kpot | 58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
Size

2.1MB
MD5

15a9fdc2d53e7fe68195c953d77d4240
SHA1

cec3ca71a4689a890162dbbc07cfb75d2f6e66fc
SHA256

58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959
SHA512

a6379b88ab9ae3abe86071a805ebe6cf852f448d3e163709b2fd145465aacb0697844479fd553abf0ee88cc2ceee247593ae0cad7ce11be93c2a02304477daff
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2P7:GemTLkNdfE0pZaQ7

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000600000002326f-4.dat	family_kpot
behavioral2/files/0x00070000000233d2-9.dat	family_kpot
behavioral2/files/0x00070000000233d3-8.dat	family_kpot
behavioral2/files/0x00070000000233d4-19.dat	family_kpot
behavioral2/files/0x00070000000233d5-25.dat	family_kpot
behavioral2/files/0x00070000000233d6-29.dat	family_kpot
behavioral2/files/0x00070000000233d7-33.dat	family_kpot
behavioral2/files/0x00070000000233d8-39.dat	family_kpot
behavioral2/files/0x00070000000233d9-45.dat	family_kpot
behavioral2/files/0x00070000000233da-53.dat	family_kpot
behavioral2/files/0x00070000000233dc-59.dat	family_kpot
behavioral2/files/0x00070000000233dd-68.dat	family_kpot
behavioral2/files/0x00070000000233df-83.dat	family_kpot
behavioral2/files/0x00070000000233e2-94.dat	family_kpot
behavioral2/files/0x00070000000233e6-118.dat	family_kpot
behavioral2/files/0x00070000000233f0-162.dat	family_kpot
behavioral2/files/0x00070000000233ef-159.dat	family_kpot
behavioral2/files/0x00070000000233ee-157.dat	family_kpot
behavioral2/files/0x00070000000233ed-153.dat	family_kpot
behavioral2/files/0x00070000000233ec-148.dat	family_kpot
behavioral2/files/0x00070000000233eb-143.dat	family_kpot
behavioral2/files/0x00070000000233ea-138.dat	family_kpot
behavioral2/files/0x00070000000233e9-132.dat	family_kpot
behavioral2/files/0x00070000000233e8-128.dat	family_kpot
behavioral2/files/0x00070000000233e7-123.dat	family_kpot
behavioral2/files/0x00070000000233e5-112.dat	family_kpot
behavioral2/files/0x00070000000233e4-108.dat	family_kpot
behavioral2/files/0x00070000000233e3-102.dat	family_kpot
behavioral2/files/0x00070000000233e1-92.dat	family_kpot
behavioral2/files/0x00070000000233e0-88.dat	family_kpot
behavioral2/files/0x00080000000233cf-77.dat	family_kpot
behavioral2/files/0x00070000000233de-73.dat	family_kpot
behavioral2/files/0x00070000000233db-57.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000600000002326f-4.dat	xmrig
behavioral2/files/0x00070000000233d2-9.dat	xmrig
behavioral2/files/0x00070000000233d3-8.dat	xmrig
behavioral2/files/0x00070000000233d4-19.dat	xmrig
behavioral2/files/0x00070000000233d5-25.dat	xmrig
behavioral2/files/0x00070000000233d6-29.dat	xmrig
behavioral2/files/0x00070000000233d7-33.dat	xmrig
behavioral2/files/0x00070000000233d8-39.dat	xmrig
behavioral2/files/0x00070000000233d9-45.dat	xmrig
behavioral2/files/0x00070000000233da-53.dat	xmrig
behavioral2/files/0x00070000000233dc-59.dat	xmrig
behavioral2/files/0x00070000000233dd-68.dat	xmrig
behavioral2/files/0x00070000000233df-83.dat	xmrig
behavioral2/files/0x00070000000233e2-94.dat	xmrig
behavioral2/files/0x00070000000233e6-118.dat	xmrig
behavioral2/files/0x00070000000233f0-162.dat	xmrig
behavioral2/files/0x00070000000233ef-159.dat	xmrig
behavioral2/files/0x00070000000233ee-157.dat	xmrig
behavioral2/files/0x00070000000233ed-153.dat	xmrig
behavioral2/files/0x00070000000233ec-148.dat	xmrig
behavioral2/files/0x00070000000233eb-143.dat	xmrig
behavioral2/files/0x00070000000233ea-138.dat	xmrig
behavioral2/files/0x00070000000233e9-132.dat	xmrig
behavioral2/files/0x00070000000233e8-128.dat	xmrig
behavioral2/files/0x00070000000233e7-123.dat	xmrig
behavioral2/files/0x00070000000233e5-112.dat	xmrig
behavioral2/files/0x00070000000233e4-108.dat	xmrig
behavioral2/files/0x00070000000233e3-102.dat	xmrig
behavioral2/files/0x00070000000233e1-92.dat	xmrig
behavioral2/files/0x00070000000233e0-88.dat	xmrig
behavioral2/files/0x00080000000233cf-77.dat	xmrig
behavioral2/files/0x00070000000233de-73.dat	xmrig
behavioral2/files/0x00070000000233db-57.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4792	KpNpzaF.exe
3432	LnkFaVx.exe
232	gYpCQAj.exe
212	kFsoKpX.exe
1332	EaVHkde.exe
3608	pGlNIVz.exe
3408	ZZhQnvQ.exe
1328	MSJVDtg.exe
4136	cZxDNIV.exe
2464	hoYSWxW.exe
5040	XOpeWto.exe
628	KxTsYXX.exe
912	phwGyqJ.exe
3436	yUOmoYp.exe
2420	cDWMWqd.exe
4432	CfiJEGR.exe
4020	RWuLPre.exe
2544	skQqbXa.exe
1364	JnglAVN.exe
3716	WMMCDPV.exe
2260	ytIhrlY.exe
2992	XkxNOxv.exe
2444	CqPAKob.exe
2784	BBBwPav.exe
4480	hHnvmON.exe
5112	nSLXEYg.exe
1928	okvHkim.exe
2056	HXSAOkT.exe
376	daHwIgf.exe
920	IRccyUY.exe
1596	lAlysRg.exe
4548	MVZtqXQ.exe
2940	AHuEQNw.exe
1504	UtFtWSH.exe
2636	JGWtYzq.exe
832	txqTnNq.exe
2120	PtNzriX.exe
3728	DIHjShv.exe
4692	sxngmBm.exe
4616	jImwyQo.exe
4552	qHvzgbV.exe
4508	lSisZUb.exe
2448	xkoEMVy.exe
2600	utmZCPP.exe
1508	hwMiVNP.exe
3588	XMEuhyI.exe
1052	lNnFOjr.exe
4012	QOBAlcF.exe
4544	eJyuMaf.exe
1392	hOzVQJR.exe
3412	mvfLOqp.exe
3880	aqtuQFm.exe
2208	FaqNaJt.exe
3664	XHJXkuQ.exe
3780	stUmZew.exe
4456	wUrsuqQ.exe
4312	AWaDkqK.exe
4472	RFlvPEJ.exe
1012	QvSwKIn.exe
2144	bgLleRE.exe
4176	wRZGUsn.exe
4600	lPxOnCS.exe
3504	AOtgsmT.exe
3116	gmRUEvF.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QOBAlcF.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\PlnnJYB.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\TEHhcGr.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\OZlthJD.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\CfiJEGR.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\hwMiVNP.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\ICwilui.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\CuqwXxf.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\tzAZJSo.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\pzDHAal.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\EBTAbMl.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\JMrisPa.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\dCFuwjz.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\iNiXcTr.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\oqpSuvM.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\cNQGgfZ.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\uYnMiJT.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\vCMVBnn.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\ytnvBmA.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\bOhlJCa.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\qDOXADi.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\GcqmGhu.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\nSLXEYg.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\ybBsDVN.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\RaHGnSs.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\fbxfKqW.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\DBUcWma.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\cZxDNIV.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\lNnFOjr.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\XQaEoxd.