kpot | 0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
Size

2.1MB
MD5

abf2562a71413ba4ae23413169d4f400
SHA1

2d8f5156ac1589f18cfa78ee2972e6181e29e164
SHA256

0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0
SHA512

d966a3bb6cf36cadb8920033d0b54efbac15e7635a00a8dc709363b34904444de9284c6572abe327ac00dd2fa07087dfc8021b713916badb8bb636b08c1dadd9
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Pf:GemTLkNdfE0pZaQf

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0008000000022f51-4.dat	family_kpot
behavioral2/files/0x0007000000023423-8.dat	family_kpot
behavioral2/files/0x0007000000023424-9.dat	family_kpot
behavioral2/files/0x0007000000023425-20.dat	family_kpot
behavioral2/files/0x0007000000023426-24.dat	family_kpot
behavioral2/files/0x0007000000023427-28.dat	family_kpot
behavioral2/files/0x0007000000023428-35.dat	family_kpot
behavioral2/files/0x0007000000023429-38.dat	family_kpot
behavioral2/files/0x0008000000023420-45.dat	family_kpot
behavioral2/files/0x000700000002342a-50.dat	family_kpot
behavioral2/files/0x000700000002342d-62.dat	family_kpot
behavioral2/files/0x000700000002342f-74.dat	family_kpot
behavioral2/files/0x0007000000023431-88.dat	family_kpot
behavioral2/files/0x0007000000023435-108.dat	family_kpot
behavioral2/files/0x0007000000023439-125.dat	family_kpot
behavioral2/files/0x000700000002343a-129.dat	family_kpot
behavioral2/files/0x000700000002343e-147.dat	family_kpot
behavioral2/files/0x0007000000023441-162.dat	family_kpot
behavioral2/files/0x000700000002343f-158.dat	family_kpot
behavioral2/files/0x0007000000023440-157.dat	family_kpot
behavioral2/files/0x000700000002343d-148.dat	family_kpot
behavioral2/files/0x000700000002343c-143.dat	family_kpot
behavioral2/files/0x000700000002343b-138.dat	family_kpot
behavioral2/files/0x0007000000023438-122.dat	family_kpot
behavioral2/files/0x0007000000023437-118.dat	family_kpot
behavioral2/files/0x0007000000023436-112.dat	family_kpot
behavioral2/files/0x0007000000023434-102.dat	family_kpot
behavioral2/files/0x0007000000023433-98.dat	family_kpot
behavioral2/files/0x0007000000023432-93.dat	family_kpot
behavioral2/files/0x0007000000023430-83.dat	family_kpot
behavioral2/files/0x000700000002342e-72.dat	family_kpot
behavioral2/files/0x000700000002342c-63.dat	family_kpot
behavioral2/files/0x000700000002342b-57.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000022f51-4.dat	xmrig
behavioral2/files/0x0007000000023423-8.dat	xmrig
behavioral2/files/0x0007000000023424-9.dat	xmrig
behavioral2/files/0x0007000000023425-20.dat	xmrig
behavioral2/files/0x0007000000023426-24.dat	xmrig
behavioral2/files/0x0007000000023427-28.dat	xmrig
behavioral2/files/0x0007000000023428-35.dat	xmrig
behavioral2/files/0x0007000000023429-38.dat	xmrig
behavioral2/files/0x0008000000023420-45.dat	xmrig
behavioral2/files/0x000700000002342a-50.dat	xmrig
behavioral2/files/0x000700000002342d-62.dat	xmrig
behavioral2/files/0x000700000002342f-74.dat	xmrig
behavioral2/files/0x0007000000023431-88.dat	xmrig
behavioral2/files/0x0007000000023435-108.dat	xmrig
behavioral2/files/0x0007000000023439-125.dat	xmrig
behavioral2/files/0x000700000002343a-129.dat	xmrig
behavioral2/files/0x000700000002343e-147.dat	xmrig
behavioral2/files/0x0007000000023441-162.dat	xmrig
behavioral2/files/0x000700000002343f-158.dat	xmrig
behavioral2/files/0x0007000000023440-157.dat	xmrig
behavioral2/files/0x000700000002343d-148.dat	xmrig
behavioral2/files/0x000700000002343c-143.dat	xmrig
behavioral2/files/0x000700000002343b-138.dat	xmrig
behavioral2/files/0x0007000000023438-122.dat	xmrig
behavioral2/files/0x0007000000023437-118.dat	xmrig
behavioral2/files/0x0007000000023436-112.dat	xmrig
behavioral2/files/0x0007000000023434-102.dat	xmrig
behavioral2/files/0x0007000000023433-98.dat	xmrig
behavioral2/files/0x0007000000023432-93.dat	xmrig
behavioral2/files/0x0007000000023430-83.dat	xmrig
behavioral2/files/0x000700000002342e-72.dat	xmrig
behavioral2/files/0x000700000002342c-63.dat	xmrig
behavioral2/files/0x000700000002342b-57.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	gGHTDBa.exe
1536	miWPGAZ.exe
1428	XukPond.exe
4412	kMekkMZ.exe
4232	CmVkyFg.exe
5100	QqWcIzh.exe
4220	HkYeiUD.exe
4284	UlxZlKB.exe
8	nWLoNiJ.exe
1368	XcglRdJ.exe
4596	xxMwGjC.exe
1436	ldauTHO.exe
1412	HykIiyB.exe
1316	tMTZgqr.exe
3600	ZIPFMcF.exe
1260	DzcsAZM.exe
4616	TjMJUen.exe
828	PoUYKey.exe
1392	vCaggCL.exe
4996	qePWtho.exe
1280	BFXIxPC.exe
2088	TvMvWhq.exe
884	IJxtRwN.exe
5012	TJDHXWL.exe
4124	wHxYmwe.exe
2768	lyXhUPf.exe
632	kIHDkqo.exe
1884	tNOPWzl.exe
1432	YVFWJcR.exe
3460	bLrlkmo.exe
4080	qTWIfJA.exe
3176	ypbzTZt.exe
960	XVmOhZJ.exe
4276	tfLMbyT.exe
5092	ibtjlaV.exe
1116	XMomIqr.exe
3584	Azxaqfn.exe
4808	AguRWTf.exe
1500	XDGdvcI.exe
3900	anztCFF.exe
3196	xednwuj.exe
1064	rEMJaKv.exe
3464	AalIwud.exe
3616	lHKrSFl.exe
2164	aRBhzeb.exe
3344	ljqRDpJ.exe
1248	JaHZPlf.exe
1968	qigxGon.exe
2308	wZavxtf.exe
4264	sHagdJb.exe
1068	dXhUArx.exe
4420	zzGgLWR.exe
2744	zgiYNOH.exe
412	lApCFkN.exe
1872	srhCLCm.exe
1264	rVfNdyP.exe
2016	QJLMIgO.exe
4508	jixyZzI.exe
4368	NWWBMVm.exe
2436	ktjZYNf.exe
220	BKMrkOv.exe
2540	jJQksni.exe
4452	sMROckw.exe
4936	kWaIAly.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OfSoofg.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\nWyUNav.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\ajljeBl.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\XkLaVeT.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\tWFZHAM.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\UwebncD.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\kMekkMZ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\wbRQkeF.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\BKMrkOv.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\vSSYPfA.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\tarJzSZ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\FvSXdUF.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\AguRWTf.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\ktjZYNf.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\jXtJequ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\wHVNxEg.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\GyuGIDN.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\luqImHL.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\rXEGaAY.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\kIHDkqo.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\GLyxUOw.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\uINBivw.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\ivuzPyq.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\nWLoNiJ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\HykIiyB.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\CdfMLdW.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\WhYPrjJ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\nkBXUDV.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\MJreAOi.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\FAmQSbz.