kpot | 354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
Size

2.1MB
MD5

2bda26fd45ff823bebc252a6356a0c70
SHA1

66a1617ec0b62fc479503413b18e5e6bf9a5de11
SHA256

354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4
SHA512

3cd307cfb75504f1292704a123f007007fc29e1a815f709bb1f1baac944b854c7e0f6223dccde00aef231607b5905cec7475654b51d0658654203c2df5d2eb46
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2iVL:GemTLkNdfE0pZaQc

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000800000002328e-4.dat	family_kpot
behavioral2/files/0x0007000000023429-8.dat	family_kpot
behavioral2/files/0x000900000002341e-10.dat	family_kpot
behavioral2/files/0x000700000002342a-20.dat	family_kpot
behavioral2/files/0x000700000002342c-23.dat	family_kpot
behavioral2/files/0x000700000002342d-27.dat	family_kpot
behavioral2/files/0x000700000002342e-35.dat	family_kpot
behavioral2/files/0x0009000000023421-49.dat	family_kpot
behavioral2/files/0x0007000000023432-54.dat	family_kpot
behavioral2/files/0x0007000000023433-62.dat	family_kpot
behavioral2/files/0x0007000000023436-78.dat	family_kpot
behavioral2/files/0x0007000000023439-89.dat	family_kpot
behavioral2/files/0x000700000002343a-98.dat	family_kpot
behavioral2/files/0x000700000002343f-117.dat	family_kpot
behavioral2/files/0x0007000000023441-130.dat	family_kpot
behavioral2/files/0x0007000000023444-144.dat	family_kpot
behavioral2/files/0x0007000000023447-162.dat	family_kpot
behavioral2/files/0x0007000000023446-158.dat	family_kpot
behavioral2/files/0x0007000000023445-152.dat	family_kpot
behavioral2/files/0x0007000000023443-142.dat	family_kpot
behavioral2/files/0x0007000000023442-135.dat	family_kpot
behavioral2/files/0x0007000000023440-125.dat	family_kpot
behavioral2/files/0x000700000002343e-118.dat	family_kpot
behavioral2/files/0x000700000002343d-112.dat	family_kpot
behavioral2/files/0x000700000002343c-108.dat	family_kpot
behavioral2/files/0x000700000002343b-102.dat	family_kpot
behavioral2/files/0x0007000000023438-85.dat	family_kpot
behavioral2/files/0x0007000000023437-82.dat	family_kpot
behavioral2/files/0x0007000000023435-72.dat	family_kpot
behavioral2/files/0x0007000000023434-68.dat	family_kpot
behavioral2/files/0x0007000000023431-45.dat	family_kpot
behavioral2/files/0x000700000002342f-40.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000800000002328e-4.dat	xmrig
behavioral2/files/0x0007000000023429-8.dat	xmrig
behavioral2/files/0x000900000002341e-10.dat	xmrig
behavioral2/files/0x000700000002342a-20.dat	xmrig
behavioral2/files/0x000700000002342c-23.dat	xmrig
behavioral2/files/0x000700000002342d-27.dat	xmrig
behavioral2/files/0x000700000002342e-35.dat	xmrig
behavioral2/files/0x0009000000023421-49.dat	xmrig
behavioral2/files/0x0007000000023432-54.dat	xmrig
behavioral2/files/0x0007000000023433-62.dat	xmrig
behavioral2/files/0x0007000000023436-78.dat	xmrig
behavioral2/files/0x0007000000023439-89.dat	xmrig
behavioral2/files/0x000700000002343a-98.dat	xmrig
behavioral2/files/0x000700000002343f-117.dat	xmrig
behavioral2/files/0x0007000000023441-130.dat	xmrig
behavioral2/files/0x0007000000023444-144.dat	xmrig
behavioral2/files/0x0007000000023447-162.dat	xmrig
behavioral2/files/0x0007000000023446-158.dat	xmrig
behavioral2/files/0x0007000000023445-152.dat	xmrig
behavioral2/files/0x0007000000023443-142.dat	xmrig
behavioral2/files/0x0007000000023442-135.dat	xmrig
behavioral2/files/0x0007000000023440-125.dat	xmrig
behavioral2/files/0x000700000002343e-118.dat	xmrig
behavioral2/files/0x000700000002343d-112.dat	xmrig
behavioral2/files/0x000700000002343c-108.dat	xmrig
behavioral2/files/0x000700000002343b-102.dat	xmrig
behavioral2/files/0x0007000000023438-85.dat	xmrig
behavioral2/files/0x0007000000023437-82.dat	xmrig
behavioral2/files/0x0007000000023435-72.dat	xmrig
behavioral2/files/0x0007000000023434-68.dat	xmrig
behavioral2/files/0x0007000000023431-45.dat	xmrig
behavioral2/files/0x000700000002342f-40.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1668	iQkZmcx.exe
2956	ZzjmqrU.exe
1500	MWLYsgT.exe
4864	BYJjTuD.exe
3560	rraWYIe.exe
2000	JNoFOKZ.exe
3312	ZbDcybD.exe
4620	pNiNYpE.exe
3780	TtdUrqW.exe
452	cILwHju.exe
4024	ZQPXaIf.exe
1888	GbvVHBg.exe
4928	HYUYZUa.exe
3452	SoxEhks.exe
3488	FHfCSiu.exe
2908	swRvBrV.exe
2632	HLebWIz.exe
3184	uUFJoDi.exe
404	tLpiVqn.exe
4840	wsOfJCs.exe
2572	xRKYjGX.exe
3084	QqbUizo.exe
4792	pUEVsbu.exe
2256	tEzPFdA.exe
2252	JBnuKax.exe
1240	nRhsRyb.exe
2796	XNqxQgm.exe
940	DUtTSzi.exe
2932	NBvivNu.exe
2804	AmGpbQq.exe
3252	iBUTAxS.exe
1960	ZpGYnaO.exe
432	gDuQGhu.exe
764	PtzMHvH.exe
4260	SyMfXnZ.exe
1232	TQkDGxS.exe
3680	xzHnZen.exe
3996	zXvqgPw.exe
1428	HtZZKEK.exe
5008	ZoyZkrg.exe
4848	OHHSTIJ.exe
4464	yehPHvA.exe
1968	AymRCZv.exe
4524	oudnQkR.exe
1192	jKYBUbC.exe
1224	EqNVEST.exe
4724	sfDkIei.exe
4656	mUrqiQw.exe
2404	AoyJxVK.exe
1504	PpSbioP.exe
1572	rrISurI.exe
5020	EbnZMPW.exe
4968	AgSIftL.exe
5032	HjDKvkB.exe
3404	iNqOhkG.exe
680	kTRiqIX.exe
4512	iQfrVSq.exe
4004	RFRejJL.exe
2348	aGXtJVR.exe
1452	vwlDGEh.exe
4576	saUfDtr.exe
1676	VimXMOC.exe
2732	xLpeoYL.exe
2548	bUYPbjM.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RFRejJL.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\AHMfqrE.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\FugweLN.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\jPzWsHW.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\PifxdQT.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\VimXMOC.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\peTLdrs.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\dckuFtF.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\hlwoGnH.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\QZRtNif.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\xRKYjGX.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\uUNWhPR.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\QSbptqU.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\clyRkOS.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\kSfpsfZ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\cPLIkev.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\supMAAa.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\QqbUizo.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\jXzIZyM.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\XbqnUlp.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\vMvTOdh.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\MVqCFMn.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\RxvKvRP.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\jZpTnDJ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\rTcfNgf.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\WpgXBFM.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\pKskcAM.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\wZKSmXN.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\RxCXrQM.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\nhDXxKV.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\Fqktxag.