kpot | 5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
Size

2.1MB
MD5

88c3d2ef3b3f926f1601aa1a06f84680
SHA1

e9ab709839bb139de11defa7ea9135d453ccf5f1
SHA256

5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b
SHA512

11e1318dc1f82804437a1be525dfd5d55cf47dd740562ba81b84364fe6de99c5d273003cbb91f5c9f516ef2e99d591c961df15ef1558c86296a6f4b29834058a
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rE7:GemTLkNdfE0pZaQ8

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000500000002326f-4.dat	family_kpot
behavioral2/files/0x00080000000233d9-7.dat	family_kpot
behavioral2/files/0x00070000000233dd-15.dat	family_kpot
behavioral2/files/0x00070000000233de-20.dat	family_kpot
behavioral2/files/0x00070000000233df-23.dat	family_kpot
behavioral2/files/0x00070000000233e1-35.dat	family_kpot
behavioral2/files/0x00070000000233e0-33.dat	family_kpot
behavioral2/files/0x00070000000233e2-40.dat	family_kpot
behavioral2/files/0x00070000000233e3-42.dat	family_kpot
behavioral2/files/0x00080000000233da-47.dat	family_kpot
behavioral2/files/0x00070000000233e4-52.dat	family_kpot
behavioral2/files/0x00070000000233e5-60.dat	family_kpot
behavioral2/files/0x00070000000233e6-65.dat	family_kpot
behavioral2/files/0x00070000000233e8-68.dat	family_kpot
behavioral2/files/0x00070000000233ea-76.dat	family_kpot
behavioral2/files/0x00070000000233e9-79.dat	family_kpot
behavioral2/files/0x00070000000233ef-105.dat	family_kpot
behavioral2/files/0x00070000000233f1-113.dat	family_kpot
behavioral2/files/0x00070000000233f6-140.dat	family_kpot
behavioral2/files/0x00070000000233f5-138.dat	family_kpot
behavioral2/files/0x00070000000233f4-136.dat	family_kpot
behavioral2/files/0x00070000000233f3-134.dat	family_kpot
behavioral2/files/0x00070000000233f2-132.dat	family_kpot
behavioral2/files/0x00070000000233f0-128.dat	family_kpot
behavioral2/files/0x00070000000233ee-100.dat	family_kpot
behavioral2/files/0x00070000000233ed-95.dat	family_kpot
behavioral2/files/0x00070000000233ec-93.dat	family_kpot
behavioral2/files/0x00070000000233eb-91.dat	family_kpot
behavioral2/files/0x00070000000233f7-143.dat	family_kpot
behavioral2/files/0x00070000000233f8-148.dat	family_kpot
behavioral2/files/0x00070000000233f9-152.dat	family_kpot
behavioral2/files/0x00070000000233fa-159.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000500000002326f-4.dat	xmrig
behavioral2/files/0x00080000000233d9-7.dat	xmrig
behavioral2/files/0x00070000000233dd-15.dat	xmrig
behavioral2/files/0x00070000000233de-20.dat	xmrig
behavioral2/files/0x00070000000233df-23.dat	xmrig
behavioral2/files/0x00070000000233e1-35.dat	xmrig
behavioral2/files/0x00070000000233e0-33.dat	xmrig
behavioral2/files/0x00070000000233e2-40.dat	xmrig
behavioral2/files/0x00070000000233e3-42.dat	xmrig
behavioral2/files/0x00080000000233da-47.dat	xmrig
behavioral2/files/0x00070000000233e4-52.dat	xmrig
behavioral2/files/0x00070000000233e5-60.dat	xmrig
behavioral2/files/0x00070000000233e6-65.dat	xmrig
behavioral2/files/0x00070000000233e8-68.dat	xmrig
behavioral2/files/0x00070000000233ea-76.dat	xmrig
behavioral2/files/0x00070000000233e9-79.dat	xmrig
behavioral2/files/0x00070000000233ef-105.dat	xmrig
behavioral2/files/0x00070000000233f1-113.dat	xmrig
behavioral2/files/0x00070000000233f6-140.dat	xmrig
behavioral2/files/0x00070000000233f5-138.dat	xmrig
behavioral2/files/0x00070000000233f4-136.dat	xmrig
behavioral2/files/0x00070000000233f3-134.dat	xmrig
behavioral2/files/0x00070000000233f2-132.dat	xmrig
behavioral2/files/0x00070000000233f0-128.dat	xmrig
behavioral2/files/0x00070000000233ee-100.dat	xmrig
behavioral2/files/0x00070000000233ed-95.dat	xmrig
behavioral2/files/0x00070000000233ec-93.dat	xmrig
behavioral2/files/0x00070000000233eb-91.dat	xmrig
behavioral2/files/0x00070000000233f7-143.dat	xmrig
behavioral2/files/0x00070000000233f8-148.dat	xmrig
behavioral2/files/0x00070000000233f9-152.dat	xmrig
behavioral2/files/0x00070000000233fa-159.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3000	rlITexb.exe
4160	ntIUwTD.exe
4856	EUFYSQj.exe
4996	GHPYNZN.exe
752	JWLUVNN.exe
4164	MeLCJgu.exe
2584	HUsbiOc.exe
2784	ibRsCBN.exe
3892	iAqxoEn.exe
4548	KhlguOs.exe
656	LxzcTHr.exe
3704	ucZEaEU.exe
1624	rRvALby.exe
928	ekihURM.exe
3676	xaDknXa.exe
2912	tPbSCeh.exe
1652	tBsHcnX.exe
1324	gmRgHIq.exe
1656	QQbhUec.exe
2992	pSMMlgx.exe
3816	lmwjmZP.exe
2600	fkHCfXi.exe
2028	vKEzPLh.exe
3524	isNkMbF.exe
3236	LXnYGoQ.exe
4692	EYnRxRK.exe
2284	tmUdfXi.exe
3528	qzaPgYX.exe
4280	kbcTCwL.exe
4292	FqeZEaX.exe
1236	cJLmioP.exe
1980	OphStCz.exe
3356	doEjiAt.exe
4108	OOkOrJn.exe
1032	UXuoFXm.exe
1972	tcmyZyG.exe
3724	qXvZbPH.exe
3168	wKNzUge.exe
4528	NZRFVwO.exe
1088	bAwbDIS.exe
3476	GtMmIqI.exe
756	uVcqCWj.exe
2540	NSCnNik.exe
1872	GdhezzD.exe
2304	HHPVKav.exe
3228	uDmMziW.exe
1752	BCpxdSp.exe
1548	QedIOyX.exe
3848	BPbLBbZ.exe
1160	JdmSKqI.exe
4972	DiVWhdO.exe
3328	eKuejcf.exe
2832	OikJXdv.exe
5044	dfvibRK.exe
4012	vJxvZVQ.exe
2444	QLALEtk.exe
2900	fwTBKMz.exe
4460	nWlToJs.exe
3316	exhhoJm.exe
2128	qXXysBL.exe
888	yfUDFOG.exe
3772	nzQLNPm.exe
1840	plIPtxa.exe
3068	eOKCdvT.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\InrjJLT.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\rbsEWey.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\MRxJoju.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\izZLwYO.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\uTQzfST.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\tMZahhg.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\ibRsCBN.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\qXXysBL.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\PUMFNkR.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\HZPLueD.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\UUTQrWC.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\XpNpPhB.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\TBWQYIx.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\agKKeOM.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\rYhYPei.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\lmwjmZP.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\TdUBfvH.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\iIFVkgR.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\lgUjEvt.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\ONGVFVR.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\GtMmIqI.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\ipujNeQ.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\nzQLNPm.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\kAQEHMM.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\uqTNVfC.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\boOWpVP.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\CgDjUJL.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\OtXgZge.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\QQbhUec.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\OOkOrJn.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\DeKJjUJ.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\gvzmPXH.