kpot | 72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe

Analysis

max time kernel
142s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
Size

2.1MB
MD5

e272ef81334296137a7418122c3b4b20
SHA1

e62dd8968bd7a4ed2811ef8f954b6ffc4cf23c3b
SHA256

72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe
SHA512

6b4b5db41d75f2791325d05377caa7ee65c68eea7412f309b1851999e1f55bedc9f3d28711d922989e603a01c587ba35de7abbc3c5fbc08ae5af05fea35547d7
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2iVtS:GemTLkNdfE0pZaQB

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023237-3.dat	family_kpot
behavioral2/files/0x000800000002323a-8.dat	family_kpot
behavioral2/files/0x000800000002323c-9.dat	family_kpot
behavioral2/files/0x000800000002323e-20.dat	family_kpot
behavioral2/files/0x000700000002323f-24.dat	family_kpot
behavioral2/files/0x0007000000023240-29.dat	family_kpot
behavioral2/files/0x0007000000023241-35.dat	family_kpot
behavioral2/files/0x0007000000023242-39.dat	family_kpot
behavioral2/files/0x0007000000023243-43.dat	family_kpot
behavioral2/files/0x0007000000023244-48.dat	family_kpot
behavioral2/files/0x0007000000023245-55.dat	family_kpot
behavioral2/files/0x0007000000023246-58.dat	family_kpot
behavioral2/files/0x0007000000023247-63.dat	family_kpot
behavioral2/files/0x0007000000023248-69.dat	family_kpot
behavioral2/files/0x0007000000023249-74.dat	family_kpot
behavioral2/files/0x000700000002324a-80.dat	family_kpot
behavioral2/files/0x000700000002324b-85.dat	family_kpot
behavioral2/files/0x000700000002324c-90.dat	family_kpot
behavioral2/files/0x000700000002324d-95.dat	family_kpot
behavioral2/files/0x000700000002324e-100.dat	family_kpot
behavioral2/files/0x000700000002324f-103.dat	family_kpot
behavioral2/files/0x0007000000023250-109.dat	family_kpot
behavioral2/files/0x0007000000023251-115.dat	family_kpot
behavioral2/files/0x0007000000023252-119.dat	family_kpot
behavioral2/files/0x0007000000023253-125.dat	family_kpot
behavioral2/files/0x0007000000023254-128.dat	family_kpot
behavioral2/files/0x0007000000023255-133.dat	family_kpot
behavioral2/files/0x0007000000023256-140.dat	family_kpot
behavioral2/files/0x0007000000023258-145.dat	family_kpot
behavioral2/files/0x0007000000023259-148.dat	family_kpot
behavioral2/files/0x000700000002325a-153.dat	family_kpot
behavioral2/files/0x000700000002325b-160.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000023237-3.dat	xmrig
behavioral2/files/0x000800000002323a-8.dat	xmrig
behavioral2/files/0x000800000002323c-9.dat	xmrig
behavioral2/files/0x000800000002323e-20.dat	xmrig
behavioral2/files/0x000700000002323f-24.dat	xmrig
behavioral2/files/0x0007000000023240-29.dat	xmrig
behavioral2/files/0x0007000000023241-35.dat	xmrig
behavioral2/files/0x0007000000023242-39.dat	xmrig
behavioral2/files/0x0007000000023243-43.dat	xmrig
behavioral2/files/0x0007000000023244-48.dat	xmrig
behavioral2/files/0x0007000000023245-55.dat	xmrig
behavioral2/files/0x0007000000023246-58.dat	xmrig
behavioral2/files/0x0007000000023247-63.dat	xmrig
behavioral2/files/0x0007000000023248-69.dat	xmrig
behavioral2/files/0x0007000000023249-74.dat	xmrig
behavioral2/files/0x000700000002324a-80.dat	xmrig
behavioral2/files/0x000700000002324b-85.dat	xmrig
behavioral2/files/0x000700000002324c-90.dat	xmrig
behavioral2/files/0x000700000002324d-95.dat	xmrig
behavioral2/files/0x000700000002324e-100.dat	xmrig
behavioral2/files/0x000700000002324f-103.dat	xmrig
behavioral2/files/0x0007000000023250-109.dat	xmrig
behavioral2/files/0x0007000000023251-115.dat	xmrig
behavioral2/files/0x0007000000023252-119.dat	xmrig
behavioral2/files/0x0007000000023253-125.dat	xmrig
behavioral2/files/0x0007000000023254-128.dat	xmrig
behavioral2/files/0x0007000000023255-133.dat	xmrig
behavioral2/files/0x0007000000023256-140.dat	xmrig
behavioral2/files/0x0007000000023258-145.dat	xmrig
behavioral2/files/0x0007000000023259-148.dat	xmrig
behavioral2/files/0x000700000002325a-153.dat	xmrig
behavioral2/files/0x000700000002325b-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4572	cVCEfyv.exe
676	gTCGEVN.exe
4688	oyDfAUn.exe
3976	zSikONL.exe
2028	vxIzOHf.exe
2632	BtepKhv.exe
2140	CUCJgPu.exe
384	EcvUGQR.exe
864	fzrWEeO.exe
400	DjvOcRM.exe
1460	qApKugT.exe
4576	cwVUshb.exe
396	xKCPsem.exe
1944	zsbwvgj.exe
2500	IOwHWkh.exe
2644	cxnAYFK.exe
1928	jMsIJVw.exe
3568	EdcgzqJ.exe
2460	MgIvfHE.exe
2608	EjIQElw.exe
636	HSjNive.exe
2832	WfVQhuK.exe
2936	AwYDdoD.exe
3376	izfWfmc.exe
4396	NjKnstL.exe
3668	NBohdzF.exe
1244	KEBbvrq.exe
4700	puqZGYE.exe
2620	JifCRjv.exe
2996	YwuOSqq.exe
4280	IlIkMWT.exe
4232	iISmPvn.exe
2248	JhqsKhx.exe
2172	Cktecnl.exe
4068	ZVcpJkj.exe
4308	WlMrHyI.exe
3204	OBYWiTj.exe
4248	ICedagw.exe
2964	weBykuU.exe
4348	CiGIrwB.exe
2932	EMibiNG.exe
4216	tQHGDKC.exe
664	OThGJEj.exe
1412	sMcWbDY.exe
2160	zdVObsX.exe
3252	MiXQTWL.exe
3932	wAULWRb.exe
4200	JseXJeb.exe
2016	iIZYrTx.exe
3540	mVJJGvC.exe
720	BLQSXXC.exe
3416	mOPccyp.exe
4480	DFTEPhV.exe
872	TwdLoQa.exe
3480	beqQuvm.exe
740	jwYeTRl.exe
1768	VfyhpBm.exe
4408	iTHgkRA.exe
4432	VINRykU.exe
3052	wBxNxDg.exe
2352	iQpmIEl.exe
4292	aLluDwf.exe
4328	bSIynzI.exe
232	YxKFVyH.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gNbhpOk.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\GbhJsAJ.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\puqZGYE.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\OtFNspF.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\MgIvfHE.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\CxWRFDp.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\zMmjrgF.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\DuUBhmO.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\aLcEzKC.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\gTCGEVN.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\jMsIJVw.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\mVJJGvC.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\lerBzXk.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\RMwZfOy.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\VfyhpBm.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\YeFtfYW.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\HwtEthE.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\ZkdEKMD.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\KMmEBCM.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\nlNkDup.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\DjvOcRM.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\KEBbvrq.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\kVQdqFh.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\sbZxkRg.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\TWXTRCY.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\wRCVate.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\zdEQkXJ.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\UzzpMgG.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\SsOEefv.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\spYdRJL.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\AYVjyrw.