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\oCzHhZQ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\OCQpkda.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\EmhOZja.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\BNjYvNZ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\ZKBSuWR.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\zzhwCpE.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\nhZOKRO.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\IgWNYdZ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\uUFJoDi.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\DrxOtxI.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\HiFHSgD.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\iIOwNsj.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\eVntksj.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\BeHLZEc.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\HtnLxIg.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\huTsufO.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\HKqNqtn.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\tLpiVqn.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\HtZZKEK.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\EaEaHJf.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\EngZNqh.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\TMeVnag.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\VLUpDRi.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\TvEUpAX.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\iQfrVSq.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\bEPankZ.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\UmzwjTh.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\ifPOSgI.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\zDAfCIt.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\AymRCZv.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\kTRiqIX.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\aRTljnl.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
File created	C:\Windows\System\ZcccoJg.exe	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 1668	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	82
PID 3900 wrote to memory of 1668	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	82
PID 3900 wrote to memory of 2956	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	83
PID 3900 wrote to memory of 2956	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	83
PID 3900 wrote to memory of 1500	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	84
PID 3900 wrote to memory of 1500	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	84
PID 3900 wrote to memory of 4864	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	85
PID 3900 wrote to memory of 4864	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	85
PID 3900 wrote to memory of 3560	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	86
PID 3900 wrote to memory of 3560	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	86
PID 3900 wrote to memory of 2000	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	87
PID 3900 wrote to memory of 2000	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	87
PID 3900 wrote to memory of 3312	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	88
PID 3900 wrote to memory of 3312	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	88
PID 3900 wrote to memory of 4620	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	89
PID 3900 wrote to memory of 4620	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	89
PID 3900 wrote to memory of 3780	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	90
PID 3900 wrote to memory of 3780	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	90
PID 3900 wrote to memory of 452	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	91
PID 3900 wrote to memory of 452	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	91
PID 3900 wrote to memory of 4024	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	92
PID 3900 wrote to memory of 4024	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	92
PID 3900 wrote to memory of 1888	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	93
PID 3900 wrote to memory of 1888	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	93
PID 3900 wrote to memory of 4928	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	94
PID 3900 wrote to memory of 4928	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	94
PID 3900 wrote to memory of 3452	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	95
PID 3900 wrote to memory of 3452	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	95
PID 3900 wrote to memory of 3488	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	96
PID 3900 wrote to memory of 3488	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	96
PID 3900 wrote to memory of 2908	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	97
PID 3900 wrote to memory of 2908	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	97
PID 3900 wrote to memory of 2632	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	98
PID 3900 wrote to memory of 2632	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	98
PID 3900 wrote to memory of 3184	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	99
PID 3900 wrote to memory of 3184	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	99
PID 3900 wrote to memory of 404	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	100
PID 3900 wrote to memory of 404	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	100
PID 3900 wrote to memory of 4840	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	101
PID 3900 wrote to memory of 4840	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	101
PID 3900 wrote to memory of 2572	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	102
PID 3900 wrote to memory of 2572	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	102
PID 3900 wrote to memory of 3084	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	103
PID 3900 wrote to memory of 3084	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	103
PID 3900 wrote to memory of 4792	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	104
PID 3900 wrote to memory of 4792	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	104
PID 3900 wrote to memory of 2256	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	105
PID 3900 wrote to memory of 2256	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	105
PID 3900 wrote to memory of 2252	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	106
PID 3900 wrote to memory of 2252	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	106
PID 3900 wrote to memory of 1240	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	107
PID 3900 wrote to memory of 1240	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	107
PID 3900 wrote to memory of 2796	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	108
PID 3900 wrote to memory of 2796	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	108
