kpot | 64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
Size

2.1MB
MD5

6a5b8ef39cd47e7b2ba46c24d398fef0
SHA1

35c2b76c3174d1ecd470a638435da04a8983e1bd
SHA256

64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864
SHA512

5a413142453031770aa8dc0502ad2e03db4f031975fb1c299380c07f509ba9a848d9b4bfd74b88d99f2971a28e90f2a42494abc4501c2a2064abb7c63c9cd254
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rv:GemTLkNdfE0pZaQr

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233c1-4.dat	family_kpot
behavioral2/files/0x00070000000233c8-7.dat	family_kpot
behavioral2/files/0x00070000000233ca-20.dat	family_kpot
behavioral2/files/0x00070000000233c9-22.dat	family_kpot
behavioral2/files/0x00070000000233cc-33.dat	family_kpot
behavioral2/files/0x00070000000233cd-40.dat	family_kpot
behavioral2/files/0x00070000000233cb-36.dat	family_kpot
behavioral2/files/0x00080000000233c4-15.dat	family_kpot
behavioral2/files/0x00070000000233ce-45.dat	family_kpot
behavioral2/files/0x00070000000233cf-49.dat	family_kpot
behavioral2/files/0x00070000000233d0-54.dat	family_kpot
behavioral2/files/0x00070000000233d2-60.dat	family_kpot
behavioral2/files/0x00080000000233c5-69.dat	family_kpot
behavioral2/files/0x00070000000233d3-65.dat	family_kpot
behavioral2/files/0x00070000000233d5-87.dat	family_kpot
behavioral2/files/0x00070000000233d6-95.dat	family_kpot
behavioral2/files/0x00070000000233db-110.dat	family_kpot
behavioral2/files/0x00070000000233da-108.dat	family_kpot
behavioral2/files/0x00070000000233d9-106.dat	family_kpot
behavioral2/files/0x00070000000233d8-104.dat	family_kpot
behavioral2/files/0x00070000000233d7-100.dat	family_kpot
behavioral2/files/0x00070000000233d4-74.dat	family_kpot
behavioral2/files/0x00070000000233dc-115.dat	family_kpot
behavioral2/files/0x00070000000233dd-119.dat	family_kpot
behavioral2/files/0x00070000000233de-125.dat	family_kpot
behavioral2/files/0x00070000000233df-130.dat	family_kpot
behavioral2/files/0x00070000000233e3-150.dat	family_kpot
behavioral2/files/0x00070000000233e2-147.dat	family_kpot
behavioral2/files/0x00070000000233e4-155.dat	family_kpot
behavioral2/files/0x00070000000233e1-142.dat	family_kpot
behavioral2/files/0x00070000000233e0-135.dat	family_kpot
behavioral2/files/0x00070000000233e5-160.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000233c1-4.dat	xmrig
behavioral2/files/0x00070000000233c8-7.dat	xmrig
behavioral2/files/0x00070000000233ca-20.dat	xmrig
behavioral2/files/0x00070000000233c9-22.dat	xmrig
behavioral2/files/0x00070000000233cc-33.dat	xmrig
behavioral2/files/0x00070000000233cd-40.dat	xmrig
behavioral2/files/0x00070000000233cb-36.dat	xmrig
behavioral2/files/0x00080000000233c4-15.dat	xmrig
behavioral2/files/0x00070000000233ce-45.dat	xmrig
behavioral2/files/0x00070000000233cf-49.dat	xmrig
behavioral2/files/0x00070000000233d0-54.dat	xmrig
behavioral2/files/0x00070000000233d2-60.dat	xmrig
behavioral2/files/0x00080000000233c5-69.dat	xmrig
behavioral2/files/0x00070000000233d3-65.dat	xmrig
behavioral2/files/0x00070000000233d5-87.dat	xmrig
behavioral2/files/0x00070000000233d6-95.dat	xmrig
behavioral2/files/0x00070000000233db-110.dat	xmrig
behavioral2/files/0x00070000000233da-108.dat	xmrig
behavioral2/files/0x00070000000233d9-106.dat	xmrig
behavioral2/files/0x00070000000233d8-104.dat	xmrig
behavioral2/files/0x00070000000233d7-100.dat	xmrig
behavioral2/files/0x00070000000233d4-74.dat	xmrig
behavioral2/files/0x00070000000233dc-115.dat	xmrig
behavioral2/files/0x00070000000233dd-119.dat	xmrig
behavioral2/files/0x00070000000233de-125.dat	xmrig
behavioral2/files/0x00070000000233df-130.dat	xmrig
behavioral2/files/0x00070000000233e3-150.dat	xmrig
behavioral2/files/0x00070000000233e2-147.dat	xmrig
behavioral2/files/0x00070000000233e4-155.dat	xmrig
behavioral2/files/0x00070000000233e1-142.dat	xmrig
behavioral2/files/0x00070000000233e0-135.dat	xmrig
behavioral2/files/0x00070000000233e5-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
996	CKVFhCz.exe
1836	iaBzMkD.exe
2556	EpVhsgZ.exe
4656	DNXGJoT.exe
5040	RYUPGxO.exe
4196	pLmQKTZ.exe
3096	VqkoMOn.exe
3148	DErXsir.exe
5060	QCwDcxv.exe
3536	hzXfvzV.exe
2124	TXxhUZX.exe
4988	WXlLOLe.exe
3288	YUNqVxk.exe
3092	HbsqSqs.exe
1860	eIDFQNa.exe
4796	BZIwdjD.exe
2040	lJgrVcn.exe
4024	LAzDPYv.exe
4992	OISMcBB.exe
4032	ZowqJCZ.exe
4932	kteeiqU.exe
4960	BygLweP.exe
4972	kLympRK.exe
4852	rqrgoZC.exe
3876	GbimXBW.exe
2128	kOLGuRN.exe
3044	dkoRWin.exe
1392	VeAroAS.exe
3024	RzbhLsW.exe
1568	PBBdUox.exe
2216	HgRqPPq.exe
4020	kuGSLiv.exe
1384	EStQUZn.exe
1012	CfACRxI.exe
3216	CRvpZCO.exe
4584	ubVjdeL.exe
2360	AMzVsWO.exe
2896	rVDkDvu.exe
1412	FcBFfgO.exe
4908	VRkFJLT.exe
2668	jpvlknk.exe
1064	pXLkrEK.exe
1840	qOKTQks.exe
632	BFHSWAR.exe
2684	ESSozSq.exe
2456	rXWsIkq.exe
2736	gACWlzs.exe
4156	oHNBlBZ.exe
3548	OTlyKNT.exe
4400	JWqmjqH.exe
1912	wmWupIQ.exe
4552	ouIDPGz.exe
808	ySycNAY.exe
1252	VOPSDQA.exe
3400	EofKlZT.exe
4480	QJoLUaA.exe
4868	sLbuNnv.exe
4428	buvCNix.exe
2748	qLZzRIT.exe
1812	TBojrQl.exe
4484	yvMtqRx.exe
2316	IIbrjhL.exe
2436	rKRuHPD.exe
952	cxMbPJI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pLmQKTZ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\UCqhiIf.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\FOPOjSK.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\RONdLLz.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\VqAWKgR.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\rVDkDvu.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\yubqmEx.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\AvUFZTZ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\hntFnnH.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\jpvlknk.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\Spxqjoz.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\uGtCwgx.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\lJSNyah.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\SeIvAMV.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\VkWbnmg.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\LAzDPYv.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\HgRqPPq.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\buvCNix.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\yrvNsPi.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\SPfMuOY.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\fLiAPAU.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\oHNBlBZ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\ouIDPGz.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\cxJtLUk.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\mvQJyAl.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\zodKHbk.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\DlKbLjG.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\dkoRWin.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\iDmMqla.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\aqrBGPF.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\OMeqOKa.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\UjWsNKL.