kpot | 003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
Size

2.1MB
MD5

ed31e0d95c62366c16b372b631317230
SHA1

1ec060180a689b4f905eeca263ab812165eec0b0
SHA256

003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc
SHA512

c7ca073f1847aded959b52baa155fe9484dd7747b44cd7dd82c1a5ce0dbc7752e5ff84504998247e0ad57dd2bdf4d10fe5fb1ba3ee250c81e615de6e51bf5a9f
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PRQ:GemTLkNdfE0pZaQe

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0005000000022f58-5.dat	family_kpot
behavioral2/files/0x000900000002348a-6.dat	family_kpot
behavioral2/files/0x0007000000023490-7.dat	family_kpot
behavioral2/files/0x0007000000023499-32.dat	family_kpot
behavioral2/files/0x000700000002349a-67.dat	family_kpot
behavioral2/files/0x000700000002349e-81.dat	family_kpot
behavioral2/files/0x00070000000234a0-92.dat	family_kpot
behavioral2/files/0x00070000000234a1-105.dat	family_kpot
behavioral2/files/0x00070000000234a5-117.dat	family_kpot
behavioral2/files/0x00070000000234a8-132.dat	family_kpot
behavioral2/files/0x00070000000234aa-150.dat	family_kpot
behavioral2/files/0x00070000000234ae-162.dat	family_kpot
behavioral2/files/0x00070000000234ac-160.dat	family_kpot
behavioral2/files/0x00070000000234ad-157.dat	family_kpot
behavioral2/files/0x00070000000234ab-155.dat	family_kpot
behavioral2/files/0x00070000000234a9-145.dat	family_kpot
behavioral2/files/0x00070000000234a7-135.dat	family_kpot
behavioral2/files/0x00070000000234a6-130.dat	family_kpot
behavioral2/files/0x00070000000234a4-120.dat	family_kpot
behavioral2/files/0x00070000000234a3-115.dat	family_kpot
behavioral2/files/0x00070000000234a2-110.dat	family_kpot
behavioral2/files/0x000700000002349f-95.dat	family_kpot
behavioral2/files/0x000700000002349d-82.dat	family_kpot
behavioral2/files/0x000700000002349c-79.dat	family_kpot
behavioral2/files/0x000700000002349b-78.dat	family_kpot
behavioral2/files/0x0007000000023493-69.dat	family_kpot
behavioral2/files/0x0007000000023498-63.dat	family_kpot
behavioral2/files/0x0007000000023495-59.dat	family_kpot
behavioral2/files/0x0007000000023494-57.dat	family_kpot
behavioral2/files/0x0007000000023492-54.dat	family_kpot
behavioral2/files/0x0007000000023491-50.dat	family_kpot
behavioral2/files/0x0007000000023497-44.dat	family_kpot
behavioral2/files/0x0007000000023496-41.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0005000000022f58-5.dat	xmrig
behavioral2/files/0x000900000002348a-6.dat	xmrig
behavioral2/files/0x0007000000023490-7.dat	xmrig
behavioral2/files/0x0007000000023499-32.dat	xmrig
behavioral2/files/0x000700000002349a-67.dat	xmrig
behavioral2/files/0x000700000002349e-81.dat	xmrig
behavioral2/files/0x00070000000234a0-92.dat	xmrig
behavioral2/files/0x00070000000234a1-105.dat	xmrig
behavioral2/files/0x00070000000234a5-117.dat	xmrig
behavioral2/files/0x00070000000234a8-132.dat	xmrig
behavioral2/files/0x00070000000234aa-150.dat	xmrig
behavioral2/files/0x00070000000234ae-162.dat	xmrig
behavioral2/files/0x00070000000234ac-160.dat	xmrig
behavioral2/files/0x00070000000234ad-157.dat	xmrig
behavioral2/files/0x00070000000234ab-155.dat	xmrig
behavioral2/files/0x00070000000234a9-145.dat	xmrig
behavioral2/files/0x00070000000234a7-135.dat	xmrig
behavioral2/files/0x00070000000234a6-130.dat	xmrig
behavioral2/files/0x00070000000234a4-120.dat	xmrig
behavioral2/files/0x00070000000234a3-115.dat	xmrig
behavioral2/files/0x00070000000234a2-110.dat	xmrig
behavioral2/files/0x000700000002349f-95.dat	xmrig
behavioral2/files/0x000700000002349d-82.dat	xmrig
behavioral2/files/0x000700000002349c-79.dat	xmrig
behavioral2/files/0x000700000002349b-78.dat	xmrig
behavioral2/files/0x0007000000023493-69.dat	xmrig
behavioral2/files/0x0007000000023498-63.dat	xmrig
behavioral2/files/0x0007000000023495-59.dat	xmrig
behavioral2/files/0x0007000000023494-57.dat	xmrig
behavioral2/files/0x0007000000023492-54.dat	xmrig
behavioral2/files/0x0007000000023491-50.dat	xmrig
behavioral2/files/0x0007000000023497-44.dat	xmrig
behavioral2/files/0x0007000000023496-41.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1172	QhSUeHB.exe
2200	lDmjVAc.exe
1504	MZHTNkT.exe
1648	LSxizzV.exe
3204	BFIJPUm.exe
2444	zsbWAya.exe
4840	cRcSKbh.exe
2760	liKBepY.exe
2152	QBbZoZx.exe
1472	BZhwQWP.exe
1936	gzDjKDW.exe
2060	zLtRxdK.exe
2900	DYZKmVq.exe
912	WrXcyzu.exe
3968	RPGnZgp.exe
1196	ecYTdoN.exe
2424	NUCNgCy.exe
1780	uqcWLbq.exe
3260	FfIjmeA.exe
4148	iCjXrwG.exe
2148	IpaIATI.exe
688	JZlEpfD.exe
2440	QeFlsPh.exe
3992	okDuCwZ.exe
4540	oAwdDBB.exe
2172	NZaAbmT.exe
1384	ZXmBRCE.exe
1220	WsQwlcF.exe
1268	eVpnpUa.exe
3372	PqOAmSn.exe
880	caEQtkW.exe
744	SjaOfIc.exe
1460	tPTbImH.exe
4920	kKxcGfb.exe
2512	GAeuMQe.exe
2904	SGhmjJI.exe
3844	TPIuabo.exe
756	qkjvUUr.exe
4916	PdEKfwo.exe
4164	nLhwLkI.exe
4004	BKEOYnm.exe
2600	ZjInHHx.exe
4980	nFvRvCy.exe
1776	NXyfhZS.exe
3596	UUhpWRt.exe
5072	ZAlEQMr.exe
3348	keEhiBU.exe
504	abMeebB.exe
2188	gNgDqpJ.exe
4288	BpXKHPu.exe
4280	BqriHdD.exe
2788	lClzQau.exe
1316	VPaymdx.exe
4544	ZnkxYoN.exe
4892	GoONLeg.exe
1728	COdiSLO.exe
4356	rGMIQsp.exe
808	nIvRXuU.exe
4856	ZrNVKSe.exe
1804	NSLtCXF.exe
3268	vNJEvVh.exe
2004	FCCPvXf.exe
2080	JsSQqVe.exe
4208	TEQqwAL.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UiAClLx.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\iaEryet.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\DaeQYaU.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\JpkJZCS.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\qFcngRn.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\qlKgvnk.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\KQXbblE.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\ZjInHHx.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\nzuadAJ.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\SBSihQY.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\Bimbrge.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\zcPWgKW.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\PIiveNz.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\tXwpIpC.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\xkWTwfa.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\layGslW.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\dvEutRq.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\VUaeAoi.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\idmGmoe.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\BFIJPUm.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\CfCGDtv.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\fKpCLND.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\SDZdqwl.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\yJZTeKk.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\HZIlZPc.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\DGBKPKJ.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\AfxIjiE.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\dmbaQZs.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\sLqEHOC.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\BZhwQWP.