PID 3900 wrote to memory of 940	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	109
PID 3900 wrote to memory of 940	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	109
PID 3900 wrote to memory of 2932	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	110
PID 3900 wrote to memory of 2932	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	110
PID 3900 wrote to memory of 2804	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	111
PID 3900 wrote to memory of 2804	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	111
PID 3900 wrote to memory of 3252	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	112
PID 3900 wrote to memory of 3252	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	112
PID 3900 wrote to memory of 1960	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	113
PID 3900 wrote to memory of 1960	3900	354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\System\iQkZmcx.exe
  C:\Windows\System\iQkZmcx.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ZzjmqrU.exe
  C:\Windows\System\ZzjmqrU.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\MWLYsgT.exe
  C:\Windows\System\MWLYsgT.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\BYJjTuD.exe
  C:\Windows\System\BYJjTuD.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\rraWYIe.exe
  C:\Windows\System\rraWYIe.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\JNoFOKZ.exe
  C:\Windows\System\JNoFOKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ZbDcybD.exe
  C:\Windows\System\ZbDcybD.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\pNiNYpE.exe
  C:\Windows\System\pNiNYpE.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\TtdUrqW.exe
  C:\Windows\System\TtdUrqW.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\cILwHju.exe
  C:\Windows\System\cILwHju.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ZQPXaIf.exe
  C:\Windows\System\ZQPXaIf.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\GbvVHBg.exe
  C:\Windows\System\GbvVHBg.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\HYUYZUa.exe
  C:\Windows\System\HYUYZUa.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\SoxEhks.exe
  C:\Windows\System\SoxEhks.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\FHfCSiu.exe
  C:\Windows\System\FHfCSiu.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\swRvBrV.exe
  C:\Windows\System\swRvBrV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\HLebWIz.exe
  C:\Windows\System\HLebWIz.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\uUFJoDi.exe
  C:\Windows\System\uUFJoDi.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\tLpiVqn.exe
  C:\Windows\System\tLpiVqn.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\wsOfJCs.exe
  C:\Windows\System\wsOfJCs.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\xRKYjGX.exe
  C:\Windows\System\xRKYjGX.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\QqbUizo.exe
  C:\Windows\System\QqbUizo.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\pUEVsbu.exe
  C:\Windows\System\pUEVsbu.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\tEzPFdA.exe
  C:\Windows\System\tEzPFdA.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\JBnuKax.exe
  C:\Windows\System\JBnuKax.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\nRhsRyb.exe
  C:\Windows\System\nRhsRyb.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\XNqxQgm.exe
  C:\Windows\System\XNqxQgm.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\DUtTSzi.exe
  C:\Windows\System\DUtTSzi.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\NBvivNu.exe
  C:\Windows\System\NBvivNu.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\AmGpbQq.exe
  C:\Windows\System\AmGpbQq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\iBUTAxS.exe
  C:\Windows\System\iBUTAxS.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\ZpGYnaO.exe
  C:\Windows\System\ZpGYnaO.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\gDuQGhu.exe
  C:\Windows\System\gDuQGhu.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\PtzMHvH.exe
  C:\Windows\System\PtzMHvH.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\SyMfXnZ.exe
  C:\Windows\System\SyMfXnZ.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\TQkDGxS.exe
  C:\Windows\System\TQkDGxS.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\xzHnZen.exe
  C:\Windows\System\xzHnZen.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\zXvqgPw.exe
  C:\Windows\System\zXvqgPw.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\HtZZKEK.exe
  C:\Windows\System\HtZZKEK.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ZoyZkrg.exe
  C:\Windows\System\ZoyZkrg.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\OHHSTIJ.exe
  C:\Windows\System\OHHSTIJ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\yehPHvA.exe
  C:\Windows\System\yehPHvA.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\AymRCZv.exe
  C:\Windows\System\AymRCZv.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\oudnQkR.exe
  C:\Windows\System\oudnQkR.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\jKYBUbC.exe
  C:\Windows\System\jKYBUbC.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\EqNVEST.exe
  C:\Windows\System\EqNVEST.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\sfDkIei.exe
  C:\Windows\System\sfDkIei.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\mUrqiQw.exe
  C:\Windows\System\mUrqiQw.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\AoyJxVK.exe
  C:\Windows\System\AoyJxVK.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\PpSbioP.exe
  C:\Windows\System\PpSbioP.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\rrISurI.exe
  C:\Windows\System\rrISurI.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\EbnZMPW.exe
  C:\Windows\System\EbnZMPW.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\AgSIftL.exe
  C:\Windows\System\AgSIftL.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\HjDKvkB.exe
  C:\Windows\System\HjDKvkB.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\iNqOhkG.exe
  C:\Windows\System\iNqOhkG.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\kTRiqIX.exe
  C:\Windows\System\kTRiqIX.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\iQfrVSq.exe
  C:\Windows\System\iQfrVSq.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\RFRejJL.exe
  C:\Windows\System\RFRejJL.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\aGXtJVR.exe
  C:\Windows\System\aGXtJVR.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\vwlDGEh.exe
  C:\Windows\System\vwlDGEh.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\saUfDtr.exe
  C:\Windows\System\saUfDtr.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\VimXMOC.exe
  C:\Windows\System\VimXMOC.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\xLpeoYL.exe
  C:\Windows\System\xLpeoYL.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\bUYPbjM.exe
  C:\Windows\System\bUYPbjM.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\jXzIZyM.exe
  C:\Windows\System\jXzIZyM.exe