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\cFDoqwk.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\mZkgmcr.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\ldazcWo.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\EUFYSQj.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\PzaVViU.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\LOBJJSo.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\jhQeqiU.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\vEEvNKu.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\mEenNNP.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\eOKCdvT.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\aHDtUAm.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\exhhoJm.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\gwOBgMZ.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\tRxIpSE.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\hcaMdKL.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\DiVWhdO.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\QLALEtk.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\nWlToJs.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\jyiOjVf.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\glmVbyw.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\ucZEaEU.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\NZRFVwO.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\QvDqFxM.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\tPbSCeh.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\fKHOCvo.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\IIQtoIy.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\sjvqOJk.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\FQJtPMd.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\YDRHbYn.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\xwwCuhu.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\NSCnNik.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
File created	C:\Windows\System\VHQGIOm.exe	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 3000	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	81
PID 3916 wrote to memory of 3000	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	81
PID 3916 wrote to memory of 4160	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	82
PID 3916 wrote to memory of 4160	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	82
PID 3916 wrote to memory of 4856	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	83
PID 3916 wrote to memory of 4856	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	83
PID 3916 wrote to memory of 4996	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	84
PID 3916 wrote to memory of 4996	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	84
PID 3916 wrote to memory of 752	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	85
PID 3916 wrote to memory of 752	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	85
PID 3916 wrote to memory of 4164	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	86
PID 3916 wrote to memory of 4164	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	86
PID 3916 wrote to memory of 2584	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	87
PID 3916 wrote to memory of 2584	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	87
PID 3916 wrote to memory of 2784	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	88
PID 3916 wrote to memory of 2784	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	88
PID 3916 wrote to memory of 3892	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	89
PID 3916 wrote to memory of 3892	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	89
PID 3916 wrote to memory of 4548	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	90
PID 3916 wrote to memory of 4548	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	90
PID 3916 wrote to memory of 656	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	91
PID 3916 wrote to memory of 656	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	91
PID 3916 wrote to memory of 3704	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	92
PID 3916 wrote to memory of 3704	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	92
PID 3916 wrote to memory of 1624	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	93
PID 3916 wrote to memory of 1624	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	93
PID 3916 wrote to memory of 928	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	94
PID 3916 wrote to memory of 928	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	94
PID 3916 wrote to memory of 3676	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	95
PID 3916 wrote to memory of 3676	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	95
PID 3916 wrote to memory of 2912	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	96
PID 3916 wrote to memory of 2912	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	96
PID 3916 wrote to memory of 1652	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	97
PID 3916 wrote to memory of 1652	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	97
PID 3916 wrote to memory of 1324	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	98
PID 3916 wrote to memory of 1324	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	98
PID 3916 wrote to memory of 1656	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	99
PID 3916 wrote to memory of 1656	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	99
PID 3916 wrote to memory of 2992	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	100
PID 3916 wrote to memory of 2992	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	100
PID 3916 wrote to memory of 3816	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	101
PID 3916 wrote to memory of 3816	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	101
PID 3916 wrote to memory of 2600	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	102
PID 3916 wrote to memory of 2600	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	102
PID 3916 wrote to memory of 2028	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	103
PID 3916 wrote to memory of 2028	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	103
PID 3916 wrote to memory of 3524	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	104
PID 3916 wrote to memory of 3524	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	104
PID 3916 wrote to memory of 3236	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	105
PID 3916 wrote to memory of 3236	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	105
PID 3916 wrote to memory of 4692	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	106
PID 3916 wrote to memory of 4692	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	106
PID 3916 wrote to memory of 2284	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	107
PID 3916 wrote to memory of 2284	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	107
