kpot | 32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
Size

2.1MB
MD5

e6e27d2891498eaa7c8acfdf43232150
SHA1

689c401dada3aad33b75e62174ac78ded8b0fe71
SHA256

32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d
SHA512

357ed0e83a90ba419103a43baefb58db45eae494f76935136808dd3dcf201031492c807c44ba1a9a500fc9fba80340391af33b6b365364b40468a47784320943
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2iV9:GemTLkNdfE0pZaQA

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023417-3.dat	family_kpot
behavioral2/files/0x0007000000023425-8.dat	family_kpot
behavioral2/files/0x0008000000023420-10.dat	family_kpot
behavioral2/files/0x0007000000023426-19.dat	family_kpot
behavioral2/files/0x0007000000023427-23.dat	family_kpot
behavioral2/files/0x0007000000023428-29.dat	family_kpot
behavioral2/files/0x0007000000023429-35.dat	family_kpot
behavioral2/files/0x000700000002342a-39.dat	family_kpot
behavioral2/files/0x000700000002342b-44.dat	family_kpot
behavioral2/files/0x0008000000023421-49.dat	family_kpot
behavioral2/files/0x000700000002342d-54.dat	family_kpot
behavioral2/files/0x000700000002342e-59.dat	family_kpot
behavioral2/files/0x000700000002342f-64.dat	family_kpot
behavioral2/files/0x0007000000023430-67.dat	family_kpot
behavioral2/files/0x0007000000023432-77.dat	family_kpot
behavioral2/files/0x0007000000023433-80.dat	family_kpot
behavioral2/files/0x0007000000023434-84.dat	family_kpot
behavioral2/files/0x0007000000023435-94.dat	family_kpot
behavioral2/files/0x0007000000023436-103.dat	family_kpot
behavioral2/files/0x0007000000023438-109.dat	family_kpot
behavioral2/files/0x0007000000023439-118.dat	family_kpot
behavioral2/files/0x000700000002343c-133.dat	family_kpot
behavioral2/files/0x000700000002343f-142.dat	family_kpot
behavioral2/files/0x0007000000023443-162.dat	family_kpot
behavioral2/files/0x0007000000023441-158.dat	family_kpot
behavioral2/files/0x0007000000023442-157.dat	family_kpot
behavioral2/files/0x0007000000023440-153.dat	family_kpot
behavioral2/files/0x000700000002343e-143.dat	family_kpot
behavioral2/files/0x000700000002343d-138.dat	family_kpot
behavioral2/files/0x000700000002343b-127.dat	family_kpot
behavioral2/files/0x000700000002343a-123.dat	family_kpot
behavioral2/files/0x0007000000023437-107.dat	family_kpot
behavioral2/files/0x0007000000023431-82.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0009000000023417-3.dat	xmrig
behavioral2/files/0x0007000000023425-8.dat	xmrig
behavioral2/files/0x0008000000023420-10.dat	xmrig
behavioral2/files/0x0007000000023426-19.dat	xmrig
behavioral2/files/0x0007000000023427-23.dat	xmrig
behavioral2/files/0x0007000000023428-29.dat	xmrig
behavioral2/files/0x0007000000023429-35.dat	xmrig
behavioral2/files/0x000700000002342a-39.dat	xmrig
behavioral2/files/0x000700000002342b-44.dat	xmrig
behavioral2/files/0x0008000000023421-49.dat	xmrig
behavioral2/files/0x000700000002342d-54.dat	xmrig
behavioral2/files/0x000700000002342e-59.dat	xmrig
behavioral2/files/0x000700000002342f-64.dat	xmrig
behavioral2/files/0x0007000000023430-67.dat	xmrig
behavioral2/files/0x0007000000023432-77.dat	xmrig
behavioral2/files/0x0007000000023433-80.dat	xmrig
behavioral2/files/0x0007000000023434-84.dat	xmrig
behavioral2/files/0x0007000000023435-94.dat	xmrig
behavioral2/files/0x0007000000023436-103.dat	xmrig
behavioral2/files/0x0007000000023438-109.dat	xmrig
behavioral2/files/0x0007000000023439-118.dat	xmrig
behavioral2/files/0x000700000002343c-133.dat	xmrig
behavioral2/files/0x000700000002343f-142.dat	xmrig
behavioral2/files/0x0007000000023443-162.dat	xmrig
behavioral2/files/0x0007000000023441-158.dat	xmrig
behavioral2/files/0x0007000000023442-157.dat	xmrig
behavioral2/files/0x0007000000023440-153.dat	xmrig
behavioral2/files/0x000700000002343e-143.dat	xmrig
behavioral2/files/0x000700000002343d-138.dat	xmrig
behavioral2/files/0x000700000002343b-127.dat	xmrig
behavioral2/files/0x000700000002343a-123.dat	xmrig
behavioral2/files/0x0007000000023437-107.dat	xmrig
behavioral2/files/0x0007000000023431-82.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2128	aOEOLhH.exe
4504	mRyNYiZ.exe
2188	kWDZZni.exe
2956	ixtdppG.exe
4164	UFwkAaz.exe
2968	XWhFnEL.exe
5108	jXSXKtm.exe
4760	wLwBHNl.exe
4836	OecwIQH.exe
2384	cajVeLo.exe
1108	mhdnTkz.exe
1484	ixXmIPV.exe
4396	vdDgLxE.exe
700	EdHrCFA.exe
404	fkUkWwy.exe
2628	kvTMgyk.exe
1628	lorPNYF.exe
4536	WxpWwHT.exe
2020	Ffttmpr.exe
772	cDfoNHe.exe
3624	YirrpWL.exe
1984	FqmhJHl.exe
4980	EXUjvNG.exe
3276	AbPheSc.exe
1688	FDTknje.exe
1548	aOQCfqF.exe
3192	KNOBdpw.exe
3912	PLaOLwM.exe
2176	SLfnYvL.exe
3456	IaZaUmc.exe
3668	CyXBoQM.exe
2664	zDLVnOG.exe
2200	KGyeyKB.exe
3244	lUwFspC.exe
3476	UfAbCPI.exe
2732	aXYTyjA.exe
3884	maDfQzD.exe
644	GkBhEkM.exe
892	sxZxonB.exe
1560	IvIKyYC.exe
3792	eEWVPpe.exe
2704	MUStVqe.exe
4328	spEUOYS.exe
3812	AEavvhg.exe
4612	hRqaras.exe
3636	aSCRXuC.exe
2724	WBNdMBg.exe
2920	kEqUluK.exe
1904	fJJluVZ.exe
2000	IAuGgaN.exe
4216	sFJxUfv.exe
3208	vWSFQDb.exe
2952	vFUQQlE.exe
1192	uNRKtPh.exe
2836	woEhUTA.exe
4936	SUGKwfn.exe
3172	VqHkLwK.exe
1752	qhArVaH.exe
2136	pOqSWmX.exe
3200	FyWNjOh.exe
3556	PMptMBB.exe
4020	tFktsaR.exe
3948	HIIMvNE.exe
1908	IdwnXdu.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PBaPIjX.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\MILlnXu.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\aOQCfqF.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\XnpCUOs.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\DkAhtfK.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\JAqGETE.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\mhdnTkz.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\IQwaKcV.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\TTeMqKy.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\xFXpoxl.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\CPzVXEB.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\NBjjXeq.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\hffrEfx.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\aoYVzmR.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\HADJXfQ.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\hLRTiRk.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\zrJtNsO.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\PLaOLwM.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\PMptMBB.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\MhXHyNh.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\GTddneY.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\flFJBLQ.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\ZayxEFP.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\NEeayIt.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\bTMNFKT.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\UFwkAaz.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\WxpWwHT.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\RnCXexw.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\YvpoNQJ.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\yvldShP.