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\ZObNvjJ.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\HPIfxYa.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\IOwHWkh.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\JhqsKhx.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\AeFfouz.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\PDQrZGC.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\ESQVctG.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\weBykuU.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\VINRykU.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\FqLJdeq.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\sLsgpYe.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\hvMVUzt.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\TOxBjpN.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\DYyqYJD.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\ugKxelw.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\aypjSpf.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\KGrMvAX.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\HkMzslc.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\BtepKhv.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\iISmPvn.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\DxwJHdo.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\AbTvbiM.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\CAERsQF.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\JtYoMba.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\moBsNZl.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\sqFdZRr.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\YwuOSqq.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\LkGTrBW.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\aRMzzUB.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\vSHIQgB.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\kGZFxaS.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\NQjYUur.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
File created	C:\Windows\System\zUQnMHR.exe	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 4572	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	91
PID 2636 wrote to memory of 4572	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	91
PID 2636 wrote to memory of 676	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	92
PID 2636 wrote to memory of 676	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	92
PID 2636 wrote to memory of 4688	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	93
PID 2636 wrote to memory of 4688	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	93
PID 2636 wrote to memory of 3976	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	94
PID 2636 wrote to memory of 3976	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	94
PID 2636 wrote to memory of 2028	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	95
PID 2636 wrote to memory of 2028	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	95
PID 2636 wrote to memory of 2632	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	96
PID 2636 wrote to memory of 2632	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	96
PID 2636 wrote to memory of 2140	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	97
PID 2636 wrote to memory of 2140	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	97
PID 2636 wrote to memory of 384	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	98
PID 2636 wrote to memory of 384	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	98
PID 2636 wrote to memory of 864	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	99
PID 2636 wrote to memory of 864	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	99
PID 2636 wrote to memory of 400	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	100
PID 2636 wrote to memory of 400	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	100
PID 2636 wrote to memory of 1460	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	101
PID 2636 wrote to memory of 1460	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	101
PID 2636 wrote to memory of 4576	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	102
PID 2636 wrote to memory of 4576	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	102
PID 2636 wrote to memory of 396	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	103
PID 2636 wrote to memory of 396	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	103
PID 2636 wrote to memory of 1944	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	104
PID 2636 wrote to memory of 1944	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	104
PID 2636 wrote to memory of 2500	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	105
PID 2636 wrote to memory of 2500	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	105
PID 2636 wrote to memory of 2644	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	106
PID 2636 wrote to memory of 2644	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	106
PID 2636 wrote to memory of 1928	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	107
PID 2636 wrote to memory of 1928	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	107
PID 2636 wrote to memory of 3568	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	108
PID 2636 wrote to memory of 3568	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	108
PID 2636 wrote to memory of 2460	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	109
PID 2636 wrote to memory of 2460	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	109
PID 2636 wrote to memory of 2608	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	110
PID 2636 wrote to memory of 2608	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	110
PID 2636 wrote to memory of 636	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	111
PID 2636 wrote to memory of 636	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	111
PID 2636 wrote to memory of 2832	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	112
PID 2636 wrote to memory of 2832	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	112
PID 2636 wrote to memory of 2936	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	113
PID 2636 wrote to memory of 2936	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	113
PID 2636 wrote to memory of 3376	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	114
PID 2636 wrote to memory of 3376	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	114
PID 2636 wrote to memory of 4396	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	115
PID 2636 wrote to memory of 4396	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	115
PID 2636 wrote to memory of 3668	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	116
PID 2636 wrote to memory of 3668	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	116
PID 2636 wrote to memory of 1244	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	117
PID 2636 wrote to memory of 1244	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	117