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\CmVkyFg.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\EmSlTXS.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\WCAYqre.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\NvhvHvw.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\VQWwSGd.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\hXCRjKo.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\cifctNz.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\hqetXCQ.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\OJvzJSO.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\IJMVGed.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\hcSyIxy.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\LgTYoLM.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\IjdGRev.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\OBbVmQB.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\sMROckw.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\QKbedHT.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\yXZbvXH.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\LVVAoZE.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\xKlyBLl.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\itHUcdu.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\QznAzcS.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\xCTFGAY.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\uTkDlPn.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\jSoKFtL.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\asaxCCI.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\UeQcwUu.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\IVbJpKK.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\xDIoqGm.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\gOmEBBs.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\dXhUArx.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\nZUUlos.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\UAQuqtC.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\TJDHXWL.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
File created	C:\Windows\System\tNOPWzl.exe	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2904	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	82
PID 372 wrote to memory of 2904	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	82
PID 372 wrote to memory of 1536	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	83
PID 372 wrote to memory of 1536	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	83
PID 372 wrote to memory of 1428	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	84
PID 372 wrote to memory of 1428	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	84
PID 372 wrote to memory of 4412	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	85
PID 372 wrote to memory of 4412	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	85
PID 372 wrote to memory of 4232	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	86
PID 372 wrote to memory of 4232	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	86
PID 372 wrote to memory of 5100	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	87
PID 372 wrote to memory of 5100	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	87
PID 372 wrote to memory of 4220	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	88
PID 372 wrote to memory of 4220	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	88
PID 372 wrote to memory of 4284	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	89
PID 372 wrote to memory of 4284	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	89
PID 372 wrote to memory of 8	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	90
PID 372 wrote to memory of 8	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	90
PID 372 wrote to memory of 1368	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	91
PID 372 wrote to memory of 1368	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	91
PID 372 wrote to memory of 4596	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	92
PID 372 wrote to memory of 4596	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	92
PID 372 wrote to memory of 1436	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	93
PID 372 wrote to memory of 1436	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	93
PID 372 wrote to memory of 1412	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	94
PID 372 wrote to memory of 1412	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	94
PID 372 wrote to memory of 1316	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	95
PID 372 wrote to memory of 1316	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	95
PID 372 wrote to memory of 3600	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	96
PID 372 wrote to memory of 3600	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	96
PID 372 wrote to memory of 1260	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	97
PID 372 wrote to memory of 1260	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	97
PID 372 wrote to memory of 4616	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	98
PID 372 wrote to memory of 4616	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	98
PID 372 wrote to memory of 828	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	99
PID 372 wrote to memory of 828	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	99
PID 372 wrote to memory of 1392	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	100
PID 372 wrote to memory of 1392	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	100
PID 372 wrote to memory of 4996	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	101
PID 372 wrote to memory of 4996	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	101
PID 372 wrote to memory of 1280	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	102
PID 372 wrote to memory of 1280	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	102
PID 372 wrote to memory of 2088	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	103
PID 372 wrote to memory of 2088	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	103
PID 372 wrote to memory of 884	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	104
PID 372 wrote to memory of 884	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	104
PID 372 wrote to memory of 5012	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	105
PID 372 wrote to memory of 5012	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	105
PID 372 wrote to memory of 4124	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	106
PID 372 wrote to memory of 4124	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	106
PID 372 wrote to memory of 2768	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	107
PID 372 wrote to memory of 2768	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	107
PID 372 wrote to memory of 632	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	108
PID 372 wrote to memory of 632	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	108
