kpot | 4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
Size

2.1MB
MD5

fdb32e0c0ca4f506056dc2bc880fcea0
SHA1

ecf7781057de96077cdd425fbe6963ae9ae0553a
SHA256

4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1
SHA512

8e05241cf9bdaca3ab781381f5c9f129631f734f208f1ea8d1a05e68740c3c8e1c74330b272d15f50fd0eb116cfe5f9edfab422b06c8bd3e8ae898038bb2f44b
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PkZ:GemTLkNdfE0pZaQI

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233ff-4.dat	family_kpot
behavioral2/files/0x000800000002340a-9.dat	family_kpot
behavioral2/files/0x000700000002340b-6.dat	family_kpot
behavioral2/files/0x000700000002340c-18.dat	family_kpot
behavioral2/files/0x000700000002340d-26.dat	family_kpot
behavioral2/files/0x000700000002340e-30.dat	family_kpot
behavioral2/files/0x000700000002340f-33.dat	family_kpot
behavioral2/files/0x0007000000023410-40.dat	family_kpot
behavioral2/files/0x0007000000023411-45.dat	family_kpot
behavioral2/files/0x0007000000023412-49.dat	family_kpot
behavioral2/files/0x0009000000023400-58.dat	family_kpot
behavioral2/files/0x0007000000023413-55.dat	family_kpot
behavioral2/files/0x0007000000023414-63.dat	family_kpot
behavioral2/files/0x0007000000023415-69.dat	family_kpot
behavioral2/files/0x0007000000023417-79.dat	family_kpot
behavioral2/files/0x0007000000023418-85.dat	family_kpot
behavioral2/files/0x0007000000023416-75.dat	family_kpot
behavioral2/files/0x0007000000023419-89.dat	family_kpot
behavioral2/files/0x000700000002341b-98.dat	family_kpot
behavioral2/files/0x000700000002341c-108.dat	family_kpot
behavioral2/files/0x000700000002341e-111.dat	family_kpot
behavioral2/files/0x000700000002341d-107.dat	family_kpot
behavioral2/files/0x000700000002341a-93.dat	family_kpot
behavioral2/files/0x0007000000023420-123.dat	family_kpot
behavioral2/files/0x0007000000023422-140.dat	family_kpot
behavioral2/files/0x0007000000023424-147.dat	family_kpot
behavioral2/files/0x0007000000023426-159.dat	family_kpot
behavioral2/files/0x0007000000023428-160.dat	family_kpot
behavioral2/files/0x0007000000023427-155.dat	family_kpot
behavioral2/files/0x0007000000023425-154.dat	family_kpot
behavioral2/files/0x0007000000023423-145.dat	family_kpot
behavioral2/files/0x0007000000023421-132.dat	family_kpot
behavioral2/files/0x000700000002341f-120.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000233ff-4.dat	xmrig
behavioral2/files/0x000800000002340a-9.dat	xmrig
behavioral2/files/0x000700000002340b-6.dat	xmrig
behavioral2/files/0x000700000002340c-18.dat	xmrig
behavioral2/files/0x000700000002340d-26.dat	xmrig
behavioral2/files/0x000700000002340e-30.dat	xmrig
behavioral2/files/0x000700000002340f-33.dat	xmrig
behavioral2/files/0x0007000000023410-40.dat	xmrig
behavioral2/files/0x0007000000023411-45.dat	xmrig
behavioral2/files/0x0007000000023412-49.dat	xmrig
behavioral2/files/0x0009000000023400-58.dat	xmrig
behavioral2/files/0x0007000000023413-55.dat	xmrig
behavioral2/files/0x0007000000023414-63.dat	xmrig
behavioral2/files/0x0007000000023415-69.dat	xmrig
behavioral2/files/0x0007000000023417-79.dat	xmrig
behavioral2/files/0x0007000000023418-85.dat	xmrig
behavioral2/files/0x0007000000023416-75.dat	xmrig
behavioral2/files/0x0007000000023419-89.dat	xmrig
behavioral2/files/0x000700000002341b-98.dat	xmrig
behavioral2/files/0x000700000002341c-108.dat	xmrig
behavioral2/files/0x000700000002341e-111.dat	xmrig
behavioral2/files/0x000700000002341d-107.dat	xmrig
behavioral2/files/0x000700000002341a-93.dat	xmrig
behavioral2/files/0x0007000000023420-123.dat	xmrig
behavioral2/files/0x0007000000023422-140.dat	xmrig
behavioral2/files/0x0007000000023424-147.dat	xmrig
behavioral2/files/0x0007000000023426-159.dat	xmrig
behavioral2/files/0x0007000000023428-160.dat	xmrig
behavioral2/files/0x0007000000023427-155.dat	xmrig
behavioral2/files/0x0007000000023425-154.dat	xmrig
behavioral2/files/0x0007000000023423-145.dat	xmrig
behavioral2/files/0x0007000000023421-132.dat	xmrig
behavioral2/files/0x000700000002341f-120.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4472	UUvQSjy.exe
1568	nAdFDyd.exe
2272	yMovCuJ.exe
4220	olNIfZH.exe
668	tRzCjmx.exe
3296	EJShexr.exe
2512	tspvYpU.exe
2576	mzzsguM.exe
3016	FRIxYcK.exe
3180	fpsUIed.exe
2236	mdNgjXd.exe
1148	QsWvhMF.exe
3984	uUbVwgf.exe
4992	stXEOqp.exe
4392	gYQWJbm.exe
1664	iHhtGHk.exe
1444	nWNzYzI.exe
2684	tSLFHsz.exe
4944	vrvNnJG.exe
3616	ZzuKbte.exe
1996	ZKyKpcV.exe
1904	tbRCtZe.exe
2980	dLmITmZ.exe
3464	bkdktZu.exe
3852	dKPIHjF.exe
2300	ZhjNgqx.exe
5040	CIdrqFC.exe
1980	jXzbiZR.exe
2108	dofSKUV.exe
216	JYwhoOV.exe
664	KXJNknG.exe
1976	ORBGkBG.exe
4412	VmsrLZs.exe
2960	jyrZVKD.exe
4760	AFHEvmE.exe
3224	VfEXwWL.exe
3964	erWBWdp.exe
2580	KOBKYeO.exe
5056	hlitNtx.exe
2184	zEqrnSS.exe
5112	BJKFnKo.exe
876	gSvvnWs.exe
4552	JqKrlgP.exe
5092	UxUmvxz.exe
2412	VexZRBW.exe
4768	SoJSgWG.exe
5008	NQwjNpd.exe
4148	ZPHLLAx.exe
2232	rZYGdxh.exe
4900	xodxtUE.exe
1464	ypuZtKA.exe
4860	qXUGBfS.exe
2660	LlnaKZg.exe
3680	KpickiV.exe
4300	bFHyiTn.exe
4404	HGdIDsS.exe
3628	FuvOGfP.exe
2264	XJKwoAH.exe
4724	uspWVYi.exe
3220	HLrYcZv.exe
4712	fuQUEpS.exe
3128	ZwOYZbE.exe
1964	mdOOQOs.exe
2908	aloNbZz.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Dcbyeuf.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\rIHkTjh.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\LbdVnrB.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\jIfIyMt.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\LCpafhN.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\mBpNCPy.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\VexZRBW.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\XFlvRLt.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\PGDzduh.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\waOihDJ.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\mzzsguM.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\WmYDngb.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\OhdAZxB.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\lannGoT.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\HJZaEtN.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\VlmTGxR.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\FRIxYcK.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\ZPHLLAx.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\OCRDtiE.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\qpOJCra.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\kVcPPCn.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\vkmmtBa.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\iKzyuHb.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\FdsKfmW.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\rzidneE.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\yZBXnvB.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\rZYGdxh.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\RCYpbbV.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\EkfPFeq.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\GwFYVjo.