PID 2636 wrote to memory of 4700	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	118
PID 2636 wrote to memory of 4700	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	118
PID 2636 wrote to memory of 2620	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	119
PID 2636 wrote to memory of 2620	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	119
PID 2636 wrote to memory of 2996	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	120
PID 2636 wrote to memory of 2996	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	120
PID 2636 wrote to memory of 4280	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	121
PID 2636 wrote to memory of 4280	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	121
PID 2636 wrote to memory of 4232	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	122
PID 2636 wrote to memory of 4232	2636	72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72d0d640b659beaabfbd9f70c70d0c309d7deba774e96417d9622a3b8d9627fe_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\System\cVCEfyv.exe
  C:\Windows\System\cVCEfyv.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\gTCGEVN.exe
  C:\Windows\System\gTCGEVN.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\oyDfAUn.exe
  C:\Windows\System\oyDfAUn.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\zSikONL.exe
  C:\Windows\System\zSikONL.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\vxIzOHf.exe
  C:\Windows\System\vxIzOHf.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\BtepKhv.exe
  C:\Windows\System\BtepKhv.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\CUCJgPu.exe
  C:\Windows\System\CUCJgPu.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\EcvUGQR.exe
  C:\Windows\System\EcvUGQR.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\fzrWEeO.exe
  C:\Windows\System\fzrWEeO.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\DjvOcRM.exe
  C:\Windows\System\DjvOcRM.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\qApKugT.exe
  C:\Windows\System\qApKugT.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\cwVUshb.exe
  C:\Windows\System\cwVUshb.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\xKCPsem.exe
  C:\Windows\System\xKCPsem.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\zsbwvgj.exe
  C:\Windows\System\zsbwvgj.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\IOwHWkh.exe
  C:\Windows\System\IOwHWkh.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\cxnAYFK.exe
  C:\Windows\System\cxnAYFK.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\jMsIJVw.exe
  C:\Windows\System\jMsIJVw.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\EdcgzqJ.exe
  C:\Windows\System\EdcgzqJ.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\MgIvfHE.exe
  C:\Windows\System\MgIvfHE.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\EjIQElw.exe
  C:\Windows\System\EjIQElw.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\HSjNive.exe
  C:\Windows\System\HSjNive.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\WfVQhuK.exe
  C:\Windows\System\WfVQhuK.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\AwYDdoD.exe
  C:\Windows\System\AwYDdoD.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\izfWfmc.exe
  C:\Windows\System\izfWfmc.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\NjKnstL.exe
  C:\Windows\System\NjKnstL.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\NBohdzF.exe
  C:\Windows\System\NBohdzF.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\KEBbvrq.exe
  C:\Windows\System\KEBbvrq.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\puqZGYE.exe
  C:\Windows\System\puqZGYE.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\JifCRjv.exe
  C:\Windows\System\JifCRjv.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\YwuOSqq.exe
  C:\Windows\System\YwuOSqq.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\IlIkMWT.exe
  C:\Windows\System\IlIkMWT.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\iISmPvn.exe
  C:\Windows\System\iISmPvn.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\JhqsKhx.exe
  C:\Windows\System\JhqsKhx.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\Cktecnl.exe
  C:\Windows\System\Cktecnl.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ZVcpJkj.exe
  C:\Windows\System\ZVcpJkj.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\WlMrHyI.exe
  C:\Windows\System\WlMrHyI.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\OBYWiTj.exe
  C:\Windows\System\OBYWiTj.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\ICedagw.exe
  C:\Windows\System\ICedagw.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\weBykuU.exe
  C:\Windows\System\weBykuU.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\CiGIrwB.exe
  C:\Windows\System\CiGIrwB.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\EMibiNG.exe
  C:\Windows\System\EMibiNG.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\tQHGDKC.exe
  C:\Windows\System\tQHGDKC.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\OThGJEj.exe
  C:\Windows\System\OThGJEj.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\sMcWbDY.exe
  C:\Windows\System\sMcWbDY.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\zdVObsX.exe
  C:\Windows\System\zdVObsX.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\MiXQTWL.exe
  C:\Windows\System\MiXQTWL.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\wAULWRb.exe
  C:\Windows\System\wAULWRb.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\JseXJeb.exe
  C:\Windows\System\JseXJeb.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\iIZYrTx.exe
  C:\Windows\System\iIZYrTx.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\mVJJGvC.exe
  C:\Windows\System\mVJJGvC.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\BLQSXXC.exe
  C:\Windows\System\BLQSXXC.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\mOPccyp.exe
  C:\Windows\System\mOPccyp.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\DFTEPhV.exe
  C:\Windows\System\DFTEPhV.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\TwdLoQa.exe
  C:\Windows\System\TwdLoQa.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\beqQuvm.exe
  C:\Windows\System\beqQuvm.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\jwYeTRl.exe
  C:\Windows\System\jwYeTRl.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\VfyhpBm.exe
  C:\Windows\System\VfyhpBm.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\iTHgkRA.exe
  C:\Windows\System\iTHgkRA.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\VINRykU.exe
  C:\Windows\System\VINRykU.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\wBxNxDg.exe
  C:\Windows\System\wBxNxDg.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\iQpmIEl.exe
  C:\Windows\System\iQpmIEl.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\aLluDwf.exe
  C:\Windows\System\aLluDwf.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\bSIynzI.exe
  C:\Windows\System\bSIynzI.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\YxKFVyH.exe
  C:\Windows\System\YxKFVyH.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\zdEQkXJ.exe