PID 3916 wrote to memory of 3528	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	108
PID 3916 wrote to memory of 3528	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	108
PID 3916 wrote to memory of 4280	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	109
PID 3916 wrote to memory of 4280	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	109
PID 3916 wrote to memory of 4292	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	110
PID 3916 wrote to memory of 4292	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	110
PID 3916 wrote to memory of 1236	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	111
PID 3916 wrote to memory of 1236	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	111
PID 3916 wrote to memory of 1980	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	112
PID 3916 wrote to memory of 1980	3916	5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d50eb49f49373fe77b22b9eedf1f990f2d635c80445d5aa25ca8f2fe868f06b_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\System\rlITexb.exe
  C:\Windows\System\rlITexb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ntIUwTD.exe
  C:\Windows\System\ntIUwTD.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\EUFYSQj.exe
  C:\Windows\System\EUFYSQj.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\GHPYNZN.exe
  C:\Windows\System\GHPYNZN.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\JWLUVNN.exe
  C:\Windows\System\JWLUVNN.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\MeLCJgu.exe
  C:\Windows\System\MeLCJgu.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\HUsbiOc.exe
  C:\Windows\System\HUsbiOc.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ibRsCBN.exe
  C:\Windows\System\ibRsCBN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\iAqxoEn.exe
  C:\Windows\System\iAqxoEn.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\KhlguOs.exe
  C:\Windows\System\KhlguOs.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\LxzcTHr.exe
  C:\Windows\System\LxzcTHr.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\ucZEaEU.exe
  C:\Windows\System\ucZEaEU.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\rRvALby.exe
  C:\Windows\System\rRvALby.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\ekihURM.exe
  C:\Windows\System\ekihURM.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\xaDknXa.exe
  C:\Windows\System\xaDknXa.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\tPbSCeh.exe
  C:\Windows\System\tPbSCeh.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\tBsHcnX.exe
  C:\Windows\System\tBsHcnX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\gmRgHIq.exe
  C:\Windows\System\gmRgHIq.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\QQbhUec.exe
  C:\Windows\System\QQbhUec.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\pSMMlgx.exe
  C:\Windows\System\pSMMlgx.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\lmwjmZP.exe
  C:\Windows\System\lmwjmZP.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\fkHCfXi.exe
  C:\Windows\System\fkHCfXi.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\vKEzPLh.exe
  C:\Windows\System\vKEzPLh.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\isNkMbF.exe
  C:\Windows\System\isNkMbF.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\LXnYGoQ.exe
  C:\Windows\System\LXnYGoQ.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\EYnRxRK.exe
  C:\Windows\System\EYnRxRK.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\tmUdfXi.exe
  C:\Windows\System\tmUdfXi.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\qzaPgYX.exe
  C:\Windows\System\qzaPgYX.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\kbcTCwL.exe
  C:\Windows\System\kbcTCwL.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\FqeZEaX.exe
  C:\Windows\System\FqeZEaX.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\cJLmioP.exe
  C:\Windows\System\cJLmioP.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\OphStCz.exe
  C:\Windows\System\OphStCz.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\doEjiAt.exe
  C:\Windows\System\doEjiAt.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\OOkOrJn.exe
  C:\Windows\System\OOkOrJn.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\UXuoFXm.exe
  C:\Windows\System\UXuoFXm.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\tcmyZyG.exe
  C:\Windows\System\tcmyZyG.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\qXvZbPH.exe
  C:\Windows\System\qXvZbPH.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\wKNzUge.exe
  C:\Windows\System\wKNzUge.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\NZRFVwO.exe
  C:\Windows\System\NZRFVwO.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\bAwbDIS.exe
  C:\Windows\System\bAwbDIS.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\GtMmIqI.exe
  C:\Windows\System\GtMmIqI.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\uVcqCWj.exe
  C:\Windows\System\uVcqCWj.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\NSCnNik.exe
  C:\Windows\System\NSCnNik.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GdhezzD.exe
  C:\Windows\System\GdhezzD.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HHPVKav.exe
  C:\Windows\System\HHPVKav.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\uDmMziW.exe
  C:\Windows\System\uDmMziW.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\BCpxdSp.exe
  C:\Windows\System\BCpxdSp.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\QedIOyX.exe
  C:\Windows\System\QedIOyX.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\BPbLBbZ.exe
  C:\Windows\System\BPbLBbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\JdmSKqI.exe
  C:\Windows\System\JdmSKqI.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\DiVWhdO.exe
  C:\Windows\System\DiVWhdO.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\eKuejcf.exe
  C:\Windows\System\eKuejcf.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\OikJXdv.exe
  C:\Windows\System\OikJXdv.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dfvibRK.exe
  C:\Windows\System\dfvibRK.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\vJxvZVQ.exe
  C:\Windows\System\vJxvZVQ.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\QLALEtk.exe
  C:\Windows\System\QLALEtk.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\fwTBKMz.exe
  C:\Windows\System\fwTBKMz.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\nWlToJs.exe
  C:\Windows\System\nWlToJs.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\exhhoJm.exe
  C:\Windows\System\exhhoJm.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\qXXysBL.exe
  C:\Windows\System\qXXysBL.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\yfUDFOG.exe
  C:\Windows\System\yfUDFOG.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\nzQLNPm.exe
  C:\Windows\System\nzQLNPm.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\plIPtxa.exe
  C:\Windows\System\plIPtxa.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\eOKCdvT.exe
  C:\Windows\System\eOKCdvT.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\InrjJLT.exe