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\tNxnJHl.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\pRCPYRX.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\dochuJc.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\JQuoZtZ.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\diCfnpG.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\PfBZxyZ.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\AOcsSbb.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\qXUGBfS.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\vGLFNAu.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\gIfSgVy.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\QbMYRHh.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\iOAgoPg.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\tXLNgHs.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\PQUuhaX.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\VmsrLZs.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\AFHEvmE.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\NQwjNpd.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\JZAVFYN.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\DyvibUk.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\iHhtGHk.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\CRYNXaf.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\VpIqxga.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\KXJNknG.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\oAiUtaW.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\sMFcjBf.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\NWNtCYi.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\gwThyah.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\JuFupaV.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\TwtYPsR.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\PWrCGXc.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\FnaQckk.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\kGgsWKz.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\BHIstDB.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
File created	C:\Windows\System\tspvYpU.exe	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 4472	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	81
PID 3524 wrote to memory of 4472	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	81
PID 3524 wrote to memory of 1568	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	82
PID 3524 wrote to memory of 1568	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	82
PID 3524 wrote to memory of 2272	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	83
PID 3524 wrote to memory of 2272	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	83
PID 3524 wrote to memory of 4220	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	84
PID 3524 wrote to memory of 4220	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	84
PID 3524 wrote to memory of 668	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	85
PID 3524 wrote to memory of 668	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	85
PID 3524 wrote to memory of 3296	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	86
PID 3524 wrote to memory of 3296	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	86
PID 3524 wrote to memory of 2512	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	87
PID 3524 wrote to memory of 2512	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	87
PID 3524 wrote to memory of 2576	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	88
PID 3524 wrote to memory of 2576	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	88
PID 3524 wrote to memory of 3016	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	89
PID 3524 wrote to memory of 3016	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	89
PID 3524 wrote to memory of 3180	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	90
PID 3524 wrote to memory of 3180	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	90
PID 3524 wrote to memory of 2236	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	91
PID 3524 wrote to memory of 2236	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	91
PID 3524 wrote to memory of 1148	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	92
PID 3524 wrote to memory of 1148	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	92
PID 3524 wrote to memory of 3984	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	93
PID 3524 wrote to memory of 3984	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	93
PID 3524 wrote to memory of 4992	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	94
PID 3524 wrote to memory of 4992	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	94
PID 3524 wrote to memory of 4392	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	95
PID 3524 wrote to memory of 4392	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	95
PID 3524 wrote to memory of 1664	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	96
PID 3524 wrote to memory of 1664	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	96
PID 3524 wrote to memory of 1444	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	97
PID 3524 wrote to memory of 1444	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	97
PID 3524 wrote to memory of 2684	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	98
PID 3524 wrote to memory of 2684	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	98
PID 3524 wrote to memory of 4944	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	99
PID 3524 wrote to memory of 4944	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	99
PID 3524 wrote to memory of 3616	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	100
PID 3524 wrote to memory of 3616	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	100
PID 3524 wrote to memory of 1996	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	101
PID 3524 wrote to memory of 1996	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	101
PID 3524 wrote to memory of 1904	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	102
PID 3524 wrote to memory of 1904	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	102
PID 3524 wrote to memory of 2980	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	103
PID 3524 wrote to memory of 2980	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	103
PID 3524 wrote to memory of 3464	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	104
PID 3524 wrote to memory of 3464	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	104
PID 3524 wrote to memory of 3852	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	105
PID 3524 wrote to memory of 3852	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	105
PID 3524 wrote to memory of 2300	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	106
PID 3524 wrote to memory of 2300	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	106
PID 3524 wrote to memory of 5040	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	107
PID 3524 wrote to memory of 5040	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	107