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\RGkuVHQ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\ubVjdeL.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\IIbrjhL.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\HlOHAAa.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\vDfEifY.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\lJgrVcn.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\OxODWKq.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\pvUOtgo.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\vZGbNEt.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\ytAhWvW.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\ayUQTPu.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\rqrgoZC.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\IxEqnwa.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\LpaDOJk.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\athWZtV.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\mnPMXql.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\lCLnRRh.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\DkoNasJ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\XqGUXSD.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\HujcHXQ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\blJnZGA.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\apFjBoD.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\OISMcBB.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\gXhfuaL.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\VqkoMOn.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\NBcCynD.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\cdHojHo.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\sNuDHSz.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\kANfzut.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\XTxXTWY.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\vMrfSMZ.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
File created	C:\Windows\System\QTTvuBW.exe	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 996	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	84
PID 1068 wrote to memory of 996	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	84
PID 1068 wrote to memory of 1836	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	85
PID 1068 wrote to memory of 1836	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	85
PID 1068 wrote to memory of 2556	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	86
PID 1068 wrote to memory of 2556	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	86
PID 1068 wrote to memory of 4656	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	87
PID 1068 wrote to memory of 4656	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	87
PID 1068 wrote to memory of 5040	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	88
PID 1068 wrote to memory of 5040	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	88
PID 1068 wrote to memory of 4196	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	89
PID 1068 wrote to memory of 4196	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	89
PID 1068 wrote to memory of 3096	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	90
PID 1068 wrote to memory of 3096	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	90
PID 1068 wrote to memory of 3148	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	91
PID 1068 wrote to memory of 3148	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	91
PID 1068 wrote to memory of 5060	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	92
PID 1068 wrote to memory of 5060	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	92
PID 1068 wrote to memory of 3536	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	93
PID 1068 wrote to memory of 3536	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	93
PID 1068 wrote to memory of 2124	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	94
PID 1068 wrote to memory of 2124	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	94
PID 1068 wrote to memory of 4988	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	95
PID 1068 wrote to memory of 4988	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	95
PID 1068 wrote to memory of 3288	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	96
PID 1068 wrote to memory of 3288	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	96
PID 1068 wrote to memory of 3092	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	97
PID 1068 wrote to memory of 3092	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	97
PID 1068 wrote to memory of 1860	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	98
PID 1068 wrote to memory of 1860	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	98
PID 1068 wrote to memory of 4796	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	99
PID 1068 wrote to memory of 4796	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	99
PID 1068 wrote to memory of 2040	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	100
PID 1068 wrote to memory of 2040	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	100
PID 1068 wrote to memory of 4024	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	101
PID 1068 wrote to memory of 4024	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	101
PID 1068 wrote to memory of 4992	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	102
PID 1068 wrote to memory of 4992	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	102
PID 1068 wrote to memory of 4032	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	103
PID 1068 wrote to memory of 4032	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	103
PID 1068 wrote to memory of 4932	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	104
PID 1068 wrote to memory of 4932	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	104
PID 1068 wrote to memory of 4960	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	105
PID 1068 wrote to memory of 4960	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	105
PID 1068 wrote to memory of 4972	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	106
PID 1068 wrote to memory of 4972	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	106
PID 1068 wrote to memory of 4852	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	107
PID 1068 wrote to memory of 4852	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	107
PID 1068 wrote to memory of 3876	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	108
PID 1068 wrote to memory of 3876	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	108
PID 1068 wrote to memory of 2128	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	109
PID 1068 wrote to memory of 2128	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	109
PID 1068 wrote to memory of 3044	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	110
PID 1068 wrote to memory of 3044	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	110
PID 1068 wrote to memory of 1392	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	111