PID 372 wrote to memory of 1884	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	109
PID 372 wrote to memory of 1884	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	109
PID 372 wrote to memory of 1432	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	110
PID 372 wrote to memory of 1432	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	110
PID 372 wrote to memory of 3460	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	111
PID 372 wrote to memory of 3460	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	111
PID 372 wrote to memory of 4080	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	112
PID 372 wrote to memory of 4080	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	112
PID 372 wrote to memory of 3176	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	113
PID 372 wrote to memory of 3176	372	0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dcda27bc3c27a2c1674c6018cf16af3c84abb9581be7e66870f5d9f729f5ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\System\gGHTDBa.exe
  C:\Windows\System\gGHTDBa.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\miWPGAZ.exe
  C:\Windows\System\miWPGAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\XukPond.exe
  C:\Windows\System\XukPond.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\kMekkMZ.exe
  C:\Windows\System\kMekkMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\CmVkyFg.exe
  C:\Windows\System\CmVkyFg.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\QqWcIzh.exe
  C:\Windows\System\QqWcIzh.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\HkYeiUD.exe
  C:\Windows\System\HkYeiUD.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\UlxZlKB.exe
  C:\Windows\System\UlxZlKB.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\nWLoNiJ.exe
  C:\Windows\System\nWLoNiJ.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\XcglRdJ.exe
  C:\Windows\System\XcglRdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\xxMwGjC.exe
  C:\Windows\System\xxMwGjC.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\ldauTHO.exe
  C:\Windows\System\ldauTHO.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\HykIiyB.exe
  C:\Windows\System\HykIiyB.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\tMTZgqr.exe
  C:\Windows\System\tMTZgqr.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\ZIPFMcF.exe
  C:\Windows\System\ZIPFMcF.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\DzcsAZM.exe
  C:\Windows\System\DzcsAZM.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\TjMJUen.exe
  C:\Windows\System\TjMJUen.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\PoUYKey.exe
  C:\Windows\System\PoUYKey.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\vCaggCL.exe
  C:\Windows\System\vCaggCL.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\qePWtho.exe
  C:\Windows\System\qePWtho.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\BFXIxPC.exe
  C:\Windows\System\BFXIxPC.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\TvMvWhq.exe
  C:\Windows\System\TvMvWhq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\IJxtRwN.exe
  C:\Windows\System\IJxtRwN.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\TJDHXWL.exe
  C:\Windows\System\TJDHXWL.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\wHxYmwe.exe
  C:\Windows\System\wHxYmwe.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\lyXhUPf.exe
  C:\Windows\System\lyXhUPf.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\kIHDkqo.exe
  C:\Windows\System\kIHDkqo.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\tNOPWzl.exe
  C:\Windows\System\tNOPWzl.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\YVFWJcR.exe
  C:\Windows\System\YVFWJcR.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\bLrlkmo.exe
  C:\Windows\System\bLrlkmo.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\qTWIfJA.exe
  C:\Windows\System\qTWIfJA.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\ypbzTZt.exe
  C:\Windows\System\ypbzTZt.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\XVmOhZJ.exe
  C:\Windows\System\XVmOhZJ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\tfLMbyT.exe
  C:\Windows\System\tfLMbyT.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\ibtjlaV.exe
  C:\Windows\System\ibtjlaV.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\XMomIqr.exe
  C:\Windows\System\XMomIqr.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\Azxaqfn.exe
  C:\Windows\System\Azxaqfn.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\AguRWTf.exe
  C:\Windows\System\AguRWTf.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\XDGdvcI.exe
  C:\Windows\System\XDGdvcI.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\anztCFF.exe
  C:\Windows\System\anztCFF.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\xednwuj.exe
  C:\Windows\System\xednwuj.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\rEMJaKv.exe
  C:\Windows\System\rEMJaKv.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\AalIwud.exe
  C:\Windows\System\AalIwud.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\lHKrSFl.exe
  C:\Windows\System\lHKrSFl.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\aRBhzeb.exe
  C:\Windows\System\aRBhzeb.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ljqRDpJ.exe
  C:\Windows\System\ljqRDpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\JaHZPlf.exe
  C:\Windows\System\JaHZPlf.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\qigxGon.exe
  C:\Windows\System\qigxGon.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\wZavxtf.exe
  C:\Windows\System\wZavxtf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\sHagdJb.exe
  C:\Windows\System\sHagdJb.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\dXhUArx.exe
  C:\Windows\System\dXhUArx.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\zzGgLWR.exe
  C:\Windows\System\zzGgLWR.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\zgiYNOH.exe
  C:\Windows\System\zgiYNOH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\lApCFkN.exe
  C:\Windows\System\lApCFkN.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\srhCLCm.exe
  C:\Windows\System\srhCLCm.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\rVfNdyP.exe
  C:\Windows\System\rVfNdyP.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\QJLMIgO.exe
  C:\Windows\System\QJLMIgO.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jixyZzI.exe
  C:\Windows\System\jixyZzI.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\NWWBMVm.exe
  C:\Windows\System\NWWBMVm.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\ktjZYNf.exe
  C:\Windows\System\ktjZYNf.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\BKMrkOv.exe
  C:\Windows\System\BKMrkOv.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\jJQksni.exe
  C:\Windows\System\jJQksni.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\sMROckw.exe
  C:\Windows\System\sMROckw.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\kWaIAly.exe
  C:\Windows\System\kWaIAly.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\uTkDlPn.exe