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\fkUkWwy.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\IvIKyYC.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\mByvXOT.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\YapTufY.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\snsNRRD.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\KMtbdxs.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\kWDZZni.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\goQGGMR.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\sNVNQnA.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\lfBOVQk.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\gpNVCxa.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\IMAtgmE.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\wLwBHNl.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\apCNXKM.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\kKiOZbm.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\AUPaDIq.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\aykQfKn.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\sWgLIHp.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\qojPhek.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\xrXYXbe.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\EdHrCFA.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\EKEPCGj.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\AEavvhg.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\SUGKwfn.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\fXafzeG.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\oUBvQlU.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\hLEkVhU.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\nYoRCmt.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\cajVeLo.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\kvTMgyk.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\fXHOiHl.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\ZTwoTNr.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\nGQuheE.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
File created	C:\Windows\System\FuZXxyO.exe	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 2128	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	84
PID 4136 wrote to memory of 2128	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	84
PID 4136 wrote to memory of 4504	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	85
PID 4136 wrote to memory of 4504	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	85
PID 4136 wrote to memory of 2188	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	86
PID 4136 wrote to memory of 2188	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	86
PID 4136 wrote to memory of 2956	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	87
PID 4136 wrote to memory of 2956	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	87
PID 4136 wrote to memory of 4164	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	88
PID 4136 wrote to memory of 4164	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	88
PID 4136 wrote to memory of 2968	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	89
PID 4136 wrote to memory of 2968	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	89
PID 4136 wrote to memory of 5108	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	90
PID 4136 wrote to memory of 5108	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	90
PID 4136 wrote to memory of 4760	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	91
PID 4136 wrote to memory of 4760	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	91
PID 4136 wrote to memory of 4836	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	94
PID 4136 wrote to memory of 4836	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	94
PID 4136 wrote to memory of 2384	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	96
PID 4136 wrote to memory of 2384	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	96
PID 4136 wrote to memory of 1108	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	97
PID 4136 wrote to memory of 1108	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	97
PID 4136 wrote to memory of 1484	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	98
PID 4136 wrote to memory of 1484	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	98
PID 4136 wrote to memory of 4396	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	99
PID 4136 wrote to memory of 4396	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	99
PID 4136 wrote to memory of 700	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	100
PID 4136 wrote to memory of 700	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	100
PID 4136 wrote to memory of 404	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	101
PID 4136 wrote to memory of 404	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	101
PID 4136 wrote to memory of 2628	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	102
PID 4136 wrote to memory of 2628	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	102
PID 4136 wrote to memory of 1628	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	103
PID 4136 wrote to memory of 1628	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	103
PID 4136 wrote to memory of 4536	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	104
PID 4136 wrote to memory of 4536	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	104
PID 4136 wrote to memory of 2020	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	105
PID 4136 wrote to memory of 2020	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	105
PID 4136 wrote to memory of 772	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	106
PID 4136 wrote to memory of 772	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	106
PID 4136 wrote to memory of 3624	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	107
PID 4136 wrote to memory of 3624	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	107
PID 4136 wrote to memory of 1984	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	108
PID 4136 wrote to memory of 1984	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	108
PID 4136 wrote to memory of 4980	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	109
PID 4136 wrote to memory of 4980	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	109
PID 4136 wrote to memory of 3276	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	110
PID 4136 wrote to memory of 3276	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	110
PID 4136 wrote to memory of 1688	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	111
PID 4136 wrote to memory of 1688	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	111
PID 4136 wrote to memory of 1548	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	112
PID 4136 wrote to memory of 1548	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	112
PID 4136 wrote to memory of 3192	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	113
PID 4136 wrote to memory of 3192	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	113