  C:\Windows\System\zdEQkXJ.exe
  2⤵
  PID:4940
- C:\Windows\System\cNlQjnr.exe
  C:\Windows\System\cNlQjnr.exe
  2⤵
  PID:4436
- C:\Windows\System\FznhBHa.exe
  C:\Windows\System\FznhBHa.exe
  2⤵
  PID:1292
- C:\Windows\System\jMDKSmT.exe
  C:\Windows\System\jMDKSmT.exe
  2⤵
  PID:2548
- C:\Windows\System\rblZhLl.exe
  C:\Windows\System\rblZhLl.exe
  2⤵
  PID:1484
- C:\Windows\System\NQjYUur.exe
  C:\Windows\System\NQjYUur.exe
  2⤵
  PID:3972
- C:\Windows\System\fXGVdwj.exe
  C:\Windows\System\fXGVdwj.exe
  2⤵
  PID:1252
- C:\Windows\System\Ndtduwu.exe
  C:\Windows\System\Ndtduwu.exe
  2⤵
  PID:1920
- C:\Windows\System\hvMVUzt.exe
  C:\Windows\System\hvMVUzt.exe
  2⤵
  PID:1656
- C:\Windows\System\mFecyvV.exe
  C:\Windows\System\mFecyvV.exe
  2⤵
  PID:2120
- C:\Windows\System\LkGTrBW.exe
  C:\Windows\System\LkGTrBW.exe
  2⤵
  PID:4004
- C:\Windows\System\VRzioWe.exe
  C:\Windows\System\VRzioWe.exe
  2⤵
  PID:3560
- C:\Windows\System\oynzSwr.exe
  C:\Windows\System\oynzSwr.exe
  2⤵
  PID:3952
- C:\Windows\System\YeFtfYW.exe
  C:\Windows\System\YeFtfYW.exe
  2⤵
  PID:4064
- C:\Windows\System\ZlkkjgF.exe
  C:\Windows\System\ZlkkjgF.exe
  2⤵
  PID:4276
- C:\Windows\System\PchFuWB.exe
  C:\Windows\System\PchFuWB.exe
  2⤵
  PID:3356
- C:\Windows\System\yymlqWZ.exe
  C:\Windows\System\yymlqWZ.exe
  2⤵
  PID:912
- C:\Windows\System\sbqhbsb.exe
  C:\Windows\System\sbqhbsb.exe
  2⤵
  PID:2484
- C:\Windows\System\XLFhOzR.exe
  C:\Windows\System\XLFhOzR.exe
  2⤵
  PID:4424
- C:\Windows\System\WYSYypy.exe
  C:\Windows\System\WYSYypy.exe
  2⤵
  PID:4120
- C:\Windows\System\uLmtgpT.exe
  C:\Windows\System\uLmtgpT.exe
  2⤵
  PID:5144
- C:\Windows\System\OPxUXwF.exe
  C:\Windows\System\OPxUXwF.exe
  2⤵
  PID:5168
- C:\Windows\System\lerBzXk.exe
  C:\Windows\System\lerBzXk.exe
  2⤵
  PID:5196
- C:\Windows\System\DxwJHdo.exe
  C:\Windows\System\DxwJHdo.exe
  2⤵
  PID:5224
- C:\Windows\System\aenuswW.exe
  C:\Windows\System\aenuswW.exe
  2⤵
  PID:5252
- C:\Windows\System\FsXCZEe.exe
  C:\Windows\System\FsXCZEe.exe
  2⤵
  PID:5280
- C:\Windows\System\VxfTNQG.exe
  C:\Windows\System\VxfTNQG.exe
  2⤵
  PID:5308
- C:\Windows\System\OCfdgXL.exe
  C:\Windows\System\OCfdgXL.exe
  2⤵
  PID:5352
- C:\Windows\System\DLwVgMo.exe
  C:\Windows\System\DLwVgMo.exe
  2⤵
  PID:5416
- C:\Windows\System\aRMzzUB.exe
  C:\Windows\System\aRMzzUB.exe
  2⤵
  PID:5440
- C:\Windows\System\JVOQlme.exe
  C:\Windows\System\JVOQlme.exe
  2⤵
  PID:5468
- C:\Windows\System\gNbhpOk.exe
  C:\Windows\System\gNbhpOk.exe
  2⤵
  PID:5512
- C:\Windows\System\kGAHlVk.exe
  C:\Windows\System\kGAHlVk.exe
  2⤵
  PID:5540
- C:\Windows\System\dFAzNpQ.exe
  C:\Windows\System\dFAzNpQ.exe
  2⤵
  PID:5568
- C:\Windows\System\Ytgagnz.exe
  C:\Windows\System\Ytgagnz.exe
  2⤵
  PID:5596
- C:\Windows\System\vLFDhyV.exe
  C:\Windows\System\vLFDhyV.exe
  2⤵
  PID:5624
- C:\Windows\System\VUHNuNp.exe
  C:\Windows\System\VUHNuNp.exe
  2⤵
  PID:5652
- C:\Windows\System\tWWfKoh.exe
  C:\Windows\System\tWWfKoh.exe
  2⤵
  PID:5684
- C:\Windows\System\vNHTIhQ.exe
  C:\Windows\System\vNHTIhQ.exe
  2⤵
  PID:5712
- C:\Windows\System\hNtwqIE.exe
  C:\Windows\System\hNtwqIE.exe
  2⤵
  PID:5740
- C:\Windows\System\VIQuFrj.exe
  C:\Windows\System\VIQuFrj.exe
  2⤵
  PID:5768
- C:\Windows\System\kuZsSGy.exe
  C:\Windows\System\kuZsSGy.exe
  2⤵
  PID:5796
- C:\Windows\System\TQVIrLG.exe
  C:\Windows\System\TQVIrLG.exe
  2⤵
  PID:5824
- C:\Windows\System\ARShgkp.exe
  C:\Windows\System\ARShgkp.exe
  2⤵
  PID:5844
- C:\Windows\System\Yobpcqu.exe
  C:\Windows\System\Yobpcqu.exe
  2⤵
  PID:5868
- C:\Windows\System\UkzZbbZ.exe
  C:\Windows\System\UkzZbbZ.exe
  2⤵
  PID:5892
- C:\Windows\System\eAzZBjr.exe
  C:\Windows\System\eAzZBjr.exe
  2⤵
  PID:5924
- C:\Windows\System\UzzpMgG.exe
  C:\Windows\System\UzzpMgG.exe
  2⤵
  PID:5956
- C:\Windows\System\ZzOfSbe.exe
  C:\Windows\System\ZzOfSbe.exe
  2⤵
  PID:5980
- C:\Windows\System\QKXQNMU.exe
  C:\Windows\System\QKXQNMU.exe
  2⤵
  PID:6012
- C:\Windows\System\msVgdmQ.exe
  C:\Windows\System\msVgdmQ.exe
  2⤵
  PID:6064
- C:\Windows\System\NJpaBlX.exe
  C:\Windows\System\NJpaBlX.exe
  2⤵
  PID:6100
- C:\Windows\System\JWABWoB.exe
  C:\Windows\System\JWABWoB.exe
  2⤵
  PID:6128
- C:\Windows\System\kmgxotB.exe
  C:\Windows\System\kmgxotB.exe
  2⤵
  PID:3428
- C:\Windows\System\HsblUPG.exe
  C:\Windows\System\HsblUPG.exe
  2⤵
  PID:4992
- C:\Windows\System\SsOEefv.exe
  C:\Windows\System\SsOEefv.exe
  2⤵
  PID:5264
- C:\Windows\System\JGYNqUX.exe
  C:\Windows\System\JGYNqUX.exe
  2⤵
  PID:5348
- C:\Windows\System\GbhJsAJ.exe
  C:\Windows\System\GbhJsAJ.exe
  2⤵
  PID:5476
- C:\Windows\System\oKASFHX.exe
  C:\Windows\System\oKASFHX.exe
  2⤵
  PID:5508
- C:\Windows\System\IpDNqaR.exe
  C:\Windows\System\IpDNqaR.exe
  2⤵
  PID:5584
- C:\Windows\System\WnivVwr.exe
  C:\Windows\System\WnivVwr.exe
  2⤵
  PID:5640
- C:\Windows\System\zUQnMHR.exe
  C:\Windows\System\zUQnMHR.exe
  2⤵
  PID:5704
- C:\Windows\System\YQipTZL.exe
  C:\Windows\System\YQipTZL.exe
  2⤵
  PID:5764
- C:\Windows\System\WEIdfXs.exe
  C:\Windows\System\WEIdfXs.exe
  2⤵
  PID:5836
- C:\Windows\System\oIKlkis.exe
  C:\Windows\System\oIKlkis.exe
  2⤵
  PID:5916
- C:\Windows\System\UMJYnJn.exe
  C:\Windows\System\UMJYnJn.exe
  2⤵
  PID:5976
- C:\Windows\System\ipfRfAb.exe
  C:\Windows\System\ipfRfAb.exe
  2⤵
  PID:6024
- C:\Windows\System\KocTThF.exe
  C:\Windows\System\KocTThF.exe
  2⤵
  PID:6112
- C:\Windows\System\WCeWhza.exe
  C:\Windows\System\WCeWhza.exe
  2⤵
  PID:5184
- C:\Windows\System\PZrAqVg.exe
  C:\Windows\System\PZrAqVg.exe
  2⤵
  PID:5428
- C:\Windows\System\kawiOjN.exe
  C:\Windows\System\kawiOjN.exe
  2⤵
  PID:5552
- C:\Windows\System\pPgLnQq.exe
  C:\Windows\System\pPgLnQq.exe
  2⤵
  PID:5696
- C:\Windows\System\AbTvbiM.exe
  C:\Windows\System\AbTvbiM.exe
  2⤵
  PID:5864
- C:\Windows\System\BoenKzM.exe
  C:\Windows\System\BoenKzM.exe
  2⤵
  PID:5968
- C:\Windows\System\spYdRJL.exe
  C:\Windows\System\spYdRJL.exe
  2⤵
  PID:5188
- C:\Windows\System\gBfNlwd.exe
  C:\Windows\System\gBfNlwd.exe
  2⤵
  PID:5676
- C:\Windows\System\HUVpSxn.exe
  C:\Windows\System\HUVpSxn.exe
  2⤵
  PID:6000
- C:\Windows\System\wYipWOG.exe
  C:\Windows\System\wYipWOG.exe
  2⤵
  PID:5488
- C:\Windows\System\vSHIQgB.exe
  C:\Windows\System\vSHIQgB.exe
  2⤵
  PID:5936
- C:\Windows\System\lnYMueS.exe
  C:\Windows\System\lnYMueS.exe
  2⤵
  PID:6172
- C:\Windows\System\ODeWzFL.exe
  C:\Windows\System\ODeWzFL.exe
  2⤵
  PID:6200
- C:\Windows\System\Anpcwwz.exe
  C:\Windows\System\Anpcwwz.exe
  2⤵
  PID:6228
- C:\Windows\System\eXOWqRU.exe
  C:\Windows\System\eXOWqRU.exe
  2⤵
  PID:6256
- C:\Windows\System\ywrMEOI.exe
  C:\Windows\System\ywrMEOI.exe
  2⤵
  PID:6284
- C:\Windows\System\AeFfouz.exe
  C:\Windows\System\AeFfouz.exe
  2⤵
  PID:6312
- C:\Windows\System\TfjQNbZ.exe
  C:\Windows\System\TfjQNbZ.exe
  2⤵
  PID:6340
- C:\Windows\System\AgNCljy.exe
  C:\Windows\System\AgNCljy.exe
  2⤵
  PID:6368
- C:\Windows\System\DXayNbA.exe