  C:\Windows\System\uTkDlPn.exe
  2⤵
  PID:2392
- C:\Windows\System\hRQYKUc.exe
  C:\Windows\System\hRQYKUc.exe
  2⤵
  PID:4040
- C:\Windows\System\KqVWrZm.exe
  C:\Windows\System\KqVWrZm.exe
  2⤵
  PID:1476
- C:\Windows\System\hcSyIxy.exe
  C:\Windows\System\hcSyIxy.exe
  2⤵
  PID:5048
- C:\Windows\System\DIcmbdW.exe
  C:\Windows\System\DIcmbdW.exe
  2⤵
  PID:5016
- C:\Windows\System\VlrvdFs.exe
  C:\Windows\System\VlrvdFs.exe
  2⤵
  PID:5044
- C:\Windows\System\TPrzgQN.exe
  C:\Windows\System\TPrzgQN.exe
  2⤵
  PID:4988
- C:\Windows\System\flLGquc.exe
  C:\Windows\System\flLGquc.exe
  2⤵
  PID:2648
- C:\Windows\System\XSItxTh.exe
  C:\Windows\System\XSItxTh.exe
  2⤵
  PID:2596
- C:\Windows\System\EmSlTXS.exe
  C:\Windows\System\EmSlTXS.exe
  2⤵
  PID:5024
- C:\Windows\System\voycJXP.exe
  C:\Windows\System\voycJXP.exe
  2⤵
  PID:1388
- C:\Windows\System\FwNQdLM.exe
  C:\Windows\System\FwNQdLM.exe
  2⤵
  PID:4624
- C:\Windows\System\amPOmyu.exe
  C:\Windows\System\amPOmyu.exe
  2⤵
  PID:4748
- C:\Windows\System\mBJzNiY.exe
  C:\Windows\System\mBJzNiY.exe
  2⤵
  PID:5000
- C:\Windows\System\LlwsJKE.exe
  C:\Windows\System\LlwsJKE.exe
  2⤵
  PID:3684
- C:\Windows\System\XLVYKEo.exe
  C:\Windows\System\XLVYKEo.exe
  2⤵
  PID:4880
- C:\Windows\System\jHxbYvx.exe
  C:\Windows\System\jHxbYvx.exe
  2⤵
  PID:336
- C:\Windows\System\MJreAOi.exe
  C:\Windows\System\MJreAOi.exe
  2⤵
  PID:2564
- C:\Windows\System\GLyxUOw.exe
  C:\Windows\System\GLyxUOw.exe
  2⤵
  PID:4660
- C:\Windows\System\LgTYoLM.exe
  C:\Windows\System\LgTYoLM.exe
  2⤵
  PID:512
- C:\Windows\System\HZPtAmV.exe
  C:\Windows\System\HZPtAmV.exe
  2⤵
  PID:4552
- C:\Windows\System\VWGIUSS.exe
  C:\Windows\System\VWGIUSS.exe
  2⤵
  PID:3180
- C:\Windows\System\uINBivw.exe
  C:\Windows\System\uINBivw.exe
  2⤵
  PID:3080
- C:\Windows\System\QbfYFGY.exe
  C:\Windows\System\QbfYFGY.exe
  2⤵
  PID:2984
- C:\Windows\System\nZUUlos.exe
  C:\Windows\System\nZUUlos.exe
  2⤵
  PID:4800
- C:\Windows\System\obeiSSO.exe
  C:\Windows\System\obeiSSO.exe
  2⤵
  PID:3060
- C:\Windows\System\luqImHL.exe
  C:\Windows\System\luqImHL.exe
  2⤵
  PID:1832
- C:\Windows\System\rdfEAuO.exe
  C:\Windows\System\rdfEAuO.exe
  2⤵
  PID:4048
- C:\Windows\System\hXCRjKo.exe
  C:\Windows\System\hXCRjKo.exe
  2⤵
  PID:2064
- C:\Windows\System\WRXfMBA.exe
  C:\Windows\System\WRXfMBA.exe
  2⤵
  PID:944
- C:\Windows\System\OHIhaoR.exe
  C:\Windows\System\OHIhaoR.exe
  2⤵
  PID:3608
- C:\Windows\System\jHkHGLq.exe
  C:\Windows\System\jHkHGLq.exe
  2⤵
  PID:4780
- C:\Windows\System\WzJFBxe.exe
  C:\Windows\System\WzJFBxe.exe
  2⤵
  PID:2560
- C:\Windows\System\iYtdiVD.exe
  C:\Windows\System\iYtdiVD.exe
  2⤵
  PID:3488
- C:\Windows\System\vSSYPfA.exe
  C:\Windows\System\vSSYPfA.exe
  2⤵
  PID:1540
- C:\Windows\System\xmgaxeF.exe
  C:\Windows\System\xmgaxeF.exe
  2⤵
  PID:4344
- C:\Windows\System\VODoJNR.exe
  C:\Windows\System\VODoJNR.exe
  2⤵
  PID:3940
- C:\Windows\System\ZRvaYsW.exe
  C:\Windows\System\ZRvaYsW.exe
  2⤵
  PID:5032
- C:\Windows\System\FlKJMJA.exe
  C:\Windows\System\FlKJMJA.exe
  2⤵
  PID:4608
- C:\Windows\System\KOJopAC.exe
  C:\Windows\System\KOJopAC.exe
  2⤵
  PID:4288
- C:\Windows\System\cGYIMrJ.exe
  C:\Windows\System\cGYIMrJ.exe
  2⤵
  PID:4444
- C:\Windows\System\jSoKFtL.exe
  C:\Windows\System\jSoKFtL.exe
  2⤵
  PID:4424
- C:\Windows\System\dOJponh.exe
  C:\Windows\System\dOJponh.exe
  2⤵
  PID:1304
- C:\Windows\System\IbTpUdm.exe
  C:\Windows\System\IbTpUdm.exe
  2⤵
  PID:5132
- C:\Windows\System\vLBuSiR.exe
  C:\Windows\System\vLBuSiR.exe
  2⤵
  PID:5160
- C:\Windows\System\wbRQkeF.exe
  C:\Windows\System\wbRQkeF.exe
  2⤵
  PID:5188
- C:\Windows\System\wkMuidC.exe
  C:\Windows\System\wkMuidC.exe
  2⤵
  PID:5216
- C:\Windows\System\CmPCEpf.exe
  C:\Windows\System\CmPCEpf.exe
  2⤵
  PID:5244
- C:\Windows\System\tbqvLPN.exe
  C:\Windows\System\tbqvLPN.exe
  2⤵
  PID:5272
- C:\Windows\System\fiVxqxp.exe
  C:\Windows\System\fiVxqxp.exe
  2⤵
  PID:5300
- C:\Windows\System\yXZbvXH.exe
  C:\Windows\System\yXZbvXH.exe
  2⤵
  PID:5324
- C:\Windows\System\hCFwkyu.exe
  C:\Windows\System\hCFwkyu.exe
  2⤵
  PID:5356
- C:\Windows\System\Zowixrm.exe
  C:\Windows\System\Zowixrm.exe
  2⤵
  PID:5384
- C:\Windows\System\jkShyjt.exe
  C:\Windows\System\jkShyjt.exe
  2⤵
  PID:5416
- C:\Windows\System\hqetXCQ.exe
  C:\Windows\System\hqetXCQ.exe
  2⤵
  PID:5480
- C:\Windows\System\tarJzSZ.exe
  C:\Windows\System\tarJzSZ.exe
  2⤵
  PID:5508
- C:\Windows\System\RKfouwy.exe
  C:\Windows\System\RKfouwy.exe
  2⤵
  PID:5536
- C:\Windows\System\asCtbwH.exe
  C:\Windows\System\asCtbwH.exe
  2⤵
  PID:5564
- C:\Windows\System\WhYPrjJ.exe
  C:\Windows\System\WhYPrjJ.exe
  2⤵
  PID:5592
- C:\Windows\System\xhtehMy.exe
  C:\Windows\System\xhtehMy.exe
  2⤵
  PID:5620
- C:\Windows\System\kHZMSDX.exe
  C:\Windows\System\kHZMSDX.exe
  2⤵
  PID:5648
- C:\Windows\System\dnYyYbc.exe
  C:\Windows\System\dnYyYbc.exe
  2⤵
  PID:5676
- C:\Windows\System\dxvRxqN.exe
  C:\Windows\System\dxvRxqN.exe
  2⤵
  PID:5708
- C:\Windows\System\Nshkwpu.exe
  C:\Windows\System\Nshkwpu.exe
  2⤵
  PID:5732
- C:\Windows\System\KOmDjNl.exe
  C:\Windows\System\KOmDjNl.exe
  2⤵
  PID:5764
- C:\Windows\System\nFuIvqq.exe
  C:\Windows\System\nFuIvqq.exe
  2⤵
  PID:5792
- C:\Windows\System\QAKKQNf.exe
  C:\Windows\System\QAKKQNf.exe
  2⤵
  PID:5820
- C:\Windows\System\gjhInII.exe
  C:\Windows\System\gjhInII.exe
  2⤵
  PID:5848
- C:\Windows\System\rXEGaAY.exe
  C:\Windows\System\rXEGaAY.exe
  2⤵
  PID:5872
- C:\Windows\System\SnvSJUr.exe
  C:\Windows\System\SnvSJUr.exe
  2⤵
  PID:5900
- C:\Windows\System\DZsvZab.exe
  C:\Windows\System\DZsvZab.exe
  2⤵
  PID:5928
- C:\Windows\System\NqOsLoa.exe
  C:\Windows\System\NqOsLoa.exe
  2⤵
  PID:5964
- C:\Windows\System\FdEGUhi.exe
  C:\Windows\System\FdEGUhi.exe
  2⤵
  PID:5988
- C:\Windows\System\QIrPSMl.exe
  C:\Windows\System\QIrPSMl.exe
  2⤵
  PID:6016
- C:\Windows\System\UAQuqtC.exe
  C:\Windows\System\UAQuqtC.exe
  2⤵
  PID:6048
- C:\Windows\System\znrHPkz.exe
  C:\Windows\System\znrHPkz.exe
  2⤵
  PID:6076
- C:\Windows\System\BvvSrqJ.exe
  C:\Windows\System\BvvSrqJ.exe
  2⤵
  PID:6100
- C:\Windows\System\gVdSGEq.exe
  C:\Windows\System\gVdSGEq.exe
  2⤵
  PID:6128
- C:\Windows\System\sMJTWgP.exe
  C:\Windows\System\sMJTWgP.exe
  2⤵
  PID:384
- C:\Windows\System\PcnypWT.exe
  C:\Windows\System\PcnypWT.exe
  2⤵
  PID:5124
- C:\Windows\System\NfVGwsg.exe
  C:\Windows\System\NfVGwsg.exe
  2⤵
  PID:5204
- C:\Windows\System\BjSCIqq.exe
  C:\Windows\System\BjSCIqq.exe
  2⤵
  PID:5264
- C:\Windows\System\cFfAlGk.exe
  C:\Windows\System\cFfAlGk.exe
  2⤵
  PID:5340
- C:\Windows\System\NVoCflS.exe
  C:\Windows\System\NVoCflS.exe
  2⤵
  PID:5344
- C:\Windows\System\cifctNz.exe
  C:\Windows\System\cifctNz.exe
  2⤵
  PID:5376
- C:\Windows\System\QjfVKDq.exe
  C:\Windows\System\QjfVKDq.exe
  2⤵
  PID:4204
- C:\Windows\System\tfUMuox.exe
  C:\Windows\System\tfUMuox.exe
  2⤵
  PID:3712
- C:\Windows\System\wyrbOZU.exe