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\uqcWLbq.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\zkbRbnv.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\QhSUeHB.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\DYZKmVq.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\oHnVqTV.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\DpURDZh.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\uIsboRX.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\tsabrPw.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\wJTUseL.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\hcFZAvM.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\VoGiAWj.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\PRqcQzI.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\thrKuzV.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\COdiSLO.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\USjzEun.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\IYIbyDY.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\NqksZwC.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\xBhsSwN.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\cHVcrdy.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\EzDvQqN.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\oAwdDBB.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\nhAkITd.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\ykeOsns.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\FYSKiQB.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\COrkuFo.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\rGMIQsp.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\PrNrXEN.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\BuRtoCy.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\fMqotJO.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\JsSQqVe.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\BpKkXbf.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\ZUCUZnE.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\SCHqQQH.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
File created	C:\Windows\System\kFDurmP.exe	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1172	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	84
PID 2864 wrote to memory of 1172	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	84
PID 2864 wrote to memory of 2200	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	85
PID 2864 wrote to memory of 2200	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	85
PID 2864 wrote to memory of 1648	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	86
PID 2864 wrote to memory of 1648	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	86
PID 2864 wrote to memory of 3204	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	87
PID 2864 wrote to memory of 3204	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	87
PID 2864 wrote to memory of 2444	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	88
PID 2864 wrote to memory of 2444	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	88
PID 2864 wrote to memory of 4840	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	89
PID 2864 wrote to memory of 4840	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	89
PID 2864 wrote to memory of 2760	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	90
PID 2864 wrote to memory of 2760	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	90
PID 2864 wrote to memory of 2152	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	91
PID 2864 wrote to memory of 2152	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	91
PID 2864 wrote to memory of 1472	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	92
PID 2864 wrote to memory of 1472	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	92
PID 2864 wrote to memory of 1936	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	93
PID 2864 wrote to memory of 1936	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	93
PID 2864 wrote to memory of 2060	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	94
PID 2864 wrote to memory of 2060	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	94
PID 2864 wrote to memory of 1504	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	95
PID 2864 wrote to memory of 1504	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	95
PID 2864 wrote to memory of 2900	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	96
PID 2864 wrote to memory of 2900	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	96
PID 2864 wrote to memory of 912	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	97
PID 2864 wrote to memory of 912	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	97
PID 2864 wrote to memory of 3968	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	98
PID 2864 wrote to memory of 3968	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	98
PID 2864 wrote to memory of 1196	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	99
PID 2864 wrote to memory of 1196	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	99
PID 2864 wrote to memory of 2424	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	100
PID 2864 wrote to memory of 2424	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	100
PID 2864 wrote to memory of 1780	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	101
PID 2864 wrote to memory of 1780	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	101
PID 2864 wrote to memory of 3260	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	102
PID 2864 wrote to memory of 3260	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	102
PID 2864 wrote to memory of 4148	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	103
PID 2864 wrote to memory of 4148	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	103
PID 2864 wrote to memory of 2148	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	104
PID 2864 wrote to memory of 2148	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	104
PID 2864 wrote to memory of 688	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	105
PID 2864 wrote to memory of 688	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	105
PID 2864 wrote to memory of 2440	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	106
PID 2864 wrote to memory of 2440	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	106
PID 2864 wrote to memory of 3992	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	107
PID 2864 wrote to memory of 3992	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	107
PID 2864 wrote to memory of 4540	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	108
PID 2864 wrote to memory of 4540	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	108
PID 2864 wrote to memory of 2172	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	109
PID 2864 wrote to memory of 2172	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	109
PID 2864 wrote to memory of 1384	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	110
PID 2864 wrote to memory of 1384	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	110