PID 1068 wrote to memory of 1392	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	111
PID 1068 wrote to memory of 3024	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	112
PID 1068 wrote to memory of 3024	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	112
PID 1068 wrote to memory of 1568	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	113
PID 1068 wrote to memory of 1568	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	113
PID 1068 wrote to memory of 2216	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	114
PID 1068 wrote to memory of 2216	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	114
PID 1068 wrote to memory of 4020	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	115
PID 1068 wrote to memory of 4020	1068	64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\64daac9bd6269d9fe9ec81e79de9cbc6787435f1cc56825fdb87dd749dd9b864_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\System\CKVFhCz.exe
  C:\Windows\System\CKVFhCz.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\iaBzMkD.exe
  C:\Windows\System\iaBzMkD.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\EpVhsgZ.exe
  C:\Windows\System\EpVhsgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\DNXGJoT.exe
  C:\Windows\System\DNXGJoT.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\RYUPGxO.exe
  C:\Windows\System\RYUPGxO.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\pLmQKTZ.exe
  C:\Windows\System\pLmQKTZ.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\VqkoMOn.exe
  C:\Windows\System\VqkoMOn.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\DErXsir.exe
  C:\Windows\System\DErXsir.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\QCwDcxv.exe
  C:\Windows\System\QCwDcxv.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\hzXfvzV.exe
  C:\Windows\System\hzXfvzV.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\TXxhUZX.exe
  C:\Windows\System\TXxhUZX.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\WXlLOLe.exe
  C:\Windows\System\WXlLOLe.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\YUNqVxk.exe
  C:\Windows\System\YUNqVxk.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\HbsqSqs.exe
  C:\Windows\System\HbsqSqs.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\eIDFQNa.exe
  C:\Windows\System\eIDFQNa.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\BZIwdjD.exe
  C:\Windows\System\BZIwdjD.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\lJgrVcn.exe
  C:\Windows\System\lJgrVcn.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\LAzDPYv.exe
  C:\Windows\System\LAzDPYv.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\OISMcBB.exe
  C:\Windows\System\OISMcBB.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\ZowqJCZ.exe
  C:\Windows\System\ZowqJCZ.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\kteeiqU.exe
  C:\Windows\System\kteeiqU.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\BygLweP.exe
  C:\Windows\System\BygLweP.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\kLympRK.exe
  C:\Windows\System\kLympRK.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\rqrgoZC.exe
  C:\Windows\System\rqrgoZC.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\GbimXBW.exe
  C:\Windows\System\GbimXBW.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\kOLGuRN.exe
  C:\Windows\System\kOLGuRN.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\dkoRWin.exe
  C:\Windows\System\dkoRWin.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\VeAroAS.exe
  C:\Windows\System\VeAroAS.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\RzbhLsW.exe
  C:\Windows\System\RzbhLsW.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\PBBdUox.exe
  C:\Windows\System\PBBdUox.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\HgRqPPq.exe
  C:\Windows\System\HgRqPPq.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kuGSLiv.exe
  C:\Windows\System\kuGSLiv.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\EStQUZn.exe
  C:\Windows\System\EStQUZn.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\CfACRxI.exe
  C:\Windows\System\CfACRxI.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\CRvpZCO.exe
  C:\Windows\System\CRvpZCO.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\ubVjdeL.exe
  C:\Windows\System\ubVjdeL.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\AMzVsWO.exe
  C:\Windows\System\AMzVsWO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rVDkDvu.exe
  C:\Windows\System\rVDkDvu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\FcBFfgO.exe
  C:\Windows\System\FcBFfgO.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\VRkFJLT.exe
  C:\Windows\System\VRkFJLT.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\jpvlknk.exe
  C:\Windows\System\jpvlknk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\pXLkrEK.exe
  C:\Windows\System\pXLkrEK.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\qOKTQks.exe
  C:\Windows\System\qOKTQks.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\BFHSWAR.exe
  C:\Windows\System\BFHSWAR.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\ESSozSq.exe
  C:\Windows\System\ESSozSq.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\rXWsIkq.exe
  C:\Windows\System\rXWsIkq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\gACWlzs.exe
  C:\Windows\System\gACWlzs.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\oHNBlBZ.exe
  C:\Windows\System\oHNBlBZ.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\OTlyKNT.exe
  C:\Windows\System\OTlyKNT.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\JWqmjqH.exe
  C:\Windows\System\JWqmjqH.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\wmWupIQ.exe
  C:\Windows\System\wmWupIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ouIDPGz.exe
  C:\Windows\System\ouIDPGz.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\ySycNAY.exe
  C:\Windows\System\ySycNAY.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\VOPSDQA.exe
  C:\Windows\System\VOPSDQA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\EofKlZT.exe
  C:\Windows\System\EofKlZT.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\QJoLUaA.exe
  C:\Windows\System\QJoLUaA.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\sLbuNnv.exe
  C:\Windows\System\sLbuNnv.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\buvCNix.exe
  C:\Windows\System\buvCNix.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\qLZzRIT.exe
  C:\Windows\System\qLZzRIT.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\TBojrQl.exe
  C:\Windows\System\TBojrQl.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\yvMtqRx.exe
  C:\Windows\System\yvMtqRx.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\IIbrjhL.exe
  C:\Windows\System\IIbrjhL.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\rKRuHPD.exe
  C:\Windows\System\rKRuHPD.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\cxMbPJI.exe
  C:\Windows\System\cxMbPJI.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\gDwbYIl.exe