  C:\Windows\System\InrjJLT.exe
  2⤵
  PID:4868
- C:\Windows\System\YvGhPMr.exe
  C:\Windows\System\YvGhPMr.exe
  2⤵
  PID:4480
- C:\Windows\System\rbsEWey.exe
  C:\Windows\System\rbsEWey.exe
  2⤵
  PID:4276
- C:\Windows\System\kAQEHMM.exe
  C:\Windows\System\kAQEHMM.exe
  2⤵
  PID:384
- C:\Windows\System\VOPFFBh.exe
  C:\Windows\System\VOPFFBh.exe
  2⤵
  PID:3240
- C:\Windows\System\cwBErMD.exe
  C:\Windows\System\cwBErMD.exe
  2⤵
  PID:3464
- C:\Windows\System\CwZaPFI.exe
  C:\Windows\System\CwZaPFI.exe
  2⤵
  PID:3344
- C:\Windows\System\BnqUDRN.exe
  C:\Windows\System\BnqUDRN.exe
  2⤵
  PID:2596
- C:\Windows\System\aHDtUAm.exe
  C:\Windows\System\aHDtUAm.exe
  2⤵
  PID:3124
- C:\Windows\System\xlKNKEB.exe
  C:\Windows\System\xlKNKEB.exe
  2⤵
  PID:396
- C:\Windows\System\MRxJoju.exe
  C:\Windows\System\MRxJoju.exe
  2⤵
  PID:2856
- C:\Windows\System\tELUysZ.exe
  C:\Windows\System\tELUysZ.exe
  2⤵
  PID:3768
- C:\Windows\System\OQAmWlN.exe
  C:\Windows\System\OQAmWlN.exe
  2⤵
  PID:2276
- C:\Windows\System\zWgNmPC.exe
  C:\Windows\System\zWgNmPC.exe
  2⤵
  PID:2136
- C:\Windows\System\jIwtEnj.exe
  C:\Windows\System\jIwtEnj.exe
  2⤵
  PID:2332
- C:\Windows\System\kFwklLa.exe
  C:\Windows\System\kFwklLa.exe
  2⤵
  PID:2944
- C:\Windows\System\EfPRXpJ.exe
  C:\Windows\System\EfPRXpJ.exe
  2⤵
  PID:4384
- C:\Windows\System\qBurwmT.exe
  C:\Windows\System\qBurwmT.exe
  2⤵
  PID:3096
- C:\Windows\System\uqTNVfC.exe
  C:\Windows\System\uqTNVfC.exe
  2⤵
  PID:4232
- C:\Windows\System\ipujNeQ.exe
  C:\Windows\System\ipujNeQ.exe
  2⤵
  PID:4320
- C:\Windows\System\jyiOjVf.exe
  C:\Windows\System\jyiOjVf.exe
  2⤵
  PID:3020
- C:\Windows\System\EDMVFzB.exe
  C:\Windows\System\EDMVFzB.exe
  2⤵
  PID:2344
- C:\Windows\System\fDClpcN.exe
  C:\Windows\System\fDClpcN.exe
  2⤵
  PID:2272
- C:\Windows\System\NRESrgC.exe
  C:\Windows\System\NRESrgC.exe
  2⤵
  PID:1524
- C:\Windows\System\VHQGIOm.exe
  C:\Windows\System\VHQGIOm.exe
  2⤵
  PID:1072
- C:\Windows\System\sOrBUNw.exe
  C:\Windows\System\sOrBUNw.exe
  2⤵
  PID:3540
- C:\Windows\System\vgdGTVX.exe
  C:\Windows\System\vgdGTVX.exe
  2⤵
  PID:4260
- C:\Windows\System\TcMqYGO.exe
  C:\Windows\System\TcMqYGO.exe
  2⤵
  PID:3796
- C:\Windows\System\okbzPLy.exe
  C:\Windows\System\okbzPLy.exe
  2⤵
  PID:5084
- C:\Windows\System\YRQAzGN.exe
  C:\Windows\System\YRQAzGN.exe
  2⤵
  PID:2640
- C:\Windows\System\EoLhrdi.exe
  C:\Windows\System\EoLhrdi.exe
  2⤵
  PID:4088
- C:\Windows\System\fKHOCvo.exe
  C:\Windows\System\fKHOCvo.exe
  2⤵
  PID:2964
- C:\Windows\System\oJMgnZr.exe
  C:\Windows\System\oJMgnZr.exe
  2⤵
  PID:1760
- C:\Windows\System\hvxxgHD.exe
  C:\Windows\System\hvxxgHD.exe
  2⤵
  PID:3452
- C:\Windows\System\pCwSIBN.exe
  C:\Windows\System\pCwSIBN.exe
  2⤵
  PID:1832
- C:\Windows\System\rjkuRNy.exe
  C:\Windows\System\rjkuRNy.exe
  2⤵
  PID:4708
- C:\Windows\System\JUPuDSp.exe
  C:\Windows\System\JUPuDSp.exe
  2⤵
  PID:1592
- C:\Windows\System\kKvhkHV.exe
  C:\Windows\System\kKvhkHV.exe
  2⤵
  PID:452
- C:\Windows\System\uVJPOYv.exe
  C:\Windows\System\uVJPOYv.exe
  2⤵
  PID:4608
- C:\Windows\System\EXHICQB.exe
  C:\Windows\System\EXHICQB.exe
  2⤵
  PID:2820
- C:\Windows\System\IIQtoIy.exe
  C:\Windows\System\IIQtoIy.exe
  2⤵
  PID:4916
- C:\Windows\System\APOLvjw.exe
  C:\Windows\System\APOLvjw.exe
  2⤵
  PID:3320
- C:\Windows\System\VvccesI.exe
  C:\Windows\System\VvccesI.exe
  2⤵
  PID:984
- C:\Windows\System\UhWJiUH.exe
  C:\Windows\System\UhWJiUH.exe
  2⤵
  PID:1552
- C:\Windows\System\smntvsJ.exe
  C:\Windows\System\smntvsJ.exe
  2⤵
  PID:4584
- C:\Windows\System\OZWHNEs.exe
  C:\Windows\System\OZWHNEs.exe
  2⤵
  PID:2020
- C:\Windows\System\QHfTgRM.exe
  C:\Windows\System\QHfTgRM.exe
  2⤵
  PID:436
- C:\Windows\System\ylZLmRK.exe
  C:\Windows\System\ylZLmRK.exe
  2⤵
  PID:3628
- C:\Windows\System\sjvqOJk.exe
  C:\Windows\System\sjvqOJk.exe
  2⤵
  PID:1944
- C:\Windows\System\LqpLeoo.exe
  C:\Windows\System\LqpLeoo.exe
  2⤵
  PID:4772
- C:\Windows\System\irbwsfL.exe
  C:\Windows\System\irbwsfL.exe
  2⤵
  PID:4976
- C:\Windows\System\boOWpVP.exe
  C:\Windows\System\boOWpVP.exe
  2⤵
  PID:4116
- C:\Windows\System\UXNMlTU.exe
  C:\Windows\System\UXNMlTU.exe
  2⤵
  PID:3512
- C:\Windows\System\WQJWfIH.exe
  C:\Windows\System\WQJWfIH.exe
  2⤵
  PID:2860
- C:\Windows\System\iiiUiDQ.exe
  C:\Windows\System\iiiUiDQ.exe
  2⤵
  PID:5056
- C:\Windows\System\gmdeKbn.exe
  C:\Windows\System\gmdeKbn.exe
  2⤵
  PID:4444
- C:\Windows\System\rAPOLTk.exe
  C:\Windows\System\rAPOLTk.exe
  2⤵
  PID:5092
- C:\Windows\System\vNSjgQD.exe
  C:\Windows\System\vNSjgQD.exe
  2⤵
  PID:2416
- C:\Windows\System\PzaVViU.exe
  C:\Windows\System\PzaVViU.exe
  2⤵
  PID:5148
- C:\Windows\System\aExvIbj.exe
  C:\Windows\System\aExvIbj.exe
  2⤵
  PID:5172
- C:\Windows\System\LOBJJSo.exe
  C:\Windows\System\LOBJJSo.exe
  2⤵
  PID:5200
- C:\Windows\System\daqkvjk.exe
  C:\Windows\System\daqkvjk.exe
  2⤵
  PID:5224
- C:\Windows\System\eGtfkZr.exe
  C:\Windows\System\eGtfkZr.exe
  2⤵
  PID:5252
- C:\Windows\System\jhQeqiU.exe
  C:\Windows\System\jhQeqiU.exe
  2⤵
  PID:5288
- C:\Windows\System\TdUBfvH.exe
  C:\Windows\System\TdUBfvH.exe
  2⤵
  PID:5312
- C:\Windows\System\ZzZWPGO.exe
  C:\Windows\System\ZzZWPGO.exe
  2⤵
  PID:5340
- C:\Windows\System\OIwwAQw.exe
  C:\Windows\System\OIwwAQw.exe
  2⤵
  PID:5372
- C:\Windows\System\GZLEdhW.exe
  C:\Windows\System\GZLEdhW.exe
  2⤵
  PID:5396
- C:\Windows\System\HZPLueD.exe
  C:\Windows\System\HZPLueD.exe
  2⤵
  PID:5428
- C:\Windows\System\hLUDkuM.exe
  C:\Windows\System\hLUDkuM.exe
  2⤵
  PID:5452
- C:\Windows\System\xFscLGJ.exe
  C:\Windows\System\xFscLGJ.exe
  2⤵
  PID:5484
- C:\Windows\System\MxHngOv.exe
  C:\Windows\System\MxHngOv.exe
  2⤵
  PID:5504
- C:\Windows\System\LemGMgd.exe
  C:\Windows\System\LemGMgd.exe
  2⤵
  PID:5532
- C:\Windows\System\bxAyKvY.exe
  C:\Windows\System\bxAyKvY.exe
  2⤵
  PID:5564
- C:\Windows\System\QvDqFxM.exe
  C:\Windows\System\QvDqFxM.exe
  2⤵
  PID:5588
- C:\Windows\System\igLxoCC.exe
  C:\Windows\System\igLxoCC.exe
  2⤵
  PID:5616
- C:\Windows\System\lTOwCsK.exe
  C:\Windows\System\lTOwCsK.exe
  2⤵
  PID:5652
- C:\Windows\System\lgUjEvt.exe
  C:\Windows\System\lgUjEvt.exe
  2⤵
  PID:5676
- C:\Windows\System\LEiAUdk.exe
  C:\Windows\System\LEiAUdk.exe
  2⤵
  PID:5712
- C:\Windows\System\haZzhgO.exe
  C:\Windows\System\haZzhgO.exe
  2⤵
  PID:5732
- C:\Windows\System\UpQFhOb.exe
  C:\Windows\System\UpQFhOb.exe
  2⤵
  PID:5768
- C:\Windows\System\exLefdW.exe
  C:\Windows\System\exLefdW.exe
  2⤵
  PID:5792
- C:\Windows\System\bqCRDUC.exe
  C:\Windows\System\bqCRDUC.exe
  2⤵
  PID:5816
- C:\Windows\System\joqPcSq.exe
  C:\Windows\System\joqPcSq.exe
  2⤵
  PID:5844
- C:\Windows\System\FgTcJOl.exe
  C:\Windows\System\FgTcJOl.exe
  2⤵
  PID:5876
- C:\Windows\System\jqjqWCQ.exe
  C:\Windows\System\jqjqWCQ.exe
  2⤵
  PID:5908
- C:\Windows\System\tpJBfiY.exe
  C:\Windows\System\tpJBfiY.exe
  2⤵
  PID:5936
- C:\Windows\System\fAPHqlo.exe
