kpot | 12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
Size

2.1MB
MD5

5fca5d7b7f1f01f346d46494592e2240
SHA1

c1bfbb20cca701cab6fc55120e94107dbbca4ab0
SHA256

12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f
SHA512

eef79dfca6a1d947b5b362040bed4073feda2c1630e82eee0be5b45254c14fb2ed1e4055f781001d97a4c124e6c101494a94d5c9dcfe35f51f28ebddbe491e02
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PdD:GemTLkNdfE0pZaQ5

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0008000000022f51-4.dat	family_kpot
behavioral2/files/0x000800000002340c-9.dat	family_kpot
behavioral2/files/0x0007000000023410-8.dat	family_kpot
behavioral2/files/0x0007000000023411-19.dat	family_kpot
behavioral2/files/0x0007000000023414-30.dat	family_kpot
behavioral2/files/0x0007000000023415-33.dat	family_kpot
behavioral2/files/0x0007000000023416-39.dat	family_kpot
behavioral2/files/0x0007000000023419-52.dat	family_kpot
behavioral2/files/0x000700000002341b-65.dat	family_kpot
behavioral2/files/0x0007000000023427-128.dat	family_kpot
behavioral2/files/0x000700000002342b-145.dat	family_kpot
behavioral2/files/0x000700000002342e-157.dat	family_kpot
behavioral2/files/0x000700000002342f-162.dat	family_kpot
behavioral2/files/0x000700000002342d-160.dat	family_kpot
behavioral2/files/0x000700000002342c-155.dat	family_kpot
behavioral2/files/0x000700000002342a-143.dat	family_kpot
behavioral2/files/0x0007000000023429-138.dat	family_kpot
behavioral2/files/0x0007000000023428-133.dat	family_kpot
behavioral2/files/0x0007000000023426-122.dat	family_kpot
behavioral2/files/0x0007000000023425-118.dat	family_kpot
behavioral2/files/0x0007000000023424-113.dat	family_kpot
behavioral2/files/0x0007000000023423-108.dat	family_kpot
behavioral2/files/0x0007000000023422-102.dat	family_kpot
behavioral2/files/0x0007000000023421-98.dat	family_kpot
behavioral2/files/0x0007000000023420-92.dat	family_kpot
behavioral2/files/0x000700000002341f-88.dat	family_kpot
behavioral2/files/0x000700000002341e-82.dat	family_kpot
behavioral2/files/0x000700000002341d-78.dat	family_kpot
behavioral2/files/0x000700000002341c-70.dat	family_kpot
behavioral2/files/0x000700000002341a-60.dat	family_kpot
behavioral2/files/0x0007000000023418-53.dat	family_kpot
behavioral2/files/0x0007000000023417-47.dat	family_kpot
behavioral2/files/0x0007000000023412-25.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000022f51-4.dat	xmrig
behavioral2/files/0x000800000002340c-9.dat	xmrig
behavioral2/files/0x0007000000023410-8.dat	xmrig
behavioral2/files/0x0007000000023411-19.dat	xmrig
behavioral2/files/0x0007000000023414-30.dat	xmrig
behavioral2/files/0x0007000000023415-33.dat	xmrig
behavioral2/files/0x0007000000023416-39.dat	xmrig
behavioral2/files/0x0007000000023419-52.dat	xmrig
behavioral2/files/0x000700000002341b-65.dat	xmrig
behavioral2/files/0x0007000000023427-128.dat	xmrig
behavioral2/files/0x000700000002342b-145.dat	xmrig
behavioral2/files/0x000700000002342e-157.dat	xmrig
behavioral2/files/0x000700000002342f-162.dat	xmrig
behavioral2/files/0x000700000002342d-160.dat	xmrig
behavioral2/files/0x000700000002342c-155.dat	xmrig
behavioral2/files/0x000700000002342a-143.dat	xmrig
behavioral2/files/0x0007000000023429-138.dat	xmrig
behavioral2/files/0x0007000000023428-133.dat	xmrig
behavioral2/files/0x0007000000023426-122.dat	xmrig
behavioral2/files/0x0007000000023425-118.dat	xmrig
behavioral2/files/0x0007000000023424-113.dat	xmrig
behavioral2/files/0x0007000000023423-108.dat	xmrig
behavioral2/files/0x0007000000023422-102.dat	xmrig
behavioral2/files/0x0007000000023421-98.dat	xmrig
behavioral2/files/0x0007000000023420-92.dat	xmrig
behavioral2/files/0x000700000002341f-88.dat	xmrig
behavioral2/files/0x000700000002341e-82.dat	xmrig
behavioral2/files/0x000700000002341d-78.dat	xmrig
behavioral2/files/0x000700000002341c-70.dat	xmrig
behavioral2/files/0x000700000002341a-60.dat	xmrig
behavioral2/files/0x0007000000023418-53.dat	xmrig
behavioral2/files/0x0007000000023417-47.dat	xmrig
behavioral2/files/0x0007000000023412-25.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
716	OzdZiEe.exe
2332	UOaMkAw.exe
2948	NMlkAKD.exe
988	EuMwejv.exe
4640	xETziZe.exe
2772	tlHaAPK.exe
436	cVeuhpn.exe
4656	YBVVTfX.exe
4896	ZiFEbWc.exe
4608	HDBKciT.exe
4456	ewyjKbi.exe
2964	DbHrwfk.exe
3332	ZNmzuEc.exe
1592	gDerqNd.exe
3328	qagwJaH.exe
732	tfqXKnB.exe
2052	nSkJweo.exe
208	geCTlcl.exe
3040	sONvvmr.exe
1732	blYVrGd.exe
5036	tFayfHj.exe
3992	IvBLVpX.exe
4480	umGZdRP.exe
4388	VtMhnpE.exe
1444	EWnoevD.exe
3596	IwzKFlB.exe
2956	wrSXtkr.exe
3756	RMZaArP.exe
668	wGjvUKz.exe
3252	kwocPDF.exe
3468	ZPqAREa.exe
2220	druNFev.exe
4668	sESvPFD.exe
3984	qNbaUFS.exe
2700	QCJLreU.exe
4664	RKVqqDX.exe
3768	ZdgmKnM.exe
1364	pLpJeiV.exe
2012	CucKcUk.exe
696	GTDIepe.exe
5108	YZJQbMg.exe
4700	HmKUNHl.exe
2372	LWGIKvY.exe
544	pwLdNWF.exe
3832	VHOOVet.exe
952	llWVCZz.exe
1264	wiyQdTy.exe
4400	VdROylh.exe
4528	PsHaVhY.exe
1124	ymzimnz.exe
3176	wKJwUxQ.exe
3492	EXiaocy.exe
4764	gVrEzoc.exe
4888	mzUZGRR.exe
2252	ESJHvAV.exe
4376	GkmOvUy.exe
3404	MmtqgDO.exe
2680	mtfKtNJ.exe
4920	KHIOUjx.exe
2640	Uvgnbwm.exe
3672	wRLybia.exe
2300	UKRgXrT.exe
1664	CJgQQXx.exe
4120	AdZntQZ.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JqYJWgQ.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\sWZoqUk.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\rITSWsd.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\VXOmMTQ.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\nSkJweo.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\lUzBgwr.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\GOBiGBy.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\pxxnOZz.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\jwlxqVs.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\niBZFWk.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\iTxmtOJ.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\NauaEDz.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\VtMhnpE.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\CucKcUk.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\FtFmWmj.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\PzDWTrf.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\BdjjHCN.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\ledAMzt.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\rMBaNAY.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\iZIwgmw.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\KeHfFlU.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\qaTJbLg.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\iiFgcLq.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\pwLdNWF.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\nCcsTwq.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\GvnGjCp.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\WqsPOxi.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\JYBjhNE.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\iAUzlkx.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\IvBLVpX.