PID 2864 wrote to memory of 1220	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	111
PID 2864 wrote to memory of 1220	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	111
PID 2864 wrote to memory of 1268	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	112
PID 2864 wrote to memory of 1268	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	112
PID 2864 wrote to memory of 3372	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	113
PID 2864 wrote to memory of 3372	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	113
PID 2864 wrote to memory of 880	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	114
PID 2864 wrote to memory of 880	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	114
PID 2864 wrote to memory of 744	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	115
PID 2864 wrote to memory of 744	2864	003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\003dd0cb2df128439c3fe05b6359e360f0c953b93136361cef8773e5bb229ffc_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\System\QhSUeHB.exe
  C:\Windows\System\QhSUeHB.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\lDmjVAc.exe
  C:\Windows\System\lDmjVAc.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\LSxizzV.exe
  C:\Windows\System\LSxizzV.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\BFIJPUm.exe
  C:\Windows\System\BFIJPUm.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\zsbWAya.exe
  C:\Windows\System\zsbWAya.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\cRcSKbh.exe
  C:\Windows\System\cRcSKbh.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\liKBepY.exe
  C:\Windows\System\liKBepY.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\QBbZoZx.exe
  C:\Windows\System\QBbZoZx.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\BZhwQWP.exe
  C:\Windows\System\BZhwQWP.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\gzDjKDW.exe
  C:\Windows\System\gzDjKDW.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\zLtRxdK.exe
  C:\Windows\System\zLtRxdK.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\MZHTNkT.exe
  C:\Windows\System\MZHTNkT.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\DYZKmVq.exe
  C:\Windows\System\DYZKmVq.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\WrXcyzu.exe
  C:\Windows\System\WrXcyzu.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\RPGnZgp.exe
  C:\Windows\System\RPGnZgp.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\ecYTdoN.exe
  C:\Windows\System\ecYTdoN.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\NUCNgCy.exe
  C:\Windows\System\NUCNgCy.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\uqcWLbq.exe
  C:\Windows\System\uqcWLbq.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\FfIjmeA.exe
  C:\Windows\System\FfIjmeA.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\iCjXrwG.exe
  C:\Windows\System\iCjXrwG.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\IpaIATI.exe
  C:\Windows\System\IpaIATI.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\JZlEpfD.exe
  C:\Windows\System\JZlEpfD.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\QeFlsPh.exe
  C:\Windows\System\QeFlsPh.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\okDuCwZ.exe
  C:\Windows\System\okDuCwZ.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\oAwdDBB.exe
  C:\Windows\System\oAwdDBB.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\NZaAbmT.exe
  C:\Windows\System\NZaAbmT.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ZXmBRCE.exe
  C:\Windows\System\ZXmBRCE.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\WsQwlcF.exe
  C:\Windows\System\WsQwlcF.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\eVpnpUa.exe
  C:\Windows\System\eVpnpUa.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\PqOAmSn.exe
  C:\Windows\System\PqOAmSn.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\caEQtkW.exe
  C:\Windows\System\caEQtkW.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\SjaOfIc.exe
  C:\Windows\System\SjaOfIc.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\tPTbImH.exe
  C:\Windows\System\tPTbImH.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\kKxcGfb.exe
  C:\Windows\System\kKxcGfb.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\GAeuMQe.exe
  C:\Windows\System\GAeuMQe.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\SGhmjJI.exe
  C:\Windows\System\SGhmjJI.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\TPIuabo.exe
  C:\Windows\System\TPIuabo.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\qkjvUUr.exe
  C:\Windows\System\qkjvUUr.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\PdEKfwo.exe
  C:\Windows\System\PdEKfwo.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\nLhwLkI.exe
  C:\Windows\System\nLhwLkI.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\BKEOYnm.exe
  C:\Windows\System\BKEOYnm.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\ZjInHHx.exe
  C:\Windows\System\ZjInHHx.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\nFvRvCy.exe
  C:\Windows\System\nFvRvCy.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\NXyfhZS.exe
  C:\Windows\System\NXyfhZS.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\UUhpWRt.exe
  C:\Windows\System\UUhpWRt.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\ZAlEQMr.exe
  C:\Windows\System\ZAlEQMr.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\keEhiBU.exe
  C:\Windows\System\keEhiBU.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\abMeebB.exe
  C:\Windows\System\abMeebB.exe
  2⤵
  - Executes dropped EXE
  PID:504
- C:\Windows\System\gNgDqpJ.exe
  C:\Windows\System\gNgDqpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\BpXKHPu.exe
  C:\Windows\System\BpXKHPu.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\BqriHdD.exe
  C:\Windows\System\BqriHdD.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\lClzQau.exe
  C:\Windows\System\lClzQau.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\VPaymdx.exe
  C:\Windows\System\VPaymdx.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\ZnkxYoN.exe
  C:\Windows\System\ZnkxYoN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\GoONLeg.exe
  C:\Windows\System\GoONLeg.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\COdiSLO.exe
  C:\Windows\System\COdiSLO.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\rGMIQsp.exe
  C:\Windows\System\rGMIQsp.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\nIvRXuU.exe
  C:\Windows\System\nIvRXuU.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\ZrNVKSe.exe
  C:\Windows\System\ZrNVKSe.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\NSLtCXF.exe
  C:\Windows\System\NSLtCXF.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\vNJEvVh.exe
  C:\Windows\System\vNJEvVh.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\FCCPvXf.exe
  C:\Windows\System\FCCPvXf.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\JsSQqVe.exe
  C:\Windows\System\JsSQqVe.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TEQqwAL.exe
