kpot | 4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
Size

2.1MB
MD5

d3940798b3e65e865709f2070282b460
SHA1

68a85f4e8b874dfd9f9033c32120d336736cf617
SHA256

4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140
SHA512

de9f636d6d961e0b9e1b0f0218a0b06eed4cee253a0a0e80e8ff240e2419a8dc17ef433d171a36f9b62fbc07bb98c76f9b7ee148190b84b9836bc22e3bdcbba5
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2Pob:GemTLkNdfE0pZaQO

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023268-3.dat	family_kpot
behavioral2/files/0x000800000002326b-10.dat	family_kpot
behavioral2/files/0x000800000002326e-8.dat	family_kpot
behavioral2/files/0x0008000000023270-20.dat	family_kpot
behavioral2/files/0x0007000000023271-24.dat	family_kpot
behavioral2/files/0x0007000000023272-30.dat	family_kpot
behavioral2/files/0x0007000000023273-35.dat	family_kpot
behavioral2/files/0x0007000000023274-39.dat	family_kpot
behavioral2/files/0x0007000000023275-43.dat	family_kpot
behavioral2/files/0x000800000002326c-48.dat	family_kpot
behavioral2/files/0x0007000000023277-52.dat	family_kpot
behavioral2/files/0x0007000000023278-57.dat	family_kpot
behavioral2/files/0x0007000000023279-64.dat	family_kpot
behavioral2/files/0x000700000002327a-69.dat	family_kpot
behavioral2/files/0x000700000002327b-73.dat	family_kpot
behavioral2/files/0x000700000002327c-77.dat	family_kpot
behavioral2/files/0x000700000002327d-84.dat	family_kpot
behavioral2/files/0x000700000002327e-90.dat	family_kpot
behavioral2/files/0x000700000002327f-93.dat	family_kpot
behavioral2/files/0x0007000000023280-98.dat	family_kpot
behavioral2/files/0x0007000000023281-103.dat	family_kpot
behavioral2/files/0x0007000000023282-108.dat	family_kpot
behavioral2/files/0x0007000000023283-115.dat	family_kpot
behavioral2/files/0x0007000000023284-120.dat	family_kpot
behavioral2/files/0x0007000000023285-124.dat	family_kpot
behavioral2/files/0x0007000000023286-129.dat	family_kpot
behavioral2/files/0x0007000000023287-133.dat	family_kpot
behavioral2/files/0x0007000000023288-137.dat	family_kpot
behavioral2/files/0x0007000000023289-145.dat	family_kpot
behavioral2/files/0x000700000002328a-150.dat	family_kpot
behavioral2/files/0x000700000002328b-154.dat	family_kpot
behavioral2/files/0x000700000002328c-158.dat	family_kpot
behavioral2/files/0x000700000002328d-162.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000023268-3.dat	xmrig
behavioral2/files/0x000800000002326b-10.dat	xmrig
behavioral2/files/0x000800000002326e-8.dat	xmrig
behavioral2/files/0x0008000000023270-20.dat	xmrig
behavioral2/files/0x0007000000023271-24.dat	xmrig
behavioral2/files/0x0007000000023272-30.dat	xmrig
behavioral2/files/0x0007000000023273-35.dat	xmrig
behavioral2/files/0x0007000000023274-39.dat	xmrig
behavioral2/files/0x0007000000023275-43.dat	xmrig
behavioral2/files/0x000800000002326c-48.dat	xmrig
behavioral2/files/0x0007000000023277-52.dat	xmrig
behavioral2/files/0x0007000000023278-57.dat	xmrig
behavioral2/files/0x0007000000023279-64.dat	xmrig
behavioral2/files/0x000700000002327a-69.dat	xmrig
behavioral2/files/0x000700000002327b-73.dat	xmrig
behavioral2/files/0x000700000002327c-77.dat	xmrig
behavioral2/files/0x000700000002327d-84.dat	xmrig
behavioral2/files/0x000700000002327e-90.dat	xmrig
behavioral2/files/0x000700000002327f-93.dat	xmrig
behavioral2/files/0x0007000000023280-98.dat	xmrig
behavioral2/files/0x0007000000023281-103.dat	xmrig
behavioral2/files/0x0007000000023282-108.dat	xmrig
behavioral2/files/0x0007000000023283-115.dat	xmrig
behavioral2/files/0x0007000000023284-120.dat	xmrig
behavioral2/files/0x0007000000023285-124.dat	xmrig
behavioral2/files/0x0007000000023286-129.dat	xmrig
behavioral2/files/0x0007000000023287-133.dat	xmrig
behavioral2/files/0x0007000000023288-137.dat	xmrig
behavioral2/files/0x0007000000023289-145.dat	xmrig
behavioral2/files/0x000700000002328a-150.dat	xmrig
behavioral2/files/0x000700000002328b-154.dat	xmrig
behavioral2/files/0x000700000002328c-158.dat	xmrig
behavioral2/files/0x000700000002328d-162.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2244	cZZGNit.exe
2600	jHSFyES.exe
1432	xRWCIRH.exe
1396	oprEJKX.exe
3280	cGFLLIJ.exe
572	nYIUAoq.exe
4848	UBzsmXZ.exe
3692	obDOpGt.exe
5028	QakMBeA.exe
4276	VbMIiSs.exe
3216	QcLnJSU.exe
1040	tONtGzt.exe
4492	yhBoden.exe
4652	CajkSTd.exe
1804	FXVTOHL.exe
4304	LdMYmkK.exe
4604	WiCsvXb.exe
2816	KCFLoun.exe
2496	BPJITcz.exe
404	DnyOuKP.exe
4904	IZZMxfi.exe
1104	oAFbgyJ.exe
1696	ytxmGJR.exe
2408	ChCqKBP.exe
1064	MTyFeth.exe
3244	rtXGlXO.exe
3628	PVCfvQn.exe
4588	owGLKGS.exe
2460	uyCtuuN.exe
552	ocGugGZ.exe
2236	oBspfko.exe
4448	Fbvxqtr.exe
444	IRlMRnT.exe
2912	csLzFew.exe
2204	xWPaYtc.exe
3768	hjxzycB.exe
3940	HvZwdEr.exe
3664	YVAwneq.exe
3852	KQdwwJx.exe
4540	PVWqAeJ.exe
960	NQVqNIW.exe
3020	SCgTVQz.exe
2412	qmDmgSb.exe
4216	WJDWdag.exe
3024	GfTVgzy.exe
1636	EOaVoEk.exe
1736	KZpoZdI.exe
3260	mVAoZQF.exe
4596	WineVco.exe
3304	UstayJA.exe
3928	fNKHOGv.exe
2320	mJVGQFN.exe
5040	ojrhFlr.exe
1932	mZZrVkk.exe
4960	Kyswiyx.exe
2960	iLJbsll.exe
4472	UspfJgd.exe
4168	vxcDCHX.exe
1740	cMxQvdv.exe
1212	MMjwoKu.exe
4420	zJHkQXW.exe
4480	LOOmBmk.exe
788	KbYDQWl.exe
2252	AIPUgIE.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VbMIiSs.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\RHjwoTT.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\YuNUcfZ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\VqsZqpo.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\KGbfdvG.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\AifvDZU.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\IGKrERQ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\RNWHRgg.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\HZKFzfl.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\JOMvGqj.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\yhBoden.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\KbYDQWl.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\AhtxGlQ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\PvcSUGh.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\EPtIIwp.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\owGLKGS.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\LOOmBmk.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\umAzSPL.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\dTfcrVl.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\UmPgwJN.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\ocGugGZ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\RVtSSBi.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\rTxkksH.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\fNKHOGv.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\mJVGQFN.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\RnruATz.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\SknxDrL.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\YyUSOsz.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\tciyzPf.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\QcLnJSU.