  2⤵
  PID:4540
- C:\Windows\System\MrbCPir.exe
  C:\Windows\System\MrbCPir.exe
  2⤵
  PID:3324
- C:\Windows\System\WpgXBFM.exe
  C:\Windows\System\WpgXBFM.exe
  2⤵
  PID:1008
- C:\Windows\System\XOZhkti.exe
  C:\Windows\System\XOZhkti.exe
  2⤵
  PID:1956
- C:\Windows\System\peTLdrs.exe
  C:\Windows\System\peTLdrs.exe
  2⤵
  PID:2792
- C:\Windows\System\DrxOtxI.exe
  C:\Windows\System\DrxOtxI.exe
  2⤵
  PID:852
- C:\Windows\System\aXRWLsZ.exe
  C:\Windows\System\aXRWLsZ.exe
  2⤵
  PID:4068
- C:\Windows\System\laAspSD.exe
  C:\Windows\System\laAspSD.exe
  2⤵
  PID:880
- C:\Windows\System\WIpjPLy.exe
  C:\Windows\System\WIpjPLy.exe
  2⤵
  PID:4100
- C:\Windows\System\XZMYjiz.exe
  C:\Windows\System\XZMYjiz.exe
  2⤵
  PID:1680
- C:\Windows\System\NsMOgbe.exe
  C:\Windows\System\NsMOgbe.exe
  2⤵
  PID:840
- C:\Windows\System\MpWJOKy.exe
  C:\Windows\System\MpWJOKy.exe
  2⤵
  PID:3548
- C:\Windows\System\GEDjxdO.exe
  C:\Windows\System\GEDjxdO.exe
  2⤵
  PID:1388
- C:\Windows\System\qeGpfML.exe
  C:\Windows\System\qeGpfML.exe
  2⤵
  PID:4064
- C:\Windows\System\HiFHSgD.exe
  C:\Windows\System\HiFHSgD.exe
  2⤵
  PID:2720
- C:\Windows\System\zVjTcNh.exe
  C:\Windows\System\zVjTcNh.exe
  2⤵
  PID:944
- C:\Windows\System\iIOwNsj.exe
  C:\Windows\System\iIOwNsj.exe
  2⤵
  PID:4492
- C:\Windows\System\gtFrROG.exe
  C:\Windows\System\gtFrROG.exe
  2⤵
  PID:1920
- C:\Windows\System\xBStBEf.exe
  C:\Windows\System\xBStBEf.exe
  2⤵
  PID:4356
- C:\Windows\System\jCdbUVe.exe
  C:\Windows\System\jCdbUVe.exe
  2⤵
  PID:1088
- C:\Windows\System\aRTljnl.exe
  C:\Windows\System\aRTljnl.exe
  2⤵
  PID:2288
- C:\Windows\System\pKskcAM.exe
  C:\Windows\System\pKskcAM.exe
  2⤵
  PID:2696
- C:\Windows\System\bUkqtKm.exe
  C:\Windows\System\bUkqtKm.exe
  2⤵
  PID:1996
- C:\Windows\System\AaWTeGh.exe
  C:\Windows\System\AaWTeGh.exe
  2⤵
  PID:3276
- C:\Windows\System\IsVhSRO.exe
  C:\Windows\System\IsVhSRO.exe
  2⤵
  PID:4796
- C:\Windows\System\zsYHWCu.exe
  C:\Windows\System\zsYHWCu.exe
  2⤵
  PID:4460
- C:\Windows\System\scsLzIY.exe
  C:\Windows\System\scsLzIY.exe
  2⤵
  PID:1076
- C:\Windows\System\ZKBSuWR.exe
  C:\Windows\System\ZKBSuWR.exe
  2⤵
  PID:1816
- C:\Windows\System\XGXrPVr.exe
  C:\Windows\System\XGXrPVr.exe
  2⤵
  PID:2920
- C:\Windows\System\fTcOibc.exe
  C:\Windows\System\fTcOibc.exe
  2⤵
  PID:3032
- C:\Windows\System\uzlLnAM.exe
  C:\Windows\System\uzlLnAM.exe
  2⤵
  PID:1916
- C:\Windows\System\LacZlqS.exe
  C:\Windows\System\LacZlqS.exe
  2⤵
  PID:2968
- C:\Windows\System\BsoqzzR.exe
  C:\Windows\System\BsoqzzR.exe
  2⤵
  PID:1448
- C:\Windows\System\jUzZOQb.exe
  C:\Windows\System\jUzZOQb.exe
  2⤵
  PID:5144
- C:\Windows\System\RVBbzNX.exe
  C:\Windows\System\RVBbzNX.exe
  2⤵
  PID:5172
- C:\Windows\System\hxTpcVB.exe
  C:\Windows\System\hxTpcVB.exe
  2⤵
  PID:5200
- C:\Windows\System\jweyCoI.exe
  C:\Windows\System\jweyCoI.exe
  2⤵
  PID:5228
- C:\Windows\System\OAuncvP.exe
  C:\Windows\System\OAuncvP.exe
  2⤵
  PID:5256
- C:\Windows\System\LWgUiTG.exe
  C:\Windows\System\LWgUiTG.exe
  2⤵
  PID:5284
- C:\Windows\System\eGvhnlA.exe
  C:\Windows\System\eGvhnlA.exe
  2⤵
  PID:5312
- C:\Windows\System\wAEvCzf.exe
  C:\Windows\System\wAEvCzf.exe
  2⤵
  PID:5340
- C:\Windows\System\EaEaHJf.exe
  C:\Windows\System\EaEaHJf.exe
  2⤵
  PID:5368
- C:\Windows\System\AxBuILN.exe
  C:\Windows\System\AxBuILN.exe
  2⤵
  PID:5396
- C:\Windows\System\sNVUfbt.exe
  C:\Windows\System\sNVUfbt.exe
  2⤵
  PID:5424
- C:\Windows\System\AyPBKNz.exe
  C:\Windows\System\AyPBKNz.exe
  2⤵
  PID:5452
- C:\Windows\System\SIzYJAM.exe
  C:\Windows\System\SIzYJAM.exe
  2⤵
  PID:5480
- C:\Windows\System\eVntksj.exe
  C:\Windows\System\eVntksj.exe
  2⤵
  PID:5508
- C:\Windows\System\ZXgiGZH.exe
  C:\Windows\System\ZXgiGZH.exe
  2⤵
  PID:5536
- C:\Windows\System\dckuFtF.exe
  C:\Windows\System\dckuFtF.exe
  2⤵
  PID:5564
- C:\Windows\System\KaCJWwg.exe
  C:\Windows\System\KaCJWwg.exe
  2⤵
  PID:5592
- C:\Windows\System\DdZBkyZ.exe
  C:\Windows\System\DdZBkyZ.exe
  2⤵
  PID:5620
- C:\Windows\System\jlIIMdY.exe
  C:\Windows\System\jlIIMdY.exe
  2⤵
  PID:5644
- C:\Windows\System\QCFHLlQ.exe
  C:\Windows\System\QCFHLlQ.exe
  2⤵
  PID:5672
- C:\Windows\System\AGzNipJ.exe
  C:\Windows\System\AGzNipJ.exe
  2⤵
  PID:5700
- C:\Windows\System\imaNONA.exe
  C:\Windows\System\imaNONA.exe
  2⤵
  PID:5732
- C:\Windows\System\IGjPiVg.exe
  C:\Windows\System\IGjPiVg.exe
  2⤵
  PID:5760
- C:\Windows\System\bQVYlzS.exe
  C:\Windows\System\bQVYlzS.exe
  2⤵
  PID:5784
- C:\Windows\System\oeObcQF.exe
  C:\Windows\System\oeObcQF.exe
  2⤵
  PID:5816
- C:\Windows\System\ObrlUIp.exe
  C:\Windows\System\ObrlUIp.exe
  2⤵
  PID:5844
- C:\Windows\System\zTSYVpK.exe
  C:\Windows\System\zTSYVpK.exe
  2⤵
  PID:5872
- C:\Windows\System\EngZNqh.exe
  C:\Windows\System\EngZNqh.exe
  2⤵
  PID:5900
- C:\Windows\System\DohFqrV.exe
  C:\Windows\System\DohFqrV.exe
  2⤵
  PID:5928
- C:\Windows\System\uUNWhPR.exe
  C:\Windows\System\uUNWhPR.exe
  2⤵
  PID:5960
- C:\Windows\System\AHMfqrE.exe
  C:\Windows\System\AHMfqrE.exe
  2⤵
  PID:5992
- C:\Windows\System\RvIxftS.exe
  C:\Windows\System\RvIxftS.exe
  2⤵
  PID:6032
- C:\Windows\System\BeHLZEc.exe
  C:\Windows\System\BeHLZEc.exe
  2⤵
  PID:6076
- C:\Windows\System\CUKXfca.exe
  C:\Windows\System\CUKXfca.exe
  2⤵
  PID:6096
- C:\Windows\System\ehvPcBQ.exe
  C:\Windows\System\ehvPcBQ.exe
  2⤵
  PID:6120
- C:\Windows\System\KhYUmgr.exe
  C:\Windows\System\KhYUmgr.exe
  2⤵
  PID:4556
- C:\Windows\System\OOrqeVb.exe
  C:\Windows\System\OOrqeVb.exe
  2⤵
  PID:2212
- C:\Windows\System\oNlrbOm.exe
  C:\Windows\System\oNlrbOm.exe
  2⤵
  PID:60
- C:\Windows\System\zzhwCpE.exe
  C:\Windows\System\zzhwCpE.exe
  2⤵
  PID:4160
- C:\Windows\System\VaLaBEF.exe
  C:\Windows\System\VaLaBEF.exe
  2⤵
  PID:5136
- C:\Windows\System\xLoiQrh.exe
  C:\Windows\System\xLoiQrh.exe
  2⤵
  PID:5212
- C:\Windows\System\sBsmGpr.exe
  C:\Windows\System\sBsmGpr.exe
  2⤵
  PID:5268
- C:\Windows\System\iWqHEAb.exe
  C:\Windows\System\iWqHEAb.exe
  2⤵
  PID:5352
- C:\Windows\System\kwakOMf.exe
  C:\Windows\System\kwakOMf.exe
  2⤵
  PID:5412
- C:\Windows\System\OCQpkda.exe
  C:\Windows\System\OCQpkda.exe
  2⤵
  PID:5492
- C:\Windows\System\KMDvcuU.exe
  C:\Windows\System\KMDvcuU.exe
  2⤵
  PID:5552
- C:\Windows\System\JydpUNb.exe
  C:\Windows\System\JydpUNb.exe
  2⤵
  PID:5608
- C:\Windows\System\bLYYKoi.exe
  C:\Windows\System\bLYYKoi.exe
  2⤵
  PID:5668
- C:\Windows\System\RZyhLbQ.exe
  C:\Windows\System\RZyhLbQ.exe
  2⤵
  PID:5720
- C:\Windows\System\DbaUFxo.exe
  C:\Windows\System\DbaUFxo.exe
  2⤵
  PID:5800
- C:\Windows\System\fXRdNYg.exe
  C:\Windows\System\fXRdNYg.exe
  2⤵
  PID:5860
- C:\Windows\System\loEPTfF.exe
  C:\Windows\System\loEPTfF.exe
  2⤵
  PID:5916
- C:\Windows\System\HtnLxIg.exe
  C:\Windows\System\HtnLxIg.exe
  2⤵
  PID:3964
- C:\Windows\System\ByRHWSS.exe
  C:\Windows\System\ByRHWSS.exe
  2⤵
  PID:3224
- C:\Windows\System\OxUkocv.exe
  C:\Windows\System\OxUkocv.exe