  C:\Windows\System\gDwbYIl.exe
  2⤵
  PID:3260
- C:\Windows\System\QEAmopE.exe
  C:\Windows\System\QEAmopE.exe
  2⤵
  PID:4108
- C:\Windows\System\NUDAZuL.exe
  C:\Windows\System\NUDAZuL.exe
  2⤵
  PID:4920
- C:\Windows\System\Wbasyjx.exe
  C:\Windows\System\Wbasyjx.exe
  2⤵
  PID:4676
- C:\Windows\System\rbVggxW.exe
  C:\Windows\System\rbVggxW.exe
  2⤵
  PID:2204
- C:\Windows\System\TMEURMP.exe
  C:\Windows\System\TMEURMP.exe
  2⤵
  PID:1548
- C:\Windows\System\ZHKPekJ.exe
  C:\Windows\System\ZHKPekJ.exe
  2⤵
  PID:4472
- C:\Windows\System\vQMzCHB.exe
  C:\Windows\System\vQMzCHB.exe
  2⤵
  PID:2996
- C:\Windows\System\BqzMNhD.exe
  C:\Windows\System\BqzMNhD.exe
  2⤵
  PID:4228
- C:\Windows\System\djYliGK.exe
  C:\Windows\System\djYliGK.exe
  2⤵
  PID:3120
- C:\Windows\System\IgOjxju.exe
  C:\Windows\System\IgOjxju.exe
  2⤵
  PID:4888
- C:\Windows\System\QXJaSHk.exe
  C:\Windows\System\QXJaSHk.exe
  2⤵
  PID:4244
- C:\Windows\System\MMYxWEB.exe
  C:\Windows\System\MMYxWEB.exe
  2⤵
  PID:4152
- C:\Windows\System\impfxAP.exe
  C:\Windows\System\impfxAP.exe
  2⤵
  PID:1092
- C:\Windows\System\RLuMuMs.exe
  C:\Windows\System\RLuMuMs.exe
  2⤵
  PID:2900
- C:\Windows\System\epjRFjZ.exe
  C:\Windows\System\epjRFjZ.exe
  2⤵
  PID:5008
- C:\Windows\System\Spxqjoz.exe
  C:\Windows\System\Spxqjoz.exe
  2⤵
  PID:4412
- C:\Windows\System\PDndLoO.exe
  C:\Windows\System\PDndLoO.exe
  2⤵
  PID:3900
- C:\Windows\System\xWkdKzH.exe
  C:\Windows\System\xWkdKzH.exe
  2⤵
  PID:3844
- C:\Windows\System\FjmClvT.exe
  C:\Windows\System\FjmClvT.exe
  2⤵
  PID:1760
- C:\Windows\System\DkoNasJ.exe
  C:\Windows\System\DkoNasJ.exe
  2⤵
  PID:3088
- C:\Windows\System\VGoLBoI.exe
  C:\Windows\System\VGoLBoI.exe
  2⤵
  PID:3532
- C:\Windows\System\iDqCrmu.exe
  C:\Windows\System\iDqCrmu.exe
  2⤵
  PID:1576
- C:\Windows\System\WbyrBJX.exe
  C:\Windows\System\WbyrBJX.exe
  2⤵
  PID:2936
- C:\Windows\System\pnTYzDI.exe
  C:\Windows\System\pnTYzDI.exe
  2⤵
  PID:1588
- C:\Windows\System\LIzMVwR.exe
  C:\Windows\System\LIzMVwR.exe
  2⤵
  PID:4724
- C:\Windows\System\SLnnbRt.exe
  C:\Windows\System\SLnnbRt.exe
  2⤵
  PID:2972
- C:\Windows\System\TyOQUqy.exe
  C:\Windows\System\TyOQUqy.exe
  2⤵
  PID:1328
- C:\Windows\System\zIjUeWE.exe
  C:\Windows\System\zIjUeWE.exe
  2⤵
  PID:4448
- C:\Windows\System\VrQPvcw.exe
  C:\Windows\System\VrQPvcw.exe
  2⤵
  PID:3012
- C:\Windows\System\AVxlTbJ.exe
  C:\Windows\System\AVxlTbJ.exe
  2⤵
  PID:2304
- C:\Windows\System\zqJRJFu.exe
  C:\Windows\System\zqJRJFu.exe
  2⤵
  PID:1208
- C:\Windows\System\NBcCynD.exe
  C:\Windows\System\NBcCynD.exe
  2⤵
  PID:5080
- C:\Windows\System\rlhNesc.exe
  C:\Windows\System\rlhNesc.exe
  2⤵
  PID:3664
- C:\Windows\System\WfvcOUG.exe
  C:\Windows\System\WfvcOUG.exe
  2⤵
  PID:4488
- C:\Windows\System\LIAoYsj.exe
  C:\Windows\System\LIAoYsj.exe
  2⤵
  PID:5064
- C:\Windows\System\qBrFscC.exe
  C:\Windows\System\qBrFscC.exe
  2⤵
  PID:812
- C:\Windows\System\HlOHAAa.exe
  C:\Windows\System\HlOHAAa.exe
  2⤵
  PID:1700
- C:\Windows\System\UCqhiIf.exe
  C:\Windows\System\UCqhiIf.exe
  2⤵
  PID:4512
- C:\Windows\System\QMndfQf.exe
  C:\Windows\System\QMndfQf.exe
  2⤵
  PID:804
- C:\Windows\System\bJMTCZL.exe
  C:\Windows\System\bJMTCZL.exe
  2⤵
  PID:908
- C:\Windows\System\ChmUMqD.exe
  C:\Windows\System\ChmUMqD.exe
  2⤵
  PID:2108
- C:\Windows\System\EgWLOtz.exe
  C:\Windows\System\EgWLOtz.exe
  2⤵
  PID:1060
- C:\Windows\System\Deueuem.exe
  C:\Windows\System\Deueuem.exe
  2⤵
  PID:624
- C:\Windows\System\DRbonBJ.exe
  C:\Windows\System\DRbonBJ.exe
  2⤵
  PID:2112
- C:\Windows\System\uGtCwgx.exe
  C:\Windows\System\uGtCwgx.exe
  2⤵
  PID:4420
- C:\Windows\System\VtBgeWO.exe
  C:\Windows\System\VtBgeWO.exe
  2⤵
  PID:400
- C:\Windows\System\mcOsbID.exe
  C:\Windows\System\mcOsbID.exe
  2⤵
  PID:2944
- C:\Windows\System\kFaArox.exe
  C:\Windows\System\kFaArox.exe
  2⤵
  PID:4944
- C:\Windows\System\cdHojHo.exe
  C:\Windows\System\cdHojHo.exe
  2⤵
  PID:1172
- C:\Windows\System\pXITbDc.exe
  C:\Windows\System\pXITbDc.exe
  2⤵
  PID:4476
- C:\Windows\System\gjzevnS.exe
  C:\Windows\System\gjzevnS.exe
  2⤵
  PID:428
- C:\Windows\System\yubqmEx.exe
  C:\Windows\System\yubqmEx.exe
  2⤵
  PID:4880
- C:\Windows\System\LcHhuKO.exe
  C:\Windows\System\LcHhuKO.exe
  2⤵
  PID:2044
- C:\Windows\System\WNZPXUX.exe
  C:\Windows\System\WNZPXUX.exe
  2⤵
  PID:4168
- C:\Windows\System\hthJhvb.exe
  C:\Windows\System\hthJhvb.exe
  2⤵
  PID:3248
- C:\Windows\System\avixyDJ.exe
  C:\Windows\System\avixyDJ.exe
  2⤵
  PID:5132
- C:\Windows\System\vZGbNEt.exe
  C:\Windows\System\vZGbNEt.exe
  2⤵
  PID:5164
- C:\Windows\System\APorcdx.exe
  C:\Windows\System\APorcdx.exe
  2⤵
  PID:5192
- C:\Windows\System\cxJtLUk.exe
  C:\Windows\System\cxJtLUk.exe
  2⤵
  PID:5220
- C:\Windows\System\EfarhQi.exe
  C:\Windows\System\EfarhQi.exe
  2⤵
  PID:5248
- C:\Windows\System\OqtqSOc.exe
  C:\Windows\System\OqtqSOc.exe
  2⤵
  PID:5276
- C:\Windows\System\KZOweWX.exe
  C:\Windows\System\KZOweWX.exe
  2⤵
  PID:5304
- C:\Windows\System\XqGUXSD.exe
  C:\Windows\System\XqGUXSD.exe
  2⤵
  PID:5328
- C:\Windows\System\uZsMRmi.exe
  C:\Windows\System\uZsMRmi.exe
  2⤵
  PID:5360
- C:\Windows\System\feuNpot.exe
  C:\Windows\System\feuNpot.exe
  2⤵
  PID:5384
- C:\Windows\System\lCLnRRh.exe
  C:\Windows\System\lCLnRRh.exe
  2⤵
  PID:5416
- C:\Windows\System\ROOcUYy.exe
  C:\Windows\System\ROOcUYy.exe
  2⤵
  PID:5440
- C:\Windows\System\WaValdT.exe
  C:\Windows\System\WaValdT.exe
  2⤵
  PID:5464
- C:\Windows\System\FOXhEsh.exe
  C:\Windows\System\FOXhEsh.exe
  2⤵
  PID:5496
- C:\Windows\System\UGMICKp.exe
  C:\Windows\System\UGMICKp.exe
  2⤵
  PID:5520
- C:\Windows\System\wboXEZU.exe
  C:\Windows\System\wboXEZU.exe
  2⤵
  PID:5552
- C:\Windows\System\ErmKclF.exe
  C:\Windows\System\ErmKclF.exe
  2⤵
  PID:5580
- C:\Windows\System\qPHbgCP.exe
  C:\Windows\System\qPHbgCP.exe
  2⤵
  PID:5612
- C:\Windows\System\Djehhjp.exe
  C:\Windows\System\Djehhjp.exe
  2⤵
  PID:5636
- C:\Windows\System\ixBEffb.exe
  C:\Windows\System\ixBEffb.exe
  2⤵
  PID:5664
- C:\Windows\System\iDmMqla.exe
  C:\Windows\System\iDmMqla.exe
  2⤵
  PID:5692
- C:\Windows\System\MWjOuVJ.exe
  C:\Windows\System\MWjOuVJ.exe
  2⤵
  PID:5720
- C:\Windows\System\kumhBms.exe
  C:\Windows\System\kumhBms.exe
  2⤵
  PID:5752
- C:\Windows\System\JMwyAYz.exe
  C:\Windows\System\JMwyAYz.exe
  2⤵
  PID:5776
- C:\Windows\System\OxODWKq.exe
  C:\Windows\System\OxODWKq.exe
  2⤵
  PID:5808
- C:\Windows\System\NlqkuGB.exe
  C:\Windows\System\NlqkuGB.exe
  2⤵
  PID:5832
- C:\Windows\System\YrEFjPd.exe
  C:\Windows\System\YrEFjPd.exe
  2⤵
  PID:5856
- C:\Windows\System\HmBQIgn.exe
  C:\Windows\System\HmBQIgn.exe
  2⤵
  PID:5884
- C:\Windows\System\cSMRhnf.exe
  C:\Windows\System\cSMRhnf.exe
  2⤵
  PID:5912
- C:\Windows\System\IisRjJP.exe
  C:\Windows\System\IisRjJP.exe
  2⤵
  PID:5940
- C:\Windows\System\lJSNyah.exe
  C:\Windows\System\lJSNyah.exe
  2⤵
  PID:5968
- C:\Windows\System\ezkCSKE.exe