  C:\Windows\System\fAPHqlo.exe
  2⤵
  PID:5964
- C:\Windows\System\BvsCgnL.exe
  C:\Windows\System\BvsCgnL.exe
  2⤵
  PID:5992
- C:\Windows\System\DTQVwys.exe
  C:\Windows\System\DTQVwys.exe
  2⤵
  PID:6020
- C:\Windows\System\UEuNAVO.exe
  C:\Windows\System\UEuNAVO.exe
  2⤵
  PID:6040
- C:\Windows\System\CZNqHye.exe
  C:\Windows\System\CZNqHye.exe
  2⤵
  PID:6068
- C:\Windows\System\abTKmTs.exe
  C:\Windows\System\abTKmTs.exe
  2⤵
  PID:6104
- C:\Windows\System\pZUQqsD.exe
  C:\Windows\System\pZUQqsD.exe
  2⤵
  PID:6124
- C:\Windows\System\FQJtPMd.exe
  C:\Windows\System\FQJtPMd.exe
  2⤵
  PID:5136
- C:\Windows\System\wTxJnwL.exe
  C:\Windows\System\wTxJnwL.exe
  2⤵
  PID:5208
- C:\Windows\System\PBzHHMd.exe
  C:\Windows\System\PBzHHMd.exe
  2⤵
  PID:5276
- C:\Windows\System\jzKMbxt.exe
  C:\Windows\System\jzKMbxt.exe
  2⤵
  PID:5332
- C:\Windows\System\izZLwYO.exe
  C:\Windows\System\izZLwYO.exe
  2⤵
  PID:5404
- C:\Windows\System\uTQzfST.exe
  C:\Windows\System\uTQzfST.exe
  2⤵
  PID:5468
- C:\Windows\System\fQsvgRY.exe
  C:\Windows\System\fQsvgRY.exe
  2⤵
  PID:5548
- C:\Windows\System\mHbSiBk.exe
  C:\Windows\System\mHbSiBk.exe
  2⤵
  PID:5612
- C:\Windows\System\LSwkmbL.exe
  C:\Windows\System\LSwkmbL.exe
  2⤵
  PID:5664
- C:\Windows\System\gZWZGVS.exe
  C:\Windows\System\gZWZGVS.exe
  2⤵
  PID:5744
- C:\Windows\System\gwOBgMZ.exe
  C:\Windows\System\gwOBgMZ.exe
  2⤵
  PID:5812
- C:\Windows\System\ODHfIAQ.exe
  C:\Windows\System\ODHfIAQ.exe
  2⤵
  PID:5884
- C:\Windows\System\VyaQpQW.exe
  C:\Windows\System\VyaQpQW.exe
  2⤵
  PID:5924
- C:\Windows\System\LhFNQPM.exe
  C:\Windows\System\LhFNQPM.exe
  2⤵
  PID:6000
- C:\Windows\System\hXSsuvR.exe
  C:\Windows\System\hXSsuvR.exe
  2⤵
  PID:6056
- C:\Windows\System\KwtIbOX.exe
  C:\Windows\System\KwtIbOX.exe
  2⤵
  PID:6136
- C:\Windows\System\QhWrxzk.exe
  C:\Windows\System\QhWrxzk.exe
  2⤵
  PID:5248
- C:\Windows\System\YHHJCBu.exe
  C:\Windows\System\YHHJCBu.exe
  2⤵
  PID:5384
- C:\Windows\System\tMZahhg.exe
  C:\Windows\System\tMZahhg.exe
  2⤵
  PID:5572
- C:\Windows\System\dOMcnPe.exe
  C:\Windows\System\dOMcnPe.exe
  2⤵
  PID:5696
- C:\Windows\System\QzZdkAq.exe
  C:\Windows\System\QzZdkAq.exe
  2⤵
  PID:5856
- C:\Windows\System\aKjDhJM.exe
  C:\Windows\System\aKjDhJM.exe
  2⤵
  PID:6036
- C:\Windows\System\RiHODqL.exe
  C:\Windows\System\RiHODqL.exe
  2⤵
  PID:5192
- C:\Windows\System\tRxIpSE.exe
  C:\Windows\System\tRxIpSE.exe
  2⤵
  PID:5516
- C:\Windows\System\aocvjrn.exe
  C:\Windows\System\aocvjrn.exe
  2⤵
  PID:5916
- C:\Windows\System\oJNlwdV.exe
  C:\Windows\System\oJNlwdV.exe
  2⤵
  PID:5640
- C:\Windows\System\dtSRjqK.exe
  C:\Windows\System\dtSRjqK.exe
  2⤵
  PID:5436
- C:\Windows\System\ZQWvwTM.exe
  C:\Windows\System\ZQWvwTM.exe
  2⤵
  PID:6168
- C:\Windows\System\cFDoqwk.exe
  C:\Windows\System\cFDoqwk.exe
  2⤵
  PID:6196
- C:\Windows\System\XdUmKlH.exe
  C:\Windows\System\XdUmKlH.exe
  2⤵
  PID:6220
- C:\Windows\System\PxTmGGd.exe
  C:\Windows\System\PxTmGGd.exe
  2⤵
  PID:6240
- C:\Windows\System\EOdfuXZ.exe
  C:\Windows\System\EOdfuXZ.exe
  2⤵
  PID:6276
- C:\Windows\System\nAIINLJ.exe
  C:\Windows\System\nAIINLJ.exe
  2⤵
  PID:6300
- C:\Windows\System\uHSJAKs.exe
  C:\Windows\System\uHSJAKs.exe
  2⤵
  PID:6332
- C:\Windows\System\HYABNST.exe
  C:\Windows\System\HYABNST.exe
  2⤵
  PID:6364
- C:\Windows\System\ESUDEUD.exe
  C:\Windows\System\ESUDEUD.exe
  2⤵
  PID:6392
- C:\Windows\System\wRUXuzv.exe
  C:\Windows\System\wRUXuzv.exe
  2⤵
  PID:6416
- C:\Windows\System\GLYfpih.exe
  C:\Windows\System\GLYfpih.exe
  2⤵
  PID:6444
- C:\Windows\System\BSMsrjg.exe
  C:\Windows\System\BSMsrjg.exe
  2⤵
  PID:6472
- C:\Windows\System\DDFQsLl.exe
  C:\Windows\System\DDFQsLl.exe
  2⤵
  PID:6504
- C:\Windows\System\tGxLDqe.exe
  C:\Windows\System\tGxLDqe.exe
  2⤵
  PID:6532
- C:\Windows\System\dugibvv.exe
  C:\Windows\System\dugibvv.exe
  2⤵
  PID:6564
- C:\Windows\System\SWDJPCX.exe
  C:\Windows\System\SWDJPCX.exe
  2⤵
  PID:6588
- C:\Windows\System\dHBbkTZ.exe
  C:\Windows\System\dHBbkTZ.exe
  2⤵
  PID:6620
- C:\Windows\System\bIxPIiv.exe
  C:\Windows\System\bIxPIiv.exe
  2⤵
  PID:6648
- C:\Windows\System\PMxByvm.exe
  C:\Windows\System\PMxByvm.exe
  2⤵
  PID:6676
- C:\Windows\System\zoopzHl.exe
  C:\Windows\System\zoopzHl.exe
  2⤵
  PID:6704
- C:\Windows\System\xgyPRqk.exe
  C:\Windows\System\xgyPRqk.exe
  2⤵
  PID:6728
- C:\Windows\System\UUTQrWC.exe
  C:\Windows\System\UUTQrWC.exe
  2⤵
  PID:6760
- C:\Windows\System\mJexCqD.exe
  C:\Windows\System\mJexCqD.exe
  2⤵
  PID:6792
- C:\Windows\System\xcjeaJl.exe
  C:\Windows\System\xcjeaJl.exe
  2⤵
  PID:6812
- C:\Windows\System\dtExOgQ.exe
  C:\Windows\System\dtExOgQ.exe
  2⤵
  PID:6840
- C:\Windows\System\OhGgxqg.exe
  C:\Windows\System\OhGgxqg.exe
  2⤵
  PID:6868
- C:\Windows\System\XpNpPhB.exe
  C:\Windows\System\XpNpPhB.exe
  2⤵
  PID:6896
- C:\Windows\System\ptJuwrt.exe
  C:\Windows\System\ptJuwrt.exe
  2⤵
  PID:6928
- C:\Windows\System\mZkgmcr.exe
  C:\Windows\System\mZkgmcr.exe
  2⤵
  PID:6956
- C:\Windows\System\IfzurIA.exe
  C:\Windows\System\IfzurIA.exe
  2⤵
  PID:6984
- C:\Windows\System\MBJcIYB.exe
  C:\Windows\System\MBJcIYB.exe
  2⤵
  PID:7008
- C:\Windows\System\lkNYovx.exe
  C:\Windows\System\lkNYovx.exe
  2⤵
  PID:7040
- C:\Windows\System\xzZppIT.exe
  C:\Windows\System\xzZppIT.exe
  2⤵
  PID:7064
- C:\Windows\System\gGjhScG.exe
  C:\Windows\System\gGjhScG.exe
  2⤵
  PID:7092
- C:\Windows\System\eSLXJEO.exe
  C:\Windows\System\eSLXJEO.exe
  2⤵
  PID:7124
- C:\Windows\System\UIntdzv.exe
  C:\Windows\System\UIntdzv.exe
  2⤵
  PID:7152
- C:\Windows\System\DpDiPkA.exe
  C:\Windows\System\DpDiPkA.exe
  2⤵
  PID:6176
- C:\Windows\System\rYRnOWJ.exe
  C:\Windows\System\rYRnOWJ.exe
  2⤵
  PID:6236
- C:\Windows\System\vqzNJyY.exe
  C:\Windows\System\vqzNJyY.exe
  2⤵
  PID:6292
- C:\Windows\System\bGIcxbn.exe
  C:\Windows\System\bGIcxbn.exe
  2⤵
  PID:6356
- C:\Windows\System\whzfOrJ.exe
  C:\Windows\System\whzfOrJ.exe
  2⤵
  PID:6436
- C:\Windows\System\qKDgtnA.exe
  C:\Windows\System\qKDgtnA.exe
  2⤵
  PID:6492
- C:\Windows\System\vLeuVdr.exe
  C:\Windows\System\vLeuVdr.exe
  2⤵
  PID:6572
- C:\Windows\System\FDQMfwG.exe
  C:\Windows\System\FDQMfwG.exe
  2⤵
  PID:6636
- C:\Windows\System\cBeAQtj.exe
  C:\Windows\System\cBeAQtj.exe
  2⤵
  PID:6696
- C:\Windows\System\jHQtVgo.exe
  C:\Windows\System\jHQtVgo.exe
  2⤵
  PID:6768
- C:\Windows\System\DRpSfTF.exe
  C:\Windows\System\DRpSfTF.exe
  2⤵
  PID:6824
- C:\Windows\System\FQjXajI.exe
  C:\Windows\System\FQjXajI.exe
  2⤵
  PID:6884
- C:\Windows\System\vrVobqS.exe
  C:\Windows\System\vrVobqS.exe
  2⤵
  PID:6936
- C:\Windows\System\McARgQi.exe
  C:\Windows\System\McARgQi.exe
  2⤵
  PID:7028
- C:\Windows\System\XmWAxWV.exe
  C:\Windows\System\XmWAxWV.exe
  2⤵
  PID:7104
- C:\Windows\System\MLKXmPE.exe
  C:\Windows\System\MLKXmPE.exe
  2⤵
  PID:6148
- C:\Windows\System\wjijHCm.exe
  C:\Windows\System\wjijHCm.exe
  2⤵
  PID:6284
- C:\Windows\System\CboIqfD.exe