PID 3524 wrote to memory of 1980	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	108
PID 3524 wrote to memory of 1980	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	108
PID 3524 wrote to memory of 2108	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	109
PID 3524 wrote to memory of 2108	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	109
PID 3524 wrote to memory of 216	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	110
PID 3524 wrote to memory of 216	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	110
PID 3524 wrote to memory of 664	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	111
PID 3524 wrote to memory of 664	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	111
PID 3524 wrote to memory of 1976	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	112
PID 3524 wrote to memory of 1976	3524	4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e3f777ecb19d27e5ea9787554f5c2bda7d2eda4ca2f5322db45a5b395f1e6a1_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\System\UUvQSjy.exe
  C:\Windows\System\UUvQSjy.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\nAdFDyd.exe
  C:\Windows\System\nAdFDyd.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\yMovCuJ.exe
  C:\Windows\System\yMovCuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\olNIfZH.exe
  C:\Windows\System\olNIfZH.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\tRzCjmx.exe
  C:\Windows\System\tRzCjmx.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\EJShexr.exe
  C:\Windows\System\EJShexr.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\tspvYpU.exe
  C:\Windows\System\tspvYpU.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\mzzsguM.exe
  C:\Windows\System\mzzsguM.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FRIxYcK.exe
  C:\Windows\System\FRIxYcK.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\fpsUIed.exe
  C:\Windows\System\fpsUIed.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\mdNgjXd.exe
  C:\Windows\System\mdNgjXd.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\QsWvhMF.exe
  C:\Windows\System\QsWvhMF.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\uUbVwgf.exe
  C:\Windows\System\uUbVwgf.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\stXEOqp.exe
  C:\Windows\System\stXEOqp.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\gYQWJbm.exe
  C:\Windows\System\gYQWJbm.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\iHhtGHk.exe
  C:\Windows\System\iHhtGHk.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\nWNzYzI.exe
  C:\Windows\System\nWNzYzI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\tSLFHsz.exe
  C:\Windows\System\tSLFHsz.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\vrvNnJG.exe
  C:\Windows\System\vrvNnJG.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\ZzuKbte.exe
  C:\Windows\System\ZzuKbte.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\ZKyKpcV.exe
  C:\Windows\System\ZKyKpcV.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\tbRCtZe.exe
  C:\Windows\System\tbRCtZe.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\dLmITmZ.exe
  C:\Windows\System\dLmITmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\bkdktZu.exe
  C:\Windows\System\bkdktZu.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\dKPIHjF.exe
  C:\Windows\System\dKPIHjF.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\ZhjNgqx.exe
  C:\Windows\System\ZhjNgqx.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\CIdrqFC.exe
  C:\Windows\System\CIdrqFC.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\jXzbiZR.exe
  C:\Windows\System\jXzbiZR.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\dofSKUV.exe
  C:\Windows\System\dofSKUV.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\JYwhoOV.exe
  C:\Windows\System\JYwhoOV.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\KXJNknG.exe
  C:\Windows\System\KXJNknG.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\ORBGkBG.exe
  C:\Windows\System\ORBGkBG.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\VmsrLZs.exe
  C:\Windows\System\VmsrLZs.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\jyrZVKD.exe
  C:\Windows\System\jyrZVKD.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\AFHEvmE.exe
  C:\Windows\System\AFHEvmE.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\VfEXwWL.exe
  C:\Windows\System\VfEXwWL.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\erWBWdp.exe
  C:\Windows\System\erWBWdp.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\KOBKYeO.exe
  C:\Windows\System\KOBKYeO.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\hlitNtx.exe
  C:\Windows\System\hlitNtx.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\zEqrnSS.exe
  C:\Windows\System\zEqrnSS.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\BJKFnKo.exe
  C:\Windows\System\BJKFnKo.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\gSvvnWs.exe
  C:\Windows\System\gSvvnWs.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\JqKrlgP.exe
  C:\Windows\System\JqKrlgP.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\UxUmvxz.exe
  C:\Windows\System\UxUmvxz.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\VexZRBW.exe
  C:\Windows\System\VexZRBW.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\SoJSgWG.exe
  C:\Windows\System\SoJSgWG.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\NQwjNpd.exe
  C:\Windows\System\NQwjNpd.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\ZPHLLAx.exe
  C:\Windows\System\ZPHLLAx.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\rZYGdxh.exe
  C:\Windows\System\rZYGdxh.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\xodxtUE.exe
  C:\Windows\System\xodxtUE.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\ypuZtKA.exe
  C:\Windows\System\ypuZtKA.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\qXUGBfS.exe
  C:\Windows\System\qXUGBfS.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\LlnaKZg.exe
  C:\Windows\System\LlnaKZg.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\KpickiV.exe
  C:\Windows\System\KpickiV.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\bFHyiTn.exe
  C:\Windows\System\bFHyiTn.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\HGdIDsS.exe
  C:\Windows\System\HGdIDsS.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\FuvOGfP.exe
  C:\Windows\System\FuvOGfP.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\XJKwoAH.exe
  C:\Windows\System\XJKwoAH.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\uspWVYi.exe
  C:\Windows\System\uspWVYi.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\HLrYcZv.exe
  C:\Windows\System\HLrYcZv.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\fuQUEpS.exe
  C:\Windows\System\fuQUEpS.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\ZwOYZbE.exe
  C:\Windows\System\ZwOYZbE.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\mdOOQOs.exe
  C:\Windows\System\mdOOQOs.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\aloNbZz.exe
