2⤵
  PID:7072
- C:\Windows\System\ZmDkPHP.exe
  C:\Windows\System\ZmDkPHP.exe
  2⤵
  PID:6228
- C:\Windows\System\YyZpVTh.exe
  C:\Windows\System\YyZpVTh.exe
  2⤵
  PID:6596
- C:\Windows\System\hsmhacX.exe
  C:\Windows\System\hsmhacX.exe
  2⤵
  PID:7016
- C:\Windows\System\CKHmWsj.exe
  C:\Windows\System\CKHmWsj.exe
  2⤵
  PID:6540
- C:\Windows\System\uQJYibv.exe
  C:\Windows\System\uQJYibv.exe
  2⤵
  PID:7184
- C:\Windows\System\unNUiJs.exe
  C:\Windows\System\unNUiJs.exe
  2⤵
  PID:7200
- C:\Windows\System\eQsnCrF.exe
  C:\Windows\System\eQsnCrF.exe
  2⤵
  PID:7228
- C:\Windows\System\RiDLXAd.exe
  C:\Windows\System\RiDLXAd.exe
  2⤵
  PID:7256
- C:\Windows\System\ktfzVXa.exe
  C:\Windows\System\ktfzVXa.exe
  2⤵
  PID:7284
- C:\Windows\System\kwDXuNr.exe
  C:\Windows\System\kwDXuNr.exe
  2⤵
  PID:7316
- C:\Windows\System\oXaoChz.exe
  C:\Windows\System\oXaoChz.exe
  2⤵
  PID:7340
- C:\Windows\System\KwvvBEk.exe
  C:\Windows\System\KwvvBEk.exe
  2⤵
  PID:7372
- C:\Windows\System\LSptNGc.exe
  C:\Windows\System\LSptNGc.exe
  2⤵
  PID:7396
- C:\Windows\System\qFHzylF.exe
  C:\Windows\System\qFHzylF.exe
  2⤵
  PID:7424
- C:\Windows\System\oSwoWJo.exe
  C:\Windows\System\oSwoWJo.exe
  2⤵
  PID:7452
- C:\Windows\System\ITDTCNO.exe
  C:\Windows\System\ITDTCNO.exe
  2⤵
  PID:7480
- C:\Windows\System\UoTndSk.exe
  C:\Windows\System\UoTndSk.exe
  2⤵
  PID:7508
- C:\Windows\System\LAaMrQx.exe
  C:\Windows\System\LAaMrQx.exe
  2⤵
  PID:7536
- C:\Windows\System\AuEEmeF.exe
  C:\Windows\System\AuEEmeF.exe
  2⤵
  PID:7568
- C:\Windows\System\ZnPFHZx.exe
  C:\Windows\System\ZnPFHZx.exe
  2⤵
  PID:7592
- C:\Windows\System\bwGKHYu.exe
  C:\Windows\System\bwGKHYu.exe
  2⤵
  PID:7620
- C:\Windows\System\yaXDrYg.exe
  C:\Windows\System\yaXDrYg.exe
  2⤵
  PID:7648
- C:\Windows\System\meIMDGb.exe
  C:\Windows\System\meIMDGb.exe
  2⤵
  PID:7676
- C:\Windows\System\fdYFixb.exe
  C:\Windows\System\fdYFixb.exe
  2⤵
  PID:7708
- C:\Windows\System\qrkFOMJ.exe
  C:\Windows\System\qrkFOMJ.exe
  2⤵
  PID:7732
- C:\Windows\System\CtBWEci.exe
  C:\Windows\System\CtBWEci.exe
  2⤵
  PID:7760
- C:\Windows\System\TtnNCVc.exe
  C:\Windows\System\TtnNCVc.exe
  2⤵
  PID:7792
- C:\Windows\System\ahnCVOV.exe
  C:\Windows\System\ahnCVOV.exe
  2⤵
  PID:7820
- C:\Windows\System\zFwENEJ.exe