  2⤵
  PID:1096
- C:\Windows\System\wNMzesQ.exe
  C:\Windows\System\wNMzesQ.exe
  2⤵
  PID:1540
- C:\Windows\System\yUWHwcj.exe
  C:\Windows\System\yUWHwcj.exe
  2⤵
  PID:6052
- C:\Windows\System\vDKVubA.exe
  C:\Windows\System\vDKVubA.exe
  2⤵
  PID:6092
- C:\Windows\System\QSbptqU.exe
  C:\Windows\System\QSbptqU.exe
  2⤵
  PID:4476
- C:\Windows\System\xjOFcYe.exe
  C:\Windows\System\xjOFcYe.exe
  2⤵
  PID:6128
- C:\Windows\System\TWMKAix.exe
  C:\Windows\System\TWMKAix.exe
  2⤵
  PID:2620
- C:\Windows\System\EmhOZja.exe
  C:\Windows\System\EmhOZja.exe
  2⤵
  PID:1664
- C:\Windows\System\XbqnUlp.exe
  C:\Windows\System\XbqnUlp.exe
  2⤵
  PID:2768
- C:\Windows\System\SIsPyOH.exe
  C:\Windows\System\SIsPyOH.exe
  2⤵
  PID:1492
- C:\Windows\System\qQyGPWZ.exe
  C:\Windows\System\qQyGPWZ.exe
  2⤵
  PID:5240
- C:\Windows\System\rUiMXlO.exe
  C:\Windows\System\rUiMXlO.exe
  2⤵
  PID:5324
- C:\Windows\System\kkDraZP.exe
  C:\Windows\System\kkDraZP.exe
  2⤵
  PID:5436
- C:\Windows\System\GRdeIZm.exe
  C:\Windows\System\GRdeIZm.exe
  2⤵
  PID:5576
- C:\Windows\System\QzMjjWm.exe
  C:\Windows\System\QzMjjWm.exe
  2⤵
  PID:5716
- C:\Windows\System\jZVzJvy.exe
  C:\Windows\System\jZVzJvy.exe
  2⤵
  PID:916
- C:\Windows\System\VLUpDRi.exe
  C:\Windows\System\VLUpDRi.exe
  2⤵
  PID:4880
- C:\Windows\System\ayLscuo.exe
  C:\Windows\System\ayLscuo.exe
  2⤵
  PID:6072
- C:\Windows\System\dleDEJo.exe
  C:\Windows\System\dleDEJo.exe
  2⤵
  PID:4644
- C:\Windows\System\RInFWEZ.exe
  C:\Windows\System\RInFWEZ.exe
  2⤵
  PID:4020
- C:\Windows\System\tLucszI.exe
  C:\Windows\System\tLucszI.exe
  2⤵
  PID:5192
- C:\Windows\System\DKpbsdZ.exe
  C:\Windows\System\DKpbsdZ.exe
  2⤵
  PID:5500
- C:\Windows\System\wZKSmXN.exe
  C:\Windows\System\wZKSmXN.exe
  2⤵
  PID:5832
- C:\Windows\System\VadFMar.exe
  C:\Windows\System\VadFMar.exe
  2⤵
  PID:6056
- C:\Windows\System\yejKiII.exe
  C:\Windows\System\yejKiII.exe
  2⤵
  PID:4640
- C:\Windows\System\tismIBJ.exe
  C:\Windows\System\tismIBJ.exe
  2⤵
  PID:5188
- C:\Windows\System\FmHQuWL.exe
  C:\Windows\System\FmHQuWL.exe
  2⤵
  PID:3056
- C:\Windows\System\TTRhjoz.exe
  C:\Windows\System\TTRhjoz.exe
  2⤵
  PID:5388
- C:\Windows\System\bEPankZ.exe
  C:\Windows\System\bEPankZ.exe
  2⤵
  PID:6168
- C:\Windows\System\efDIIwL.exe
  C:\Windows\System\efDIIwL.exe
  2⤵
  PID:6200
- C:\Windows\System\mPtopSt.exe
  C:\Windows\System\mPtopSt.exe
  2⤵
  PID:6224
- C:\Windows\System\XckIJXN.exe
  C:\Windows\System\XckIJXN.exe
  2⤵
  PID:6252
- C:\Windows\System\zURtSZf.exe
  C:\Windows\System\zURtSZf.exe
  2⤵
  PID:6280
- C:\Windows\System\RylQQkJ.exe
  C:\Windows\System\RylQQkJ.exe
  2⤵
  PID:6312
- C:\Windows\System\aIyCDxE.exe
  C:\Windows\System\aIyCDxE.exe
  2⤵
  PID:6344
- C:\Windows\System\AoDqkho.exe
  C:\Windows\System\AoDqkho.exe
  2⤵
  PID:6372
- C:\Windows\System\wUkUPvz.exe
  C:\Windows\System\wUkUPvz.exe
  2⤵
  PID:6396
- C:\Windows\System\WAvXAqJ.exe
  C:\Windows\System\WAvXAqJ.exe
  2⤵
  PID:6432
- C:\Windows\System\RxCXrQM.exe
  C:\Windows\System\RxCXrQM.exe
  2⤵
  PID:6452
- C:\Windows\System\cPLIkev.exe
  C:\Windows\System\cPLIkev.exe
  2⤵
  PID:6480
- C:\Windows\System\AerXVwh.exe
  C:\Windows\System\AerXVwh.exe
  2⤵
  PID:6512
- C:\Windows\System\KmfGQkM.exe
  C:\Windows\System\KmfGQkM.exe
  2⤵
  PID:6540
- C:\Windows\System\ZtCiwfK.exe
  C:\Windows\System\ZtCiwfK.exe
  2⤵
  PID:6564
- C:\Windows\System\ZTrpmYe.exe
  C:\Windows\System\ZTrpmYe.exe
  2⤵
  PID:6592
- C:\Windows\System\dTTwmZW.exe
  C:\Windows\System\dTTwmZW.exe
  2⤵
  PID:6620
- C:\Windows\System\hgIfQPQ.exe
  C:\Windows\System\hgIfQPQ.exe
  2⤵
  PID:6652
- C:\Windows\System\dIbRyAF.exe
  C:\Windows\System\dIbRyAF.exe
  2⤵
  PID:6680
- C:\Windows\System\jJTPpDA.exe
  C:\Windows\System\jJTPpDA.exe
  2⤵
  PID:6704
- C:\Windows\System\clyRkOS.exe
  C:\Windows\System\clyRkOS.exe
  2⤵
  PID:6732
- C:\Windows\System\BNjYvNZ.exe
  C:\Windows\System\BNjYvNZ.exe
  2⤵
  PID:6748
- C:\Windows\System\eZppVrV.exe
  C:\Windows\System\eZppVrV.exe
  2⤵
  PID:6776
- C:\Windows\System\xOYrlJm.exe
  C:\Windows\System\xOYrlJm.exe
  2⤵
  PID:6792
- C:\Windows\System\NQQhRFA.exe
  C:\Windows\System\NQQhRFA.exe
  2⤵
  PID:6828
- C:\Windows\System\UYAWDpS.exe
  C:\Windows\System\UYAWDpS.exe
  2⤵
  PID:6860
- C:\Windows\System\azYJbOt.exe
  C:\Windows\System\azYJbOt.exe
  2⤵
  PID:6900
- C:\Windows\System\JPwChcB.exe
  C:\Windows\System\JPwChcB.exe
  2⤵
  PID:6932
- C:\Windows\System\msKEUfG.exe
  C:\Windows\System\msKEUfG.exe
  2⤵
  PID:6956
- C:\Windows\System\cwjnfYt.exe
  C:\Windows\System\cwjnfYt.exe
  2⤵
  PID:6984
- C:\Windows\System\RZmxKuA.exe
  C:\Windows\System\RZmxKuA.exe
  2⤵
  PID:7012
- C:\Windows\System\cFOldTc.exe
  C:\Windows\System\cFOldTc.exe
  2⤵
  PID:7040
- C:\Windows\System\nhDXxKV.exe
  C:\Windows\System\nhDXxKV.exe
  2⤵
  PID:7068
- C:\Windows\System\HnUiAMm.exe
  C:\Windows\System\HnUiAMm.exe
  2⤵
  PID:7096
- C:\Windows\System\OdYBVRY.exe
  C:\Windows\System\OdYBVRY.exe
  2⤵
  PID:7128
- C:\Windows\System\gawTlJJ.exe
  C:\Windows\System\gawTlJJ.exe
  2⤵
  PID:7160
- C:\Windows\System\aHyKewH.exe
  C:\Windows\System\aHyKewH.exe
  2⤵
  PID:6152
- C:\Windows\System\UcVlXbR.exe
  C:\Windows\System\UcVlXbR.exe
  2⤵
  PID:6236
- C:\Windows\System\jAFMfDN.exe
  C:\Windows\System\jAFMfDN.exe
  2⤵
  PID:6300
- C:\Windows\System\FugweLN.exe
  C:\Windows\System\FugweLN.exe
  2⤵
  PID:6384
- C:\Windows\System\HcOWihD.exe
  C:\Windows\System\HcOWihD.exe
  2⤵
  PID:6440
- C:\Windows\System\cseolsm.exe
  C:\Windows\System\cseolsm.exe
  2⤵
  PID:6520
- C:\Windows\System\IgWNYdZ.exe
  C:\Windows\System\IgWNYdZ.exe
  2⤵
  PID:6580
- C:\Windows\System\moaoOGs.exe
  C:\Windows\System\moaoOGs.exe
  2⤵
  PID:6640
- C:\Windows\System\fUkDUpQ.exe
  C:\Windows\System\fUkDUpQ.exe
  2⤵
  PID:6716
- C:\Windows\System\VZKTcdd.exe
  C:\Windows\System\VZKTcdd.exe
  2⤵
  PID:6804
- C:\Windows\System\DfhRkHw.exe
  C:\Windows\System\DfhRkHw.exe
  2⤵
  PID:6892
- C:\Windows\System\jPzWsHW.exe
  C:\Windows\System\jPzWsHW.exe
  2⤵
  PID:6980
- C:\Windows\System\IVOvSpJ.exe
  C:\Windows\System\IVOvSpJ.exe
  2⤵
  PID:7032
- C:\Windows\System\huTsufO.exe
  C:\Windows\System\huTsufO.exe
  2⤵
  PID:7108
- C:\Windows\System\oXLdQGo.exe
  C:\Windows\System\oXLdQGo.exe
  2⤵
  PID:6216
- C:\Windows\System\UmzwjTh.exe
  C:\Windows\System\UmzwjTh.exe
  2⤵
  PID:6416
- C:\Windows\System\jZpTnDJ.exe
  C:\Windows\System\jZpTnDJ.exe
  2⤵
  PID:6548
- C:\Windows\System\onjntdq.exe
  C:\Windows\System\onjntdq.exe
  2⤵
  PID:6696
- C:\Windows\System\hlwoGnH.exe
  C:\Windows\System\hlwoGnH.exe
  2⤵
  PID:6880
- C:\Windows\System\WTEpBre.exe
  C:\Windows\System\WTEpBre.exe
  2⤵
  PID:7008
- C:\Windows\System\mGJTIGW.exe
  C:\Windows\System\mGJTIGW.exe
  2⤵
  PID:6192
- C:\Windows\System\kSfpsfZ.exe
  C:\Windows\System\kSfpsfZ.exe
  2⤵
  PID:6492
- C:\Windows\System\DEjWtiq.exe
  C:\Windows\System\DEjWtiq.exe
  2⤵
  PID:7152
- C:\Windows\System\wYgPmMg.exe
  C:\Windows\System\wYgPmMg.exe