  C:\Windows\System\aloNbZz.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\KLFPJYe.exe
  C:\Windows\System\KLFPJYe.exe
  2⤵
  PID:1080
- C:\Windows\System\oAiUtaW.exe
  C:\Windows\System\oAiUtaW.exe
  2⤵
  PID:1852
- C:\Windows\System\GwFYVjo.exe
  C:\Windows\System\GwFYVjo.exe
  2⤵
  PID:2364
- C:\Windows\System\GfrbiPa.exe
  C:\Windows\System\GfrbiPa.exe
  2⤵
  PID:4932
- C:\Windows\System\OCRDtiE.exe
  C:\Windows\System\OCRDtiE.exe
  2⤵
  PID:2812
- C:\Windows\System\EmYNANK.exe
  C:\Windows\System\EmYNANK.exe
  2⤵
  PID:2440
- C:\Windows\System\PyxExGw.exe
  C:\Windows\System\PyxExGw.exe
  2⤵
  PID:1700
- C:\Windows\System\fJYHpDS.exe
  C:\Windows\System\fJYHpDS.exe
  2⤵
  PID:4964
- C:\Windows\System\HxdKPWn.exe
  C:\Windows\System\HxdKPWn.exe
  2⤵
  PID:1260
- C:\Windows\System\flTntqa.exe
  C:\Windows\System\flTntqa.exe
  2⤵
  PID:3880
- C:\Windows\System\TwtYPsR.exe
  C:\Windows\System\TwtYPsR.exe
  2⤵
  PID:2780
- C:\Windows\System\HEBFdHP.exe
  C:\Windows\System\HEBFdHP.exe
  2⤵
  PID:4072
- C:\Windows\System\ohwlHyh.exe
  C:\Windows\System\ohwlHyh.exe
  2⤵
  PID:1044
- C:\Windows\System\uHDHDdM.exe
  C:\Windows\System\uHDHDdM.exe
  2⤵
  PID:3948
- C:\Windows\System\MmtnIfS.exe
  C:\Windows\System\MmtnIfS.exe
  2⤵
  PID:1452
- C:\Windows\System\GUHKvGZ.exe
  C:\Windows\System\GUHKvGZ.exe
  2⤵
  PID:1552
- C:\Windows\System\qNIMRKd.exe
  C:\Windows\System\qNIMRKd.exe
  2⤵
  PID:448
- C:\Windows\System\sMFcjBf.exe
  C:\Windows\System\sMFcjBf.exe
  2⤵
  PID:4928
- C:\Windows\System\LOLNGRt.exe
  C:\Windows\System\LOLNGRt.exe
  2⤵
  PID:3872
- C:\Windows\System\mzYBqcQ.exe
  C:\Windows\System\mzYBqcQ.exe
  2⤵
  PID:440
- C:\Windows\System\XFlvRLt.exe
  C:\Windows\System\XFlvRLt.exe
  2⤵
  PID:4968
- C:\Windows\System\uYklOre.exe
  C:\Windows\System\uYklOre.exe
  2⤵
  PID:2852
- C:\Windows\System\GCYLfnL.exe
  C:\Windows\System\GCYLfnL.exe
  2⤵
  PID:2152
- C:\Windows\System\BpsMcju.exe
  C:\Windows\System\BpsMcju.exe
  2⤵
  PID:4456
- C:\Windows\System\FzeBMwo.exe
  C:\Windows\System\FzeBMwo.exe
  2⤵
  PID:2736
- C:\Windows\System\JZAVFYN.exe
  C:\Windows\System\JZAVFYN.exe
  2⤵
  PID:3840
- C:\Windows\System\PWrCGXc.exe
  C:\Windows\System\PWrCGXc.exe
  2⤵
  PID:4016
- C:\Windows\System\QbMYRHh.exe
  C:\Windows\System\QbMYRHh.exe
  2⤵
  PID:1488
- C:\Windows\System\UHQvgIV.exe
  C:\Windows\System\UHQvgIV.exe
  2⤵
  PID:2800
- C:\Windows\System\RvavZMy.exe
  C:\Windows\System\RvavZMy.exe
  2⤵
  PID:4524
- C:\Windows\System\Ldislhq.exe
  C:\Windows\System\Ldislhq.exe
  2⤵
  PID:1532
- C:\Windows\System\ioPamQL.exe
  C:\Windows\System\ioPamQL.exe
  2⤵
  PID:4272
- C:\Windows\System\IKuPzok.exe
  C:\Windows\System\IKuPzok.exe
  2⤵
  PID:4352
- C:\Windows\System\uYJKtlu.exe
  C:\Windows\System\uYJKtlu.exe
  2⤵
  PID:5016
- C:\Windows\System\mTIUcPw.exe
  C:\Windows\System\mTIUcPw.exe
  2⤵
  PID:1276
- C:\Windows\System\bGucRbu.exe
  C:\Windows\System\bGucRbu.exe
  2⤵
  PID:2844
- C:\Windows\System\yNXolfP.exe
  C:\Windows\System\yNXolfP.exe
  2⤵
  PID:2044
- C:\Windows\System\uJTCFcd.exe
  C:\Windows\System\uJTCFcd.exe
  2⤵
  PID:2256
- C:\Windows\System\iKzyuHb.exe
  C:\Windows\System\iKzyuHb.exe
  2⤵
  PID:1920
- C:\Windows\System\RCYpbbV.exe
  C:\Windows\System\RCYpbbV.exe
  2⤵
  PID:5084
- C:\Windows\System\tJFCtgI.exe
  C:\Windows\System\tJFCtgI.exe
  2⤵
  PID:2824
- C:\Windows\System\JHYXVjh.exe
  C:\Windows\System\JHYXVjh.exe
  2⤵
  PID:2524
- C:\Windows\System\mmUFCmC.exe
  C:\Windows\System\mmUFCmC.exe
  2⤵
  PID:2996
- C:\Windows\System\lIFoXQq.exe
  C:\Windows\System\lIFoXQq.exe
  2⤵
  PID:432
- C:\Windows\System\UNKgPXy.exe
  C:\Windows\System\UNKgPXy.exe
  2⤵
  PID:1004
- C:\Windows\System\LWXhhrz.exe
  C:\Windows\System\LWXhhrz.exe
  2⤵
  PID:2028
- C:\Windows\System\BMgyGLd.exe
  C:\Windows\System\BMgyGLd.exe
  2⤵
  PID:836
- C:\Windows\System\YkElkRN.exe
  C:\Windows\System\YkElkRN.exe
  2⤵
  PID:4668
- C:\Windows\System\TRyFrzj.exe
  C:\Windows\System\TRyFrzj.exe
  2⤵
  PID:2984
- C:\Windows\System\KwIIHoA.exe
  C:\Windows\System\KwIIHoA.exe
  2⤵
  PID:3604
- C:\Windows\System\ATCYLKM.exe
  C:\Windows\System\ATCYLKM.exe
  2⤵
  PID:2832
- C:\Windows\System\EMFwSUU.exe
  C:\Windows\System\EMFwSUU.exe
  2⤵
  PID:1948
- C:\Windows\System\FYUAPyT.exe
  C:\Windows\System\FYUAPyT.exe
  2⤵
  PID:5148
- C:\Windows\System\skMhGTx.exe
  C:\Windows\System\skMhGTx.exe
  2⤵
  PID:5172
- C:\Windows\System\uYueSYs.exe
  C:\Windows\System\uYueSYs.exe
  2⤵
  PID:5200
- C:\Windows\System\PRgTVyG.exe
  C:\Windows\System\PRgTVyG.exe
  2⤵
  PID:5228
- C:\Windows\System\wDnfbMh.exe
  C:\Windows\System\wDnfbMh.exe
  2⤵
  PID:5260
- C:\Windows\System\qpOJCra.exe
  C:\Windows\System\qpOJCra.exe
  2⤵
  PID:5284
- C:\Windows\System\qrlyBQM.exe
  C:\Windows\System\qrlyBQM.exe
  2⤵
  PID:5312
- C:\Windows\System\LbdVnrB.exe
  C:\Windows\System\LbdVnrB.exe
  2⤵
  PID:5340
- C:\Windows\System\wPeXMMj.exe
  C:\Windows\System\wPeXMMj.exe
  2⤵
  PID:5368
- C:\Windows\System\ovBdtyU.exe
  C:\Windows\System\ovBdtyU.exe
  2⤵
  PID:5396
- C:\Windows\System\oUTDrKB.exe
  C:\Windows\System\oUTDrKB.exe
  2⤵
  PID:5424
- C:\Windows\System\SXBmJVz.exe
  C:\Windows\System\SXBmJVz.exe
  2⤵
  PID:5452
- C:\Windows\System\yJStPCX.exe
  C:\Windows\System\yJStPCX.exe
  2⤵
  PID:5484
- C:\Windows\System\ZpYFXFH.exe
  C:\Windows\System\ZpYFXFH.exe
  2⤵
  PID:5508
- C:\Windows\System\OIrUxHW.exe
  C:\Windows\System\OIrUxHW.exe
  2⤵
  PID:5540
- C:\Windows\System\tNxnJHl.exe
  C:\Windows\System\tNxnJHl.exe
  2⤵
  PID:5564
- C:\Windows\System\vAceWuF.exe
  C:\Windows\System\vAceWuF.exe
  2⤵
  PID:5592
- C:\Windows\System\VKdjaNx.exe
  C:\Windows\System\VKdjaNx.exe
  2⤵
  PID:5620
- C:\Windows\System\jIfIyMt.exe
  C:\Windows\System\jIfIyMt.exe
  2⤵
  PID:5648
- C:\Windows\System\DFyoUgq.exe
  C:\Windows\System\DFyoUgq.exe
  2⤵
  PID:5676
- C:\Windows\System\OhdAZxB.exe
  C:\Windows\System\OhdAZxB.exe
  2⤵
  PID:5712
- C:\Windows\System\EnnkYxC.exe
  C:\Windows\System\EnnkYxC.exe
  2⤵
  PID:5736
- C:\Windows\System\BVWvNUH.exe
  C:\Windows\System\BVWvNUH.exe
  2⤵
  PID:5764
- C:\Windows\System\PGDzduh.exe
  C:\Windows\System\PGDzduh.exe
  2⤵
  PID:5792
- C:\Windows\System\lrAzYYe.exe
  C:\Windows\System\lrAzYYe.exe
  2⤵
  PID:5816
- C:\Windows\System\pkWKceM.exe
  C:\Windows\System\pkWKceM.exe
  2⤵
  PID:5844
- C:\Windows\System\NDdYrTy.exe
  C:\Windows\System\NDdYrTy.exe
  2⤵
  PID:5872
- C:\Windows\System\FnaQckk.exe
  C:\Windows\System\FnaQckk.exe
  2⤵
  PID:5888
- C:\Windows\System\LCBhhWn.exe
  C:\Windows\System\LCBhhWn.exe
  2⤵
  PID:5916
- C:\Windows\System\LMdNAVV.exe
  C:\Windows\System\LMdNAVV.exe
  2⤵
  PID:5956
- C:\Windows\System\TKYXnUG.exe
  C:\Windows\System\TKYXnUG.exe
  2⤵
  PID:5996
- C:\Windows\System\pKoRRXz.exe
  C:\Windows\System\pKoRRXz.exe
  2⤵
  PID:6020
- C:\Windows\System\FdsKfmW.exe
  C:\Windows\System\FdsKfmW.exe
  2⤵
  PID:6052
- C:\Windows\System\ZYekSuS.exe
  C:\Windows\System\ZYekSuS.exe
  2⤵
  PID:6080
- C:\Windows\System\MAQfrYa.exe
  C:\Windows\System\MAQfrYa.exe
  2⤵