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\XvzYqBZ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\XKUIFzJ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\cFnJHkW.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\upZSRVn.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\krRcexQ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\WineVco.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\FwKGItk.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\nSifZzH.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\EwvXjny.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\esTEqyG.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\jqgICmb.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\XLoJUvz.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\EpeAIvO.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\IauaWPv.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\HuBCplk.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\rZpDMxb.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\LZzjmnL.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\TOjberX.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\nHOBuBb.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\KQdwwJx.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\OiQIloc.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\TypCdUJ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\wdxMHfB.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\jadOeBV.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\EOaVoEk.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\mVAoZQF.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\RExLDwd.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\OnDrrwJ.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\TXJAJZs.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\YmAqxKG.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\zRLYOXs.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\DnyOuKP.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\qmDmgSb.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
File created	C:\Windows\System\iRPktCR.exe	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2244	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	92
PID 4416 wrote to memory of 2244	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	92
PID 4416 wrote to memory of 2600	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	93
PID 4416 wrote to memory of 2600	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	93
PID 4416 wrote to memory of 1432	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	94
PID 4416 wrote to memory of 1432	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	94
PID 4416 wrote to memory of 1396	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	95
PID 4416 wrote to memory of 1396	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	95
PID 4416 wrote to memory of 3280	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	96
PID 4416 wrote to memory of 3280	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	96
PID 4416 wrote to memory of 572	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	97
PID 4416 wrote to memory of 572	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	97
PID 4416 wrote to memory of 4848	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	98
PID 4416 wrote to memory of 4848	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	98
PID 4416 wrote to memory of 3692	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	99
PID 4416 wrote to memory of 3692	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	99
PID 4416 wrote to memory of 5028	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	100
PID 4416 wrote to memory of 5028	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	100
PID 4416 wrote to memory of 4276	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	101
PID 4416 wrote to memory of 4276	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	101
PID 4416 wrote to memory of 3216	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	102
PID 4416 wrote to memory of 3216	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	102
PID 4416 wrote to memory of 1040	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	103
PID 4416 wrote to memory of 1040	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	103
PID 4416 wrote to memory of 4492	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	104
PID 4416 wrote to memory of 4492	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	104
PID 4416 wrote to memory of 4652	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	105
PID 4416 wrote to memory of 4652	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	105
PID 4416 wrote to memory of 1804	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	106
PID 4416 wrote to memory of 1804	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	106
PID 4416 wrote to memory of 4304	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	107
PID 4416 wrote to memory of 4304	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	107
PID 4416 wrote to memory of 4604	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	108
PID 4416 wrote to memory of 4604	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	108
PID 4416 wrote to memory of 2816	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	109
PID 4416 wrote to memory of 2816	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	109
PID 4416 wrote to memory of 2496	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	110
PID 4416 wrote to memory of 2496	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	110
PID 4416 wrote to memory of 404	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	111
PID 4416 wrote to memory of 404	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	111
PID 4416 wrote to memory of 4904	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	112
PID 4416 wrote to memory of 4904	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	112
PID 4416 wrote to memory of 1104	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	113
PID 4416 wrote to memory of 1104	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	113
PID 4416 wrote to memory of 1696	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	114
PID 4416 wrote to memory of 1696	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	114
PID 4416 wrote to memory of 2408	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	115
PID 4416 wrote to memory of 2408	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	115
PID 4416 wrote to memory of 1064	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	116
PID 4416 wrote to memory of 1064	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	116
PID 4416 wrote to memory of 3244	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	117
PID 4416 wrote to memory of 3244	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	117
PID 4416 wrote to memory of 3628	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	118