  C:\Windows\System\zFwENEJ.exe
  2⤵
  PID:7848
- C:\Windows\System\QSTKKpP.exe
  C:\Windows\System\QSTKKpP.exe
  2⤵
  PID:7876
- C:\Windows\System\KaeNaNs.exe
  C:\Windows\System\KaeNaNs.exe
  2⤵
  PID:7912
- C:\Windows\System\JKlujHq.exe
  C:\Windows\System\JKlujHq.exe
  2⤵
  PID:7932
- C:\Windows\System\vGYBPzm.exe
  C:\Windows\System\vGYBPzm.exe
  2⤵
  PID:7960
- C:\Windows\System\udUSoMf.exe
  C:\Windows\System\udUSoMf.exe
  2⤵
  PID:7996
- C:\Windows\System\TSviuku.exe
  C:\Windows\System\TSviuku.exe
  2⤵
  PID:8024
- C:\Windows\System\DvijSik.exe
  C:\Windows\System\DvijSik.exe
  2⤵
  PID:8052
- C:\Windows\System\KHyJfAz.exe
  C:\Windows\System\KHyJfAz.exe
  2⤵
  PID:8080
- C:\Windows\System\aeSvBPB.exe
  C:\Windows\System\aeSvBPB.exe
  2⤵
  PID:8108
- C:\Windows\System\qcvIwBz.exe
  C:\Windows\System\qcvIwBz.exe
  2⤵
  PID:8136
- C:\Windows\System\kwDZrqK.exe
  C:\Windows\System\kwDZrqK.exe
  2⤵
  PID:8164
- C:\Windows\System\OCNONIk.exe
  C:\Windows\System\OCNONIk.exe
  2⤵
  PID:6232
- C:\Windows\System\aBtfRqI.exe
  C:\Windows\System\aBtfRqI.exe
  2⤵
  PID:7244
- C:\Windows\System\ZPTRVpB.exe
  C:\Windows\System\ZPTRVpB.exe
  2⤵
  PID:7296
- C:\Windows\System\tLYGokE.exe
  C:\Windows\System\tLYGokE.exe
  2⤵
  PID:7352
- C:\Windows\System\cKgdvQJ.exe
  C:\Windows\System\cKgdvQJ.exe
  2⤵
  PID:7420
- C:\Windows\System\eOQSeKE.exe
  C:\Windows\System\eOQSeKE.exe
  2⤵
  PID:7476
- C:\Windows\System\FMhvlex.exe
  C:\Windows\System\FMhvlex.exe
  2⤵
  PID:7532
- C:\Windows\System\RGZckaW.exe
  C:\Windows\System\RGZckaW.exe
  2⤵
  PID:7604
- C:\Windows\System\NkDuefb.exe
  C:\Windows\System\NkDuefb.exe
  2⤵
  PID:7668
- C:\Windows\System\mBILdwK.exe
  C:\Windows\System\mBILdwK.exe
  2⤵
  PID:7744
- C:\Windows\System\OpTBMZO.exe
  C:\Windows\System\OpTBMZO.exe
  2⤵
  PID:7808
- C:\Windows\System\UbDvLQk.exe
  C:\Windows\System\UbDvLQk.exe
  2⤵
  PID:7872
- C:\Windows\System\NPwcBgr.exe
  C:\Windows\System\NPwcBgr.exe
  2⤵
  PID:7928
- C:\Windows\System\cprSEbU.exe
  C:\Windows\System\cprSEbU.exe
  2⤵
  PID:7992
- C:\Windows\System\xRnyDYM.exe
  C:\Windows\System\xRnyDYM.exe
  2⤵
  PID:8096
- C:\Windows\System\dfYeLEK.exe
  C:\Windows\System\dfYeLEK.exe
  2⤵
  PID:8156
- C:\Windows\System\XDWtYJb.exe
  C:\Windows\System\XDWtYJb.exe
  2⤵
  PID:7308