  PID:6104
- C:\Windows\System\LbbtMtj.exe
  C:\Windows\System\LbbtMtj.exe
  2⤵
  PID:6132
- C:\Windows\System\yEHNhyU.exe
  C:\Windows\System\yEHNhyU.exe
  2⤵
  PID:5160
- C:\Windows\System\UGqIbZD.exe
  C:\Windows\System\UGqIbZD.exe
  2⤵
  PID:5216
- C:\Windows\System\LCpafhN.exe
  C:\Windows\System\LCpafhN.exe
  2⤵
  PID:5248
- C:\Windows\System\vuPJgCd.exe
  C:\Windows\System\vuPJgCd.exe
  2⤵
  PID:5328
- C:\Windows\System\rzidneE.exe
  C:\Windows\System\rzidneE.exe
  2⤵
  PID:5388
- C:\Windows\System\nQnkpUc.exe
  C:\Windows\System\nQnkpUc.exe
  2⤵
  PID:5460
- C:\Windows\System\lannGoT.exe
  C:\Windows\System\lannGoT.exe
  2⤵
  PID:5516
- C:\Windows\System\yvmMdWH.exe
  C:\Windows\System\yvmMdWH.exe
  2⤵
  PID:5580
- C:\Windows\System\gWKMPFl.exe
  C:\Windows\System\gWKMPFl.exe
  2⤵
  PID:5628
- C:\Windows\System\xUQKLMo.exe
  C:\Windows\System\xUQKLMo.exe
  2⤵
  PID:5688
- C:\Windows\System\gyWPHzv.exe
  C:\Windows\System\gyWPHzv.exe
  2⤵
  PID:5728
- C:\Windows\System\YJHixAB.exe
  C:\Windows\System\YJHixAB.exe
  2⤵
  PID:5860
- C:\Windows\System\PEFEfHv.exe
  C:\Windows\System\PEFEfHv.exe
  2⤵
  PID:5936
- C:\Windows\System\QTXZJgZ.exe
  C:\Windows\System\QTXZJgZ.exe
  2⤵
  PID:6016
- C:\Windows\System\obzLmBS.exe
  C:\Windows\System\obzLmBS.exe
  2⤵
  PID:6092
- C:\Windows\System\rQHJIuC.exe
  C:\Windows\System\rQHJIuC.exe
  2⤵
  PID:5128
- C:\Windows\System\fUuUmEQ.exe
  C:\Windows\System\fUuUmEQ.exe
  2⤵
  PID:5192
- C:\Windows\System\heKldcw.exe
  C:\Windows\System\heKldcw.exe
  2⤵
  PID:5360
- C:\Windows\System\DjzZgQI.exe
  C:\Windows\System\DjzZgQI.exe
  2⤵
  PID:5548
- C:\Windows\System\ciMmHNP.exe
  C:\Windows\System\ciMmHNP.exe
  2⤵
  PID:5640
- C:\Windows\System\iOvJDdY.exe
  C:\Windows\System\iOvJDdY.exe
  2⤵
  PID:5800
- C:\Windows\System\dWrYWQF.exe
  C:\Windows\System\dWrYWQF.exe
  2⤵
  PID:6004
- C:\Windows\System\jGYGmHp.exe
  C:\Windows\System\jGYGmHp.exe
  2⤵
  PID:1440
- C:\Windows\System\rPFcXcs.exe
  C:\Windows\System\rPFcXcs.exe
  2⤵
  PID:5496
- C:\Windows\System\JQuoZtZ.exe
  C:\Windows\System\JQuoZtZ.exe
  2⤵
  PID:5668
- C:\Windows\System\iOAgoPg.exe
  C:\Windows\System\iOAgoPg.exe
  2⤵
  PID:6116
- C:\Windows\System\aWbJaYD.exe
  C:\Windows\System\aWbJaYD.exe
  2⤵
  PID:6148
- C:\Windows\System\cpkNnav.exe
  C:\Windows\System\cpkNnav.exe
  2⤵
  PID:6176
- C:\Windows\System\OsWAGLc.exe
  C:\Windows\System\OsWAGLc.exe
  2⤵
  PID:6204
- C:\Windows\System\HJZaEtN.exe
  C:\Windows\System\HJZaEtN.exe
  2⤵
  PID:6232
- C:\Windows\System\HNfGpCF.exe
  C:\Windows\System\HNfGpCF.exe
  2⤵
  PID:6260
- C:\Windows\System\PKHvVLV.exe
  C:\Windows\System\PKHvVLV.exe
  2⤵
  PID:6288
- C:\Windows\System\IreYHjv.exe
  C:\Windows\System\IreYHjv.exe
  2⤵
  PID:6320
- C:\Windows\System\afuVxaA.exe
  C:\Windows\System\afuVxaA.exe
  2⤵
  PID:6348
- C:\Windows\System\KgCLbbB.exe
  C:\Windows\System\KgCLbbB.exe
  2⤵
  PID:6376
- C:\Windows\System\cuKSanP.exe
  C:\Windows\System\cuKSanP.exe
  2⤵
  PID:6404
- C:\Windows\System\kGgsWKz.exe
  C:\Windows\System\kGgsWKz.exe
  2⤵
  PID:6432
- C:\Windows\System\xQjPkbQ.exe
  C:\Windows\System\xQjPkbQ.exe
  2⤵
  PID:6460
- C:\Windows\System\vGLFNAu.exe
  C:\Windows\System\vGLFNAu.exe
  2⤵
  PID:6488
- C:\Windows\System\CDnFxBv.exe
  C:\Windows\System\CDnFxBv.exe
  2⤵
  PID:6516
- C:\Windows\System\LGlEdJM.exe
  C:\Windows\System\LGlEdJM.exe
  2⤵
  PID:6544
- C:\Windows\System\SszUMLS.exe
  C:\Windows\System\SszUMLS.exe
  2⤵
  PID:6576
- C:\Windows\System\mBpNCPy.exe
  C:\Windows\System\mBpNCPy.exe
  2⤵
  PID:6600
- C:\Windows\System\yZBXnvB.exe
  C:\Windows\System\yZBXnvB.exe
  2⤵
  PID:6628
- C:\Windows\System\bwQksot.exe
  C:\Windows\System\bwQksot.exe
  2⤵
  PID:6652
- C:\Windows\System\IOAwUnN.exe
  C:\Windows\System\IOAwUnN.exe
  2⤵
  PID:6668
- C:\Windows\System\ZERNPLO.exe
  C:\Windows\System\ZERNPLO.exe
  2⤵
  PID:6696
- C:\Windows\System\CCNzcfx.exe
  C:\Windows\System\CCNzcfx.exe
  2⤵
  PID:6728
- C:\Windows\System\ejnuOFc.exe
  C:\Windows\System\ejnuOFc.exe
  2⤵
  PID:6760
- C:\Windows\System\cHLHQPV.exe
  C:\Windows\System\cHLHQPV.exe
  2⤵
  PID:6784
- C:\Windows\System\tXLNgHs.exe
  C:\Windows\System\tXLNgHs.exe
  2⤵
  PID:6824
- C:\Windows\System\dknFhLk.exe
  C:\Windows\System\dknFhLk.exe
  2⤵
  PID:6852
- C:\Windows\System\diCfnpG.exe
  C:\Windows\System\diCfnpG.exe
  2⤵
  PID:6868
- C:\Windows\System\vwMtRQA.exe
  C:\Windows\System\vwMtRQA.exe
  2⤵
  PID:6904
- C:\Windows\System\QzwGFJq.exe
  C:\Windows\System\QzwGFJq.exe
  2⤵
  PID:6928
- C:\Windows\System\DiOhARG.exe
  C:\Windows\System\DiOhARG.exe
  2⤵
  PID:6952
- C:\Windows\System\lTJSsQx.exe
  C:\Windows\System\lTJSsQx.exe
  2⤵
  PID:6988
- C:\Windows\System\BEJBjch.exe
  C:\Windows\System\BEJBjch.exe
  2⤵
  PID:7016
- C:\Windows\System\ToBIFay.exe
  C:\Windows\System\ToBIFay.exe
  2⤵
  PID:7036
- C:\Windows\System\tVSRDse.exe
  C:\Windows\System\tVSRDse.exe
  2⤵
  PID:7072
- C:\Windows\System\WmYDngb.exe
  C:\Windows\System\WmYDngb.exe
  2⤵
  PID:7096
- C:\Windows\System\hHaLmub.exe
  C:\Windows\System\hHaLmub.exe
  2⤵
  PID:7124
- C:\Windows\System\YyvauuB.exe
  C:\Windows\System\YyvauuB.exe
  2⤵
  PID:7148
- C:\Windows\System\oqfdXFM.exe
  C:\Windows\System\oqfdXFM.exe
  2⤵
  PID:6160
- C:\Windows\System\RPfGJtl.exe
  C:\Windows\System\RPfGJtl.exe
  2⤵
  PID:6200
- C:\Windows\System\TxwoDdM.exe
  C:\Windows\System\TxwoDdM.exe
  2⤵
  PID:6284
- C:\Windows\System\PfBZxyZ.exe
  C:\Windows\System\PfBZxyZ.exe
  2⤵
  PID:6340
- C:\Windows\System\HhhGGiu.exe
  C:\Windows\System\HhhGGiu.exe
  2⤵
  PID:6400
- C:\Windows\System\tAdtYEB.exe
  C:\Windows\System\tAdtYEB.exe
  2⤵
  PID:6472
- C:\Windows\System\zpGyMNW.exe
  C:\Windows\System\zpGyMNW.exe
  2⤵
  PID:6564
- C:\Windows\System\VlmTGxR.exe
  C:\Windows\System\VlmTGxR.exe
  2⤵
  PID:6636
- C:\Windows\System\WQmZCre.exe
  C:\Windows\System\WQmZCre.exe
  2⤵
  PID:6688
- C:\Windows\System\CRYNXaf.exe
  C:\Windows\System\CRYNXaf.exe
  2⤵
  PID:6768
- C:\Windows\System\nxvEues.exe
  C:\Windows\System\nxvEues.exe
  2⤵
  PID:6836
- C:\Windows\System\NKgzXSN.exe
  C:\Windows\System\NKgzXSN.exe
  2⤵
  PID:6896
- C:\Windows\System\pbasdsS.exe
  C:\Windows\System\pbasdsS.exe
  2⤵
  PID:6964
- C:\Windows\System\TYTKmPK.exe
  C:\Windows\System\TYTKmPK.exe
  2⤵
  PID:7032
- C:\Windows\System\HwSUlUt.exe
  C:\Windows\System\HwSUlUt.exe
  2⤵
  PID:7104
- C:\Windows\System\QHdDblx.exe
  C:\Windows\System\QHdDblx.exe
  2⤵
  PID:7160
- C:\Windows\System\kPWrDKu.exe
  C:\Windows\System\kPWrDKu.exe
  2⤵
  PID:6188
- C:\Windows\System\THhJsQJ.exe
  C:\Windows\System\THhJsQJ.exe
  2⤵
  PID:6388
- C:\Windows\System\NWNtCYi.exe
  C:\Windows\System\NWNtCYi.exe
  2⤵
  PID:6536
- C:\Windows\System\giSLIsY.exe
  C:\Windows\System\giSLIsY.exe
  2⤵
  PID:6680
- C:\Windows\System\VzucyCI.exe
  C:\Windows\System\VzucyCI.exe
  2⤵
  PID:6864
- C:\Windows\System\FjRQkFd.exe
  C:\Windows\System\FjRQkFd.exe
  2⤵
  PID:7008
- C:\Windows\System\dqyjiWA.exe
  C:\Windows\System\dqyjiWA.exe
  2⤵
  PID:7144
- C:\Windows\System\DwdtWrK.exe