PID 4416 wrote to memory of 3628	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	118
PID 4416 wrote to memory of 4588	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	119
PID 4416 wrote to memory of 4588	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	119
PID 4416 wrote to memory of 2460	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	120
PID 4416 wrote to memory of 2460	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	120
PID 4416 wrote to memory of 552	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	121
PID 4416 wrote to memory of 552	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	121
PID 4416 wrote to memory of 2236	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	122
PID 4416 wrote to memory of 2236	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	122
PID 4416 wrote to memory of 4448	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	123
PID 4416 wrote to memory of 4448	4416	4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\System\cZZGNit.exe
  C:\Windows\System\cZZGNit.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\jHSFyES.exe
  C:\Windows\System\jHSFyES.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xRWCIRH.exe
  C:\Windows\System\xRWCIRH.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\oprEJKX.exe
  C:\Windows\System\oprEJKX.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\cGFLLIJ.exe
  C:\Windows\System\cGFLLIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\nYIUAoq.exe
  C:\Windows\System\nYIUAoq.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\UBzsmXZ.exe
  C:\Windows\System\UBzsmXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\obDOpGt.exe
  C:\Windows\System\obDOpGt.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\QakMBeA.exe
  C:\Windows\System\QakMBeA.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\VbMIiSs.exe
  C:\Windows\System\VbMIiSs.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\QcLnJSU.exe
  C:\Windows\System\QcLnJSU.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\tONtGzt.exe
  C:\Windows\System\tONtGzt.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\yhBoden.exe
  C:\Windows\System\yhBoden.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\CajkSTd.exe
  C:\Windows\System\CajkSTd.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\FXVTOHL.exe
  C:\Windows\System\FXVTOHL.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\LdMYmkK.exe
  C:\Windows\System\LdMYmkK.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\WiCsvXb.exe
  C:\Windows\System\WiCsvXb.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\KCFLoun.exe
  C:\Windows\System\KCFLoun.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\BPJITcz.exe
  C:\Windows\System\BPJITcz.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\DnyOuKP.exe
  C:\Windows\System\DnyOuKP.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\IZZMxfi.exe
  C:\Windows\System\IZZMxfi.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\oAFbgyJ.exe
  C:\Windows\System\oAFbgyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\ytxmGJR.exe
  C:\Windows\System\ytxmGJR.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ChCqKBP.exe
  C:\Windows\System\ChCqKBP.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\MTyFeth.exe
  C:\Windows\System\MTyFeth.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\rtXGlXO.exe
  C:\Windows\System\rtXGlXO.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\PVCfvQn.exe
  C:\Windows\System\PVCfvQn.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\owGLKGS.exe
  C:\Windows\System\owGLKGS.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\uyCtuuN.exe
  C:\Windows\System\uyCtuuN.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ocGugGZ.exe
  C:\Windows\System\ocGugGZ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\oBspfko.exe
  C:\Windows\System\oBspfko.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\Fbvxqtr.exe
  C:\Windows\System\Fbvxqtr.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\IRlMRnT.exe
  C:\Windows\System\IRlMRnT.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\csLzFew.exe
  C:\Windows\System\csLzFew.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\xWPaYtc.exe
  C:\Windows\System\xWPaYtc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\hjxzycB.exe
  C:\Windows\System\hjxzycB.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\HvZwdEr.exe
  C:\Windows\System\HvZwdEr.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\YVAwneq.exe
  C:\Windows\System\YVAwneq.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\KQdwwJx.exe
  C:\Windows\System\KQdwwJx.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\PVWqAeJ.exe
  C:\Windows\System\PVWqAeJ.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\NQVqNIW.exe
  C:\Windows\System\NQVqNIW.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\SCgTVQz.exe
  C:\Windows\System\SCgTVQz.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\qmDmgSb.exe
  C:\Windows\System\qmDmgSb.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\WJDWdag.exe
  C:\Windows\System\WJDWdag.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\GfTVgzy.exe
  C:\Windows\System\GfTVgzy.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\EOaVoEk.exe
  C:\Windows\System\EOaVoEk.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\KZpoZdI.exe
  C:\Windows\System\KZpoZdI.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\mVAoZQF.exe
  C:\Windows\System\mVAoZQF.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\WineVco.exe
  C:\Windows\System\WineVco.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\UstayJA.exe
  C:\Windows\System\UstayJA.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\fNKHOGv.exe
  C:\Windows\System\fNKHOGv.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\mJVGQFN.exe
  C:\Windows\System\mJVGQFN.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ojrhFlr.exe
  C:\Windows\System\ojrhFlr.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\mZZrVkk.exe
  C:\Windows\System\mZZrVkk.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\Kyswiyx.exe
  C:\Windows\System\Kyswiyx.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\iLJbsll.exe
  C:\Windows\System\iLJbsll.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\UspfJgd.exe
  C:\Windows\System\UspfJgd.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\vxcDCHX.exe
  C:\Windows\System\vxcDCHX.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\cMxQvdv.exe
  C:\Windows\System\cMxQvdv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\MMjwoKu.exe
  C:\Windows\System\MMjwoKu.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\zJHkQXW.exe
  C:\Windows\System\zJHkQXW.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\LOOmBmk.exe
  C:\Windows\System\LOOmBmk.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\KbYDQWl.exe
  C:\Windows\System\KbYDQWl.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\AIPUgIE.exe
  C:\Windows\System\AIPUgIE.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\COPTxRy.exe