  C:\Windows\System\DXayNbA.exe
  2⤵
  PID:6396
- C:\Windows\System\CxWRFDp.exe
  C:\Windows\System\CxWRFDp.exe
  2⤵
  PID:6428
- C:\Windows\System\kVQdqFh.exe
  C:\Windows\System\kVQdqFh.exe
  2⤵
  PID:6456
- C:\Windows\System\igplVYk.exe
  C:\Windows\System\igplVYk.exe
  2⤵
  PID:6484
- C:\Windows\System\FqLJdeq.exe
  C:\Windows\System\FqLJdeq.exe
  2⤵
  PID:6512
- C:\Windows\System\aNxpUgr.exe
  C:\Windows\System\aNxpUgr.exe
  2⤵
  PID:6540
- C:\Windows\System\OSxhjLR.exe
  C:\Windows\System\OSxhjLR.exe
  2⤵
  PID:6564
- C:\Windows\System\aIAlTPO.exe
  C:\Windows\System\aIAlTPO.exe
  2⤵
  PID:6596
- C:\Windows\System\CAERsQF.exe
  C:\Windows\System\CAERsQF.exe
  2⤵
  PID:6624
- C:\Windows\System\WXdqTqL.exe
  C:\Windows\System\WXdqTqL.exe
  2⤵
  PID:6652
- C:\Windows\System\PDQrZGC.exe
  C:\Windows\System\PDQrZGC.exe
  2⤵
  PID:6692
- C:\Windows\System\TJMFRgO.exe
  C:\Windows\System\TJMFRgO.exe
  2⤵
  PID:6712
- C:\Windows\System\jNdDbLa.exe
  C:\Windows\System\jNdDbLa.exe
  2⤵
  PID:6732
- C:\Windows\System\AbebXxV.exe
  C:\Windows\System\AbebXxV.exe
  2⤵
  PID:6764
- C:\Windows\System\kGZFxaS.exe
  C:\Windows\System\kGZFxaS.exe
  2⤵
  PID:6796
- C:\Windows\System\kHerNsU.exe
  C:\Windows\System\kHerNsU.exe
  2⤵
  PID:6816
- C:\Windows\System\TKsGSbE.exe
  C:\Windows\System\TKsGSbE.exe
  2⤵
  PID:6844
- C:\Windows\System\iYRgVuA.exe
  C:\Windows\System\iYRgVuA.exe
  2⤵
  PID:6876
- C:\Windows\System\KWjQOIZ.exe
  C:\Windows\System\KWjQOIZ.exe
  2⤵
  PID:6896
- C:\Windows\System\wKxwiwa.exe
  C:\Windows\System\wKxwiwa.exe
  2⤵
  PID:6924
- C:\Windows\System\JtYoMba.exe
  C:\Windows\System\JtYoMba.exe
  2⤵
  PID:6956
- C:\Windows\System\MYhHryn.exe
  C:\Windows\System\MYhHryn.exe
  2⤵
  PID:6980
- C:\Windows\System\illOiFv.exe
  C:\Windows\System\illOiFv.exe
  2⤵
  PID:7012
- C:\Windows\System\pbhwcfI.exe
  C:\Windows\System\pbhwcfI.exe
  2⤵
  PID:7056
- C:\Windows\System\rvYqBiL.exe
  C:\Windows\System\rvYqBiL.exe
  2⤵
  PID:7084
- C:\Windows\System\OtFNspF.exe
  C:\Windows\System\OtFNspF.exe
  2⤵
  PID:7112
- C:\Windows\System\SMiWQcy.exe
  C:\Windows\System\SMiWQcy.exe
  2⤵
  PID:7140
- C:\Windows\System\OTPLVEs.exe
  C:\Windows\System\OTPLVEs.exe
  2⤵
  PID:5300
- C:\Windows\System\CeyzZRV.exe
  C:\Windows\System\CeyzZRV.exe
  2⤵
  PID:6216
- C:\Windows\System\nNecrDg.exe
  C:\Windows\System\nNecrDg.exe
  2⤵
  PID:6280
- C:\Windows\System\qvyTrvB.exe
  C:\Windows\System\qvyTrvB.exe
  2⤵
  PID:6332
- C:\Windows\System\gBHvJQi.exe
  C:\Windows\System\gBHvJQi.exe
  2⤵
  PID:6416
- C:\Windows\System\MtEpbpj.exe
  C:\Windows\System\MtEpbpj.exe
  2⤵
  PID:6472
- C:\Windows\System\YksoaVY.exe
  C:\Windows\System\YksoaVY.exe
  2⤵
  PID:6536
- C:\Windows\System\psjpOiQ.exe
  C:\Windows\System\psjpOiQ.exe
  2⤵
  PID:6592
- C:\Windows\System\ZKBOado.exe
  C:\Windows\System\ZKBOado.exe
  2⤵
  PID:6648
- C:\Windows\System\RMwZfOy.exe
  C:\Windows\System\RMwZfOy.exe
  2⤵
  PID:6728
- C:\Windows\System\iHonIbo.exe
  C:\Windows\System\iHonIbo.exe
  2⤵
  PID:6780
- C:\Windows\System\mQuhQGn.exe
  C:\Windows\System\mQuhQGn.exe
  2⤵
  PID:6840
- C:\Windows\System\zUvzZhj.exe
  C:\Windows\System\zUvzZhj.exe
  2⤵
  PID:6884
- C:\Windows\System\bHIKbaH.exe
  C:\Windows\System\bHIKbaH.exe
  2⤵
  PID:6996
- C:\Windows\System\emueZuj.exe
  C:\Windows\System\emueZuj.exe
  2⤵
  PID:7040
- C:\Windows\System\woaTuKq.exe
  C:\Windows\System\woaTuKq.exe
  2⤵
  PID:7100
- C:\Windows\System\WFMzzBn.exe
  C:\Windows\System\WFMzzBn.exe
  2⤵
  PID:7160
- C:\Windows\System\qXHVfRy.exe
  C:\Windows\System\qXHVfRy.exe
  2⤵
  PID:6240
- C:\Windows\System\wnklfpZ.exe
  C:\Windows\System\wnklfpZ.exe
  2⤵
  PID:6300
- C:\Windows\System\TOxBjpN.exe
  C:\Windows\System\TOxBjpN.exe
  2⤵
  PID:6448
- C:\Windows\System\AYVjyrw.exe
  C:\Windows\System\AYVjyrw.exe
  2⤵
  PID:6552
- C:\Windows\System\NyQgSeg.exe
  C:\Windows\System\NyQgSeg.exe
  2⤵
  PID:6660
- C:\Windows\System\ACBJGCw.exe
  C:\Windows\System\ACBJGCw.exe
  2⤵
  PID:6804
- C:\Windows\System\bUHMTDV.exe
  C:\Windows\System\bUHMTDV.exe
  2⤵
  PID:6972
- C:\Windows\System\tIfWmpX.exe
  C:\Windows\System\tIfWmpX.exe
  2⤵
  PID:6184
- C:\Windows\System\cVStVMs.exe
  C:\Windows\System\cVStVMs.exe
  2⤵
  PID:6444
- C:\Windows\System\ESQVctG.exe
  C:\Windows\System\ESQVctG.exe
  2⤵
  PID:6748
- C:\Windows\System\AEmiVdv.exe
  C:\Windows\System\AEmiVdv.exe
  2⤵
  PID:7080
- C:\Windows\System\DuUBhmO.exe
  C:\Windows\System\DuUBhmO.exe
  2⤵
  PID:6644
- C:\Windows\System\scvKvtz.exe
  C:\Windows\System\scvKvtz.exe
  2⤵
  PID:7184
- C:\Windows\System\bncmnFO.exe
  C:\Windows\System\bncmnFO.exe
  2⤵
  PID:7208
- C:\Windows\System\EbskXQK.exe
  C:\Windows\System\EbskXQK.exe
  2⤵
  PID:7240
- C:\Windows\System\AhkNlzN.exe
  C:\Windows\System\AhkNlzN.exe
  2⤵
  PID:7268
- C:\Windows\System\vzvUWAn.exe
  C:\Windows\System\vzvUWAn.exe
  2⤵
  PID:7288
- C:\Windows\System\GBlUlCZ.exe
  C:\Windows\System\GBlUlCZ.exe
  2⤵
  PID:7320
- C:\Windows\System\KWsMOoi.exe
  C:\Windows\System\KWsMOoi.exe
  2⤵
  PID:7352
- C:\Windows\System\UgKUCUp.exe
  C:\Windows\System\UgKUCUp.exe
  2⤵
  PID:7376
- C:\Windows\System\HTltcQy.exe
  C:\Windows\System\HTltcQy.exe
  2⤵
  PID:7396
- C:\Windows\System\vLzVBIF.exe
  C:\Windows\System\vLzVBIF.exe
  2⤵
  PID:7412
- C:\Windows\System\UqYuYgQ.exe
  C:\Windows\System\UqYuYgQ.exe
  2⤵
  PID:7436
- C:\Windows\System\MEYFPId.exe
  C:\Windows\System\MEYFPId.exe
  2⤵
  PID:7476
- C:\Windows\System\lYpNivC.exe
  C:\Windows\System\lYpNivC.exe
  2⤵
  PID:7500
- C:\Windows\System\QLjQSuK.exe
  C:\Windows\System\QLjQSuK.exe
  2⤵
  PID:7524
- C:\Windows\System\zdwPbMa.exe
  C:\Windows\System\zdwPbMa.exe
  2⤵
  PID:7544
- C:\Windows\System\ymoRntG.exe
  C:\Windows\System\ymoRntG.exe
  2⤵
  PID:7564
- C:\Windows\System\HwtEthE.exe
  C:\Windows\System\HwtEthE.exe
  2⤵
  PID:7620
- C:\Windows\System\sLsgpYe.exe
  C:\Windows\System\sLsgpYe.exe
  2⤵
  PID:7648
- C:\Windows\System\IpBAqPO.exe
  C:\Windows\System\IpBAqPO.exe
  2⤵
  PID:7692
- C:\Windows\System\xrlnEIT.exe
  C:\Windows\System\xrlnEIT.exe
  2⤵
  PID:7728
- C:\Windows\System\bKnPdqw.exe
  C:\Windows\System\bKnPdqw.exe
  2⤵
  PID:7748
- C:\Windows\System\jobjidw.exe
  C:\Windows\System\jobjidw.exe
  2⤵
  PID:7768
- C:\Windows\System\EIHPcUP.exe
  C:\Windows\System\EIHPcUP.exe
  2⤵
  PID:7796
- C:\Windows\System\moBsNZl.exe
  C:\Windows\System\moBsNZl.exe
  2⤵
  PID:7824
- C:\Windows\System\xUUuQpE.exe
  C:\Windows\System\xUUuQpE.exe
  2⤵
  PID:7848
- C:\Windows\System\aKQDbeC.exe
  C:\Windows\System\aKQDbeC.exe
  2⤵
  PID:7876
- C:\Windows\System\dPeboux.exe
  C:\Windows\System\dPeboux.exe
  2⤵
  PID:7908
- C:\Windows\System\YlSxAle.exe
  C:\Windows\System\YlSxAle.exe
  2⤵
  PID:7928
- C:\Windows\System\cwYnALM.exe
  C:\Windows\System\cwYnALM.exe
  2⤵
  PID:7952
- C:\Windows\System\AFomrCH.exe
  C:\Windows\System\AFomrCH.exe
  2⤵
  PID:7980
- C:\Windows\System\ChCrsha.exe
  C:\Windows\System\ChCrsha.exe
  2⤵
  PID:8008
- C:\Windows\System\ylieHLl.exe
  C:\Windows\System\ylieHLl.exe
  2⤵
  PID:8040