- C:\Windows\System\aBTCjiH.exe
  C:\Windows\System\aBTCjiH.exe
  2⤵
  PID:7436
- C:\Windows\System\YrqIOsI.exe
  C:\Windows\System\YrqIOsI.exe
  2⤵
  PID:7520
- C:\Windows\System\WgkMkgX.exe
  C:\Windows\System\WgkMkgX.exe
  2⤵
  PID:7700
- C:\Windows\System\sqfHtYO.exe
  C:\Windows\System\sqfHtYO.exe
  2⤵
  PID:7788
- C:\Windows\System\YMxstzs.exe
  C:\Windows\System\YMxstzs.exe
  2⤵
  PID:8072
- C:\Windows\System\UGFIoln.exe
  C:\Windows\System\UGFIoln.exe
  2⤵
  PID:8128
- C:\Windows\System\jgGHfQZ.exe
  C:\Windows\System\jgGHfQZ.exe
  2⤵
  PID:7268
- C:\Windows\System\HnwAxSd.exe
  C:\Windows\System\HnwAxSd.exe
  2⤵
  PID:7860
- C:\Windows\System\OwWDXQI.exe
  C:\Windows\System\OwWDXQI.exe
  2⤵
  PID:8120
- C:\Windows\System\XgfGlHY.exe
  C:\Windows\System\XgfGlHY.exe
  2⤵
  PID:8148
- C:\Windows\System\LyUhZwg.exe
  C:\Windows\System\LyUhZwg.exe
  2⤵
  PID:8208
- C:\Windows\System\TwqJDMW.exe
  C:\Windows\System\TwqJDMW.exe
  2⤵
  PID:8240
- C:\Windows\System\heylnAh.exe
  C:\Windows\System\heylnAh.exe
  2⤵
  PID:8276
- C:\Windows\System\fBgdziT.exe
  C:\Windows\System\fBgdziT.exe
  2⤵
  PID:8304
- C:\Windows\System\PlwRkFd.exe
  C:\Windows\System\PlwRkFd.exe
  2⤵
  PID:8320
- C:\Windows\System\nuILVfD.exe
  C:\Windows\System\nuILVfD.exe
  2⤵
  PID:8360
- C:\Windows\System\cPsAJru.exe
  C:\Windows\System\cPsAJru.exe
  2⤵
  PID:8376
- C:\Windows\System\NBiZCPX.exe
  C:\Windows\System\NBiZCPX.exe
  2⤵
  PID:8392
- C:\Windows\System\yRqmmGv.exe
  C:\Windows\System\yRqmmGv.exe
  2⤵
  PID:8424
- C:\Windows\System\QJiesIe.exe
  C:\Windows\System\QJiesIe.exe
  2⤵
  PID:8472
- C:\Windows\System\cOCnpDw.exe
  C:\Windows\System\cOCnpDw.exe
  2⤵
  PID:8496
- C:\Windows\System\WGcqGZk.exe
  C:\Windows\System\WGcqGZk.exe
  2⤵
  PID:8524
- C:\Windows\System\qeEfSaD.exe
  C:\Windows\System\qeEfSaD.exe
  2⤵
  PID:8548
- C:\Windows\System\yoFSHif.exe
  C:\Windows\System\yoFSHif.exe
  2⤵
  PID:8576
- C:\Windows\System\NAcUVAt.exe
  C:\Windows\System\NAcUVAt.exe
  2⤵
  PID:8600
- C:\Windows\System\AdUlPnp.exe
  C:\Windows\System\AdUlPnp.exe
  2⤵
  PID:8620
- C:\Windows\System\zfBwjZV.exe
  C:\Windows\System\zfBwjZV.exe
  2⤵
  PID:8640
- C:\Windows\System\TUXjjnq.exe
  C:\Windows\System\TUXjjnq.exe
  2⤵
  PID:8676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AfNmKGl.exe