PID 4136 wrote to memory of 3912	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	114
PID 4136 wrote to memory of 3912	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	114
PID 4136 wrote to memory of 2176	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	115
PID 4136 wrote to memory of 2176	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	115
PID 4136 wrote to memory of 3456	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	116
PID 4136 wrote to memory of 3456	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	116
PID 4136 wrote to memory of 3668	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	117
PID 4136 wrote to memory of 3668	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	117
PID 4136 wrote to memory of 2664	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	118
PID 4136 wrote to memory of 2664	4136	32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32cdeddcfd2d0aff54a764aab4cf509555db7041447eaefadd6a5ea23477413d_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\System\aOEOLhH.exe
  C:\Windows\System\aOEOLhH.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\mRyNYiZ.exe
  C:\Windows\System\mRyNYiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\kWDZZni.exe
  C:\Windows\System\kWDZZni.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ixtdppG.exe
  C:\Windows\System\ixtdppG.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\UFwkAaz.exe
  C:\Windows\System\UFwkAaz.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\XWhFnEL.exe
  C:\Windows\System\XWhFnEL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\jXSXKtm.exe
  C:\Windows\System\jXSXKtm.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\wLwBHNl.exe
  C:\Windows\System\wLwBHNl.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\OecwIQH.exe
  C:\Windows\System\OecwIQH.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\cajVeLo.exe
  C:\Windows\System\cajVeLo.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\mhdnTkz.exe
  C:\Windows\System\mhdnTkz.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\ixXmIPV.exe
  C:\Windows\System\ixXmIPV.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\vdDgLxE.exe
  C:\Windows\System\vdDgLxE.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\EdHrCFA.exe
  C:\Windows\System\EdHrCFA.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\fkUkWwy.exe
  C:\Windows\System\fkUkWwy.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\kvTMgyk.exe
  C:\Windows\System\kvTMgyk.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\lorPNYF.exe
  C:\Windows\System\lorPNYF.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\WxpWwHT.exe
  C:\Windows\System\WxpWwHT.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\Ffttmpr.exe
  C:\Windows\System\Ffttmpr.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\cDfoNHe.exe
  C:\Windows\System\cDfoNHe.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\YirrpWL.exe
  C:\Windows\System\YirrpWL.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\FqmhJHl.exe
  C:\Windows\System\FqmhJHl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\EXUjvNG.exe
  C:\Windows\System\EXUjvNG.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\AbPheSc.exe
  C:\Windows\System\AbPheSc.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\FDTknje.exe
  C:\Windows\System\FDTknje.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\aOQCfqF.exe
  C:\Windows\System\aOQCfqF.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\KNOBdpw.exe
  C:\Windows\System\KNOBdpw.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\PLaOLwM.exe
  C:\Windows\System\PLaOLwM.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\SLfnYvL.exe
  C:\Windows\System\SLfnYvL.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\IaZaUmc.exe
  C:\Windows\System\IaZaUmc.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\CyXBoQM.exe
  C:\Windows\System\CyXBoQM.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\zDLVnOG.exe
  C:\Windows\System\zDLVnOG.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\KGyeyKB.exe
  C:\Windows\System\KGyeyKB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\lUwFspC.exe
  C:\Windows\System\lUwFspC.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\UfAbCPI.exe
  C:\Windows\System\UfAbCPI.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\aXYTyjA.exe
  C:\Windows\System\aXYTyjA.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\maDfQzD.exe
  C:\Windows\System\maDfQzD.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\GkBhEkM.exe
  C:\Windows\System\GkBhEkM.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\sxZxonB.exe
  C:\Windows\System\sxZxonB.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\IvIKyYC.exe
  C:\Windows\System\IvIKyYC.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\eEWVPpe.exe
  C:\Windows\System\eEWVPpe.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\MUStVqe.exe
  C:\Windows\System\MUStVqe.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\spEUOYS.exe
  C:\Windows\System\spEUOYS.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\AEavvhg.exe
  C:\Windows\System\AEavvhg.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\hRqaras.exe
  C:\Windows\System\hRqaras.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\aSCRXuC.exe
  C:\Windows\System\aSCRXuC.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\WBNdMBg.exe
  C:\Windows\System\WBNdMBg.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\kEqUluK.exe
  C:\Windows\System\kEqUluK.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\fJJluVZ.exe
  C:\Windows\System\fJJluVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\IAuGgaN.exe
  C:\Windows\System\IAuGgaN.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\sFJxUfv.exe
  C:\Windows\System\sFJxUfv.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\vWSFQDb.exe
  C:\Windows\System\vWSFQDb.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\vFUQQlE.exe
  C:\Windows\System\vFUQQlE.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\uNRKtPh.exe
  C:\Windows\System\uNRKtPh.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\woEhUTA.exe
  C:\Windows\System\woEhUTA.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\SUGKwfn.exe
  C:\Windows\System\SUGKwfn.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\VqHkLwK.exe
  C:\Windows\System\VqHkLwK.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\qhArVaH.exe
  C:\Windows\System\qhArVaH.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pOqSWmX.exe
  C:\Windows\System\pOqSWmX.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\FyWNjOh.exe
  C:\Windows\System\FyWNjOh.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\PMptMBB.exe
  C:\Windows\System\PMptMBB.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\tFktsaR.exe
  C:\Windows\System\tFktsaR.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\HIIMvNE.exe
  C:\Windows\System\HIIMvNE.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\IdwnXdu.exe