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\QCJLreU.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\GixbiAT.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\UOIefvs.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\QFKsHEW.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\PeghNtT.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\ZxFxhhP.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\ddLMnrG.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\VHOOVet.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\lgfhzUF.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\viGOIhD.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\nqjzwbA.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\NlKwttD.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\CpdCqOO.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\cuMrCCp.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\XkzCcHp.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\cDNxnBN.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\QENcpMn.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\Yihbppw.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\rdDTtPN.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\DUxSVyh.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\haFpXPW.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\sXjBClQ.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\ZpkxawE.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\IwzKFlB.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\ESJHvAV.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\GkmOvUy.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\MiPJkaM.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\upVYDSM.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\OzdZiEe.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\umGZdRP.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\vHrdXNT.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\RzjAnEu.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\yuJPfUz.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
File created	C:\Windows\System\CLBkOFy.exe	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 716	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	81
PID 3256 wrote to memory of 716	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	81
PID 3256 wrote to memory of 2332	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	82
PID 3256 wrote to memory of 2332	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	82
PID 3256 wrote to memory of 2948	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	83
PID 3256 wrote to memory of 2948	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	83
PID 3256 wrote to memory of 988	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	84
PID 3256 wrote to memory of 988	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	84
PID 3256 wrote to memory of 4640	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	85
PID 3256 wrote to memory of 4640	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	85
PID 3256 wrote to memory of 2772	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	86
PID 3256 wrote to memory of 2772	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	86
PID 3256 wrote to memory of 436	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	87
PID 3256 wrote to memory of 436	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	87
PID 3256 wrote to memory of 4656	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	88
PID 3256 wrote to memory of 4656	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	88
PID 3256 wrote to memory of 4896	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	89
PID 3256 wrote to memory of 4896	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	89
PID 3256 wrote to memory of 4608	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	90
PID 3256 wrote to memory of 4608	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	90
PID 3256 wrote to memory of 4456	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	91
PID 3256 wrote to memory of 4456	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	91
PID 3256 wrote to memory of 2964	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	92
PID 3256 wrote to memory of 2964	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	92
PID 3256 wrote to memory of 3332	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	93
PID 3256 wrote to memory of 3332	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	93
PID 3256 wrote to memory of 1592	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	94
PID 3256 wrote to memory of 1592	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	94
PID 3256 wrote to memory of 3328	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	95
PID 3256 wrote to memory of 3328	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	95
PID 3256 wrote to memory of 732	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	96
PID 3256 wrote to memory of 732	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	96
PID 3256 wrote to memory of 2052	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	97
PID 3256 wrote to memory of 2052	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	97
PID 3256 wrote to memory of 208	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	98
PID 3256 wrote to memory of 208	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	98
PID 3256 wrote to memory of 3040	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	99
PID 3256 wrote to memory of 3040	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	99
PID 3256 wrote to memory of 1732	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	100
PID 3256 wrote to memory of 1732	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	100
PID 3256 wrote to memory of 5036	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	101
PID 3256 wrote to memory of 5036	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	101
PID 3256 wrote to memory of 3992	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	102
PID 3256 wrote to memory of 3992	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	102
PID 3256 wrote to memory of 4480	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	103
PID 3256 wrote to memory of 4480	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	103
PID 3256 wrote to memory of 4388	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	104
PID 3256 wrote to memory of 4388	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	104
PID 3256 wrote to memory of 1444	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	105
PID 3256 wrote to memory of 1444	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	105
PID 3256 wrote to memory of 3596	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	106
PID 3256 wrote to memory of 3596	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	106
PID 3256 wrote to memory of 2956	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	107
PID 3256 wrote to memory of 2956	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	107