  C:\Windows\System\COPTxRy.exe
  2⤵
  PID:4996
- C:\Windows\System\tkDtbPV.exe
  C:\Windows\System\tkDtbPV.exe
  2⤵
  PID:3900
- C:\Windows\System\IgbTqQT.exe
  C:\Windows\System\IgbTqQT.exe
  2⤵
  PID:4308
- C:\Windows\System\AWkmGbr.exe
  C:\Windows\System\AWkmGbr.exe
  2⤵
  PID:208
- C:\Windows\System\AfbCzaT.exe
  C:\Windows\System\AfbCzaT.exe
  2⤵
  PID:3184
- C:\Windows\System\bOZseZR.exe
  C:\Windows\System\bOZseZR.exe
  2⤵
  PID:2028
- C:\Windows\System\RnruATz.exe
  C:\Windows\System\RnruATz.exe
  2⤵
  PID:4376
- C:\Windows\System\vmvoYmx.exe
  C:\Windows\System\vmvoYmx.exe
  2⤵
  PID:700
- C:\Windows\System\wPHSlUl.exe
  C:\Windows\System\wPHSlUl.exe
  2⤵
  PID:3732
- C:\Windows\System\Prpnopq.exe
  C:\Windows\System\Prpnopq.exe
  2⤵
  PID:1316
- C:\Windows\System\SknxDrL.exe
  C:\Windows\System\SknxDrL.exe
  2⤵
  PID:1836
- C:\Windows\System\IweWeZB.exe
  C:\Windows\System\IweWeZB.exe
  2⤵
  PID:880
- C:\Windows\System\VfJXZhD.exe
  C:\Windows\System\VfJXZhD.exe
  2⤵
  PID:1208
- C:\Windows\System\jPnsETb.exe
  C:\Windows\System\jPnsETb.exe
  2⤵
  PID:1628
- C:\Windows\System\jqgICmb.exe
  C:\Windows\System\jqgICmb.exe
  2⤵
  PID:1092
- C:\Windows\System\pTlJMDX.exe
  C:\Windows\System\pTlJMDX.exe
  2⤵
  PID:4852
- C:\Windows\System\aZTVAIw.exe
  C:\Windows\System\aZTVAIw.exe
  2⤵
  PID:2424
- C:\Windows\System\EpeAIvO.exe
  C:\Windows\System\EpeAIvO.exe
  2⤵
  PID:1140
- C:\Windows\System\OiQIloc.exe
  C:\Windows\System\OiQIloc.exe
  2⤵
  PID:5136
- C:\Windows\System\DfbIFzS.exe
  C:\Windows\System\DfbIFzS.exe
  2⤵
  PID:5168
- C:\Windows\System\wMOnLbX.exe
  C:\Windows\System\wMOnLbX.exe
  2⤵
  PID:5184
- C:\Windows\System\mlUwXFl.exe
  C:\Windows\System\mlUwXFl.exe
  2⤵
  PID:5216
- C:\Windows\System\Pddjuta.exe
  C:\Windows\System\Pddjuta.exe
  2⤵
  PID:5248
- C:\Windows\System\OSHNYQC.exe
  C:\Windows\System\OSHNYQC.exe
  2⤵
  PID:5272
- C:\Windows\System\vaAArDs.exe
  C:\Windows\System\vaAArDs.exe
  2⤵
  PID:5308
- C:\Windows\System\OVpYYKF.exe
  C:\Windows\System\OVpYYKF.exe
  2⤵
  PID:5324
- C:\Windows\System\TNgTxZS.exe
  C:\Windows\System\TNgTxZS.exe
  2⤵
  PID:5356
- C:\Windows\System\JpPuTcs.exe
  C:\Windows\System\JpPuTcs.exe
  2⤵
  PID:5372
- C:\Windows\System\pCfWhQw.exe
  C:\Windows\System\pCfWhQw.exe
  2⤵
  PID:5396
- C:\Windows\System\xkGBEGV.exe
  C:\Windows\System\xkGBEGV.exe
  2⤵
  PID:5412
- C:\Windows\System\AuFogNd.exe
  C:\Windows\System\AuFogNd.exe
  2⤵
  PID:5444
- C:\Windows\System\lCxyKnf.exe
  C:\Windows\System\lCxyKnf.exe
  2⤵
  PID:5472
- C:\Windows\System\EPutdcA.exe
  C:\Windows\System\EPutdcA.exe
  2⤵
  PID:5504
- C:\Windows\System\RIHIKJU.exe
  C:\Windows\System\RIHIKJU.exe
  2⤵
  PID:5540
- C:\Windows\System\mrDQVYV.exe
  C:\Windows\System\mrDQVYV.exe
  2⤵
  PID:5568
- C:\Windows\System\TypCdUJ.exe
  C:\Windows\System\TypCdUJ.exe
  2⤵
  PID:5596
- C:\Windows\System\hVjKDoI.exe
  C:\Windows\System\hVjKDoI.exe
  2⤵
  PID:5624
- C:\Windows\System\iRPktCR.exe
  C:\Windows\System\iRPktCR.exe
  2⤵
  PID:5652
- C:\Windows\System\gxmQTex.exe
  C:\Windows\System\gxmQTex.exe
  2⤵
  PID:5680
- C:\Windows\System\VayJfqW.exe
  C:\Windows\System\VayJfqW.exe
  2⤵
  PID:5704
- C:\Windows\System\aEoeqjs.exe
  C:\Windows\System\aEoeqjs.exe
  2⤵
  PID:5732
- C:\Windows\System\kcGOZpY.exe
  C:\Windows\System\kcGOZpY.exe
  2⤵
  PID:5752
- C:\Windows\System\FbNIspw.exe
  C:\Windows\System\FbNIspw.exe
  2⤵
  PID:5780
- C:\Windows\System\dqtOCZJ.exe
  C:\Windows\System\dqtOCZJ.exe
  2⤵
  PID:5812
- C:\Windows\System\QEXtEFH.exe
  C:\Windows\System\QEXtEFH.exe
  2⤵
  PID:5840
- C:\Windows\System\trfAjlg.exe
  C:\Windows\System\trfAjlg.exe
  2⤵
  PID:5864
- C:\Windows\System\jieuAes.exe
  C:\Windows\System\jieuAes.exe
  2⤵
  PID:5888
- C:\Windows\System\gsPPJJw.exe
  C:\Windows\System\gsPPJJw.exe
  2⤵
  PID:5920
- C:\Windows\System\kHSzMYt.exe
  C:\Windows\System\kHSzMYt.exe
  2⤵
  PID:5944
- C:\Windows\System\tOGJGGr.exe
  C:\Windows\System\tOGJGGr.exe
  2⤵
  PID:5968
- C:\Windows\System\XWpFRZt.exe
  C:\Windows\System\XWpFRZt.exe
  2⤵
  PID:6000
- C:\Windows\System\EMRgyJw.exe
  C:\Windows\System\EMRgyJw.exe
  2⤵
  PID:6032
- C:\Windows\System\dzGbpvm.exe
  C:\Windows\System\dzGbpvm.exe
  2⤵
  PID:6056
- C:\Windows\System\OLGoPOf.exe
  C:\Windows\System\OLGoPOf.exe
  2⤵
  PID:6084
- C:\Windows\System\umAzSPL.exe
  C:\Windows\System\umAzSPL.exe
  2⤵
  PID:6112
- C:\Windows\System\eGxzrgl.exe
  C:\Windows\System\eGxzrgl.exe
  2⤵
  PID:6136
- C:\Windows\System\nokBUTG.exe
  C:\Windows\System\nokBUTG.exe
  2⤵
  PID:948
- C:\Windows\System\DexgSzU.exe
  C:\Windows\System\DexgSzU.exe
  2⤵
  PID:5208
- C:\Windows\System\RckMDnR.exe
  C:\Windows\System\RckMDnR.exe
  2⤵
  PID:5260
- C:\Windows\System\RVtSSBi.exe
  C:\Windows\System\RVtSSBi.exe
  2⤵
  PID:5348
- C:\Windows\System\ZMAeDNi.exe
  C:\Windows\System\ZMAeDNi.exe
  2⤵
  PID:5424
- C:\Windows\System\jyCrhSZ.exe
  C:\Windows\System\jyCrhSZ.exe
  2⤵
  PID:5532
- C:\Windows\System\geAOjdN.exe
  C:\Windows\System\geAOjdN.exe
  2⤵
  PID:5556
- C:\Windows\System\GIWYSTq.exe
  C:\Windows\System\GIWYSTq.exe
  2⤵
  PID:5616
- C:\Windows\System\oqazzlG.exe
  C:\Windows\System\oqazzlG.exe
  2⤵
  PID:5660
- C:\Windows\System\suDTkBR.exe
  C:\Windows\System\suDTkBR.exe
  2⤵
  PID:5776
- C:\Windows\System\woSbPuN.exe
  C:\Windows\System\woSbPuN.exe
  2⤵
  PID:5760
- C:\Windows\System\cHKVkiD.exe
  C:\Windows\System\cHKVkiD.exe
  2⤵
  PID:5856
- C:\Windows\System\XuXLwbn.exe
  C:\Windows\System\XuXLwbn.exe
  2⤵
  PID:6024
- C:\Windows\System\LIqVrwk.exe
  C:\Windows\System\LIqVrwk.exe
  2⤵
  PID:5984
- C:\Windows\System\nwMJQyB.exe
  C:\Windows\System\nwMJQyB.exe
  2⤵
  PID:6048
- C:\Windows\System\luqUXpi.exe
  C:\Windows\System\luqUXpi.exe
  2⤵
  PID:5144
- C:\Windows\System\dTfcrVl.exe
  C:\Windows\System\dTfcrVl.exe
  2⤵
  PID:5292
- C:\Windows\System\zCVFOge.exe
  C:\Windows\System\zCVFOge.exe
  2⤵
  PID:5460
- C:\Windows\System\eaiqiTj.exe
  C:\Windows\System\eaiqiTj.exe
  2⤵
  PID:5524
- C:\Windows\System\illsMpE.exe
  C:\Windows\System\illsMpE.exe
  2⤵
  PID:5636
- C:\Windows\System\jqsUhnt.exe
  C:\Windows\System\jqsUhnt.exe
  2⤵
  PID:5744
- C:\Windows\System\lYdCDBV.exe
  C:\Windows\System\lYdCDBV.exe
  2⤵
  PID:6012
- C:\Windows\System\iFAucuf.exe
  C:\Windows\System\iFAucuf.exe
  2⤵
  PID:5384
- C:\Windows\System\wXKIejR.exe
  C:\Windows\System\wXKIejR.exe
  2⤵
  PID:5932
- C:\Windows\System\OvMnOvd.exe
  C:\Windows\System\OvMnOvd.exe
  2⤵
  PID:5700
- C:\Windows\System\UmPgwJN.exe
  C:\Windows\System\UmPgwJN.exe
  2⤵
  PID:6152
- C:\Windows\System\RHjwoTT.exe
  C:\Windows\System\RHjwoTT.exe
  2⤵
  PID:6168
- C:\Windows\System\UIBeNWA.exe
  C:\Windows\System\UIBeNWA.exe
  2⤵
  PID:6188
- C:\Windows\System\moyZaet.exe
  C:\Windows\System\moyZaet.exe
  2⤵
  PID:6212
- C:\Windows\System\sdMfkrQ.exe
  C:\Windows\System\sdMfkrQ.exe
  2⤵
  PID:6236
- C:\Windows\System\wdxMHfB.exe
  C:\Windows\System\wdxMHfB.exe
  2⤵
  PID:6260
- C:\Windows\System\xsLSvGH.exe
  C:\Windows\System\xsLSvGH.exe
  2⤵