  C:\Windows\System\CboIqfD.exe
  2⤵
  PID:6456
- C:\Windows\System\IMwDERl.exe
  C:\Windows\System\IMwDERl.exe
  2⤵
  PID:6544
- C:\Windows\System\TBWQYIx.exe
  C:\Windows\System\TBWQYIx.exe
  2⤵
  PID:6628
- C:\Windows\System\iBTUhTD.exe
  C:\Windows\System\iBTUhTD.exe
  2⤵
  PID:6804
- C:\Windows\System\GZmOuDA.exe
  C:\Windows\System\GZmOuDA.exe
  2⤵
  PID:6992
- C:\Windows\System\WgDVdDd.exe
  C:\Windows\System\WgDVdDd.exe
  2⤵
  PID:6264
- C:\Windows\System\phJDHOw.exe
  C:\Windows\System\phJDHOw.exe
  2⤵
  PID:6608
- C:\Windows\System\tfzrbXx.exe
  C:\Windows\System\tfzrbXx.exe
  2⤵
  PID:6916
- C:\Windows\System\jSJPzib.exe
  C:\Windows\System\jSJPzib.exe
  2⤵
  PID:6468
- C:\Windows\System\fBWEgPE.exe
  C:\Windows\System\fBWEgPE.exe
  2⤵
  PID:6752
- C:\Windows\System\NifKOaQ.exe
  C:\Windows\System\NifKOaQ.exe
  2⤵
  PID:7192
- C:\Windows\System\rRfuKjQ.exe
  C:\Windows\System\rRfuKjQ.exe
  2⤵
  PID:7216
- C:\Windows\System\vEEvNKu.exe
  C:\Windows\System\vEEvNKu.exe
  2⤵
  PID:7252
- C:\Windows\System\iTWKcoL.exe
  C:\Windows\System\iTWKcoL.exe
  2⤵
  PID:7268
- C:\Windows\System\Gipfcms.exe
  C:\Windows\System\Gipfcms.exe
  2⤵
  PID:7296
- C:\Windows\System\dXXsvoz.exe
  C:\Windows\System\dXXsvoz.exe
  2⤵
  PID:7316
- C:\Windows\System\KOFKmEG.exe
  C:\Windows\System\KOFKmEG.exe
  2⤵
  PID:7344
- C:\Windows\System\BQJcfOv.exe
  C:\Windows\System\BQJcfOv.exe
  2⤵
  PID:7388
- C:\Windows\System\IkCyBjb.exe
  C:\Windows\System\IkCyBjb.exe
  2⤵
  PID:7420
- C:\Windows\System\rEHIKPi.exe
  C:\Windows\System\rEHIKPi.exe
  2⤵
  PID:7440
- C:\Windows\System\SQnaSnp.exe
  C:\Windows\System\SQnaSnp.exe
  2⤵
  PID:7468
- C:\Windows\System\TGzLtoH.exe
  C:\Windows\System\TGzLtoH.exe
  2⤵
  PID:7500
- C:\Windows\System\eGwwipv.exe
  C:\Windows\System\eGwwipv.exe
  2⤵
  PID:7540
- C:\Windows\System\OiBzHei.exe
  C:\Windows\System\OiBzHei.exe
  2⤵
  PID:7568
- C:\Windows\System\fHsrlxr.exe
  C:\Windows\System\fHsrlxr.exe
  2⤵
  PID:7584
- C:\Windows\System\eOxNnZp.exe
  C:\Windows\System\eOxNnZp.exe
  2⤵
  PID:7616
- C:\Windows\System\duCSVSW.exe
  C:\Windows\System\duCSVSW.exe
  2⤵
  PID:7656
- C:\Windows\System\RjjTLnk.exe
  C:\Windows\System\RjjTLnk.exe
  2⤵
  PID:7688
- C:\Windows\System\iDrvUpk.exe
  C:\Windows\System\iDrvUpk.exe
  2⤵
  PID:7704
- C:\Windows\System\OhhuiXL.exe
  C:\Windows\System\OhhuiXL.exe
  2⤵
  PID:7720
- C:\Windows\System\kLWWpvO.exe
  C:\Windows\System\kLWWpvO.exe
  2⤵
  PID:7736
- C:\Windows\System\pruoRbD.exe
  C:\Windows\System\pruoRbD.exe
  2⤵
  PID:7752
- C:\Windows\System\agKKeOM.exe
  C:\Windows\System\agKKeOM.exe
  2⤵
  PID:7768
- C:\Windows\System\CgDjUJL.exe
  C:\Windows\System\CgDjUJL.exe
  2⤵
  PID:7784
- C:\Windows\System\vkwZGYD.exe
  C:\Windows\System\vkwZGYD.exe
  2⤵
  PID:7816
- C:\Windows\System\YDRHbYn.exe
  C:\Windows\System\YDRHbYn.exe
  2⤵
  PID:7844
- C:\Windows\System\pfyDFNJ.exe
  C:\Windows\System\pfyDFNJ.exe
  2⤵
  PID:7880
- C:\Windows\System\jNiEMLb.exe
  C:\Windows\System\jNiEMLb.exe
  2⤵
  PID:7912
- C:\Windows\System\ldazcWo.exe
  C:\Windows\System\ldazcWo.exe
  2⤵
  PID:7952
- C:\Windows\System\OtXgZge.exe
  C:\Windows\System\OtXgZge.exe
  2⤵
  PID:7996
- C:\Windows\System\EKnJGAM.exe
  C:\Windows\System\EKnJGAM.exe
  2⤵
  PID:8032
- C:\Windows\System\JVcsiHg.exe
  C:\Windows\System\JVcsiHg.exe
  2⤵
  PID:8064
- C:\Windows\System\DCVPHJH.exe
  C:\Windows\System\DCVPHJH.exe
  2⤵
  PID:8096
- C:\Windows\System\mROMHCf.exe
  C:\Windows\System\mROMHCf.exe
  2⤵
  PID:8136
- C:\Windows\System\zXkEmlJ.exe
  C:\Windows\System\zXkEmlJ.exe
  2⤵
  PID:8156
- C:\Windows\System\vtMzPlK.exe
  C:\Windows\System\vtMzPlK.exe
  2⤵
  PID:8180
- C:\Windows\System\xAvsiop.exe
  C:\Windows\System\xAvsiop.exe
  2⤵
  PID:6920
- C:\Windows\System\uuYGcPG.exe
  C:\Windows\System\uuYGcPG.exe
  2⤵
  PID:7260
- C:\Windows\System\OkIWIiB.exe
  C:\Windows\System\OkIWIiB.exe
  2⤵
  PID:7328
- C:\Windows\System\mEenNNP.exe
  C:\Windows\System\mEenNNP.exe
  2⤵
  PID:7372
- C:\Windows\System\ZUSqLHZ.exe
  C:\Windows\System\ZUSqLHZ.exe
  2⤵
  PID:7428
- C:\Windows\System\wCkxLuP.exe
  C:\Windows\System\wCkxLuP.exe
  2⤵
  PID:7484
- C:\Windows\System\AMFdIvh.exe
  C:\Windows\System\AMFdIvh.exe
  2⤵
  PID:7556
- C:\Windows\System\cYiDzTk.exe
  C:\Windows\System\cYiDzTk.exe
  2⤵
  PID:7652
- C:\Windows\System\dspcWNa.exe
  C:\Windows\System\dspcWNa.exe
  2⤵
  PID:7804
- C:\Windows\System\wXfztsP.exe
  C:\Windows\System\wXfztsP.exe
  2⤵
  PID:7764
- C:\Windows\System\DeKJjUJ.exe
  C:\Windows\System\DeKJjUJ.exe
  2⤵
  PID:7900
- C:\Windows\System\xwwCuhu.exe
  C:\Windows\System\xwwCuhu.exe
  2⤵
  PID:7892
- C:\Windows\System\DENvYFT.exe
  C:\Windows\System\DENvYFT.exe
  2⤵
  PID:8020
- C:\Windows\System\zVfEqhC.exe
  C:\Windows\System\zVfEqhC.exe
  2⤵
  PID:8108
- C:\Windows\System\ONGVFVR.exe
  C:\Windows\System\ONGVFVR.exe
  2⤵
  PID:8172
- C:\Windows\System\ojyXdeq.exe
  C:\Windows\System\ojyXdeq.exe
  2⤵
  PID:7224
- C:\Windows\System\fSuJjHw.exe
  C:\Windows\System\fSuJjHw.exe
  2⤵
  PID:7368
- C:\Windows\System\AQOSjpp.exe
  C:\Windows\System\AQOSjpp.exe
  2⤵
  PID:7464
- C:\Windows\System\wOgzeOj.exe
  C:\Windows\System\wOgzeOj.exe
  2⤵
  PID:7684
- C:\Windows\System\rYhYPei.exe
  C:\Windows\System\rYhYPei.exe
  2⤵
  PID:7840
- C:\Windows\System\KEQoldV.exe
  C:\Windows\System\KEQoldV.exe
  2⤵
  PID:8028
- C:\Windows\System\KXqpEbF.exe
  C:\Windows\System\KXqpEbF.exe
  2⤵
  PID:8164
- C:\Windows\System\KGonsef.exe
  C:\Windows\System\KGonsef.exe
  2⤵
  PID:7400
- C:\Windows\System\iIFVkgR.exe
  C:\Windows\System\iIFVkgR.exe
  2⤵
  PID:7924
- C:\Windows\System\glmVbyw.exe
  C:\Windows\System\glmVbyw.exe
  2⤵
  PID:6864
- C:\Windows\System\GVHwfui.exe
  C:\Windows\System\GVHwfui.exe
  2⤵
  PID:8200
- C:\Windows\System\KeIVSLD.exe
  C:\Windows\System\KeIVSLD.exe
  2⤵
  PID:8232
- C:\Windows\System\VZkehme.exe
  C:\Windows\System\VZkehme.exe
  2⤵
  PID:8264
- C:\Windows\System\hIBcpGa.exe
  C:\Windows\System\hIBcpGa.exe
  2⤵
  PID:8288
- C:\Windows\System\PUMFNkR.exe
  C:\Windows\System\PUMFNkR.exe
  2⤵
  PID:8316
- C:\Windows\System\mrJKtFS.exe
  C:\Windows\System\mrJKtFS.exe
  2⤵
  PID:8348
- C:\Windows\System\ieGRdHH.exe
  C:\Windows\System\ieGRdHH.exe
  2⤵
  PID:8372
- C:\Windows\System\kVjvrgg.exe
  C:\Windows\System\kVjvrgg.exe
  2⤵
  PID:8400
- C:\Windows\System\iEKjbBe.exe
  C:\Windows\System\iEKjbBe.exe
  2⤵
  PID:8428
- C:\Windows\System\uxtrlDI.exe
  C:\Windows\System\uxtrlDI.exe
  2⤵
  PID:8456
- C:\Windows\System\gvzmPXH.exe
  C:\Windows\System\gvzmPXH.exe
  2⤵
  PID:8484
- C:\Windows\System\GQalAHI.exe
  C:\Windows\System\GQalAHI.exe
  2⤵
  PID:8500
- C:\Windows\System\hcaMdKL.exe
  C:\Windows\System\hcaMdKL.exe
  2⤵
  PID:8528
- C:\Windows\System\GFvNzPd.exe
  C:\Windows\System\GFvNzPd.exe
  2⤵
  PID:8556
- C:\Windows\System\VloEvmW.exe
  C:\Windows\System\VloEvmW.exe
  2⤵
  PID:8596
- C:\Windows\System\OlxUWns.exe
  C:\Windows\System\OlxUWns.exe
  2⤵
  PID:8624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EUFYSQj.exe