  C:\Windows\System\wyrbOZU.exe
  2⤵
  PID:2928
- C:\Windows\System\LVVAoZE.exe
  C:\Windows\System\LVVAoZE.exe
  2⤵
  PID:5504
- C:\Windows\System\MJqChdA.exe
  C:\Windows\System\MJqChdA.exe
  2⤵
  PID:5084
- C:\Windows\System\dGTvmgd.exe
  C:\Windows\System\dGTvmgd.exe
  2⤵
  PID:4976
- C:\Windows\System\XkLaVeT.exe
  C:\Windows\System\XkLaVeT.exe
  2⤵
  PID:3288
- C:\Windows\System\mivSfah.exe
  C:\Windows\System\mivSfah.exe
  2⤵
  PID:1616
- C:\Windows\System\XGcdTOg.exe
  C:\Windows\System\XGcdTOg.exe
  2⤵
  PID:980
- C:\Windows\System\EedWVJV.exe
  C:\Windows\System\EedWVJV.exe
  2⤵
  PID:5668
- C:\Windows\System\HVGYaxO.exe
  C:\Windows\System\HVGYaxO.exe
  2⤵
  PID:5728
- C:\Windows\System\HBDHdrA.exe
  C:\Windows\System\HBDHdrA.exe
  2⤵
  PID:5784
- C:\Windows\System\WCAYqre.exe
  C:\Windows\System\WCAYqre.exe
  2⤵
  PID:5864
- C:\Windows\System\nbDUPMG.exe
  C:\Windows\System\nbDUPMG.exe
  2⤵
  PID:5920
- C:\Windows\System\cjSXuDI.exe
  C:\Windows\System\cjSXuDI.exe
  2⤵
  PID:6004
- C:\Windows\System\ZCRJUmK.exe
  C:\Windows\System\ZCRJUmK.exe
  2⤵
  PID:6056
- C:\Windows\System\sILPCSl.exe
  C:\Windows\System\sILPCSl.exe
  2⤵
  PID:3004
- C:\Windows\System\xKlyBLl.exe
  C:\Windows\System\xKlyBLl.exe
  2⤵
  PID:5236
- C:\Windows\System\eZxqRWV.exe
  C:\Windows\System\eZxqRWV.exe
  2⤵
  PID:3744
- C:\Windows\System\kRdlDpN.exe
  C:\Windows\System\kRdlDpN.exe
  2⤵
  PID:1680
- C:\Windows\System\XRINyLF.exe
  C:\Windows\System\XRINyLF.exe
  2⤵
  PID:5476
- C:\Windows\System\nWyUNav.exe
  C:\Windows\System\nWyUNav.exe
  2⤵
  PID:3236
- C:\Windows\System\VleMSCT.exe
  C:\Windows\System\VleMSCT.exe
  2⤵
  PID:4524
- C:\Windows\System\jXtJequ.exe
  C:\Windows\System\jXtJequ.exe
  2⤵
  PID:5700
- C:\Windows\System\xvuHpQh.exe
  C:\Windows\System\xvuHpQh.exe
  2⤵
  PID:5840
- C:\Windows\System\OJvzJSO.exe
  C:\Windows\System\OJvzJSO.exe
  2⤵
  PID:6024
- C:\Windows\System\RcTKoUJ.exe
  C:\Windows\System\RcTKoUJ.exe
  2⤵
  PID:5172
- C:\Windows\System\nkBXUDV.exe
  C:\Windows\System\nkBXUDV.exe
  2⤵
  PID:5456
- C:\Windows\System\hbZlFgp.exe
  C:\Windows\System\hbZlFgp.exe
  2⤵
  PID:4504
- C:\Windows\System\WrKBnCE.exe
  C:\Windows\System\WrKBnCE.exe
  2⤵
  PID:5780
- C:\Windows\System\TVuoRUD.exe
  C:\Windows\System\TVuoRUD.exe
  2⤵
  PID:3504
- C:\Windows\System\GWzPqIr.exe
  C:\Windows\System\GWzPqIr.exe
  2⤵
  PID:2208
- C:\Windows\System\rXqNlbe.exe
  C:\Windows\System\rXqNlbe.exe
  2⤵
  PID:5036
- C:\Windows\System\jIXhKAn.exe
  C:\Windows\System\jIXhKAn.exe
  2⤵
  PID:6036
- C:\Windows\System\vkDoiAH.exe
  C:\Windows\System\vkDoiAH.exe
  2⤵
  PID:6172
- C:\Windows\System\YSuARaM.exe
  C:\Windows\System\YSuARaM.exe
  2⤵
  PID:6196
- C:\Windows\System\tWFZHAM.exe
  C:\Windows\System\tWFZHAM.exe
  2⤵
  PID:6224
- C:\Windows\System\itHUcdu.exe
  C:\Windows\System\itHUcdu.exe
  2⤵
  PID:6256
- C:\Windows\System\QgpkCVx.exe
  C:\Windows\System\QgpkCVx.exe
  2⤵
  PID:6280
- C:\Windows\System\esDIkTi.exe
  C:\Windows\System\esDIkTi.exe
  2⤵
  PID:6308
- C:\Windows\System\QznAzcS.exe
  C:\Windows\System\QznAzcS.exe
  2⤵
  PID:6336
- C:\Windows\System\AqzMxVK.exe
  C:\Windows\System\AqzMxVK.exe
  2⤵
  PID:6364
- C:\Windows\System\FvSXdUF.exe
  C:\Windows\System\FvSXdUF.exe
  2⤵
  PID:6396
- C:\Windows\System\gtYkAlQ.exe
  C:\Windows\System\gtYkAlQ.exe
  2⤵
  PID:6420
- C:\Windows\System\ytVjnwv.exe
  C:\Windows\System\ytVjnwv.exe
  2⤵
  PID:6452
- C:\Windows\System\WjMdLpB.exe
  C:\Windows\System\WjMdLpB.exe
  2⤵
  PID:6480
- C:\Windows\System\QKbedHT.exe
  C:\Windows\System\QKbedHT.exe
  2⤵
  PID:6508
- C:\Windows\System\XMBPnuA.exe
  C:\Windows\System\XMBPnuA.exe
  2⤵
  PID:6532
- C:\Windows\System\GkCBgBc.exe
  C:\Windows\System\GkCBgBc.exe
  2⤵
  PID:6560
- C:\Windows\System\qCEwtoa.exe
  C:\Windows\System\qCEwtoa.exe
  2⤵
  PID:6592
- C:\Windows\System\HMmVPmD.exe
  C:\Windows\System\HMmVPmD.exe
  2⤵
  PID:6616
- C:\Windows\System\QcyDwoQ.exe
  C:\Windows\System\QcyDwoQ.exe
  2⤵
  PID:6644
- C:\Windows\System\UwebncD.exe
  C:\Windows\System\UwebncD.exe
  2⤵
  PID:6672
- C:\Windows\System\NFTqkfg.exe
  C:\Windows\System\NFTqkfg.exe
  2⤵
  PID:6700
- C:\Windows\System\mUnFZpj.exe
  C:\Windows\System\mUnFZpj.exe
  2⤵
  PID:6728
- C:\Windows\System\bEEAOlw.exe
  C:\Windows\System\bEEAOlw.exe
  2⤵
  PID:6756
- C:\Windows\System\IJMVGed.exe
  C:\Windows\System\IJMVGed.exe
  2⤵
  PID:6784
- C:\Windows\System\GmUHWDP.exe
  C:\Windows\System\GmUHWDP.exe
  2⤵
  PID:6816
- C:\Windows\System\mbpaenR.exe
  C:\Windows\System\mbpaenR.exe
  2⤵
  PID:6844
- C:\Windows\System\ECPwQmT.exe
  C:\Windows\System\ECPwQmT.exe
  2⤵
  PID:6868
- C:\Windows\System\xCTFGAY.exe
  C:\Windows\System\xCTFGAY.exe
  2⤵
  PID:6896
- C:\Windows\System\ykUhBAL.exe
  C:\Windows\System\ykUhBAL.exe
  2⤵
  PID:6924
- C:\Windows\System\xWBNFFs.exe
  C:\Windows\System\xWBNFFs.exe
  2⤵
  PID:6956
- C:\Windows\System\dsEOzfI.exe
  C:\Windows\System\dsEOzfI.exe
  2⤵
  PID:6980
- C:\Windows\System\VAbrwOH.exe
  C:\Windows\System\VAbrwOH.exe
  2⤵
  PID:7012
- C:\Windows\System\KFWUdGa.exe
  C:\Windows\System\KFWUdGa.exe
  2⤵
  PID:7040
- C:\Windows\System\MeMgDLu.exe
  C:\Windows\System\MeMgDLu.exe
  2⤵
  PID:7068
- C:\Windows\System\swlUqPw.exe
  C:\Windows\System\swlUqPw.exe
  2⤵
  PID:7096
- C:\Windows\System\LIbDZaA.exe
  C:\Windows\System\LIbDZaA.exe
  2⤵
  PID:7124
- C:\Windows\System\ZegVAbd.exe
  C:\Windows\System\ZegVAbd.exe
  2⤵
  PID:7156
- C:\Windows\System\RfJsBDd.exe
  C:\Windows\System\RfJsBDd.exe
  2⤵
  PID:6192
- C:\Windows\System\KqxwFWt.exe
  C:\Windows\System\KqxwFWt.exe
  2⤵
  PID:6236
- C:\Windows\System\NvhvHvw.exe
  C:\Windows\System\NvhvHvw.exe
  2⤵
  PID:6300
- C:\Windows\System\YEZALfr.exe
  C:\Windows\System\YEZALfr.exe
  2⤵
  PID:6376
- C:\Windows\System\XxtwhSw.exe
  C:\Windows\System\XxtwhSw.exe
  2⤵
  PID:6432
- C:\Windows\System\mdYRwlr.exe
  C:\Windows\System\mdYRwlr.exe
  2⤵
  PID:6496
- C:\Windows\System\KKblANg.exe
  C:\Windows\System\KKblANg.exe
  2⤵
  PID:6556
- C:\Windows\System\WcSJdfG.exe
  C:\Windows\System\WcSJdfG.exe
  2⤵
  PID:6628
- C:\Windows\System\RbIzalP.exe
  C:\Windows\System\RbIzalP.exe
  2⤵
  PID:6692
- C:\Windows\System\FbUQaBh.exe
  C:\Windows\System\FbUQaBh.exe
  2⤵
  PID:6752
- C:\Windows\System\UPRovBS.exe
  C:\Windows\System\UPRovBS.exe
  2⤵
  PID:6824
- C:\Windows\System\inmyyeS.exe
  C:\Windows\System\inmyyeS.exe
  2⤵
  PID:6888
- C:\Windows\System\CKlKfzb.exe
  C:\Windows\System\CKlKfzb.exe
  2⤵
  PID:6948
- C:\Windows\System\ajljeBl.exe
  C:\Windows\System\ajljeBl.exe
  2⤵
  PID:7032
- C:\Windows\System\XNhakJT.exe
  C:\Windows\System\XNhakJT.exe
  2⤵
  PID:7088
- C:\Windows\System\ocTBAes.exe
  C:\Windows\System\ocTBAes.exe
  2⤵
  PID:7152
- C:\Windows\System\DybeINJ.exe
  C:\Windows\System\DybeINJ.exe
  2⤵
  PID:6264
- C:\Windows\System\zHGvEIy.exe
  C:\Windows\System\zHGvEIy.exe
  2⤵
  PID:6412
- C:\Windows\System\MnWKJna.exe
  C:\Windows\System\MnWKJna.exe
  2⤵
  PID:6552
- C:\Windows\System\kRmJHAn.exe