  PID:6292
- C:\Windows\System\TtsFPrW.exe
  C:\Windows\System\TtsFPrW.exe
  2⤵
  PID:6316
- C:\Windows\System\XvzYqBZ.exe
  C:\Windows\System\XvzYqBZ.exe
  2⤵
  PID:6344
- C:\Windows\System\UmRHvpr.exe
  C:\Windows\System\UmRHvpr.exe
  2⤵
  PID:6372
- C:\Windows\System\PqlLmEN.exe
  C:\Windows\System\PqlLmEN.exe
  2⤵
  PID:6400
- C:\Windows\System\bwuxUtF.exe
  C:\Windows\System\bwuxUtF.exe
  2⤵
  PID:6424
- C:\Windows\System\lvmUJHJ.exe
  C:\Windows\System\lvmUJHJ.exe
  2⤵
  PID:6448
- C:\Windows\System\BmMDyTu.exe
  C:\Windows\System\BmMDyTu.exe
  2⤵
  PID:6476
- C:\Windows\System\oPJuaor.exe
  C:\Windows\System\oPJuaor.exe
  2⤵
  PID:6504
- C:\Windows\System\YyUSOsz.exe
  C:\Windows\System\YyUSOsz.exe
  2⤵
  PID:6532
- C:\Windows\System\gWijfDY.exe
  C:\Windows\System\gWijfDY.exe
  2⤵
  PID:6556
- C:\Windows\System\OLSpfOv.exe
  C:\Windows\System\OLSpfOv.exe
  2⤵
  PID:6592
- C:\Windows\System\CMNBSZA.exe
  C:\Windows\System\CMNBSZA.exe
  2⤵
  PID:6620
- C:\Windows\System\sIJXxTb.exe
  C:\Windows\System\sIJXxTb.exe
  2⤵
  PID:6668
- C:\Windows\System\ApLSxEj.exe
  C:\Windows\System\ApLSxEj.exe
  2⤵
  PID:6688
- C:\Windows\System\SSfNAts.exe
  C:\Windows\System\SSfNAts.exe
  2⤵
  PID:6712
- C:\Windows\System\OJtCPFn.exe
  C:\Windows\System\OJtCPFn.exe
  2⤵
  PID:6732
- C:\Windows\System\zgxSRQC.exe
  C:\Windows\System\zgxSRQC.exe
  2⤵
  PID:6760
- C:\Windows\System\dDQDWZO.exe
  C:\Windows\System\dDQDWZO.exe
  2⤵
  PID:6796
- C:\Windows\System\OZmsEGT.exe
  C:\Windows\System\OZmsEGT.exe
  2⤵
  PID:6820
- C:\Windows\System\vQQKlKO.exe
  C:\Windows\System\vQQKlKO.exe
  2⤵
  PID:6848
- C:\Windows\System\YuNUcfZ.exe
  C:\Windows\System\YuNUcfZ.exe
  2⤵
  PID:6876
- C:\Windows\System\rTxkksH.exe
  C:\Windows\System\rTxkksH.exe
  2⤵
  PID:6900
- C:\Windows\System\oOZghFL.exe
  C:\Windows\System\oOZghFL.exe
  2⤵
  PID:6928
- C:\Windows\System\MsiWlCd.exe
  C:\Windows\System\MsiWlCd.exe
  2⤵
  PID:6960
- C:\Windows\System\PjeeOJm.exe
  C:\Windows\System\PjeeOJm.exe
  2⤵
  PID:6988
- C:\Windows\System\IauaWPv.exe
  C:\Windows\System\IauaWPv.exe
  2⤵
  PID:7008
- C:\Windows\System\NCXRfVE.exe
  C:\Windows\System\NCXRfVE.exe
  2⤵
  PID:7044
- C:\Windows\System\OelTifa.exe
  C:\Windows\System\OelTifa.exe
  2⤵
  PID:7072
- C:\Windows\System\kfXZBwX.exe
  C:\Windows\System\kfXZBwX.exe
  2⤵
  PID:7100
- C:\Windows\System\pZxTvrW.exe
  C:\Windows\System\pZxTvrW.exe
  2⤵
  PID:7124
- C:\Windows\System\HuBCplk.exe
  C:\Windows\System\HuBCplk.exe
  2⤵
  PID:7160
- C:\Windows\System\vMhWxyu.exe
  C:\Windows\System\vMhWxyu.exe
  2⤵
  PID:6148
- C:\Windows\System\XKUIFzJ.exe
  C:\Windows\System\XKUIFzJ.exe
  2⤵
  PID:6224
- C:\Windows\System\lwYsbQr.exe
  C:\Windows\System\lwYsbQr.exe
  2⤵
  PID:6180
- C:\Windows\System\AifvDZU.exe
  C:\Windows\System\AifvDZU.exe
  2⤵
  PID:6360
- C:\Windows\System\zxLUDFY.exe
  C:\Windows\System\zxLUDFY.exe
  2⤵
  PID:6328
- C:\Windows\System\WoPyyqQ.exe
  C:\Windows\System\WoPyyqQ.exe
  2⤵
  PID:6460
- C:\Windows\System\cFnJHkW.exe
  C:\Windows\System\cFnJHkW.exe
  2⤵
  PID:6500
- C:\Windows\System\TgZpNXp.exe
  C:\Windows\System\TgZpNXp.exe
  2⤵
  PID:6564
- C:\Windows\System\qacjYOp.exe
  C:\Windows\System\qacjYOp.exe
  2⤵
  PID:6576
- C:\Windows\System\iurpUPh.exe
  C:\Windows\System\iurpUPh.exe
  2⤵
  PID:6724
- C:\Windows\System\uuWENDy.exe
  C:\Windows\System\uuWENDy.exe
  2⤵
  PID:6704
- C:\Windows\System\XOddEEf.exe
  C:\Windows\System\XOddEEf.exe
  2⤵
  PID:6700
- C:\Windows\System\FXKNsGZ.exe
  C:\Windows\System\FXKNsGZ.exe
  2⤵
  PID:6872
- C:\Windows\System\IGKrERQ.exe
  C:\Windows\System\IGKrERQ.exe
  2⤵
  PID:6920
- C:\Windows\System\jadOeBV.exe
  C:\Windows\System\jadOeBV.exe
  2⤵
  PID:6980
- C:\Windows\System\xVLlPeW.exe
  C:\Windows\System\xVLlPeW.exe
  2⤵
  PID:7036
- C:\Windows\System\RExLDwd.exe
  C:\Windows\System\RExLDwd.exe
  2⤵
  PID:7116
- C:\Windows\System\inRubWA.exe
  C:\Windows\System\inRubWA.exe
  2⤵
  PID:7156
- C:\Windows\System\YmAqxKG.exe
  C:\Windows\System\YmAqxKG.exe
  2⤵
  PID:6304
- C:\Windows\System\NxoyoXM.exe
  C:\Windows\System\NxoyoXM.exe
  2⤵
  PID:6496
- C:\Windows\System\BnEnUrz.exe
  C:\Windows\System\BnEnUrz.exe
  2⤵
  PID:6548
- C:\Windows\System\KDGdltE.exe
  C:\Windows\System\KDGdltE.exe
  2⤵
  PID:6776
- C:\Windows\System\jsfjFte.exe
  C:\Windows\System\jsfjFte.exe
  2⤵
  PID:6828
- C:\Windows\System\EHhtMYm.exe
  C:\Windows\System\EHhtMYm.exe
  2⤵
  PID:6952
- C:\Windows\System\FwKGItk.exe
  C:\Windows\System\FwKGItk.exe
  2⤵
  PID:7032
- C:\Windows\System\aZnCbno.exe
  C:\Windows\System\aZnCbno.exe
  2⤵
  PID:6092
- C:\Windows\System\yJbTcqh.exe
  C:\Windows\System\yJbTcqh.exe
  2⤵
  PID:7180
- C:\Windows\System\XVYOSGy.exe
  C:\Windows\System\XVYOSGy.exe
  2⤵
  PID:7212
- C:\Windows\System\QwpRQfZ.exe
  C:\Windows\System\QwpRQfZ.exe
  2⤵
  PID:7236
- C:\Windows\System\SCluclg.exe
  C:\Windows\System\SCluclg.exe
  2⤵
  PID:7268
- C:\Windows\System\GkxJIKO.exe
  C:\Windows\System\GkxJIKO.exe
  2⤵
  PID:7296
- C:\Windows\System\BpvJniv.exe
  C:\Windows\System\BpvJniv.exe
  2⤵
  PID:7324
- C:\Windows\System\RNWHRgg.exe
  C:\Windows\System\RNWHRgg.exe
  2⤵
  PID:7352
- C:\Windows\System\XooSdIz.exe
  C:\Windows\System\XooSdIz.exe
  2⤵
  PID:7376
- C:\Windows\System\WOEnYPq.exe
  C:\Windows\System\WOEnYPq.exe
  2⤵
  PID:7404
- C:\Windows\System\AhtxGlQ.exe
  C:\Windows\System\AhtxGlQ.exe
  2⤵
  PID:7440
- C:\Windows\System\ZaozURx.exe
  C:\Windows\System\ZaozURx.exe
  2⤵
  PID:7468
- C:\Windows\System\jTtzTCT.exe
  C:\Windows\System\jTtzTCT.exe
  2⤵
  PID:7492
- C:\Windows\System\yqIUkan.exe
  C:\Windows\System\yqIUkan.exe
  2⤵
  PID:7508
- C:\Windows\System\OnDrrwJ.exe
  C:\Windows\System\OnDrrwJ.exe
  2⤵
  PID:7532
- C:\Windows\System\ZCZYPRE.exe
  C:\Windows\System\ZCZYPRE.exe
  2⤵
  PID:7560
- C:\Windows\System\AUnYdwm.exe
  C:\Windows\System\AUnYdwm.exe
  2⤵
  PID:7588
- C:\Windows\System\YRVFlRq.exe
  C:\Windows\System\YRVFlRq.exe
  2⤵
  PID:7620
- C:\Windows\System\UbExAYS.exe
  C:\Windows\System\UbExAYS.exe
  2⤵
  PID:7648
- C:\Windows\System\givtioG.exe
  C:\Windows\System\givtioG.exe
  2⤵
  PID:7676
- C:\Windows\System\yxqOMnC.exe
  C:\Windows\System\yxqOMnC.exe
  2⤵
  PID:7700
- C:\Windows\System\OYYnrDo.exe
  C:\Windows\System\OYYnrDo.exe
  2⤵
  PID:7732
- C:\Windows\System\EXeLoWK.exe
  C:\Windows\System\EXeLoWK.exe
  2⤵
  PID:7764
- C:\Windows\System\NCKOKsO.exe
  C:\Windows\System\NCKOKsO.exe
  2⤵
  PID:7792
- C:\Windows\System\jwDkGbX.exe
  C:\Windows\System\jwDkGbX.exe
  2⤵
  PID:7808
- C:\Windows\System\AMIKGSF.exe
  C:\Windows\System\AMIKGSF.exe
  2⤵
  PID:7836
- C:\Windows\System\GyifYcj.exe
  C:\Windows\System\GyifYcj.exe
  2⤵
  PID:7864
- C:\Windows\System\KNpnSJS.exe
  C:\Windows\System\KNpnSJS.exe
  2⤵
  PID:7888
- C:\Windows\System\jRbKslY.exe
  C:\Windows\System\jRbKslY.exe
  2⤵
  PID:7924
- C:\Windows\System\JjkMLAh.exe
  C:\Windows\System\JjkMLAh.exe
  2⤵
  PID:7948
- C:\Windows\System\IvBskei.exe
  C:\Windows\System\IvBskei.exe
  2⤵
  PID:7976