- C:\Windows\System\lBZgHrG.exe
  C:\Windows\System\lBZgHrG.exe
  2⤵
  PID:8068
- C:\Windows\System\oXTkern.exe
  C:\Windows\System\oXTkern.exe
  2⤵
  PID:8092
- C:\Windows\System\bYKKmXO.exe
  C:\Windows\System\bYKKmXO.exe
  2⤵
  PID:8116
- C:\Windows\System\GjxRqxD.exe
  C:\Windows\System\GjxRqxD.exe
  2⤵
  PID:8140
- C:\Windows\System\sbZxkRg.exe
  C:\Windows\System\sbZxkRg.exe
  2⤵
  PID:8168
- C:\Windows\System\YhEmlsy.exe
  C:\Windows\System\YhEmlsy.exe
  2⤵
  PID:7264
- C:\Windows\System\yPONayC.exe
  C:\Windows\System\yPONayC.exe
  2⤵
  PID:7364
- C:\Windows\System\jJRpKNX.exe
  C:\Windows\System\jJRpKNX.exe
  2⤵
  PID:7368
- C:\Windows\System\ynHrtCW.exe
  C:\Windows\System\ynHrtCW.exe
  2⤵
  PID:7460
- C:\Windows\System\LxvURyq.exe
  C:\Windows\System\LxvURyq.exe
  2⤵
  PID:7520
- C:\Windows\System\oSDbZzd.exe
  C:\Windows\System\oSDbZzd.exe
  2⤵
  PID:7552
- C:\Windows\System\LyeHFdN.exe
  C:\Windows\System\LyeHFdN.exe
  2⤵
  PID:7584
- C:\Windows\System\kGIGMHw.exe
  C:\Windows\System\kGIGMHw.exe
  2⤵
  PID:7708
- C:\Windows\System\CZSBRFE.exe
  C:\Windows\System\CZSBRFE.exe
  2⤵
  PID:7792
- C:\Windows\System\ynDHXnG.exe
  C:\Windows\System\ynDHXnG.exe
  2⤵
  PID:7804
- C:\Windows\System\DYyqYJD.exe
  C:\Windows\System\DYyqYJD.exe
  2⤵
  PID:7940
- C:\Windows\System\wkoalIC.exe
  C:\Windows\System\wkoalIC.exe
  2⤵
  PID:7944
- C:\Windows\System\RUgeNOL.exe
  C:\Windows\System\RUgeNOL.exe
  2⤵
  PID:8104
- C:\Windows\System\TWXTRCY.exe
  C:\Windows\System\TWXTRCY.exe
  2⤵
  PID:8160
- C:\Windows\System\SxFEIJG.exe
  C:\Windows\System\SxFEIJG.exe
  2⤵
  PID:7304
- C:\Windows\System\jOtLWmZ.exe
  C:\Windows\System\jOtLWmZ.exe
  2⤵
  PID:7328
- C:\Windows\System\TUqqzyn.exe
  C:\Windows\System\TUqqzyn.exe
  2⤵
  PID:6196
- C:\Windows\System\sjPJErj.exe
  C:\Windows\System\sjPJErj.exe
  2⤵
  PID:7632
- C:\Windows\System\ZkdEKMD.exe
  C:\Windows\System\ZkdEKMD.exe
  2⤵
  PID:7844
- C:\Windows\System\pngrfsF.exe
  C:\Windows\System\pngrfsF.exe
  2⤵
  PID:7964
- C:\Windows\System\KMmEBCM.exe
  C:\Windows\System\KMmEBCM.exe
  2⤵
  PID:8136
- C:\Windows\System\GmIEumR.exe
  C:\Windows\System\GmIEumR.exe
  2⤵
  PID:7316
- C:\Windows\System\RIaBgjS.exe
  C:\Windows\System\RIaBgjS.exe
  2⤵
  PID:7736
- C:\Windows\System\VMPwhwY.exe
  C:\Windows\System\VMPwhwY.exe
  2⤵
  PID:8032
- C:\Windows\System\KGrMvAX.exe
  C:\Windows\System\KGrMvAX.exe
  2⤵
  PID:7456
- C:\Windows\System\HkMzslc.exe
  C:\Windows\System\HkMzslc.exe
  2⤵
  PID:8020
- C:\Windows\System\huodKVg.exe
  C:\Windows\System\huodKVg.exe
  2⤵
  PID:8228
- C:\Windows\System\ZObNvjJ.exe
  C:\Windows\System\ZObNvjJ.exe
  2⤵
  PID:8252
- C:\Windows\System\uWZnzOl.exe
  C:\Windows\System\uWZnzOl.exe
  2⤵
  PID:8272
- C:\Windows\System\vdcsjXn.exe
  C:\Windows\System\vdcsjXn.exe
  2⤵
  PID:8304
- C:\Windows\System\qLKFJDa.exe
  C:\Windows\System\qLKFJDa.exe
  2⤵
  PID:8328
- C:\Windows\System\OuaQLcq.exe
  C:\Windows\System\OuaQLcq.exe
  2⤵
  PID:8356
- C:\Windows\System\HaCWdlS.exe
  C:\Windows\System\HaCWdlS.exe
  2⤵
  PID:8388
- C:\Windows\System\msoUKJj.exe
  C:\Windows\System\msoUKJj.exe
  2⤵
  PID:8404
- C:\Windows\System\lUmiyzB.exe
  C:\Windows\System\lUmiyzB.exe
  2⤵
  PID:8424
- C:\Windows\System\vjgrNdS.exe
  C:\Windows\System\vjgrNdS.exe
  2⤵
  PID:8444
- C:\Windows\System\lrMRMWl.exe
  C:\Windows\System\lrMRMWl.exe
  2⤵
  PID:8472
- C:\Windows\System\nRiBYzN.exe
  C:\Windows\System\nRiBYzN.exe
  2⤵
  PID:8496
- C:\Windows\System\NJbzXec.exe
  C:\Windows\System\NJbzXec.exe
  2⤵
  PID:8512
- C:\Windows\System\zhGaTwy.exe
  C:\Windows\System\zhGaTwy.exe
  2⤵
  PID:8540
- C:\Windows\System\JzdRRgW.exe
  C:\Windows\System\JzdRRgW.exe
  2⤵
  PID:8560
- C:\Windows\System\ugKxelw.exe
  C:\Windows\System\ugKxelw.exe
  2⤵
  PID:8592
- C:\Windows\System\DvOKMUT.exe
  C:\Windows\System\DvOKMUT.exe
  2⤵
  PID:8620
- C:\Windows\System\sJrhLhR.exe
  C:\Windows\System\sJrhLhR.exe
  2⤵
  PID:8644
- C:\Windows\System\RVqnrUL.exe
  C:\Windows\System\RVqnrUL.exe
  2⤵
  PID:8680
- C:\Windows\System\JamEMKl.exe
  C:\Windows\System\JamEMKl.exe
  2⤵
  PID:8704
- C:\Windows\System\XyjSMoP.exe
  C:\Windows\System\XyjSMoP.exe
  2⤵
  PID:8732
- C:\Windows\System\aypjSpf.exe
  C:\Windows\System\aypjSpf.exe
  2⤵
  PID:8756
- C:\Windows\System\huzROwp.exe
  C:\Windows\System\huzROwp.exe
  2⤵
  PID:8788
- C:\Windows\System\KqERKsN.exe
  C:\Windows\System\KqERKsN.exe
  2⤵
  PID:8804
- C:\Windows\System\udSdgKr.exe
  C:\Windows\System\udSdgKr.exe
  2⤵
  PID:8832
- C:\Windows\System\aLcEzKC.exe
  C:\Windows\System\aLcEzKC.exe
  2⤵
  PID:8856
- C:\Windows\System\jAOtCHB.exe
  C:\Windows\System\jAOtCHB.exe
  2⤵
  PID:8884
- C:\Windows\System\qVKHkCp.exe
  C:\Windows\System\qVKHkCp.exe
  2⤵
  PID:8908
- C:\Windows\System\YZHdCKk.exe
  C:\Windows\System\YZHdCKk.exe
  2⤵
  PID:8932
- C:\Windows\System\oXvfLQC.exe
  C:\Windows\System\oXvfLQC.exe
  2⤵
  PID:8960
- C:\Windows\System\HPIfxYa.exe
  C:\Windows\System\HPIfxYa.exe
  2⤵
  PID:8988
- C:\Windows\System\nlNkDup.exe
  C:\Windows\System\nlNkDup.exe
  2⤵
  PID:9008
- C:\Windows\System\sqFdZRr.exe
  C:\Windows\System\sqFdZRr.exe
  2⤵
  PID:9040
- C:\Windows\System\GPMczeA.exe
  C:\Windows\System\GPMczeA.exe
  2⤵
  PID:9056
- C:\Windows\System\kjIPYTr.exe
  C:\Windows\System\kjIPYTr.exe
  2⤵
  PID:9076
- C:\Windows\System\YAfgJGt.exe
  C:\Windows\System\YAfgJGt.exe
  2⤵
  PID:9104
- C:\Windows\System\StMVdtN.exe
  C:\Windows\System\StMVdtN.exe
  2⤵
  PID:9128
- C:\Windows\System\czLLkPg.exe
  C:\Windows\System\czLLkPg.exe
  2⤵
  PID:9144
- C:\Windows\System\ZzPZJBu.exe
  C:\Windows\System\ZzPZJBu.exe
  2⤵
  PID:9176
- C:\Windows\System\TjJwIec.exe
  C:\Windows\System\TjJwIec.exe
  2⤵
  PID:9200
- C:\Windows\System\zMmjrgF.exe
  C:\Windows\System\zMmjrgF.exe
  2⤵
  PID:2224
- C:\Windows\System\zbLEFdQ.exe
  C:\Windows\System\zbLEFdQ.exe
  2⤵
  PID:8240
- C:\Windows\System\tJtbtVp.exe
  C:\Windows\System\tJtbtVp.exe
  2⤵
  PID:8320
- C:\Windows\System\jqyPqYZ.exe
  C:\Windows\System\jqyPqYZ.exe
  2⤵
  PID:8368
- C:\Windows\System\goIStJz.exe
  C:\Windows\System\goIStJz.exe
  2⤵
  PID:8412
- C:\Windows\System\dXjaRCT.exe
  C:\Windows\System\dXjaRCT.exe
  2⤵
  PID:8524
- C:\Windows\System\BHBlHzG.exe
  C:\Windows\System\BHBlHzG.exe
  2⤵
  PID:8480
- C:\Windows\System\wRCVate.exe
  C:\Windows\System\wRCVate.exe
  2⤵
  PID:8728
- C:\Windows\System\tTclmLs.exe
  C:\Windows\System\tTclmLs.exe
  2⤵
  PID:8604
- C:\Windows\System\xpcccae.exe
  C:\Windows\System\xpcccae.exe
  2⤵
  PID:8828
- C:\Windows\System\TQdTgAk.exe
  C:\Windows\System\TQdTgAk.exe
  2⤵
  PID:8716
- C:\Windows\System\KVwKDRI.exe
  C:\Windows\System\KVwKDRI.exe
  2⤵
  PID:8816
- C:\Windows\System\OHbqDUL.exe
  C:\Windows\System\OHbqDUL.exe
  2⤵
  PID:9024
- C:\Windows\System\LEuBNMk.exe
  C:\Windows\System\LEuBNMk.exe
  2⤵
  PID:8948
- C:\Windows\System\tSiBsng.exe
  C:\Windows\System\tSiBsng.exe
  2⤵
  PID:9096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:9660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AwYDdoD.exe