  C:\Windows\System\kRmJHAn.exe
  2⤵
  PID:6720
- C:\Windows\System\UvsbOTb.exe
  C:\Windows\System\UvsbOTb.exe
  2⤵
  PID:6880
- C:\Windows\System\PECAGgQ.exe
  C:\Windows\System\PECAGgQ.exe
  2⤵
  PID:7008
- C:\Windows\System\vFeHCWV.exe
  C:\Windows\System\vFeHCWV.exe
  2⤵
  PID:6180
- C:\Windows\System\llQCRIU.exe
  C:\Windows\System\llQCRIU.exe
  2⤵
  PID:6524
- C:\Windows\System\wXtchua.exe
  C:\Windows\System\wXtchua.exe
  2⤵
  PID:6684
- C:\Windows\System\GEqdRTb.exe
  C:\Windows\System\GEqdRTb.exe
  2⤵
  PID:7080
- C:\Windows\System\NipgZcr.exe
  C:\Windows\System\NipgZcr.exe
  2⤵
  PID:6612
- C:\Windows\System\LRZRGuu.exe
  C:\Windows\System\LRZRGuu.exe
  2⤵
  PID:6328
- C:\Windows\System\xDIoqGm.exe
  C:\Windows\System\xDIoqGm.exe
  2⤵
  PID:7200
- C:\Windows\System\shvsvZG.exe
  C:\Windows\System\shvsvZG.exe
  2⤵
  PID:7228
- C:\Windows\System\YacEkPc.exe
  C:\Windows\System\YacEkPc.exe
  2⤵
  PID:7256
- C:\Windows\System\eWanOOq.exe
  C:\Windows\System\eWanOOq.exe
  2⤵
  PID:7284
- C:\Windows\System\IusRXbt.exe
  C:\Windows\System\IusRXbt.exe
  2⤵
  PID:7312
- C:\Windows\System\IjdGRev.exe
  C:\Windows\System\IjdGRev.exe
  2⤵
  PID:7340
- C:\Windows\System\yjtiKjt.exe
  C:\Windows\System\yjtiKjt.exe
  2⤵
  PID:7368
- C:\Windows\System\gOmEBBs.exe
  C:\Windows\System\gOmEBBs.exe
  2⤵
  PID:7384
- C:\Windows\System\BDXIYXP.exe
  C:\Windows\System\BDXIYXP.exe
  2⤵
  PID:7412
- C:\Windows\System\kQAIBvu.exe
  C:\Windows\System\kQAIBvu.exe
  2⤵
  PID:7452
- C:\Windows\System\brxDMVV.exe
  C:\Windows\System\brxDMVV.exe
  2⤵
  PID:7480
- C:\Windows\System\UXzdgAb.exe
  C:\Windows\System\UXzdgAb.exe
  2⤵
  PID:7496
- C:\Windows\System\aosZMku.exe
  C:\Windows\System\aosZMku.exe
  2⤵
  PID:7524
- C:\Windows\System\GSXLdfu.exe
  C:\Windows\System\GSXLdfu.exe
  2⤵
  PID:7556
- C:\Windows\System\fwDwkiI.exe
  C:\Windows\System\fwDwkiI.exe
  2⤵
  PID:7592
- C:\Windows\System\OBbVmQB.exe
  C:\Windows\System\OBbVmQB.exe
  2⤵
  PID:7608
- C:\Windows\System\orWEzyO.exe
  C:\Windows\System\orWEzyO.exe
  2⤵
  PID:7648
- C:\Windows\System\hCQgaMy.exe
  C:\Windows\System\hCQgaMy.exe
  2⤵
  PID:7672
- C:\Windows\System\sptFGLA.exe
  C:\Windows\System\sptFGLA.exe
  2⤵
  PID:7704
- C:\Windows\System\OfSoofg.exe
  C:\Windows\System\OfSoofg.exe
  2⤵
  PID:7720
- C:\Windows\System\PNKMXhT.exe
  C:\Windows\System\PNKMXhT.exe
  2⤵
  PID:7752
- C:\Windows\System\trRdjrg.exe
  C:\Windows\System\trRdjrg.exe
  2⤵
  PID:7792
- C:\Windows\System\asaxCCI.exe
  C:\Windows\System\asaxCCI.exe
  2⤵
  PID:7820
- C:\Windows\System\JIVGigw.exe
  C:\Windows\System\JIVGigw.exe
  2⤵
  PID:7836
- C:\Windows\System\UeQcwUu.exe
  C:\Windows\System\UeQcwUu.exe
  2⤵
  PID:7868
- C:\Windows\System\lQDvHKQ.exe
  C:\Windows\System\lQDvHKQ.exe
  2⤵
  PID:7904
- C:\Windows\System\NWUytyE.exe
  C:\Windows\System\NWUytyE.exe
  2⤵
  PID:7920
- C:\Windows\System\fdCwWuA.exe
  C:\Windows\System\fdCwWuA.exe
  2⤵
  PID:7948
- C:\Windows\System\KFcvoey.exe
  C:\Windows\System\KFcvoey.exe
  2⤵
  PID:7976
- C:\Windows\System\SbaFPgz.exe
  C:\Windows\System\SbaFPgz.exe
  2⤵
  PID:8004
- C:\Windows\System\DkpEhmJ.exe
  C:\Windows\System\DkpEhmJ.exe
  2⤵
  PID:8020
- C:\Windows\System\xVWIcZv.exe
  C:\Windows\System\xVWIcZv.exe
  2⤵
  PID:8060
- C:\Windows\System\vktHrxH.exe
  C:\Windows\System\vktHrxH.exe
  2⤵
  PID:8088
- C:\Windows\System\ADQcHPs.exe
  C:\Windows\System\ADQcHPs.exe
  2⤵
  PID:8128
- C:\Windows\System\hswDMfE.exe
  C:\Windows\System\hswDMfE.exe
  2⤵
  PID:8148
- C:\Windows\System\hQBBTlQ.exe
  C:\Windows\System\hQBBTlQ.exe
  2⤵
  PID:8172
- C:\Windows\System\AIBBaZT.exe
  C:\Windows\System\AIBBaZT.exe
  2⤵
  PID:7176
- C:\Windows\System\xnnewpX.exe
  C:\Windows\System\xnnewpX.exe
  2⤵
  PID:7268
- C:\Windows\System\lWUtJuR.exe
  C:\Windows\System\lWUtJuR.exe
  2⤵
  PID:7296
- C:\Windows\System\FijBdJl.exe
  C:\Windows\System\FijBdJl.exe
  2⤵
  PID:7364
- C:\Windows\System\OyUOgmt.exe
  C:\Windows\System\OyUOgmt.exe
  2⤵
  PID:7396
- C:\Windows\System\CdfMLdW.exe
  C:\Windows\System\CdfMLdW.exe
  2⤵
  PID:7508
- C:\Windows\System\KiTMARk.exe
  C:\Windows\System\KiTMARk.exe
  2⤵
  PID:7580
- C:\Windows\System\OHZNMiI.exe
  C:\Windows\System\OHZNMiI.exe
  2⤵
  PID:7628
- C:\Windows\System\ofvzKAO.exe
  C:\Windows\System\ofvzKAO.exe
  2⤵
  PID:7696
- C:\Windows\System\QtEppEv.exe
  C:\Windows\System\QtEppEv.exe
  2⤵
  PID:7812
- C:\Windows\System\iQBOVJb.exe
  C:\Windows\System\iQBOVJb.exe
  2⤵
  PID:7864
- C:\Windows\System\xWyHmiw.exe
  C:\Windows\System\xWyHmiw.exe
  2⤵
  PID:7888
- C:\Windows\System\xnJcXDk.exe
  C:\Windows\System\xnJcXDk.exe
  2⤵
  PID:7964
- C:\Windows\System\eZrARtJ.exe
  C:\Windows\System\eZrARtJ.exe
  2⤵
  PID:8032
- C:\Windows\System\uPOdPZG.exe
  C:\Windows\System\uPOdPZG.exe
  2⤵
  PID:8100
- C:\Windows\System\wHVNxEg.exe
  C:\Windows\System\wHVNxEg.exe
  2⤵
  PID:8184
- C:\Windows\System\SijFZhI.exe
  C:\Windows\System\SijFZhI.exe
  2⤵
  PID:7336
- C:\Windows\System\zVcnsCk.exe
  C:\Windows\System\zVcnsCk.exe
  2⤵
  PID:7408
- C:\Windows\System\plhNdrv.exe
  C:\Windows\System\plhNdrv.exe
  2⤵
  PID:7632
- C:\Windows\System\ZAXCkLA.exe
  C:\Windows\System\ZAXCkLA.exe
  2⤵
  PID:7664
- C:\Windows\System\nDxSNFa.exe
  C:\Windows\System\nDxSNFa.exe
  2⤵
  PID:7960
- C:\Windows\System\VQWwSGd.exe
  C:\Windows\System\VQWwSGd.exe
  2⤵
  PID:8076
- C:\Windows\System\xXvmUPz.exe
  C:\Windows\System\xXvmUPz.exe
  2⤵
  PID:8156
- C:\Windows\System\AoiYJCa.exe
  C:\Windows\System\AoiYJCa.exe
  2⤵
  PID:7332
- C:\Windows\System\CcEdlGl.exe
  C:\Windows\System\CcEdlGl.exe
  2⤵
  PID:7892
- C:\Windows\System\TrWeWed.exe
  C:\Windows\System\TrWeWed.exe
  2⤵
  PID:7712
- C:\Windows\System\kjCLIrl.exe
  C:\Windows\System\kjCLIrl.exe
  2⤵
  PID:8136
- C:\Windows\System\IVbJpKK.exe
  C:\Windows\System\IVbJpKK.exe
  2⤵
  PID:8200
- C:\Windows\System\GyuGIDN.exe
  C:\Windows\System\GyuGIDN.exe
  2⤵
  PID:8228
- C:\Windows\System\evrMYJJ.exe
  C:\Windows\System\evrMYJJ.exe
  2⤵
  PID:8268
- C:\Windows\System\eyThrOz.exe
  C:\Windows\System\eyThrOz.exe
  2⤵
  PID:8288
- C:\Windows\System\lkiHvyl.exe
  C:\Windows\System\lkiHvyl.exe
  2⤵
  PID:8312
- C:\Windows\System\ivuzPyq.exe
  C:\Windows\System\ivuzPyq.exe
  2⤵
  PID:8360
- C:\Windows\System\arQiDJW.exe
  C:\Windows\System\arQiDJW.exe
  2⤵
  PID:8388
- C:\Windows\System\smCAdCx.exe
  C:\Windows\System\smCAdCx.exe
  2⤵
  PID:8404
- C:\Windows\System\uVUPxre.exe
  C:\Windows\System\uVUPxre.exe
  2⤵
  PID:8432
- C:\Windows\System\gAAXxZo.exe
  C:\Windows\System\gAAXxZo.exe
  2⤵
  PID:8456
- C:\Windows\System\NFyRWVK.exe
  C:\Windows\System\NFyRWVK.exe
  2⤵
  PID:8488
- C:\Windows\System\BqWdaRH.exe
  C:\Windows\System\BqWdaRH.exe
  2⤵
  PID:8528
- C:\Windows\System\FAmQSbz.exe
  C:\Windows\System\FAmQSbz.exe
  2⤵
  PID:8548
- C:\Windows\System\aRPrWGq.exe
  C:\Windows\System\aRPrWGq.exe
  2⤵
  PID:8588
- C:\Windows\System\CEpKVgv.exe
  C:\Windows\System\CEpKVgv.exe
  2⤵
  PID:8604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BFXIxPC.exe