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\nTjUPfv.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\YaJhBNT.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\bjUMwRC.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\HXSAOkT.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\tnJSYRV.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\KxTsYXX.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\HhAYBMy.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\glloPrL.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\XnXDqss.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\kAtRCEf.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\dUFZyUi.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\sxngmBm.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\SNYlAcm.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\tPMUiuP.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\DkqvnpE.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\yoiyukn.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\toJMZDv.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\CqPAKob.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\vtnKddv.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\axLbFLo.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\dReHHyT.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\XHJXkuQ.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\TKtZfSf.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\rHlMBcR.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\KemgDBi.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\uzojhUD.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\tTBaETC.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\dwPWFfe.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\BcwQRAj.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\YPagxec.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\AvkOOXG.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\apHPYnM.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\jvdxVvj.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
File created	C:\Windows\System\xbVIqbB.exe	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4792	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	82
PID 4900 wrote to memory of 4792	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	82
PID 4900 wrote to memory of 3432	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	83
PID 4900 wrote to memory of 3432	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	83
PID 4900 wrote to memory of 232	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	84
PID 4900 wrote to memory of 232	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	84
PID 4900 wrote to memory of 212	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	85
PID 4900 wrote to memory of 212	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	85
PID 4900 wrote to memory of 1332	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	86
PID 4900 wrote to memory of 1332	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	86
PID 4900 wrote to memory of 3608	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	87
PID 4900 wrote to memory of 3608	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	87
PID 4900 wrote to memory of 3408	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	88
PID 4900 wrote to memory of 3408	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	88
PID 4900 wrote to memory of 1328	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	89
PID 4900 wrote to memory of 1328	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	89
PID 4900 wrote to memory of 4136	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	90
PID 4900 wrote to memory of 4136	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	90
PID 4900 wrote to memory of 2464	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	91
PID 4900 wrote to memory of 2464	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	91
PID 4900 wrote to memory of 5040	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	92
PID 4900 wrote to memory of 5040	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	92
PID 4900 wrote to memory of 628	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	93
PID 4900 wrote to memory of 628	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	93
PID 4900 wrote to memory of 912	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	94
PID 4900 wrote to memory of 912	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	94
PID 4900 wrote to memory of 3436	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	95
PID 4900 wrote to memory of 3436	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	95
PID 4900 wrote to memory of 2420	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	96
PID 4900 wrote to memory of 2420	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	96
PID 4900 wrote to memory of 4432	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	97
PID 4900 wrote to memory of 4432	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	97
PID 4900 wrote to memory of 4020	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	98
PID 4900 wrote to memory of 4020	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	98
PID 4900 wrote to memory of 2544	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	99
PID 4900 wrote to memory of 2544	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	99
PID 4900 wrote to memory of 1364	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	100
PID 4900 wrote to memory of 1364	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	100
PID 4900 wrote to memory of 3716	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	101
PID 4900 wrote to memory of 3716	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	101
PID 4900 wrote to memory of 2260	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	102
PID 4900 wrote to memory of 2260	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	102
PID 4900 wrote to memory of 2992	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	103
PID 4900 wrote to memory of 2992	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	103
PID 4900 wrote to memory of 2444	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	104
PID 4900 wrote to memory of 2444	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	104
PID 4900 wrote to memory of 2784	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	105
PID 4900 wrote to memory of 2784	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	105
PID 4900 wrote to memory of 4480	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	106
PID 4900 wrote to memory of 4480	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	106
PID 4900 wrote to memory of 5112	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	107
PID 4900 wrote to memory of 5112	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	107
PID 4900 wrote to memory of 1928	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	108
PID 4900 wrote to memory of 1928	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	108
