kpot | 8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
Size

2.1MB
MD5

2809108b0d418b9fdceb68ef767e9920
SHA1

f0cbf26eb1fc1bc51f0abeaf11963eca4e692941
SHA256

8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26
SHA512

efcd1fa8178eed54b552f3dc78d3bffe4b9db68ca52a2bfe69d332d8960c496438c0ffe5b038ed6e46af38d04d7394087686b971c431e41196cf811232ea4620
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PI:GemTLkNdfE0pZaQI

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000900000002327a-4.dat	family_kpot
behavioral2/files/0x0008000000023411-9.dat	family_kpot
behavioral2/files/0x0007000000023412-8.dat	family_kpot
behavioral2/files/0x0007000000023413-18.dat	family_kpot
behavioral2/files/0x0007000000023414-24.dat	family_kpot
behavioral2/files/0x0007000000023415-29.dat	family_kpot
behavioral2/files/0x0007000000023416-34.dat	family_kpot
behavioral2/files/0x0007000000023417-37.dat	family_kpot
behavioral2/files/0x0007000000023418-44.dat	family_kpot
behavioral2/files/0x0007000000023419-49.dat	family_kpot
behavioral2/files/0x000800000002340f-52.dat	family_kpot
behavioral2/files/0x000700000002341a-59.dat	family_kpot
behavioral2/files/0x000700000002341b-64.dat	family_kpot
behavioral2/files/0x000700000002341c-69.dat	family_kpot
behavioral2/files/0x000700000002341d-75.dat	family_kpot
behavioral2/files/0x000700000002341f-78.dat	family_kpot
behavioral2/files/0x0007000000023420-84.dat	family_kpot
behavioral2/files/0x0007000000023422-90.dat	family_kpot
behavioral2/files/0x0007000000023423-94.dat	family_kpot
behavioral2/files/0x0007000000023424-99.dat	family_kpot
behavioral2/files/0x0007000000023425-105.dat	family_kpot
behavioral2/files/0x0007000000023428-123.dat	family_kpot
behavioral2/files/0x0007000000023429-125.dat	family_kpot
behavioral2/files/0x0007000000023427-115.dat	family_kpot
behavioral2/files/0x0007000000023426-112.dat	family_kpot
behavioral2/files/0x000700000002342a-129.dat	family_kpot
behavioral2/files/0x000700000002342b-134.dat	family_kpot
behavioral2/files/0x000700000002342c-139.dat	family_kpot
behavioral2/files/0x000700000002342d-144.dat	family_kpot
behavioral2/files/0x000700000002342e-149.dat	family_kpot
behavioral2/files/0x000700000002342f-155.dat	family_kpot
behavioral2/files/0x0007000000023430-159.dat	family_kpot
behavioral2/files/0x0007000000023431-162.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000900000002327a-4.dat	xmrig
behavioral2/files/0x0008000000023411-9.dat	xmrig
behavioral2/files/0x0007000000023412-8.dat	xmrig
behavioral2/files/0x0007000000023413-18.dat	xmrig
behavioral2/files/0x0007000000023414-24.dat	xmrig
behavioral2/files/0x0007000000023415-29.dat	xmrig
behavioral2/files/0x0007000000023416-34.dat	xmrig
behavioral2/files/0x0007000000023417-37.dat	xmrig
behavioral2/files/0x0007000000023418-44.dat	xmrig
behavioral2/files/0x0007000000023419-49.dat	xmrig
behavioral2/files/0x000800000002340f-52.dat	xmrig
behavioral2/files/0x000700000002341a-59.dat	xmrig
behavioral2/files/0x000700000002341b-64.dat	xmrig
behavioral2/files/0x000700000002341c-69.dat	xmrig
behavioral2/files/0x000700000002341d-75.dat	xmrig
behavioral2/files/0x000700000002341f-78.dat	xmrig
behavioral2/files/0x0007000000023420-84.dat	xmrig
behavioral2/files/0x0007000000023422-90.dat	xmrig
behavioral2/files/0x0007000000023423-94.dat	xmrig
behavioral2/files/0x0007000000023424-99.dat	xmrig
behavioral2/files/0x0007000000023425-105.dat	xmrig
behavioral2/files/0x0007000000023428-123.dat	xmrig
behavioral2/files/0x0007000000023429-125.dat	xmrig
behavioral2/files/0x0007000000023427-115.dat	xmrig
behavioral2/files/0x0007000000023426-112.dat	xmrig
behavioral2/files/0x000700000002342a-129.dat	xmrig
behavioral2/files/0x000700000002342b-134.dat	xmrig
behavioral2/files/0x000700000002342c-139.dat	xmrig
behavioral2/files/0x000700000002342d-144.dat	xmrig
behavioral2/files/0x000700000002342e-149.dat	xmrig
behavioral2/files/0x000700000002342f-155.dat	xmrig
behavioral2/files/0x0007000000023430-159.dat	xmrig
behavioral2/files/0x0007000000023431-162.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2852	BsdKaTE.exe
3724	ckUwbya.exe
2372	vsyBtaz.exe
708	TaBZjqO.exe
3456	sXUffwS.exe
232	ITRQSTf.exe
2548	ofRwQLo.exe
212	rqIGXaA.exe
3116	RGPwrXU.exe
3428	pvgxwDU.exe
1064	zpOyCeJ.exe
4636	WCmWefJ.exe
1552	noypOiy.exe
1072	gatHkub.exe
1760	uLVcDJN.exe
1112	qWeTNwB.exe
1540	kqYscxX.exe
3472	NpyvVNt.exe
912	XXGXsNK.exe
5108	kdBQTgb.exe
3232	onmjEfU.exe
4672	XwMHnLK.exe
3156	iJFETop.exe
760	noDzTYL.exe
4528	nJzXHes.exe
1084	hpJutce.exe
2064	VYiFbky.exe
4140	AOeKAcX.exe
4464	iCxHBfW.exe
2780	rwQgWgJ.exe
3484	AMoERld.exe
4764	esvZDFg.exe
4880	UGXxtQW.exe
2096	OPiFSCU.exe
220	ajbbitb.exe
4356	eqYBZyf.exe
1844	NGVUFbc.exe
3192	cyCfjkk.exe
3736	aeuRlLn.exe
1548	VwUasYs.exe
2036	xslJSFP.exe
3508	THnawXt.exe
1672	Bfxcpjj.exe
4620	mgnSwug.exe
4052	erxtcUM.exe
2504	bHNQpan.exe
400	aaHJWFf.exe
1196	uIizxZo.exe
4396	LDrrush.exe
5056	XyDZGoj.exe
4580	Kpmmhoz.exe
4644	QZhNZXb.exe
3552	vpRRQft.exe
4420	jzymZuu.exe
4612	JjjgAJo.exe
1016	tsaXLBT.exe
4240	AaZkcvE.exe
1228	pkVsWhR.exe
2688	WPHDfVm.exe
2112	TMHAgCX.exe
2528	dHrcFsU.exe
440	DQGECcY.exe
660	buzZEPp.exe
2900	UVVTlca.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hpJutce.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\LDrrush.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\gPFTJJv.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\CndLybS.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\avQfIjj.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\xHfTAZx.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\RRHldAb.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\lyhfMTX.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\XXGXsNK.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\uCNiKrj.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\oyygYtp.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\WPHvxJL.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\VipRjoo.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\eqYBZyf.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\KJoGbBb.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\dFcFCBk.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\QEuQpWr.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\cJunsKy.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\AaZkcvE.