  C:\Windows\System\ezkCSKE.exe
  2⤵
  PID:5996
- C:\Windows\System\sfcMyRC.exe
  C:\Windows\System\sfcMyRC.exe
  2⤵
  PID:6024
- C:\Windows\System\IxEqnwa.exe
  C:\Windows\System\IxEqnwa.exe
  2⤵
  PID:6048
- C:\Windows\System\wIVxPRQ.exe
  C:\Windows\System\wIVxPRQ.exe
  2⤵
  PID:6080
- C:\Windows\System\cPtWICk.exe
  C:\Windows\System\cPtWICk.exe
  2⤵
  PID:6112
- C:\Windows\System\PQLqFub.exe
  C:\Windows\System\PQLqFub.exe
  2⤵
  PID:2724
- C:\Windows\System\eKsEjzM.exe
  C:\Windows\System\eKsEjzM.exe
  2⤵
  PID:5180
- C:\Windows\System\NHKTxOr.exe
  C:\Windows\System\NHKTxOr.exe
  2⤵
  PID:5256
- C:\Windows\System\vMrfSMZ.exe
  C:\Windows\System\vMrfSMZ.exe
  2⤵
  PID:5316
- C:\Windows\System\ZihFGFq.exe
  C:\Windows\System\ZihFGFq.exe
  2⤵
  PID:5372
- C:\Windows\System\RSXcijk.exe
  C:\Windows\System\RSXcijk.exe
  2⤵
  PID:5448
- C:\Windows\System\BBcAyfa.exe
  C:\Windows\System\BBcAyfa.exe
  2⤵
  PID:5512
- C:\Windows\System\MGlXtdF.exe
  C:\Windows\System\MGlXtdF.exe
  2⤵
  PID:5588
- C:\Windows\System\nVGNffn.exe
  C:\Windows\System\nVGNffn.exe
  2⤵
  PID:5644
- C:\Windows\System\PNdgKfV.exe
  C:\Windows\System\PNdgKfV.exe
  2⤵
  PID:5708
- C:\Windows\System\biSnugf.exe
  C:\Windows\System\biSnugf.exe
  2⤵
  PID:5764
- C:\Windows\System\AvUFZTZ.exe
  C:\Windows\System\AvUFZTZ.exe
  2⤵
  PID:5840
- C:\Windows\System\DHqSNGJ.exe
  C:\Windows\System\DHqSNGJ.exe
  2⤵
  PID:5904
- C:\Windows\System\QmtVEFt.exe
  C:\Windows\System\QmtVEFt.exe
  2⤵
  PID:5964
- C:\Windows\System\HVFXUHv.exe
  C:\Windows\System\HVFXUHv.exe
  2⤵
  PID:6040
- C:\Windows\System\VgJEEmx.exe
  C:\Windows\System\VgJEEmx.exe
  2⤵
  PID:6104
- C:\Windows\System\vcOXTeg.exe
  C:\Windows\System\vcOXTeg.exe
  2⤵
  PID:5172
- C:\Windows\System\YTVWezu.exe
  C:\Windows\System\YTVWezu.exe
  2⤵
  PID:5344
- C:\Windows\System\qHtwsbc.exe
  C:\Windows\System\qHtwsbc.exe
  2⤵
  PID:5488
- C:\Windows\System\ydTTknt.exe
  C:\Windows\System\ydTTknt.exe
  2⤵
  PID:5676
- C:\Windows\System\aYbMBmd.exe
  C:\Windows\System\aYbMBmd.exe
  2⤵
  PID:5816
- C:\Windows\System\ZmgPSmq.exe
  C:\Windows\System\ZmgPSmq.exe
  2⤵
  PID:5144
- C:\Windows\System\TsObgQt.exe
  C:\Windows\System\TsObgQt.exe
  2⤵
  PID:6092
- C:\Windows\System\hRmQQjM.exe
  C:\Windows\System\hRmQQjM.exe
  2⤵
  PID:5292
- C:\Windows\System\sabHzpz.exe
  C:\Windows\System\sabHzpz.exe
  2⤵
  PID:5684
- C:\Windows\System\lPnLPWq.exe
  C:\Windows\System\lPnLPWq.exe
  2⤵
  PID:6064
- C:\Windows\System\EkMDDxd.exe
  C:\Windows\System\EkMDDxd.exe
  2⤵
  PID:5868
- C:\Windows\System\oVXUtpS.exe
  C:\Windows\System\oVXUtpS.exe
  2⤵
  PID:5988
- C:\Windows\System\lIeKhWm.exe
  C:\Windows\System\lIeKhWm.exe
  2⤵
  PID:6168
- C:\Windows\System\JUHHavO.exe
  C:\Windows\System\JUHHavO.exe
  2⤵
  PID:6196
- C:\Windows\System\fClbWsh.exe
  C:\Windows\System\fClbWsh.exe
  2⤵
  PID:6220
- C:\Windows\System\ZzyhUyi.exe
  C:\Windows\System\ZzyhUyi.exe
  2⤵
  PID:6252
- C:\Windows\System\bSKOMoA.exe
  C:\Windows\System\bSKOMoA.exe
  2⤵
  PID:6280
- C:\Windows\System\HujcHXQ.exe
  C:\Windows\System\HujcHXQ.exe
  2⤵
  PID:6308
- C:\Windows\System\AtHlWpj.exe
  C:\Windows\System\AtHlWpj.exe
  2⤵
  PID:6336
- C:\Windows\System\kSHQOMT.exe
  C:\Windows\System\kSHQOMT.exe
  2⤵
  PID:6368
- C:\Windows\System\soRTTTy.exe
  C:\Windows\System\soRTTTy.exe
  2⤵
  PID:6392
- C:\Windows\System\EqiQNEL.exe
  C:\Windows\System\EqiQNEL.exe
  2⤵
  PID:6420
- C:\Windows\System\iTuDtoc.exe
  C:\Windows\System\iTuDtoc.exe
  2⤵
  PID:6444
- C:\Windows\System\ovbqvFl.exe
  C:\Windows\System\ovbqvFl.exe
  2⤵
  PID:6476
- C:\Windows\System\vDfEifY.exe
  C:\Windows\System\vDfEifY.exe
  2⤵
  PID:6500
- C:\Windows\System\aqrBGPF.exe
  C:\Windows\System\aqrBGPF.exe
  2⤵
  PID:6528
- C:\Windows\System\rKcPjMI.exe
  C:\Windows\System\rKcPjMI.exe
  2⤵
  PID:6560
- C:\Windows\System\LpaDOJk.exe
  C:\Windows\System\LpaDOJk.exe
  2⤵
  PID:6588
- C:\Windows\System\ExSHhQT.exe
  C:\Windows\System\ExSHhQT.exe
  2⤵
  PID:6612
- C:\Windows\System\pJQOOvp.exe
  C:\Windows\System\pJQOOvp.exe
  2⤵
  PID:6644
- C:\Windows\System\sCcLVox.exe
  C:\Windows\System\sCcLVox.exe
  2⤵
  PID:6668
- C:\Windows\System\QTTvuBW.exe
  C:\Windows\System\QTTvuBW.exe
  2⤵
  PID:6700
- C:\Windows\System\yhyghOo.exe
  C:\Windows\System\yhyghOo.exe
  2⤵
  PID:6728
- C:\Windows\System\eLxrkpx.exe
  C:\Windows\System\eLxrkpx.exe
  2⤵
  PID:6756
- C:\Windows\System\vTfsfjz.exe
  C:\Windows\System\vTfsfjz.exe
  2⤵
  PID:6780
- C:\Windows\System\FOPOjSK.exe
  C:\Windows\System\FOPOjSK.exe
  2⤵
  PID:6808
- C:\Windows\System\NnPSrMf.exe
  C:\Windows\System\NnPSrMf.exe
  2⤵
  PID:6840
- C:\Windows\System\EuAuJBS.exe
  C:\Windows\System\EuAuJBS.exe
  2⤵
  PID:6864
- C:\Windows\System\KHfNkRc.exe
  C:\Windows\System\KHfNkRc.exe
  2⤵
  PID:6896
- C:\Windows\System\ZHxlATP.exe
  C:\Windows\System\ZHxlATP.exe
  2⤵
  PID:6920
- C:\Windows\System\yrvNsPi.exe
  C:\Windows\System\yrvNsPi.exe
  2⤵
  PID:6952
- C:\Windows\System\Yrtmjll.exe
  C:\Windows\System\Yrtmjll.exe
  2⤵
  PID:6980
- C:\Windows\System\WUMGudH.exe
  C:\Windows\System\WUMGudH.exe
  2⤵
  PID:7008
- C:\Windows\System\TisluVR.exe
  C:\Windows\System\TisluVR.exe
  2⤵
  PID:7036
- C:\Windows\System\OMeqOKa.exe
  C:\Windows\System\OMeqOKa.exe
  2⤵
  PID:7068
- C:\Windows\System\quVtJKH.exe
  C:\Windows\System\quVtJKH.exe
  2⤵
  PID:7108
- C:\Windows\System\sNuDHSz.exe
  C:\Windows\System\sNuDHSz.exe
  2⤵
  PID:7136
- C:\Windows\System\ExoXjra.exe
  C:\Windows\System\ExoXjra.exe
  2⤵
  PID:7164
- C:\Windows\System\RONdLLz.exe
  C:\Windows\System\RONdLLz.exe
  2⤵
  PID:6188
- C:\Windows\System\njImBtb.exe
  C:\Windows\System\njImBtb.exe
  2⤵
  PID:6268
- C:\Windows\System\lxcjlgL.exe
  C:\Windows\System\lxcjlgL.exe
  2⤵
  PID:6324
- C:\Windows\System\pyrKHVF.exe
  C:\Windows\System\pyrKHVF.exe
  2⤵
  PID:6384
- C:\Windows\System\MwNDbtr.exe
  C:\Windows\System\MwNDbtr.exe
  2⤵
  PID:6464
- C:\Windows\System\JeVLtbc.exe
  C:\Windows\System\JeVLtbc.exe
  2⤵
  PID:6540
- C:\Windows\System\NdpjiQL.exe
  C:\Windows\System\NdpjiQL.exe
  2⤵
  PID:6604
- C:\Windows\System\IhlcnJC.exe
  C:\Windows\System\IhlcnJC.exe
  2⤵
  PID:6660
- C:\Windows\System\VIDFmAN.exe
  C:\Windows\System\VIDFmAN.exe
  2⤵
  PID:6720
- C:\Windows\System\yrJLjCi.exe
  C:\Windows\System\yrJLjCi.exe
  2⤵
  PID:6792
- C:\Windows\System\WKkPcGJ.exe
  C:\Windows\System\WKkPcGJ.exe
  2⤵
  PID:6856
- C:\Windows\System\ytAhWvW.exe
  C:\Windows\System\ytAhWvW.exe
  2⤵
  PID:6916
- C:\Windows\System\ayUQTPu.exe
  C:\Windows\System\ayUQTPu.exe
  2⤵
  PID:6988
- C:\Windows\System\gCyFkgL.exe
  C:\Windows\System\gCyFkgL.exe
  2⤵
  PID:7084
- C:\Windows\System\VyWgeSY.exe
  C:\Windows\System\VyWgeSY.exe
  2⤵
  PID:7128
- C:\Windows\System\vPgRQGX.exe
  C:\Windows\System\vPgRQGX.exe
  2⤵
  PID:6216
- C:\Windows\System\GuffKlY.exe
  C:\Windows\System\GuffKlY.exe
  2⤵
  PID:6352
- C:\Windows\System\idGoNli.exe
  C:\Windows\System\idGoNli.exe
  2⤵
  PID:6496
- C:\Windows\System\LiyOsgs.exe