  C:\Windows\System\IdwnXdu.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\KQdbbVJ.exe
  C:\Windows\System\KQdbbVJ.exe
  2⤵
  PID:3352
- C:\Windows\System\GIhihub.exe
  C:\Windows\System\GIhihub.exe
  2⤵
  PID:3464
- C:\Windows\System\NBjjXeq.exe
  C:\Windows\System\NBjjXeq.exe
  2⤵
  PID:4824
- C:\Windows\System\SOmOAPg.exe
  C:\Windows\System\SOmOAPg.exe
  2⤵
  PID:1556
- C:\Windows\System\cjrvvCU.exe
  C:\Windows\System\cjrvvCU.exe
  2⤵
  PID:4312
- C:\Windows\System\hgVpcSA.exe
  C:\Windows\System\hgVpcSA.exe
  2⤵
  PID:1316
- C:\Windows\System\gbwTMTV.exe
  C:\Windows\System\gbwTMTV.exe
  2⤵
  PID:4640
- C:\Windows\System\wTkfqlp.exe
  C:\Windows\System\wTkfqlp.exe
  2⤵
  PID:2424
- C:\Windows\System\yRkUpYh.exe
  C:\Windows\System\yRkUpYh.exe
  2⤵
  PID:1120
- C:\Windows\System\WFpXeEx.exe
  C:\Windows\System\WFpXeEx.exe
  2⤵
  PID:3612
- C:\Windows\System\ElExwRh.exe
  C:\Windows\System\ElExwRh.exe
  2⤵
  PID:1508
- C:\Windows\System\hffrEfx.exe
  C:\Windows\System\hffrEfx.exe
  2⤵
  PID:2924
- C:\Windows\System\aoYVzmR.exe
  C:\Windows\System\aoYVzmR.exe
  2⤵
  PID:1852
- C:\Windows\System\apCNXKM.exe
  C:\Windows\System\apCNXKM.exe
  2⤵
  PID:1492
- C:\Windows\System\LzthlRG.exe
  C:\Windows\System\LzthlRG.exe
  2⤵
  PID:1132
- C:\Windows\System\urofbCH.exe
  C:\Windows\System\urofbCH.exe
  2⤵
  PID:1432
- C:\Windows\System\apJdnai.exe
  C:\Windows\System\apJdnai.exe
  2⤵
  PID:4644
- C:\Windows\System\CDsVfDD.exe
  C:\Windows\System\CDsVfDD.exe
  2⤵
  PID:2416
- C:\Windows\System\fvCbEtC.exe
  C:\Windows\System\fvCbEtC.exe
  2⤵
  PID:3724
- C:\Windows\System\LgbQQiZ.exe
  C:\Windows\System\LgbQQiZ.exe
  2⤵
  PID:5144
- C:\Windows\System\WKQTFEU.exe
  C:\Windows\System\WKQTFEU.exe
  2⤵
  PID:5176
- C:\Windows\System\cKmOpIh.exe
  C:\Windows\System\cKmOpIh.exe
  2⤵
  PID:5200
- C:\Windows\System\QzUpRbN.exe
  C:\Windows\System\QzUpRbN.exe
  2⤵
  PID:5228
- C:\Windows\System\qirEDKu.exe
  C:\Windows\System\qirEDKu.exe
  2⤵
  PID:5256
- C:\Windows\System\PBaPIjX.exe
  C:\Windows\System\PBaPIjX.exe
  2⤵
  PID:5284
- C:\Windows\System\QVGgqHg.exe
  C:\Windows\System\QVGgqHg.exe
  2⤵
  PID:5312
- C:\Windows\System\sNVNQnA.exe
  C:\Windows\System\sNVNQnA.exe
  2⤵
  PID:5344
- C:\Windows\System\goQGGMR.exe
  C:\Windows\System\goQGGMR.exe
  2⤵
  PID:5372
- C:\Windows\System\JFGCizq.exe
  C:\Windows\System\JFGCizq.exe
  2⤵
  PID:5400
- C:\Windows\System\EWynZfA.exe
  C:\Windows\System\EWynZfA.exe
  2⤵
  PID:5428
- C:\Windows\System\fQxrNDj.exe
  C:\Windows\System\fQxrNDj.exe
  2⤵
  PID:5456
- C:\Windows\System\LsyxTci.exe
  C:\Windows\System\LsyxTci.exe
  2⤵
  PID:5480
- C:\Windows\System\psvANNM.exe
  C:\Windows\System\psvANNM.exe
  2⤵
  PID:5508
- C:\Windows\System\OSkQzmt.exe
  C:\Windows\System\OSkQzmt.exe
  2⤵
  PID:5540
- C:\Windows\System\llVgFvl.exe
  C:\Windows\System\llVgFvl.exe
  2⤵
  PID:5564
- C:\Windows\System\NzAFAZS.exe
  C:\Windows\System\NzAFAZS.exe
  2⤵
  PID:5596
- C:\Windows\System\EKEPCGj.exe
  C:\Windows\System\EKEPCGj.exe
  2⤵
  PID:5620
- C:\Windows\System\URcBuuW.exe
  C:\Windows\System\URcBuuW.exe
  2⤵
  PID:5652
- C:\Windows\System\bKpcVXa.exe
  C:\Windows\System\bKpcVXa.exe
  2⤵
  PID:5680
- C:\Windows\System\bGESChj.exe
  C:\Windows\System\bGESChj.exe
  2⤵
  PID:5708
- C:\Windows\System\rTMgaOi.exe
  C:\Windows\System\rTMgaOi.exe
  2⤵
  PID:5736
- C:\Windows\System\chzvMqF.exe
  C:\Windows\System\chzvMqF.exe
  2⤵
  PID:5764
- C:\Windows\System\lfBOVQk.exe
  C:\Windows\System\lfBOVQk.exe
  2⤵
  PID:5788
- C:\Windows\System\VvzAdWH.exe
  C:\Windows\System\VvzAdWH.exe
  2⤵
  PID:5816
- C:\Windows\System\NMvxckr.exe
  C:\Windows\System\NMvxckr.exe
  2⤵
  PID:5848
- C:\Windows\System\hvyTWRQ.exe
  C:\Windows\System\hvyTWRQ.exe
  2⤵
  PID:5876
- C:\Windows\System\RnCXexw.exe
  C:\Windows\System\RnCXexw.exe
  2⤵
  PID:5904
- C:\Windows\System\cFiTHBG.exe
  C:\Windows\System\cFiTHBG.exe
  2⤵
  PID:5932
- C:\Windows\System\jxOIhzz.exe
  C:\Windows\System\jxOIhzz.exe
  2⤵
  PID:5960
- C:\Windows\System\sqFfBfS.exe
  C:\Windows\System\sqFfBfS.exe
  2⤵
  PID:5988
- C:\Windows\System\aJPRvQY.exe
  C:\Windows\System\aJPRvQY.exe
  2⤵
  PID:6012
- C:\Windows\System\dGpaIuW.exe
  C:\Windows\System\dGpaIuW.exe
  2⤵
  PID:6044
- C:\Windows\System\gasBzfF.exe
  C:\Windows\System\gasBzfF.exe
  2⤵
  PID:6072
- C:\Windows\System\YvpoNQJ.exe
  C:\Windows\System\YvpoNQJ.exe
  2⤵
  PID:6100
- C:\Windows\System\ghFStOV.exe
  C:\Windows\System\ghFStOV.exe
  2⤵
  PID:6128
- C:\Windows\System\QuukSbd.exe
  C:\Windows\System\QuukSbd.exe
  2⤵
  PID:1260
- C:\Windows\System\nBTGCaO.exe
  C:\Windows\System\nBTGCaO.exe
  2⤵
  PID:4436
- C:\Windows\System\baFBWWJ.exe
  C:\Windows\System\baFBWWJ.exe
  2⤵
  PID:2608
- C:\Windows\System\tEobUqD.exe
  C:\Windows\System\tEobUqD.exe
  2⤵
  PID:5248
- C:\Windows\System\UZWFQIw.exe
  C:\Windows\System\UZWFQIw.exe
  2⤵
  PID:4444
- C:\Windows\System\XNtPXqC.exe
  C:\Windows\System\XNtPXqC.exe
  2⤵
  PID:5360
- C:\Windows\System\ZayxEFP.exe
  C:\Windows\System\ZayxEFP.exe
  2⤵
  PID:5444
- C:\Windows\System\mgJAEcw.exe
  C:\Windows\System\mgJAEcw.exe
  2⤵
  PID:5524
- C:\Windows\System\DQpvOWa.exe
  C:\Windows\System\DQpvOWa.exe
  2⤵
  PID:5584
- C:\Windows\System\IQwaKcV.exe
  C:\Windows\System\IQwaKcV.exe
  2⤵
  PID:5640
- C:\Windows\System\LDtzpQI.exe
  C:\Windows\System\LDtzpQI.exe
  2⤵
  PID:5724
- C:\Windows\System\XnpCUOs.exe
  C:\Windows\System\XnpCUOs.exe
  2⤵
  PID:5776
- C:\Windows\System\gpNVCxa.exe
  C:\Windows\System\gpNVCxa.exe
  2⤵
  PID:4912
- C:\Windows\System\oZCTFfT.exe
  C:\Windows\System\oZCTFfT.exe
  2⤵
  PID:5840
- C:\Windows\System\evjXhwO.exe
  C:\Windows\System\evjXhwO.exe
  2⤵
  PID:5916
- C:\Windows\System\laKQboI.exe
  C:\Windows\System\laKQboI.exe
  2⤵
  PID:5952
- C:\Windows\System\zSNlIiD.exe
  C:\Windows\System\zSNlIiD.exe
  2⤵
  PID:6000
- C:\Windows\System\IhsKGDH.exe
  C:\Windows\System\IhsKGDH.exe
  2⤵
  PID:1388
- C:\Windows\System\hQdecbs.exe
  C:\Windows\System\hQdecbs.exe
  2⤵
  PID:6112
- C:\Windows\System\mNEneQa.exe
  C:\Windows\System\mNEneQa.exe
  2⤵
  PID:2840
- C:\Windows\System\fXafzeG.exe
  C:\Windows\System\fXafzeG.exe
  2⤵
  PID:1004
- C:\Windows\System\PWBDmRW.exe
  C:\Windows\System\PWBDmRW.exe
  2⤵
  PID:3896
- C:\Windows\System\FvzWUjs.exe
  C:\Windows\System\FvzWUjs.exe
  2⤵
  PID:3096
- C:\Windows\System\ZTwoTNr.exe
  C:\Windows\System\ZTwoTNr.exe
  2⤵
  PID:5216
- C:\Windows\System\kKiOZbm.exe
  C:\Windows\System\kKiOZbm.exe
  2⤵
  PID:3188
- C:\Windows\System\NEeayIt.exe
  C:\Windows\System\NEeayIt.exe
  2⤵
  PID:5504
- C:\Windows\System\qgDUNkF.exe
  C:\Windows\System\qgDUNkF.exe
  2⤵
  PID:5616
- C:\Windows\System\lyBWoHZ.exe
  C:\Windows\System\lyBWoHZ.exe
  2⤵
  PID:5748
- C:\Windows\System\oUBvQlU.exe
  C:\Windows\System\oUBvQlU.exe
  2⤵
  PID:5836
- C:\Windows\System\IOOQfgs.exe
  C:\Windows\System\IOOQfgs.exe
  2⤵
  PID:6028
- C:\Windows\System\BkyxthG.exe
  C:\Windows\System\BkyxthG.exe
  2⤵
  PID:6116
- C:\Windows\System\xFXpoxl.exe
  C:\Windows\System\xFXpoxl.exe