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\JCwQsIj.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\uEImuCi.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\wEGWuFr.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\NGVUFbc.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\TMHAgCX.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\RvWVBVl.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\OdzInwU.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\wgcrTnV.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\nwYeJpZ.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\GxJMBFO.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\iUApcYl.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\TISpzqD.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\GkoifaC.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\nXZWDyp.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\RuVADrr.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\KluRtos.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\onmjEfU.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\pkVsWhR.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\DQGECcY.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\EYGrUwU.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\pYqpbSt.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\flxVZpE.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\fdIhbYH.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\TaBZjqO.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\VYiFbky.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\OARexsh.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\jQxHBCX.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\RjQACey.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\LTHzsZo.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\coYKhTy.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\MuyCULI.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\ckyXHTs.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\lOlLKln.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\EgHFYgE.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\GlWvkBI.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\zpOyCeJ.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\Kpmmhoz.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\totMkPS.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\CCSOgzO.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\IaHtHxX.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\XcgTbLu.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\IUnujkv.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\jEuzZwb.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\ctZjGLA.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
File created	C:\Windows\System\TJyjLEq.exe	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 2852	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	83
PID 4576 wrote to memory of 2852	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	83
PID 4576 wrote to memory of 3724	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	84
PID 4576 wrote to memory of 3724	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	84
PID 4576 wrote to memory of 2372	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	85
PID 4576 wrote to memory of 2372	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	85
PID 4576 wrote to memory of 708	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	86
PID 4576 wrote to memory of 708	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	86
PID 4576 wrote to memory of 3456	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	87
PID 4576 wrote to memory of 3456	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	87
PID 4576 wrote to memory of 232	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	88
PID 4576 wrote to memory of 232	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	88
PID 4576 wrote to memory of 2548	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	89
PID 4576 wrote to memory of 2548	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	89
PID 4576 wrote to memory of 212	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	90
PID 4576 wrote to memory of 212	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	90
PID 4576 wrote to memory of 3116	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	91
PID 4576 wrote to memory of 3116	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	91
PID 4576 wrote to memory of 3428	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	92
PID 4576 wrote to memory of 3428	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	92
PID 4576 wrote to memory of 1064	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	93
PID 4576 wrote to memory of 1064	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	93
PID 4576 wrote to memory of 4636	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	94
PID 4576 wrote to memory of 4636	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	94
PID 4576 wrote to memory of 1552	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	95
PID 4576 wrote to memory of 1552	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	95
PID 4576 wrote to memory of 1072	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	96
PID 4576 wrote to memory of 1072	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	96
PID 4576 wrote to memory of 1760	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	98
PID 4576 wrote to memory of 1760	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	98
PID 4576 wrote to memory of 1112	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	99
PID 4576 wrote to memory of 1112	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	99
PID 4576 wrote to memory of 1540	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	100
PID 4576 wrote to memory of 1540	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	100
PID 4576 wrote to memory of 3472	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	102
PID 4576 wrote to memory of 3472	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	102
PID 4576 wrote to memory of 912	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	103
PID 4576 wrote to memory of 912	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	103
PID 4576 wrote to memory of 5108	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	104