  2⤵
  PID:6952
- C:\Windows\System\CGLAfNu.exe
  C:\Windows\System\CGLAfNu.exe
  2⤵
  PID:6816
- C:\Windows\System\HKqNqtn.exe
  C:\Windows\System\HKqNqtn.exe
  2⤵
  PID:7196
- C:\Windows\System\CbyQrjD.exe
  C:\Windows\System\CbyQrjD.exe
  2⤵
  PID:7220
- C:\Windows\System\ptBPGTX.exe
  C:\Windows\System\ptBPGTX.exe
  2⤵
  PID:7264
- C:\Windows\System\siAgAjG.exe
  C:\Windows\System\siAgAjG.exe
  2⤵
  PID:7280
- C:\Windows\System\LYuixYL.exe
  C:\Windows\System\LYuixYL.exe
  2⤵
  PID:7296
- C:\Windows\System\Fqktxag.exe
  C:\Windows\System\Fqktxag.exe
  2⤵
  PID:7320
- C:\Windows\System\oBANQJy.exe
  C:\Windows\System\oBANQJy.exe
  2⤵
  PID:7352
- C:\Windows\System\YHCcKbU.exe
  C:\Windows\System\YHCcKbU.exe
  2⤵
  PID:7380
- C:\Windows\System\oCzHhZQ.exe
  C:\Windows\System\oCzHhZQ.exe
  2⤵
  PID:7432
- C:\Windows\System\KmuZJDJ.exe
  C:\Windows\System\KmuZJDJ.exe
  2⤵
  PID:7468
- C:\Windows\System\lpWMspE.exe
  C:\Windows\System\lpWMspE.exe
  2⤵
  PID:7492
- C:\Windows\System\dzRXQZY.exe
  C:\Windows\System\dzRXQZY.exe
  2⤵
  PID:7520
- C:\Windows\System\TFyDEEm.exe
  C:\Windows\System\TFyDEEm.exe
  2⤵
  PID:7544
- C:\Windows\System\ofIgONC.exe
  C:\Windows\System\ofIgONC.exe
  2⤵
  PID:7576
- C:\Windows\System\rfHmSNE.exe
  C:\Windows\System\rfHmSNE.exe
  2⤵
  PID:7604
- C:\Windows\System\PifxdQT.exe
  C:\Windows\System\PifxdQT.exe
  2⤵
  PID:7620
- C:\Windows\System\VyLSPbK.exe
  C:\Windows\System\VyLSPbK.exe
  2⤵
  PID:7652
- C:\Windows\System\wFcNzVi.exe
  C:\Windows\System\wFcNzVi.exe
  2⤵
  PID:7676
- C:\Windows\System\rTcfNgf.exe
  C:\Windows\System\rTcfNgf.exe
  2⤵
  PID:7704
- C:\Windows\System\ZcccoJg.exe
  C:\Windows\System\ZcccoJg.exe
  2⤵
  PID:7744
- C:\Windows\System\iYlLyoj.exe
  C:\Windows\System\iYlLyoj.exe
  2⤵
  PID:7772
- C:\Windows\System\xkxLpEv.exe
  C:\Windows\System\xkxLpEv.exe
  2⤵
  PID:7788
- C:\Windows\System\qsOiiJl.exe
  C:\Windows\System\qsOiiJl.exe
  2⤵
  PID:7828
- C:\Windows\System\jvirnxn.exe
  C:\Windows\System\jvirnxn.exe
  2⤵
  PID:7856
- C:\Windows\System\yfUJaWb.exe
  C:\Windows\System\yfUJaWb.exe
  2⤵
  PID:7872
- C:\Windows\System\FnlMfsS.exe
  C:\Windows\System\FnlMfsS.exe
  2⤵
  PID:7912
- C:\Windows\System\NbvWoru.exe
  C:\Windows\System\NbvWoru.exe
  2⤵
  PID:7928
- C:\Windows\System\BJUGUrY.exe
  C:\Windows\System\BJUGUrY.exe
  2⤵
  PID:7960
- C:\Windows\System\TIKtwoT.exe
  C:\Windows\System\TIKtwoT.exe
  2⤵
  PID:7984
- C:\Windows\System\LTSXRLn.exe
  C:\Windows\System\LTSXRLn.exe
  2⤵
  PID:8024
- C:\Windows\System\EQCMwSF.exe
  C:\Windows\System\EQCMwSF.exe
  2⤵
  PID:8068
- C:\Windows\System\BtkEaTc.exe
  C:\Windows\System\BtkEaTc.exe
  2⤵
  PID:8088
- C:\Windows\System\ifPOSgI.exe
  C:\Windows\System\ifPOSgI.exe
  2⤵
  PID:8108
- C:\Windows\System\vGlVBwd.exe
  C:\Windows\System\vGlVBwd.exe
  2⤵
  PID:8148
- C:\Windows\System\TXVjnIZ.exe
  C:\Windows\System\TXVjnIZ.exe
  2⤵
  PID:8168
- C:\Windows\System\kCjIodR.exe
  C:\Windows\System\kCjIodR.exe
  2⤵
  PID:6532
- C:\Windows\System\zDAfCIt.exe
  C:\Windows\System\zDAfCIt.exe
  2⤵
  PID:7240
- C:\Windows\System\JfeKLOb.exe
  C:\Windows\System\JfeKLOb.exe
  2⤵
  PID:7316
- C:\Windows\System\LQgGSJM.exe
  C:\Windows\System\LQgGSJM.exe
  2⤵
  PID:7372
- C:\Windows\System\hKjmRbF.exe
  C:\Windows\System\hKjmRbF.exe
  2⤵
  PID:7456
- C:\Windows\System\RpcSgve.exe
  C:\Windows\System\RpcSgve.exe
  2⤵
  PID:7536
- C:\Windows\System\bnmqiBF.exe
  C:\Windows\System\bnmqiBF.exe
  2⤵
  PID:7632
- C:\Windows\System\NdxlXOc.exe
  C:\Windows\System\NdxlXOc.exe
  2⤵
  PID:7736
- C:\Windows\System\vMvTOdh.exe
  C:\Windows\System\vMvTOdh.exe
  2⤵
  PID:7784
- C:\Windows\System\jRYMXDs.exe
  C:\Windows\System\jRYMXDs.exe
  2⤵
  PID:7896
- C:\Windows\System\xjZfPgK.exe
  C:\Windows\System\xjZfPgK.exe
  2⤵
  PID:7940
- C:\Windows\System\tgstltx.exe
  C:\Windows\System\tgstltx.exe
  2⤵
  PID:8076
- C:\Windows\System\VqtvkUW.exe
  C:\Windows\System\VqtvkUW.exe
  2⤵
  PID:8132
- C:\Windows\System\URdSYUb.exe
  C:\Windows\System\URdSYUb.exe
  2⤵
  PID:8184
- C:\Windows\System\TvvhBec.exe
  C:\Windows\System\TvvhBec.exe
  2⤵
  PID:7360
- C:\Windows\System\SyQlJbo.exe
  C:\Windows\System\SyQlJbo.exe
  2⤵
  PID:7564
- C:\Windows\System\EsqzYtD.exe
  C:\Windows\System\EsqzYtD.exe
  2⤵
  PID:7760
- C:\Windows\System\OYpedvX.exe
  C:\Windows\System\OYpedvX.exe
  2⤵
  PID:8100
- C:\Windows\System\USjfUmO.exe
  C:\Windows\System\USjfUmO.exe
  2⤵
  PID:8188
- C:\Windows\System\embdzjU.exe
  C:\Windows\System\embdzjU.exe
  2⤵
  PID:7804
- C:\Windows\System\zXNakbq.exe
  C:\Windows\System\zXNakbq.exe
  2⤵
  PID:7892
- C:\Windows\System\kGZNYwK.exe
  C:\Windows\System\kGZNYwK.exe
  2⤵
  PID:8208
- C:\Windows\System\MVqCFMn.exe
  C:\Windows\System\MVqCFMn.exe
  2⤵
  PID:8236
- C:\Windows\System\NipaNUK.exe
  C:\Windows\System\NipaNUK.exe
  2⤵
  PID:8272
- C:\Windows\System\kQRJCSR.exe
  C:\Windows\System\kQRJCSR.exe
  2⤵
  PID:8296
- C:\Windows\System\supMAAa.exe
  C:\Windows\System\supMAAa.exe
  2⤵
  PID:8328
- C:\Windows\System\nhZOKRO.exe
  C:\Windows\System\nhZOKRO.exe
  2⤵
  PID:8360
- C:\Windows\System\MIdVHWA.exe
  C:\Windows\System\MIdVHWA.exe
  2⤵
  PID:8392
- C:\Windows\System\xZFCgce.exe
  C:\Windows\System\xZFCgce.exe
  2⤵
  PID:8428
- C:\Windows\System\VsSzuVS.exe
  C:\Windows\System\VsSzuVS.exe
  2⤵
  PID:8464
- C:\Windows\System\NXSRBhG.exe
  C:\Windows\System\NXSRBhG.exe
  2⤵
  PID:8488
- C:\Windows\System\WrgdRll.exe
  C:\Windows\System\WrgdRll.exe
  2⤵
  PID:8544
- C:\Windows\System\JRKMVCi.exe
  C:\Windows\System\JRKMVCi.exe
  2⤵
  PID:8588
- C:\Windows\System\zCIRzzl.exe
  C:\Windows\System\zCIRzzl.exe
  2⤵
  PID:8604
- C:\Windows\System\AsJmFzL.exe
  C:\Windows\System\AsJmFzL.exe
  2⤵
  PID:8636
- C:\Windows\System\CwdSYvv.exe
  C:\Windows\System\CwdSYvv.exe
  2⤵
  PID:8672
- C:\Windows\System\hykkTKq.exe
  C:\Windows\System\hykkTKq.exe
  2⤵
  PID:8704
- C:\Windows\System\IhnREXz.exe
  C:\Windows\System\IhnREXz.exe
  2⤵
  PID:8728
- C:\Windows\System\OsKahAA.exe
  C:\Windows\System\OsKahAA.exe
  2⤵
  PID:8760
- C:\Windows\System\teBftiR.exe
  C:\Windows\System\teBftiR.exe
  2⤵
  PID:8788
- C:\Windows\System\TMeVnag.exe
  C:\Windows\System\TMeVnag.exe
  2⤵
  PID:8816
- C:\Windows\System\LDVEorZ.exe
  C:\Windows\System\LDVEorZ.exe
  2⤵
  PID:8844
- C:\Windows\System\YAMfEmE.exe
  C:\Windows\System\YAMfEmE.exe
  2⤵
  PID:8884
- C:\Windows\System\OnQSSYF.exe
  C:\Windows\System\OnQSSYF.exe
  2⤵
  PID:8912
- C:\Windows\System\gZVgCec.exe
  C:\Windows\System\gZVgCec.exe
  2⤵
  PID:8928
- C:\Windows\System\QZRtNif.exe
  C:\Windows\System\QZRtNif.exe
  2⤵
  PID:8956
- C:\Windows\System\RxvKvRP.exe
  C:\Windows\System\RxvKvRP.exe
  2⤵
  PID:8984
- C:\Windows\System\seUXJli.exe
  C:\Windows\System\seUXJli.exe
  2⤵
  PID:9012
- C:\Windows\System\dWPbLVB.exe
  C:\Windows\System\dWPbLVB.exe
  2⤵
  PID:9032
- C:\Windows\System\TvEUpAX.exe
  C:\Windows\System\TvEUpAX.exe
  2⤵
  PID:9056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AmGpbQq.exe