  2⤵
  PID:768
- C:\Windows\System\dljQxvy.exe
  C:\Windows\System\dljQxvy.exe
  2⤵
  PID:2760
- C:\Windows\System\WFsUKKy.exe
  C:\Windows\System\WFsUKKy.exe
  2⤵
  PID:5552
- C:\Windows\System\iziaHOC.exe
  C:\Windows\System\iziaHOC.exe
  2⤵
  PID:5692
- C:\Windows\System\CxWzFOU.exe
  C:\Windows\System\CxWzFOU.exe
  2⤵
  PID:6084
- C:\Windows\System\DkAhtfK.exe
  C:\Windows\System\DkAhtfK.exe
  2⤵
  PID:5244
- C:\Windows\System\oaHjTpl.exe
  C:\Windows\System\oaHjTpl.exe
  2⤵
  PID:5808
- C:\Windows\System\dvNaTck.exe
  C:\Windows\System\dvNaTck.exe
  2⤵
  PID:1708
- C:\Windows\System\dWpAimj.exe
  C:\Windows\System\dWpAimj.exe
  2⤵
  PID:6164
- C:\Windows\System\PBKldUq.exe
  C:\Windows\System\PBKldUq.exe
  2⤵
  PID:6192
- C:\Windows\System\yfKsJoE.exe
  C:\Windows\System\yfKsJoE.exe
  2⤵
  PID:6220
- C:\Windows\System\nBEoEpf.exe
  C:\Windows\System\nBEoEpf.exe
  2⤵
  PID:6260
- C:\Windows\System\CPzVXEB.exe
  C:\Windows\System\CPzVXEB.exe
  2⤵
  PID:6288
- C:\Windows\System\HADJXfQ.exe
  C:\Windows\System\HADJXfQ.exe
  2⤵
  PID:6316
- C:\Windows\System\mByvXOT.exe
  C:\Windows\System\mByvXOT.exe
  2⤵
  PID:6344
- C:\Windows\System\cmutDgY.exe
  C:\Windows\System\cmutDgY.exe
  2⤵
  PID:6360
- C:\Windows\System\Qdkdeec.exe
  C:\Windows\System\Qdkdeec.exe
  2⤵
  PID:6400
- C:\Windows\System\nGGWEQH.exe
  C:\Windows\System\nGGWEQH.exe
  2⤵
  PID:6428
- C:\Windows\System\iAiGVAz.exe
  C:\Windows\System\iAiGVAz.exe
  2⤵
  PID:6448
- C:\Windows\System\YapTufY.exe
  C:\Windows\System\YapTufY.exe
  2⤵
  PID:6480
- C:\Windows\System\hlskTFY.exe
  C:\Windows\System\hlskTFY.exe
  2⤵
  PID:6500
- C:\Windows\System\wskPCMX.exe
  C:\Windows\System\wskPCMX.exe
  2⤵
  PID:6540
- C:\Windows\System\yCByosZ.exe
  C:\Windows\System\yCByosZ.exe
  2⤵
  PID:6560
- C:\Windows\System\iSRXWsj.exe
  C:\Windows\System\iSRXWsj.exe
  2⤵
  PID:6596
- C:\Windows\System\GuRkAom.exe
  C:\Windows\System\GuRkAom.exe
  2⤵
  PID:6624
- C:\Windows\System\AaOPYhI.exe
  C:\Windows\System\AaOPYhI.exe
  2⤵
  PID:6640
- C:\Windows\System\suiSURW.exe
  C:\Windows\System\suiSURW.exe
  2⤵
  PID:6680
- C:\Windows\System\oDVkfSH.exe
  C:\Windows\System\oDVkfSH.exe
  2⤵
  PID:6700
- C:\Windows\System\JAqGETE.exe
  C:\Windows\System\JAqGETE.exe
  2⤵
  PID:6724
- C:\Windows\System\AUPaDIq.exe
  C:\Windows\System\AUPaDIq.exe
  2⤵
  PID:6764
- C:\Windows\System\oIEmgyp.exe
  C:\Windows\System\oIEmgyp.exe
  2⤵
  PID:6792
- C:\Windows\System\snsNRRD.exe
  C:\Windows\System\snsNRRD.exe
  2⤵
  PID:6812
- C:\Windows\System\zHCuKCD.exe
  C:\Windows\System\zHCuKCD.exe
  2⤵
  PID:6836
- C:\Windows\System\LNjGiZn.exe
  C:\Windows\System\LNjGiZn.exe
  2⤵
  PID:6876
- C:\Windows\System\khHuKHj.exe
  C:\Windows\System\khHuKHj.exe
  2⤵
  PID:6896
- C:\Windows\System\HSUPuAr.exe
  C:\Windows\System\HSUPuAr.exe
  2⤵
  PID:6916
- C:\Windows\System\mqDkAUG.exe
  C:\Windows\System\mqDkAUG.exe
  2⤵
  PID:6952
- C:\Windows\System\chYDBpY.exe
  C:\Windows\System\chYDBpY.exe
  2⤵
  PID:6988
- C:\Windows\System\iWKpspu.exe
  C:\Windows\System\iWKpspu.exe
  2⤵
  PID:7016
- C:\Windows\System\nsTMXEq.exe
  C:\Windows\System\nsTMXEq.exe
  2⤵
  PID:7052
- C:\Windows\System\ICJyCWQ.exe
  C:\Windows\System\ICJyCWQ.exe
  2⤵
  PID:7076
- C:\Windows\System\VzgcfNp.exe
  C:\Windows\System\VzgcfNp.exe
  2⤵
  PID:7104
- C:\Windows\System\UCjHWKp.exe
  C:\Windows\System\UCjHWKp.exe
  2⤵
  PID:7132
- C:\Windows\System\ZZihrMA.exe
  C:\Windows\System\ZZihrMA.exe
  2⤵
  PID:7160
- C:\Windows\System\AZTVHIa.exe
  C:\Windows\System\AZTVHIa.exe
  2⤵
  PID:6148
- C:\Windows\System\VBsidTB.exe
  C:\Windows\System\VBsidTB.exe
  2⤵
  PID:6208
- C:\Windows\System\JGzzRTW.exe
  C:\Windows\System\JGzzRTW.exe
  2⤵
  PID:6272
- C:\Windows\System\hLRTiRk.exe
  C:\Windows\System\hLRTiRk.exe
  2⤵
  PID:6336
- C:\Windows\System\DBaBaaV.exe
  C:\Windows\System\DBaBaaV.exe
  2⤵
  PID:6420
- C:\Windows\System\mprHDuF.exe
  C:\Windows\System\mprHDuF.exe
  2⤵
  PID:6472
- C:\Windows\System\taQXDCX.exe
  C:\Windows\System\taQXDCX.exe
  2⤵
  PID:6548
- C:\Windows\System\vqFytjb.exe
  C:\Windows\System\vqFytjb.exe
  2⤵
  PID:6616
- C:\Windows\System\AlBRrAG.exe
  C:\Windows\System\AlBRrAG.exe
  2⤵
  PID:6692
- C:\Windows\System\zdwOyiI.exe
  C:\Windows\System\zdwOyiI.exe
  2⤵
  PID:6712
- C:\Windows\System\vYAuDtO.exe
  C:\Windows\System\vYAuDtO.exe
  2⤵
  PID:6784
- C:\Windows\System\rfwZWgh.exe
  C:\Windows\System\rfwZWgh.exe
  2⤵
  PID:6864
- C:\Windows\System\ldDuRYF.exe
  C:\Windows\System\ldDuRYF.exe
  2⤵
  PID:6940
- C:\Windows\System\rduaMqg.exe
  C:\Windows\System\rduaMqg.exe
  2⤵
  PID:7008
- C:\Windows\System\JAVVhyY.exe
  C:\Windows\System\JAVVhyY.exe
  2⤵
  PID:7068
- C:\Windows\System\aFjgYYv.exe
  C:\Windows\System\aFjgYYv.exe
  2⤵
  PID:7124
- C:\Windows\System\AVoCOnm.exe
  C:\Windows\System\AVoCOnm.exe
  2⤵
  PID:6160
- C:\Windows\System\HEKMbTN.exe
  C:\Windows\System\HEKMbTN.exe
  2⤵
  PID:6328
- C:\Windows\System\fpVSvCX.exe
  C:\Windows\System\fpVSvCX.exe
  2⤵
  PID:6520
- C:\Windows\System\hLEkVhU.exe
  C:\Windows\System\hLEkVhU.exe
  2⤵
  PID:6608
- C:\Windows\System\tomkkmB.exe
  C:\Windows\System\tomkkmB.exe
  2⤵
  PID:6788
- C:\Windows\System\TrhVehF.exe
  C:\Windows\System\TrhVehF.exe
  2⤵
  PID:6904
- C:\Windows\System\QyBcvNC.exe
  C:\Windows\System\QyBcvNC.exe
  2⤵
  PID:7116
- C:\Windows\System\FerlpvH.exe
  C:\Windows\System\FerlpvH.exe
  2⤵
  PID:6380
- C:\Windows\System\chPYsWi.exe
  C:\Windows\System\chPYsWi.exe
  2⤵
  PID:6708
- C:\Windows\System\dltydGN.exe
  C:\Windows\System\dltydGN.exe
  2⤵
  PID:7060
- C:\Windows\System\jvFrFtG.exe
  C:\Windows\System\jvFrFtG.exe
  2⤵
  PID:6620
- C:\Windows\System\UyEMppm.exe
  C:\Windows\System\UyEMppm.exe
  2⤵
  PID:7176
- C:\Windows\System\qLhIrho.exe
  C:\Windows\System\qLhIrho.exe
  2⤵
  PID:7196
- C:\Windows\System\nGQuheE.exe
  C:\Windows\System\nGQuheE.exe
  2⤵
  PID:7212
- C:\Windows\System\ZbFfhDs.exe
  C:\Windows\System\ZbFfhDs.exe
  2⤵
  PID:7232
- C:\Windows\System\APesTqd.exe
  C:\Windows\System\APesTqd.exe
  2⤵
  PID:7260
- C:\Windows\System\chiuTbQ.exe
  C:\Windows\System\chiuTbQ.exe
  2⤵
  PID:7292
- C:\Windows\System\enNsiwI.exe
  C:\Windows\System\enNsiwI.exe
  2⤵
  PID:7316
- C:\Windows\System\lItHeMF.exe
  C:\Windows\System\lItHeMF.exe
  2⤵
  PID:7352
- C:\Windows\System\GirDIND.exe
  C:\Windows\System\GirDIND.exe
  2⤵
  PID:7380
- C:\Windows\System\AeDVvin.exe
  C:\Windows\System\AeDVvin.exe
  2⤵
  PID:7428
- C:\Windows\System\OoRDxYW.exe
  C:\Windows\System\OoRDxYW.exe
  2⤵
  PID:7444
- C:\Windows\System\znyGgMW.exe
  C:\Windows\System\znyGgMW.exe
  2⤵
  PID:7464
- C:\Windows\System\FuZXxyO.exe
  C:\Windows\System\FuZXxyO.exe
  2⤵
  PID:7480
- C:\Windows\System\RykDXkH.exe
  C:\Windows\System\RykDXkH.exe
  2⤵
  PID:7520
- C:\Windows\System\BXUpMMb.exe
  C:\Windows\System\BXUpMMb.exe
  2⤵
  PID:7552
- C:\Windows\System\GshzChL.exe
  C:\Windows\System\GshzChL.exe
  2⤵
  PID:7588
- C:\Windows\System\NukxZXz.exe
  C:\Windows\System\NukxZXz.exe
  2⤵
  PID:7620
- C:\Windows\System\NjjrSAQ.exe