  C:\Windows\System\DwdtWrK.exe
  2⤵
  PID:6444
- C:\Windows\System\OPDWrjJ.exe
  C:\Windows\System\OPDWrjJ.exe
  2⤵
  PID:6816
- C:\Windows\System\kvFXDpn.exe
  C:\Windows\System\kvFXDpn.exe
  2⤵
  PID:7108
- C:\Windows\System\DJcPRKS.exe
  C:\Windows\System\DJcPRKS.exe
  2⤵
  PID:7092
- C:\Windows\System\fmFMDmo.exe
  C:\Windows\System\fmFMDmo.exe
  2⤵
  PID:7176
- C:\Windows\System\hFirzBC.exe
  C:\Windows\System\hFirzBC.exe
  2⤵
  PID:7192
- C:\Windows\System\zKkayHv.exe
  C:\Windows\System\zKkayHv.exe
  2⤵
  PID:7216
- C:\Windows\System\AOcsSbb.exe
  C:\Windows\System\AOcsSbb.exe
  2⤵
  PID:7248
- C:\Windows\System\ainxoRq.exe
  C:\Windows\System\ainxoRq.exe
  2⤵
  PID:7276
- C:\Windows\System\OsAyCXD.exe
  C:\Windows\System\OsAyCXD.exe
  2⤵
  PID:7316
- C:\Windows\System\OKzIbTO.exe
  C:\Windows\System\OKzIbTO.exe
  2⤵
  PID:7332
- C:\Windows\System\waOihDJ.exe
  C:\Windows\System\waOihDJ.exe
  2⤵
  PID:7364
- C:\Windows\System\CZwjKSQ.exe
  C:\Windows\System\CZwjKSQ.exe
  2⤵
  PID:7392
- C:\Windows\System\IMhPEve.exe
  C:\Windows\System\IMhPEve.exe
  2⤵
  PID:7416
- C:\Windows\System\VmnguPS.exe
  C:\Windows\System\VmnguPS.exe
  2⤵
  PID:7448
- C:\Windows\System\rUDxowI.exe
  C:\Windows\System\rUDxowI.exe
  2⤵
  PID:7472
- C:\Windows\System\EYNqjPs.exe
  C:\Windows\System\EYNqjPs.exe
  2⤵
  PID:7500
- C:\Windows\System\CVNarXF.exe
  C:\Windows\System\CVNarXF.exe
  2⤵
  PID:7544
- C:\Windows\System\eurzuhG.exe
  C:\Windows\System\eurzuhG.exe
  2⤵
  PID:7568
- C:\Windows\System\mXDtaMQ.exe
  C:\Windows\System\mXDtaMQ.exe
  2⤵
  PID:7596
- C:\Windows\System\dochuJc.exe
  C:\Windows\System\dochuJc.exe
  2⤵
  PID:7624
- C:\Windows\System\VJzqxFW.exe
  C:\Windows\System\VJzqxFW.exe
  2⤵
  PID:7652
- C:\Windows\System\TFMEAhv.exe
  C:\Windows\System\TFMEAhv.exe
  2⤵
  PID:7676
- C:\Windows\System\gwThyah.exe
  C:\Windows\System\gwThyah.exe
  2⤵
  PID:7700
- C:\Windows\System\MctqrXk.exe
  C:\Windows\System\MctqrXk.exe
  2⤵
  PID:7724
- C:\Windows\System\VcoAJKO.exe
  C:\Windows\System\VcoAJKO.exe
  2⤵
  PID:7756
- C:\Windows\System\kVcPPCn.exe
  C:\Windows\System\kVcPPCn.exe
  2⤵
  PID:7792
- C:\Windows\System\orcQeNG.exe
  C:\Windows\System\orcQeNG.exe
  2⤵
  PID:7812
- C:\Windows\System\qtkMdxs.exe
  C:\Windows\System\qtkMdxs.exe
  2⤵
  PID:7836
- C:\Windows\System\pRCPYRX.exe
  C:\Windows\System\pRCPYRX.exe
  2⤵
  PID:7864
- C:\Windows\System\tWMhPBh.exe
  C:\Windows\System\tWMhPBh.exe
  2⤵
  PID:7892
- C:\Windows\System\BHIstDB.exe
  C:\Windows\System\BHIstDB.exe
  2⤵
  PID:7920
- C:\Windows\System\ISMDHZT.exe
  C:\Windows\System\ISMDHZT.exe
  2⤵
  PID:7948
- C:\Windows\System\qGKsxVP.exe
  C:\Windows\System\qGKsxVP.exe
  2⤵
  PID:7972
- C:\Windows\System\ZDHzAas.exe
  C:\Windows\System\ZDHzAas.exe
  2⤵
  PID:8000
- C:\Windows\System\XaFvziB.exe
  C:\Windows\System\XaFvziB.exe
  2⤵
  PID:8032
- C:\Windows\System\yjrGlcQ.exe
  C:\Windows\System\yjrGlcQ.exe
  2⤵
  PID:8064
- C:\Windows\System\PSTRdqd.exe
  C:\Windows\System\PSTRdqd.exe
  2⤵
  PID:8088
- C:\Windows\System\ncZaMJe.exe
  C:\Windows\System\ncZaMJe.exe
  2⤵
  PID:8108
- C:\Windows\System\elNPRUp.exe
  C:\Windows\System\elNPRUp.exe
  2⤵
  PID:8144
- C:\Windows\System\JuFupaV.exe
  C:\Windows\System\JuFupaV.exe
  2⤵
  PID:8172
- C:\Windows\System\BuojfwH.exe
  C:\Windows\System\BuojfwH.exe
  2⤵
  PID:7188
- C:\Windows\System\mSWrhVq.exe
  C:\Windows\System\mSWrhVq.exe
  2⤵
  PID:7260
- C:\Windows\System\ikLXYMg.exe
  C:\Windows\System\ikLXYMg.exe
  2⤵
  PID:7324
- C:\Windows\System\ueBxpmM.exe
  C:\Windows\System\ueBxpmM.exe
  2⤵
  PID:7376
- C:\Windows\System\pyCjsXc.exe
  C:\Windows\System\pyCjsXc.exe
  2⤵
  PID:7444
- C:\Windows\System\zzIwjlO.exe
  C:\Windows\System\zzIwjlO.exe
  2⤵
  PID:7484
- C:\Windows\System\ktktLUd.exe
  C:\Windows\System\ktktLUd.exe
  2⤵
  PID:7580
- C:\Windows\System\PQUuhaX.exe
  C:\Windows\System\PQUuhaX.exe
  2⤵
  PID:7644
- C:\Windows\System\BGmLITv.exe
  C:\Windows\System\BGmLITv.exe
  2⤵
  PID:7672
- C:\Windows\System\maBmWRp.exe
  C:\Windows\System\maBmWRp.exe
  2⤵
  PID:7740
- C:\Windows\System\tCzhfzn.exe
  C:\Windows\System\tCzhfzn.exe
  2⤵
  PID:7808
- C:\Windows\System\CfYmRgt.exe
  C:\Windows\System\CfYmRgt.exe
  2⤵
  PID:7888
- C:\Windows\System\VpIqxga.exe
  C:\Windows\System\VpIqxga.exe
  2⤵
  PID:7988
- C:\Windows\System\jBpjWOE.exe
  C:\Windows\System\jBpjWOE.exe
  2⤵
  PID:8020
- C:\Windows\System\pEbzQGa.exe
  C:\Windows\System\pEbzQGa.exe
  2⤵
  PID:8080
- C:\Windows\System\iansLqS.exe
  C:\Windows\System\iansLqS.exe
  2⤵
  PID:8136
- C:\Windows\System\hwJDvIN.exe
  C:\Windows\System\hwJDvIN.exe
  2⤵
  PID:7200
- C:\Windows\System\EkfPFeq.exe
  C:\Windows\System\EkfPFeq.exe
  2⤵
  PID:7300
- C:\Windows\System\lqQTJDL.exe
  C:\Windows\System\lqQTJDL.exe
  2⤵
  PID:1972
- C:\Windows\System\wJCXqIM.exe
  C:\Windows\System\wJCXqIM.exe
  2⤵
  PID:7616
- C:\Windows\System\vkmmtBa.exe
  C:\Windows\System\vkmmtBa.exe
  2⤵
  PID:7780
- C:\Windows\System\jSDRvZN.exe
  C:\Windows\System\jSDRvZN.exe
  2⤵
  PID:7912
- C:\Windows\System\Dcbyeuf.exe
  C:\Windows\System\Dcbyeuf.exe
  2⤵
  PID:8044
- C:\Windows\System\kVVxipf.exe
  C:\Windows\System\kVVxipf.exe
  2⤵
  PID:7408
- C:\Windows\System\gAqudhZ.exe
  C:\Windows\System\gAqudhZ.exe
  2⤵
  PID:7744
- C:\Windows\System\hknKseL.exe
  C:\Windows\System\hknKseL.exe
  2⤵
  PID:8116
- C:\Windows\System\yOFUkDS.exe
  C:\Windows\System\yOFUkDS.exe
  2⤵
  PID:7404
- C:\Windows\System\cnzlibL.exe
  C:\Windows\System\cnzlibL.exe
  2⤵
  PID:8196
- C:\Windows\System\kcSNSSW.exe
  C:\Windows\System\kcSNSSW.exe
  2⤵
  PID:8224
- C:\Windows\System\gIfSgVy.exe
  C:\Windows\System\gIfSgVy.exe
  2⤵
  PID:8264
- C:\Windows\System\nGSdrDh.exe
  C:\Windows\System\nGSdrDh.exe
  2⤵
  PID:8280
- C:\Windows\System\SiWFLtx.exe
  C:\Windows\System\SiWFLtx.exe
  2⤵
  PID:8300
- C:\Windows\System\dScbBiQ.exe
  C:\Windows\System\dScbBiQ.exe
  2⤵
  PID:8320
- C:\Windows\System\lsnxPsm.exe
  C:\Windows\System\lsnxPsm.exe
  2⤵
  PID:8356
- C:\Windows\System\DyvibUk.exe
  C:\Windows\System\DyvibUk.exe
  2⤵
  PID:8380
- C:\Windows\System\xgyVrbF.exe
  C:\Windows\System\xgyVrbF.exe
  2⤵
  PID:8404
- C:\Windows\System\kZkIudC.exe
  C:\Windows\System\kZkIudC.exe
  2⤵
  PID:8432
- C:\Windows\System\YHHuzYk.exe
  C:\Windows\System\YHHuzYk.exe
  2⤵
  PID:8464
- C:\Windows\System\rIHkTjh.exe
  C:\Windows\System\rIHkTjh.exe
  2⤵
  PID:8488
- C:\Windows\System\nUCwJXm.exe
  C:\Windows\System\nUCwJXm.exe
  2⤵
  PID:8524
- C:\Windows\System\dbnqOxZ.exe
  C:\Windows\System\dbnqOxZ.exe
  2⤵
  PID:8548
- C:\Windows\System\alLODnc.exe
  C:\Windows\System\alLODnc.exe
  2⤵
  PID:8564
- C:\Windows\System\hrLYKNU.exe
  C:\Windows\System\hrLYKNU.exe
  2⤵
  PID:8580
- C:\Windows\System\gLYDjfC.exe
  C:\Windows\System\gLYDjfC.exe
  2⤵
  PID:8616
- C:\Windows\System\drwKygn.exe
  C:\Windows\System\drwKygn.exe
  2⤵
  PID:8640
- C:\Windows\System\zvhhZWA.exe
  C:\Windows\System\zvhhZWA.exe
  2⤵
  PID:8672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CIdrqFC.exe