Filesize
2.1MB

MD5
0d41ffbde23095f7c60c6ab9d59d5b0b

SHA1
6b53dc48351c6f6ecfd4f969ff2b95bead4d7332

SHA256
39bc595ef120fb9efcad2fb2c1bcad21ee3911c7184035240c06ae19adaffeb0

SHA512
d84ec237bc071c80ca57437e097bde785c3f69c44184b3548416c9b584474de7984b191d22c6163ac30f85c157cc4935796a249bc9be73884e972e1e922c6d0a

Download Submit
C:\Windows\System\EYnRxRK.exe

Filesize
2.1MB

MD5
ea7dc48a7d1728005377c25cb2483b0e

SHA1
346d9f7cbb8b7ded4e32102939255edb4636c5e1

SHA256
adc0df6d5668aa74e271d4d1868d83356d97f358b4b5f70f7afe3330bae0c349

SHA512
b3b8289f6b3bd923342f0ee1b29c496aa95794e3cb9ff7e040b2c56efde9ee8098d7ba626a9ea3b8b513983c2a70ccf4ca0cc36a705be9a6513979f6c71adcd1

Download Submit
C:\Windows\System\FqeZEaX.exe

Filesize
2.1MB

MD5
3827e82f30541e8937a47324d16ecd56

SHA1
34c40c98c0eecd3dbb4da4e094bce7c0bd91c882

SHA256
9837753175700acc9a25523aac2d852aa159348a3b85ed701090170547c51383

SHA512
8d34d4b2247f324b31d51bca3ea6b8496cc2e1c326efe488d6207b30db915373e5027639c72e6ad7bf938fa39643776c18e60e7620f3a52907361388a6cf7934

Download Submit
C:\Windows\System\GHPYNZN.exe

Filesize
2.1MB

MD5
57aa9dc73d58e128b1b46d9c9bf4ba7f

SHA1
ac7e331e08d147c66a67099cc3e2f62d90de98ad

SHA256
fd94743b21075da38cca83713653b210c2075d9ba7b4dec05c98e39a6909a05b

SHA512
c84600e49d47ae52f214ac721881b2b7039d36cb42e82350c264481a4c923a1c18d7f70af8f74a3720e42c5262aab45e77e28b73423eddae7a95e39b408108be

Download Submit
C:\Windows\System\HUsbiOc.exe

Filesize
2.1MB

MD5
8957b318e53d5cf28c9c687c660c76e9

SHA1
faef25fd8c7ee095bbbda7968ad0188dc3aa0414

SHA256
4f4c0040b9ecf88bf0173ad050dedc960917d4b23b13f7254ff90f5257971a9a

SHA512
988cdb755be57d40b194ecc311585ab8a2b5c11d8c157d9bfcf7b46e76752951e5a02968a76422bd26c366d669087e59ea5ed6edc6e93065f9643006171c0979

Download Submit
C:\Windows\System\JWLUVNN.exe

Filesize
2.1MB

MD5
9be6c90baff2a9082a5ef3b0275eba06

SHA1
e12d7f7eca22173a1e707e8cb3694f9f90252433

SHA256
36957aa90ed3bde8be99d9be9e461688e517e3e911ed1a41e6f034c2b8bc0331

SHA512
a93819e1391cafb3564b1cdd6dea6f05c3b6167c0f7dbcf43bdd211836447cf6456a7ef72797bc6624a8b8a5629187519247cc502272f605de6994352e179554

Download Submit
C:\Windows\System\KhlguOs.exe

Filesize
2.1MB

MD5
c9b7e80443e96dd757adf7c434cd48e7

SHA1
1b5ba3bd25304af4f5dee11895408488a7e3f250

SHA256
f738e008561ad85f674da1c7d115989f9088cb179a2ad5b8b190e294f1b5c22e

SHA512
106e67319a2763c27c7563442f70844a1bfc6f2b43fce33b31d742bc1a5a8d95dd7450aa7eee70615982e51112e3f1c3a97480bbf753aba22fce871961d0501b

Download Submit
C:\Windows\System\LXnYGoQ.exe

Filesize
2.1MB

MD5
492fd8c4ab853c511b8d1081e4726c2b

SHA1
5868f69f697a8fabff48c3be9eb923110874b2c7

SHA256
2fc152e129a3ba63fe85fc7b9792a14e80f70776b7bd019d28a44ae869bb708b

SHA512
9327e8f34c9722ecf984e41a9f147fb08ae72339af19b36a7f9cc9c419f112f41224507edf1483863f7ec3698a838497e3ca2fcf578a1db8d2f918eb4a18081f

Download Submit
C:\Windows\System\LxzcTHr.exe

Filesize
2.1MB

MD5
e27ac53dedce1688172df47912031651

SHA1
d2c79517dbdb4f28eb61caaf8ec22d2356376c80

SHA256
4cc59fd79c08f9abbe304733a2ffe0374f1db3db4132b604d539e0f91d190cbd

SHA512
641563902c892d5663588e680164681192bb8cbc48e2fda87b08c795d14e0861d0442b52083b7dfa2e3b3d99d2641e1ee0a9a5fc7ea0f8d6637ec59054e70306

Download Submit
C:\Windows\System\MeLCJgu.exe

Filesize
2.1MB

MD5
e81ad7707bd4fa38ca12fc50a1957158

SHA1
b97986350d744d5c75cbe309c66be65a022b82d7

SHA256
359643a739c8fa381338d4dd182721c311f91e72f01b89b7ff2cd36cfc796cf5

SHA512
140ac404af90a7a972518a75aeb190c999066bb65d8d910139c6b9764c7846ca3c27aa693893a9ca4b2015430685d602b5fcf2dfb288f8d71703cac68b0846a1

Download Submit
C:\Windows\System\OphStCz.exe

Filesize
2.1MB

MD5
4a8fb609ae8299209455f0b1961eb712

SHA1
ec5c12b134c7503b932fd1d2e83aff9538248979

SHA256
cfbb27d7b56d73fe7123f464a89e560a45a27ab6890ae62741d09eb10334d0b9

SHA512
b7f82e0c36de7fbab1e8fc1ca4801eaa059d9c53bb993c20e54f34ed92ba3c1d304759002916abbfa3c7c6fd8097c7a514d4b4928956df13b7920580a0c5102c

Download Submit
C:\Windows\System\QQbhUec.exe

Filesize
2.1MB

MD5
2a974e760d6106b684730d3aea4dc9f8

SHA1
76c367e9add1a2fd6b1a311da001bb8552c2f124

SHA256
f291770f4d7b1e8ab788e701ece82b21366ba79c7ae26812107d830c87cb6bc4

SHA512
08d76ce4ddc8f589e17b9032f537da218084c92e3f93cbbb0d7259d7e02bd765d73c76acf5b986aa42757dc3d2c100e8232b4d8e4111ec6eb7eab7a38162d761

Download Submit
C:\Windows\System\cJLmioP.exe

Filesize
2.1MB

MD5
aecb664822b7f1d3b1b3b2d8603beef2

SHA1
7efde9940ee81fb4e3d4fcd27640d377a28e1826

SHA256
c881d10578e628a52e67a61b206398c6335fcff00fe150d9b1a6b40094998cdb

SHA512
61f99ede7436407aa76a6df7de956bdd0e7fb02f93746ec553072244f6c5a3877dd386022f73d8ddd9cd08fc1c9aa85d84dc46a0998531fd717db5e18e35c140

Download Submit
C:\Windows\System\ekihURM.exe

Filesize
2.1MB

MD5
c350aac0d4a1ce3a1619c2f919fcaa21

SHA1
9bb1cde493512fb0bc34f640a2a1304ce2124f08

SHA256
f622e57b50ebf2a39912cfb8ed1fa9ff2fc88a39171bf5b4b16a54c10aed90a7

SHA512
b0340382c266e1f7032577b05c23deec342c3a9428c76316bc1fcebf0a13dd50d1517f4ba43808956a836fd4f14e7aea894b219d16ea32376bbb5e84fec61424

Download Submit
C:\Windows\System\fkHCfXi.exe

Filesize
2.1MB

MD5
4efbf38ae9f2ebc1ca3db58e7231b77d

SHA1
dc356e94603e9e3b7c04ce683a693478d01bc8fd

SHA256
a04e95530a4531759e7b46fdcdce4fa0f1634e3f445270124eb6a450109863db

SHA512
ed0128e0bdebcd5f4fcf1b841fed3fd18d0618a9a8f7544bcddf020fb2b9541ec39c6e3c7b2500532b25a426ce1ad8101f176d69d0666b42119b4f63912af24a

Download Submit
C:\Windows\System\gmRgHIq.exe

Filesize
2.1MB

MD5
82a04c1c905cb48bf239a0a5a2eab4a1

SHA1
18de1b18ac767afd702332eb07b788141a71e12a

SHA256
959a37023e7f21b03eca448d5caafbc191fc37d6e2a0102796bae683ff2c67f0

SHA512
4e554425f4d754c4bab81a4d9dcbb57afca66e1f85dfe311e9f3d80ec8c8a30a678d7e62d7d53315ea35c03a525ad6941d6100a7a85f554c02bf01d8d1d9a4c6

Download Submit
C:\Windows\System\iAqxoEn.exe

Filesize
2.1MB

MD5
296c311c5c7b798ad3f8fb7bd0b9d8fd

SHA1
e03658fc5c276b2bf2d3eb556ac3bd6783f8114a

SHA256
d33751e319e29cf6e4abe06de9cb5ae836406fd9f29722fff4e91f2d0aaa6f4d

SHA512
75e1e72f11134883ac3ec6bc139eee1af4cd6a97711fa55019252b674408fbd54ca653f61ecacefa05a7a7d4a6b96694ab2184b90103176712bc5f2ce500f25b