- C:\Windows\System\TOjberX.exe
  C:\Windows\System\TOjberX.exe
  2⤵
  PID:8000
- C:\Windows\System\lfbwGAR.exe
  C:\Windows\System\lfbwGAR.exe
  2⤵
  PID:8028
- C:\Windows\System\OrZuugw.exe
  C:\Windows\System\OrZuugw.exe
  2⤵
  PID:8060
- C:\Windows\System\ePwFCvJ.exe
  C:\Windows\System\ePwFCvJ.exe
  2⤵
  PID:8088
- C:\Windows\System\pwEesjf.exe
  C:\Windows\System\pwEesjf.exe
  2⤵
  PID:8112
- C:\Windows\System\VqsZqpo.exe
  C:\Windows\System\VqsZqpo.exe
  2⤵
  PID:8144
- C:\Windows\System\qWUyKsE.exe
  C:\Windows\System\qWUyKsE.exe
  2⤵
  PID:8168
- C:\Windows\System\oeLCuVk.exe
  C:\Windows\System\oeLCuVk.exe
  2⤵
  PID:6524
- C:\Windows\System\frjgwcU.exe
  C:\Windows\System\frjgwcU.exe
  2⤵
  PID:7004
- C:\Windows\System\rZpDMxb.exe
  C:\Windows\System\rZpDMxb.exe
  2⤵
  PID:7224
- C:\Windows\System\CVyKLIa.exe
  C:\Windows\System\CVyKLIa.exe
  2⤵
  PID:6976
- C:\Windows\System\VyNMrnY.exe
  C:\Windows\System\VyNMrnY.exe
  2⤵
  PID:7372
- C:\Windows\System\xFLHVze.exe
  C:\Windows\System\xFLHVze.exe
  2⤵
  PID:7200
- C:\Windows\System\BqVCFCK.exe
  C:\Windows\System\BqVCFCK.exe
  2⤵
  PID:7456
- C:\Windows\System\Bcpfogy.exe
  C:\Windows\System\Bcpfogy.exe
  2⤵
  PID:7548
- C:\Windows\System\yiXFlqt.exe
  C:\Windows\System\yiXFlqt.exe
  2⤵
  PID:7524
- C:\Windows\System\IWdhWQl.exe
  C:\Windows\System\IWdhWQl.exe
  2⤵
  PID:7684
- C:\Windows\System\kiErmDj.exe
  C:\Windows\System\kiErmDj.exe
  2⤵
  PID:7724
- C:\Windows\System\awoXipA.exe
  C:\Windows\System\awoXipA.exe
  2⤵
  PID:7720
- C:\Windows\System\kCveOyz.exe
  C:\Windows\System\kCveOyz.exe
  2⤵
  PID:7824
- C:\Windows\System\piSZXkb.exe
  C:\Windows\System\piSZXkb.exe
  2⤵
  PID:7912
- C:\Windows\System\fcBSNpR.exe
  C:\Windows\System\fcBSNpR.exe
  2⤵
  PID:6860
- C:\Windows\System\fjcpvDG.exe
  C:\Windows\System\fjcpvDG.exe
  2⤵
  PID:8164
- C:\Windows\System\HZKFzfl.exe
  C:\Windows\System\HZKFzfl.exe
  2⤵
  PID:8180
- C:\Windows\System\vHaAmjc.exe
  C:\Windows\System\vHaAmjc.exe
  2⤵
  PID:7176
- C:\Windows\System\nGLCmCC.exe
  C:\Windows\System\nGLCmCC.exe
  2⤵
  PID:7368
- C:\Windows\System\EkKtPss.exe
  C:\Windows\System\EkKtPss.exe
  2⤵
  PID:7208
- C:\Windows\System\JGSseWf.exe
  C:\Windows\System\JGSseWf.exe
  2⤵
  PID:7644
- C:\Windows\System\IftKGSI.exe
  C:\Windows\System\IftKGSI.exe
  2⤵
  PID:7504
- C:\Windows\System\HBjnVLz.exe
  C:\Windows\System\HBjnVLz.exe
  2⤵
  PID:7784
- C:\Windows\System\RsHuhOl.exe
  C:\Windows\System\RsHuhOl.exe
  2⤵
  PID:7992
- C:\Windows\System\zRLYOXs.exe
  C:\Windows\System\zRLYOXs.exe
  2⤵
  PID:7692
- C:\Windows\System\pXBiacB.exe
  C:\Windows\System\pXBiacB.exe
  2⤵
  PID:8216
- C:\Windows\System\nHOBuBb.exe
  C:\Windows\System\nHOBuBb.exe
  2⤵
  PID:8244
- C:\Windows\System\ypVkNKv.exe
  C:\Windows\System\ypVkNKv.exe
  2⤵
  PID:8260
- C:\Windows\System\upZSRVn.exe
  C:\Windows\System\upZSRVn.exe
  2⤵
  PID:8280
- C:\Windows\System\pDGpNZK.exe
  C:\Windows\System\pDGpNZK.exe
  2⤵
  PID:8296
- C:\Windows\System\tlMhPIk.exe
  C:\Windows\System\tlMhPIk.exe
  2⤵
  PID:8320
- C:\Windows\System\ojrRdjg.exe
  C:\Windows\System\ojrRdjg.exe
  2⤵
  PID:8340
- C:\Windows\System\OIODVfZ.exe
  C:\Windows\System\OIODVfZ.exe
  2⤵
  PID:8372
- C:\Windows\System\QaUygeD.exe
  C:\Windows\System\QaUygeD.exe
  2⤵
  PID:8400
- C:\Windows\System\nSifZzH.exe
  C:\Windows\System\nSifZzH.exe
  2⤵
  PID:8428
- C:\Windows\System\YMUFHpk.exe
  C:\Windows\System\YMUFHpk.exe
  2⤵
  PID:8460
- C:\Windows\System\iZBKQEL.exe
  C:\Windows\System\iZBKQEL.exe
  2⤵
  PID:8492
- C:\Windows\System\DaAMPwI.exe
  C:\Windows\System\DaAMPwI.exe
  2⤵
  PID:8520
- C:\Windows\System\EwvXjny.exe
  C:\Windows\System\EwvXjny.exe
  2⤵
  PID:8552
- C:\Windows\System\DtzBavZ.exe
  C:\Windows\System\DtzBavZ.exe
  2⤵
  PID:8568
- C:\Windows\System\vfoEeeU.exe
  C:\Windows\System\vfoEeeU.exe
  2⤵
  PID:8592
- C:\Windows\System\oKglDdj.exe
  C:\Windows\System\oKglDdj.exe
  2⤵
  PID:8620
- C:\Windows\System\BZreuaP.exe
  C:\Windows\System\BZreuaP.exe
  2⤵
  PID:8652
- C:\Windows\System\DRiSirt.exe
  C:\Windows\System\DRiSirt.exe
  2⤵
  PID:8676
- C:\Windows\System\keFfidC.exe
  C:\Windows\System\keFfidC.exe
  2⤵
  PID:8708
- C:\Windows\System\DoeSjtj.exe
  C:\Windows\System\DoeSjtj.exe
  2⤵
  PID:8740
- C:\Windows\System\WIKsuRi.exe
  C:\Windows\System\WIKsuRi.exe
  2⤵
  PID:8764
- C:\Windows\System\wfKaHkQ.exe
  C:\Windows\System\wfKaHkQ.exe
  2⤵
  PID:8796
- C:\Windows\System\ezCVZhI.exe
  C:\Windows\System\ezCVZhI.exe
  2⤵
  PID:8820
- C:\Windows\System\esTEqyG.exe
  C:\Windows\System\esTEqyG.exe
  2⤵
  PID:8844
- C:\Windows\System\lbGtmHu.exe
  C:\Windows\System\lbGtmHu.exe
  2⤵
  PID:8872
- C:\Windows\System\dmwBHtC.exe
  C:\Windows\System\dmwBHtC.exe
  2⤵
  PID:8892
- C:\Windows\System\TXJAJZs.exe
  C:\Windows\System\TXJAJZs.exe
  2⤵
  PID:8912
- C:\Windows\System\BOiEZpB.exe
  C:\Windows\System\BOiEZpB.exe
  2⤵
  PID:8944
- C:\Windows\System\PvcSUGh.exe
  C:\Windows\System\PvcSUGh.exe
  2⤵
  PID:8968
- C:\Windows\System\bDoZQWH.exe
  C:\Windows\System\bDoZQWH.exe
  2⤵
  PID:8996
- C:\Windows\System\hfuXCEP.exe
  C:\Windows\System\hfuXCEP.exe
  2⤵
  PID:9024
- C:\Windows\System\HScvCHS.exe
  C:\Windows\System\HScvCHS.exe
  2⤵
  PID:9088
- C:\Windows\System\zuVIANj.exe
  C:\Windows\System\zuVIANj.exe
  2⤵
  PID:9140
- C:\Windows\System\hCHsjZy.exe
  C:\Windows\System\hCHsjZy.exe
  2⤵
  PID:8056
- C:\Windows\System\kucPAKy.exe
  C:\Windows\System\kucPAKy.exe
  2⤵
  PID:7392
- C:\Windows\System\YpbGEUD.exe
  C:\Windows\System\YpbGEUD.exe
  2⤵
  PID:8276
- C:\Windows\System\JOMvGqj.exe
  C:\Windows\System\JOMvGqj.exe
  2⤵
  PID:8232
- C:\Windows\System\mnpFOwV.exe
  C:\Windows\System\mnpFOwV.exe
  2⤵
  PID:8392
- C:\Windows\System\RZKyZDr.exe
  C:\Windows\System\RZKyZDr.exe
  2⤵
  PID:8360
- C:\Windows\System\krRcexQ.exe
  C:\Windows\System\krRcexQ.exe
  2⤵
  PID:8420
- C:\Windows\System\fzrzMFx.exe
  C:\Windows\System\fzrzMFx.exe
  2⤵
  PID:8528
- C:\Windows\System\gPUXYTv.exe
  C:\Windows\System\gPUXYTv.exe
  2⤵
  PID:8560
- C:\Windows\System\EPtIIwp.exe
  C:\Windows\System\EPtIIwp.exe
  2⤵
  PID:8772
- C:\Windows\System\LZzjmnL.exe
  C:\Windows\System\LZzjmnL.exe
  2⤵
  PID:8616
- C:\Windows\System\KGbfdvG.exe
  C:\Windows\System\KGbfdvG.exe
  2⤵
  PID:8840
- C:\Windows\System\CjJOXGO.exe
  C:\Windows\System\CjJOXGO.exe
  2⤵
  PID:8700
- C:\Windows\System\tciyzPf.exe
  C:\Windows\System\tciyzPf.exe
  2⤵
  PID:8828
- C:\Windows\System\oHqZtmK.exe
  C:\Windows\System\oHqZtmK.exe
  2⤵
  PID:8956
- C:\Windows\System\iZjZWUM.exe
  C:\Windows\System\iZjZWUM.exe
  2⤵
  PID:9008
- C:\Windows\System\kAFxYiE.exe
  C:\Windows\System\kAFxYiE.exe
  2⤵
  PID:9148
- C:\Windows\System\XLoJUvz.exe
  C:\Windows\System\XLoJUvz.exe
  2⤵
  PID:9204
- C:\Windows\System\KWLunjM.exe
  C:\Windows\System\KWLunjM.exe
  2⤵
  PID:7264
- C:\Windows\System\wUDHZaU.exe
  C:\Windows\System\wUDHZaU.exe
  2⤵
  PID:7820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:9664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BPJITcz.exe