Filesize
2.1MB

MD5
4e93a96306d5d4d1d8cc1b59d055fddf

SHA1
bbfa3fbed763ef825e6487ea447a4772c601850a

SHA256
5d556161d958f5c13a2925840f106132c5bd06d49c07d9b686b6c32c27c1ad46

SHA512
9dceef7d9ddad25738718ce3ec24366ba507f89bf564a5c5fd6a34568839d744f421a48d7747db811c416680c78570a1798138174cf162e55b2b2d2e48b742cd

Download Submit
C:\Windows\System\BtepKhv.exe

Filesize
2.1MB

MD5
84fdca72c7af62477e319bd0b3bfbbb4

SHA1
a6edeaa26670db038c0613e9ad3b71d639697b00

SHA256
e2f823b0c32daf978c2437cef067abbec92fd630d4d9151c3598739c301a0f52

SHA512
579018a94a71414ea247b3207e0760df3cb03869b9c5a5ba080d40d58e1709ad81be1ea606911d7121ae4fbe0c8959fa4a1f02896a8f1c2f0c339fa2abb3eb52

Download Submit
C:\Windows\System\CUCJgPu.exe

Filesize
2.1MB

MD5
ee3f871205f8e0c966695f2200f5dc7c

SHA1
ffdd23f416c6b64f2f1e47b791b83b1380229b74

SHA256
265498e41304a8fb4910236c45bbb4ef656fd83af6b88ee225488f501ca2ccd5

SHA512
2ff9500dab61951df1f7f650e4f2d44a5a3cc60e404b5ac463d0199e0ae202b48adf04d0bdae650c70d0fb8a1deb3c28f43bada9d68b55b76beae6ab8a65a055

Download Submit
C:\Windows\System\DjvOcRM.exe

Filesize
2.1MB

MD5
53ac03a3b2365a55a9a51a095024a448

SHA1
881496a8c9649d126985b15b8cb0155ee7521235

SHA256
eab8073486429e55973c58c87ac75e255ead4bfd13c665ca6c43bf28c01f9606

SHA512
55302de3cb83ae4ed8fa1153f0c843083ad274538a89afd018bf18b4d8875e97a7ad01449d8ca8f315d9bf964e2b7fe871f9ff937cbc2d3ebb48162de5d0c3c3

Download Submit
C:\Windows\System\EcvUGQR.exe

Filesize
2.1MB

MD5
01d0c6d4e1afb62126beda0925724b91

SHA1
3e6306e753033182d8296c9e69a03229a49f42f0

SHA256
1b215b658c43d888847818638b331f32ca18b2d3a3feb0190b4ca2b1a0faec9b

SHA512
ab52a4792d3e1a9c52ee6c14193a5a5c62f0b9cc9cd5f76f2d209401ce1bede2110ce4e8ef993fef956553911de01d0e3121b821ca3f3eb3bd2033c518714176

Download Submit
C:\Windows\System\EdcgzqJ.exe

Filesize
2.1MB

MD5
61245aa144f8710ffaa55e257f1ddc40

SHA1
6727f9ba2cd7545823d701c7ba8b729d97720990

SHA256
4dace4a494457818466aa023913207219756feaa78e7b4b8f224ea26348a683e

SHA512
c153922ad383fa39ff009934b5d7a8f17f4bf761c7e2a9122c88af9d12f1b59edee6347c06079465cee1d086211ecd5e66242f9389b1c728f430d346308f8edf

Download Submit
C:\Windows\System\EjIQElw.exe

Filesize
2.1MB

MD5
9bc424a8e5544b8452cd4f19b5e950ac

SHA1
54ca48ce4c49c728f5922aa9313a8212a1f4d96c

SHA256
68335aef334d2e65aace78346e1cb533a300de60267da73106c1923bef0677c0

SHA512
d1c2ce5c46cfbc0b026ef974bbb9e840e90f9856b5f3dd0b7601488c450f3c276c23d5900f38699d4e86f9883de2ab35bf8067543bc1afe574354e402caf87f8

Download Submit
C:\Windows\System\HSjNive.exe

Filesize
2.1MB

MD5
1b2ddb24aa287f850b52296179345317

SHA1
cad9a6b5c98a3a61ad4bfdac9729ea31eb94672e

SHA256
c5c39d1c382c9d08d992a8533b3a58b2f80f2ce2af5ac70f10a637f7cd40f712

SHA512
0f31734d04447210180e5e315f4306e1dc9a641a151d76bb2c2f60f90c39d8a2dc06ce18cd10f305a70f48c7c1bcfd515e9d33f49032092ec45d7975a3d0fd1b

Download Submit
C:\Windows\System\IOwHWkh.exe

Filesize
2.1MB

MD5
a5282e2a6a7610dcbf812636a1687894

SHA1
9ab215ec780cb235802191cce9727249dc4fc665

SHA256
6e65229421cc55bdb6eb443a160cad4e929966d7c46127e700ec8d6ad792b975

SHA512
297f2edd4927b326e082e2e0baf1424f6f8c29d4d3a94dc27f184cc364451d1e8d834120f1ca8c93c2014b6e2166d02bf2f00c0a55c964ca55026922c73808ad

Download Submit
C:\Windows\System\IlIkMWT.exe

Filesize
2.1MB

MD5
d7fe5cdec94b93ba5683760204f058be

SHA1
6de3c35aec434ee6f5c90ed314345dae23285ddf

SHA256
389ec4d9435e3d2fd40d9610eb6f8e86ee435206a32acc7e2192167048d6aa92

SHA512
6431d813d7949c033a6d64544168ab7b4f45e82146493129c260173a85f3dab09072cd5f684af421884f12fe971bb4c11f554a7b93332b2b05b9cebd30958b9e

Download Submit
C:\Windows\System\JifCRjv.exe

Filesize
2.1MB

MD5
85d660ee283e3a3bb2324aa9a4e6a33c

SHA1
32ce442b8d0a2c1a6bcaa9e15de47e69ecafc9ba

SHA256
a84b3d9549215ea7669a1d11c56de7d109c7f2e0b0bafbd2cdd2c07841407676

SHA512
894048c92921f583d035aef1b5306cdde78ccb5004a489e2496c8fdf0d4f5530f71f4ac3b7a9505582cfd2218ea14750f07bfbcacc8781e3465f92d3cf046f54

Download Submit
C:\Windows\System\KEBbvrq.exe

Filesize
2.1MB

MD5
3f561649abce23f60cf17cb39f852ac3

SHA1
5ad8e9a89772af805e4050d74fa0f05ca0c8a2c5

SHA256
87782b1ccd51bfc9462ce234db2ffdbbfb051da47c38a20621130c9268474b73

SHA512
3991f32a0f9a1cea5f01953d70964fb270b5cfc153e5d6b1653209b8d486a6617f5cb8579f99101f6e2dc2c5eeffa8ba45a0b1dc27780550254685ae35e3a2fa

Download Submit
C:\Windows\System\MgIvfHE.exe

Filesize
2.1MB

MD5
c72846320509eac5c24722c67ba6e26e

SHA1
6b9b21051151dcdc7f9b9af991128d4c0afed789

SHA256
0ed9afc0c1410a86b833f20dc27dcc008a67f6e958495c5e4ec9338793e623be

SHA512
fe904a5fa78a41a6984a6623f61ad1ca746e4232a07048b17d92c8fe5352819455e1bc80323dd5f779a38c359f31dc4e25bc3b0df256c9c1ed49ad21239919d6

Download Submit
C:\Windows\System\NBohdzF.exe

Filesize
2.1MB

MD5
05b9e01f1fa6cf23854efa109f4c2595

SHA1
f7007f8fabba073079d7784c863dc97ab2074a5e

SHA256
dfd4468e5d45e5270eb4c9773f03f26aaf98e6cb8fd2dc303a507dfd7855e488

SHA512
966ca406c59dd245248e1c96552e9b233c39e4d9a174e0cb0394f09fb878c64501c480585b195260c8f06f783da7fe0032288f61ef208f8a2bbadb61c840fea4

Download Submit
C:\Windows\System\NjKnstL.exe

Filesize
2.1MB

MD5
c93226334f5d7efa4b5e79c59f47d208

SHA1
3d4198f611dd1555b1f793f0bb9a50b29256e11b

SHA256
79a77876e8bad1a136c78d7d8aba3353aa9c666e4888cbbd85f44738fb5b3ba4

SHA512
b3d040afbf21785253263c5fab71244d19aae11f7d511a5085f58ef5226ff02bb63badc87ed7202fbe305d68e3aaffe5e386ff1946c9b17f07898b2265dc829d

Download Submit
C:\Windows\System\WfVQhuK.exe

Filesize
2.1MB

MD5
70be5cff9124d6e6f243e3b610e3562a

SHA1
679be41e7a17ec3dcd2449572428efd13207fbc2

SHA256
1894a94842ef7b4c38424d610afb16070bdab58db7a8e6820b4042189c8c2096

SHA512
2699077aa61034e7fc7439a649863a88567ee02cb2b29a71eff6b9c694bb7f7ddf1bed545d8b28c169eff3861370db83e067067cea6a8b7a37590d1d9a9432aa

Download Submit
C:\Windows\System\YwuOSqq.exe

Filesize
2.1MB

MD5
6c6f34b19f663219f7842bec09d76d7b

SHA1
2737ee0df0b88f07430d6dc6fcb084662f17b84b

SHA256
2f4e156d0e916115c2d20f21b1bcbcf5039ac2901223c183e37bb69d8d3a7504

SHA512
f76e6705abb7ce084d8ed7b45a888707a12c4ddbf46c6e19ba36cec6b82963a6084ba2ab99ff27f3869682eb404729a84115b0b0200d16f31609f868b86fd3aa