Filesize
2.1MB

MD5
7fdfde19455bd134ba7051e9ac95e3a7

SHA1
10dfb48e30afb44da3037287d41c6594b8518e56

SHA256
2129b73eeaf223dc4521e020f84cd9a2e58531cb563f50a3c3b72ac4c00360b4

SHA512
f00e868446e6a540aecdb71663125874cba9fdd0803768717956dac308cbe87d83072101748e332be00b5c19c29dd2be50a264747e4ee54cc034424244c74570

Download Submit
C:\Windows\System\BYJjTuD.exe

Filesize
2.1MB

MD5
5093921da83c5d09da26e2460a8868ac

SHA1
9213f77696c47b0741b388553f6a8a503a93c6fb

SHA256
5c506efce6f1d8355c321036d576284cbc9e8d993e47ab0e3dbe194088352cec

SHA512
5ffbf4403ff575ffc9d37d33e4afedfa9b9ffbd2b748ed8abbf1185ad41d841cb6bbae7370c16e19017d596b7770c8aaaf37dc9f277d20fe46d3b80c49693e18

Download Submit
C:\Windows\System\DUtTSzi.exe

Filesize
2.1MB

MD5
a60522f5e024359d000b9f6f41c527b4

SHA1
29031961bcba3eba7c6ee6aa7c7508674ba127d9

SHA256
eb1be9d27499f4e3cb95aec31242a6b50659c2f2c3fa0c59fa4e9b523ec3ff06

SHA512
766a835f95d3a40489487c9f60545635585b45c668618bd931c733c683bbaee69ea0d63496260be958a62af808b2c23f410cd67a0cd43298ced82497fd6549f1

Download Submit
C:\Windows\System\FHfCSiu.exe

Filesize
2.1MB

MD5
a29d96fb5c31ad7531d0cba2c6ae1b74

SHA1
b5053a452e9df4b39072748592cabcff3d333456

SHA256
6a6981c41217913dd7999d81b6ae8d21433774da541f7f047d063f8e31bf427e

SHA512
9a849b384026c302463096d0ee6891122f974e968a03b0c01ad37794ed09ae3640bbee7f2c5a94962bac004a9a4cf3adec6ed90d34c1ade407ed6dd1773fb124

Download Submit
C:\Windows\System\GbvVHBg.exe

Filesize
2.1MB

MD5
8a33297c0cabc98fa0c8b3eac9cd255c

SHA1
8e349a4ec25315e11699c0ea565260d774968793

SHA256
36862f2fbfeace4863426273508676092b308e60dcd3baae046d083bed466bbe

SHA512
a7cd9e6492367cbc4a9b2fb22e2485997fc5e9f58c0b15e419d6dd44ea1b9940e15ad0747927748c8cc89dee186d51267dc73efb43faacfe8292c94ff5f61fce

Download Submit
C:\Windows\System\HLebWIz.exe

Filesize
2.1MB

MD5
41335c39e3ebd07c801d47c2855b48c3

SHA1
a24925863723c4d77278576a7eccde1b41c23f85

SHA256
1b53b1a0f92231b235be12c09a30d9a0601172d46394b0ef7517c092afaada9c

SHA512
42618691f56f1ebad7cb2759afdc829e0934965fd354a002f0158d3a040894788a9e472720447c6fef3d9e3a03e0e0ebf47729d1978e16c2e45d36374938fc7f

Download Submit
C:\Windows\System\HYUYZUa.exe

Filesize
2.1MB

MD5
741099f4767ff8bc33d6d6bbce042ebd

SHA1
bbd892760c309a15247326fe3c215b177e77d743

SHA256
12746c0648254d7d174a7430b434414bbdf25cf2c4d00d7c0cfad93cd2b6a14b

SHA512
6f4e1d603b666554ae1ecd70cf6a4fe439b21e2f45b5f513dda83723f33365191c2235be0a255845e7c626f58eaf970a50c66a2cb66fb6f605e7fe95fc272dcd

Download Submit
C:\Windows\System\JBnuKax.exe

Filesize
2.1MB

MD5
84d4c787025402b8d250706cb2a67e41

SHA1
9f0d9e3787cd9faf6b0b21d7cfa4f00255e9bf4e

SHA256
200821828d7ef581dafe5551964124ad88a5288aeb81ee47dbbd1ed0ebae61f8

SHA512
569606b2d74a4364f91a899cd9b820701a70e380e61a4d0f1485554554602ecf8c96a062d9262d0a4530fd081d073a0d671681dffc91fa4f08c4370c2bdab9e2

Download Submit
C:\Windows\System\JNoFOKZ.exe

Filesize
2.1MB

MD5
45fa31f7d78ebc68f2b373dfb0d7c672

SHA1
8c3642a61c0dfea182449d576235794ec5d0ab5e

SHA256
8e214d397e90a44e94d9bc196cff4686dec7c78f3944ff993dabcf7d2bd71058

SHA512
6fefed1d7574185a0628008a917a3873acf2feda74abcc383436025ee252237adca6aa1f0d860030cc32309d84c82db5025784ff7cb785650e2ce961084cee21

Download Submit
C:\Windows\System\MWLYsgT.exe

Filesize
2.1MB

MD5
cc3d76a2363e3f67041e2193294b498f

SHA1
75d25675ec9791d315c0083013e8a74b4eaa53cd

SHA256
40ffd8048be7aab05cf0d50d0797f4552df6d9acbe723cc4c143eab7e5b7bca2

SHA512
d4051f1cf683bf09d18b2f3eccd0666101c642091e371fd3d36f4bde138877436aadaeb886e6541b9032579e14f81fde0881b49165090698dfde0bbcce3a3165

Download Submit
C:\Windows\System\NBvivNu.exe

Filesize
2.1MB

MD5
98505a02be9120e7d1fe6d4849d4bffb

SHA1
8cbc4598854674ecb72c5d363832cff1bb80e6d6

SHA256
6b4ef9d9ab4ac30cf5aeec5afaf20f594989bf855a66c317139c612d460e0986

SHA512
9a297ff08b4c9d4eb250f6408399d04e95a35a6303ade86023dcbd8ca6c8eeb47602f220a574ff33808b13da1ab70dabeb49b9df7ddcb1c9ee307b97e4948497

Download Submit
C:\Windows\System\QqbUizo.exe

Filesize
2.1MB

MD5
40d6dbfec62531d92a0b99e80340a29b

SHA1
65b315647c524713a6440c23baa8a0804f62ebc2

SHA256
1496db50beecc86797e38cb716c32fb031cab1ec5aee4337e5c937c794a893d2

SHA512
88fd26bdc4256b16fa89de027eeb7cad9152a9429d0147cb3f4f8803180eecf752e5d8d93db56dc184043e7dd24c75690e69366f0764d607f7f71cb8a3fd3e99

Download Submit
C:\Windows\System\SoxEhks.exe

Filesize
2.1MB

MD5
3f306ccb30af803eed910d8360deaa24

SHA1
c69e73838c35d46d8d018ff2db392dbcc1966c0d

SHA256
59382a94ea630c1d241b8ce95a92ed380ca71b9383af1d32ec977fb210c9f544

SHA512
2efa0a4799749dc80cdd90df9d54a5dbf68f1f1b1c1195628e8dc47e75f56dcc14f4273057ad61cc40e990e89af354657f0cb9dad37ad4694246a12b5f64a04b

Download Submit
C:\Windows\System\TtdUrqW.exe

Filesize
2.1MB

MD5
24391f673947cf1dcad12cd93ff8a827

SHA1
49d153a4090957a8ada0b6e0c16f7ce2c8552037

SHA256
714fb897931430edf646079f2cf1c26befa7dd9928eb5279685b15a02f46c6be

SHA512
9d4f2b7e27cff961bfa8e7f3531f3b0a60c0e81366a16f5c031cfd351c3d825b87af561fd9c9cc2a4ef3043d787e1bd762e354a29216810450261e3d1672fd5c

Download Submit
C:\Windows\System\XNqxQgm.exe

Filesize
2.1MB

MD5
843567ba54b6ace1456251799677dda0

SHA1
b90c4b380ea7e6924ce963204d3d1280863e500d

SHA256
a47faa618abd14c832db346e1d89eff5b979f28ddac345b5a419287567116974

SHA512
4655db55bf921052d2fc9e5efcbda07c834b9a6e1cf2188aed5edb86e5a05caa128ddb9fbdf324e52ec4db8a29a66436ca939442e1a6431e593b3a5b0d12658a

Download Submit
C:\Windows\System\ZQPXaIf.exe

Filesize
2.1MB

MD5
fdee2f9dea95bd0b42f4db9019fa8389

SHA1
ec3bde1cb5dabd3bbc8f66a5c2f9ac9921564a47

SHA256
5f1ac6ac0da4813d6ecb5843bc455f074557a330b17fdab787dc83ab8d97c28b

SHA512
d34fd87b8808461d77105c5444d01e35a2c6d4b9cb4e769abfaca2f121f136554c1099fb607918d81c2a556556ee7acb0280b95a911052f0c949bab5155856d3

Download Submit
C:\Windows\System\ZbDcybD.exe

Filesize
2.1MB

MD5
ecdb96bc88b42634d87bae2a26d7185e

SHA1
a9f0bf5e52756be6cd3b477338b26d8ead0e022a

SHA256
bbeef3adb5b9adaded5cfb4d156c877cec568094ef63606e3501067e9f4922c0

SHA512
a35c466cd5a0d093f43d2d0aa3549805065e09cca77e790ab0cc24ad651ea3b2d06b59262bd064567267e06ff696478b676717aff16a44360438951673f697f3