PID 3256 wrote to memory of 3756	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	108
PID 3256 wrote to memory of 3756	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	108
PID 3256 wrote to memory of 668	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	109
PID 3256 wrote to memory of 668	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	109
PID 3256 wrote to memory of 3252	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	110
PID 3256 wrote to memory of 3252	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	110
PID 3256 wrote to memory of 3468	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	111
PID 3256 wrote to memory of 3468	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	111
PID 3256 wrote to memory of 2220	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	112
PID 3256 wrote to memory of 2220	3256	12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12755320fb41d50bd89b9335403e0b8c9f686387c268f91ba77c141e2424962f_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Windows\System\OzdZiEe.exe
  C:\Windows\System\OzdZiEe.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\UOaMkAw.exe
  C:\Windows\System\UOaMkAw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\NMlkAKD.exe
  C:\Windows\System\NMlkAKD.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\EuMwejv.exe
  C:\Windows\System\EuMwejv.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\xETziZe.exe
  C:\Windows\System\xETziZe.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\tlHaAPK.exe
  C:\Windows\System\tlHaAPK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\cVeuhpn.exe
  C:\Windows\System\cVeuhpn.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\YBVVTfX.exe
  C:\Windows\System\YBVVTfX.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\ZiFEbWc.exe
  C:\Windows\System\ZiFEbWc.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\HDBKciT.exe
  C:\Windows\System\HDBKciT.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\ewyjKbi.exe
  C:\Windows\System\ewyjKbi.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\DbHrwfk.exe
  C:\Windows\System\DbHrwfk.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ZNmzuEc.exe
  C:\Windows\System\ZNmzuEc.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\gDerqNd.exe
  C:\Windows\System\gDerqNd.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qagwJaH.exe
  C:\Windows\System\qagwJaH.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\tfqXKnB.exe
  C:\Windows\System\tfqXKnB.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\nSkJweo.exe
  C:\Windows\System\nSkJweo.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\geCTlcl.exe
  C:\Windows\System\geCTlcl.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\sONvvmr.exe
  C:\Windows\System\sONvvmr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\blYVrGd.exe
  C:\Windows\System\blYVrGd.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\tFayfHj.exe
  C:\Windows\System\tFayfHj.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\IvBLVpX.exe
  C:\Windows\System\IvBLVpX.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\umGZdRP.exe
  C:\Windows\System\umGZdRP.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\VtMhnpE.exe
  C:\Windows\System\VtMhnpE.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\EWnoevD.exe
  C:\Windows\System\EWnoevD.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\IwzKFlB.exe
  C:\Windows\System\IwzKFlB.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\wrSXtkr.exe
  C:\Windows\System\wrSXtkr.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RMZaArP.exe
  C:\Windows\System\RMZaArP.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\wGjvUKz.exe
  C:\Windows\System\wGjvUKz.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\kwocPDF.exe
  C:\Windows\System\kwocPDF.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\ZPqAREa.exe
  C:\Windows\System\ZPqAREa.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\druNFev.exe
  C:\Windows\System\druNFev.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\sESvPFD.exe
  C:\Windows\System\sESvPFD.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\qNbaUFS.exe
  C:\Windows\System\qNbaUFS.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\QCJLreU.exe
  C:\Windows\System\QCJLreU.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\RKVqqDX.exe
  C:\Windows\System\RKVqqDX.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\ZdgmKnM.exe
  C:\Windows\System\ZdgmKnM.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\pLpJeiV.exe
  C:\Windows\System\pLpJeiV.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\CucKcUk.exe
  C:\Windows\System\CucKcUk.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\GTDIepe.exe
  C:\Windows\System\GTDIepe.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\YZJQbMg.exe
  C:\Windows\System\YZJQbMg.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\HmKUNHl.exe
  C:\Windows\System\HmKUNHl.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\LWGIKvY.exe
  C:\Windows\System\LWGIKvY.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\pwLdNWF.exe
  C:\Windows\System\pwLdNWF.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\VHOOVet.exe
  C:\Windows\System\VHOOVet.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\llWVCZz.exe
  C:\Windows\System\llWVCZz.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\wiyQdTy.exe
  C:\Windows\System\wiyQdTy.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\VdROylh.exe
  C:\Windows\System\VdROylh.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\PsHaVhY.exe
  C:\Windows\System\PsHaVhY.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\ymzimnz.exe
  C:\Windows\System\ymzimnz.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\wKJwUxQ.exe
  C:\Windows\System\wKJwUxQ.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\EXiaocy.exe
  C:\Windows\System\EXiaocy.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\gVrEzoc.exe
  C:\Windows\System\gVrEzoc.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\mzUZGRR.exe
  C:\Windows\System\mzUZGRR.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\ESJHvAV.exe
  C:\Windows\System\ESJHvAV.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\GkmOvUy.exe
  C:\Windows\System\GkmOvUy.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\MmtqgDO.exe
  C:\Windows\System\MmtqgDO.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\mtfKtNJ.exe
  C:\Windows\System\mtfKtNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KHIOUjx.exe
  C:\Windows\System\KHIOUjx.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\Uvgnbwm.exe
  C:\Windows\System\Uvgnbwm.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wRLybia.exe
  C:\Windows\System\wRLybia.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\UKRgXrT.exe
  C:\Windows\System\UKRgXrT.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\CJgQQXx.exe
  C:\Windows\System\CJgQQXx.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\AdZntQZ.exe