Download Submit
C:\Windows\System\cVCEfyv.exe

Filesize
2.1MB

MD5
76f82a8f17d098505780b724c9815003

SHA1
802bde412a83da48ffaa059b5cb1e2bd1332b71e

SHA256
9e020fdef70b6b4dbb710abaf768a63a787e2c557c1e6303d7fca3451d14e7bb

SHA512
0f306d1c0006b87b8bc2e792eb203e849011fa6e8bd2ca87c42c12f8dfc5719af23d842815021e4810f7890dc594793f84916db7942d843f0c3f56cc2cabbee8

Download Submit
C:\Windows\System\cwVUshb.exe

Filesize
2.1MB

MD5
1e819e0d4b8c4a2a9ce6fc647e4254d3

SHA1
25d3a6c676a10e2da8567504ab732fc536ab2eee

SHA256
9bc9a672031509e1651a8fb81af18a65610736b39166f92c531f12718d472bbe

SHA512
aa36cbdb7b494bc922ae45b706ad90ee307b6812274ee2d411db789618b1fc7e42915c7e592657f3b1ae41f7f7541c5650c04446e31bc889bc795f4a035c199a

Download Submit
C:\Windows\System\cxnAYFK.exe

Filesize
2.1MB

MD5
cb132fb9ef83514e9953f9b1d341b268

SHA1
24dc819d37e8a45ee77b5386385e13a0be3d88b2

SHA256
0c427e89f9ce4d6810cede42827f7d53c2918873b9771249aba25e0529528173

SHA512
679c42d8b858d86433da6de22014cff5e69b59a7d31423d8ec4397af8e5a741b25cffe44d377e1b1451e845f7a0311f48512439e3e30dff86b52602ffd8647cc

Download Submit
C:\Windows\System\fzrWEeO.exe

Filesize
2.1MB

MD5
a8fe6423506f6f766004baa21c305905

SHA1
4dfb12d7d4a55b41ec6668bf393cda889ed7ce85

SHA256
a72b8f4e258354573e537b189f8d8ea0e2ed4ab51a26f59a5e9f8dbe7e6d02c1

SHA512
9c0823fceb4d475d20b142347d31dd9f905f3e94fc50e4791dcf0edd6b56e22bdfc00eae880ab9133d976ab143851e41aba5292a1a2501a62a3961914e7b25fd

Download Submit
C:\Windows\System\gTCGEVN.exe

Filesize
2.1MB

MD5
67061473bf1dc1dfc2d7707f4996d392

SHA1
d49689364f5b371a917eb0c101e14d65fb5fad78

SHA256
d02f3110679c770d6cf28aad3530ba4ba09ba2d11b9208e4e043d6456d464870

SHA512
76bfd959e4d497f8d1e3047bb1cf088a9f5259f380f3b50049f2ec9afba452da17e2bd201a39916c7633fa5e56e3543e0b0c1eb2b9f1c5e7e8b3fe295e04c12d

Download Submit
C:\Windows\System\iISmPvn.exe

Filesize
2.1MB

MD5
2a902d75dc1da8b791c77cb47f5e561d

SHA1
e273250d8000201b3bd379520302eab081c0e66b

SHA256
5fef5ee205bd484b780f1b1f815bd1587873406626dd88404fd72fbf93af4257

SHA512
b7ea44631999b9313982c989b570dd4de20a19f83d3ec32493e3393af5770f37a6801e36510e44c12071286357fd639c8f01a9fa48077be6e3cf06b470fd9086

Download Submit
C:\Windows\System\izfWfmc.exe

Filesize
2.1MB

MD5
c53e5a95d21684c402023e55a63c57b1

SHA1
dcb130c6cb17c1cf2dff9aaba9d85a9942a0e4c0

SHA256
d32595584e53cf474172080e4135004a5bf07ba89e5942d5557eea8fbc36ebc4

SHA512
afb6969518f41137a1bb014d07dcec7d7be263b6108e42afdab77b91235aaaa912ecea77df9182d6abd3af65311c79a52acf29b68cfe6d383f5ee57e5db4cdc9

Download Submit
C:\Windows\System\jMsIJVw.exe

Filesize
2.1MB

MD5
70893f92dafabd6e94e5c0f89c4feb06

SHA1
014476d6cad33d006263e35be27fcebbc54b7cf6

SHA256
cdd0df675e63479b354f5fb7f541d6e621ca35924529ee3382faab13dcbf8637

SHA512
cdef9a25663afe09b27e9595042fbf9e88a1af4ca1cbf1c4cafed3d66c3d8c5581e67a9ee21d5117486636f1ffa42cf70bd476ce279a45e6a9aa0b59d05b1b6b

Download Submit
C:\Windows\System\oyDfAUn.exe

Filesize
2.1MB

MD5
20eea043a9fbc3e0ce67a64188588557

SHA1
12e87a446c35ae76c25347e11c2038b4c7352ac5

SHA256
f714e35ed421793214ed0aefd30100a52e464fa03772e67f16618939bf5d7b93

SHA512
f4bcd1ef14b169d66a2281ff7361ee94da0b55f2f77b0e93dfe19e7013b1e543254e662645182d372973032c1d20603dd870ea3d44bfdfe9dc1bd9be075df5d4

Download Submit
C:\Windows\System\puqZGYE.exe

Filesize
2.1MB

MD5
6cd6be6b69e418868248eb2d3986871d

SHA1
bca08ec4ded75d15170550dd0e8e38c8f54ed3b6

SHA256
62710590935dcd2523ee88ed0b0287fc797785fa03e46c911a761182bd8db976

SHA512
3a319606501a5a41cbf5396b4d97a9b8556647de3dd20b50f1a76d6233529d626f2cebcf454b6635502e08212173992f2c890c905e43296ff76c97056247a1fb

Download Submit
C:\Windows\System\qApKugT.exe

Filesize
2.1MB

MD5
55bcad009d052c3228d883e549b63116

SHA1
65ff8562a64fe672dfd77b5945b0eeb12ba1d145

SHA256
08d422e4b5859b7575b6171ba1cbf857e41892e93591ea4a42fb8305ddf71566

SHA512
8a4efbda8111e82a5b19e409e307cfd733446d829a8969aba5a36edc784d34e391b06bafd2c790e0f5c224255ba2c2faa841fc253de768207c464b70f1b18770

Download Submit
C:\Windows\System\vxIzOHf.exe

Filesize
2.1MB

MD5
a5a427631b175845747f24cd02dd6a8a

SHA1
8f1729c0eac3b9abd3714af16ba87481d55a6dee

SHA256
3e82676a3f0eb6719245cbc012e7150da4c27b79e88a61d5493bf55336b006bb

SHA512
298f8ec5ca784ac855ddd75e6e89f8fdfc947914e51525cf10f4e0336465a3aaac5a5b4675adb01fc980a3dd7d16a2cc22b19721db78525066a87a7d6004bb36

Download Submit
C:\Windows\System\xKCPsem.exe

Filesize
2.1MB

MD5
6ca399c27419afc6a2d58323c3b02814

SHA1
a86e839295fc50f7b6911f5d1796ee19d27e6eea

SHA256
7bfb11dbf4645c830d5f0f487d1a069f8ff2d83f78aa639deaa052698ae3976c

SHA512
6beb90e98ba84c54d2eda9b1925743fc3fd80ad8e7c75ce55fcc87ef4d20ee367fc1e56bb5be7ccf879bc72235c107edb2304cc0270eef24434d20d59b6cb403

Download Submit
C:\Windows\System\zSikONL.exe

Filesize
2.1MB

MD5
eef72d6eaa3f71cafd1e44311d53abfe

SHA1
3ba453f61b8abc9cff22b428cd532aa804963622

SHA256
21e7b664fe88256127084a855ad5265f77e1f44ba775cdbfbed9e1439b1cfc00

SHA512
da4f91aa887b1c4524e1ae78c33dc05ef0c0973068d0e19f2d73ece47fa883717546ae6a7b99724bcd58efa83f85f2c0c7025d78bbe15108f2229b72d41abce8

Download Submit
C:\Windows\System\zsbwvgj.exe

Filesize
2.1MB

MD5
4a12fe66f3f95edfcf4ba95436a5c2c0

SHA1
64188c5d0b476ca1332d6eafb4ae7b9e9e9eb60b

SHA256
3ed75ae32a926698bc53eaa03c53e4dc6e7639308e605d02130cca2d0c962b2c

SHA512
38be75ec0f62e9cbb99aca6846c49240bff103066d66494a8faa7ccf27252cbfffbf4e3779f3f0bf5fab557a095ebafe47a34c4b8427a957f29a77fd6dff6251

Download Submit
memory/2636-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download