Filesize
2.1MB

MD5
9b544a412dfdfaf265d99099e01db4b7

SHA1
8251354b743d591b08aeeb94d82b971a51448c72

SHA256
09fab611e484d8312ebf96e209dd5b6448da45ffc567ff4cabd91bb4b2cbdf11

SHA512
29608acdb927a8ecabb56f7e438055205c5058ada3c81c85cf43c76aa119b53b6a49a0b30ec1d029c5a7f0526d11683de539215087fe4c65375ed2c865f4d12b

Download Submit
C:\Windows\System\BKWJhVL.exe

Filesize
2.1MB

MD5
f25a26f4114fdcfedec1a6924f63e6b3

SHA1
8f0e576b2d83918219b5f82f318e9d6a2dbec21c

SHA256
929792b7775caffeda00bfc26829dfe23d10d3ecb01cf123ad632f5f91e94823

SHA512
95cf3b5d7ef436e6115af42f79e6d7ed64b7f02470a7687b361f5f81e6b44cddf0ae6154469c94909ccadbbc5c40293b778fe324f1ea1fde10b9f369c33a1803

Download Submit
C:\Windows\System\BoIWSPW.exe

Filesize
2.1MB

MD5
099d9afa102f8c7ad7642f3510a65f65

SHA1
ea5b75fe8ed7f8777f863fa341aedd8d5930455c

SHA256
5f1c7630c1d96535c44853b46a63a55fee4809382e40e268cecd735698d4e64a

SHA512
ef48993d842f29a5e9e3e2b2833d18846ebef87a883f94e86c78b63b0b0744e8a41e12e9716a41fe948b32800680bcbad69795d4bd6829793014d90ae16d68fb

Download Submit
C:\Windows\System\DYzdMAg.exe

Filesize
2.1MB

MD5
ef9e614e58fc99f30f0570e98ebf27cc

SHA1
faa7c6f81f7591f5794da4fe5e14ea901bae73a1

SHA256
a209f9bb2baa6a558c1feb38be939aed3db78766ab8425ac0b2386ec4f6e4112

SHA512
68e81dbd33d341ad59f6ca66b266313e61dea2bb8a7d432bccd861bec0a70f154a9b6279d647f8588d529915b40012f959b5dcf2fe7583cd58485141b180d7f6

Download Submit
C:\Windows\System\JTeFDXQ.exe

Filesize
2.1MB

MD5
8f8eaa433208bca8904efcb9948d214b

SHA1
9ec9cae9a7aa0505e05c740247e6b1ad800bedb4

SHA256
0c832588f0d05273be620e376594bf2bc0fbc02c41ab1feaae5c4d6076139748

SHA512
0a4d707a50b8e4e3bcfbf76165ccb07b314caa9d72579bd23d0d32b6f88aa808173daf25b9c0864570cf7de8a537de09af542b92fdb6bb7a7f4ab419721a2bcf

Download Submit
C:\Windows\System\JsplhJp.exe

Filesize
2.1MB

MD5
3e4a5ae6b497e8c907f71474f68f6989

SHA1
7eab713ffce31a8fc6c26136559af363bccc6da1

SHA256
4e28338fb356843ddb7a905c51374c276bf9358e24f833904b140f2587c6036f

SHA512
bc33aaa91e7bf7df2899a5c2e60b9a283950e5faf5deb55f36699a87d66eee5405d78e23d9d1e0ad8d7065f33f73e813626c023a6ff06fb6dcf4f5f4da4006c7

Download Submit
C:\Windows\System\KWzhoxa.exe

Filesize
2.1MB

MD5
bfd8c3b6a944162522ea0dad76b5d0fd

SHA1
e6f43dd597129a6cdfa960638feeb072b803a96b

SHA256
ffc660b3d202e15c2bf1a661ffd99f4446a65618460807130350ed20a6c65a28

SHA512
8f7592864a828b720215d7e8bc6cb152dcaa56b9ee29f9b8c6875f0894a9a209fa875d1a4fd1927a87385710531894d0cacd6dc5d6e873fa677b347899ff9b73

Download Submit
C:\Windows\System\NmFUExk.exe

Filesize
2.1MB

MD5
0334a0f2aa18941fe78f6a535b7c4658

SHA1
833f3fcc13e48e2c211ea98bcd19c0fdf944585b

SHA256
164b6dcf2a0741960ca85c755446b456422ad417cf62813cd46e1f67883f54d2

SHA512
97cc7ae4a1e1c062babad94462099d3679d7476ab10f46fbbd3d794dcc0087161b2b2caeafad7710b77eb0411f33e1d78c78e25303257ff86424bd10d427fdd3

Download Submit
C:\Windows\System\NpPaWAn.exe

Filesize
2.1MB

MD5
d49760e7041f09e8f7935c8ab5ad7bd4

SHA1
f3a8f6c16b95d3b70c7e8e279f4704bec79cd22c

SHA256
3f30f74e336ea4a161bfbaff475e317db0956dc66302bb1a47bf6e55079e6235

SHA512
f0fde53dbc0080904710b8a6cdaadb84a12491bcbe5f62e3fc9f2f946ce96c552fea9f093fa0496a9c9867ae0cfa83e3e3a1974ed5c4023caaf269274c210cd7

Download Submit
C:\Windows\System\NrJcYpp.exe

Filesize
2.1MB

MD5
0c95aaab1a344145981a2a503df261c1

SHA1
3c9a38e589629e0ca3e14dc5f6683a8a149b687f

SHA256
9be66a2f5b097fa96104d39c9f2ae2ef8fe1ff0cd9d908edfac92aa6bed8f702

SHA512
26c0ff79c29eeaa94efd199d42907384b1206f7a1d3ec443c2ca276d73fea5850635f6f830757b25af3c0e6e35569cae1449a93a0fef03c07182eaacaba5afbb