  C:\Windows\System\AdZntQZ.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\LYWLAqn.exe
  C:\Windows\System\LYWLAqn.exe
  2⤵
  PID:1172
- C:\Windows\System\MwBiWfM.exe
  C:\Windows\System\MwBiWfM.exe
  2⤵
  PID:2004
- C:\Windows\System\nclldvY.exe
  C:\Windows\System\nclldvY.exe
  2⤵
  PID:1112
- C:\Windows\System\rdDTtPN.exe
  C:\Windows\System\rdDTtPN.exe
  2⤵
  PID:2928
- C:\Windows\System\AlBYrcE.exe
  C:\Windows\System\AlBYrcE.exe
  2⤵
  PID:3620
- C:\Windows\System\ahlPEgI.exe
  C:\Windows\System\ahlPEgI.exe
  2⤵
  PID:2168
- C:\Windows\System\JYmlBpB.exe
  C:\Windows\System\JYmlBpB.exe
  2⤵
  PID:2664
- C:\Windows\System\xbzhWpp.exe
  C:\Windows\System\xbzhWpp.exe
  2⤵
  PID:4760
- C:\Windows\System\iUAfMmd.exe
  C:\Windows\System\iUAfMmd.exe
  2⤵
  PID:3280
- C:\Windows\System\FtFmWmj.exe
  C:\Windows\System\FtFmWmj.exe
  2⤵
  PID:3820
- C:\Windows\System\mndUTzD.exe
  C:\Windows\System\mndUTzD.exe
  2⤵
  PID:2080
- C:\Windows\System\MobYlVm.exe
  C:\Windows\System\MobYlVm.exe
  2⤵
  PID:1948
- C:\Windows\System\lILcNFp.exe
  C:\Windows\System\lILcNFp.exe
  2⤵
  PID:3276
- C:\Windows\System\gDFzImi.exe
  C:\Windows\System\gDFzImi.exe
  2⤵
  PID:3908
- C:\Windows\System\CXjxqWT.exe
  C:\Windows\System\CXjxqWT.exe
  2⤵
  PID:4284
- C:\Windows\System\qtmmttR.exe
  C:\Windows\System\qtmmttR.exe
  2⤵
  PID:5096
- C:\Windows\System\qMBzXKC.exe
  C:\Windows\System\qMBzXKC.exe
  2⤵
  PID:4492
- C:\Windows\System\lgfhzUF.exe
  C:\Windows\System\lgfhzUF.exe
  2⤵
  PID:4176
- C:\Windows\System\hVXWyui.exe
  C:\Windows\System\hVXWyui.exe
  2⤵
  PID:4568
- C:\Windows\System\zWIFWAG.exe
  C:\Windows\System\zWIFWAG.exe
  2⤵
  PID:1236
- C:\Windows\System\UOIefvs.exe
  C:\Windows\System\UOIefvs.exe
  2⤵
  PID:1936
- C:\Windows\System\bwrAOPC.exe
  C:\Windows\System\bwrAOPC.exe
  2⤵
  PID:3240
- C:\Windows\System\vnigvgs.exe
  C:\Windows\System\vnigvgs.exe
  2⤵
  PID:4524
- C:\Windows\System\MrrGFwS.exe
  C:\Windows\System\MrrGFwS.exe
  2⤵
  PID:3688
- C:\Windows\System\BFBfFxf.exe
  C:\Windows\System\BFBfFxf.exe
  2⤵
  PID:2132
- C:\Windows\System\QFKsHEW.exe
  C:\Windows\System\QFKsHEW.exe
  2⤵
  PID:1304
- C:\Windows\System\GcfJbbH.exe
  C:\Windows\System\GcfJbbH.exe
  2⤵
  PID:4548
- C:\Windows\System\ZGpzvOL.exe
  C:\Windows\System\ZGpzvOL.exe
  2⤵
  PID:1840
- C:\Windows\System\pxxnOZz.exe
  C:\Windows\System\pxxnOZz.exe
  2⤵
  PID:3804
- C:\Windows\System\sialraB.exe
  C:\Windows\System\sialraB.exe
  2⤵
  PID:4572
- C:\Windows\System\cpkFixQ.exe
  C:\Windows\System\cpkFixQ.exe
  2⤵
  PID:2344
- C:\Windows\System\WSmTnxx.exe
  C:\Windows\System\WSmTnxx.exe
  2⤵
  PID:2688
- C:\Windows\System\fELmCjd.exe
  C:\Windows\System\fELmCjd.exe
  2⤵
  PID:2404
- C:\Windows\System\GKgqnBM.exe
  C:\Windows\System\GKgqnBM.exe
  2⤵
  PID:5148
- C:\Windows\System\GixbiAT.exe
  C:\Windows\System\GixbiAT.exe
  2⤵
  PID:5172
- C:\Windows\System\TDkSRSe.exe
  C:\Windows\System\TDkSRSe.exe
  2⤵
  PID:5204
- C:\Windows\System\SsEQGJW.exe
  C:\Windows\System\SsEQGJW.exe
  2⤵
  PID:5232
- C:\Windows\System\AuQUmaj.exe
  C:\Windows\System\AuQUmaj.exe
  2⤵
  PID:5260
- C:\Windows\System\wRhwWih.exe
  C:\Windows\System\wRhwWih.exe
  2⤵
  PID:5288
- C:\Windows\System\rdRfCnu.exe
  C:\Windows\System\rdRfCnu.exe
  2⤵
  PID:5316
- C:\Windows\System\jwlxqVs.exe
  C:\Windows\System\jwlxqVs.exe
  2⤵
  PID:5344
- C:\Windows\System\wKhNael.exe
  C:\Windows\System\wKhNael.exe
  2⤵
  PID:5372
- C:\Windows\System\gPzKCmf.exe
  C:\Windows\System\gPzKCmf.exe
  2⤵
  PID:5400
- C:\Windows\System\mCoZZKK.exe
  C:\Windows\System\mCoZZKK.exe
  2⤵
  PID:5428
- C:\Windows\System\lZvpVoX.exe
  C:\Windows\System\lZvpVoX.exe
  2⤵
  PID:5452
- C:\Windows\System\iKfVCUa.exe
  C:\Windows\System\iKfVCUa.exe
  2⤵
  PID:5484
- C:\Windows\System\nyIvSzz.exe
  C:\Windows\System\nyIvSzz.exe
  2⤵
  PID:5508
- C:\Windows\System\EWMdMLU.exe
  C:\Windows\System\EWMdMLU.exe
  2⤵
  PID:5540
- C:\Windows\System\lUzBgwr.exe
  C:\Windows\System\lUzBgwr.exe
  2⤵
  PID:5568
- C:\Windows\System\rMBaNAY.exe
  C:\Windows\System\rMBaNAY.exe
  2⤵
  PID:5600
- C:\Windows\System\ZawhVWA.exe
  C:\Windows\System\ZawhVWA.exe
  2⤵
  PID:5624
- C:\Windows\System\bTiAqik.exe
  C:\Windows\System\bTiAqik.exe
  2⤵
  PID:5652
- C:\Windows\System\VkTpuzo.exe
  C:\Windows\System\VkTpuzo.exe
  2⤵
  PID:5676
- C:\Windows\System\symjQmd.exe
  C:\Windows\System\symjQmd.exe
  2⤵
  PID:5704
- C:\Windows\System\VrSRAII.exe
  C:\Windows\System\VrSRAII.exe
  2⤵
  PID:5736
- C:\Windows\System\pjtBacC.exe
  C:\Windows\System\pjtBacC.exe
  2⤵
  PID:5760
- C:\Windows\System\niBZFWk.exe
  C:\Windows\System\niBZFWk.exe
  2⤵
  PID:5800
- C:\Windows\System\FbcQzap.exe
  C:\Windows\System\FbcQzap.exe
  2⤵
  PID:5824
- C:\Windows\System\SuIshsu.exe
  C:\Windows\System\SuIshsu.exe
  2⤵
  PID:5856
- C:\Windows\System\EmRTYCd.exe
  C:\Windows\System\EmRTYCd.exe
  2⤵
  PID:5884
- C:\Windows\System\ZYBpqmg.exe
  C:\Windows\System\ZYBpqmg.exe
  2⤵
  PID:5904
- C:\Windows\System\BQtgVox.exe
  C:\Windows\System\BQtgVox.exe
  2⤵
  PID:5932
- C:\Windows\System\UKqaNbb.exe
  C:\Windows\System\UKqaNbb.exe
  2⤵
  PID:5960
- C:\Windows\System\zFfNLGb.exe
  C:\Windows\System\zFfNLGb.exe
  2⤵
  PID:5984
- C:\Windows\System\RzjAnEu.exe
  C:\Windows\System\RzjAnEu.exe
  2⤵
  PID:6044
- C:\Windows\System\kweovHv.exe
  C:\Windows\System\kweovHv.exe
  2⤵
  PID:6072
- C:\Windows\System\NcZvBqA.exe
  C:\Windows\System\NcZvBqA.exe
  2⤵
  PID:6112
- C:\Windows\System\NlKwttD.exe
  C:\Windows\System\NlKwttD.exe
  2⤵
  PID:6140
- C:\Windows\System\rmYKyhe.exe
  C:\Windows\System\rmYKyhe.exe
  2⤵
  PID:4820
- C:\Windows\System\YHzXVAG.exe
  C:\Windows\System\YHzXVAG.exe
  2⤵
  PID:1420
- C:\Windows\System\YZJGOyF.exe
  C:\Windows\System\YZJGOyF.exe
  2⤵
  PID:3336
- C:\Windows\System\jUxuKsP.exe
  C:\Windows\System\jUxuKsP.exe
  2⤵
  PID:5136
- C:\Windows\System\ekucZJE.exe
  C:\Windows\System\ekucZJE.exe
  2⤵
  PID:5196
- C:\Windows\System\svCrOnq.exe
  C:\Windows\System\svCrOnq.exe
  2⤵
  PID:5276
- C:\Windows\System\GOBiGBy.exe
  C:\Windows\System\GOBiGBy.exe
  2⤵
  PID:5332
- C:\Windows\System\SnvYneN.exe
  C:\Windows\System\SnvYneN.exe
  2⤵
  PID:5412
- C:\Windows\System\JqYJWgQ.exe
  C:\Windows\System\JqYJWgQ.exe
  2⤵
  PID:5448
- C:\Windows\System\TtvrRCA.exe
  C:\Windows\System\TtvrRCA.exe
  2⤵
  PID:5524
- C:\Windows\System\cDNxnBN.exe
  C:\Windows\System\cDNxnBN.exe
  2⤵
  PID:5592
- C:\Windows\System\vHrdXNT.exe
  C:\Windows\System\vHrdXNT.exe
  2⤵
  PID:5644
- C:\Windows\System\EzsLDJe.exe
  C:\Windows\System\EzsLDJe.exe
  2⤵
  PID:5700
- C:\Windows\System\vaJMTKA.exe
  C:\Windows\System\vaJMTKA.exe
  2⤵
  PID:5776
- C:\Windows\System\ygDBwZD.exe
  C:\Windows\System\ygDBwZD.exe
  2⤵
  PID:5840
- C:\Windows\System\iZIwgmw.exe
  C:\Windows\System\iZIwgmw.exe
  2⤵
  PID:5876
- C:\Windows\System\XDovMsE.exe
  C:\Windows\System\XDovMsE.exe
  2⤵
  PID:5924
- C:\Windows\System\EOcrHAG.exe
  C:\Windows\System\EOcrHAG.exe
  2⤵
  PID:6020
- C:\Windows\System\CpdCqOO.exe
  C:\Windows\System\CpdCqOO.exe
  2⤵