  C:\Windows\System\TEQqwAL.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\zkbRbnv.exe
  C:\Windows\System\zkbRbnv.exe
  2⤵
  PID:4384
- C:\Windows\System\oauvJxl.exe
  C:\Windows\System\oauvJxl.exe
  2⤵
  PID:2212
- C:\Windows\System\PrNrXEN.exe
  C:\Windows\System\PrNrXEN.exe
  2⤵
  PID:1016
- C:\Windows\System\nhAkITd.exe
  C:\Windows\System\nhAkITd.exe
  2⤵
  PID:428
- C:\Windows\System\zRTKVyd.exe
  C:\Windows\System\zRTKVyd.exe
  2⤵
  PID:4900
- C:\Windows\System\USjzEun.exe
  C:\Windows\System\USjzEun.exe
  2⤵
  PID:4108
- C:\Windows\System\tpnjDuJ.exe
  C:\Windows\System\tpnjDuJ.exe
  2⤵
  PID:2304
- C:\Windows\System\BzXUBjw.exe
  C:\Windows\System\BzXUBjw.exe
  2⤵
  PID:4292
- C:\Windows\System\nZvszpt.exe
  C:\Windows\System\nZvszpt.exe
  2⤵
  PID:4220
- C:\Windows\System\wljyroc.exe
  C:\Windows\System\wljyroc.exe
  2⤵
  PID:3456
- C:\Windows\System\mGnYHRp.exe
  C:\Windows\System\mGnYHRp.exe
  2⤵
  PID:4988
- C:\Windows\System\jFlhiKP.exe
  C:\Windows\System\jFlhiKP.exe
  2⤵
  PID:380
- C:\Windows\System\BpKkXbf.exe
  C:\Windows\System\BpKkXbf.exe
  2⤵
  PID:2144
- C:\Windows\System\ZUCUZnE.exe
  C:\Windows\System\ZUCUZnE.exe
  2⤵
  PID:1160
- C:\Windows\System\qBRLGtE.exe
  C:\Windows\System\qBRLGtE.exe
  2⤵
  PID:3376
- C:\Windows\System\UiAClLx.exe
  C:\Windows\System\UiAClLx.exe
  2⤵
  PID:5124
- C:\Windows\System\KyaZgID.exe
  C:\Windows\System\KyaZgID.exe
  2⤵
  PID:5152
- C:\Windows\System\HzPYrNj.exe
  C:\Windows\System\HzPYrNj.exe
  2⤵
  PID:5184
- C:\Windows\System\NbWwjha.exe
  C:\Windows\System\NbWwjha.exe
  2⤵
  PID:5212
- C:\Windows\System\PqkLIry.exe
  C:\Windows\System\PqkLIry.exe
  2⤵
  PID:5236
- C:\Windows\System\ZPRKSiy.exe
  C:\Windows\System\ZPRKSiy.exe
  2⤵
  PID:5264
- C:\Windows\System\HZIlZPc.exe
  C:\Windows\System\HZIlZPc.exe
  2⤵
  PID:5292
- C:\Windows\System\mRezASG.exe
  C:\Windows\System\mRezASG.exe
  2⤵
  PID:5320
- C:\Windows\System\uzWLVKd.exe
  C:\Windows\System\uzWLVKd.exe
  2⤵
  PID:5348
- C:\Windows\System\ZMOxBan.exe
  C:\Windows\System\ZMOxBan.exe
  2⤵
  PID:5376
- C:\Windows\System\layGslW.exe
  C:\Windows\System\layGslW.exe
  2⤵
  PID:5404
- C:\Windows\System\IYIbyDY.exe
  C:\Windows\System\IYIbyDY.exe
  2⤵
  PID:5432
- C:\Windows\System\nzuadAJ.exe
  C:\Windows\System\nzuadAJ.exe
  2⤵
  PID:5460
- C:\Windows\System\DgJTNKO.exe
  C:\Windows\System\DgJTNKO.exe
  2⤵
  PID:5488
- C:\Windows\System\bLYUbMZ.exe
  C:\Windows\System\bLYUbMZ.exe
  2⤵
  PID:5520
- C:\Windows\System\ykeOsns.exe
  C:\Windows\System\ykeOsns.exe
  2⤵
  PID:5544
- C:\Windows\System\NJwutOv.exe
  C:\Windows\System\NJwutOv.exe
  2⤵
  PID:5576
- C:\Windows\System\OLxEjwN.exe
  C:\Windows\System\OLxEjwN.exe
  2⤵
  PID:5600
- C:\Windows\System\pPxqSum.exe
  C:\Windows\System\pPxqSum.exe
  2⤵
  PID:5628
- C:\Windows\System\weKoYbA.exe
  C:\Windows\System\weKoYbA.exe
  2⤵
  PID:5656
- C:\Windows\System\MZNpKSf.exe
  C:\Windows\System\MZNpKSf.exe
  2⤵
  PID:5684
- C:\Windows\System\fTnKAff.exe
  C:\Windows\System\fTnKAff.exe
  2⤵
  PID:5712
- C:\Windows\System\KZuVEUG.exe
  C:\Windows\System\KZuVEUG.exe
  2⤵
  PID:5740
- C:\Windows\System\SCHqQQH.exe
  C:\Windows\System\SCHqQQH.exe
  2⤵
  PID:5768
- C:\Windows\System\SpCsOMx.exe
  C:\Windows\System\SpCsOMx.exe
  2⤵
  PID:5796
- C:\Windows\System\bUQJcJb.exe
  C:\Windows\System\bUQJcJb.exe
  2⤵
  PID:5824
- C:\Windows\System\SkPuhVX.exe
  C:\Windows\System\SkPuhVX.exe
  2⤵
  PID:5856
- C:\Windows\System\iaEryet.exe
  C:\Windows\System\iaEryet.exe
  2⤵
  PID:5884
- C:\Windows\System\rVGkiCV.exe
  C:\Windows\System\rVGkiCV.exe
  2⤵
  PID:5908
- C:\Windows\System\QHmwGtr.exe
  C:\Windows\System\QHmwGtr.exe
  2⤵
  PID:5936
- C:\Windows\System\KzCWfDs.exe
  C:\Windows\System\KzCWfDs.exe
  2⤵
  PID:5964
- C:\Windows\System\yxPhODE.exe
  C:\Windows\System\yxPhODE.exe
  2⤵
  PID:5992
- C:\Windows\System\kbPMXjo.exe
  C:\Windows\System\kbPMXjo.exe
  2⤵
  PID:6024
- C:\Windows\System\mnIzEMi.exe
  C:\Windows\System\mnIzEMi.exe
  2⤵
  PID:6052
- C:\Windows\System\oHnVqTV.exe
  C:\Windows\System\oHnVqTV.exe
  2⤵
  PID:6080
- C:\Windows\System\fvpMLGD.exe
  C:\Windows\System\fvpMLGD.exe
  2⤵
  PID:6104
- C:\Windows\System\QyGMEXK.exe
  C:\Windows\System\QyGMEXK.exe
  2⤵
  PID:6132
- C:\Windows\System\rIfbBIb.exe
  C:\Windows\System\rIfbBIb.exe
  2⤵
  PID:1448
- C:\Windows\System\jaDKupE.exe
  C:\Windows\System\jaDKupE.exe
  2⤵
  PID:4528
- C:\Windows\System\fyRxsAb.exe
  C:\Windows\System\fyRxsAb.exe
  2⤵
  PID:4104
- C:\Windows\System\DSexFob.exe
  C:\Windows\System\DSexFob.exe
  2⤵
  PID:776
- C:\Windows\System\HAkDyke.exe
  C:\Windows\System\HAkDyke.exe
  2⤵
  PID:2876
- C:\Windows\System\vjjGBZj.exe
  C:\Windows\System\vjjGBZj.exe
  2⤵
  PID:5172
- C:\Windows\System\IDuGdbZ.exe
  C:\Windows\System\IDuGdbZ.exe
  2⤵
  PID:5228
- C:\Windows\System\GcTeqKJ.exe
  C:\Windows\System\GcTeqKJ.exe
  2⤵
  PID:5280
- C:\Windows\System\eSatWtn.exe
  C:\Windows\System\eSatWtn.exe
  2⤵
  PID:5344
- C:\Windows\System\BxniRdg.exe
  C:\Windows\System\BxniRdg.exe
  2⤵
  PID:5400
- C:\Windows\System\ECMLfhJ.exe
  C:\Windows\System\ECMLfhJ.exe
  2⤵
  PID:5476
- C:\Windows\System\DGBKPKJ.exe
  C:\Windows\System\DGBKPKJ.exe
  2⤵
  PID:5536
- C:\Windows\System\dvEutRq.exe
  C:\Windows\System\dvEutRq.exe
  2⤵
  PID:5616
- C:\Windows\System\HoLmhHC.exe
  C:\Windows\System\HoLmhHC.exe
  2⤵
  PID:5676
- C:\Windows\System\zSazGhB.exe
  C:\Windows\System\zSazGhB.exe
  2⤵
  PID:5736
- C:\Windows\System\PkwQipA.exe
  C:\Windows\System\PkwQipA.exe
  2⤵
  PID:2972
- C:\Windows\System\IkBCveY.exe
  C:\Windows\System\IkBCveY.exe
  2⤵
  PID:5844
- C:\Windows\System\uXKtuOX.exe
  C:\Windows\System\uXKtuOX.exe
  2⤵
  PID:5924
- C:\Windows\System\KlzixxT.exe
  C:\Windows\System\KlzixxT.exe
  2⤵
  PID:5984
- C:\Windows\System\mDlDcub.exe
  C:\Windows\System\mDlDcub.exe
  2⤵
  PID:6044
- C:\Windows\System\BWoJfuU.exe
  C:\Windows\System\BWoJfuU.exe
  2⤵
  PID:6120
- C:\Windows\System\esJMqhV.exe
  C:\Windows\System\esJMqhV.exe
  2⤵
  PID:2268
- C:\Windows\System\CfCGDtv.exe
  C:\Windows\System\CfCGDtv.exe
  2⤵
  PID:764
- C:\Windows\System\odDYPqx.exe
  C:\Windows\System\odDYPqx.exe
  2⤵
  PID:5200
- C:\Windows\System\otNxGeD.exe
  C:\Windows\System\otNxGeD.exe
  2⤵
  PID:5312
- C:\Windows\System\tJYgwFP.exe
  C:\Windows\System\tJYgwFP.exe
  2⤵
  PID:5448
- C:\Windows\System\ZIUrwYY.exe
  C:\Windows\System\ZIUrwYY.exe
  2⤵
  PID:5588
- C:\Windows\System\DaeQYaU.exe
  C:\Windows\System\DaeQYaU.exe
  2⤵
  PID:5764
- C:\Windows\System\VUaeAoi.exe
  C:\Windows\System\VUaeAoi.exe
  2⤵
  PID:5896
- C:\Windows\System\pikpdaI.exe
  C:\Windows\System\pikpdaI.exe
  2⤵
  PID:6016
- C:\Windows\System\pKlbqsU.exe
  C:\Windows\System\pKlbqsU.exe
  2⤵
  PID:6164
- C:\Windows\System\LiFxmFP.exe
  C:\Windows\System\LiFxmFP.exe
  2⤵
  PID:6192
- C:\Windows\System\fKpCLND.exe
  C:\Windows\System\fKpCLND.exe
  2⤵
  PID:6220
- C:\Windows\System\PIiveNz.exe
  C:\Windows\System\PIiveNz.exe
  2⤵
  PID:6260
- C:\Windows\System\SBSihQY.exe
  C:\Windows\System\SBSihQY.exe