PID 4900 wrote to memory of 2056	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	109
PID 4900 wrote to memory of 2056	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	109
PID 4900 wrote to memory of 376	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	110
PID 4900 wrote to memory of 376	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	110
PID 4900 wrote to memory of 920	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	111
PID 4900 wrote to memory of 920	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	111
PID 4900 wrote to memory of 1596	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	112
PID 4900 wrote to memory of 1596	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	112
PID 4900 wrote to memory of 4548	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	113
PID 4900 wrote to memory of 4548	4900	58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\58e662771b5f92473be22f71a9cbf1e2f8547d69a72b54e85c41a4b7e4e67959_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\System\KpNpzaF.exe
  C:\Windows\System\KpNpzaF.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\LnkFaVx.exe
  C:\Windows\System\LnkFaVx.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\gYpCQAj.exe
  C:\Windows\System\gYpCQAj.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\kFsoKpX.exe
  C:\Windows\System\kFsoKpX.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\EaVHkde.exe
  C:\Windows\System\EaVHkde.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\pGlNIVz.exe
  C:\Windows\System\pGlNIVz.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ZZhQnvQ.exe
  C:\Windows\System\ZZhQnvQ.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\MSJVDtg.exe
  C:\Windows\System\MSJVDtg.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\cZxDNIV.exe
  C:\Windows\System\cZxDNIV.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\hoYSWxW.exe
  C:\Windows\System\hoYSWxW.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\XOpeWto.exe
  C:\Windows\System\XOpeWto.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\KxTsYXX.exe
  C:\Windows\System\KxTsYXX.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\phwGyqJ.exe
  C:\Windows\System\phwGyqJ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\yUOmoYp.exe
  C:\Windows\System\yUOmoYp.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\cDWMWqd.exe
  C:\Windows\System\cDWMWqd.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\CfiJEGR.exe
  C:\Windows\System\CfiJEGR.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\RWuLPre.exe
  C:\Windows\System\RWuLPre.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\skQqbXa.exe
  C:\Windows\System\skQqbXa.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\JnglAVN.exe
  C:\Windows\System\JnglAVN.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\WMMCDPV.exe
  C:\Windows\System\WMMCDPV.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\ytIhrlY.exe
  C:\Windows\System\ytIhrlY.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\XkxNOxv.exe
  C:\Windows\System\XkxNOxv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CqPAKob.exe
  C:\Windows\System\CqPAKob.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\BBBwPav.exe
  C:\Windows\System\BBBwPav.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\hHnvmON.exe
  C:\Windows\System\hHnvmON.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\nSLXEYg.exe
  C:\Windows\System\nSLXEYg.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\okvHkim.exe
  C:\Windows\System\okvHkim.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\HXSAOkT.exe
  C:\Windows\System\HXSAOkT.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\daHwIgf.exe
  C:\Windows\System\daHwIgf.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\IRccyUY.exe
  C:\Windows\System\IRccyUY.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\lAlysRg.exe
  C:\Windows\System\lAlysRg.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\MVZtqXQ.exe
  C:\Windows\System\MVZtqXQ.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\AHuEQNw.exe
  C:\Windows\System\AHuEQNw.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\UtFtWSH.exe
  C:\Windows\System\UtFtWSH.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\JGWtYzq.exe
  C:\Windows\System\JGWtYzq.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\txqTnNq.exe
  C:\Windows\System\txqTnNq.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\PtNzriX.exe
  C:\Windows\System\PtNzriX.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\DIHjShv.exe
  C:\Windows\System\DIHjShv.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\sxngmBm.exe
  C:\Windows\System\sxngmBm.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\jImwyQo.exe
  C:\Windows\System\jImwyQo.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\qHvzgbV.exe
  C:\Windows\System\qHvzgbV.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\lSisZUb.exe
  C:\Windows\System\lSisZUb.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\xkoEMVy.exe
  C:\Windows\System\xkoEMVy.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\utmZCPP.exe
  C:\Windows\System\utmZCPP.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\hwMiVNP.exe
  C:\Windows\System\hwMiVNP.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\XMEuhyI.exe
  C:\Windows\System\XMEuhyI.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\lNnFOjr.exe
  C:\Windows\System\lNnFOjr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\QOBAlcF.exe
  C:\Windows\System\QOBAlcF.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\eJyuMaf.exe
  C:\Windows\System\eJyuMaf.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\hOzVQJR.exe
  C:\Windows\System\hOzVQJR.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\mvfLOqp.exe
  C:\Windows\System\mvfLOqp.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\aqtuQFm.exe
  C:\Windows\System\aqtuQFm.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\FaqNaJt.exe
  C:\Windows\System\FaqNaJt.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XHJXkuQ.exe
  C:\Windows\System\XHJXkuQ.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\stUmZew.exe
  C:\Windows\System\stUmZew.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\wUrsuqQ.exe
  C:\Windows\System\wUrsuqQ.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\AWaDkqK.exe
  C:\Windows\System\AWaDkqK.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\RFlvPEJ.exe
  C:\Windows\System\RFlvPEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\QvSwKIn.exe
  C:\Windows\System\QvSwKIn.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\bgLleRE.exe
  C:\Windows\System\bgLleRE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\wRZGUsn.exe
  C:\Windows\System\wRZGUsn.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\lPxOnCS.exe
  C:\Windows\System\lPxOnCS.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\AOtgsmT.exe
  C:\Windows\System\AOtgsmT.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\gmRUEvF.exe