Download Submit
C:\Windows\System\OckotGe.exe

Filesize
2.1MB

MD5
cb28d3f9419f2d23ae945861ae01fd6e

SHA1
30b22e9b0b3a7064daff5bfe32c57f54ed557fda

SHA256
4ba854476c25fba2ab8dd8d71f36d5cf33733f6ec0f68937d8556468735783ce

SHA512
d4d855c6e352a6c7ff55c454a3242c96eaf803ff4544e704d3290cbf8182364839759c0777ac3149b180620e934b4d7ec09bd16daf2342d43256e859c80da013

Download Submit
C:\Windows\System\PzwdIFr.exe

Filesize
2.1MB

MD5
293444e6377c93a7c7b49b1b8f298bb9

SHA1
12cefc0951806229c1957186c7e8ba857e88c52b

SHA256
64606c169731fba5b737810c245d7c90e3ecc0a14b6dfe1052abcf5ae3b9720b

SHA512
a14512d102d839b237aa1c46145f323eba60e022617193594f1ede5f264fba4c3a374d305cf50f96c066992ebac69591b3272c690d0e1a928983a03b2e254169

Download Submit
C:\Windows\System\TOEZyQe.exe

Filesize
2.1MB

MD5
7e9c9fce59f320c2ef42ea018c4c9479

SHA1
52ac7e4eb74a10bf6ac8e3b843dfba11db8759a6

SHA256
2a83529f82dcee275cdbe6858d3a9afe668fcfcdf35697fa7ad09a3f938c8118

SHA512
faf24d88ad85f71790410f6841d765d9765f70595fa7c8022291a91d8633ddb6dc6e0739e88432986d783efbeea9a3fd542f1633988ede72e555becc705fa006

Download Submit
C:\Windows\System\UaTStGM.exe

Filesize
2.1MB

MD5
626a23d96288e963114f353373f065cf

SHA1
54bf62f3fdd845cabcc4192cdbb111274ec9e81d

SHA256
316faa1ea54c2ae959716c7ac2ab84ae97fa045f9b7215f0cc4d34413b277cf7

SHA512
8e23447f5b3e2d3a955f3d202622e6183d0813bca067b31d0e3a65f1ed33afcad9a0345bde8ac90610600a4b525bff7b2c9736df6c573028bd14aa11bfc67f78

Download Submit
C:\Windows\System\cxeGjAr.exe

Filesize
2.1MB

MD5
cecc8e63d806ca8d82891967add57382

SHA1
074405f7fac29324c45ae1269e6a992e31039cd4

SHA256
47e6728d8106b93ef49a1fa8ea42f3f84113f268b102656d2173ff0ca79ada9d

SHA512
4cbd1250bcbed3121da5cd5e38433122c47ed1ea9b7ecf92a5c53c941fdbdf0d1a5dadb1a5060756755dd1c835513b90d9925bfe88dfb587471995e0c3790a54

Download Submit
C:\Windows\System\eNcHrIH.exe

Filesize
2.1MB

MD5
f450416e670509ef7278eea237bd52f4

SHA1
ebfe58cdd0a4b3ce4329347432f1fc374b0b5005

SHA256
71afe1094c03c814887e0953150691340f50275b237452748efa8e4dcede8f92

SHA512
dce4098431a126405ed617844a6f95f5ee518d28a1bfe4fbf194d66a743ed7bacb225e4399ee8c26016edc9c8b4a42e79df0b37857023d1d8e3a6ec648700e00

Download Submit
C:\Windows\System\gBlLaXz.exe

Filesize
2.1MB

MD5
c3d1f4aedaecce916dd8d161803347b0

SHA1
de63012af8e39acc1133acab9cb5dbcb74240a01

SHA256
ccfed72ad4e088d20397e02d1ef0db6a30c671dc0a61151fad918dc02e7ef70a

SHA512
bd79579e12cb04c062d1a5e2c27d68fc9107a186509e3ce1dc9a5020981fed62b0f204a548ef35c7b1a2d82faf4c4d2c9b599fb085f1b63f4424da3240484fa5