  C:\Windows\System\NjjrSAQ.exe
  2⤵
  PID:7652
- C:\Windows\System\kLAbmHl.exe
  C:\Windows\System\kLAbmHl.exe
  2⤵
  PID:7672
- C:\Windows\System\YayjDfW.exe
  C:\Windows\System\YayjDfW.exe
  2⤵
  PID:7700
- C:\Windows\System\gkaTXiC.exe
  C:\Windows\System\gkaTXiC.exe
  2⤵
  PID:7724
- C:\Windows\System\DHvobnL.exe
  C:\Windows\System\DHvobnL.exe
  2⤵
  PID:7756
- C:\Windows\System\CksBjmg.exe
  C:\Windows\System\CksBjmg.exe
  2⤵
  PID:7784
- C:\Windows\System\VByEzqc.exe
  C:\Windows\System\VByEzqc.exe
  2⤵
  PID:7824
- C:\Windows\System\jZuNmFh.exe
  C:\Windows\System\jZuNmFh.exe
  2⤵
  PID:7852
- C:\Windows\System\oPapMVn.exe
  C:\Windows\System\oPapMVn.exe
  2⤵
  PID:7880
- C:\Windows\System\tChVokE.exe
  C:\Windows\System\tChVokE.exe
  2⤵
  PID:7908
- C:\Windows\System\zrJtNsO.exe
  C:\Windows\System\zrJtNsO.exe
  2⤵
  PID:7936
- C:\Windows\System\EGvmkEo.exe
  C:\Windows\System\EGvmkEo.exe
  2⤵
  PID:7952
- C:\Windows\System\OfbqWsk.exe
  C:\Windows\System\OfbqWsk.exe
  2⤵
  PID:7992
- C:\Windows\System\OzinPal.exe
  C:\Windows\System\OzinPal.exe
  2⤵
  PID:8008
- C:\Windows\System\BjpkYlN.exe
  C:\Windows\System\BjpkYlN.exe
  2⤵
  PID:8024
- C:\Windows\System\MILlnXu.exe
  C:\Windows\System\MILlnXu.exe
  2⤵
  PID:8040
- C:\Windows\System\UZkDLFG.exe
  C:\Windows\System\UZkDLFG.exe
  2⤵
  PID:8056
- C:\Windows\System\jSMdKxT.exe
  C:\Windows\System\jSMdKxT.exe
  2⤵
  PID:8096
- C:\Windows\System\SSqXyZi.exe
  C:\Windows\System\SSqXyZi.exe
  2⤵
  PID:8128
- C:\Windows\System\aykQfKn.exe
  C:\Windows\System\aykQfKn.exe
  2⤵
  PID:8176
- C:\Windows\System\mHjFHIb.exe
  C:\Windows\System\mHjFHIb.exe
  2⤵
  PID:412
- C:\Windows\System\TnuTEou.exe
  C:\Windows\System\TnuTEou.exe
  2⤵
  PID:7244
- C:\Windows\System\RzVEqML.exe
  C:\Windows\System\RzVEqML.exe
  2⤵
  PID:7328
- C:\Windows\System\SuqHwzQ.exe
  C:\Windows\System\SuqHwzQ.exe
  2⤵
  PID:7372
- C:\Windows\System\TTeMqKy.exe
  C:\Windows\System\TTeMqKy.exe
  2⤵
  PID:7404
- C:\Windows\System\SEKThXK.exe
  C:\Windows\System\SEKThXK.exe
  2⤵
  PID:7460
- C:\Windows\System\jKSThto.exe
  C:\Windows\System\jKSThto.exe
  2⤵
  PID:7576
- C:\Windows\System\iojmDJg.exe
  C:\Windows\System\iojmDJg.exe
  2⤵
  PID:7612
- C:\Windows\System\nYoRCmt.exe
  C:\Windows\System\nYoRCmt.exe
  2⤵
  PID:7668
- C:\Windows\System\lNiPmAw.exe
  C:\Windows\System\lNiPmAw.exe
  2⤵
  PID:7776
- C:\Windows\System\vFUBVPd.exe
  C:\Windows\System\vFUBVPd.exe
  2⤵
  PID:7812
- C:\Windows\System\rMsbggr.exe
  C:\Windows\System\rMsbggr.exe
  2⤵
  PID:7928
- C:\Windows\System\TMBzMHU.exe
  C:\Windows\System\TMBzMHU.exe
  2⤵
  PID:8004
- C:\Windows\System\ZvuXmXQ.exe
  C:\Windows\System\ZvuXmXQ.exe
  2⤵
  PID:8036
- C:\Windows\System\sWgLIHp.exe
  C:\Windows\System\sWgLIHp.exe
  2⤵
  PID:8076
- C:\Windows\System\mmtlZMY.exe
  C:\Windows\System\mmtlZMY.exe
  2⤵
  PID:8140
- C:\Windows\System\vodajMH.exe
  C:\Windows\System\vodajMH.exe
  2⤵
  PID:7220
- C:\Windows\System\QvXgDNr.exe
  C:\Windows\System\QvXgDNr.exe
  2⤵
  PID:7436
- C:\Windows\System\hstchhi.exe
  C:\Windows\System\hstchhi.exe
  2⤵
  PID:7636
- C:\Windows\System\yvldShP.exe
  C:\Windows\System\yvldShP.exe
  2⤵
  PID:7808
- C:\Windows\System\ntbGXPD.exe
  C:\Windows\System\ntbGXPD.exe
  2⤵
  PID:7932
- C:\Windows\System\qojPhek.exe
  C:\Windows\System\qojPhek.exe
  2⤵
  PID:8020
- C:\Windows\System\otpCgrf.exe
  C:\Windows\System\otpCgrf.exe
  2⤵
  PID:8164
- C:\Windows\System\PfdUzZc.exe
  C:\Windows\System\PfdUzZc.exe
  2⤵
  PID:7716
- C:\Windows\System\rAWvqFk.exe
  C:\Windows\System\rAWvqFk.exe
  2⤵
  PID:7988
- C:\Windows\System\MYwCspA.exe
  C:\Windows\System\MYwCspA.exe
  2⤵
  PID:7208
- C:\Windows\System\bTMNFKT.exe
  C:\Windows\System\bTMNFKT.exe
  2⤵
  PID:7900
- C:\Windows\System\OXBtKxY.exe
  C:\Windows\System\OXBtKxY.exe
  2⤵
  PID:8220
- C:\Windows\System\tgDzZnr.exe
  C:\Windows\System\tgDzZnr.exe
  2⤵
  PID:8256
- C:\Windows\System\AGWUnRq.exe
  C:\Windows\System\AGWUnRq.exe
  2⤵
  PID:8284
- C:\Windows\System\zRiIdNe.exe
  C:\Windows\System\zRiIdNe.exe
  2⤵
  PID:8312
- C:\Windows\System\CYhNkUV.exe
  C:\Windows\System\CYhNkUV.exe
  2⤵
  PID:8340
- C:\Windows\System\RHOoRsT.exe
  C:\Windows\System\RHOoRsT.exe
  2⤵
  PID:8368
- C:\Windows\System\UsmaIZV.exe
  C:\Windows\System\UsmaIZV.exe
  2⤵
  PID:8384
- C:\Windows\System\rnuMboi.exe
  C:\Windows\System\rnuMboi.exe
  2⤵
  PID:8412
- C:\Windows\System\KXEXOKc.exe
  C:\Windows\System\KXEXOKc.exe
  2⤵
  PID:8440
- C:\Windows\System\lokDFwv.exe
  C:\Windows\System\lokDFwv.exe
  2⤵
  PID:8484
- C:\Windows\System\GTddneY.exe
  C:\Windows\System\GTddneY.exe
  2⤵
  PID:8508
- C:\Windows\System\nPaJcJx.exe
  C:\Windows\System\nPaJcJx.exe
  2⤵
  PID:8536
- C:\Windows\System\xSFMLrs.exe
  C:\Windows\System\xSFMLrs.exe
  2⤵
  PID:8564
- C:\Windows\System\dXxWxde.exe
  C:\Windows\System\dXxWxde.exe
  2⤵
  PID:8592
- C:\Windows\System\kLbihFJ.exe
  C:\Windows\System\kLbihFJ.exe
  2⤵
  PID:8620
- C:\Windows\System\eJVMeLz.exe
  C:\Windows\System\eJVMeLz.exe
  2⤵
  PID:8648
- C:\Windows\System\KMtbdxs.exe
  C:\Windows\System\KMtbdxs.exe
  2⤵
  PID:8676
- C:\Windows\System\flFJBLQ.exe
  C:\Windows\System\flFJBLQ.exe
  2⤵
  PID:8704
- C:\Windows\System\xrXYXbe.exe
  C:\Windows\System\xrXYXbe.exe
  2⤵
  PID:8732
- C:\Windows\System\KekyyEg.exe
  C:\Windows\System\KekyyEg.exe
  2⤵
  PID:8760
- C:\Windows\System\ccgaqjU.exe
  C:\Windows\System\ccgaqjU.exe
  2⤵
  PID:8788
- C:\Windows\System\ONkeRFB.exe
  C:\Windows\System\ONkeRFB.exe
  2⤵
  PID:8804
- C:\Windows\System\nJoebcO.exe
  C:\Windows\System\nJoebcO.exe
  2⤵
  PID:8832
- C:\Windows\System\RVEedoK.exe
  C:\Windows\System\RVEedoK.exe
  2⤵
  PID:8852
- C:\Windows\System\MhXHyNh.exe
  C:\Windows\System\MhXHyNh.exe
  2⤵
  PID:8884
- C:\Windows\System\zhpaRTT.exe
  C:\Windows\System\zhpaRTT.exe
  2⤵
  PID:8916
- C:\Windows\System\IMAtgmE.exe
  C:\Windows\System\IMAtgmE.exe
  2⤵
  PID:8936
- C:\Windows\System\ofzDwIK.exe
  C:\Windows\System\ofzDwIK.exe
  2⤵
  PID:8964
- C:\Windows\System\QaAOYlE.exe
  C:\Windows\System\QaAOYlE.exe
  2⤵
  PID:8984
- C:\Windows\System\GUENPhu.exe
  C:\Windows\System\GUENPhu.exe
  2⤵
  PID:9028
- C:\Windows\System\nfKPROz.exe
  C:\Windows\System\nfKPROz.exe
  2⤵
  PID:9056
- C:\Windows\System\YnMABjE.exe
  C:\Windows\System\YnMABjE.exe
  2⤵
  PID:9092
- C:\Windows\System\TdaBHtQ.exe
  C:\Windows\System\TdaBHtQ.exe
  2⤵
  PID:9124
- C:\Windows\System\SWeXxLh.exe
  C:\Windows\System\SWeXxLh.exe
  2⤵
  PID:9152
- C:\Windows\System\uYVjvvN.exe
  C:\Windows\System\uYVjvvN.exe
  2⤵
  PID:9180
- C:\Windows\System\fXHOiHl.exe
  C:\Windows\System\fXHOiHl.exe
  2⤵
  PID:9212
- C:\Windows\System\jAwTpJF.exe
  C:\Windows\System\jAwTpJF.exe
  2⤵
  PID:8252
- C:\Windows\System\PMfZuGL.exe
  C:\Windows\System\PMfZuGL.exe
  2⤵
  PID:8324
- C:\Windows\System\AOfxfUz.exe
  C:\Windows\System\AOfxfUz.exe
  2⤵
  PID:8364
- C:\Windows\System\aYkJaeo.exe
  C:\Windows\System\aYkJaeo.exe
  2⤵
  PID:8452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AbPheSc.exe