  C:\Windows\System\gmRUEvF.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\YPagxec.exe
  C:\Windows\System\YPagxec.exe
  2⤵
  PID:3372
- C:\Windows\System\ytnvBmA.exe
  C:\Windows\System\ytnvBmA.exe
  2⤵
  PID:3312
- C:\Windows\System\aKQdbMz.exe
  C:\Windows\System\aKQdbMz.exe
  2⤵
  PID:1616
- C:\Windows\System\AQOLQce.exe
  C:\Windows\System\AQOLQce.exe
  2⤵
  PID:1876
- C:\Windows\System\CFpDkyK.exe
  C:\Windows\System\CFpDkyK.exe
  2⤵
  PID:3044
- C:\Windows\System\vtnKddv.exe
  C:\Windows\System\vtnKddv.exe
  2⤵
  PID:888
- C:\Windows\System\TuCbxZt.exe
  C:\Windows\System\TuCbxZt.exe
  2⤵
  PID:2956
- C:\Windows\System\MDOeyXp.exe
  C:\Windows\System\MDOeyXp.exe
  2⤵
  PID:1204
- C:\Windows\System\IUxVxlD.exe
  C:\Windows\System\IUxVxlD.exe
  2⤵
  PID:1940
- C:\Windows\System\bOSgxXM.exe
  C:\Windows\System\bOSgxXM.exe
  2⤵
  PID:3604
- C:\Windows\System\SmKrVvl.exe
  C:\Windows\System\SmKrVvl.exe
  2⤵
  PID:744
- C:\Windows\System\PKYSYUf.exe
  C:\Windows\System\PKYSYUf.exe
  2⤵
  PID:4180
- C:\Windows\System\NJoHTDl.exe
  C:\Windows\System\NJoHTDl.exe
  2⤵
  PID:3540
- C:\Windows\System\QvOYzfm.exe
  C:\Windows\System\QvOYzfm.exe
  2⤵
  PID:2700
- C:\Windows\System\dCFuwjz.exe
  C:\Windows\System\dCFuwjz.exe
  2⤵
  PID:2616
- C:\Windows\System\SUyxPNR.exe
  C:\Windows\System\SUyxPNR.exe
  2⤵
  PID:1084
- C:\Windows\System\DIiUjur.exe
  C:\Windows\System\DIiUjur.exe
  2⤵
  PID:2552
- C:\Windows\System\AtBfuoO.exe
  C:\Windows\System\AtBfuoO.exe
  2⤵
  PID:4500
- C:\Windows\System\yqWtZzj.exe
  C:\Windows\System\yqWtZzj.exe
  2⤵
  PID:4800
- C:\Windows\System\WwrlAzT.exe
  C:\Windows\System\WwrlAzT.exe
  2⤵
  PID:2276
- C:\Windows\System\xHdvphT.exe
  C:\Windows\System\xHdvphT.exe
  2⤵
  PID:4676
- C:\Windows\System\UCuYloE.exe
  C:\Windows\System\UCuYloE.exe
  2⤵
  PID:4752
- C:\Windows\System\AvkOOXG.exe
  C:\Windows\System\AvkOOXG.exe
  2⤵
  PID:5072
- C:\Windows\System\PlnnJYB.exe
  C:\Windows\System\PlnnJYB.exe
  2⤵
  PID:2736
- C:\Windows\System\thbrdUC.exe
  C:\Windows\System\thbrdUC.exe
  2⤵
  PID:4496
- C:\Windows\System\TtXQXXH.exe
  C:\Windows\System\TtXQXXH.exe
  2⤵
  PID:3160
- C:\Windows\System\mRLDwtE.exe
  C:\Windows\System\mRLDwtE.exe
  2⤵
  PID:2892
- C:\Windows\System\TEHhcGr.exe
  C:\Windows\System\TEHhcGr.exe
  2⤵
  PID:3768
- C:\Windows\System\WZdMKqE.exe
  C:\Windows\System\WZdMKqE.exe
  2⤵
  PID:3552
- C:\Windows\System\PvkEEIg.exe
  C:\Windows\System\PvkEEIg.exe
  2⤵
  PID:760
- C:\Windows\System\VSTDoiz.exe
  C:\Windows\System\VSTDoiz.exe
  2⤵
  PID:3940
- C:\Windows\System\gtWftAs.exe
  C:\Windows\System\gtWftAs.exe
  2⤵
  PID:3684
- C:\Windows\System\flQyjqs.exe
  C:\Windows\System\flQyjqs.exe
  2⤵
  PID:2016
- C:\Windows\System\Mjlmvht.exe
  C:\Windows\System\Mjlmvht.exe
  2⤵
  PID:4924
- C:\Windows\System\DVCLKNM.exe
  C:\Windows\System\DVCLKNM.exe
  2⤵
  PID:1100
- C:\Windows\System\cIJwyNi.exe
  C:\Windows\System\cIJwyNi.exe
  2⤵
  PID:1660
- C:\Windows\System\tPMUiuP.exe
  C:\Windows\System\tPMUiuP.exe
  2⤵
  PID:2224
- C:\Windows\System\dkhSVCo.exe
  C:\Windows\System\dkhSVCo.exe
  2⤵
  PID:4756
- C:\Windows\System\goruPLH.exe
  C:\Windows\System\goruPLH.exe
  2⤵
  PID:4780
- C:\Windows\System\gqUnmgE.exe
  C:\Windows\System\gqUnmgE.exe
  2⤵
  PID:4516
- C:\Windows\System\kQmNMiu.exe
  C:\Windows\System\kQmNMiu.exe
  2⤵
  PID:5124
- C:\Windows\System\pzDHAal.exe
  C:\Windows\System\pzDHAal.exe
  2⤵
  PID:5152
- C:\Windows\System\zqQyLrT.exe
  C:\Windows\System\zqQyLrT.exe
  2⤵
  PID:5180
- C:\Windows\System\sAikarH.exe
  C:\Windows\System\sAikarH.exe
  2⤵
  PID:5204
- C:\Windows\System\FhSGRsS.exe
  C:\Windows\System\FhSGRsS.exe
  2⤵
  PID:5232
- C:\Windows\System\EBTAbMl.exe
  C:\Windows\System\EBTAbMl.exe
  2⤵
  PID:5260
- C:\Windows\System\awOSZEC.exe
  C:\Windows\System\awOSZEC.exe
  2⤵
  PID:5288
- C:\Windows\System\bOhlJCa.exe
  C:\Windows\System\bOhlJCa.exe
  2⤵
  PID:5320
- C:\Windows\System\QSzCYXR.exe
  C:\Windows\System\QSzCYXR.exe
  2⤵
  PID:5348
- C:\Windows\System\GwZYNMo.exe
  C:\Windows\System\GwZYNMo.exe
  2⤵
  PID:5376
- C:\Windows\System\QnjaFWx.exe
  C:\Windows\System\QnjaFWx.exe
  2⤵
  PID:5404
- C:\Windows\System\SCxQXuC.exe
  C:\Windows\System\SCxQXuC.exe
  2⤵
  PID:5428
- C:\Windows\System\rHlMBcR.exe
  C:\Windows\System\rHlMBcR.exe
  2⤵
  PID:5456
- C:\Windows\System\JhPcwfD.exe
  C:\Windows\System\JhPcwfD.exe
  2⤵
  PID:5488
- C:\Windows\System\cUQkQon.exe
  C:\Windows\System\cUQkQon.exe
  2⤵
  PID:5516
- C:\Windows\System\KxvHnmM.exe
  C:\Windows\System\KxvHnmM.exe
  2⤵
  PID:5544
- C:\Windows\System\quKQyre.exe
  C:\Windows\System\quKQyre.exe
  2⤵
  PID:5584
- C:\Windows\System\oqpSuvM.exe
  C:\Windows\System\oqpSuvM.exe
  2⤵
  PID:5616
- C:\Windows\System\titKina.exe
  C:\Windows\System\titKina.exe
  2⤵
  PID:5656
- C:\Windows\System\SnXXYeT.exe
  C:\Windows\System\SnXXYeT.exe
  2⤵
  PID:5684
- C:\Windows\System\SNYlAcm.exe
  C:\Windows\System\SNYlAcm.exe
  2⤵
  PID:5712
- C:\Windows\System\FAQzsku.exe
  C:\Windows\System\FAQzsku.exe
  2⤵
  PID:5740
- C:\Windows\System\oskKEXo.exe
  C:\Windows\System\oskKEXo.exe
  2⤵
  PID:5768
- C:\Windows\System\sIuDXoJ.exe
  C:\Windows\System\sIuDXoJ.exe
  2⤵
  PID:5796
- C:\Windows\System\HhAYBMy.exe
  C:\Windows\System\HhAYBMy.exe
  2⤵
  PID:5824
- C:\Windows\System\mokfQHR.exe
  C:\Windows\System\mokfQHR.exe
  2⤵
  PID:5852
- C:\Windows\System\NOJfbUn.exe
  C:\Windows\System\NOJfbUn.exe
  2⤵
  PID:5880
- C:\Windows\System\HPJqElf.exe
  C:\Windows\System\HPJqElf.exe
  2⤵
  PID:5912
- C:\Windows\System\nWXejpT.exe
  C:\Windows\System\nWXejpT.exe
  2⤵
  PID:5940
- C:\Windows\System\JcJPtmp.exe
  C:\Windows\System\JcJPtmp.exe
  2⤵
  PID:5968
- C:\Windows\System\tnJSYRV.exe
  C:\Windows\System\tnJSYRV.exe
  2⤵
  PID:5996
- C:\Windows\System\DihdAxz.exe
  C:\Windows\System\DihdAxz.exe
  2⤵
  PID:6024
- C:\Windows\System\oaLjYzY.exe
  C:\Windows\System\oaLjYzY.exe
  2⤵
  PID:6056
- C:\Windows\System\KemgDBi.exe
  C:\Windows\System\KemgDBi.exe
  2⤵
  PID:6080
- C:\Windows\System\kcaGLGr.exe
  C:\Windows\System\kcaGLGr.exe
  2⤵
  PID:6108
- C:\Windows\System\nziZHHe.exe
  C:\Windows\System\nziZHHe.exe
  2⤵
  PID:6136
- C:\Windows\System\uzojhUD.exe
  C:\Windows\System\uzojhUD.exe
  2⤵
  PID:3892
- C:\Windows\System\SlLyFFq.exe
  C:\Windows\System\SlLyFFq.exe
  2⤵
  PID:2904
- C:\Windows\System\fpgloig.exe
  C:\Windows\System\fpgloig.exe
  2⤵
  PID:5168
- C:\Windows\System\NzCEfXb.exe
  C:\Windows\System\NzCEfXb.exe
  2⤵
  PID:5248
- C:\Windows\System\NdEbMAb.exe
  C:\Windows\System\NdEbMAb.exe
  2⤵
  PID:5308
- C:\Windows\System\GPohdhL.exe
  C:\Windows\System\GPohdhL.exe
  2⤵
  PID:4888
- C:\Windows\System\FYTDaVl.exe
  C:\Windows\System\FYTDaVl.exe
  2⤵
  PID:5420
- C:\Windows\System\PcYVIhY.exe
  C:\Windows\System\PcYVIhY.exe
  2⤵
  PID:5480
- C:\Windows\System\yKsYEjT.exe
  C:\Windows\System\yKsYEjT.exe
  2⤵
  PID:5532
- C:\Windows\System\tMUvSGp.exe
  C:\Windows\System\tMUvSGp.exe
  2⤵
  PID:5604
- C:\Windows\System\Wgzswox.exe
  C:\Windows\System\Wgzswox.exe
  2⤵