Download Submit
C:\Windows\System\ZpGYnaO.exe

Filesize
2.1MB

MD5
ef0a904593f8f6959f3e6bf0b6cbd631

SHA1
584e90820c41e0340bf471ae190d158d93d2d706

SHA256
bda99558d645ad427c5b698bd2146698d6fd22917dc3e08f8821a189f16ec9c5

SHA512
f47ce48a9160bf8b1a91c50cc29d786b5a9ffc61f82540cac0aadf5409633fdfa1aa6846de71bdc0082d47d4986107a0a5c9e35464ca3f2bf6a6926346931068

Download Submit
C:\Windows\System\ZzjmqrU.exe

Filesize
2.1MB

MD5
c840d2d17dffee9ba416c3cc11455aa7

SHA1
4ab979c4a88c9bda15557aad645f89d62a999fea

SHA256
e949b9c952f857e1337e0104ee91a88fcc5f101ca7ca49cb5d4a4b0bcbc87375

SHA512
92c1a68455c713bac0dcb4450a9ed9a1bf3fdf4e529234743d28957b07e40a76660d91b28118304934c480610efc12df5e3acae674c0acd9a086a1d2c435bb00

Download Submit
C:\Windows\System\cILwHju.exe

Filesize
2.1MB

MD5
075398242520b4d501647eaed8e22449

SHA1
5214c3ea28711bf4859357853f358c3a52ba6430

SHA256
7614bee71590d6c96b33268fb2a06c937793ea3515d87e7bcc95b302cc8342e5

SHA512
7678489ccd6fe2fdb4a90d3bc26115a6d71485492498bc203c64e36f9d32f6c77cc9b7f9f95fab3d05eee31500e3591cab9714646c46ab32ba2362fd53b69f8b

Download Submit
C:\Windows\System\iBUTAxS.exe

Filesize
2.1MB

MD5
d140d4a7a379ab68b4febf0c8b5f976b

SHA1
ead72f345109e7b0ac877eafd9e22c175b9b4182

SHA256
814bb92fe81d76211c12e11c3e3494bb03b373b8ca70b45408d085cca4e93e9e

SHA512
21ae5c09621afac46f4c8e55e850989d8ded2ff313729110d3ad5f72d07fbb673ca40caa34fd2b64e3176177d62dd06744a5c36e47d3d74023c84bfca822fdde

Download Submit
C:\Windows\System\iQkZmcx.exe

Filesize
2.1MB

MD5
1d42b33d6ddcb8e87cfe6f5878f6a15b

SHA1
dd122abdc320153707ce4ed40351a7d45f8083fc

SHA256
92efb46fadca923fda05ce147b73cb31a7bbfc1b6432030f52e727cb7a8ca665

SHA512
db18d6151e9b8c9717d5e6632d22b0fcd5892d74f35b826f8c7c83bc2056ffe8a5f81dcba93d88545410dfe2d9c678c4930926dd23c238097ee2eaa8dcc7d537

Download Submit
C:\Windows\System\nRhsRyb.exe

Filesize
2.1MB

MD5
22e237ebf22d33b2a27a726e0948adc1

SHA1
34d3a6370cf1757d7fd44920853f7c8c2615b74e

SHA256
0cc3ea1dfa39f56839e5dae1276ffffb365f9305d5eb7c5180a43f92cb8cf1c3

SHA512
099e5f887013a6401ff32b4e549e13c7017e27ac759760463b79895c3a12dfd89a847075d88b81e43e324eeeb205707d743a1f5a7155673783e22a044b5d1fbe

Download Submit
C:\Windows\System\pNiNYpE.exe

Filesize
2.1MB

MD5
5acc87a5bc31f6abb2a9822f4a20153e

SHA1
c97b33a293cb8eda1c39f10ef8a1f57e56e56356

SHA256
571359dd3f2f25c4aa747050a611bfb643ad2089219f744777cc3498b6ff1189

SHA512
3452d873c8dc44b34804e05d65abb920d3d82afee5905460b456775d6719091445443bc17ffaf9275bfdcef507b82029c3e9a6745e2a92af0502aaab9b8272cf

Download Submit
C:\Windows\System\pUEVsbu.exe

Filesize
2.1MB

MD5
a39206fe08d3560a0e41705d3f162dfc

SHA1
625fbb7efb8955f89c7526cb72cd26605ec6a916

SHA256
997d62c13a9e82178054e573e8b8ae0e6d1ba83d8c121b09cf1ff3118abf8dc6

SHA512
a0e15ea5baa3a02443737cdb3072f22796c9bfed7b165cb87c44195c3ed120919cd1c79e0974b0da521ab6283f04267e0013d0d3173e3d18b6eb48c2d41f00e1

Download Submit
C:\Windows\System\rraWYIe.exe

Filesize
2.1MB

MD5
0a411b6f241ea13f06af05b1b52e5e37

SHA1
24942fc1d4beb8707d5d760f82b7d175a756c25c

SHA256
9327e9b04250c3d2e1bf176c053b906784dff1fe3b0b3f6ea722fc8de6cebee8

SHA512
8393b76a82b411ccfca990c2ccae32f5e7689ac3b3c201846bca1cbe3c86231af8ddd0c0b0df1b10a03bf3008f8a461d9bab19176a39bc3fa5c338c0994742fe

Download Submit
C:\Windows\System\swRvBrV.exe

Filesize
2.1MB

MD5
3c5f921d6f6c469515b3719248a57a94

SHA1
74c16645f54c51d7faa6eaaaab2d6bb963a3b423

SHA256
4519c24e19f761466468e45a05274ab7443236bae903473d5f78ab6a8263efe6

SHA512
d41b5119e4b90fab30eb22e2c05fe1ed50e912f8fbad2cc187a8181453e6fef62f1d49168edea9c2bedd0dbb5b40bda17bc4a4ca4e8030700c94c2e1ace94b95

Download Submit
C:\Windows\System\tEzPFdA.exe

Filesize
2.1MB

MD5
8168135dd0c0b4666e9424c36af03d7a

SHA1
16576eba0f12db90b46ffb44f21d611f0a0de451

SHA256
4b312e85d0c6b00c3ea6c1be46a0efcdc8687ec7a3a1f7ba5a5f5d48348d97a8

SHA512
7f8c5517b8b29387e2c1f8999b08cfce4a9bb0cf3f0a70f25b34ec14c88146d4eeee4a55b980d3c1f4d25293db4b937a5fd0e63f995844ad1b5f1c5ac0a63eee

Download Submit
C:\Windows\System\tLpiVqn.exe

Filesize
2.1MB

MD5
cc0f576d1a923049bbbfcacccdad3d34

SHA1
78ae219a31b30e8995e041bc6a67ccb9c7a30bd8

SHA256
52cedf0e7e6b8f0f7dbd72212997f4cf5510403df4ddb94af77b228078f1dbd7

SHA512
a84959b3263c7eada7b66bd5e29ed94caa3e8f9caa65bb34d1b0981af87c0afc96f219bfb85444f0e66206c4c052e5f5cdcd3a1b1cea3b9de55a1008b804f0a6

Download Submit
C:\Windows\System\uUFJoDi.exe

Filesize
2.1MB

MD5
7f1efe9aa7d04679463e33878a47afb9

SHA1
b940ebb28464f980fb2ce4c3d0a424a72911414d

SHA256
7c411d7d5d5aa211bc095772359656225496e7da451d2344e16d94a7d9fd9da9

SHA512
8150fa99366d20b5ab3c15d5c8f4ff9071209a8737aafdc8f0f5e82dbc7c5597e8eee3c33b5207bb31033f7d607b9d30a1d0a97078ecc7870f762b8d72b01d52

Download Submit
C:\Windows\System\wsOfJCs.exe

Filesize
2.1MB

MD5
ce82a7f1ed866d097e49966f2eb6e57b

SHA1
c98208fd2782eea62606aa5ed6ac142a023bbdbb

SHA256
edfb26b0589a589ec27e9a71b46a9d8efcdb4128eb03dd6417f85476b9abc673

SHA512
d48f7c5b7178d3731947fee7c9e4062010e24ecd9dee43425cf613c9fc565b297071eca1887219fdd1dea569e410185838d313bda277386e97788e239bd6d9ec

Download Submit
C:\Windows\System\xRKYjGX.exe

Filesize
2.1MB

MD5
90b325d675a0fcebbd499893d8205fd9

SHA1
2d38a556586425dbf6f50939dd30194e475be906

SHA256
ef858835253b984b782fb4a5830a4d21830ff45d52d13115fcdcb9c1430829c2

SHA512
1bc5cdccf3f36580c6fb2ac8375b87e0c6dd6ee8b4ef33a676072d3e720163511879e46b38d5a2567c126a7e945a0e1bd27a31a74d3ea320ada59eab2442d65c

Download Submit
memory/3900-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download