  2⤵
  PID:6280
- C:\Windows\System\eVTzDUn.exe
  C:\Windows\System\eVTzDUn.exe
  2⤵
  PID:6304
- C:\Windows\System\FpHKEuj.exe
  C:\Windows\System\FpHKEuj.exe
  2⤵
  PID:6332
- C:\Windows\System\hkdvzjx.exe
  C:\Windows\System\hkdvzjx.exe
  2⤵
  PID:6360
- C:\Windows\System\HsEEaAj.exe
  C:\Windows\System\HsEEaAj.exe
  2⤵
  PID:6388
- C:\Windows\System\rvXFVus.exe
  C:\Windows\System\rvXFVus.exe
  2⤵
  PID:6416
- C:\Windows\System\gKXCXJC.exe
  C:\Windows\System\gKXCXJC.exe
  2⤵
  PID:6448
- C:\Windows\System\nJGJSlh.exe
  C:\Windows\System\nJGJSlh.exe
  2⤵
  PID:6472
- C:\Windows\System\zZwKQjk.exe
  C:\Windows\System\zZwKQjk.exe
  2⤵
  PID:6500
- C:\Windows\System\QykJZtJ.exe
  C:\Windows\System\QykJZtJ.exe
  2⤵
  PID:6528
- C:\Windows\System\lCpGIjB.exe
  C:\Windows\System\lCpGIjB.exe
  2⤵
  PID:6556
- C:\Windows\System\jVLLVuB.exe
  C:\Windows\System\jVLLVuB.exe
  2⤵
  PID:6596
- C:\Windows\System\XGROGON.exe
  C:\Windows\System\XGROGON.exe
  2⤵
  PID:6616
- C:\Windows\System\uAxpOhE.exe
  C:\Windows\System\uAxpOhE.exe
  2⤵
  PID:6640
- C:\Windows\System\ERkKcPS.exe
  C:\Windows\System\ERkKcPS.exe
  2⤵
  PID:6672
- C:\Windows\System\OCxcBdu.exe
  C:\Windows\System\OCxcBdu.exe
  2⤵
  PID:6696
- C:\Windows\System\vgRnuek.exe
  C:\Windows\System\vgRnuek.exe
  2⤵
  PID:6724
- C:\Windows\System\NqksZwC.exe
  C:\Windows\System\NqksZwC.exe
  2⤵
  PID:6756
- C:\Windows\System\oCvMoNd.exe
  C:\Windows\System\oCvMoNd.exe
  2⤵
  PID:6784
- C:\Windows\System\ITzHGCo.exe
  C:\Windows\System\ITzHGCo.exe
  2⤵
  PID:6808
- C:\Windows\System\CfGtAva.exe
  C:\Windows\System\CfGtAva.exe
  2⤵
  PID:6836
- C:\Windows\System\YbJFcpC.exe
  C:\Windows\System\YbJFcpC.exe
  2⤵
  PID:6864
- C:\Windows\System\FQurkZF.exe
  C:\Windows\System\FQurkZF.exe
  2⤵
  PID:6892
- C:\Windows\System\qyOKDMm.exe
  C:\Windows\System\qyOKDMm.exe
  2⤵
  PID:6920
- C:\Windows\System\SDZdqwl.exe
  C:\Windows\System\SDZdqwl.exe
  2⤵
  PID:6948
- C:\Windows\System\jGMuTab.exe
  C:\Windows\System\jGMuTab.exe
  2⤵
  PID:6980
- C:\Windows\System\DpURDZh.exe
  C:\Windows\System\DpURDZh.exe
  2⤵
  PID:7008
- C:\Windows\System\AfxIjiE.exe
  C:\Windows\System\AfxIjiE.exe
  2⤵
  PID:7064
- C:\Windows\System\Wjhxdfe.exe
  C:\Windows\System\Wjhxdfe.exe
  2⤵
  PID:7092
- C:\Windows\System\dmbaQZs.exe
  C:\Windows\System\dmbaQZs.exe
  2⤵
  PID:7116
- C:\Windows\System\JaKnbDo.exe
  C:\Windows\System\JaKnbDo.exe
  2⤵
  PID:7132
- C:\Windows\System\JaUwJMc.exe
  C:\Windows\System\JaUwJMc.exe
  2⤵
  PID:7156
- C:\Windows\System\HXPbtQd.exe
  C:\Windows\System\HXPbtQd.exe
  2⤵
  PID:6096
- C:\Windows\System\VcEqGAP.exe
  C:\Windows\System\VcEqGAP.exe
  2⤵
  PID:5080
- C:\Windows\System\bHjnmjp.exe
  C:\Windows\System\bHjnmjp.exe
  2⤵
  PID:2124
- C:\Windows\System\XNcbVnN.exe
  C:\Windows\System\XNcbVnN.exe
  2⤵
  PID:5512
- C:\Windows\System\Luhryhs.exe
  C:\Windows\System\Luhryhs.exe
  2⤵
  PID:5708
- C:\Windows\System\Bimbrge.exe
  C:\Windows\System\Bimbrge.exe
  2⤵
  PID:5956
- C:\Windows\System\JoleDVt.exe
  C:\Windows\System\JoleDVt.exe
  2⤵
  PID:6180
- C:\Windows\System\sFXBfVz.exe
  C:\Windows\System\sFXBfVz.exe
  2⤵
  PID:3200
- C:\Windows\System\TbFLFfy.exe
  C:\Windows\System\TbFLFfy.exe
  2⤵
  PID:6272
- C:\Windows\System\DJUAotX.exe
  C:\Windows\System\DJUAotX.exe
  2⤵
  PID:3900
- C:\Windows\System\BuRtoCy.exe
  C:\Windows\System\BuRtoCy.exe
  2⤵
  PID:6436
- C:\Windows\System\rjiNLMz.exe
  C:\Windows\System\rjiNLMz.exe
  2⤵
  PID:6520
- C:\Windows\System\cPWSvel.exe
  C:\Windows\System\cPWSvel.exe
  2⤵
  PID:6552
- C:\Windows\System\tXwpIpC.exe
  C:\Windows\System\tXwpIpC.exe
  2⤵
  PID:6608
- C:\Windows\System\JpkJZCS.exe
  C:\Windows\System\JpkJZCS.exe
  2⤵
  PID:6684
- C:\Windows\System\zIFRllA.exe
  C:\Windows\System\zIFRllA.exe
  2⤵
  PID:2436
- C:\Windows\System\zcPWgKW.exe
  C:\Windows\System\zcPWgKW.exe
  2⤵
  PID:4056
- C:\Windows\System\gBwkVwG.exe
  C:\Windows\System\gBwkVwG.exe
  2⤵
  PID:6852
- C:\Windows\System\ZqhnTtt.exe
  C:\Windows\System\ZqhnTtt.exe
  2⤵
  PID:564
- C:\Windows\System\AfJFYbj.exe
  C:\Windows\System\AfJFYbj.exe
  2⤵
  PID:6908
- C:\Windows\System\vWrslKs.exe
  C:\Windows\System\vWrslKs.exe
  2⤵
  PID:6936
- C:\Windows\System\YBEoFoY.exe
  C:\Windows\System\YBEoFoY.exe
  2⤵
  PID:7020
- C:\Windows\System\cwlREwC.exe
  C:\Windows\System\cwlREwC.exe
  2⤵
  PID:3020
- C:\Windows\System\dSOiIJY.exe
  C:\Windows\System\dSOiIJY.exe
  2⤵
  PID:2220
- C:\Windows\System\jrXIPyK.exe
  C:\Windows\System\jrXIPyK.exe
  2⤵
  PID:3520
- C:\Windows\System\ukxuNyi.exe
  C:\Windows\System\ukxuNyi.exe
  2⤵
  PID:7112
- C:\Windows\System\jKKoVaK.exe
  C:\Windows\System\jKKoVaK.exe
  2⤵
  PID:5140
- C:\Windows\System\bDuypMB.exe
  C:\Windows\System\bDuypMB.exe
  2⤵
  PID:5392
- C:\Windows\System\nelGUfi.exe
  C:\Windows\System\nelGUfi.exe
  2⤵
  PID:5840
- C:\Windows\System\hGZDREC.exe
  C:\Windows\System\hGZDREC.exe
  2⤵
  PID:6320
- C:\Windows\System\FYSKiQB.exe
  C:\Windows\System\FYSKiQB.exe
  2⤵
  PID:6212
- C:\Windows\System\NsnRrGQ.exe
  C:\Windows\System\NsnRrGQ.exe
  2⤵
  PID:3416
- C:\Windows\System\tsabrPw.exe
  C:\Windows\System\tsabrPw.exe
  2⤵
  PID:6380
- C:\Windows\System\eQOufzi.exe
  C:\Windows\System\eQOufzi.exe
  2⤵
  PID:6656
- C:\Windows\System\whgtEkA.exe
  C:\Windows\System\whgtEkA.exe
  2⤵
  PID:6776
- C:\Windows\System\qFcngRn.exe
  C:\Windows\System\qFcngRn.exe
  2⤵
  PID:5068
- C:\Windows\System\OCNsYFV.exe
  C:\Windows\System\OCNsYFV.exe
  2⤵
  PID:6996
- C:\Windows\System\RUYxKHz.exe
  C:\Windows\System\RUYxKHz.exe
  2⤵
  PID:620
- C:\Windows\System\pNvoczF.exe
  C:\Windows\System\pNvoczF.exe
  2⤵
  PID:6092
- C:\Windows\System\lCgDlAC.exe
  C:\Windows\System\lCgDlAC.exe
  2⤵
  PID:6012
- C:\Windows\System\LXhPASy.exe
  C:\Windows\System\LXhPASy.exe
  2⤵
  PID:6584
- C:\Windows\System\xkWTwfa.exe
  C:\Windows\System\xkWTwfa.exe
  2⤵
  PID:6916
- C:\Windows\System\PlCWdla.exe
  C:\Windows\System\PlCWdla.exe
  2⤵
  PID:6860
- C:\Windows\System\RmDjiyQ.exe
  C:\Windows\System\RmDjiyQ.exe
  2⤵
  PID:7060
- C:\Windows\System\TYtOCBz.exe
  C:\Windows\System\TYtOCBz.exe
  2⤵
  PID:6664
- C:\Windows\System\mAkjfCa.exe
  C:\Windows\System\mAkjfCa.exe
  2⤵
  PID:5000
- C:\Windows\System\qlKgvnk.exe
  C:\Windows\System\qlKgvnk.exe
  2⤵
  PID:7172
- C:\Windows\System\wLrEiRU.exe
  C:\Windows\System\wLrEiRU.exe
  2⤵
  PID:7196
- C:\Windows\System\eFjCZuy.exe
  C:\Windows\System\eFjCZuy.exe
  2⤵
  PID:7228
- C:\Windows\System\aZRnKBS.exe
  C:\Windows\System\aZRnKBS.exe
  2⤵
  PID:7260
- C:\Windows\System\fFGphfh.exe
  C:\Windows\System\fFGphfh.exe
  2⤵
  PID:7292
- C:\Windows\System\OoJodTh.exe
  C:\Windows\System\OoJodTh.exe
  2⤵
  PID:7320
- C:\Windows\System\bBOekro.exe
  C:\Windows\System\bBOekro.exe
  2⤵
  PID:7348
- C:\Windows\System\bZgrWOA.exe
  C:\Windows\System\bZgrWOA.exe
  2⤵
  PID:7388
- C:\Windows\System\bvDYymS.exe
  C:\Windows\System\bvDYymS.exe
  2⤵
  PID:7416
- C:\Windows\System\hZtqzHN.exe
  C:\Windows\System\hZtqzHN.exe
  2⤵
  PID:7444
- C:\Windows\System\qKsHSio.exe