  PID:4040
- C:\Windows\System\DDksYWj.exe
  C:\Windows\System\DDksYWj.exe
  2⤵
  PID:2704
- C:\Windows\System\xbVIqbB.exe
  C:\Windows\System\xbVIqbB.exe
  2⤵
  PID:3084
- C:\Windows\System\sJOMnFj.exe
  C:\Windows\System\sJOMnFj.exe
  2⤵
  PID:5652
- C:\Windows\System\WeVSkhn.exe
  C:\Windows\System\WeVSkhn.exe
  2⤵
  PID:5696
- C:\Windows\System\ndGkhNx.exe
  C:\Windows\System\ndGkhNx.exe
  2⤵
  PID:4608
- C:\Windows\System\pmaKziC.exe
  C:\Windows\System\pmaKziC.exe
  2⤵
  PID:5736
- C:\Windows\System\VdllEqj.exe
  C:\Windows\System\VdllEqj.exe
  2⤵
  PID:5764
- C:\Windows\System\uESQhkm.exe
  C:\Windows\System\uESQhkm.exe
  2⤵
  PID:1948
- C:\Windows\System\LmqrzNd.exe
  C:\Windows\System\LmqrzNd.exe
  2⤵
  PID:5808
- C:\Windows\System\yvfEcdY.exe
  C:\Windows\System\yvfEcdY.exe
  2⤵
  PID:3024
- C:\Windows\System\GDVicER.exe
  C:\Windows\System\GDVicER.exe
  2⤵
  PID:5920
- C:\Windows\System\glloPrL.exe
  C:\Windows\System\glloPrL.exe
  2⤵
  PID:5976
- C:\Windows\System\YzESfbF.exe
  C:\Windows\System\YzESfbF.exe
  2⤵
  PID:6040
- C:\Windows\System\kDGFCOZ.exe
  C:\Windows\System\kDGFCOZ.exe
  2⤵
  PID:6100
- C:\Windows\System\XuoVCBg.exe
  C:\Windows\System\XuoVCBg.exe
  2⤵
  PID:1716
- C:\Windows\System\ICwilui.exe
  C:\Windows\System\ICwilui.exe
  2⤵
  PID:5196
- C:\Windows\System\kaNSjXQ.exe
  C:\Windows\System\kaNSjXQ.exe
  2⤵
  PID:5336
- C:\Windows\System\mYKracf.exe
  C:\Windows\System\mYKracf.exe
  2⤵
  PID:5472
- C:\Windows\System\UhvRPPQ.exe
  C:\Windows\System\UhvRPPQ.exe
  2⤵
  PID:5608
- C:\Windows\System\gDzHOFO.exe
  C:\Windows\System\gDzHOFO.exe
  2⤵
  PID:4092
- C:\Windows\System\vyrXDQW.exe
  C:\Windows\System\vyrXDQW.exe
  2⤵
  PID:5708
- C:\Windows\System\Qnfxpfm.exe
  C:\Windows\System\Qnfxpfm.exe
  2⤵
  PID:1760
- C:\Windows\System\sgOuMog.exe
  C:\Windows\System\sgOuMog.exe
  2⤵
  PID:5820
- C:\Windows\System\XnXDqss.exe
  C:\Windows\System\XnXDqss.exe
  2⤵
  PID:5932
- C:\Windows\System\QrIZtDo.exe
  C:\Windows\System\QrIZtDo.exe
  2⤵
  PID:6088
- C:\Windows\System\ybFPrxb.exe
  C:\Windows\System\ybFPrxb.exe
  2⤵
  PID:5164
- C:\Windows\System\xfueOTT.exe
  C:\Windows\System\xfueOTT.exe
  2⤵
  PID:5508
- C:\Windows\System\lhCgRaj.exe
  C:\Windows\System\lhCgRaj.exe
  2⤵
  PID:5676
- C:\Windows\System\DGbWoNJ.exe
  C:\Windows\System\DGbWoNJ.exe
  2⤵
  PID:5052
- C:\Windows\System\TBEiTSa.exe
  C:\Windows\System\TBEiTSa.exe
  2⤵
  PID:2064
- C:\Windows\System\iTlFDdd.exe
  C:\Windows\System\iTlFDdd.exe
  2⤵
  PID:5452
- C:\Windows\System\caBWtfF.exe
  C:\Windows\System\caBWtfF.exe
  2⤵
  PID:1256
- C:\Windows\System\XQaEoxd.exe
  C:\Windows\System\XQaEoxd.exe
  2⤵
  PID:5312
- C:\Windows\System\ROqpaxA.exe
  C:\Windows\System\ROqpaxA.exe
  2⤵
  PID:6164
- C:\Windows\System\VtQLuFJ.exe
  C:\Windows\System\VtQLuFJ.exe
  2⤵
  PID:6192
- C:\Windows\System\hzfOKaZ.exe
  C:\Windows\System\hzfOKaZ.exe
  2⤵
  PID:6220
- C:\Windows\System\cNQGgfZ.exe
  C:\Windows\System\cNQGgfZ.exe
  2⤵
  PID:6260
- C:\Windows\System\yDTPIqi.exe
  C:\Windows\System\yDTPIqi.exe
  2⤵
  PID:6280
- C:\Windows\System\CDsMjFI.exe
  C:\Windows\System\CDsMjFI.exe
  2⤵
  PID:6316
- C:\Windows\System\RaHGnSs.exe
  C:\Windows\System\RaHGnSs.exe
  2⤵
  PID:6332
- C:\Windows\System\acikuxz.exe
  C:\Windows\System\acikuxz.exe
  2⤵
  PID:6348
- C:\Windows\System\CjnBnUL.exe
  C:\Windows\System\CjnBnUL.exe
  2⤵
  PID:6376
- C:\Windows\System\hxBannb.exe
  C:\Windows\System\hxBannb.exe
  2⤵
  PID:6404
- C:\Windows\System\LHqrHMN.exe
  C:\Windows\System\LHqrHMN.exe
  2⤵
  PID:6432
- C:\Windows\System\fBqfGbT.exe
  C:\Windows\System\fBqfGbT.exe
  2⤵
  PID:6472
- C:\Windows\System\NMJsHZt.exe
  C:\Windows\System\NMJsHZt.exe
  2⤵
  PID:6504
- C:\Windows\System\TKtZfSf.exe
  C:\Windows\System\TKtZfSf.exe
  2⤵
  PID:6528
- C:\Windows\System\fDNxifw.exe
  C:\Windows\System\fDNxifw.exe
  2⤵
  PID:6564
- C:\Windows\System\fKsWTnD.exe
  C:\Windows\System\fKsWTnD.exe
  2⤵
  PID:6596
- C:\Windows\System\goFFZUb.exe
  C:\Windows\System\goFFZUb.exe
  2⤵
  PID:6616
- C:\Windows\System\fbxfKqW.exe
  C:\Windows\System\fbxfKqW.exe
  2⤵
  PID:6640
- C:\Windows\System\ULUEaLq.exe
  C:\Windows\System\ULUEaLq.exe
  2⤵
  PID:6656
- C:\Windows\System\brZpXHt.exe
  C:\Windows\System\brZpXHt.exe
  2⤵
  PID:6700
- C:\Windows\System\SSrlbRB.exe
  C:\Windows\System\SSrlbRB.exe
  2⤵
  PID:6728
- C:\Windows\System\xflYMLB.exe
  C:\Windows\System\xflYMLB.exe
  2⤵
  PID:6752
- C:\Windows\System\AwdkGef.exe
  C:\Windows\System\AwdkGef.exe
  2⤵
  PID:6768
- C:\Windows\System\pPZpvEW.exe
  C:\Windows\System\pPZpvEW.exe
  2⤵
  PID:6808
- C:\Windows\System\jRmekHJ.exe
  C:\Windows\System\jRmekHJ.exe
  2⤵
  PID:6848
- C:\Windows\System\HbLDQZZ.exe
  C:\Windows\System\HbLDQZZ.exe
  2⤵
  PID:6876
- C:\Windows\System\aOkcoHl.exe
  C:\Windows\System\aOkcoHl.exe
  2⤵
  PID:6904
- C:\Windows\System\PPuaSFQ.exe
  C:\Windows\System\PPuaSFQ.exe
  2⤵
  PID:6932
- C:\Windows\System\SLufbyB.exe
  C:\Windows\System\SLufbyB.exe
  2⤵
  PID:6964
- C:\Windows\System\fCznukI.exe
  C:\Windows\System\fCznukI.exe
  2⤵
  PID:6992
- C:\Windows\System\ggjvEGL.exe
  C:\Windows\System\ggjvEGL.exe
  2⤵
  PID:7008
- C:\Windows\System\pvBJeDL.exe
  C:\Windows\System\pvBJeDL.exe
  2⤵
  PID:7032
- C:\Windows\System\NpYyeAI.exe
  C:\Windows\System\NpYyeAI.exe
  2⤵
  PID:7060
- C:\Windows\System\YzhHDAk.exe
  C:\Windows\System\YzhHDAk.exe
  2⤵
  PID:7092
- C:\Windows\System\geHAIvw.exe
  C:\Windows\System\geHAIvw.exe
  2⤵
  PID:7132
- C:\Windows\System\UwpqoSu.exe
  C:\Windows\System\UwpqoSu.exe
  2⤵
  PID:7148
- C:\Windows\System\axLbFLo.exe
  C:\Windows\System\axLbFLo.exe
  2⤵
  PID:7164
- C:\Windows\System\gDcruJZ.exe
  C:\Windows\System\gDcruJZ.exe
  2⤵
  PID:6176
- C:\Windows\System\ORbphbv.exe
  C:\Windows\System\ORbphbv.exe
  2⤵
  PID:6252
- C:\Windows\System\QECOuqn.exe
  C:\Windows\System\QECOuqn.exe
  2⤵
  PID:6324
- C:\Windows\System\dReHHyT.exe
  C:\Windows\System\dReHHyT.exe
  2⤵
  PID:6384
- C:\Windows\System\OtfUxqB.exe
  C:\Windows\System\OtfUxqB.exe
  2⤵
  PID:6452
- C:\Windows\System\jDkklwn.exe
  C:\Windows\System\jDkklwn.exe
  2⤵
  PID:6524
- C:\Windows\System\AZFJGqD.exe
  C:\Windows\System\AZFJGqD.exe
  2⤵
  PID:6604
- C:\Windows\System\uYnMiJT.exe
  C:\Windows\System\uYnMiJT.exe
  2⤵
  PID:6652
- C:\Windows\System\OZlthJD.exe
  C:\Windows\System\OZlthJD.exe
  2⤵
  PID:6716
- C:\Windows\System\MoiiiCt.exe
  C:\Windows\System\MoiiiCt.exe
  2⤵
  PID:6736
- C:\Windows\System\tTBaETC.exe
  C:\Windows\System\tTBaETC.exe
  2⤵
  PID:6824
- C:\Windows\System\dwPWFfe.exe
  C:\Windows\System\dwPWFfe.exe
  2⤵
  PID:6896
- C:\Windows\System\EpyxBYI.exe
  C:\Windows\System\EpyxBYI.exe
  2⤵
  PID:7000
- C:\Windows\System\zxOCBLJ.exe
  C:\Windows\System\zxOCBLJ.exe
  2⤵
  PID:7048
- C:\Windows\System\RAVLCcE.exe
  C:\Windows\System\RAVLCcE.exe
  2⤵
  PID:7116
- C:\Windows\System\hPDeBRj.exe
  C:\Windows\System\hPDeBRj.exe
  2⤵
  PID:6236
- C:\Windows\System\JMjNSGT.exe
  C:\Windows\System\JMjNSGT.exe
  2⤵
  PID:6400
- C:\Windows\System\NJMZhla.exe