Filesize
2.1MB

MD5
0e83797a6d9b8cf50a66626511f13e0b

SHA1
697119d9ce457ca6cf24b58e82236874e1b02f4c

SHA256
a4036d668fa52b423c334b73feb3e258f36a247128a9ffcc7c89761d59c98fe6

SHA512
cecf6e7982c822031417e2ed99b63aae7d0cb352165b66bb41df30cf81deea7a7bba0afbd46b543d871b51e03e3b8ec7022455a0687b4fb89a0399ca53b806f9

Download Submit
C:\Windows\System\EJShexr.exe

Filesize
2.1MB

MD5
3c778aa094c8e2e7828a90549baa7d1b

SHA1
ab8c5ce9e785a9406c8f908775b5a6ec48863b10

SHA256
cbb064e1512f77e3bda10554941a7340216e5f86525d0da92742d1d358229caa

SHA512
4691051a11ca983a9ad4db7b1e52074d52b62a8590f2a62046ac286f29a3e024824ec16b01c7edf37fd130dcdc6c70028267686537f0550ccc96eb9851da9c92

Download Submit
C:\Windows\System\FRIxYcK.exe

Filesize
2.1MB

MD5
732142c9fc5f61fc8b205ead9a8d5668

SHA1
168a66a771ab6706dc222ac785bd7ac6aaf37f68

SHA256
a4d51b3b06159fa73d1e52b6e0fd975a416e77514f128e6daadce45eab2d3398

SHA512
0d9330834ce81a1a2347947576b5f328fb129444c7e198472d6a227a90bfd9107f309df542eb064925dc5670b5c32a280ccf1a71278ae9285d0ec82bff5786b8

Download Submit
C:\Windows\System\JYwhoOV.exe

Filesize
2.1MB

MD5
9afc6a05ad4a6e77daf536a842620230

SHA1
9bbd741323f27aa6c74b06e4c2f02ee344665286

SHA256
51666cf6920c48624edf34ba2479d64ae161c2809d592476952b87c6a1eba928

SHA512
c5eb54ce132b6fb97d874ffe4bb21810583c516419f44cc471549bf935b946fa9af7a18f698ce3ff860d04e4e051af875717310adde5628131e0efb43bfd59c7

Download Submit
C:\Windows\System\KXJNknG.exe

Filesize
2.1MB

MD5
5a78b4f621013c9a3b5b52fc6baece20

SHA1
a3fa45a9678e2323ddf1c82eac1ae16a83b0fa1c

SHA256
c9056a7fc137572d08fed3726f85008a9c24d543d87514e2c10bbde06c589d6f

SHA512
a72f237705235946dae22f2b94660493ddefd2ba060e24c43d5562d58c0d714c089eb60440a8b5599c9fa2a2902b33150db1548133a08ce281819915ed58b120

Download Submit
C:\Windows\System\ORBGkBG.exe

Filesize
2.1MB

MD5
74f91912d2d03fc17dd27b32b52f6fb6

SHA1
f7dfbfc1a9b619be1c27c1fa4648444f667e0351

SHA256
a5de96dc001b02606adb5011de42c35138247cf9b0065919ffdd510ad7bf09c3

SHA512
67fb1d7a6d7d445c7038f27606ad4c212662a9653333dceb96622967bb23b35a053846563bb01c570977c6a5e35cf1771c74a3ebb49d28aa21916082c98da29b

Download Submit
C:\Windows\System\QsWvhMF.exe

Filesize
2.1MB

MD5
3d0e4d86c2f262ee6dc8ca5e5ccc5f00

SHA1
9bf83a05c7d2b11026f181a1370e58a2ae2a21ba

SHA256
05f7bbb465896c258b84e372cab2d771d980d6869946500300b1c4a512e9f3ab

SHA512
f3d651411bd9529769c4b33cb0eaf315dc3144c027569052fe21e79da06e8793a1c09c298f97fe13ba79ddbf04ed73cb3359f09b8476df341cec5d8af3a40f45

Download Submit
C:\Windows\System\UUvQSjy.exe

Filesize
2.1MB

MD5
bfe53aa36d754c08e6e803d96c78f872

SHA1
052cd5686471446c1c2dc4ea6e73245987e90032

SHA256
9089658822785fb515f0a79b927aa25a63a2adb230c3e9649ab1c48620672656

SHA512
ae70de169bf0ee58ad307322320e2937880cc1fbbd7f5520d463b4913518cd28c67a2fbb609963f0e4831f815f8e5aa315cbe5f32b1d84552ca48497cd66acbf

Download Submit
C:\Windows\System\VmsrLZs.exe

Filesize
2.1MB

MD5
cec061c274512a8a91be0d1150499145

SHA1
816037d2105a71c01083628f314b6d370622280b

SHA256
99467d288d1d7b0565f6a22fc5fb166a452997bb27d7d0f8400affb67fc8c5e2

SHA512
cd35c0059e977fdabfb946f5ba188c57b87cb01fc71b6a0f11928e1a24621d90ceaee88fc44a3ff6a22a1097781308235a82c37ce38601685d543f43640b294e

Download Submit
C:\Windows\System\ZKyKpcV.exe

Filesize
2.1MB

MD5
7e2507d43d1502a4669be4f0f96608da

SHA1
6efb9a7795c67cf903bedd4127b2ab04c77964f3

SHA256
d455e8708a0f6ad7a563e53f3b60c014e138d3ee01f00e451e2a6c6ea37cbf5a

SHA512
5ff7d280339bb20b7bfd79ed03684ec9d7bede24038c7eae8cf8dd1bc6559c40ba4c11a2f3ea7b7edff65c36c596d74e34bbff26b4033c3970b1228eb7674414

Download Submit
C:\Windows\System\ZhjNgqx.exe

Filesize
2.1MB

MD5
56caf0141a4b40f96f2b8030a74d35d9

SHA1
05b46be522654c94583d145adf4928b4460567a6

SHA256
26f4b54f50b81802e760e04c47dbdf01966c54c2d264e9e6666b8223b1c8fe67

SHA512
cadd8a145bde749fbd29f63a1ffeca6c0bb8fe7535ba3304045f3cb8dbe6704b3ce4d41a693b3a558f3cc71d6f3401303fd5791b546d841f656181aae8433a87

Download Submit
C:\Windows\System\ZzuKbte.exe

Filesize
2.1MB

MD5
5dde898737dca79e6c8b988bc4cc4c63

SHA1
7d82e2e3d6bedfb171cc5c9e49e0c041eb48d5d2

SHA256
f87cdf88e7c5de7db6374afaac82213745e636267480c6573ccb516ceb91e7b0

SHA512
35ae2ef5831c3e8d8a236731d3dcb5852f4bc49b960892e51c9dc50ff15c1fde88aed58d2c249170c44caa6a3fad1c9c5eedd89ee7da9e86e686c9467eeb28cd

Download Submit
C:\Windows\System\bkdktZu.exe

Filesize
2.1MB

MD5
09940223954079c914e4abab80fcef2d

SHA1
559da23a57d8738736d9c6330bbf9214a7089b9f

SHA256
cf94173f4cbbcada00c4b39ad9f9c08c8d4650122169070d26ede2435f7c7e03

SHA512
5c071f8437e068cb922e8e1acf49d51f590582c1b6b212c79fec30a548823717d024e7f519a227764200a5554558711b2e0a42d56a47189623738d640dcf4092

Download Submit
C:\Windows\System\dKPIHjF.exe

Filesize
2.1MB

MD5
20af0d244ad364d4cb00ba22e054c18c

SHA1
d18dc8eff369a92e7d62e213169a385ae98d5330

SHA256
b8f882ecc9769d21db541fcfd8ab9b5dc65671ab35984cd876df3393ba4ed1da

SHA512
387e9e31d355f319681f40112a9f9b808241f23370d5ce1b205c7ad9ae7cdd3078160f3c4282bb740752f9b8543ebb5ee1337e7bfe46cb08b02bcb2faf8149b9

Download Submit
C:\Windows\System\dLmITmZ.exe

Filesize
2.1MB

MD5
eed35f0db751afd390324d7e8cba4c13

SHA1
2b3db7f9b1998ba42202aff58491be63c7bb2161

SHA256
e040f85268c21dbc51a84aa4f7e49bb3ff7534303b89dbe4f7a735de5f80efab

SHA512
88027d29f000134f41e384194837e26c67ccf79fe3cc1399d060d545db950d78fca69ea1ee7bbb2e2d3b0eb99644facd338bea73e721a5aa0ca0250dd8ff11ad

Download Submit
C:\Windows\System\dofSKUV.exe

Filesize
2.1MB

MD5
5506c794a32a5ec99a42afc34c7a3b99

SHA1
1c12382e3a5a0da9f4085a5975c77b7e7df08255

SHA256
1cac18700260d01e7eca9d0b666ae32be2aaed056e5e779595e9d80781c7bed0

SHA512
63fded0255665d50c41fa6492ed81edfa272235f7c23a2ebe86f83364c27774b97a33497be168e588f37f4fd8ffc2602b1d43e45394afb42cc5b193c664e9a0a

Download Submit
C:\Windows\System\fpsUIed.exe

Filesize
2.1MB

MD5
94eb573fb0f9b04be6179772311103b3

SHA1
5ccd766b3c6aebf9bb0feb9efd61c62a354641bd

SHA256
2a8cb684d70cd106669da229b1fc5fb934a2667840ec4872247b0603e8b2c217

SHA512
f08849e8601742bfc98739167b70f0dde19c8bc55382b67d64d99ebcb34b172d99be2a4947c818fec56dd826add38aada0f5fc36661d005b4ad2360cf7ba7a4e

Download Submit
C:\Windows\System\gYQWJbm.exe

Filesize
2.1MB

MD5
f28c2a1534f0f92fca322bf08f760cfe

SHA1
b8fb3bd9b9f959078d20f992e17652f0899112c1

SHA256
fb45530db31fd06d37e2f5135e8a0488e759f23ad2140350d32383c0d434e01d

SHA512
18a19997929c8f4a3d5ed1bac763ab23b811325778ea4322734e5ad75a0e492dd11ca47b423faa987fb03babff29522c8ecb37d3dbbb0aa5080a45885da8720c