  C:\Windows\System\qKsHSio.exe
  2⤵
  PID:7472
- C:\Windows\System\rfGnaWe.exe
  C:\Windows\System\rfGnaWe.exe
  2⤵
  PID:7492
- C:\Windows\System\uDbPSlO.exe
  C:\Windows\System\uDbPSlO.exe
  2⤵
  PID:7524
- C:\Windows\System\plkiDSu.exe
  C:\Windows\System\plkiDSu.exe
  2⤵
  PID:7548
- C:\Windows\System\idmGmoe.exe
  C:\Windows\System\idmGmoe.exe
  2⤵
  PID:7572
- C:\Windows\System\wjzMNuE.exe
  C:\Windows\System\wjzMNuE.exe
  2⤵
  PID:7600
- C:\Windows\System\TPuLAKR.exe
  C:\Windows\System\TPuLAKR.exe
  2⤵
  PID:7628
- C:\Windows\System\QaqzQip.exe
  C:\Windows\System\QaqzQip.exe
  2⤵
  PID:7664
- C:\Windows\System\xRZGHPP.exe
  C:\Windows\System\xRZGHPP.exe
  2⤵
  PID:7680
- C:\Windows\System\rZTnqMr.exe
  C:\Windows\System\rZTnqMr.exe
  2⤵
  PID:7716
- C:\Windows\System\xBhsSwN.exe
  C:\Windows\System\xBhsSwN.exe
  2⤵
  PID:7748
- C:\Windows\System\VoGiAWj.exe
  C:\Windows\System\VoGiAWj.exe
  2⤵
  PID:7768
- C:\Windows\System\XPdWFaO.exe
  C:\Windows\System\XPdWFaO.exe
  2⤵
  PID:7800
- C:\Windows\System\zcZCEMk.exe
  C:\Windows\System\zcZCEMk.exe
  2⤵
  PID:7828
- C:\Windows\System\pBthfmm.exe
  C:\Windows\System\pBthfmm.exe
  2⤵
  PID:7852
- C:\Windows\System\BsWKejj.exe
  C:\Windows\System\BsWKejj.exe
  2⤵
  PID:7880
- C:\Windows\System\PRqcQzI.exe
  C:\Windows\System\PRqcQzI.exe
  2⤵
  PID:7908
- C:\Windows\System\LPluJQM.exe
  C:\Windows\System\LPluJQM.exe
  2⤵
  PID:7936
- C:\Windows\System\UuFtLxJ.exe
  C:\Windows\System\UuFtLxJ.exe
  2⤵
  PID:7976
- C:\Windows\System\kFDurmP.exe
  C:\Windows\System\kFDurmP.exe
  2⤵
  PID:8004
- C:\Windows\System\iSWEffk.exe
  C:\Windows\System\iSWEffk.exe
  2⤵
  PID:8040
- C:\Windows\System\TrnvDnx.exe
  C:\Windows\System\TrnvDnx.exe
  2⤵
  PID:8060
- C:\Windows\System\bIhXVms.exe
  C:\Windows\System\bIhXVms.exe
  2⤵
  PID:8084
- C:\Windows\System\KxDiBWP.exe
  C:\Windows\System\KxDiBWP.exe
  2⤵
  PID:8112
- C:\Windows\System\KQXbblE.exe
  C:\Windows\System\KQXbblE.exe
  2⤵
  PID:8128
- C:\Windows\System\qJdIaTY.exe
  C:\Windows\System\qJdIaTY.exe
  2⤵
  PID:8148
- C:\Windows\System\rHditis.exe
  C:\Windows\System\rHditis.exe
  2⤵
  PID:5372
- C:\Windows\System\GnmdZck.exe
  C:\Windows\System\GnmdZck.exe
  2⤵
  PID:7212
- C:\Windows\System\sLqEHOC.exe
  C:\Windows\System\sLqEHOC.exe
  2⤵
  PID:7284
- C:\Windows\System\etNZPUF.exe
  C:\Windows\System\etNZPUF.exe
  2⤵
  PID:7332
- C:\Windows\System\YcbAlyB.exe
  C:\Windows\System\YcbAlyB.exe
  2⤵
  PID:7376
- C:\Windows\System\vQIRwHe.exe
  C:\Windows\System\vQIRwHe.exe
  2⤵
  PID:7412
- C:\Windows\System\nRpLpNy.exe
  C:\Windows\System\nRpLpNy.exe
  2⤵
  PID:7480
- C:\Windows\System\CUKaNuR.exe
  C:\Windows\System\CUKaNuR.exe
  2⤵
  PID:7568
- C:\Windows\System\cNFzmez.exe
  C:\Windows\System\cNFzmez.exe
  2⤵
  PID:7564
- C:\Windows\System\muylNqN.exe
  C:\Windows\System\muylNqN.exe
  2⤵
  PID:7612
- C:\Windows\System\wJTUseL.exe
  C:\Windows\System\wJTUseL.exe
  2⤵
  PID:7700
- C:\Windows\System\WPduAey.exe
  C:\Windows\System\WPduAey.exe
  2⤵
  PID:7756
- C:\Windows\System\cIFdgHJ.exe
  C:\Windows\System\cIFdgHJ.exe
  2⤵
  PID:7764
- C:\Windows\System\mwkRYUn.exe
  C:\Windows\System\mwkRYUn.exe
  2⤵
  PID:7836
- C:\Windows\System\fMqotJO.exe
  C:\Windows\System\fMqotJO.exe
  2⤵
  PID:7920
- C:\Windows\System\COrkuFo.exe
  C:\Windows\System\COrkuFo.exe
  2⤵
  PID:7968
- C:\Windows\System\FWcIUrn.exe
  C:\Windows\System\FWcIUrn.exe
  2⤵
  PID:8032
- C:\Windows\System\czCWRMZ.exe
  C:\Windows\System\czCWRMZ.exe
  2⤵
  PID:7308
- C:\Windows\System\OpxbNTr.exe
  C:\Windows\System\OpxbNTr.exe
  2⤵
  PID:7364
- C:\Windows\System\WgZiQeZ.exe
  C:\Windows\System\WgZiQeZ.exe
  2⤵
  PID:7616
- C:\Windows\System\MTsRnSU.exe
  C:\Windows\System\MTsRnSU.exe
  2⤵
  PID:7848
- C:\Windows\System\GDZCMBd.exe
  C:\Windows\System\GDZCMBd.exe
  2⤵
  PID:7872
- C:\Windows\System\NRWwhsV.exe
  C:\Windows\System\NRWwhsV.exe
  2⤵
  PID:2556
- C:\Windows\System\mNVZqOT.exe
  C:\Windows\System\mNVZqOT.exe
  2⤵
  PID:6184
- C:\Windows\System\TxOWipB.exe
  C:\Windows\System\TxOWipB.exe
  2⤵
  PID:7536
- C:\Windows\System\gMlSiRG.exe
  C:\Windows\System\gMlSiRG.exe
  2⤵
  PID:7808
- C:\Windows\System\fhyaxks.exe
  C:\Windows\System\fhyaxks.exe
  2⤵
  PID:8080
- C:\Windows\System\crTCtBe.exe
  C:\Windows\System\crTCtBe.exe
  2⤵
  PID:8212
- C:\Windows\System\gDpmwza.exe
  C:\Windows\System\gDpmwza.exe
  2⤵
  PID:8236
- C:\Windows\System\hcFZAvM.exe
  C:\Windows\System\hcFZAvM.exe
  2⤵
  PID:8280
- C:\Windows\System\pDAyloa.exe
  C:\Windows\System\pDAyloa.exe
  2⤵
  PID:8300
- C:\Windows\System\mbelRRW.exe
  C:\Windows\System\mbelRRW.exe
  2⤵
  PID:8324
- C:\Windows\System\tMcOCPu.exe
  C:\Windows\System\tMcOCPu.exe
  2⤵
  PID:8356
- C:\Windows\System\cHVcrdy.exe
  C:\Windows\System\cHVcrdy.exe
  2⤵
  PID:8384
- C:\Windows\System\thrKuzV.exe
  C:\Windows\System\thrKuzV.exe
  2⤵
  PID:8408
- C:\Windows\System\tvfnZVI.exe
  C:\Windows\System\tvfnZVI.exe
  2⤵
  PID:8440
- C:\Windows\System\lFlBSaL.exe
  C:\Windows\System\lFlBSaL.exe
  2⤵
  PID:8468
- C:\Windows\System\OxRUfNX.exe
  C:\Windows\System\OxRUfNX.exe
  2⤵
  PID:8508
- C:\Windows\System\QFJaonk.exe
  C:\Windows\System\QFJaonk.exe
  2⤵
  PID:8536
- C:\Windows\System\fPuPLaU.exe
  C:\Windows\System\fPuPLaU.exe
  2⤵
  PID:8560
- C:\Windows\System\kCmjKaN.exe
  C:\Windows\System\kCmjKaN.exe
  2⤵
  PID:8584
- C:\Windows\System\yJZTeKk.exe
  C:\Windows\System\yJZTeKk.exe
  2⤵
  PID:8612
- C:\Windows\System\ysdxeNE.exe
  C:\Windows\System\ysdxeNE.exe
  2⤵
  PID:8640
- C:\Windows\System\TjPgzZB.exe
  C:\Windows\System\TjPgzZB.exe
  2⤵
  PID:8680
- C:\Windows\System\vWghvpG.exe
  C:\Windows\System\vWghvpG.exe
  2⤵
  PID:8696
- C:\Windows\System\zrjsUlk.exe
  C:\Windows\System\zrjsUlk.exe
  2⤵
  PID:8716
- C:\Windows\System\WaeKxcI.exe
  C:\Windows\System\WaeKxcI.exe
  2⤵
  PID:8764
- C:\Windows\System\uIsboRX.exe
  C:\Windows\System\uIsboRX.exe
  2⤵
  PID:8792
- C:\Windows\System\RknamTv.exe
  C:\Windows\System\RknamTv.exe
  2⤵
  PID:8820
- C:\Windows\System\zyHFKQx.exe
  C:\Windows\System\zyHFKQx.exe
  2⤵
  PID:8848
- C:\Windows\System\oyrxEHo.exe
  C:\Windows\System\oyrxEHo.exe
  2⤵
  PID:8876
- C:\Windows\System\PzAaChR.exe
  C:\Windows\System\PzAaChR.exe
  2⤵
  PID:8904
- C:\Windows\System\mQbYCSX.exe
  C:\Windows\System\mQbYCSX.exe
  2⤵
  PID:8932
- C:\Windows\System\ajBECuU.exe
  C:\Windows\System\ajBECuU.exe
  2⤵
  PID:8960
- C:\Windows\System\nHnnIdQ.exe
  C:\Windows\System\nHnnIdQ.exe
  2⤵
  PID:8988
- C:\Windows\System\EzDvQqN.exe
  C:\Windows\System\EzDvQqN.exe
  2⤵
  PID:9008
- C:\Windows\System\ORZJPCM.exe
  C:\Windows\System\ORZJPCM.exe
  2⤵
  PID:9032
- C:\Windows\System\lhtjaMP.exe
  C:\Windows\System\lhtjaMP.exe
  2⤵
  PID:9060
- C:\Windows\System\UsxJpky.exe
  C:\Windows\System\UsxJpky.exe
  2⤵
  PID:9088
- C:\Windows\System\fiCObAO.exe
  C:\Windows\System\fiCObAO.exe
  2⤵
  PID:9120
- C:\Windows\System\hKjhMXu.exe
  C:\Windows\System\hKjhMXu.exe
  2⤵
  PID:9144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BFIJPUm.exe