  C:\Windows\System\LiyOsgs.exe
  2⤵
  PID:6652
- C:\Windows\System\PcWpdgQ.exe
  C:\Windows\System\PcWpdgQ.exe
  2⤵
  PID:6820
- C:\Windows\System\bAiepDs.exe
  C:\Windows\System\bAiepDs.exe
  2⤵
  PID:6968
- C:\Windows\System\DXjVcVl.exe
  C:\Windows\System\DXjVcVl.exe
  2⤵
  PID:6072
- C:\Windows\System\UjWsNKL.exe
  C:\Windows\System\UjWsNKL.exe
  2⤵
  PID:6412
- C:\Windows\System\VkWbnmg.exe
  C:\Windows\System\VkWbnmg.exe
  2⤵
  PID:6772
- C:\Windows\System\PNxZYMK.exe
  C:\Windows\System\PNxZYMK.exe
  2⤵
  PID:6176
- C:\Windows\System\SLNCWRV.exe
  C:\Windows\System\SLNCWRV.exe
  2⤵
  PID:6912
- C:\Windows\System\WzotcVj.exe
  C:\Windows\System\WzotcVj.exe
  2⤵
  PID:7172
- C:\Windows\System\szlYVEe.exe
  C:\Windows\System\szlYVEe.exe
  2⤵
  PID:7200
- C:\Windows\System\HueROgh.exe
  C:\Windows\System\HueROgh.exe
  2⤵
  PID:7228
- C:\Windows\System\MuyYFbg.exe
  C:\Windows\System\MuyYFbg.exe
  2⤵
  PID:7256
- C:\Windows\System\gQJLfDU.exe
  C:\Windows\System\gQJLfDU.exe
  2⤵
  PID:7272
- C:\Windows\System\JxILksz.exe
  C:\Windows\System\JxILksz.exe
  2⤵
  PID:7300
- C:\Windows\System\DxqYaie.exe
  C:\Windows\System\DxqYaie.exe
  2⤵
  PID:7328
- C:\Windows\System\gXhfuaL.exe
  C:\Windows\System\gXhfuaL.exe
  2⤵
  PID:7344
- C:\Windows\System\jjpshqo.exe
  C:\Windows\System\jjpshqo.exe
  2⤵
  PID:7376
- C:\Windows\System\vVPdNXr.exe
  C:\Windows\System\vVPdNXr.exe
  2⤵
  PID:7424
- C:\Windows\System\tpijkTs.exe
  C:\Windows\System\tpijkTs.exe
  2⤵
  PID:7440
- C:\Windows\System\DWBsoNK.exe
  C:\Windows\System\DWBsoNK.exe
  2⤵
  PID:7468
- C:\Windows\System\FbgqxRU.exe
  C:\Windows\System\FbgqxRU.exe
  2⤵
  PID:7500
- C:\Windows\System\OEEKMhX.exe
  C:\Windows\System\OEEKMhX.exe
  2⤵
  PID:7524
- C:\Windows\System\akgijKS.exe
  C:\Windows\System\akgijKS.exe
  2⤵
  PID:7548
- C:\Windows\System\HKUARxM.exe
  C:\Windows\System\HKUARxM.exe
  2⤵
  PID:7568
- C:\Windows\System\ZnbBuEe.exe
  C:\Windows\System\ZnbBuEe.exe
  2⤵
  PID:7608
- C:\Windows\System\IznfbdE.exe
  C:\Windows\System\IznfbdE.exe
  2⤵
  PID:7640
- C:\Windows\System\vMHOrTH.exe
  C:\Windows\System\vMHOrTH.exe
  2⤵
  PID:7668
- C:\Windows\System\FXFYQFM.exe
  C:\Windows\System\FXFYQFM.exe
  2⤵
  PID:7696
- C:\Windows\System\awUNUqe.exe
  C:\Windows\System\awUNUqe.exe
  2⤵
  PID:7724
- C:\Windows\System\hntFnnH.exe
  C:\Windows\System\hntFnnH.exe
  2⤵
  PID:7764
- C:\Windows\System\juZAhBG.exe
  C:\Windows\System\juZAhBG.exe
  2⤵
  PID:7780
- C:\Windows\System\UlQiMpt.exe
  C:\Windows\System\UlQiMpt.exe
  2⤵
  PID:7812
- C:\Windows\System\JpsZFvE.exe
  C:\Windows\System\JpsZFvE.exe
  2⤵
  PID:7840
- C:\Windows\System\UjNXqmV.exe
  C:\Windows\System\UjNXqmV.exe
  2⤵
  PID:7864
- C:\Windows\System\htuIWVb.exe
  C:\Windows\System\htuIWVb.exe
  2⤵
  PID:7880
- C:\Windows\System\NOskTGT.exe
  C:\Windows\System\NOskTGT.exe
  2⤵
  PID:7904
- C:\Windows\System\RGkuVHQ.exe
  C:\Windows\System\RGkuVHQ.exe
  2⤵
  PID:7932
- C:\Windows\System\blJnZGA.exe
  C:\Windows\System\blJnZGA.exe
  2⤵
  PID:7948
- C:\Windows\System\mvQJyAl.exe
  C:\Windows\System\mvQJyAl.exe
  2⤵
  PID:7988
- C:\Windows\System\PinFEwx.exe
  C:\Windows\System\PinFEwx.exe
  2⤵
  PID:8020
- C:\Windows\System\gthgQzk.exe
  C:\Windows\System\gthgQzk.exe
  2⤵
  PID:8048
- C:\Windows\System\KcrYyFM.exe
  C:\Windows\System\KcrYyFM.exe
  2⤵
  PID:8076
- C:\Windows\System\YjdTLGo.exe
  C:\Windows\System\YjdTLGo.exe
  2⤵
  PID:8104
- C:\Windows\System\OlwbDYZ.exe
  C:\Windows\System\OlwbDYZ.exe
  2⤵
  PID:8132
- C:\Windows\System\eomWTQH.exe
  C:\Windows\System\eomWTQH.exe
  2⤵
  PID:8168
- C:\Windows\System\kANfzut.exe
  C:\Windows\System\kANfzut.exe
  2⤵
  PID:8188
- C:\Windows\System\FABoRlw.exe
  C:\Windows\System\FABoRlw.exe
  2⤵
  PID:7196
- C:\Windows\System\kMNTECJ.exe
  C:\Windows\System\kMNTECJ.exe
  2⤵
  PID:7292
- C:\Windows\System\xyCgKNm.exe
  C:\Windows\System\xyCgKNm.exe
  2⤵
  PID:7336
- C:\Windows\System\lLCdESq.exe
  C:\Windows\System\lLCdESq.exe
  2⤵
  PID:7412
- C:\Windows\System\rjLTyZG.exe
  C:\Windows\System\rjLTyZG.exe
  2⤵
  PID:7516
- C:\Windows\System\athWZtV.exe
  C:\Windows\System\athWZtV.exe
  2⤵
  PID:7556
- C:\Windows\System\SVUfSRl.exe
  C:\Windows\System\SVUfSRl.exe
  2⤵
  PID:7604
- C:\Windows\System\kdvzTMZ.exe
  C:\Windows\System\kdvzTMZ.exe
  2⤵
  PID:7688
- C:\Windows\System\gOslUBf.exe
  C:\Windows\System\gOslUBf.exe
  2⤵
  PID:7824
- C:\Windows\System\lGGopoG.exe
  C:\Windows\System\lGGopoG.exe
  2⤵
  PID:7892
- C:\Windows\System\dPCtsQD.exe
  C:\Windows\System\dPCtsQD.exe
  2⤵
  PID:7960
- C:\Windows\System\ZeyFbsR.exe
  C:\Windows\System\ZeyFbsR.exe
  2⤵
  PID:8040
- C:\Windows\System\ZijwWPV.exe
  C:\Windows\System\ZijwWPV.exe
  2⤵
  PID:8060
- C:\Windows\System\dxdCzhO.exe
  C:\Windows\System\dxdCzhO.exe
  2⤵
  PID:8120
- C:\Windows\System\IpiIDDh.exe
  C:\Windows\System\IpiIDDh.exe
  2⤵
  PID:8180
- C:\Windows\System\gcBjWtP.exe
  C:\Windows\System\gcBjWtP.exe
  2⤵
  PID:7312
- C:\Windows\System\emfzFQt.exe
  C:\Windows\System\emfzFQt.exe
  2⤵
  PID:7480
- C:\Windows\System\wzzMSmd.exe
  C:\Windows\System\wzzMSmd.exe
  2⤵
  PID:7628
- C:\Windows\System\rvweKYL.exe
  C:\Windows\System\rvweKYL.exe
  2⤵
  PID:7876
- C:\Windows\System\SPfMuOY.exe
  C:\Windows\System\SPfMuOY.exe
  2⤵
  PID:7996
- C:\Windows\System\VqAWKgR.exe
  C:\Windows\System\VqAWKgR.exe
  2⤵
  PID:8092
- C:\Windows\System\XTxXTWY.exe
  C:\Windows\System\XTxXTWY.exe
  2⤵
  PID:8152
- C:\Windows\System\WqQcBMp.exe
  C:\Windows\System\WqQcBMp.exe
  2⤵
  PID:6716
- C:\Windows\System\FoLJHET.exe
  C:\Windows\System\FoLJHET.exe
  2⤵
  PID:7720
- C:\Windows\System\IeiLoTe.exe
  C:\Windows\System\IeiLoTe.exe
  2⤵
  PID:8156
- C:\Windows\System\GIvkysX.exe
  C:\Windows\System\GIvkysX.exe
  2⤵
  PID:8200
- C:\Windows\System\PcwQHBu.exe
  C:\Windows\System\PcwQHBu.exe
  2⤵
  PID:8232
- C:\Windows\System\apFjBoD.exe
  C:\Windows\System\apFjBoD.exe
  2⤵
  PID:8284
- C:\Windows\System\VZHioWP.exe
  C:\Windows\System\VZHioWP.exe
  2⤵
  PID:8300
- C:\Windows\System\ZvZERMC.exe
  C:\Windows\System\ZvZERMC.exe
  2⤵
  PID:8328
- C:\Windows\System\yZArxAN.exe
  C:\Windows\System\yZArxAN.exe
  2⤵
  PID:8356
- C:\Windows\System\JBWvxpC.exe
  C:\Windows\System\JBWvxpC.exe
  2⤵
  PID:8396
- C:\Windows\System\SeIvAMV.exe
  C:\Windows\System\SeIvAMV.exe
  2⤵
  PID:8412
- C:\Windows\System\MNcBCBQ.exe
  C:\Windows\System\MNcBCBQ.exe
  2⤵
  PID:8440
- C:\Windows\System\JWzBZHZ.exe
  C:\Windows\System\JWzBZHZ.exe
  2⤵
  PID:8468
- C:\Windows\System\zodKHbk.exe
  C:\Windows\System\zodKHbk.exe
  2⤵
  PID:8508
- C:\Windows\System\eCYClCd.exe
  C:\Windows\System\eCYClCd.exe
  2⤵
  PID:8536
- C:\Windows\System\DlKbLjG.exe
  C:\Windows\System\DlKbLjG.exe
  2⤵
  PID:8564
- C:\Windows\System\pvUOtgo.exe
  C:\Windows\System\pvUOtgo.exe
  2⤵
  PID:8592
- C:\Windows\System\fLiAPAU.exe
  C:\Windows\System\fLiAPAU.exe
  2⤵
  PID:8620
- C:\Windows\System\mnPMXql.exe
  C:\Windows\System\mnPMXql.exe
  2⤵
  PID:8636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BZIwdjD.exe