Filesize
2.1MB

MD5
52083f0afec3f58916b5a9cd3edd9267

SHA1
cfa84bb2fb8e6571b7fe07f0145049dd7285370c

SHA256
a2f929481c4a3a1b0fd25cb8b22ad5204b31779726c07a3b08f60c969b065b01

SHA512
15f45464a5abf7660e4ed9d8eb821c63fa76785b57f43e57b3b36e76307b21bf251aaf1e0c4e1095d73374aee2f467292c43728a9af3f452573ce1b668b97fcd

Download Submit
C:\Windows\System\CajkSTd.exe

Filesize
2.1MB

MD5
f38fb0d15453effb2562bef9fec6f6a4

SHA1
bbba1c67c596761916e1bc864300a5ac54f925ec

SHA256
99538538958ea2f40cde866d51edd986ecf5ad7baa8a59537ee59e63ab11fb9a

SHA512
3d00a5e8fd233d603e9f07b9d21aeefed9d85f5c9ba16a404d80981bcb05d359ed7e291697cecffdd88e8b0ebaf9631a06455c191abb45196e4e0987f8944268

Download Submit
C:\Windows\System\ChCqKBP.exe

Filesize
2.1MB

MD5
e605c29359c77017fad798336e6ad428

SHA1
a4055b68bf64f708744ef9e935fcd0b6d46c39db

SHA256
5e28615917996e8dc08ccae8b510e1b1c019bea8a4c98fd81f7b446fcb12f25b

SHA512
b5ae952ac5e90b862eb972794f5ff7f7d2b9597633b701c13e0aae09800ee4abf934552212c159582cd4aa07f274dbb9633cbb6822f3c603ee824c8586277a74

Download Submit
C:\Windows\System\DnyOuKP.exe

Filesize
2.1MB

MD5
78e99350df4e775d84ddb206171ce81c

SHA1
cb4d8862c0c571b7d845a27e516b579b463fd54a

SHA256
d0a4622040a10ad6d59d8517db00163b94c3860968fc094657a95cc55ebdc603

SHA512
d1edc4cbd587213007d180a260a8e7d81970afee99fc7e0159fa20b30532be94daa34e92041290c1ddc26d9bad9cef412ddf4a58be9a5eec29d808f5c4fb7ad8

Download Submit
C:\Windows\System\FXVTOHL.exe

Filesize
2.1MB

MD5
2fff6cf6802b802b093addffe4ceb9bf

SHA1
47e1243926fe4a10707b5524d182ba75bf27656b

SHA256
e7df8942724a5a94677a62cc1f3545588181426675b367f02354396332d080d1

SHA512
85a4789fed8f4da85bb9dab9693b41eb0c37411939ba1c0b49e562e6c9917f5ad373362048bdf3a67c269ec4f5616fdafa558b130ae24fe6799fd09f3b410fb3

Download Submit
C:\Windows\System\Fbvxqtr.exe

Filesize
2.1MB

MD5
87ca60a70741932e1221570d2c0f7670

SHA1
f9b4ede1b1ef7110f46da12a2abc21ee33b84fb4

SHA256
f5191bf5ab0507c040dc5f826868ec8619128258e8575d033ce0b2cdadff7d58

SHA512
2d30f6883e8ec73e49a51ae378059893a97a36ccd2aa2b29fdd77e04ca04d0215d8af536e799aea90aba6820cd9f262e60ef06b828dc695dec80cc210ed8d7e0

Download Submit
C:\Windows\System\IRlMRnT.exe

Filesize
2.1MB

MD5
bb39647dc1dda5aa866ec6273deadf39

SHA1
0b10afc629df7402d3f39435ed29718a496861d9

SHA256
faac2ab204703a19492e8fce056567d7bee604d26117a7f0fc44b3118c8b1cda

SHA512
3706d42b387cd383f2fd92fbd3b766491ee804952b59dc062200bccbd4b38dbf2b9cee099fe085e8302a67a3d454b593d82c9f74b6c5ee25dae4557969afb917

Download Submit
C:\Windows\System\IZZMxfi.exe

Filesize
2.1MB

MD5
fac9bd72507040cb2d934af7222d1a33

SHA1
a28c24842a601cf58ef1218e463fd6b317a9421e

SHA256
5ab6ec19b2c13e378bb60fae795dcc384988287f18bfb8c51290e9fb0a12b40c

SHA512
f5b066e84472a9be4a2ae74f27783f93f7f13939b8c78c0030fd240f5e8539e07664776bd9c4efeaf5b50daa0719f644244e4c222373d04ca4a16ba8e660fd5f

Download Submit
C:\Windows\System\KCFLoun.exe

Filesize
2.1MB

MD5
2490979a3ee57eebbd29d070f9bb394f

SHA1
1f43d69ee789fc3b30169f68e49a03dc50e99189

SHA256
4c2a750750f4e22a2f4016f0daceccbc93f064dbeca16a21d63a6f020764ca81

SHA512
07f81059522fcef132edbf54507e70398901bd392caaacceb290bce0aa8994b1ca5e7ddeff5e3f4f3ddabac08656f89159746c72471019ce48fdf6b920d0f965

Download Submit
C:\Windows\System\LdMYmkK.exe

Filesize
2.1MB

MD5
21c4898277e2642b89a3e4cd15301693

SHA1
7ba9514f6308a70a8f4bf965c5a40e4622feee50

SHA256
fefca73ff898d4baa19dfe53bc4fd49cd9b3abed43b12ab7ed508ac6e2280fc4

SHA512
8add65b63618cb2c50d62f24828ecc940df5af7e018708c533d1f09585fb021b68b8009624ae1f20df4653dbd9243ba1a1fa913f9dbbd4286b18bf5bb9bc4baa

Download Submit
C:\Windows\System\MTyFeth.exe

Filesize
2.1MB

MD5
5f12b5277ed737912b03b32cf023b807

SHA1
859e8f94d741c9205d438a1f08033e34c8927a8d

SHA256
ccbda952030b5a3b457ab65f105741713c78ca8dc096ccaec23c22a63aa98cf3

SHA512
2a838ce323d5dbeec8d64ba2d93e17140cd6cc764586d402e72db41801cd97507419bd8fdd47099c6a3154f6c87b8d62c1b89f4b0372c778354001428341033a

Download Submit
C:\Windows\System\PVCfvQn.exe

Filesize
2.1MB

MD5
e0baf75e894f92e4e51e0c955afaef9f

SHA1
d32f9910798b90db944a0afdf5d1f34c7d37fa66

SHA256
359d9576df925cc72d5776d4dcc2321b06489e31b5a13cbcf7c9228181a4c40d

SHA512
daa5f857f529e98ea1dc2f3d1e5dc12121765987025a946baf77c6fa6c2549e7db2990691d2765b3981f9e99951a2f697488f3af70e1f6c1a809afbf40cc7f8f

Download Submit
C:\Windows\System\QakMBeA.exe

Filesize
2.1MB

MD5
2d192087ee132f3d83f9b9d90ad0e59e

SHA1
1d28da4d1b1994174ad82b5e17582f81bafdd9d6

SHA256
f0614f935b1e43e27d19559efcd1d2d84a43fd03d76344eb4b5239473238e3eb

SHA512
e663d23cc44c03dbcf43b43d31b31630480456b9a56890f4024e9a7376ba221f8a1d31bcd219197d3a4c56324eb36a12f7a205fac877789c523bb6e7fc5bbe2c

Download Submit
C:\Windows\System\QcLnJSU.exe

Filesize
2.1MB

MD5
a8dcc6d10c3776040cdad1f908c4573a

SHA1
9e476f9a323542fd8e384cf22d92860afa17b018

SHA256
11d93527c508396c1fbf2b8424970c37841e3737ecbb5acc76dae62e7a83dcfe

SHA512
67d1e76d478c0ee230ecdd6a858b46f147d878c48cc4230aef5f177a50551cf2de3564f907cd54a30a09183609d7803e78f9bddf76c1c59155c5e7bea46fe58b

Download Submit
C:\Windows\System\UBzsmXZ.exe

Filesize
2.1MB

MD5
d2e4cb05d52d4b1b95e18a280b233d09

SHA1
e1111081a24017d489a88f96e20e8f90765a5de9

SHA256
d95d18947c8bd1dca98f1e468d60a2f376a0e2aba8ab33ff46ee20532eba6d33

SHA512
d57e5a2880431f69289bc8e4f43420ce08f4c2fd6afdcfac0af3a73bef84dbd2774c00f047edbd9d185a69b5c377d05bd4ea661a9e98983dcebe0b500db9b5db

Download Submit
C:\Windows\System\VbMIiSs.exe

Filesize
2.1MB

MD5
589238ea6b4cd5fa798c1c8a86d4a9b1

SHA1
e3cc2efbfd0ac6dc073c9ad747d552d096773ca7

SHA256
3b8ee5e3345d3014fa476ee898cd1039407cdf5ba86afdf093a7966233fcc276

SHA512
f888e9d9a6ef8ed9b477bd5fdadf9266d5414e5dcae18cf476d99928a7d2ab968188e96be916ab1cd9c6031157ce41b85464f40b0b485ee9e31170d06fd83a42

Download Submit
C:\Windows\System\WiCsvXb.exe

Filesize
2.1MB

MD5
a12ac59e393fd5aa9f7a4acde79f38f9

SHA1
700616bbfca25d581c161be49765f6a779890e10

SHA256
da31d78b5cdf17486e8aecba78f14cc9f991d999929771ed3b27feb5bea1b253

SHA512
2f90f7d92da89e6ad73b9733fd48ac02348a3eaa1cdfebb12224dafab35241817d8cccd73ba6b856838084fc33a3e37432b13b98f5cf15c090780247cb8b8440

Download Submit
C:\Windows\System\cGFLLIJ.exe

Filesize
2.1MB

MD5
0d0f8167f31109e3f6231ca0f536d5f5

SHA1
6458348d96e62d78ec77a807aa7418c543e6c5bb

SHA256
bbfa3d79f0c282fb14451920b12e0c9e3765b1efde9fa4ec9658716cdeeefd2d

SHA512
de039658221c0c7052c1b12773cb82a9edb70565425d74b385f73456c1510c2060b1dd66623afb2faa0d7f04f7f9077b9e2198a1b75e251c07a239657bf80fa3