Filesize
2.1MB

MD5
cb0dbd30610a4c8d169311e61975201d

SHA1
1e36a81a212219400a12533a6e46e5a94ea1de45

SHA256
0bc461e2a05ff9ddcebc7632402035a43537f4e74be5a0d63a8d0f59fdaa1ef5

SHA512
858bf3894afd11d17b08f4dc7ef14e22ea4966cef3931bdc1db8373dfa9cb7c04778e6e34b7917ea0fc95eca6d721e1a768353ece71d99640a3d175f1538e187

Download Submit
C:\Windows\System\CmVkyFg.exe

Filesize
2.1MB

MD5
e6b6f05ddad22a7667e6d95980018599

SHA1
f4639919f2d4bf0a336e64c965675f7d0e4821d6

SHA256
3fadb4e00e0bd4912f5db1958c23e5cecc244dcd1586e562554c06fa5279fef9

SHA512
f956e7b7ee34645b0399cb502c30bc0e52b08b492a9f39d0e5d244922a03bacc30ef2685cf3a2b75cf0f73e7f1213e55268dda680baaf6921c8c29d5f04c7694

Download Submit
C:\Windows\System\DzcsAZM.exe

Filesize
2.1MB

MD5
5e97476191200bb9d28364e13588174b

SHA1
0f36762ad7022665cb5b5d9099dd11ef37b7d103

SHA256
32ea4a4be895ff45a4e8aca058aa372a83278370b5cc1fd04254fab1bc54b6b3

SHA512
1fadbb1770f1d1b45ecf94fee4b4a0789f0e33887f75ec9ce99d7e934ace40533aacad9560f5d8771cbfeeaaa2150b5b018b1b09d9af6b6114a7db0902cb9f8e

Download Submit
C:\Windows\System\HkYeiUD.exe

Filesize
2.1MB

MD5
edae6eb8002946a791d56783976745a9

SHA1
63405f1dd9f1c386be4fd6c02e0f98a364de7ce1

SHA256
9b1bb0bd39ec5003112b95dcc9eb06e5c768bdb932991403cd0c9885e48ff53b

SHA512
668d8e2b871949a19e47af1c96f2c4cafa09dc1186183f5f82ccb55c0d5b0b4aa8adc45f550cda69843f001a9e23668b48da103e02af13cfee3c9f35c19f24d9

Download Submit
C:\Windows\System\HykIiyB.exe

Filesize
2.1MB

MD5
88cb255bc6da485bdf552463f6720aa5

SHA1
47a5da0a62c3a75ea5405e4ae1480eecc9407247

SHA256
de70cdaf70e64f3996c4cea65be38f7a6aad5a0b446fbecda448abe6c09f586c

SHA512
b7b72eed3b4a54b06057c06d77b414d510012db5d0cbbd8d356b5cdcf090f23d2f669c633ba941ba557c886c4537932ec32d2d25f8a43895b2236cdb5635363b

Download Submit
C:\Windows\System\IJxtRwN.exe

Filesize
2.1MB

MD5
4fe004a9d39bbcd4b53a141c3677e312

SHA1
fc3bf0dc7305e99eb84cb27ce158938e2171ac36

SHA256
c36822b46c564c31d136413cda17bfcf1159de8c21a8fc2ffd5bf4232d4af9b4

SHA512
ffd3470d343e52eefef39153aafd18f4e83b2f791ac813f49afc1779efc6c11b2813f8ae4426e1ab84f8ed874f792def8b5e3070508947ac669bc5d9d787dcc3

Download Submit
C:\Windows\System\PoUYKey.exe

Filesize
2.1MB

MD5
c4cbf6d876bdff0a1d33aa4e695ae41b

SHA1
c0107d23d8d0e12df3171aea62542d748174bc45

SHA256
1467f969c67e22f5a65bb12905a4dc69b498eb17a83232a2ddc0d46dcf0e87d4

SHA512
007a411e29793c9466881fb460eee7c7e489f88f58048331f8f49ba91370dca7110d756873e7bf13e0e07ad2962c2c5866dc4ec7a48b44d255a3b6dfa98e0aa1

Download Submit
C:\Windows\System\QqWcIzh.exe

Filesize
2.1MB

MD5
29166e63a6c09298d158a99973945e2a

SHA1
8b449ff88605e724827d1fe5157c3e9a56649b45

SHA256
009d2eaba4543cf371f600859fd606143422da06b5e3c88468294bdccaa9281d

SHA512
216c57d8888223cb5676ff942cfee19fc9770384515f37c4a6c17a5f5889d6139f8bdaa62358f9e944e831e21603cf4fe7081541659f9f87d6dea2ceccc1b417

Download Submit
C:\Windows\System\TJDHXWL.exe

Filesize
2.1MB

MD5
9fd1b5c1c3a6ef49aaa9a6efa84f0196

SHA1
0e1e28023386ef31b828d27f41b8cbc584e015fd

SHA256
941860584dcc0a77476d38e7fc0ae7dfdb57d4d350e3d8949dee8a6c012d7dc9

SHA512
80bcab65d58e8eb926ba091f58379c0fc1bc4873a28678e2c552d80e64c3e573ae7294aa1b5f8dad66c2bfd9fd3fb90be3d5f96f01feea3c94081aec8aa2a360

Download Submit
C:\Windows\System\TjMJUen.exe

Filesize
2.1MB

MD5
afd82222e0dbc03125abd3d095b7eca9

SHA1
9fc087ce8fcadec139b381ab11be07b2b775cd4e

SHA256
404d68cb612220aaced2f94c935ca2438dbce237a139259527649fa96d22ee9c

SHA512
f7ed0364c06f22ae8147b77e0cc18ccda729eca54def8847fa1f437262c7bf72076e9e1396acf0b799618e9ffb7363f78350bfb6eaf94b2d24af5c6a832d5251

Download Submit
C:\Windows\System\TvMvWhq.exe

Filesize
2.1MB

MD5
99a723a8bee2f17e0231919432e9ae23

SHA1
d7ca028536a8b97cb10a5effd77b016f0d016d28

SHA256
459720ff48084dd573b5ce72d9267412f50176128e41207a88bb7f9a1948d260

SHA512
a188b8063adb6e089caaa7eb6e044c31e8cb8da6dc3e4ccd85d59387435793078f8a0127152f240fbe2cc46e91ee669e7b1d9cf2252e6ebbe6247b3553176251

Download Submit
C:\Windows\System\UlxZlKB.exe

Filesize
2.1MB

MD5
340c3c5b8554a21da39ca96945d85296

SHA1
575e3e3e93b277b61d33edbc7bf2c5c6029d3701

SHA256
be6f4555cbb83555215e862152e425dae04355d13c0cd403c22ea762ef94e7e4

SHA512
7fed6aaee5acaa3cfb786b2c933be343aafd5af6e91642bf37132a101224be4a263109dead641be51d3ce4ecbe43535579496ffd319394bbaf563d23f47840ab

Download Submit
C:\Windows\System\XVmOhZJ.exe

Filesize
2.1MB

MD5
a44bf00d30327536128e35a2a687933e

SHA1
1d9645e1ff7515e3a1f72be71b9b569d501f3219

SHA256
0f9c43ad113fbd7ff06cb41439b5fa07560d9d1e4d492591642e1661ab3cb4a6

SHA512
2ea5ae2a0e10b4020d709e6b135bb93004b2e29b0f7980a1d5ec0968b942fc3c6c7fa47f378f435fbc0ed4a9fd4922d55e756eed0de7d23571d58363e44698eb

Download Submit
C:\Windows\System\XcglRdJ.exe

Filesize
2.1MB

MD5
0ac15702af8741d30883dbcb3800c337

SHA1
a36e3067173999ee35f287d74ff5eacb26ac24f3

SHA256
7c4eb0bcb7594d7fbb4993bd43cb2f45ae3f504a56c7c35118056acf31687e34

SHA512
9745d08bb329e8a77ca1effcbf5f58c475f10e10f29bcf97a1b22a20a57b379a6e38901a53e0a72a3319f7542e738e1169c0b8c15f5dfd63dc719165b5257efd

Download Submit
C:\Windows\System\XukPond.exe

Filesize
2.1MB

MD5
08d36e003ad0a03f9ea068f695b6d12e

SHA1
e8e25bc164c3a592fafd08511a3103cbab9f7cbd

SHA256
605ac3a13c7d669ee7a427579c290912e44ace463e870193c0269b5ab061b5e0

SHA512
867d829531152c236f6805daa2c324e73d2fcb0841e2e039fc4b27fa48ffc659292be8d5772b08cf8d6080850e95bf22a2fd44ae4db085f000b4768c5b1f18c6

Download Submit
C:\Windows\System\YVFWJcR.exe

Filesize
2.1MB

MD5
6bf717e5728ba7e9a53f0f9eb3c3f89c

SHA1
c998306c707df60bbaad651527ee6f2eed803d31

SHA256
98726054ac92b3ca1749db2976972a23937bb7e437f34b8772671faa76a8bf23

SHA512
615bccb8b63b77f3421648b7d42fd52095d2ef1caedfc0544a70d25d45290c328f93f34cb7131da592f4b1f7c68eeae69039721812ca522e786f448ebfb2f793

Download Submit
C:\Windows\System\ZIPFMcF.exe

Filesize
2.1MB

MD5
3d21e2bda0e4b3e83336678c14cf52d6

SHA1
59335cdefe563fa40bf5cc23ebbf8c3800ab5a60

SHA256
86e18fab3f4b496aa807e0870ef5302b27c8d7b11bcfe61388bbaa0708042f1f

SHA512
ed8d6e8bb3a993a019ea12db583b08ac5d99bc8c5a1ff09c636a016c109a9badc4d732841356766dfa0afe582f5cbcba6a527d8b20d16e7eda5b9a556f9cb663

Download Submit
C:\Windows\System\bLrlkmo.exe

Filesize
2.1MB

MD5
f332c4811c064160f2ed8da7cdf1c103

SHA1
ae72f3437cb20176f4173fb60d4fa63ec4ddaf6e

SHA256
d391522f909ae3fd22566cf258d9613d3fb3d580b205933c9baaf45ccad6e861

SHA512
c36dd9bf5b6ac520c665f7de149df79e047d7e00279db0fe90ed5092522b3152be6eb791bc54de705ea15c8b919c968cf75aa596fea93f4d999279017f8a79b4