  C:\Windows\System\NJMZhla.exe
  2⤵
  PID:6484
- C:\Windows\System\YbzvhFg.exe
  C:\Windows\System\YbzvhFg.exe
  2⤵
  PID:6548
- C:\Windows\System\YPwYstn.exe
  C:\Windows\System\YPwYstn.exe
  2⤵
  PID:6760
- C:\Windows\System\DkqvnpE.exe
  C:\Windows\System\DkqvnpE.exe
  2⤵
  PID:7084
- C:\Windows\System\TMYAQxJ.exe
  C:\Windows\System\TMYAQxJ.exe
  2⤵
  PID:7104
- C:\Windows\System\UlRZrWz.exe
  C:\Windows\System\UlRZrWz.exe
  2⤵
  PID:6288
- C:\Windows\System\BgOyahc.exe
  C:\Windows\System\BgOyahc.exe
  2⤵
  PID:6928
- C:\Windows\System\LMtcQIS.exe
  C:\Windows\System\LMtcQIS.exe
  2⤵
  PID:6572
- C:\Windows\System\kAQxtwD.exe
  C:\Windows\System\kAQxtwD.exe
  2⤵
  PID:6500
- C:\Windows\System\eUcLUYr.exe
  C:\Windows\System\eUcLUYr.exe
  2⤵
  PID:7016
- C:\Windows\System\HmMTJEX.exe
  C:\Windows\System\HmMTJEX.exe
  2⤵
  PID:7192
- C:\Windows\System\kmqfafq.exe
  C:\Windows\System\kmqfafq.exe
  2⤵
  PID:7220
- C:\Windows\System\uNoJqom.exe
  C:\Windows\System\uNoJqom.exe
  2⤵
  PID:7236
- C:\Windows\System\XvWZKHe.exe
  C:\Windows\System\XvWZKHe.exe
  2⤵
  PID:7264
- C:\Windows\System\FTJHEto.exe
  C:\Windows\System\FTJHEto.exe
  2⤵
  PID:7280
- C:\Windows\System\XDdeonC.exe
  C:\Windows\System\XDdeonC.exe
  2⤵
  PID:7316
- C:\Windows\System\xDEGcHv.exe
  C:\Windows\System\xDEGcHv.exe
  2⤵
  PID:7348
- C:\Windows\System\mydNZxF.exe
  C:\Windows\System\mydNZxF.exe
  2⤵
  PID:7364
- C:\Windows\System\VgoyvBj.exe
  C:\Windows\System\VgoyvBj.exe
  2⤵
  PID:7392
- C:\Windows\System\SXlnCMm.exe
  C:\Windows\System\SXlnCMm.exe
  2⤵
  PID:7424
- C:\Windows\System\TmGSank.exe
  C:\Windows\System\TmGSank.exe
  2⤵
  PID:7464
- C:\Windows\System\nTjUPfv.exe
  C:\Windows\System\nTjUPfv.exe
  2⤵
  PID:7500
- C:\Windows\System\iQJkzYU.exe
  C:\Windows\System\iQJkzYU.exe
  2⤵
  PID:7524
- C:\Windows\System\iNiXcTr.exe
  C:\Windows\System\iNiXcTr.exe
  2⤵
  PID:7552
- C:\Windows\System\tvFOmPW.exe
  C:\Windows\System\tvFOmPW.exe
  2⤵
  PID:7572
- C:\Windows\System\yoiyukn.exe
  C:\Windows\System\yoiyukn.exe
  2⤵
  PID:7604
- C:\Windows\System\cqNYQFa.exe
  C:\Windows\System\cqNYQFa.exe
  2⤵
  PID:7640
- C:\Windows\System\vCMVBnn.exe
  C:\Windows\System\vCMVBnn.exe
  2⤵
  PID:7680
- C:\Windows\System\pwOBlpW.exe
  C:\Windows\System\pwOBlpW.exe
  2⤵
  PID:7708
- C:\Windows\System\YaJhBNT.exe
  C:\Windows\System\YaJhBNT.exe
  2⤵
  PID:7736
- C:\Windows\System\oDZCxdV.exe
  C:\Windows\System\oDZCxdV.exe
  2⤵
  PID:7756
- C:\Windows\System\AYQIikb.exe
  C:\Windows\System\AYQIikb.exe
  2⤵
  PID:7792
- C:\Windows\System\NKkoKQe.exe
  C:\Windows\System\NKkoKQe.exe
  2⤵
  PID:7820
- C:\Windows\System\gBLdrBK.exe
  C:\Windows\System\gBLdrBK.exe
  2⤵
  PID:7836
- C:\Windows\System\BCWtGAU.exe
  C:\Windows\System\BCWtGAU.exe
  2⤵
  PID:7868
- C:\Windows\System\xJpvDBE.exe
  C:\Windows\System\xJpvDBE.exe
  2⤵
  PID:7892
- C:\Windows\System\qKUcWUa.exe
  C:\Windows\System\qKUcWUa.exe
  2⤵
  PID:7924
- C:\Windows\System\cSITiXI.exe
  C:\Windows\System\cSITiXI.exe
  2⤵
  PID:7960
- C:\Windows\System\rpYxiUv.exe
  C:\Windows\System\rpYxiUv.exe
  2⤵
  PID:7976
- C:\Windows\System\gTvokBq.exe
  C:\Windows\System\gTvokBq.exe
  2⤵
  PID:8016
- C:\Windows\System\OQYmuuo.exe
  C:\Windows\System\OQYmuuo.exe
  2⤵
  PID:8044
- C:\Windows\System\BcwQRAj.exe
  C:\Windows\System\BcwQRAj.exe
  2⤵
  PID:8072
- C:\Windows\System\qPYYril.exe
  C:\Windows\System\qPYYril.exe
  2⤵
  PID:8104
- C:\Windows\System\CuqwXxf.exe
  C:\Windows\System\CuqwXxf.exe
  2⤵
  PID:8136
- C:\Windows\System\tHcsgih.exe
  C:\Windows\System\tHcsgih.exe
  2⤵
  PID:8164
- C:\Windows\System\NUmulsr.exe
  C:\Windows\System\NUmulsr.exe
  2⤵
  PID:8188
- C:\Windows\System\apHPYnM.exe
  C:\Windows\System\apHPYnM.exe
  2⤵
  PID:7232
- C:\Windows\System\TYcxiKm.exe
  C:\Windows\System\TYcxiKm.exe
  2⤵
  PID:7272
- C:\Windows\System\iykrvwM.exe
  C:\Windows\System\iykrvwM.exe
  2⤵
  PID:7336
- C:\Windows\System\DBUcWma.exe
  C:\Windows\System\DBUcWma.exe
  2⤵
  PID:7456
- C:\Windows\System\oqXHgcB.exe
  C:\Windows\System\oqXHgcB.exe
  2⤵
  PID:7492
- C:\Windows\System\kAtRCEf.exe
  C:\Windows\System\kAtRCEf.exe
  2⤵
  PID:7544
- C:\Windows\System\sflOrdk.exe
  C:\Windows\System\sflOrdk.exe
  2⤵
  PID:7560
- C:\Windows\System\kbPsoeQ.exe
  C:\Windows\System\kbPsoeQ.exe
  2⤵
  PID:7652
- C:\Windows\System\aevtucH.exe
  C:\Windows\System\aevtucH.exe
  2⤵
  PID:7724
- C:\Windows\System\ojWGirN.exe
  C:\Windows\System\ojWGirN.exe
  2⤵
  PID:7784
- C:\Windows\System\kuqqNUb.exe
  C:\Windows\System\kuqqNUb.exe
  2⤵
  PID:7876
- C:\Windows\System\tdpqpRd.exe
  C:\Windows\System\tdpqpRd.exe
  2⤵
  PID:7956
- C:\Windows\System\THCpzME.exe
  C:\Windows\System\THCpzME.exe
  2⤵
  PID:8036
- C:\Windows\System\bjUMwRC.exe
  C:\Windows\System\bjUMwRC.exe
  2⤵
  PID:8116
- C:\Windows\System\cdzIUMW.exe
  C:\Windows\System\cdzIUMW.exe
  2⤵
  PID:8152
- C:\Windows\System\EmsMUUl.exe
  C:\Windows\System\EmsMUUl.exe
  2⤵
  PID:7212
- C:\Windows\System\YxvmZwZ.exe
  C:\Windows\System\YxvmZwZ.exe
  2⤵
  PID:7380
- C:\Windows\System\ybBsDVN.exe
  C:\Windows\System\ybBsDVN.exe
  2⤵
  PID:7568
- C:\Windows\System\yzXvSXq.exe
  C:\Windows\System\yzXvSXq.exe
  2⤵
  PID:7696
- C:\Windows\System\tzAZJSo.exe
  C:\Windows\System\tzAZJSo.exe
  2⤵
  PID:7968
- C:\Windows\System\yMoarXb.exe
  C:\Windows\System\yMoarXb.exe
  2⤵
  PID:8000
- C:\Windows\System\qDOXADi.exe
  C:\Windows\System\qDOXADi.exe
  2⤵
  PID:7376
- C:\Windows\System\rZirIYp.exe
  C:\Windows\System\rZirIYp.exe
  2⤵
  PID:7584
- C:\Windows\System\tDQYEII.exe
  C:\Windows\System\tDQYEII.exe
  2⤵
  PID:8064
- C:\Windows\System\eVPKlaT.exe
  C:\Windows\System\eVPKlaT.exe
  2⤵
  PID:7852
- C:\Windows\System\dtePexy.exe
  C:\Windows\System\dtePexy.exe
  2⤵
  PID:8068
- C:\Windows\System\ECvhKro.exe
  C:\Windows\System\ECvhKro.exe
  2⤵
  PID:8200
- C:\Windows\System\jvdxVvj.exe
  C:\Windows\System\jvdxVvj.exe
  2⤵
  PID:8232
- C:\Windows\System\xZOqNlI.exe
  C:\Windows\System\xZOqNlI.exe
  2⤵
  PID:8268
- C:\Windows\System\lQTWGFd.exe
  C:\Windows\System\lQTWGFd.exe
  2⤵
  PID:8296
- C:\Windows\System\FFJeWDs.exe
  C:\Windows\System\FFJeWDs.exe
  2⤵
  PID:8324
- C:\Windows\System\dUFZyUi.exe
  C:\Windows\System\dUFZyUi.exe
  2⤵
  PID:8352
- C:\Windows\System\JMrisPa.exe
  C:\Windows\System\JMrisPa.exe
  2⤵
  PID:8372
- C:\Windows\System\AODhDui.exe
  C:\Windows\System\AODhDui.exe
  2⤵
  PID:8396
- C:\Windows\System\GcqmGhu.exe
  C:\Windows\System\GcqmGhu.exe
  2⤵
  PID:8412
- C:\Windows\System\AhfXcNN.exe
  C:\Windows\System\AhfXcNN.exe
  2⤵
  PID:8444
- C:\Windows\System\gVRQCtn.exe
  C:\Windows\System\gVRQCtn.exe
  2⤵
  PID:8476
- C:\Windows\System\toJMZDv.exe
  C:\Windows\System\toJMZDv.exe
  2⤵
  PID:8520
- C:\Windows\System\ZDNUyGE.exe
  C:\Windows\System\ZDNUyGE.exe
  2⤵
  PID:8548
- C:\Windows\System\DxmpCMm.exe
  C:\Windows\System\DxmpCMm.exe
  2⤵
  PID:8564
- C:\Windows\System\tupLTvl.exe
  C:\Windows\System\tupLTvl.exe
  2⤵
  PID:8592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AHuEQNw.exe