Filesize
2.1MB

MD5
b07fd3b6cacb9bcf059d7d3f9079f76d

SHA1
dd202509bc6bc82826f71c3a857c5db2c6ab3c5e

SHA256
141d28761be7477fe72740c2f47d589c37a0f030f0a225ca91ed92a32928c595

SHA512
58d6fdd5795f54a1b97515505430a963ee5d2a007a93a4b825560fb582389fd6c60645830fcb4c8d8251975865755926ea86c4ba021db5607a2da695c905ef9c

Download Submit
C:\Windows\System\CyXBoQM.exe

Filesize
2.1MB

MD5
5051082dc8ef7b875aa75cce21435e6a

SHA1
8249d0296cc2c92ba976d5e30d251108661d4044

SHA256
688a4a08415578c7e8995d7e22c6ca0989221a523d65618b584ca0fcec649873

SHA512
0de34a0b267321f7096cb198d20f1c9c8a9b8b571653013f20a158cfb96cf37c110528447017fdb560f9dd94da61aac066eb9f71aa086ac8680fc2b8d60eac89

Download Submit
C:\Windows\System\EXUjvNG.exe

Filesize
2.1MB

MD5
41759aa2976661573159deb7bf816d07

SHA1
d88fd612bf2f57f9729959085bd6e07e8ec7a6c0

SHA256
43bcd65d5de09ede3dbf08a1a3ffcc2fb2b816fc884277b7487678ae5ebe2754

SHA512
60902411bbf00cd010494bee56ee803a1ada612cb2dd11de941dc9cb330e2aecb579117601f1ae2f5168fcc62a52ab4bd47cbd364ed8e3020b9fa343ada3f164

Download Submit
C:\Windows\System\EdHrCFA.exe

Filesize
2.1MB

MD5
b0b3518189446a88bee2d1c4e642cb14

SHA1
020f4258bb32a0c32a1d45d4c353fd226c47ab9d

SHA256
2d296f00d809d05a66f13336e130271ba889ccc9ca2e521d994c963d16cfffaf

SHA512
82fdb7446a7970f89c9907549955c59ed7338d2810675f8ee2a2a044bb0265e2cb80b772e32b704beef20dae17597ca4d7ab59e580d7197b94ace29be0be848b

Download Submit
C:\Windows\System\FDTknje.exe

Filesize
2.1MB

MD5
de9c8cc7d90b95d218317ec10fee714b

SHA1
6510f26db34cf4b35425d151346721bfee31bb39

SHA256
0ae5e7ec1889c80a335a832dd0293d7682d21359248ecbf3f7fb96f3e831e623

SHA512
c3f0cbc79f80cb2d282620546deae4d141f69f70e4f4e559f7a20c35eb97f24f39b5e9596429627ff1d2ef0290f11569addb1288af5ed9d7c804ad5d7d4c63d5

Download Submit
C:\Windows\System\Ffttmpr.exe

Filesize
2.1MB

MD5
9bedfeb6706d16bb4d87569def90de24

SHA1
a9784a6e4d7e8f013cf7f41a7b0807c993316c61

SHA256
21b1cb592e75f7349c62c2cdac7762f66ceae75832d8d1279c3a0613eb6a4fe7

SHA512
9c12416cf609d280c0c792e2ef8e84e368ca801e062b5401181c409baf96c0de78e2183406a7f62d2bc3bfa7631806d1a9a431b99f52f447fb3c9b674735b6f7

Download Submit
C:\Windows\System\FqmhJHl.exe

Filesize
2.1MB

MD5
537d42ab06cd5af097543fe1ab820cc0

SHA1
33c96fc6fca9d2ae9237e114ab4fea7ac721461e

SHA256
bd47c32174ad66a0fe02ee4eaf1047e4bfee490c91bf9f3f82f9b2b5fded0181

SHA512
bd5b89d69160f578716db93df0dcf15c44e7850ae1b9e38461e3b48a9e4590d12710ab2148e41dd1a161b6c3b006fbeb42636fd53b675491163254940cc2dda1

Download Submit
C:\Windows\System\IaZaUmc.exe

Filesize
2.1MB

MD5
6b812d51b117ad348130d3743e3cce8f

SHA1
2bca04b9ab585db05ed4542eda97b791b4cb0281

SHA256
fc69f913fbf72c56417be537db66717b4f60caef04d1b451d68aaf0d2a90105b

SHA512
76cb6c5409a386be85f0cf74e24cbffa8eeda3c11ed6a9517814e6d3ac248405c56c594e18c4fc6f9cde1c191d0606837e44dd6600dcbdea7914fe7db84b8a81

Download Submit
C:\Windows\System\KGyeyKB.exe

Filesize
2.1MB

MD5
6244867589419b2a3a0f47a15ba76668

SHA1
e022e0a22cc407de3fa667e860d31020384fa99c

SHA256
af70b1c2074e151aa73552e32060d28fe28d22fa456f574d5eba7abd439983ac

SHA512
902af85b59a79434d06988019c0ac56b99f0ce23c73581419105fcfd9e4007466850e7fbd997051bc0c04c9b8aa587191b07bf7bff63bd324f1b680ea0663672

Download Submit
C:\Windows\System\KNOBdpw.exe

Filesize
2.1MB

MD5
a48a278f9e8d5e47b0681374314118dd

SHA1
f13b3b266776296ed5ef554ae8186cfd52cf29a3

SHA256
1aa069e2ee77cf196e44686334a4ad45cfda46ff4ec6995c9dee46d4f215496d

SHA512
30b14d6ffc3dbe6aa8089dce73ef5c2e8921d1f50c6660d9565c8b28e205a204914806e26701919582b759ca9f1ae865bca119b562a3a49595789059af4b9b4b

Download Submit
C:\Windows\System\OecwIQH.exe

Filesize
2.1MB

MD5
3cfd4dce29df869039767888c7e8f256

SHA1
b0311398fc1787543a6d2225ed65521d9797b882

SHA256
85a33b6d0e7ab5d087f6611011ec3497b4ee953122ea671dffcca6e43b56e332

SHA512
0ef291f73afd50bef148800ba6f0a93b13043d24bce9e68d30bb82533cd125834f3f07721819962df5d9fe4c72171918e5c8b02b3222d985995eddcef86b550f

Download Submit
C:\Windows\System\PLaOLwM.exe

Filesize
2.1MB

MD5
16ec9f4c18ad4376567daee3af3790e9

SHA1
153f1a92f56f6fcc6dd750b0c8914a69a4127ae1

SHA256
78d99adfcd2b8439698b53acc85cdeaa24ed7755daac3727cfd05c4bf513891e

SHA512
8b0a62c22d5b30d88ee993c094f52dce4077538d2eb99bda3616cecbc5753f4edbdd2a459669941816971a145245fd1c7b5e789141d503bc13da2bc44f5508a5

Download Submit
C:\Windows\System\SLfnYvL.exe

Filesize
2.1MB

MD5
fe8d3464f33d4e97424abeb83ebd1ad5

SHA1
53f1dd192b4953a584f2749a8340ba4334be9dd8

SHA256
621fb716a352a7f6902076a3e67b07f788fa0b101cc9050bde0c61a01f86a230

SHA512
57357cfc320ad3358036d68a6f40082d4dcd12a6d28285741abcaedb4fa8fabbb07d1ef6d270fdd0f3471617b6695b105e5d100bfe5c805306bde43fc7fa082d

Download Submit
C:\Windows\System\UFwkAaz.exe

Filesize
2.1MB

MD5
445fba3e2eb8785ed4a646ae336af316

SHA1
b4b62336ef965a83cdff918ba458d31f8fef2ce8

SHA256
88e2d44f21cfffc784f7fbf7e7fdce4d280f1642b5a720b0d5e89538e8e5a137

SHA512
f10565231980085f75d9966636246de5e8b4faefcd990fe46982089e35067e80f21748053313cedc22bc03823cb8b63f9be4b9390cf237d3e22fa79186d8e452

Download Submit
C:\Windows\System\WxpWwHT.exe

Filesize
2.1MB

MD5
14c3624eb6cf6a6dcbef9da468686d55

SHA1
1697099d30a7302baa9228934c7f1e9257d56fb1

SHA256
a901ff241174da15a2d2c764abec025d3ce48d8a8c488b02d5dd7852d21256e6

SHA512
4f3d17430d83eea82b794e2f9b0469ab91659d88381d9ce53f911369f883043a72dd59004e11cd2769bd5226c1f05e97e3e22be394dde6b7450c2f3ee19070ea

Download Submit
C:\Windows\System\XWhFnEL.exe

Filesize
2.1MB

MD5
a7e2283636e87440a4a2c85f4e2ec024

SHA1
18b630ba2de75a219d7d9d9978107c30605829de

SHA256
a1450d8a199183b00c736277ed92351eba884dbae44f64628fb5319856048d06

SHA512
cadb39c778dabb0ab0f24be85be98e9ebbc80053bf864c4516a68b038aae743a79de0190007eef7465b6ba48d9408b8987a5f53668c0eb0bc63dcf693b958864

Download Submit
C:\Windows\System\YirrpWL.exe

Filesize
2.1MB

MD5
dbf010b97c7102e937aaa06b3a802747

SHA1
43ba6c491a40d99347a32e233ac285aeb8aba36b

SHA256
b7b78fd9a608c84e40c54dbda6bf4deef1d7ee9116aa7987d3bfeb89c032046f

SHA512
d07aae4ad14602a8a03f6635f83222013da62286860b9812b8c28b73b1598def53203c8b2f8832541d95fae5c6aef604fde87821927c3565f913748986388820

Download Submit
C:\Windows\System\aOEOLhH.exe

Filesize
2.1MB

MD5
279244ffae28f9e5048f7c3942fc0c77

SHA1
d52dbf030122e20bdb1bd5d17f8b2fe91fff2341

SHA256
700eb3d30db008a70864d6bbdffb0bfc1c2752231d6ff9451afadafd6097a3c1

SHA512
a3e0efdffccb05090141f87302cf849845563a17b517e7d5e903117ffbfe0f4ea15c02f8d3fc8c350d962c5f7b2d41e35993ba2b166a2b839cc0abd1cdfe0d31