Download Submit
C:\Windows\System\cZZGNit.exe

Filesize
2.1MB

MD5
8be89beae82cb449b75ea95c22a2567a

SHA1
faacbeeafaa3b8afd363c172c3350d56b0c0d5d8

SHA256
3b922af32f687adc0e1ca1ccb90e14319bba4960c7217c148af539a759780f37

SHA512
4932aac013a416c2053e0c0fd65a98ddc5d4d458a8a6acf23f091cc3a3b65dbf7066e269254bb409058a7ed7a75b9053326c442bd93d7bc15c50b2a19878a836

Download Submit
C:\Windows\System\jHSFyES.exe

Filesize
2.1MB

MD5
e7b0ba97cbbb62aa495f5f67e592dd41

SHA1
1d1dcf28f3514cf839d7a8b4b2e830c0abcb2291

SHA256
287e3567327f6f419f54392c018c158450d7cbb466d3c4ddecfd4aa2e85f0588

SHA512
76b8b31a596e4136d24c0939f676dc3dd9595dd72ab9dff8e3a77e50d773258a175b87e3d6a42c7f00396ad51791c330968f576df405bc3dcbb98e1f9eecc0cb

Download Submit
C:\Windows\System\nYIUAoq.exe

Filesize
2.1MB

MD5
ade61fca7328f3d0a1be050c2f6bb84b

SHA1
1657308c49be5102b1f22ec4a02c5406c3f320da

SHA256
d0888693b29a5b0515ae2d5ce2bf1e2806c876b590102d8e8d85eda4dcd4ac57

SHA512
4d81010c65513679b465fe268fd4ebb0df17ee3d009b6b12cf9662336f5912e7b182e34bf015d4a70b76eaefc3753dbd7d8e56fc7ae34e866ac10c6b02ec3623

Download Submit
C:\Windows\System\oAFbgyJ.exe

Filesize
2.1MB

MD5
8800c772dfad55b9987f1fd092e13664

SHA1
5bbb8da7c9494d5d9e82b7536bff877d27de3bc2

SHA256
e7e967c3c202eefecfc44f991fd43cdf22a642ce98d3a9feacb1b7230e06dfe7

SHA512
c5bb873e919d771debc660e05d2bc96f61124cb40c1295ed4e1865a3ff363a6a6317759390b834e90f5c65d8c8e02a46dd0df0afdef7587103cb73d9c1afaa14

Download Submit
C:\Windows\System\oBspfko.exe

Filesize
2.1MB

MD5
d9580eb02631428089c02c97874872ef

SHA1
56751c9893efdea3d18dd8d3f6e130fdb9ff0160

SHA256
c6ef6ce963880ff5ff12b38608ce6c24dbf9225285a2e630b945938f3ebe8ae1

SHA512
2dc24c1fe7c5a323179d5c3ccd67219b96f920fcc5c23375ea35e93fb4c666a3f7f37b9c77563083ae10c6f7b03289d58ef93d712b727c64137e8257b7f95ed8

Download Submit
C:\Windows\System\obDOpGt.exe

Filesize
2.1MB

MD5
9f2558f7e1543fdaf4e04d47b3608a5e

SHA1
12cb45bbca266085f26b689b08d409f58c783ce9

SHA256
20aa42836f47ba20661145486b4025c36d2ec7befcf52fb4c47d46f02fb9a9c1

SHA512
b3e765f6bce7309756843bafef64924a9151fc3f012a2f9f0e7c3434bf3dfdb3abea2d5eeef32e1cf8d697a28e6c82bfe02aa01e156590033ed3d5599c250be9

Download Submit
C:\Windows\System\ocGugGZ.exe

Filesize
2.1MB

MD5
f930ebc5c453323947e2f30646ba7f73

SHA1
2f92cd1f0e7854b88f34eeb4e72e58feccd167d5

SHA256
60c426a5436e61b6983657f5bf1289cbef26a0583282595187978177fa872f31

SHA512
de0281910f119290b7b08b74607ec021e5670a59be1614596a8b8d5e8988f107ec7dfb8c5a63ead1170f82d4a23d47cc51830b17cedec5f2b7430df609519842

Download Submit
C:\Windows\System\oprEJKX.exe

Filesize
2.1MB

MD5
0d5f8f2c569f2ded8b1e415de29deb6d

SHA1
5a7cdec0242337e70bbcf74e2e866da45f46eb4c

SHA256
b88010ab091c886ba9978151fa01e1d9ed5bbae7bfe7d39cd96318097028a52f

SHA512
ab0d3d6fb246750c69e8c3d3483eb99be2d43aa253116ce82af02d11cfd7ae5f436dc0a0cf7b4562c1d1e9e2afc5c8644eee3467aa93b378a9e75850a3bdf27c

Download Submit
C:\Windows\System\owGLKGS.exe

Filesize
2.1MB

MD5
82b631900720873dae2de4dbc968062b

SHA1
791857e18f7b7b4b5a7aab9eff657ee4d0ce382a

SHA256
770b9ad5f148e761fda83058827964583244f0443ce004cc810316d020819b89

SHA512
5ee59040fca5054cae994a3799cef893319f4ac880bb853156bac31a60f23f6244b705927a8d18e20d32112a5ac47b5f145a5705b7dc1e1df54762cfe8c9ed37

Download Submit
C:\Windows\System\rtXGlXO.exe

Filesize
2.1MB

MD5
8fb4b45e0fd95df7a26ef60d26111a71

SHA1
3412e2d74c7b75ff0e7ce21393e02eefb1fd7b79

SHA256
b27b6a7b26ea7b2589bc10b7fb75b44e1b21707680870019c4473c8d84b8c530

SHA512
78a52745a8ca31ef2f524c0ffac2b3d1dd1a65fff700db4bbd81f4662214d082a0a6d6042f1cb26ecc8b9e9d6ef106605d67fd8663add4bba18e678b110d7911

Download Submit
C:\Windows\System\tONtGzt.exe

Filesize
2.1MB

MD5
f0875c781efab2f7bad9bd02d3d9bfdf

SHA1
5df44466d696770c21ce987eebbeb8bc780b319d

SHA256
89bd1cb4fb4457f6f422b5e992397f3230b64e31bb283b3645a51167c87756e7

SHA512
c38aeda789595193d175d78db5371caa8d6fda8e455cc1353e1d18024cfeaf4d597ee137ab69611be85e7026a2deb18627fb8cc94467982bd0c5cc872ba909ca

Download Submit
C:\Windows\System\uyCtuuN.exe

Filesize
2.1MB

MD5
cbd89f6018d627cb1e3b95d2e93011d8

SHA1
4eed7397f8284be4906fa7595d4a8f4b68826ad8

SHA256
2e63074893cad82e8edabadc9b0b21a1b8b40df235c06aac53a949ff7395e885

SHA512
cb6ef9e19338af8f46eb79fe07fbc7078a41430da4346ca06f92156d2c09297810561b74ebb92ec220f66fd383703f2e0a288f238481c5596054c7e5d61fed84

Download Submit
C:\Windows\System\xRWCIRH.exe

Filesize
2.1MB

MD5
7686230c638e7cef5ce92895be4339fb

SHA1
b48c6ecfdc20e9682a5d38dafc1c073efd5f6560

SHA256
cf074c9ff13cc54f2c6edbd9534db3ed39120287d76fcd167b212b5477e64c16

SHA512
362c33191c16e7801474fc8bd4c5a86c37eb88444889aecb3d0d583ca0cb048fe3e36448977a4d962985a130d6025412f68fe5388f6a9c59cd3039a87edf4d4d

Download Submit
C:\Windows\System\yhBoden.exe

Filesize
2.1MB

MD5
8c6d33e68335e9913e7393af45bd97a1

SHA1
c98bd313a57427e7c7d9993765bb32ae8a74392d

SHA256
526d7b4b70f74fea401a2c84d44e59751d5b75690a8e4fc58c82bb371c69e0de

SHA512
9344ca5135b35f7d35987b13e8bed0f69458fee3a830c4554cf35f0b3fd103e4e2c3ef6ff25d68582b4d5218168d7be5fc32d224c089997370f43d5ccb4ae56a

Download Submit
C:\Windows\System\ytxmGJR.exe

Filesize
2.1MB

MD5
7729bbbde696edbf1a39ba04784591d9

SHA1
4d3f94710043964321b2ebdfcded7f95ef2ae853

SHA256
890e467d490ac0a598f57c67e5d6e142c813fe004eb7b4429d76731ca84c190f

SHA512
1268aea13fd3d4ca23dc466248c83273fcb2fe09ca9cdbe1a76788869f9fc093f28e38875eb3de3730276ae128487b5d844a8cb971bcd824d773f7d3307768f1

Download Submit
memory/4416-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download