Download Submit
C:\Windows\System\gOwwpGM.exe

Filesize
2.1MB

MD5
9b8e7fd93a448f572f604ede42a7b382

SHA1
fb5d137bf965c4144447065a52b4cab826c38e5b

SHA256
aa44d359e0bc240e0646926a20669a7d39a437b2ff090fb4184c716428435d8b

SHA512
698cc162a3275d49e52fb0cb5cbc043a68eeeb5e1133a6da11d68b6fa4e7ba9e961fd77a4e2150a7dd1c1fd9774207795c096e24396ba276a90ef824cd14ccb3

Download Submit
C:\Windows\System\gzALIEV.exe

Filesize
2.1MB

MD5
6b0bf13eacf39f1b3e380e9d58ccd819

SHA1
07387c24d325bade5c20ba858b2fa7d24dfb6508

SHA256
2c356774c8a934273d8a52f5997982815709daecc263396709ffa3b016e7b02f

SHA512
3747a535a1a6f3c8ad9e655036a93aa0aeb53a5e41a79577b27d0db236ef7dd886c0cf4fcd39b3991ed2ce24134b29fdbd0097ec71eeaf71854abfd5fd03bfd5

Download Submit
C:\Windows\System\iSGkKKP.exe

Filesize
2.1MB

MD5
407b2d9479e7eb395c7d458d1bc2827d

SHA1
bd073c3939afc20c2237b5b1c94053f958d78b5c

SHA256
597c9d8d6cc255e989ae3b4ba2060aa0421b05f0321e75ef71c449f4aec1ef3e

SHA512
f9c38b703a709a83513f46d603064be28c09ec7ddfbc7d9c73456272ef3c098ac81519f11b504be116eec423afe7b80da7debea07d21a0e2526202a10d48d530

Download Submit
C:\Windows\System\jAJvDZu.exe

Filesize
2.1MB

MD5
e837ab03fc98bae79af4b3ab059b7c3e

SHA1
1030eb79fde775d4afef7392de8f3336c46120e5

SHA256
badf7782f3c34fd739b9a697791450476ebb892f2d43778a96b117920f2518d7

SHA512
dd4afe4d04c6bc822243198d4a62ee772964b52f7f6702adee1a6c2952b9e02a1bb1ebcc7d2c1572a800de82ddd046b96d0e43f73df74fb254f2ca8a8265e286

Download Submit
C:\Windows\System\lPZuEWO.exe

Filesize
2.1MB

MD5
7663f7e70e957f966572ef4df464f809

SHA1
5fe7ec71d4b443b8bc964c3122504ca7be08661e

SHA256
01943b5d01604544536edf33b54d4e2bd60f9992a35817bf4afabf151e8125cc

SHA512
195203a70698706c4539004451fefe6d412f547753cdae5b3c4fdaa2159c35056063caca4e14b94cf8246e5a019913166a75ddf85b2d35bdaa87d2269f8029fd

Download Submit
C:\Windows\System\mSRJLra.exe

Filesize
2.1MB

MD5
36be616b0dec1691f7875a63b47c4e03

SHA1
4ccecc1dfa31a64cb69717db84a94a9e9a914ef5

SHA256
3b8241eadf911c05720f27dce0586c207e04d11246b3b6799832eaedd928f324

SHA512
7b6ce0a2f3dff712f87fccf2d4a35b3a6c87e5f0e7d9b287df551350803b70d9809cbb5bdadde314fc12348365ac0a62e1c4c4a285c514cc57260a0031950806

Download Submit
C:\Windows\System\osZwjNZ.exe

Filesize
2.1MB

MD5
5e3a0d35ad4652ea0f5b4799d15f2362

SHA1
f07c3101a6f5f5a93577bd485331094617e95d0e

SHA256
a0bf718ac84176d6ef63e12ba0558de563a339a6d126cee734d45b2d47651a39

SHA512
ea34143f8d0d123ade25a816827aff4ca56104e4e55660fd99f8a97a44095bab8311826f80ebe009b3338a6e2cc1432d03257f9d7b17a7393031939c02934cc5

Download Submit
C:\Windows\System\qLmlNWW.exe

Filesize
2.1MB

MD5
9537a8a0b0599ca80b9417f9381b9a2d

SHA1
74be7677333ae590ab9c42286739c30581963b08

SHA256
f3004d142c6bb1d6ba480bb9262c67b8c89adafade41992e67ce024574e22251

SHA512
381495651ca0e7240ce688ccb5fa9b28392b057dfc294a5e29df25951c45953abcd66f048f15d145fafff75fd78e76ae945ee3e28f13ce5ec03f7f014ebb8f51