Download Submit
C:\Windows\System\aOQCfqF.exe

Filesize
2.1MB

MD5
1bc8dd9ca99851782b84a459852fe520

SHA1
21b513f7e84b688e3b265b84e092f2151c22f3a0

SHA256
e3b078dad0ab16cdfc5f43b6962e16932cd6a364c1f07b5fe572fe026b6b83f4

SHA512
02ba72700aeeb1bd68b80ed6c9f48a687d7c027082ffd80cec6fe5c0a45ad66abc9c7a682a850c143c7aaed338eddb27c12effcdf34162083d466bc23e4cb02c

Download Submit
C:\Windows\System\cDfoNHe.exe

Filesize
2.1MB

MD5
bb586994482d509227b055dd6e099ac7

SHA1
823f7bf3f178a72469466a164acef2d18e47f392

SHA256
8615074c71b2feb6fb641fadbd11b3a43fdf1437c7551ec0c4555048e193752d

SHA512
b66642824b308df48481e8a94a83178cac4f6f105d7c074d672d5f6d247c0b01532db30c5502f05bb3df21155d97793a6e4edea7df2bec996158642af33e5991

Download Submit
C:\Windows\System\cajVeLo.exe

Filesize
2.1MB

MD5
64254f6d62aebb215f5bc010c38b7738

SHA1
e4880ff3cc0fa12a659aaccace21c2f72cd6d20b

SHA256
23d13381fd723c884f21f38e6f8e15e7a70db9e57265192e136f4d3b4e317035

SHA512
49a8a4ad9424df2a25906d424ce24f74ac14bb2cfd528a12621e5ee9a8999af60890bcf22e9cd6b07d01a5cd4f4c034306ed562163ba60a3cd335811710bb96d

Download Submit
C:\Windows\System\fkUkWwy.exe

Filesize
2.1MB

MD5
a050129951aadc32ae5ff39a0306b312

SHA1
838a17a90563b49dc29e4a55b98808115ba15a93

SHA256
2fccd6ba5687d96bf3e573c2770502206c372b4ece32ebd26ec4de754be7b1e5

SHA512
e2766527d92f5404e5a83d5481e0f204e4da6c5487ce4e6bad5363797e4c80ae7699c02cbbfc1bbfb903c56041a2dd08c723f1b8146a46a0d9bc1f4af4b9c249

Download Submit
C:\Windows\System\ixXmIPV.exe

Filesize
2.1MB

MD5
289d5eb61e400de8250f378666baa9ae

SHA1
92535d0e3edff88bc6f599e4409ae92d3d81afb1

SHA256
f7d324c4a78573abe57e6c67df9e59e5e497ae706dc35cc904449e0d2162142e

SHA512
a426e9161900aed09bd571eee50ba13ef4bb0c671654e09a964eb8098575b1c0413ecb5acfb6186c7213668b16bb1b180080d43f37a42817d1ad11621258ffc2

Download Submit
C:\Windows\System\ixtdppG.exe

Filesize
2.1MB

MD5
a4a3c9b211f1cd65cc895aa78a26a9b6

SHA1
31cd574e6151f5899fe350eb2770c0e1186d1ab6

SHA256
fa0e6b11ae24acac1d3a1d5758aaf9d65da0857a5d8e2c08012e75c657817418

SHA512
bdf3827d867378c8fe91cc535eecb75ac754693a2ff00da4c66772878aac7f8d1b63ac81f7a785d706f4f1953199e9f319693e5669d49e39ed41c98b8d8b89f9

Download Submit
C:\Windows\System\jXSXKtm.exe

Filesize
2.1MB

MD5
751f75895ce58a98509b6f17aee7ee85

SHA1
9e131f04ea2954526fb6775199a5e64b82bc5f1c

SHA256
49960805853a906d551015c61a99772c01d23df00e681702fbcd998ca9357dd6

SHA512
883fc4063704ffa60a6c59d35758419f6ff19bb8e85ebc3a54482fe121a4317ecbc76f2e651670e15e8c8de1eea2c490d8e8044df92945a380ae616ecd36e3cc

Download Submit
C:\Windows\System\kWDZZni.exe

Filesize
2.1MB

MD5
3391953ae17ab1de21bf4338dd4feca7

SHA1
9bba301dc80bee64fcb40349cdb0e585558700b1

SHA256
788e9f867ee5542cc73fd9a00e8b5e5fb65c5c3776fc6e9eded4e624b40d016f

SHA512
eae93c907d34fc08379a92827de31b870f9b60057804f9be7e6d8f4467885b83c3efa2ea44ccd27ba9fc625a0349c21baeeae97564916a509ba819862ad8b3e2

Download Submit
C:\Windows\System\kvTMgyk.exe

Filesize
2.1MB

MD5
e3e7f2b1fd4a70f00dc55d8865219060

SHA1
ba87f1bf40a4e2a982adc0369c8db49497dd98ea

SHA256
0dcc0b77b4b5be95dccd756377af5868f218910cd217894062ac851c4b4cc81f

SHA512
61d3db2d195cc7665d05b4129c6e6dd623eb3905f9f0b94f9d0d45ad0a17cbc361b97b49ae6fca96370ece3d77f50a88ef4a73b985aa0cc683d36d52f5d924e9

Download Submit
C:\Windows\System\lorPNYF.exe

Filesize
2.1MB

MD5
11dd82a597b9ca9c29175a64bedba3c7

SHA1
35fde494b67e2bade5ca1056c9e7b53a1c6cbd8c

SHA256
199a1399d74b0b1070a535a3bd516b9e917537496ab9725f97f72f7d12d52e1a

SHA512
0ae6cb9ae0ba5bf489f26d43cfbf771fc5d07f1bbaaf67c3034c7688fb38cc26c80af892fa8f24b9c9f92816696cd487aacaf8753543c568ed1cbf6f3d1037af

Download Submit
C:\Windows\System\mRyNYiZ.exe

Filesize
2.1MB

MD5
8fa0cb7ca4e6ef3e35554dcd65883e49

SHA1
0910aa2adb914ddfc4329d3221a2563968881221

SHA256
4a80b89b2adf228ffaa070fde3effd1ccce29d415f3b1654db55df98f8bd2618

SHA512
b1d3629663d9fb6f7ff2629dc8143fc615adea66902140c2deecc46e900457a33459a82571b4bb689e4c84c831b680fca2a4066b4014da63d1b82fd76621a803

Download Submit
C:\Windows\System\mhdnTkz.exe

Filesize
2.1MB

MD5
9ae87bd40a8f9b1665aceb6b2556bffb

SHA1
c68b4b4a002a07d4610cfec1fa55a8a358f6f80f

SHA256
96bd17d605926f63229bbbaa33c9515edaec9ef48e0aa2a250b6075a1e6968be

SHA512
eee4a92f0d616637f19ca8e3c7e3ae1f99b7d736d9747ac5852469a9b8f6d4b618170441ee540fdff675abf78aefb07670532e4e1662fd0614de21d8485ab98d

Download Submit
C:\Windows\System\vdDgLxE.exe

Filesize
2.1MB

MD5
15fee9bd5bead1ca6d7f0b72c86d626b

SHA1
d5533e8bfca15f1d77251b17d6498a77ed9bb5e1

SHA256
351a4e6f1cda52c3e2d0d31c1a9a5e598f9e409b348731b4a11378107473c563

SHA512
d52e472e89e423da3862681df87178850140f5bb2d64a59a6f437afa920801b81b82d27815930e8ce602fd357890cd0ee4d30b9fdc3c173471ec1769ec70d082

Download Submit
C:\Windows\System\wLwBHNl.exe

Filesize
2.1MB

MD5
bfb8ef2cfee548049eb3e8dfa53d2d0f

SHA1
b654e7584f5207dfb7d23f0373a4ce1cac11fb19

SHA256
c9624829337d06b255afc33c8edbdbbbe48fd8c19473e8f0de0d10e744e88b82

SHA512
8e68ddd5473814b3f74adf4cb0c8b159ce09372ce39d23bc7a2fed9744b6c93c3fc616ae1a18d46c3e6c30067c9a8398cab158f8077ad80e7464abc6d42d39c7

Download Submit
C:\Windows\System\zDLVnOG.exe

Filesize
2.1MB

MD5
e4834b470d628c780e6aa87be560c244

SHA1
9a65acb14ce886e168cc6f3fd7bef5627bd318cd

SHA256
3788fa5d1480606e53c7283b8e21f4417c90a627960a4a04b7bf77e7b9758e83

SHA512
71d0ba4e560326e059205ca38f88ffa36540155fa51fd696dd4501308ddfe019ffb4183bdae02ee106ef5a11c310966c85be0a7846cd7b0f3e7103419292541e

Download Submit
memory/4136-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download