Filesize
2.1MB

MD5
1047edfa67ddaf026c59a9e5ff232961

SHA1
a7eb6cb73bd7f5e7eb0c8206927fc6a007f8f60b

SHA256
c3b17b93d6d864c4954f60f6481f609e35c3d4457961ea827745eb44968b01ac

SHA512
686011c5220357b46fa3902c53439e77685e30c8fa965337ea5741757691c477ae53e5b7a0651989ad6db8889d6d9a18d1a4cd1c4af11291ceab4059e4964397

Download Submit
C:\Windows\System\BZhwQWP.exe

Filesize
2.1MB

MD5
2c23c2a1a649710aede113f592c595a7

SHA1
26e0b861747d7e6d7834125d32f35489140520e8

SHA256
5be5033bd9e2563008eaddd3713fc3f8e7608c1eb0d38825efe84ee275ebca5c

SHA512
3afa9348b27f5161af4e49c40a8e82105a4e9322c94f91dbb50294e63f0bf3c5d84f6996aa0b3ef3945586e2b9e5b30f862ac8be0b98b927ed98d4f7be4d49cc

Download Submit
C:\Windows\System\DYZKmVq.exe

Filesize
2.1MB

MD5
b108c9eb457ea5b26880129057495de0

SHA1
cc9b6a4170c998c2cb9c91ec5e8fd256fe1ab23c

SHA256
09c0259cc0ff26d28acefd3a7ef607d1d19498d9a0ba26f59e1f5336991c1258

SHA512
641737aafbcbbaf3c6f8bad78087b73ec53faba851b066e282f161eacf4421d85dae4b819945dd6779b549c294e1308c79601fe52a472ecf77331106830c1564

Download Submit
C:\Windows\System\FfIjmeA.exe

Filesize
2.1MB

MD5
2df42db5fdf5a22bab354e818c5f534c

SHA1
9e8f7de1d1462bd80bff860d88aa0e042a8ba022

SHA256
a048510f83f89726d8bf8c6f1b548672bf280ad64003733feb5fe2e305f8a815

SHA512
e1399d978eb29a6fe8e56d0620ddb21ecc1386916f3297aa2c42c4245307db28dbc430157e7a988897ff9407b4dbc0476125d0f69bcb490d16f5b199cbae7c44

Download Submit
C:\Windows\System\IpaIATI.exe

Filesize
2.1MB

MD5
208adff32c7c54cf8715b4397441ca37

SHA1
e6f5c72ffef3906931ce4e334a2d3133f54a5e1e

SHA256
c8848e03c748326c38046ec5604fa19e22fa7742072bf3c78c1c66605bf313ae

SHA512
20d016cfb150b1df821db9752850802592d365166f9416352617e7fd98a11db39be5bf257988f8385773626f76892854ac6b7adf894f923dfa568b72cfd0bd52

Download Submit
C:\Windows\System\JZlEpfD.exe

Filesize
2.1MB

MD5
6edbf7054a298152550e92c49ead2b18

SHA1
8f15794045ef6007495eaca102163eba1efd57a5

SHA256
3e3dfb0e23df9180cb240663ea1ef2ad7a4a60d2a9d3a58828915af22deed589

SHA512
4a7d5a6c6827d360f2ede83f01468e6b55a35a15a2cd6133a785276659e2a9fd38332c03fdc01c3c12268ad0f30d463943dd61f9aadc8f32e6dc0c1709a5ebfd

Download Submit
C:\Windows\System\LSxizzV.exe

Filesize
2.1MB

MD5
ba2a2004565ba2256360cc04784f1f19

SHA1
ae0f27474b55356311ff4e9bde97ccc529a69f07

SHA256
dcaea40ff268432925754c8f711c8b05b54e123229fe706607f0886ae8938ae9

SHA512
28d38218b8ec5e163d3bd544225283ed8cd3a54afb442d19cde9c62ac5d0be29d729b4505021b506ea6f06ac131bbc43926f6163242f22df0535a3f8a34ce432

Download Submit
C:\Windows\System\MZHTNkT.exe

Filesize
2.1MB

MD5
9d9754d3b370a4b1fc7a136ef6fa2210

SHA1
869ae4134e12464d82e3e1e440ec14d042474ce6

SHA256
8e4ff467f35e9b0f86fe29333c60d1e14f432c714e705b772120f561939df118

SHA512
0fa5cc9fd1824dc456b0612f43fc6017b693efada9256b3cb60ac514f3338276621d2c2eb92bbb65eb6921d59abe5b36180cff2f9c454d2ca5ebd5aea5f17b68

Download Submit
C:\Windows\System\NUCNgCy.exe

Filesize
2.1MB

MD5
a86c593c3364fb0490462701a20ed670

SHA1
0c6cfdc316f3d46680a847281c127e953efb825a

SHA256
19517b917f45f9b5d82afb58c5acd2362af71fa719d635b4aac2f3e5bcbf36d7

SHA512
29fa25efb74b8217a0d089a6522b84dc6d86bd3edf213d20d0f01cbb29c351147b136005f1ac9bb3d9e46376b48f924afb5207f278ffd515c47b28d92b551f66

Download Submit
C:\Windows\System\NZaAbmT.exe

Filesize
2.1MB

MD5
93c5f2a0b05bfa66f7f53c58d35fad9d

SHA1
17404ccd1fce3a677fead6d5a5a03f868933efe7

SHA256
a8cf89b09f28c54985285e23fd47dc2b72a7c3a2d928a0f80ae5ea8df035f2b2

SHA512
b581569c8ac8ab7e9f12892af901e6184dc7f25ec8b620df4b3ab967f02a8e1327e086335858f7192dd444252cb1fdf11a424d071ce19480dbfe8a1cfd04c1a1

Download Submit
C:\Windows\System\PqOAmSn.exe

Filesize
2.1MB

MD5
e223f2f7282f80a0955904dcaf69eb3f

SHA1
a50c53f31290c0f72af25bafddb731f9ece63cf7

SHA256
5a04ed8d38c6bc10fd9695aff9d760e9e7b255d5bdc5dd0752aa9e216655270f

SHA512
b17dc5bfca2fd7317fb7cd88194fdb7b76affd140846f5fb9597f5bb129c5aa0439a96cf2424e89cf7b1a811997816c5dc3c8bfe8aaab623ee7904e16463388d

Download Submit
C:\Windows\System\QBbZoZx.exe

Filesize
2.1MB

MD5
9cf66644ba1236a7dfdb6ce8db7706eb

SHA1
fe94a92527b7a48a4289f8907045170dd9548ac1

SHA256
d87de4253698b457e235383121cedc468683f72590f8aad15c8fd9a849020b30

SHA512
b61982c5dba5f7f5c2ec3c9d2eb56d8495173cd4d04352a754063a29e4acbd052f5610eff3a2c136db4d78c75a434fef90ea4a3c8571996c4c969c9d2adcb3d6

Download Submit
C:\Windows\System\QeFlsPh.exe

Filesize
2.1MB

MD5
20894b1872e4911824687d8eeec42f5e

SHA1
313724f0951cb0d2813c93f002575741ff5ad7da

SHA256
38b1f968805ef292d1d6d2eb1d0d2ebe8b028f7b2c3486fef4a1a6e8fbf0848e

SHA512
67e774d5b9391879d1e52462476ef3f3cd12ef80d0adb1dcd88e06d9360913eaa0f0a79c46cef6d053cf60be03e5610e64c9dfdb98546e133a66f26c01129a4e

Download Submit
C:\Windows\System\QhSUeHB.exe

Filesize
2.1MB

MD5
3c905afef8e55ee8c721689884f16286

SHA1
6bc9cd69cca066853692c862a407fb5101f8d553

SHA256
a8cb290efc9c47aa70ae5fb8e05007f495dfbbd8bac6f67aee3bdd0c1ce8e4a5

SHA512
1973b8db528c4e3b6de41d094d02ae8dffc0b5c88b93a018ec981e549521204d0bd38a5f74ba5d0c110f5a854de9591a7379adf15a95fbe41f44f8bcbbb1169c

Download Submit
C:\Windows\System\RPGnZgp.exe

Filesize
2.1MB

MD5
6a789abc870e023dc4c42d9b427ae607

SHA1
8bcee1c10450222d3cefbfce1a77a9d0eacace27

SHA256
ab0cd39f37332286d8a6116c56707e0c6fe4a410d269a2c415cf71f1f1b1b72a

SHA512
cf6927212cb442d1b395af4fe4126e874ebcfcd40aae9e6acb11261808619959168c41c389d469b0bc635d585e54482dc76ae2bbb91128ae5cc57670070ac32d

Download Submit
C:\Windows\System\SjaOfIc.exe

Filesize
2.1MB

MD5
683fe56aad6bfa14d5b93d347fed868b

SHA1
6881516d76cf539a759309af6a9082c3a9badea6

SHA256
5a9ac48099feb07c4290d528813674962490af9b9cfca983b224340e83d29088

SHA512
5df19707a02bccf8b612eb284b193dd73e0458359a871f63e76a343221812b68159882a939d6537335f7c836edfa3d6d28ac3ff774aa516fd11855f806b440c6

Download Submit
C:\Windows\System\WrXcyzu.exe

Filesize
2.1MB

MD5
46132a484d0336d21468c6ccc5a5dc50

SHA1
08c62574aebb2d1c078e99752a4e9c5f09fada1a

SHA256
c0add8b199857c5df755063a07a08a12ca70e80ab49ec4d0e61fb2493f7e552c

SHA512
63796ba5b90a448dee792791446f0a37ce4a263b6672121b51cb955db3616a93cc0d638458aecd586b93459843e5a7c8d59cf0f9086e58f2c87a32de5ea6d128

Download Submit
C:\Windows\System\WsQwlcF.exe

Filesize
2.1MB

MD5
6ce1780c7e3435d7321d51c84516fce1

SHA1
b1aa39b1c4a028c5f96067080ac1a201caae9c05

SHA256
6789e89178cfaa6e69dcec21a83d72d760fff51dde58a4feb20c1150dc3114bc

SHA512
b7208f19a627a3d6ee0363e05851b2c62b18873c28ba514e9d63dd5ac1eea88956beb014c81058858bce22b8f50f038b891d6650dfefffabcf1cba35a0523c3c