Download Submit
C:\Windows\System\ibRsCBN.exe

Filesize
2.1MB

MD5
3d4652a7b0bd44560f207626277ef848

SHA1
4a267097e71547b9abc4bc49a265b86c94e0290d

SHA256
66e0f9118aaeb8e0fa9af0d49beb0785c15737f45f1b63a34d28b4c3dfb1f33b

SHA512
8151b8a3ec44a92320866548add28b294371f89387a6c3ffa7097096d88d9038aa55deaf80851794ce06ce64f851164df5f2bc874ebf80fc1d85fd962630f78e

Download Submit
C:\Windows\System\isNkMbF.exe

Filesize
2.1MB

MD5
e1d75d3fd214e73b8d3a28148c9b9cb6

SHA1
0afddb1d8352846d9affc15ae2d50e8dbbb71a43

SHA256
9b46733c7c0d54fdf842e092716ed97556af52f1ca5daa2fe10440fdab863db0

SHA512
cc134eb1dd2f733587e80fee20263a1b0d739b73e4ed82577a33915150297c9772ba7ab091ec9feb980da3f36971b7ca57f7c0986acc3413b8df672f4c0d45aa

Download Submit
C:\Windows\System\kbcTCwL.exe

Filesize
2.1MB

MD5
f2564fab69e9d915256ee7fd15e0e9de

SHA1
e4935e67417d7f7d45a8605a9d3250e8f18f369f

SHA256
8c8bea44005da717c319f7146a49af3061da40cd5e173873f6735fe5ab096f4d

SHA512
0fab698cc85584a467755e3051877a5622a50b9822cb73510472c49885b9444ffb36f45b465ff4a64bfe9ab9e32017537ec563bb2948e6e59c0f877439d30ce9

Download Submit
C:\Windows\System\lmwjmZP.exe

Filesize
2.1MB

MD5
2350e0cc41f87ca16129fe9f5552d852

SHA1
4185fc9c004b95ef229acdfaefab4142243e5fda

SHA256
ce8c38dcadf21275c3da57799044d8a90815ec0e896484fb778e17504bbc98d9

SHA512
b39e355fff6b285984804cbe971744db4b0ffd8468b55d3fa1a12375647fb8530694516b5eebc2357fc10d9fd6f8f8e5d34bd8696c1bbc2600a57d08b3f36217

Download Submit
C:\Windows\System\ntIUwTD.exe

Filesize
2.1MB

MD5
dc7cd49728a36a3e98e9825254fdb1a2

SHA1
e1a8ca92a415365dae5f6c32144b9b1c85f302a7

SHA256
01cfe6965087a6927c88499649f05d626e441d0681745b375f1bbffdcc8e0a08

SHA512
e1655278cec4b0ca2fd502d99a878c184f97a8bf4c135a1fa752eaac3371c75fc16f800085cc5896afdc2baef4bf9012beb75179d52c6563c6b46eab930af7c1

Download Submit
C:\Windows\System\pSMMlgx.exe

Filesize
2.1MB

MD5
739731c4912ff950e2df9a328c7e1d22

SHA1
54ab06280de627c7e3629fce0a1a3e5dc8a00619

SHA256
c49243c39bc39c619ee2a90d55e9e5c5fc827ca6ad93ceaf907f2ca3d1cb6b42

SHA512
4cc58571401282c80f982bc26b470c437b1fb64378c103e056a7c6a974fc65cde951452d3c37ef20cb48fddb8cec2ea5875e5d76cc14c7a52c7b4223f49d0514

Download Submit
C:\Windows\System\qzaPgYX.exe

Filesize
2.1MB

MD5
9585b847273908bfedcb6cc11f11f381

SHA1
0b78447facdcde7c3aee4b264c854c2a2f2eb1ce

SHA256
08cf5be6f6760e31fc88fd1ee6e1b769ccdf74dc42bbca7ce4b1bb8c98572762

SHA512
1f1c4350119b83b95e5872aaa2117bac6e703728ac7659325377c3419e5022ea8b75717c0b19acfb15179ab07447c4aed257031c8d0d33c4c6ee5e16ea7a9969

Download Submit
C:\Windows\System\rRvALby.exe

Filesize
2.1MB

MD5
350c379be55aef0fbea5c5a18d0aa192

SHA1
aa5856175695c549163cb934ab6f04c4f4f0592d

SHA256
a0c530081ad17d8c4538e742e61bae8ade3ec230dc7299394db0ff2d4f6edfd4

SHA512
36643d234634c7cde0275b5fed079d0433c39c8b5a6aefead56d801c26ed21c28c749e639833a657b98e2d7dccb326f404dcc16227470aa65ba8dcf71be8d2b2

Download Submit
C:\Windows\System\rlITexb.exe

Filesize
2.1MB

MD5
8417be13499e992906d997f7f4082f89

SHA1
5c6f25398df937cb00fb5c113f1d0e5d91358e62

SHA256
0ae674e958307000b40bcb638dee3ec9b07c05902a3bdd08a7031580a29b79fa

SHA512
68f61f2cbc7f9ab9d07f670bec6e94875e69d49647b8007f3e9ae8f44a362cb4ec639b41569e2fc7a6c7fb0ec0015c81dee5dbfa95bc9de84d4af48b4a75d14b

Download Submit
C:\Windows\System\tBsHcnX.exe

Filesize
2.1MB

MD5
13184ed53f87f74facfff4bf19a540bf

SHA1
0a699e554c765d69ffe2ddcf27f540609f59aa42

SHA256
5617d362597eb7f2536f81a4168955475e7044d6eb7c8f120c87ca8bdfb202d8

SHA512
c4d79afc7cbc487fec2d859a4a512bf359ee5d1aeb6c25cc70ffd55734e418772ad3b58f250e03d42878cd847e3e5d53b003272f227f72adebb1ced32221e541

Download Submit
C:\Windows\System\tPbSCeh.exe

Filesize
2.1MB

MD5
e29edb33ff9df96c1fbd10576a8a5774

SHA1
ba189420a0dd4f54bd719b3b742830d804599ca2

SHA256
708b46ba5d23bbd932aa3cc6bd552a4921fdd05b035448f8da63ddff2cf39961

SHA512
49f0a291f5ec128b5f75daa9450439fc5de7d27338f6b5bd8c60ea10e04b2d2ee15c59cda2696b8083a75a3294a025525b4a5af00d8c5c10d1935efecc7ad055

Download Submit
C:\Windows\System\tmUdfXi.exe

Filesize
2.1MB

MD5
43705e827210c38d14eefdc9136db7da

SHA1
1d95eb5d1a4d4fba07e9d87eb992c6a233f46301

SHA256
e4bc9950d9ab603dbd5339b91c737b561fe07f61dacef358344658039594dfa1

SHA512
7aded48224924b8b37c280a569a380292d5fefd017e7774f30936a11b6a6c251f1b9c92f19d3cf66903d843ec379f2c3af16836d9d13456b22078dd896278a67

Download Submit
C:\Windows\System\ucZEaEU.exe

Filesize
2.1MB

MD5
b88ad3b31f399f106a32e2aa5c3e74f0

SHA1
46c08bdb92035989d213b1f946ba39f745ac2779

SHA256
eb6beae8ca4ae3fbf9a298f8ae754b4195b81391af9f479b2c7a81e89853c8b6

SHA512
b72a4a5118b96b60caa8559a0296e1157a0e8b2394e3bf4dba9054f60572caf20e44ebcdfb0b8ec6e0c7a0b7ebfc7990f2d5302211b1827692e707a3e6d1c73c

Download Submit
C:\Windows\System\vKEzPLh.exe

Filesize
2.1MB

MD5
441050a9ae8ab2f5be6d5ef7c2b423a8

SHA1
b447c1a6e6d18ae3d33b8a4c5e1bd55afab47061

SHA256
0baf3c90b5773c0ce3084799f13942a6dfc535f7afcbcd4b1d6bb0026865f414

SHA512
b5ecfb070bd3c8c2a878a16f0421a68fd1f775a5050b0aa689e12c11925ff31bc478cf79fc70ffef464a22d522f7cf2ee537a5b060f972f53169b2a475224405

Download Submit
C:\Windows\System\xaDknXa.exe

Filesize
2.1MB

MD5
d18c6605c92c5753c1f96713db064347

SHA1
9aa2442664392416e70be5f29d093fd26666e6d4

SHA256
2171210129894f1cd90857b21444569b12fc9df533c53a94f2d8647c49097234

SHA512
877d354430db5c49f6440052e5994c67464cf14d4435517265ebbf30effd6ae091ef3cb3aeb34d593cb8f32789987fd4f725897918d298b6823a122944b26edf

Download Submit
memory/3916-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download