Filesize
2.1MB

MD5
592725c437625736e171427eeeceb9f8

SHA1
422c0b3a58643baf7640b1327433d5fb83a0cd87

SHA256
0a22979dfb1b7f5c625dc05774c34161edbac16e476361757424fa6f8dcae50b

SHA512
6d2fa9e719898bd09eaba3341270a7b5efd87756b76795402b18b7dca26ef5eb6602ec7d2d9daf2b4f18455df33bca160c4e44e1a3e3ad82df7f98c8fbf8e2d7

Download Submit
C:\Windows\System\BygLweP.exe

Filesize
2.1MB

MD5
5b3377bfdd734b296cb655c777616460

SHA1
c757be838b837bd7df20ba6350fde36461931dec

SHA256
da47189aee8663c0e5b4bf4bb61b8be5fe17c1bfafc0b3030bc745a945738a59

SHA512
5d2e4921ca791a33803a0b4a82a9301fdaecc18e31d46bb278551bc68a76f77fe9c3d93b57a70e8b063923f149017254588d47f85062cce70795b754229f18df

Download Submit
C:\Windows\System\CKVFhCz.exe

Filesize
2.1MB

MD5
9f97953f1eb38518302ed6aff1a9455b

SHA1
9436374b788f6aec85154fa31c45c17697e0d93f

SHA256
d94b3b5fe4586d0710e46b3a97b3c0a74cdd7a2d22bd339de5f4753220c70378

SHA512
b6dfd7aaa8091a6923b6a704977d8b913f9a84b8e360f4bdbbb84a4b20dd7dfcf75a37b58ed32ed4e376ab08e19dc2f23237b5c49b1248819bb3aa0095672734

Download Submit
C:\Windows\System\DErXsir.exe

Filesize
2.1MB

MD5
c5f329f1afb4201cac604f24caa96dbe

SHA1
0a019bd2efcd81bac4de2f50fb18e77365cd658c

SHA256
572e522a7f3ccd51d394e1d0e4a6795f92784300292bf6e1bfddc66812078a85

SHA512
b0f84329203d453486769d77cd9df974a254ef69feaedc58d1f2a905a17f190dbd588c5c2344848848e49bd75b94b108b5f8a872822aea5b8cbff495f602f8e8

Download Submit
C:\Windows\System\DNXGJoT.exe

Filesize
2.1MB

MD5
0e0e9a1e0ac3d516c75c68d22b754631

SHA1
9d06e84a3852ae1c08189b97f0c72957bfad4495

SHA256
2a9347f36558f35447801d39831135a6cd47b07ba7ae00a24efaac8ce5c5e6fe

SHA512
b684fe7965a34236dd6780c65091c0a48b16ffa874abd09d0b85ad2b1ec4290b375e0acfc124550b957d588d6ad69bbf07cfe1ec87cf32112213b53dacc7ebc1

Download Submit
C:\Windows\System\EpVhsgZ.exe

Filesize
2.1MB

MD5
99a26cf8fc348feabfa37c4decd9f1d9

SHA1
31d0071f16214384daed9ceb08ee595c2506aa05

SHA256
806a6e055fda50c709ee43464eca7422e0dd2fcc56c9f24ed2ca8b091dc4694b

SHA512
92a49e06811028d7de569779bd600a9c9457b7daae6c45079356ac2c70d953febacd4e067b981ac4a43d02458464cc67cc163181f3c190a6cd4d7f3070d10015

Download Submit
C:\Windows\System\GbimXBW.exe

Filesize
2.1MB

MD5
50b044a8e91790d2127da7bfcfa36a7b

SHA1
0c4d10959c22eebc4728f105494d3c63aa353597

SHA256
a1ac9e1c29daf165141de78638a8966867862afffcaf533c60009177166a7c74

SHA512
e58afa2be5dbaae96b7b63248eef595519efc9fe0dc61f61daa8d6cf098b1fab9ab7bdd882d4c4ed1ee6b6316bedcd8835322a643e4f224e3b85666fc1c95337

Download Submit
C:\Windows\System\HbsqSqs.exe

Filesize
2.1MB

MD5
f22db544dcd5eda4499d34df7ebc3906

SHA1
eb6d07fdfa293d731bc8bee9f5248906965b8be0

SHA256
902b31012a5363bc6283ee4defc6feb0ae96f02254e9508b54fe44f6e6e29fb3

SHA512
60ac2e7b31d8ef39772d627d2a1b897489b0aed0a5c18ff53df5a9e7dea5fa9a87cbc2abd4147f707a2a0ee94d0127264d471c77402270cc5b9517a86894a604

Download Submit
C:\Windows\System\HgRqPPq.exe

Filesize
2.1MB

MD5
fc0ed871c0b6341bd6c445c0abbe1297

SHA1
93fc7c014cbe99e320ad1c23970f3992cf587dd3

SHA256
1bd311464b6272769a4eb9c310c63443484f1f703bf15636864ba83c00cbca9c

SHA512
dbf03827558209d36db74a5f2eb9adf2d41f35dc0d9f6ddaa3766a6db589e8bc09877da3866a7f4586d364d4169f384ff62b6f13bfa1355a9c983f7985cc2434

Download Submit
C:\Windows\System\LAzDPYv.exe

Filesize
2.1MB

MD5
823a7444cdf17ded1761049bb82303d2

SHA1
a0507857411eac28bca2041c8268a5e013c0cb95

SHA256
28113b28f20ed586ac8e3b8859b989ca60e45acff9947203337efb30478e7744

SHA512
5bcdfcb515ef4c96f107e991405d2e2f5685d682a1a3914196f86ba32315af4a01b25778941edd2e1c5279c197c460d831e1b42db266a7872c31e549bb299f6a

Download Submit
C:\Windows\System\OISMcBB.exe

Filesize
2.1MB

MD5
322fc0ba7d7879362a18811848a5a971

SHA1
72fc7eca6cda3e98098f92374abe2fa1123a7c1c

SHA256
8853f72bdf3468ac0c0870b7f64f0c717ccf5d0634245e3e27893dbf58729590

SHA512
4c4d09bbff9dfdf3f7fa1a6ed471b6b2fa56295c35676499681af5d8907d0c939bc701492ae47e6d4ab60b8795bf277df18255df8db870897ceb450471ccff9b

Download Submit
C:\Windows\System\PBBdUox.exe

Filesize
2.1MB

MD5
e25984b9943402d6b273db6d0057fccb

SHA1
dc1d9e6abde23c47ae96c4883c1396a266a6cfac

SHA256
d4a89feefdb4439b8be7b7340edb1fa0332124686ded4c4ba39685153fc2cd34

SHA512
eb55093f0e9c9c6feefe8be308cfbd6b9d0e0fcf16f8b378eb8644a1d3094c402a66ab3d9a333f0b4a1597b235b07de801ff49c86911fc67cb5cdae92311c053

Download Submit
C:\Windows\System\QCwDcxv.exe

Filesize
2.1MB

MD5
adb76c0b9f448a75c5b531e49bbc113a

SHA1
528b2f9e18bbf1556465ff5f71b50d11019e1a3a

SHA256
d28f0d099d9235fb58bf15a30044ea7edcb000a133963a43c41172d267349edf

SHA512
195e66343bb5cff07426c8f70cceb24e1fa01cd6736d94de79ba8b674c63a06a49164d2f948745fa7d782430eac13ad3150e9d4cbc63405f207409368b35503d

Download Submit
C:\Windows\System\RYUPGxO.exe

Filesize
2.1MB

MD5
2084e945ce7725dc979ed7e935defe8a

SHA1
6b641ccbca8fdb3f7419f71371ba97f8e7fcce8e

SHA256
f6fda5f1451110b22b92cba914f5f120b29656d39484894c435d5bb33ca10be7

SHA512
a51b556036378c2d86f4513ce5df25213c1271a25ddeb8965bd54fd45d9f494cb5921edc780381682f55ba9fa4465d89e09da113b91fffaecdb9641da857b203

Download Submit
C:\Windows\System\RzbhLsW.exe

Filesize
2.1MB

MD5
101685656a32684f537ab06dfe3c3724

SHA1
44af162663c399ad77fec1f7da22eb57dc30e1e3

SHA256
7c3227abc4aacd1ff51c3c478c80e7c8f821053c488f75aae4a1cb9b7f25717b

SHA512
39924965fa473df7f9710a06a2e1d3b3f255b3828aae2ecd2ec4f17b5801392c4708a91f430b303dca5177dab4a34ab973c6dc9b5a0609c3fa36b2eefde4ee5c

Download Submit
C:\Windows\System\TXxhUZX.exe

Filesize
2.1MB

MD5
edb0b499d204476eb8a78e064376fc15

SHA1
68fe4c1f81209f0a561af026e3709c9c3d7b912b

SHA256
b484589ae46e54f87bc3b90711f38b28aa781a87b265c2c836c9b7404674a6b2

SHA512
e889d9ae55d6672411b63c20f6a4a0a28255af6eba3ac3bbb6a519e2752ef5e7c697858fcbeab90a150de8a0f91109c9fd97405eb13ffbfc18732f58d148744f

Download Submit
C:\Windows\System\VeAroAS.exe

Filesize
2.1MB

MD5
90704193fbfca447c301293f5f5f43c8

SHA1
db93fd842036ccbb4db3d9457d86a65f53ecc5a1

SHA256
ab936c53944c7666937ca6b055e40bde94cd5ff0d5cf6ebcd17c0ac7d86aa0ff

SHA512
c545dd1a4000b244a567e9957c44f7d1c26fe036df2582f813dd3833631bca431de97db8b440ba9824db106d51a6f820292205f8dbd910ef8d15c47932539957