Download Submit
C:\Windows\System\ZXmBRCE.exe

Filesize
2.1MB

MD5
90e69003bb97ce18f3e9abd662c6248f

SHA1
3170d1b179164cf6da04a616ea06b38a4ca16d80

SHA256
40d4da1fd68facfac9bee472167495080924dc9f8cb2bb380ba407c6c819efd2

SHA512
eabe981ef8367920bedfb21e8392f7b70afa285263a18c7eb9ba7f07c64fc4d119497b96f23c142c7ab02c870fca11f9220451269f331f2ede443bc48ae3ef20

Download Submit
C:\Windows\System\cRcSKbh.exe

Filesize
2.1MB

MD5
be37cb9027e6d0517c5725871bb5443f

SHA1
83869d391b9234e37afefc06a7a1ba5f77179d3b

SHA256
d8fb80f17fc519ac67fab01d149275ba3cf3824aaf7ea091406c070b2dd17467

SHA512
241cd2b2f0fdae6e8f452e536502169c110e827896e51ed1f53beee61e7b1649c98a3a5a67b45b06287260a169b892c9bc8cfc400d0949db251a22c03a8a4efd

Download Submit
C:\Windows\System\caEQtkW.exe

Filesize
2.1MB

MD5
81b45aca692b699418a56cbf534ebc02

SHA1
c460d7e8adfa4637ea66bf121e5cbd82d001ef8e

SHA256
0bb12050562c348f32382ab4721250dbbbde3260f77e88f7a461ecc5240700f8

SHA512
47d64c9eef98a4007f9b7fcb7dd8c9efdd633780fa9cef8b8d6cc54d98d51b4fdac3b3d6c6272abeea1772661fc741ed2786460f4c368225f6050f4444336515

Download Submit
C:\Windows\System\eVpnpUa.exe

Filesize
2.1MB

MD5
9955106daf34118e37ee92130765719a

SHA1
39d248c4cd0309898c547831e3155dcefacddeb1

SHA256
7793d7c7e5b858383ec433aa3df8697365b842f2ff787607efda2d847a30f28d

SHA512
0023bb2ee675f3728b0bd57b062b6bde2e6762531bac54d46cdd10fa79053aa61ad273c03d998d72060ef6bd59205d1e4d05838905f3333e88b2372427ac4067

Download Submit
C:\Windows\System\ecYTdoN.exe

Filesize
2.1MB

MD5
1d090390df85bbedcb21b4a14b5b2e34

SHA1
215cbe1bb34395237f780a8b155df26acce6d527

SHA256
0e2e407b3a13a9ae3d0890e2c5e8dd403e8a87cee63adce3d17c552b5507797d

SHA512
7c54d529af91dd29ab347646ca065acf5416a842e8ec07e37648ca8e43f74f7587a12c9d5e48e9cd29ee8df0e5a0a07959532a067f4d00940d89b976b39ceaa1

Download Submit
C:\Windows\System\gzDjKDW.exe

Filesize
2.1MB

MD5
c60b236d0078a65a120b77bc46ddec28

SHA1
d88f9ddb157b09e1d49b860a35b6baf01c9b5e27

SHA256
4cde239c6a169ce6d811c820d5b4966c320ae8230252a1970f25cfc74e357290

SHA512
8e174c926caa73ab7f84b9e113d8075e318ed797d50d39686d1e8855a2479c9299074f2a4d045eb5851ac16ee49919d20c5bb30fb3869c54bf92570b74dadf72

Download Submit
C:\Windows\System\iCjXrwG.exe

Filesize
2.1MB

MD5
dabdc25125ceb867c0d93e9259f57710

SHA1
3846beca4e9bb2a3335111e4e0f4bba29517d55c

SHA256
811421e927c58e84fe7b6a9e2caef9a06820d2141bb1134a4abfb6f438fac9c7

SHA512
a65c2e5f5788aa81b62dde4d4045e535ab1adf335b37da90e125e28663a29b24a483e71ea0960dafc290b1cddb8cdf3c4d709fefcdca8981803ce32b377fe95a

Download Submit
C:\Windows\System\lDmjVAc.exe

Filesize
2.1MB

MD5
2e67cb3574cd4c1f76430d9929271e92

SHA1
f7d317acd374c4d9d88dafd831ac040c8c15e79e

SHA256
2075a98c9aaa906f2ceecc7980c1d12db5e3a2de9e857e18935c995dd8050bc3

SHA512
68f019b1d64bada6eab0d354c966ba9d5b0d47a7f9b303060fe857d94c339091f30534f63b672f8eec2ce3e5eb029dc254b4ced9490dce8b3147ed1190fe41ff

Download Submit
C:\Windows\System\liKBepY.exe

Filesize
2.1MB

MD5
2a2424c6a9746d811ec050ee801dd465

SHA1
41aa67dadceca70d40048b9f94bacf8f154b1f35

SHA256
80e860070e7c9ab6fdcca67e079a0ddf5c1e1847b3ac28664ba8ea4e695e8be9

SHA512
ab788d449769ac4c3d30afbbd281eaeeb55969f57bea6dbdb7a1950b3f6e921adf5e3086cec9c6faa11b73f0d98efc15f51e10e116c951b8bbc0f88c4f55b25f

Download Submit
C:\Windows\System\oAwdDBB.exe

Filesize
2.1MB

MD5
bba5db13cb641234f4398fa8d5d38afb

SHA1
d4822ce48583ac22b6d78d922a18271c11540805

SHA256
4f45b5f5d8a0f4f5cbdb4aaf8b57611ba4327ed2b1bc3f6721cdd0e33d948aca

SHA512
1d930112e55e4cb43cd0f4bfb2d646b05a00d78737f5799c166071adf79e35e9730195ab12d7f9fc4a70c599b2838afacc1237d04f3ad25b91f68ea5d7bae711

Download Submit
C:\Windows\System\okDuCwZ.exe

Filesize
2.1MB

MD5
c9399b8ff494793b39426a831742e70d

SHA1
e222c8573ba8a189e10f09ed6c416b2473a5d100

SHA256
39dbdf5a421c61a6d659654aea34faff5b2481812b682dc0a87dda7e758eec82

SHA512
96b4c4c14fc893f62a2faba7d3a05b6e134fe0caca8e3430c8019f0cc96f44aeacb03ba9be948e125ea585eb9d69787065a2bb483cfce4274c21c7845fed7b33

Download Submit
C:\Windows\System\tPTbImH.exe

Filesize
2.1MB

MD5
7ba60f6c7a80e3a619da1fb7e8a9e8db

SHA1
996f0e1aa495367d26ea11c423b63ec724b6400f

SHA256
e9fdd62ef0d8536e8c2e3d5a4c13f1fcab8d4403e4d8b492be454a4fc8b5f472

SHA512
a536e2e98c09fb4dff8b227f9e3f7c4fea0dec781745eceaaefe582296ff1b1c1ccc9367175c3cc0d876274411f6334b38783b74a644d08748c54f257cc72632

Download Submit
C:\Windows\System\uqcWLbq.exe

Filesize
2.1MB

MD5
4385521a1f7a3ab06c9f880a7e2a32b0

SHA1
5f4a41d2bea8f4ebe38a6b58e5e91b95dd32796d

SHA256
9da169e19ccafac820b4ed3650b88aa5d5e7a227c66d35fe07466ac406e9b4b9

SHA512
fa6ad815a6e8210949192226e036242696be82aa82443a445243a3d71ea5f3a66ce3aa31cf4d3a962a21b2c86895cb2d001d13413197bdca966af3968b35e3be

Download Submit
C:\Windows\System\zLtRxdK.exe

Filesize
2.1MB

MD5
2d64b97f65594742d8a6145c1132ae02

SHA1
4cc3b5908996c7960045d4b4a93ebfbc4dde99ba

SHA256
bf73cac494b3e5d405fca04725d38247da4666e3cfc7abf3a25f8e49f1503cb1

SHA512
ec24bd9e78d9c6e0c156e9b2fbb3797801b23d28bc3b8d63cecdf61e9e61bf68aab23f156a0c18d042211cdc55ae9bf9b3d3c532c3a31d6559aee70d5fa57afd

Download Submit
C:\Windows\System\zsbWAya.exe

Filesize
2.1MB

MD5
1665dcc7f71dfb71724205c69f42d602

SHA1
c28388246ee5ad53265c56765e5c78d27e47094e

SHA256
4e53f7f85f87e46eca6376a5d58d7d6fa31ffb209d00accce155705fef350eba

SHA512
b5bb9078847c511c8985b138615f7e3f6b5776a36370e620cd44467aab25a4ef2af024044cdff2e0a58d257c82315cf951bcb238065df2b2e4bbb6763590f3da

Download Submit
memory/2864-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download