  PID:1576
- C:\Windows\System\KeHfFlU.exe
  C:\Windows\System\KeHfFlU.exe
  2⤵
  PID:6032
- C:\Windows\System\MiPJkaM.exe
  C:\Windows\System\MiPJkaM.exe
  2⤵
  PID:2932
- C:\Windows\System\lNxWUkd.exe
  C:\Windows\System\lNxWUkd.exe
  2⤵
  PID:6136
- C:\Windows\System\QVGoyzM.exe
  C:\Windows\System\QVGoyzM.exe
  2⤵
  PID:2292
- C:\Windows\System\umUbTGk.exe
  C:\Windows\System\umUbTGk.exe
  2⤵
  PID:4024
- C:\Windows\System\awEYnRe.exe
  C:\Windows\System\awEYnRe.exe
  2⤵
  PID:628
- C:\Windows\System\uxIlmcV.exe
  C:\Windows\System\uxIlmcV.exe
  2⤵
  PID:1136
- C:\Windows\System\ZxFxhhP.exe
  C:\Windows\System\ZxFxhhP.exe
  2⤵
  PID:1968
- C:\Windows\System\bEjdPKn.exe
  C:\Windows\System\bEjdPKn.exe
  2⤵
  PID:5188
- C:\Windows\System\NJIQRxD.exe
  C:\Windows\System\NJIQRxD.exe
  2⤵
  PID:5300
- C:\Windows\System\iTxmtOJ.exe
  C:\Windows\System\iTxmtOJ.exe
  2⤵
  PID:5360
- C:\Windows\System\cKuCHAh.exe
  C:\Windows\System\cKuCHAh.exe
  2⤵
  PID:448
- C:\Windows\System\gWudRNF.exe
  C:\Windows\System\gWudRNF.exe
  2⤵
  PID:5476
- C:\Windows\System\viGOIhD.exe
  C:\Windows\System\viGOIhD.exe
  2⤵
  PID:5724
- C:\Windows\System\CndJzai.exe
  C:\Windows\System\CndJzai.exe
  2⤵
  PID:5848
- C:\Windows\System\JPetVIE.exe
  C:\Windows\System\JPetVIE.exe
  2⤵
  PID:5972
- C:\Windows\System\MSwqoHJ.exe
  C:\Windows\System\MSwqoHJ.exe
  2⤵
  PID:6060
- C:\Windows\System\DUxSVyh.exe
  C:\Windows\System\DUxSVyh.exe
  2⤵
  PID:6132
- C:\Windows\System\MCJWxKb.exe
  C:\Windows\System\MCJWxKb.exe
  2⤵
  PID:4620
- C:\Windows\System\CIKYIjS.exe
  C:\Windows\System\CIKYIjS.exe
  2⤵
  PID:2140
- C:\Windows\System\SCxYMNr.exe
  C:\Windows\System\SCxYMNr.exe
  2⤵
  PID:1140
- C:\Windows\System\GTyMDIk.exe
  C:\Windows\System\GTyMDIk.exe
  2⤵
  PID:5556
- C:\Windows\System\OgTUKSb.exe
  C:\Windows\System\OgTUKSb.exe
  2⤵
  PID:5896
- C:\Windows\System\ZdaEnWS.exe
  C:\Windows\System\ZdaEnWS.exe
  2⤵
  PID:6108
- C:\Windows\System\PKPRlqb.exe
  C:\Windows\System\PKPRlqb.exe
  2⤵
  PID:4600
- C:\Windows\System\NauaEDz.exe
  C:\Windows\System\NauaEDz.exe
  2⤵
  PID:4968
- C:\Windows\System\cuMrCCp.exe
  C:\Windows\System\cuMrCCp.exe
  2⤵
  PID:3060
- C:\Windows\System\OsATTVs.exe
  C:\Windows\System\OsATTVs.exe
  2⤵
  PID:2884
- C:\Windows\System\QENcpMn.exe
  C:\Windows\System\QENcpMn.exe
  2⤵
  PID:5416
- C:\Windows\System\COJavfk.exe
  C:\Windows\System\COJavfk.exe
  2⤵
  PID:6168
- C:\Windows\System\kbqIdrG.exe
  C:\Windows\System\kbqIdrG.exe
  2⤵
  PID:6196
- C:\Windows\System\tyquBQA.exe
  C:\Windows\System\tyquBQA.exe
  2⤵
  PID:6228
- C:\Windows\System\TRaMvyZ.exe
  C:\Windows\System\TRaMvyZ.exe
  2⤵
  PID:6252
- C:\Windows\System\HURmutI.exe
  C:\Windows\System\HURmutI.exe
  2⤵
  PID:6288
- C:\Windows\System\gVmSCZs.exe
  C:\Windows\System\gVmSCZs.exe
  2⤵
  PID:6312
- C:\Windows\System\GVtkDnx.exe
  C:\Windows\System\GVtkDnx.exe
  2⤵
  PID:6336
- C:\Windows\System\XneXmPV.exe
  C:\Windows\System\XneXmPV.exe
  2⤵
  PID:6368
- C:\Windows\System\CDJtoHh.exe
  C:\Windows\System\CDJtoHh.exe
  2⤵
  PID:6396
- C:\Windows\System\MwITbEg.exe
  C:\Windows\System\MwITbEg.exe
  2⤵
  PID:6420
- C:\Windows\System\oMmbgPX.exe
  C:\Windows\System\oMmbgPX.exe
  2⤵
  PID:6452
- C:\Windows\System\yBLfCRM.exe
  C:\Windows\System\yBLfCRM.exe
  2⤵
  PID:6480
- C:\Windows\System\SXKXWKR.exe
  C:\Windows\System\SXKXWKR.exe
  2⤵
  PID:6512
- C:\Windows\System\NVhjJlJ.exe
  C:\Windows\System\NVhjJlJ.exe
  2⤵
  PID:6532
- C:\Windows\System\TwOBjeA.exe
  C:\Windows\System\TwOBjeA.exe
  2⤵
  PID:6560
- C:\Windows\System\NXEUYAI.exe
  C:\Windows\System\NXEUYAI.exe
  2⤵
  PID:6588
- C:\Windows\System\nCcsTwq.exe
  C:\Windows\System\nCcsTwq.exe
  2⤵
  PID:6620
- C:\Windows\System\RzwRxkW.exe
  C:\Windows\System\RzwRxkW.exe
  2⤵
  PID:6648
- C:\Windows\System\GvnGjCp.exe
  C:\Windows\System\GvnGjCp.exe
  2⤵
  PID:6676
- C:\Windows\System\Yihbppw.exe
  C:\Windows\System\Yihbppw.exe
  2⤵
  PID:6708
- C:\Windows\System\rZLYXEs.exe
  C:\Windows\System\rZLYXEs.exe
  2⤵
  PID:6728
- C:\Windows\System\ChVFUGE.exe
  C:\Windows\System\ChVFUGE.exe
  2⤵
  PID:6756
- C:\Windows\System\qsOYnYE.exe
  C:\Windows\System\qsOYnYE.exe
  2⤵
  PID:6788
- C:\Windows\System\GzBaIgx.exe
  C:\Windows\System\GzBaIgx.exe
  2⤵
  PID:6816
- C:\Windows\System\uoXDitP.exe
  C:\Windows\System\uoXDitP.exe
  2⤵
  PID:6844
- C:\Windows\System\MohhTCv.exe
  C:\Windows\System\MohhTCv.exe
  2⤵
  PID:6872
- C:\Windows\System\dITwAxQ.exe
  C:\Windows\System\dITwAxQ.exe
  2⤵
  PID:6900
- C:\Windows\System\IxAFXzR.exe
  C:\Windows\System\IxAFXzR.exe
  2⤵
  PID:6924
- C:\Windows\System\PzDWTrf.exe
  C:\Windows\System\PzDWTrf.exe
  2⤵
  PID:6960
- C:\Windows\System\YzhnJpr.exe
  C:\Windows\System\YzhnJpr.exe
  2⤵
  PID:6980
- C:\Windows\System\sLIGDgx.exe
  C:\Windows\System\sLIGDgx.exe
  2⤵
  PID:7016
- C:\Windows\System\epKRDnA.exe
  C:\Windows\System\epKRDnA.exe
  2⤵
  PID:7040
- C:\Windows\System\TLIVUkL.exe
  C:\Windows\System\TLIVUkL.exe
  2⤵
  PID:7064
- C:\Windows\System\PeghNtT.exe
  C:\Windows\System\PeghNtT.exe
  2⤵
  PID:7096
- C:\Windows\System\rwPuFwk.exe
  C:\Windows\System\rwPuFwk.exe
  2⤵
  PID:7120
- C:\Windows\System\AgdgIDE.exe
  C:\Windows\System\AgdgIDE.exe
  2⤵
  PID:7148
- C:\Windows\System\ORHJLXL.exe
  C:\Windows\System\ORHJLXL.exe
  2⤵
  PID:6164
- C:\Windows\System\FgilyhM.exe
  C:\Windows\System\FgilyhM.exe
  2⤵
  PID:6236
- C:\Windows\System\ChuUMhr.exe
  C:\Windows\System\ChuUMhr.exe
  2⤵
  PID:6304
- C:\Windows\System\egiyatW.exe
  C:\Windows\System\egiyatW.exe
  2⤵
  PID:6360
- C:\Windows\System\gfwqyvU.exe
  C:\Windows\System\gfwqyvU.exe
  2⤵
  PID:6404
- C:\Windows\System\LuxkWKP.exe
  C:\Windows\System\LuxkWKP.exe
  2⤵
  PID:6468
- C:\Windows\System\wnBLjhj.exe
  C:\Windows\System\wnBLjhj.exe
  2⤵
  PID:6520
- C:\Windows\System\sWZoqUk.exe
  C:\Windows\System\sWZoqUk.exe
  2⤵
  PID:6600
- C:\Windows\System\RAXRgqk.exe
  C:\Windows\System\RAXRgqk.exe
  2⤵
  PID:6692
- C:\Windows\System\bPwcxkN.exe
  C:\Windows\System\bPwcxkN.exe
  2⤵
  PID:6752
- C:\Windows\System\WqsPOxi.exe
  C:\Windows\System\WqsPOxi.exe
  2⤵
  PID:6824
- C:\Windows\System\jTTyILa.exe
  C:\Windows\System\jTTyILa.exe
  2⤵
  PID:6888
- C:\Windows\System\VsREwen.exe
  C:\Windows\System\VsREwen.exe
  2⤵
  PID:6920
- C:\Windows\System\hZGwLub.exe
  C:\Windows\System\hZGwLub.exe
  2⤵
  PID:7024
- C:\Windows\System\LhSMYev.exe
  C:\Windows\System\LhSMYev.exe
  2⤵
  PID:7108
- C:\Windows\System\KDVmzRM.exe
  C:\Windows\System\KDVmzRM.exe
  2⤵
  PID:6160
- C:\Windows\System\SeHBVvs.exe
  C:\Windows\System\SeHBVvs.exe
  2⤵
  PID:6332
- C:\Windows\System\FlaIGkx.exe
  C:\Windows\System\FlaIGkx.exe
  2⤵
  PID:6432
- C:\Windows\System\BYCDwZY.exe
  C:\Windows\System\BYCDwZY.exe
  2⤵
  PID:6636
- C:\Windows\System\XDJBvQq.exe
  C:\Windows\System\XDJBvQq.exe
  2⤵
  PID:6780
- C:\Windows\System\upVYDSM.exe
  C:\Windows\System\upVYDSM.exe
  2⤵
  PID:6916
- C:\Windows\System\kJhtaId.exe
  C:\Windows\System\kJhtaId.exe
  2⤵
  PID:7088
- C:\Windows\System\IRLoEpt.exe