Filesize
2.1MB

MD5
bbf5022f81d121226f439432de3ac373

SHA1
b66998a3aeb26cfaa3a3c3826dfac9dbd4b25f94

SHA256
698878e25a9e77b6364b2edfd87edfa82d30a997975a912933459186adf62b9e

SHA512
4348fa0128eacacdcce8de6dc2d39451aac0e0232758b78f3f6657c9126b179a3613faed3866ccc7f4453c146f29f8ea14eef9110f2a4e1ca4916d1c5c9889f1

Download Submit
C:\Windows\System\BBBwPav.exe

Filesize
2.1MB

MD5
123254ede9b57a2fb975f470b77f1d76

SHA1
e47e4dab2e49e960b97d230edc79d4ac27ab3574

SHA256
d76ccadf1d5ae4e3bac4ada24f9ebdb19b219bcaee6b4c22a74167382eb752c5

SHA512
6675566b6cf275fb3db694740f14f5872e89304cbf1702a59b740b59be8de64b02a0ca2486adf26b3024d1b87b19d70db210ee46a5096ceb65e8221482cb2195

Download Submit
C:\Windows\System\CfiJEGR.exe

Filesize
2.1MB

MD5
6424eb699589910872f115103f33d441

SHA1
6286fa5d7b7c9b1f875d9cad424255ece63943bd

SHA256
c353e882fe226c1c44c09b89e93eb4c36d73c98c6588cc7f98a717697aaf2cdd

SHA512
89ab160dc342e7e74eb0d257428e7b3f51937483ecbbfd6f899c7b940cbd365fd70256391e61d95ff5a78da4a914062ca307b9e45711e559cd84501ee0dd2b4e

Download Submit
C:\Windows\System\CqPAKob.exe

Filesize
2.1MB

MD5
5cc9f25a5cd04fdff79c512a419142bc

SHA1
77441e287213556800ef5b524b4e2e581d3f71cd

SHA256
871973c4202677a00a0f5982b1eeedfac6e6192cee39e91e28898ee324b7f0c6

SHA512
a307a768858f8e86096e503272c3622ccef38936ec9cf82b20609b3d3f245ad2b281be7804022ca3045f22ac88b7dd18ea5ae027f44b2e48f4099b3f452bc9c7

Download Submit
C:\Windows\System\EaVHkde.exe

Filesize
2.1MB

MD5
e71de9d216be9266bb717865afb0ea0f

SHA1
266c358ba87b94289c632ca8f631fdbdbbc619cf

SHA256
e5af365dd08754dbf9a4677b00ea6e72d48045d1a9ff99209df3bd7643904236

SHA512
bedefc2c608bfb44f012587dd5d4971ba8e8ca77a86d44a86eba1c8fdfe1bf048d196b7fafd77aedf399cd63142db229956ff778df09010fb0e4ed1761abe030

Download Submit
C:\Windows\System\HXSAOkT.exe

Filesize
2.1MB

MD5
17e2c1921dfbe81bf6d859b0f1d2d3bf

SHA1
8e27e99f78141e14648dbd61edb7705ceee0ac28

SHA256
48b59c19ebdf9ec03668f2447e17618383da101ecdb3afeeccf1edf7983c3343

SHA512
31f7334419ca0e4101a8d2814630ed4b5ccf621f2d0b1c74014f7c96fbc514b417c12b4f5452534df7c10b2d731f4784e4f1d4649d920507c8415e1d9c1ba372

Download Submit
C:\Windows\System\IRccyUY.exe

Filesize
2.1MB

MD5
a0bb43b1a4f95335958bfe14225eabb2

SHA1
4760c59e0d5119dd1289da702854d451d0c66cb2

SHA256
3183ada276c0202da1dd4878886287ec5d528d1ece903506d27d87e9b1fbe576

SHA512
66d2155c855b235923a786c4a89e38ab3e3a9c7d474d6a2a6c04918085817d283d201154a5bd353babbeaafc036235c0dc95280215b5a5a384d06ab8a989fbb6

Download Submit
C:\Windows\System\JnglAVN.exe

Filesize
2.1MB

MD5
8230c9b93fb4ceba874156895f58cf30

SHA1
b2ea8d0236423f6e04adafe42c998fda7e1f469b

SHA256
5d4254fd5671c157914c7ab975a4c0d5c7155d9c0c6b5482828cfa75f978a513

SHA512
5e2baa0d666c8b3d827693eadd9b110b1039f970999c19870cb45e36b48d2f319e2aadcb46734e520e83b3cde192e60becdf6027f23c4c79fdc2861915758427

Download Submit
C:\Windows\System\KpNpzaF.exe

Filesize
2.1MB

MD5
41dc370844e5fc4522df91c8720bde9c

SHA1
8fdf003e8892e4d5fae9fc4d998059b384486cba

SHA256
2dace589740a384183786553a981933814f1980169f006f529a33fc93d8da779

SHA512
f18706edd430ca2058ce05197217afdf08df8abd6f39b5f3d4b399ce090ab5a74e1752c06f3ae8fbc68acdd9eb4f26e7bdbcb6a5fd9436f39116abf2909203d9

Download Submit
C:\Windows\System\KxTsYXX.exe

Filesize
2.1MB

MD5
ac6b1df9374616f8b32a7ebc0a5c84d1

SHA1
e19287e91f3c570ceb63a0f7f530316297a62641

SHA256
7d6c0b8b80e6a04f7837c0e40aa2a298cd5c5ffe04d41b3e4cca516292f14632

SHA512
b427f1dbc36a0e552ee8939bd4b637c21593f2e45a21660b331b42bd19865fdeb79699c5617783d77ae39a2828bc4efd24d616dc56f8b897ef687561f87b5b9a

Download Submit
C:\Windows\System\LnkFaVx.exe

Filesize
2.1MB

MD5
455169b70025e5032efb7c39bc467807

SHA1
49eaec5d817d8ba5bf5331706a417cd77f37869b

SHA256
24064df738175ee10ffaf4b759767e174cd91741c65e20b4f7451e96a2a846cf

SHA512
34db8d0d1a81c9882628be14b263dfd755499b3075d9f3661827c101457e137098c8c99f92ac9bc807e1422a618769ff5cd956ab7bffbc5e84b2d6c88fecee9e

Download Submit
C:\Windows\System\MSJVDtg.exe

Filesize
2.1MB

MD5
b8f6b2436ae706b69fe0bdb99b4e098b

SHA1
64345d0fc812320b44fd3ce4b061b59ab6ea4ce8

SHA256
9517757805b9427a985dfc746e94a7db4d18bb4259f7500d1de17181d753a919

SHA512
16fdd56d85df2355fb22ae476ad92490b4fdd2b860d388eb610ed083e3c4ee3363216dccf71cfadba5b7d9cc7c44d646d7d7ea91956e119085d602ed76544a4a

Download Submit
C:\Windows\System\MVZtqXQ.exe

Filesize
2.1MB

MD5
de1058c1d9b2e231e6bfb7152aa77795

SHA1
a4805f07bb6af85233ee1e0fddf9315faeb95439

SHA256
e8d346235ae1cd00936e80df515a1f980316a56f7122e6bddcf7da0bb5ab7211

SHA512
234c8845d6a630210c2318832bc7cac46468ff76b33aac0b20e60c76e7d3f0b18143b52fb8ff584a82e2beb6400d61b1e6eb764d0afb929f89aecdb050f9b9c5

Download Submit
C:\Windows\System\RWuLPre.exe

Filesize
2.1MB

MD5
1f77e70300f45b013cab1c2c9a006532

SHA1
6bbdcb376dd04ac0030a034a1073ba730b40a751

SHA256
f6d8b18efaccd9f2aecf8f329ce3b80efae9bebf52945c26af3cce03c22ae6fa

SHA512
767a454675c7bb337923fccc8eed4ff43da5ac661e05490c68ba8285b238446bca9bbba3736c25662abfd6b96414e7abcad32c118efb9953b6a16092d1d092ea

Download Submit
C:\Windows\System\WMMCDPV.exe

Filesize
2.1MB

MD5
ff9eb60f4b0614d061a56bf9e6567861

SHA1
e0c93dcde02a229c09b0750bf199b176038105cd

SHA256
0cb0e531b91ccb694109c30664c41c277733586492f1919a2dd8d3c9c19c814c

SHA512
d4a401bea502eb07295441ddaf02eebcdd9d76e0c287cc08f0d523f93636e8710bb251a48a1976cd1fb613ad9f959908fbfed9ca0585ef3bc99c1d2be6f029c2

Download Submit
C:\Windows\System\XOpeWto.exe

Filesize
2.1MB

MD5
bfab9a618c59db20bd2325fc1e331afb

SHA1
3a6b6150f2144154305a3b2abb4e904b002eaa07

SHA256
57ce5b977a589746d91c2e13a980201cdb72f47af0460693e75cf3da0db8c7d6

SHA512
638832d9d2ea1ac70b047b90dcba05116a948e39e83ce992daad3f6f0b3842120c15c884f1f7b23103eb1db3c383df006a177d37aff31830cdfa86e4400fee23

Download Submit
C:\Windows\System\XkxNOxv.exe

Filesize
2.1MB

MD5
7a1edb74df9de1675167c85051411faa

SHA1
93c9c54ec2e07db726a1b15d6d3987d1b1c3067f

SHA256
ac683dfe6c5eeae3a875aba730e70494b3956a44e4bc64dea56991c787cbc84c

SHA512
a0c85adad985f6cf37620d564ec4fbf74c4e121c3c2f30df4968c4d3f8d961cdc1979347668f3e163642288f767dbd4218362a7a8e47c5b373aca0bbe617e31d

Download Submit
C:\Windows\System\ZZhQnvQ.exe

Filesize
2.1MB

MD5
c1c44facd57fc5a5908e75706b4e2391

SHA1
395aa2fb549af82ab7eb2c935a496827dcaf71bf

SHA256
44c2c60e85745dc02916848dcb85c4f127d6407f61260f6fa9e0e6d3f80c8172

SHA512
4f83def8605e747f1e068541cccb9c78045a9b371b85f5802eeecdd9032ea06b87b6872a8da26ea84828d5c0b4558fa24a3f4fed9f55a11e50aa1b4b4b0e7b9d