Download Submit
C:\Windows\System\gGHTDBa.exe

Filesize
2.1MB

MD5
7cb71ad3931b6b60cb7b435f1457bf55

SHA1
e3b52307d00542611ed9abfef305d544183156ee

SHA256
4136152c6ddb0bd788bd1d83a97f7c67338d632648cd6ba2fc0f4a0e993ed3ce

SHA512
2288a51aed449b1c8b24fa37f5c350fe9ed149c3a8e8b3b5a76dbd713f214929ab487185623d55837ccf38467990c4cef551c7dbb3b1fea3a64a19acccab6dab

Download Submit
C:\Windows\System\kIHDkqo.exe

Filesize
2.1MB

MD5
1e271ef2e9ce43c765facf10ccc90c2d

SHA1
37d399c554981f81ee5f742b65a98f734e0aaf88

SHA256
5140fae44a3666fd29fe9d57fc50b8be2c93325cd4e0117f50e73117fab83f5a

SHA512
d13a7f28964d9da2c9a92df299d1bf75b62c287eacff3bd572850be43f8b17f786e82c20c0538f6d1ff4137ae0f3d648aa0b30b6c394da7da74d6c35b42ac001

Download Submit
C:\Windows\System\kMekkMZ.exe

Filesize
2.1MB

MD5
f87171ec09815a7f607d86e6dfbfd1e4

SHA1
a3b2d6d4d8545fc2b7551296f1f34586e8e45638

SHA256
4c885062a41ecf5dcb85a4ced793a107c9aaab8aac4d3ed83204c660f4ddc98f

SHA512
13af930f67f0f0c0dae8770294152ea2a6338d840b1fadf0bfec24d0f438e9c05bd38fbbff018ec8b6480872c67bb4bdf16a8a2c2bc61c2a4eb1242590331f96

Download Submit
C:\Windows\System\ldauTHO.exe

Filesize
2.1MB

MD5
b98946b69e1cff8dd9758e4c394da3af

SHA1
8d20882843045bd0e5111d2ba5b6fdf022733198

SHA256
068b517f8323d5e83b852433ce9df9a400cfcec235441b4b8ec5a91ef22cc82a

SHA512
96f8a3fc950368b33c6c232ccf5145143e0840dd9d34b90b75b92dd87af3a32f320a2eae686dc3ebd0fc97779250d2e06980edcd22c2a608ecf6f708dc2a1c18

Download Submit
C:\Windows\System\lyXhUPf.exe

Filesize
2.1MB

MD5
eb2a176745f897460a72f2cd1454bf96

SHA1
f87b2b54b1357d8d37a20be117a2e4f28db0daf3

SHA256
12da4eacddbb746328c3336658dd724e5d702146d5ba7bcc145752fdb1459a3e

SHA512
9bd658d9fe2e5394da7c102c200d92d8581a7321adc02fb2fa08a5dca13bfeb70bf6eec720f739cc9c03f30bd987a33ecda6784f42630dab40a3bf663904c824

Download Submit
C:\Windows\System\miWPGAZ.exe

Filesize
2.1MB

MD5
baf85ba39e915f3c6466af5392fe2e07

SHA1
237e276392894642a5dc77ceee33017556aa177c

SHA256
f662f850d0d33fb5c2356d66cd5a1d09a3a10d2e0ebb1be87a6a0328dcd3b492

SHA512
982c9acb4169d702296febb58055d3ca5207bd359007234b4b0bc75bf9c6043da49ba5e3cd105469e16bbf69f7bfaf29c3eee0983471c145c128cdda65180f2f

Download Submit
C:\Windows\System\nWLoNiJ.exe

Filesize
2.1MB

MD5
62865612a4de849db6496eedcde1f0ea

SHA1
a98b76d403c7cd14d3f762b63ec0c5b1db253dd0

SHA256
6c85948b15d79c7de0a2038a5f6621cd9ae9c16929d74a34c3c22fcaae0847c9

SHA512
7720a71714c24f20230283e4a1354965007011cb0f3509bb4a77bb5144bb94b9453d473651dffdb22f22cec717657a4d4dc48a3cd209f9ef4b418516f9bc8e70

Download Submit
C:\Windows\System\qTWIfJA.exe

Filesize
2.1MB

MD5
a78b455bb475f1ef493886311ef5a70c

SHA1
9cdc6db8ccc182bdacb722b4409519be6593575f

SHA256
4923bbf0873d93177de84aeb2e35448554544ff9f68a3a05129437455d4c2ba1

SHA512
4b56a468b96756aed9651916f52695b95bf1cb9a1ff219909cc1fa30db19af7e7797d575ae8eab06701f3acd499f513d3861ee5b57e99bf432bbc7c1675c0a38

Download Submit
C:\Windows\System\qePWtho.exe

Filesize
2.1MB

MD5
cca5e27b64638ff8eeeba88efa7477a7

SHA1
b59a36abe5fdd9f840a6e1ce549397725de77731

SHA256
38fb626072c05a408182fb503f9410b6a7725b6ba07c4d31464aaaa09437b611

SHA512
dc4d134711dffc0be83e08971e201be012fac143c21f40d8c34e12c3687378220bcb4e088bc26926483ee476d2c7aded443c5e0c0baa09b84eb308042fe561cc

Download Submit
C:\Windows\System\tMTZgqr.exe

Filesize
2.1MB

MD5
8c3da5aa2dc59d6694a55379b21a82e0

SHA1
1031949692fd3cd2f0774df58abd129d8fcf8ae2

SHA256
2fb4a5232c1efa8b3a810031bbed60fac815c628eb7dc333ea3219e6f62a7315

SHA512
3e90ffcd59ca765fd0dd7bfcef65bc8de2c35fd733ff8d01f5d5623d65a6d74f3f7106dbc1918ac6e4cd7041d9940421929b1e865e7056bdcbcb6d8137dc111b

Download Submit
C:\Windows\System\tNOPWzl.exe

Filesize
2.1MB

MD5
8e50d797bcb6c4bb44c52cb765793f78

SHA1
0f178084d014c7dbab0fcfed43427eb5075c083d

SHA256
c73efb681200c0aca3a8c39d7d4de4b61a5801063d46a45e1cf1848896db586e

SHA512
931954ea4bbb48b388d90167574c21232a8fbd4369d10432dc0b5292574fe655ad85653afb99536c78966c584a4416c3909e94534265a2223b9fce4744c15e60

Download Submit
C:\Windows\System\vCaggCL.exe

Filesize
2.1MB

MD5
107f5091abda2f8e649c64e914620904

SHA1
24ec938321e94afb224022410c2cb03f411b809f

SHA256
f66dcf48d780957184465ccefe3b63f56a788f9613ee02fa770fdcda6e470366

SHA512
108530c7bb696482e39adc579cb7bc5619ae37bd399cc4dc1bc832519baa8c74029c36133fdfa317125b72ff79505ed03acf40a1b78072aae85abadb1eae8646

Download Submit
C:\Windows\System\wHxYmwe.exe

Filesize
2.1MB

MD5
ff1a1a6326cf4e366bbbba8cc2635e08

SHA1
823f8fb43030fdad6060433b4f80a6558cd8c1fb

SHA256
0fd1136be2e3a54a18e05c27879fd48eda4b4337d03aab3bd38ecb483f052771

SHA512
3a5a135dd8bfb9312ca989617b68ec9e67066382f0af44bdabe0205d733b6ffa76a7a516da9708f81fb4c02e6d5da2f8412f26ee68f2b9fa294ddf048686fc7f

Download Submit
C:\Windows\System\xxMwGjC.exe

Filesize
2.1MB

MD5
706c81062a6cb70ec08ece651bea1ace

SHA1
5bdac8add175f76de403b4a49c4996d26ab93462

SHA256
e11383870ce1fe8a4aaead24a1d0cdba6e0dd114eb2c9fce86566cc5afe11f2e

SHA512
d0596bde63813ee1541e9edd3f94cc822a6c82decbb881ec8f6cbed8d52440ee9bf2597d160adb040b3713fc0116da8139e0884105bf02fe1e96e879136c255a

Download Submit
C:\Windows\System\ypbzTZt.exe

Filesize
2.1MB

MD5
6456d89780715ee47611457e28107578

SHA1
51ad27370cef618aa80b6b9f1e03e2b4de0ada42

SHA256
50257254ffb251b63ba10932b9414e600df424a6c1b13f2e081fb4ddcae09515

SHA512
d4dc6ff0fb01d51a7a1cd0e4fd452bbebfa69b25d5b5a209f8c593fa017e1656ebf667a8133cd0b80ece99d62164c9b628e855fa609023221b985620bba4a0a6

Download Submit
memory/372-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download