  C:\Windows\System\IRLoEpt.exe
  2⤵
  PID:6356
- C:\Windows\System\yiLRwKc.exe
  C:\Windows\System\yiLRwKc.exe
  2⤵
  PID:6740
- C:\Windows\System\EOEuAxh.exe
  C:\Windows\System\EOEuAxh.exe
  2⤵
  PID:6908
- C:\Windows\System\ynUUBmR.exe
  C:\Windows\System\ynUUBmR.exe
  2⤵
  PID:6552
- C:\Windows\System\bDqmUea.exe
  C:\Windows\System\bDqmUea.exe
  2⤵
  PID:7172
- C:\Windows\System\MvjzQhH.exe
  C:\Windows\System\MvjzQhH.exe
  2⤵
  PID:7208
- C:\Windows\System\MAcQBxj.exe
  C:\Windows\System\MAcQBxj.exe
  2⤵
  PID:7224
- C:\Windows\System\yuJPfUz.exe
  C:\Windows\System\yuJPfUz.exe
  2⤵
  PID:7264
- C:\Windows\System\viiSisK.exe
  C:\Windows\System\viiSisK.exe
  2⤵
  PID:7280
- C:\Windows\System\ODcAXxz.exe
  C:\Windows\System\ODcAXxz.exe
  2⤵
  PID:7308
- C:\Windows\System\lojeLvZ.exe
  C:\Windows\System\lojeLvZ.exe
  2⤵
  PID:7336
- C:\Windows\System\myNCYdC.exe
  C:\Windows\System\myNCYdC.exe
  2⤵
  PID:7368
- C:\Windows\System\anPkoUU.exe
  C:\Windows\System\anPkoUU.exe
  2⤵
  PID:7400
- C:\Windows\System\EVWxrwB.exe
  C:\Windows\System\EVWxrwB.exe
  2⤵
  PID:7420
- C:\Windows\System\PaBhseh.exe
  C:\Windows\System\PaBhseh.exe
  2⤵
  PID:7452
- C:\Windows\System\WGDNlcE.exe
  C:\Windows\System\WGDNlcE.exe
  2⤵
  PID:7484
- C:\Windows\System\KFiyunw.exe
  C:\Windows\System\KFiyunw.exe
  2⤵
  PID:7516
- C:\Windows\System\BdjjHCN.exe
  C:\Windows\System\BdjjHCN.exe
  2⤵
  PID:7544
- C:\Windows\System\dZNxNzm.exe
  C:\Windows\System\dZNxNzm.exe
  2⤵
  PID:7560
- C:\Windows\System\RBEPakH.exe
  C:\Windows\System\RBEPakH.exe
  2⤵
  PID:7588
- C:\Windows\System\SzdcrAm.exe
  C:\Windows\System\SzdcrAm.exe
  2⤵
  PID:7616
- C:\Windows\System\rTRLMup.exe
  C:\Windows\System\rTRLMup.exe
  2⤵
  PID:7644
- C:\Windows\System\CWZbjIq.exe
  C:\Windows\System\CWZbjIq.exe
  2⤵
  PID:7660
- C:\Windows\System\UgRGevL.exe
  C:\Windows\System\UgRGevL.exe
  2⤵
  PID:7680
- C:\Windows\System\RbNQMZf.exe
  C:\Windows\System\RbNQMZf.exe
  2⤵
  PID:7700
- C:\Windows\System\aOPuavw.exe
  C:\Windows\System\aOPuavw.exe
  2⤵
  PID:7732
- C:\Windows\System\XkzCcHp.exe
  C:\Windows\System\XkzCcHp.exe
  2⤵
  PID:7768
- C:\Windows\System\ledAMzt.exe
  C:\Windows\System\ledAMzt.exe
  2⤵
  PID:7804
- C:\Windows\System\CLBkOFy.exe
  C:\Windows\System\CLBkOFy.exe
  2⤵
  PID:7844
- C:\Windows\System\dlzymka.exe
  C:\Windows\System\dlzymka.exe
  2⤵
  PID:7868
- C:\Windows\System\qaTJbLg.exe
  C:\Windows\System\qaTJbLg.exe
  2⤵
  PID:7900
- C:\Windows\System\ixZBZms.exe
  C:\Windows\System\ixZBZms.exe
  2⤵
  PID:7936
- C:\Windows\System\jfXpSvl.exe
  C:\Windows\System\jfXpSvl.exe
  2⤵
  PID:7956
- C:\Windows\System\mHvBVnr.exe
  C:\Windows\System\mHvBVnr.exe
  2⤵
  PID:7980
- C:\Windows\System\AlovDlp.exe
  C:\Windows\System\AlovDlp.exe
  2⤵
  PID:7996
- C:\Windows\System\JYBjhNE.exe
  C:\Windows\System\JYBjhNE.exe
  2⤵
  PID:8032
- C:\Windows\System\VNuXpyp.exe
  C:\Windows\System\VNuXpyp.exe
  2⤵
  PID:8068
- C:\Windows\System\pvoWyMI.exe
  C:\Windows\System\pvoWyMI.exe
  2⤵
  PID:8092
- C:\Windows\System\eixTKsS.exe
  C:\Windows\System\eixTKsS.exe
  2⤵
  PID:8132
- C:\Windows\System\BHbGLZy.exe
  C:\Windows\System\BHbGLZy.exe
  2⤵
  PID:8148
- C:\Windows\System\KNoqABR.exe
  C:\Windows\System\KNoqABR.exe
  2⤵
  PID:8176
- C:\Windows\System\nqjzwbA.exe
  C:\Windows\System\nqjzwbA.exe
  2⤵
  PID:7204
- C:\Windows\System\ddLMnrG.exe
  C:\Windows\System\ddLMnrG.exe
  2⤵
  PID:7216
- C:\Windows\System\yDotbwu.exe
  C:\Windows\System\yDotbwu.exe
  2⤵
  PID:7272
- C:\Windows\System\IlOkDwF.exe
  C:\Windows\System\IlOkDwF.exe
  2⤵
  PID:7324
- C:\Windows\System\obAXWIq.exe
  C:\Windows\System\obAXWIq.exe
  2⤵
  PID:7392
- C:\Windows\System\haFpXPW.exe
  C:\Windows\System\haFpXPW.exe
  2⤵
  PID:7480
- C:\Windows\System\pMVtaAd.exe
  C:\Windows\System\pMVtaAd.exe
  2⤵
  PID:7572
- C:\Windows\System\BKxkZFB.exe
  C:\Windows\System\BKxkZFB.exe
  2⤵
  PID:7640
- C:\Windows\System\VbZgugn.exe
  C:\Windows\System\VbZgugn.exe
  2⤵
  PID:7712
- C:\Windows\System\blpMzfR.exe
  C:\Windows\System\blpMzfR.exe
  2⤵
  PID:7744
- C:\Windows\System\zPohasM.exe
  C:\Windows\System\zPohasM.exe
  2⤵
  PID:7788
- C:\Windows\System\FNLczsF.exe
  C:\Windows\System\FNLczsF.exe
  2⤵
  PID:7908
- C:\Windows\System\gCcesxM.exe
  C:\Windows\System\gCcesxM.exe
  2⤵
  PID:7952
- C:\Windows\System\TmEgfGW.exe
  C:\Windows\System\TmEgfGW.exe
  2⤵
  PID:7992
- C:\Windows\System\rRpeglk.exe
  C:\Windows\System\rRpeglk.exe
  2⤵
  PID:8076
- C:\Windows\System\wmlSXXr.exe
  C:\Windows\System\wmlSXXr.exe
  2⤵
  PID:8128
- C:\Windows\System\rITSWsd.exe
  C:\Windows\System\rITSWsd.exe
  2⤵
  PID:7196
- C:\Windows\System\juJrMfQ.exe
  C:\Windows\System\juJrMfQ.exe
  2⤵
  PID:7416
- C:\Windows\System\iAUzlkx.exe
  C:\Windows\System\iAUzlkx.exe
  2⤵
  PID:7532
- C:\Windows\System\nwTemNx.exe
  C:\Windows\System\nwTemNx.exe
  2⤵
  PID:7760
- C:\Windows\System\rOdJbXd.exe
  C:\Windows\System\rOdJbXd.exe
  2⤵
  PID:7888
- C:\Windows\System\mKCtWxf.exe
  C:\Windows\System\mKCtWxf.exe
  2⤵
  PID:8064
- C:\Windows\System\sXjBClQ.exe
  C:\Windows\System\sXjBClQ.exe
  2⤵
  PID:7220
- C:\Windows\System\GKzCRUu.exe
  C:\Windows\System\GKzCRUu.exe
  2⤵
  PID:7652
- C:\Windows\System\CtZCNUp.exe
  C:\Windows\System\CtZCNUp.exe
  2⤵
  PID:8020
- C:\Windows\System\kzZVMnr.exe
  C:\Windows\System\kzZVMnr.exe
  2⤵
  PID:7464
- C:\Windows\System\nsJSGLI.exe
  C:\Windows\System\nsJSGLI.exe
  2⤵
  PID:7692
- C:\Windows\System\ZpkxawE.exe
  C:\Windows\System\ZpkxawE.exe
  2⤵
  PID:8200
- C:\Windows\System\ZUYJSSU.exe
  C:\Windows\System\ZUYJSSU.exe
  2⤵
  PID:8236
- C:\Windows\System\mBcyGZR.exe
  C:\Windows\System\mBcyGZR.exe
  2⤵
  PID:8252
- C:\Windows\System\iesdZAS.exe
  C:\Windows\System\iesdZAS.exe
  2⤵
  PID:8280
- C:\Windows\System\EAEBjPM.exe
  C:\Windows\System\EAEBjPM.exe
  2⤵
  PID:8308
- C:\Windows\System\AAzxkyU.exe
  C:\Windows\System\AAzxkyU.exe
  2⤵
  PID:8348
- C:\Windows\System\GBMgtCT.exe
  C:\Windows\System\GBMgtCT.exe
  2⤵
  PID:8364
- C:\Windows\System\VXOmMTQ.exe
  C:\Windows\System\VXOmMTQ.exe
  2⤵
  PID:8392
- C:\Windows\System\SYLgfGG.exe
  C:\Windows\System\SYLgfGG.exe
  2⤵
  PID:8412
- C:\Windows\System\TGVZNUn.exe
  C:\Windows\System\TGVZNUn.exe
  2⤵
  PID:8448
- C:\Windows\System\Zwfyymw.exe
  C:\Windows\System\Zwfyymw.exe
  2⤵
  PID:8476
- C:\Windows\System\phFuXvS.exe
  C:\Windows\System\phFuXvS.exe
  2⤵
  PID:8500
- C:\Windows\System\iiFgcLq.exe
  C:\Windows\System\iiFgcLq.exe
  2⤵
  PID:8528
- C:\Windows\System\xgRTPhw.exe
  C:\Windows\System\xgRTPhw.exe
  2⤵
  PID:8572
- C:\Windows\System\iZflYcA.exe
  C:\Windows\System\iZflYcA.exe
  2⤵
  PID:8600
- C:\Windows\System\KtQDBBw.exe
  C:\Windows\System\KtQDBBw.exe
  2⤵
  PID:8616
- C:\Windows\System\kWRDWYY.exe
  C:\Windows\System\kWRDWYY.exe
  2⤵
  PID:8632
- C:\Windows\System\XQxgoIP.exe
  C:\Windows\System\XQxgoIP.exe
  2⤵
  PID:8660
- C:\Windows\System\CVrzIeA.exe
  C:\Windows\System\CVrzIeA.exe
  2⤵
  PID:8700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DbHrwfk.exe