Download Submit
C:\Windows\System\cDWMWqd.exe

Filesize
2.1MB

MD5
3ad9468ed42aca3dd93b893dff9d48c6

SHA1
3dd64b724437b41cb8d3e994f2b6f8fbecefce41

SHA256
3c02516929b30734ca30be3925e81fb1741943742da6519510045dcc8482310f

SHA512
6ef139a7153cf70e1eb05a8ec5f7cb2d47039147367520e9d5991a29ec4ca05c29343e862d683fb4fdab8a0ecd345239df9658c4fd929a670b12b05c15a3c5a3

Download Submit
C:\Windows\System\cZxDNIV.exe

Filesize
2.1MB

MD5
1e0b14030da759f9d540d783a3806716

SHA1
f0b33b286c362733e161d6edf3a57042427dee98

SHA256
b41dda061eff4fd4e1c4c85454e4e34ca9ea3a6d2e1a7e2730105fa19ca9ccbe

SHA512
5441a8063d56fa9c5c2a11ae55cb511721721ef5376cb105bbebf9b0ed8144677f2d2de021c0c4d62673956588c9853b5599810b23503af133c35bf11faec92c

Download Submit
C:\Windows\System\daHwIgf.exe

Filesize
2.1MB

MD5
dc55865eb31e6589bfd5fb23fcd7e16e

SHA1
fdaadc0283cec13a685fccdf2dd375802be321c3

SHA256
2286fbee204d1ee13d14b978b3135a5d55b91c603f04096856b74b69a85a0f15

SHA512
71e17d648f62e5ce7e7def05bfc62797debbc36292fffb42ae91aac47fb7f7b5fa4e3b74a0633a34daf57cfb9f887a37c142d0df5cab2408595b77876357e8ef

Download Submit
C:\Windows\System\gYpCQAj.exe

Filesize
2.1MB

MD5
dfaef22b69433f72c3ea3f680c6982f6

SHA1
ded9332fe5dcb6248ea174404400143c92bd6d61

SHA256
7dbc6527a761e87970cbc5bda514b4908308003d003dddfa90cad127cbed5978

SHA512
2427a1e5a2286e986528bde807297855ae35f664d68a0d895e006e9243b73db489dc5bc4b5690dc59cc1f17a1315b5947be2642f747e076ab9b8e12d2f53724c

Download Submit
C:\Windows\System\hHnvmON.exe

Filesize
2.1MB

MD5
1f5ce827df3518a5ddc4be45d2900f34

SHA1
bd4c661a552565e7c623afc2812e14874bd6f405

SHA256
c6e8e9fd9c32f6c8a7e1e6eede661ddbbfc3b5b9cab786300d8c7584f2af43ad

SHA512
41c3e060cc376c2a7df76041e899cda2a5adcfa969f2ed17becddbd4173d708d0c01b5372a47a717117ce4da0c5b300d4f8119b52d5c8fee01f17e5a56245756

Download Submit
C:\Windows\System\hoYSWxW.exe

Filesize
2.1MB

MD5
e542ee0df5dda5b5cc996921d1fff756

SHA1
5183b42add86b982c7d913be84062cfdf5a9a71f

SHA256
33fd118f8f7fe542d4601f1447d82e49a25d711ec8464d63ac09bc2dd0ca5540

SHA512
065c9fa824c188d0b91d0dba5d7007181d216126623fafbb99547e5357bfce856bccec30783dfb75c9d55a5ba9904c8ceffe6bb88a3e75ba4f7bee5b73936942

Download Submit
C:\Windows\System\kFsoKpX.exe

Filesize
2.1MB

MD5
1d91e66ac7abbf9f8a15ea0715852055

SHA1
a913f0d458ff95643b58320b8a8df7c9fbe543ba

SHA256
e713a53c9ef2ed6d03427ee359188eb6943542ed9adeb51f31cbbd78e872f8dd

SHA512
dfa0f670f2853424d114eb7204b7291d5fdf118367f51c948a894f76ce77c9a9215d790b9734971db0c8b0eb2bb002f6018bca753219114fe5032976a08c10b4

Download Submit
C:\Windows\System\lAlysRg.exe

Filesize
2.1MB

MD5
83a8566235d10ed3a708dc9cb03eb8cc

SHA1
2db86c548462421802cbd0b27b86547bcd507b92

SHA256
0aecb61cea521df396ea93914cfd92b46b8945bb014b1dc47c573e9fec7ef62d

SHA512
f4f99a0cb6b0b4823234dfe4d1bece3b3f3d7908ad988415282029c09745d865140f83026959fb2468dda44be1257a31449af0379d0926b61eea650737cec211

Download Submit
C:\Windows\System\nSLXEYg.exe

Filesize
2.1MB

MD5
5d267a838a2db9df874d2e1d0ba0fc35

SHA1
fad1b6074be499e3e18b449417bba1bfa2d8fc1a

SHA256
541775cdd12d8b1fbf71742f0d8dad17c19db79543571ae4d6f36172f653fac1

SHA512
07d1ae126a0bdff85ed803812f3828c45fdcc7a13f7eb7741c26ed405c648d49f93ba10b277e6d5acf5d53033c3049bf0bdd368b0163e8a195e7d8d4b54f07a9

Download Submit
C:\Windows\System\okvHkim.exe

Filesize
2.1MB

MD5
bf94aeac239dd39fd20fa63e205a1863

SHA1
14b706f50f9a5914314d9041afcb2b823e0aceac

SHA256
29e8e5e15671e70b6ee93d6b06f950e60c8aadefcad72a767c82168abfc4b31e

SHA512
e5813a0ca82654a1982468b6c27e91b3b7676bb966166f78bdd95848da5a80f9c6e882cde7e737fa581d59871d61b4e1e43912218a7a26fa93640a0516f0646e

Download Submit
C:\Windows\System\pGlNIVz.exe

Filesize
2.1MB

MD5
51c0acba12298f9f41cb3ba4ee5b3f7a

SHA1
b23d9513937d88f3c9a34d409ee99202fc51f85f

SHA256
41c2dc0917757b6580507c9d2c7c80a12ed2c2387256aabd824353426fdcfecb

SHA512
0afc4b9138f08593ad3813c82bee32cd1b9592ff24282c36f4f42be40d395b115a953a52e941c167a26f16a52786d8692c66e2f3bd11fad6fa76de58efbdb985

Download Submit
C:\Windows\System\phwGyqJ.exe

Filesize
2.1MB

MD5
6e5e571d1aa38e2955d1d34e40c10283

SHA1
761a8b2ecdb179bb10b87841e8cdb59492045850

SHA256
98251e1b7afbfb0908af4b4ec6ec974905ef36f0901f1105230c5940287da5a3

SHA512
965a2034cb7bb8e3870f6d2b0c6b559b6ba772e57b46ade7979f1e0f7410b9029e0b0f1dbd7ab37a414e157bcfc6bf8b23710158227167eb0e4d65398e0b35c9

Download Submit
C:\Windows\System\skQqbXa.exe

Filesize
2.1MB

MD5
5695809eb2a22c4d503670ce87e16ad6

SHA1
c13138d638c8e372e7775c84b979854cca7c5f01

SHA256
bdb75942fbd4fd0b68ef221cb9101eb863c2739bb8e0c1c8c75e28d54f815f04

SHA512
162c7a15d362d48c522102b0e53129e783ad6f0973f5ecbf4f1f0bdc200e170947964b90425e1639c52149aab7eebfbbd813a96f4ee96e98a7b9a576a2085373

Download Submit
C:\Windows\System\yUOmoYp.exe

Filesize
2.1MB

MD5
f12d04becdbc8a5a07c2749c335484f7

SHA1
e3e2050cfbf009583fe370ab3473b104e456621d

SHA256
6e108e32e7152370dba14283956db2eb5780cab156cae69b6685a9bb3c35cd96

SHA512
4f547a9f7fa6b90fa7704498bc0fdfb59b0b171c4430adde9bdc9607f331a0c4263d9148c10f77bcf2b48092e1d1500af9c64c6585b469d583b0db37fe3cb093

Download Submit
C:\Windows\System\ytIhrlY.exe

Filesize
2.1MB

MD5
28f4c0998b0958959f503515a8f23ce2

SHA1
2f0590e081c762eae9f9bb6c9e9d6df517f9b7ab

SHA256
e0f92e49e1aa5cadc98268af299f2dd5719c611999591f1059639700fb6d7414

SHA512
ef8948e2d49f967b26811772ba14c5f8b88b6b3917c15db314afa750e9abf3e145f20dfd7c061958a101169f57892fe0e8ffaddb302fbec9c38a8ab19a9db8a5

Download Submit
memory/4900-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download