Download Submit
C:\Windows\System\iHhtGHk.exe

Filesize
2.1MB

MD5
c1acc4a0efd13fc57b282e2648a6b0d2

SHA1
726a03d0406d3ef47c71d344b7285f05b1ee03d7

SHA256
c473e2c9bdee3d110fc63aa01b1e251590ac6cf9964636e90869c4296fb1d4d0

SHA512
c369bc1e8e0a6a56ca6b2023e7251e21ff7284604d06e7fb536c6cf89cf0f202658583d6cac30cd6c5583f75df153d16727e5744e1cab15fbcc36855e86b8c88

Download Submit
C:\Windows\System\jXzbiZR.exe

Filesize
2.1MB

MD5
5f87b52509052c9256a947e95f194068

SHA1
597d530687cc8651b248a1f09f980012921786ff

SHA256
4a99a4cbdbafbc4069bd39218f731b3f11d44bc31bdca60070234acc4f717f30

SHA512
315785a130aa4d767cd77e79519a69953e8dca80c5eb448c3b9c9dbe0532ef0e97d625d98d4b6d65aa68f1980f56ef052cc3efb278605d30590a891e5aa426f3

Download Submit
C:\Windows\System\mdNgjXd.exe

Filesize
2.1MB

MD5
c8e65dec8a699f1c83178366a8df301e

SHA1
c02b9e656b9406049d562b1000a8ea8f6baf02ca

SHA256
70f0698178b0db836a4e5f6eac0fe17b670ec587bdf17957c530d10605fb3ddd

SHA512
34f8b2ab9828f6a1458d7e9db9eb2dbc65521251ce922ddb19f3cbc861691cd0bedc419857bec0f6e20c675fa2f6647c5a4af70560b6b932a74673e5f392ec13

Download Submit
C:\Windows\System\mzzsguM.exe

Filesize
2.1MB

MD5
efed91646287bb99c494684ebeaeeae4

SHA1
6eca3622d24111012342e3a0800f0d0e01e553cd

SHA256
07e7bf7fbb824dedbee6e4fcb2e1eb6b661f140b42d918621e2975b70268d9fc

SHA512
83e0130f2e74ecf5a2330b2f9a769ec52663725401438b1098ca428797d0634c4be0a8f69f6f4d93278edaea38156828e003897a4ed2e9bfa1a3d3bb5043ac99

Download Submit
C:\Windows\System\nAdFDyd.exe

Filesize
2.1MB

MD5
8eb44448f1d66f31cb157939305c4d04

SHA1
eee95444560fa67285a4d8a34cdd07995f878cc9

SHA256
a8e248e7b8c37fda7c8e5addc1b2bb63e72dbb5de3ac8125dd50a2946845696b

SHA512
f885fa4e993cad3e0dd362910932e699d338f11f2c26ece0fdf5e04137077c085bb84fcacd9731e894887aa2e2359b9cd236e56b7fccab5df1064709621940e4

Download Submit
C:\Windows\System\nWNzYzI.exe

Filesize
2.1MB

MD5
761d991c17ff930ecbea502285239954

SHA1
f92698380b858f9ca2089b511601ee4a0f85e21e

SHA256
60f131adabb31dbf788a6654a1511c753ef5c8ae76c8a0cfb9cf3c52bd24f8d1

SHA512
4688d73ee9f48a068bbbc401d4aa74402a4f30aae8e44c522ec73df5e46088ca7e0de82c69351e07905e8eaf97297a563188efdbb3db4e909589e13dccf8b69f

Download Submit
C:\Windows\System\olNIfZH.exe

Filesize
2.1MB

MD5
25048404e29226d63ec027b94c906387

SHA1
f0cb8a62885482f1107ad70ae020db4803e932c3

SHA256
fcfffa5175c376be129887ec19988e91614e26f3b2aa9697b6deaabee4e9701e

SHA512
43e4e35f4fd4f8fd7efb2efb007fd54b3d03c1660a1e2028fccb2fefb775489d18b5bc2734d5ec2ec160cf80f726c7f74e62c92d658953945c0e448034856e4a

Download Submit
C:\Windows\System\stXEOqp.exe

Filesize
2.1MB

MD5
02278f780fc1689cac1c059fdc3455e2

SHA1
106d47d3321d4425d2694e567f40af6c3e208fee

SHA256
74a5e5d7e0be3008a52e2de8893e68bec3e6eec3f6c684c2403756c50083151b

SHA512
e8f9616a2e450a7f1bafc5e3f03584642bf9e41e8d6f300772f19df3d8f8f156863e863aaf54d68703fee7329e3348894e123878d0789a6dfcd9cd619d720c9a

Download Submit
C:\Windows\System\tRzCjmx.exe

Filesize
2.1MB

MD5
5f33833a5f9012f1b9ba98766ee7a6b4

SHA1
fdfab8e9c811431600bb664c99bef03ecaec755b

SHA256
1369ddeb3815c1cb01b298f2e514e94edb3d7fcfa3a2a52ccce9cc7e97792052

SHA512
22b4768c90789d768925b66f70d4d95d4a436bfc549566b4a62641d0fa441b1b5be4be0fd4f66229e6db57202412f25da14f382b0b18cca06248269dd75ac916

Download Submit
C:\Windows\System\tSLFHsz.exe

Filesize
2.1MB

MD5
2f25fd742ca8d82b8d40beef76d73ba9

SHA1
e2830236e8049ac30d5ce5296c0a62c24108bd38

SHA256
fc68797ec15cdc37f4fc105c89291d10dfc1ee79493b5e935150663350414c04

SHA512
46560e1e7d52d5e7c7389440fc001809b5c3ee239cc5d41cec38b7fd030b1400c6b495b8ba889e908b2820904353cd69bef8718440cae815a4e718ff266ec732

Download Submit
C:\Windows\System\tbRCtZe.exe

Filesize
2.1MB

MD5
d49b5eb65c2f944deb0295118e97a3b9

SHA1
a5cb81fe8eaae070a61bbc162652f16f3d08811f

SHA256
f596fd26e3616b950a226cf97ec82d1d1f25ab87527036e6190516b555678669

SHA512
b6ccd13e61ffb311c1d220fe1e1c5c3998b0b6ff14f09c02102ee4cceaf19ff31f5b549282b163e2f27a7940d14ef292f9fa5aa91defadd403e968d47a0ef546

Download Submit
C:\Windows\System\tspvYpU.exe

Filesize
2.1MB

MD5
f5cbe0dfd310a3128ff7250f68ed90ba

SHA1
6a4be9607f4f99f59b52013f6501999e2d6b1172

SHA256
ceec0fdf5c1f4de1fe1ad6519a9ba10da049901dd6d1daf093e84b22fd254360

SHA512
3d3df151b9d5579441d3a58b0d7778c16455cb60123c789365994e9ba96f2fd3a5cb1db6fff147ec4f6117948b28b5aeeb013b6951e535e18f98e3a6e776cc36

Download Submit
C:\Windows\System\uUbVwgf.exe

Filesize
2.1MB

MD5
7282ad56917abeaf0f131c40f201c6b9

SHA1
010226e8e9fa95ee8d41742503e229819dae0852

SHA256
4915cb850a44da2cc4b63e5665248426c5fa77b800b65465ded74231bfc5ee8f

SHA512
b95601ec5dc2d9f084604a6e2c2a923e7a863a6f6f1d68eb2e412f2b62636796f187664085d0348077a56309c5b6746e8e138ad59d42c892d00c7e14f0b4f040

Download Submit
C:\Windows\System\vrvNnJG.exe

Filesize
2.1MB

MD5
92f7dfe88b9758945f615231aff357d6

SHA1
6ddb0d8f91b3df1122a92709e9c38759b594cac8

SHA256
0fae763f66af4c6b1fc6b8f8f4c3c084756d6122cde41d723fa423c499c10d00

SHA512
f07a65d928f4a16d67b13bb282ee6759f02f6e9882d090b751bdcb952520b3607a9ce9c0197a983e2caed623671eceba4b1591104540262fa7cf4df0e6b4470f

Download Submit
C:\Windows\System\yMovCuJ.exe

Filesize
2.1MB

MD5
d17eb17f51255787f099b1d6fa387672

SHA1
895edc95deba7226ae3891407e4ca3d7ad3142bf

SHA256
658716151a4726e6be89a4a1366a62404c14e958e88249df505826d976d1800f

SHA512
aa26d6cdaf6d19028287918a5b267f2c9fe243ffb0ad4e0099bd7d9419b2702736c5356ca6650adc5338d677ca8a3cd0d82123ef6c98d38a96814d3547d32ffc

Download Submit
memory/3524-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download