Filesize
2.1MB

MD5
1b0e74a1e63ae1fba7565a11761fdeeb

SHA1
aa340ac617c153fc769363750f03c5d748812469

SHA256
2d48def704775e00abc17242200742730dffbc742e93c3581d75999871356351

SHA512
5306dba107f0baa9a52f39a27cd5e967ce19f05eec9bf50d24c0da5b9d22d5c6667dedd9ddf63e56d7c544bfd8707fb02abde97c390ee3478720cdbfca2cbc63

Download Submit
C:\Windows\System\EWnoevD.exe

Filesize
2.1MB

MD5
4762c10660b7b6d4b615837d0e5ad7fd

SHA1
f9cd057ee45c3fceda818803d0091effe4a53bd4

SHA256
2fa200dc46b820f9c30187fd5460ff0508feabde787aff74145af49dc634902f

SHA512
c0df9b20c10cececf517cae1b893bc954e380cc6f1b430b548cf41b818509a86bbf186ca011ad965134caed73a12e68a7a364a5f1148e4b5d8ff9ef016214cb4

Download Submit
C:\Windows\System\EuMwejv.exe

Filesize
2.1MB

MD5
f080e97c93e0e565a70744b2334aa7db

SHA1
5489965ba9909c1c228e4687faf557f6ba5e1905

SHA256
db18e9ca71802ac723af7df571ad51b93679b76e30f271040ac1702989e1c8fa

SHA512
09396976a6b0e476d5b4636fbf50783c56c072bb1db0904015d2c9249c16fdad1dacd18e1376de56521829bfc185262f7fd3302872507708e5870895f5ead057

Download Submit
C:\Windows\System\HDBKciT.exe

Filesize
2.1MB

MD5
4c7db8190e3a45111a85985d07043d87

SHA1
665ed521dd995af618429e714b71adabbebe4499

SHA256
d603581ec7e2f7e28cbc3fe4ab8f0232b2be657a4863363bf8086f5ca162a805

SHA512
5768cf4999d385cecaab1a153dab584048e04d72f0af4a46278c28f8fc03e7abebc4c863a51b09a55b750bb684f77a1c7426ad19d2877894950a328dae907437

Download Submit
C:\Windows\System\IvBLVpX.exe

Filesize
2.1MB

MD5
b0c32fade67a5a64babccb52c46cf567

SHA1
aa132a5b626a12ea970fb347b297b70edeae2d80

SHA256
fdf7ac161776b8e0b51c0294affc8e35de9f6133ce7d333f7b1203d4d622c60c

SHA512
847610dfad585373c83d1ce8625adf4ee2973176795ec709f64ce3a7a9ccb2f55e15b4fca1fcf58cfdf62caa7709659545217e70f674fdc00dd702051529f815

Download Submit
C:\Windows\System\IwzKFlB.exe

Filesize
2.1MB

MD5
e370820db18d4ba83e5894a85f215ac8

SHA1
b0684a3ccfdbb661425f3b069bcf20080eba6f10

SHA256
d5959922fd69cd1427fd54f7096f92342e097908f5008c8ac51819f11f87ec92

SHA512
cbda1ee56f2d39fc7c94144384da9d88d4421c1988b963cdc6f43aff78aae7a62e6cbaf37a58f33d2e323c2317444c562f8442ce86eafcbcde86eae79fe7b2dc

Download Submit
C:\Windows\System\NMlkAKD.exe

Filesize
2.1MB

MD5
cba6fd8e896ebfde095db8e4a387f71b

SHA1
f84fd00908a6dca390259f41558ef6a9e987c5a9

SHA256
da77701f1dba21f522a8b5e575fb6c7b7b1929e9667db34fb526a6e5ec59238f

SHA512
3acc5cb9ce9dcecb8a2c9c98a872e325ba77fb295daf7de3848abd94413a2548ba67b0ad9e8ec49f58083ee5655b3cbcebbd054ebc8e749e01696c4b6c617d7c

Download Submit
C:\Windows\System\OzdZiEe.exe

Filesize
2.1MB

MD5
e1941745e130a8de19b92de69643f8c1

SHA1
9f380add64e4da5e3460024f7f2899a5b80b7a36

SHA256
cb4881c674d8c9d3df3ba6b17c8d80e24efe02a57a720a5f1a5c2c33562e0dae

SHA512
9476abf2bbbc7754bf80dfb9b0531b2e7d1038b0c4b1081a42c67df8e5b49f33da9ef40855ebeb1448dbbed29796e38b0cf281f0fe914763815127f4ae894284

Download Submit
C:\Windows\System\RMZaArP.exe

Filesize
2.1MB

MD5
17aa36b1a23831450592654fed39f2cd

SHA1
867634fee2b21a484a35c64803c3543078c9d52d

SHA256
299095edfca29f3f6cc0fa68c63aef18fe4efeb2a1487e0742ac938c824e8da4

SHA512
f1b6777e4b7537be9f48a6cd4ac4eada6e0f9dad310bff5751d8f097cbeb4395f50c5fcabbdb168d464f03df15c8e4c0ab0fb95735090e8351d7ffc6bb73cbdf

Download Submit
C:\Windows\System\UOaMkAw.exe

Filesize
2.1MB

MD5
b3735298c3371caf4782558dd8e4fc08

SHA1
b33335294f9dbc52c01519659078d34270faf078

SHA256
c0a2d2ac935d2882604cc153bcfc1aa1b53c72f9eebde733b296f383362637b9

SHA512
aa6c5e91b3c1c573bb3044718c837c642ae46c1d80ea0d39446f819469800a6f1aba650626a1d16f1cde311968d7d890164b7b93f703f3582b1f43fda303d236

Download Submit
C:\Windows\System\VtMhnpE.exe

Filesize
2.1MB

MD5
b2820173ae2b13c94c9a08ef38b49913

SHA1
4480d6d861ba873a7def6aaa33b9b9eecc0e308b

SHA256
65d09105d31a37c2bb5150d0487451707718964dfd62ed020249bff8875dda03

SHA512
9ac7f65002835d7218f3484b8674ba7f8a125f334b68081df5960b501b433d9dfee97d64dd71c1976852dde63121b85a851d756a7c20c9498bb043df00689fba

Download Submit
C:\Windows\System\YBVVTfX.exe

Filesize
2.1MB

MD5
d57616ba5db6e6f8328e6556a3be7693

SHA1
62e2adbda5fedc14b2780d2f3197e838b59dd760

SHA256
146088c9087529035adfba096c2a8538aaa0ea2687dc8880f5533a5db8b38dd6

SHA512
95dcd2123bfe9e72b58febc73fda41b209a453669753ea4dedf647c5ea460e76c3205d67fe964cb46b4a42e0a4c083ed7e5f6a09e9839e662b1a5822cedddc63

Download Submit
C:\Windows\System\ZNmzuEc.exe

Filesize
2.1MB

MD5
99ddf827bf965d29c55eb581ed08ad7d

SHA1
1c82318da2bbdacbb8c87910d9042863fd843b3d

SHA256
48f67651c5a4f710a6ebff23a1f292534998db3b70714c4cdcf6085107e2ce63

SHA512
87298d94320d5adf4f31d61d0ea8a1efbc7f6e4fb9de366615e246f2f3638c4a2ddfcfcbe8ab80b9bd774e33e0ca50749f991577e86465deb05e4a21c6fe6899

Download Submit
C:\Windows\System\ZPqAREa.exe

Filesize
2.1MB

MD5
cef042e2a898852a915367623344750d

SHA1
9bbe7442cb781f97b5b8314290f297cd8715ed94

SHA256
9d73ed00310c276f29db619f51f33ea3ad9b5ea62debe38c4dcd9932895eb521

SHA512
929753146c9faac443cab92b6903da1229e5be72f42cb8506e5ef722a6fae3f20a2e965d9ba191c682e400d181a8f71be133ed31bcc1eff021d1032bf7670560

Download Submit
C:\Windows\System\ZiFEbWc.exe

Filesize
2.1MB

MD5
91b222242da641ee284b2492e42ba091

SHA1
2dc638c751fa367131fd7b01119a04eb886b9168

SHA256
91ab29a65c133f7d4c667bb7ad978f26df7633e154a41d9e38ddd59dc2fb19ec

SHA512
780ebae1e4d3a4712add47c87b68ddc433f9b3367194737a9338cf5b3508cb73f1f960b15d280d73fac05e30536473e253f40092db2087fa5845a6d3d8b5f965

Download Submit
C:\Windows\System\blYVrGd.exe

Filesize
2.1MB

MD5
3885c39f2b4514956625e69f82b69ed4

SHA1
43b06492a04ad59961b224c31aa2f62bb41d21a3

SHA256
0607a536a2425694fbb8945aa5f88661e4c2dbe88e21fe98ff268b8e6d658909

SHA512
1fe1c505509d1646f8d0881792ca4af04d2624090c7893d57878b40aa007c55e13963ded832f6d14164c5dc5deb5c802c2bc1889b6db63b46b23c7321e88e883

Download Submit
C:\Windows\System\cVeuhpn.exe

Filesize
2.1MB

MD5
d8fa971b89245400618c1f346dbead76

SHA1
2ef0edf108de6acaa3b22b6c420ef1034bce1922

SHA256
d521296a3d214ba152d5bd53a9a711b3f74dcc258004b4e57ecf06ec60d868bb

SHA512
9be11867ae3261d974a82c11ef19cec6327d0ae2bbe4278fb6efbc48f8364de9d2300040af5bcd61d59b71ecab1821810b0bba61914b6244fa7e7ece17f62cf6

Download Submit
C:\Windows\System\druNFev.exe

Filesize
2.1MB

MD5
f4e7ae1eb224d6be269339d778ec5dee

SHA1
026bf7ba82ab8f302696d691fcc6556861bb7a90

SHA256
b10def7066e5d8b1c4584cbd4ecca21cc9ac156979e9dfd542c5c8b7d6bc738a

SHA512
82d3a1951d1e4706e5b6986dc9337113373507fe10821b31012514b94d8140f2e922196afe754750574833773624b01dd28d64265dee04f66301d35eb84c899f