Download Submit
C:\Windows\System\VqkoMOn.exe

Filesize
2.1MB

MD5
34e253b7fca80f608aaab54c88d3fb6f

SHA1
1724929d8f63415e955c087265f13d1bfea8d35a

SHA256
03e5ba28d4bb9d766aa82add6a3d5331ca71c6dadde3322497d9f6841bde6de1

SHA512
6f9cd45036a4d40d9d8dab0bdd2481fc56f6e5a1ccaf1763a7f9d6895be8b180210425c7b58b8cd635b3f8e6fc34651eff64c0a2f62816d565eb71e5c9d12274

Download Submit
C:\Windows\System\WXlLOLe.exe

Filesize
2.1MB

MD5
a38d1b2e56fd8792debd0fee5d7ef94d

SHA1
6808123457c9da5fdfc2fd57e4b0525b333a85aa

SHA256
380708522fac9efeb22b226e5a62a1cf88540f79d85056ac80dff02fa48d55bc

SHA512
164d5d92c28e77a6ddd613189fd0ac53bf5c7f000ad2e21d3510701d21a58c292fc4effc1cd62e3ecd0b44a974cfd0f9aefec1efacd36df6f397ca75fd6476bb

Download Submit
C:\Windows\System\YUNqVxk.exe

Filesize
2.1MB

MD5
148d3e0505210559100fef5ab2f442df

SHA1
d8af7f3f7f927ab590112d0f2ade73ee698513d3

SHA256
f2d033a8dcf7422e15490508c9a9af610c581918200f28522736f27d773e99d0

SHA512
5a708c53ee6d21ea3ecc1b0e0a328f53a55e52144e08936996f22061ebdf7449fe42c6fc8bc7033944a19531666827d534b67286f3b11e65fa33c8c268499065

Download Submit
C:\Windows\System\ZowqJCZ.exe

Filesize
2.1MB

MD5
0a7052f894c40d7f0254311c62c70c5a

SHA1
c40faca7d54dc378661e466cb8aefbd404462f6e

SHA256
c6b998bafb3b605412d67ff8ce0bbbfe8d5f954a00b384972a4540e73e288316

SHA512
d389eae61e44c0254be3f68accfd99a7ab442c5c077954d94bbd7880111e818429f65657d808f490fdb431543b71d3ea14209c6c9d61ee4e682f2f3044404bb2

Download Submit
C:\Windows\System\dkoRWin.exe

Filesize
2.1MB

MD5
23819dfc2d348500422f8865d5f4ee79

SHA1
3b3b90e49aada9098a0d93007c92332876c0be16

SHA256
ec9c2f378c5e0b28233ab366703b3dd8ba6e9275dd88bc2674403e022feeaf3f

SHA512
e40a75a2bf50b9aa619acd64e15cb1274fbff7c7858dd59f9193a680fd9df0ed1e1dd0c078d855c83d6a4012a86c93fab29e2d84b932ca9b04a9d5ea8812d6ff

Download Submit
C:\Windows\System\eIDFQNa.exe

Filesize
2.1MB

MD5
7c6e1adc3bd9bc047863c45435d83b2f

SHA1
5efe75d467063928e54a40d97ba09aac4fdaebc6

SHA256
6755defffcfd631995df9160c85b8e13622571ff80213d3949fd9af8aec109cd

SHA512
4c81ee83f918a208cf98a0274e6f41f2b7e56d2b5d3e28817681068861a400306dd2a6d8db9ec678bb0180fd6ffaafbaada3356c2b59e797868cd1d6363b3a5a

Download Submit
C:\Windows\System\hzXfvzV.exe

Filesize
2.1MB

MD5
4c279fd937c8ea00ad12248cdcfca501

SHA1
5f5bc4f7c4428df846fa09c5565ef2afebd152a9

SHA256
727edcf20ddbd03fa7f36dfafe4e89b03e724f1c49588cccea7a05a46df25c93

SHA512
62d6d571e033f056533b2d8278cc7763bc52d8e0e89a5360f340759f5829cd61684277dff3ad0dc8138efd1228715ee2b9ef36893db7bcf8573e446ee8ccfaf1

Download Submit
C:\Windows\System\iaBzMkD.exe

Filesize
2.1MB

MD5
3e84fcd26591657d49666d2f78f8a277

SHA1
de9b5c68478f8289f438d1c02e3a730410067aac

SHA256
4f745bf9e895c448b7bb70a7a0013a61f063ad41f6757998a0c121cff566b0b8

SHA512
e73cebf0b24093023ba4997fc9815ded6e1bd4c7bc71d84ce2352a2fb3ce759ed84313afaf893707fa09b2d7841ea31d444bf9c68b65f989036a8bc584c9b757

Download Submit
C:\Windows\System\kLympRK.exe

Filesize
2.1MB

MD5
4b4599aa2afb3f87b83049cf3317fe99

SHA1
47642beacc9dc48c14b4fda975ce874e81e47c2f

SHA256
461ce6325f7207f496e357f7b53671b0072b88a9c23bac428c9118917b7c7e73

SHA512
1e14839c9743cd35977811e8be1718d27570e1fe00718915af44b05f1dd121094018bb5410977b86091d5eccc56c919b63368508ac32ea25d573af811474b30d

Download Submit
C:\Windows\System\kOLGuRN.exe

Filesize
2.1MB

MD5
58d4d902c334eebd9b136c87202f427f

SHA1
2238905c44493508d10ead9f65c374be5888e04d

SHA256
0eadd1e2f887532123b03baffd8cdc8cb9e98ddc6b8e5deaeb69fa84d8756fbc

SHA512
9e3f0a2f475fdea39b00eb1c89d9ed54fc3d3e458efa29b280ff1305033d3cd232f460d605f8c5ea599d7009a9ed294f15117954dfd36191e7b08e27eb6f40e1

Download Submit
C:\Windows\System\kteeiqU.exe

Filesize
2.1MB

MD5
5532c4d323c74f48f7d9d96e03cb1a44

SHA1
1a823b5af5f4a347df4da6f3b729783cb5066e46

SHA256
f10a1a90055554771bc407360c4cf56f08306be25d2b09a04021015662ae3ab9

SHA512
283a5c865e32d5d3be92705bcd5282121a500d47fa16d7b7f4a90ae0b8e4331d364384d5ea6b02199ca4155b39e77de8bbf08ed7fc13084c6713c0ac5c635b33

Download Submit
C:\Windows\System\kuGSLiv.exe

Filesize
2.1MB

MD5
46dca8f3349c3e5c4557af8c720f36b7

SHA1
8cee08d6b01658471e0861556997bacbcd89f94b

SHA256
4ec4aa3fc1f539e9633a5950ca99f42c317490417082f83ee6591f8ca9fbd6fe

SHA512
30dff6035af45d8886bbc98800337f5ecf851ea2618c5317f203ee1bf361cc03e8c05dd2338f607ffa463619137ea912c9fdc49f2eeb9c146b3b08647c811321

Download Submit
C:\Windows\System\lJgrVcn.exe

Filesize
2.1MB

MD5
fd9970f7672c45234cf487fdc52e8ad7

SHA1
0df6d3e01113b86747810e0e3c98a8e8e62fab18

SHA256
f6442af08241116e272638dc87dedfe990b99c3c5ca2d887e610423ce79857bf

SHA512
a46ef2e9d574e96870cac46f5d826af7656f851aea9368088c46ec6f9fa96eeaa276a4e4897c50e7bce2a4734e23e6e4b28d9129e57ffe30cdd056793a6d1f2b

Download Submit
C:\Windows\System\pLmQKTZ.exe

Filesize
2.1MB

MD5
7da4a6bdccdec5f3abb742529c95b87a

SHA1
d2093f18fc2aa81e82e9a8aceb5fa1f56ae70419

SHA256
55a981076845ae474189e3d74dbe99800c2e1195105db4233d9dd859d2daec7d

SHA512
dd0567814a468624bdee44794dd47ada57dcaaf2ffa5930f9d2d73393d834f5992182dc49f427ef6059266e53f455a3b97c16fd9bdc1249eff9e2ff5eb975774

Download Submit
C:\Windows\System\rqrgoZC.exe

Filesize
2.1MB

MD5
f31ab5c1f0ff426fe72fdef9a580fff2

SHA1
d1d9473e18c226c8e93f520967b9b868b7000d73

SHA256
2133cb28742fb684f4ef62b542126518e0e578eec0ecbba35b5d505286bae48b

SHA512
8fb1582f1e084dae358ef7da4feae0ede3eec597b5995f36ace99761354b96a04c39de64e6235715a100b933249079bd2befb3577b06840b0ff9001dc2927844

Download Submit
memory/1068-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download