Download Submit
C:\Windows\System\qbvpiLE.exe

Filesize
2.1MB

MD5
2f008bb4e54717e6eb0a85b605596e3c

SHA1
36acb15e867b45850e96be48b17f42e17078570e

SHA256
0265570ff4778cbb46335390c7d294cba1899d2e90016d6730e7526d4ee856bd

SHA512
f451d0168c713288518ae5d3b394a9a24c007ac7732e281e95f10ebd524d0a66eca517b5ff45c01b20f0f85ccbb7ef1e0b85813899c2f123021be8054f829fe8

Download Submit
C:\Windows\System\sCpJJiN.exe

Filesize
2.1MB

MD5
71409c1d2a5d2f3284ab31698cb30e52

SHA1
d9c25cd130b8c761412379f198662d1ca97f4a4c

SHA256
48e73616cc43576f2c385fbdb73f24ea5593973d8eec44b2b83803362cde626a

SHA512
e5c612969664cf6a50b55dad1948d2f5d70326098d3d805a2bc901005edbbd4e9fedf4792fe783c52f9d66af523bb3a36e82a3e09e7b45ab987d9f5ba67d87b0

Download Submit
C:\Windows\System\tdadluP.exe

Filesize
2.1MB

MD5
ecc81e23b679c96f310cee61c58aef49

SHA1
31c4c37900fbd3031f89958456e23bd5b06bd37a

SHA256
ad3683333b9a812736315a538e04b3c88b91ab85fc2c223a44f4fcab9f8d7f2f

SHA512
54aaf4c6b6be0d1fbfa0f18da8a437d86de817ea685bdde39be52a380d29220135214801fdb9aa0cb98a5ba7afd62cd764524974d7fc2c0c6ab80ebcc114d885

Download Submit
C:\Windows\System\tddSnFs.exe

Filesize
2.1MB

MD5
dc0cbd48e4724837efc552470d4f1132

SHA1
665dd4c278d2fa0ebec66f21219cce1733a09a45

SHA256
289130c2e8e05d342e90f31c73aa15f7f71d7d2dc614387c4675f95bc00db3c1

SHA512
e1ee91b8dd4d5f11e43c98abc1fc3f44c686dbee77346a9dfc8a9816a410722191780e48114c73fbdea3385273cd4ef3be04a6170e14d833f7a8fb1eed9ad2ff

Download Submit
C:\Windows\System\wHkgjkX.exe

Filesize
2.1MB

MD5
767798bad90acf9e795f56c4565baa1a

SHA1
8293561f3fe9c826ca8b44dd92dd820df1170bfe

SHA256
be4e559ce99002147cadc2055b939d6b8ef4a65c954e445b775e0d0a9b27af2b

SHA512
45f8d8bedcfb96f057ee5c98268362ff9fab0a89ee1f7976d83b604add0a55cd24e14de7a1a4bc8bb8f4662660d576515dd448029afd0fc3d12162cd45dade2f

Download Submit
C:\Windows\System\wbmhlWg.exe

Filesize
2.1MB

MD5
d5111fd3a35119371f882b8582ac81a4

SHA1
e3f79d954dd5ed1d1b5f825a1a5b4ff86f37c713

SHA256
9f3a68f2ff1c299ccbf49e79e4cf5fed9234478edc52b8b19a96e1dd05039c19

SHA512
2df46052a4e9c1d31f3f3d741d24d994125917673a55ac3fd346456535e697cc187514dd61b55fd13398e14c4cbd31d926eaec6d26754a9c62bbe37bc3d465fb

Download Submit
C:\Windows\System\yFRIwKl.exe

Filesize
2.1MB

MD5
40abbcc790dda7f7173a3593ac64437b

SHA1
f08b83bae0c7c4bcb589e5294ebf3901874901ff

SHA256
0ab21ecd7755ee73d9e4d5d29aaa0214887f3627ef17741fe7e8fb83e9a8f86d

SHA512
654f86509e59cf3442a61db06cf596300805d035f970bd0d264db1a3bb15cc7c67996dfacc30ebc1f85653f2804c480e38aac42340daf89d2dc5f46faf619b46

Download Submit
memory/4060-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download