Download Submit
C:\Windows\System\ewyjKbi.exe

Filesize
2.1MB

MD5
affba069c53fffdeede101deb48b0f3c

SHA1
47fffff3292cdcfd17603beaf969aeb9b75a7e72

SHA256
16df4543ad104468429b62622c3ef7115d77e1aedb0022505f10854f1141d01b

SHA512
32528595d1b706131dc4bde3bf14defc333f4af222f769bef684d1e2aeaa0267d17569d7fb3b1236392e23cec84752594345737883ac540c6230d523a717082a

Download Submit
C:\Windows\System\gDerqNd.exe

Filesize
2.1MB

MD5
0103712dc6a2b59ce08d9ffacdac6466

SHA1
435096e33c259694f5c3f14f4e8f6abfa56c1d33

SHA256
1de98482516784997d1b15a4d31dd8f8b417cb9ff64209b38ac2d371cfded1f7

SHA512
fe0b27df4e896a3782400151e527dbc1c44c8454e8f8e755c9e92c24426aca8d8d86bd5bbbce9a804918bec8f226e8192b4933eda74ea131e37e9a7e192a7ba4

Download Submit
C:\Windows\System\geCTlcl.exe

Filesize
2.1MB

MD5
6cb9d3763bb7c56261a0e27d4e3f32f5

SHA1
e32ab78318c61212f1a040d7a68082394a1687a5

SHA256
fc786f6463541f369ed66118572846ec39d66d4e5beea2e7fdbf86f9165de575

SHA512
f1f689f8646784345334a3e54f351ea940ef8c9310c31ef4ffb301c13d8b12182ce9b4659b5b86d900ca52369df658cc9d5fe908c22f1cc9370825b2d9ba7ec3

Download Submit
C:\Windows\System\kwocPDF.exe

Filesize
2.1MB

MD5
cafba438e9e4e7991713061c4874610f

SHA1
11baeabff0912c78eebec5b08c120b158c22482f

SHA256
e5052a2a8c0672ef6eeab7c17cada680d7ab116d5f41adaaabbd4ab6e8f3079d

SHA512
e51faa728ac9fc222820ea0401f10d0c09739200642738ff7282349e4bd008e3d569827236b9c5e5a2aa3b55668bd2bf63fb77574a2f7d18ac46277116555a19

Download Submit
C:\Windows\System\nSkJweo.exe

Filesize
2.1MB

MD5
aa46e352ef8c51c8c85bd603e614d801

SHA1
516a266a1887db0afc0303c06b88c7fdfd64419e

SHA256
d02ed5b2b14364f203439eae0d21a7fb3fb14928f5b5a4afb4df48a4a00246dc

SHA512
66baab6128780a6f8f89a6769ef9dee9ca4b31c4c37418fbd7f7f262b5276261aadaba2907e5aac4ceaa34b3ca4bc4a9c194819e7f14a7d69e7e8e5c9f7b2185

Download Submit
C:\Windows\System\qagwJaH.exe

Filesize
2.1MB

MD5
395f62c451d44363b87242f952a1b063

SHA1
dd9d4c877e5a7257d77df0403c98e6f50ce7c7cc

SHA256
b2311a7a567f6f0df1b91f79e01616d85daff4efe7c47d7258d4f75ff17c091f

SHA512
f5da38df7bba4e07c9bff62558eeac05d33d0646c96cfb1e03b2ddb2494b8b6f0888abe39c948c329073606219835ef0c805e5fd18370d9a1fa3fafc14bac205

Download Submit
C:\Windows\System\sESvPFD.exe

Filesize
2.1MB

MD5
038179bf9cf259e7b36700f18a427505

SHA1
48690905e41a5bdc7916fdbc361ad4fa51d8b739

SHA256
35e95363f6a84a31d6ee377dfe2447e8e8987cd832bd1079df60a75494311841

SHA512
4f9b96934bb90307a77f7f1cea7daa6ee9fbc354adc5a95910e7984cbde78a817702df6aa17f6bc42d61552ffe547282200947a917823b592cdb7864e92f701c

Download Submit
C:\Windows\System\sONvvmr.exe

Filesize
2.1MB

MD5
772d5bff5698c380ea8708934700c4b0

SHA1
509bc912dabd7ca4cbb786d83880e3d024dc3c4d

SHA256
bfa430230b56ee590a09e91f96afa7130f5e8d235131f4c6cc7aee9a8c248482

SHA512
05cd5d52ca32e927990bcf1ec503273e84a9c098ec8c8f054ae0a271a2f272992ee5cae875901a8fc8e383f3e957b2adde63433d702df9c353ec6682a415fe47

Download Submit
C:\Windows\System\tFayfHj.exe

Filesize
2.1MB

MD5
277f2fe3f2d580700de977890d839dd3

SHA1
94570c18989b82c5cc84bab3dec845a928f507f7

SHA256
534d2c037f91b31a851397405d22fb916b2c3626cef97601924894537c8f16df

SHA512
49e5f99c2008eeeb8a6130896dba836e4444b859962d3caeeca4a475a59e851866f7d846d6bdb0eb7f21b96fb781caaa9f63f338338f47ea3d45ca42fae3919f

Download Submit
C:\Windows\System\tfqXKnB.exe

Filesize
2.1MB

MD5
8dc604736ec17de4ad2b7ac919990cb9

SHA1
f52fd82204cdb5c7f59f04a8426836b59a80e87d

SHA256
0b4539e3a7534d6036405a72711f99f6913b6e1107d6c64b7ebefc6984ee99d0

SHA512
b9ce2ed2bd17cd0d681e263259f633dc15fa7277c50d4a0cc46360dce95dcb40f3129571e9424fea6f6a8d4d3fc8fcd88955a2c89b0f1f0bf6f2c74075bdfc30

Download Submit
C:\Windows\System\tlHaAPK.exe

Filesize
2.1MB

MD5
d9ea8201086976e79a56884e6b24f052

SHA1
7298e01d857a1635e8f0bd2e5d64e96b9c9f9eed

SHA256
7f7ee689baec0b2aa61b18018a59db33344a4c188c69798fb8896d69d687356d

SHA512
22ac16768891288267af1ee95460a6e74025c39c1b8a0bd303747f949ee9b5ff018a408e6f3c064c4d846a17e1d9d46d64a79e436fe8fc24bb8dd4c7213bbb93

Download Submit
C:\Windows\System\umGZdRP.exe

Filesize
2.1MB

MD5
3d63a836c377b44058db65551e90a88c

SHA1
257e5d1f25db98a18795ad5e3037ba646f66d7e0

SHA256
5c82a8ad407f3cd4392c787d744834a3753f04a0471207336309909fb674a2fb

SHA512
972a4b532e428ef6c20ee3a4e768c26185b8483ce160c8afe1ab30f7a8367a1bc511b30e3a06078d56f203b7afa4ddecea870fc57a4ede4155443dfad5d67419

Download Submit
C:\Windows\System\wGjvUKz.exe

Filesize
2.1MB

MD5
b722267b62946ecc3c9c1318e15c3f67

SHA1
37574379400b93727e3dadf62f486a5631a83b55

SHA256
50de4f7183d226c4c9fd45825ce07f3ec5af47cc92b61ef49e44994dbbe1a347

SHA512
b527325c027dc9a53303d7a5ca38b0542fd2fcb01382229648be7a4f0b7bbd9e7bbeb9c9fb6b231435730597ae1bddcc90a0511755ae59afe0b8bc86756d9711

Download Submit
C:\Windows\System\wrSXtkr.exe

Filesize
2.1MB

MD5
33ff20a5a52b0ccebe5b36e15ad64b19

SHA1
2aadf980c92ef8f901dfb135d45c587e9edb778f

SHA256
a26945b4b946e9734fc88c6231a64fb82f67274c9f4c8fc9a444172ee36e214f

SHA512
aa92cd92e62cc2f021d5d465564ce61afe35846eb66df9c60f5aa8849e679172a939f9e67ddad94080b43f2f2b586e19eaaa25bdd1d82eccec20bd4dfd42f335

Download Submit
C:\Windows\System\xETziZe.exe

Filesize
2.1MB

MD5
0b368d393ba0871c8f1d40ed37859503

SHA1
a9c6df23fbe2b6f92936f203e888d0a5186c608d

SHA256
51a10d5802d44904bc839c78b20ef7a77b70224a61ba5ec23909070521dc833e

SHA512
31100342ae39d36639b77d78596b52e68be00e64bdfe272a316b5b2b8f359a1cdf5336d7500ea376c63703c030215c2ed8f8c837c8a70aca820b5b9f56f6acf4

Download Submit
memory/3256-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download