PID 4576 wrote to memory of 5108	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	104
PID 4576 wrote to memory of 3232	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	105
PID 4576 wrote to memory of 3232	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	105
PID 4576 wrote to memory of 4672	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	106
PID 4576 wrote to memory of 4672	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	106
PID 4576 wrote to memory of 3156	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	107
PID 4576 wrote to memory of 3156	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	107
PID 4576 wrote to memory of 760	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	108
PID 4576 wrote to memory of 760	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	108
PID 4576 wrote to memory of 4528	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	109
PID 4576 wrote to memory of 4528	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	109
PID 4576 wrote to memory of 1084	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	110
PID 4576 wrote to memory of 1084	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	110
PID 4576 wrote to memory of 2064	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	112
PID 4576 wrote to memory of 2064	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	112
PID 4576 wrote to memory of 4140	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	113
PID 4576 wrote to memory of 4140	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	113
PID 4576 wrote to memory of 4464	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	114
PID 4576 wrote to memory of 4464	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	114
PID 4576 wrote to memory of 2780	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	115
PID 4576 wrote to memory of 2780	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	115
PID 4576 wrote to memory of 3484	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	116
PID 4576 wrote to memory of 3484	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	116
PID 4576 wrote to memory of 4764	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	117
PID 4576 wrote to memory of 4764	4576	8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8571f885103bdc7137594b29f2894fd9014bdd8c163a7d11b2456f0532335b26_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\System\BsdKaTE.exe
  C:\Windows\System\BsdKaTE.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ckUwbya.exe
  C:\Windows\System\ckUwbya.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\vsyBtaz.exe
  C:\Windows\System\vsyBtaz.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\TaBZjqO.exe
  C:\Windows\System\TaBZjqO.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\sXUffwS.exe
  C:\Windows\System\sXUffwS.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\ITRQSTf.exe
  C:\Windows\System\ITRQSTf.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\ofRwQLo.exe
  C:\Windows\System\ofRwQLo.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\rqIGXaA.exe
  C:\Windows\System\rqIGXaA.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\RGPwrXU.exe
  C:\Windows\System\RGPwrXU.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\pvgxwDU.exe
  C:\Windows\System\pvgxwDU.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\zpOyCeJ.exe
  C:\Windows\System\zpOyCeJ.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\WCmWefJ.exe
  C:\Windows\System\WCmWefJ.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\noypOiy.exe
  C:\Windows\System\noypOiy.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\gatHkub.exe
  C:\Windows\System\gatHkub.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\uLVcDJN.exe
  C:\Windows\System\uLVcDJN.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\qWeTNwB.exe
  C:\Windows\System\qWeTNwB.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\kqYscxX.exe
  C:\Windows\System\kqYscxX.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\NpyvVNt.exe
  C:\Windows\System\NpyvVNt.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\XXGXsNK.exe
  C:\Windows\System\XXGXsNK.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\kdBQTgb.exe
  C:\Windows\System\kdBQTgb.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\onmjEfU.exe
  C:\Windows\System\onmjEfU.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\XwMHnLK.exe
  C:\Windows\System\XwMHnLK.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\iJFETop.exe
  C:\Windows\System\iJFETop.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\noDzTYL.exe
  C:\Windows\System\noDzTYL.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\nJzXHes.exe
  C:\Windows\System\nJzXHes.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\hpJutce.exe
  C:\Windows\System\hpJutce.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\VYiFbky.exe
  C:\Windows\System\VYiFbky.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\AOeKAcX.exe
  C:\Windows\System\AOeKAcX.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\iCxHBfW.exe
  C:\Windows\System\iCxHBfW.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\rwQgWgJ.exe
  C:\Windows\System\rwQgWgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\AMoERld.exe
  C:\Windows\System\AMoERld.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\esvZDFg.exe
  C:\Windows\System\esvZDFg.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\UGXxtQW.exe
  C:\Windows\System\UGXxtQW.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\OPiFSCU.exe
  C:\Windows\System\OPiFSCU.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ajbbitb.exe
  C:\Windows\System\ajbbitb.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\eqYBZyf.exe
  C:\Windows\System\eqYBZyf.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\NGVUFbc.exe
  C:\Windows\System\NGVUFbc.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\cyCfjkk.exe
  C:\Windows\System\cyCfjkk.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\aeuRlLn.exe
  C:\Windows\System\aeuRlLn.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\VwUasYs.exe
  C:\Windows\System\VwUasYs.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\xslJSFP.exe
  C:\Windows\System\xslJSFP.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\THnawXt.exe
  C:\Windows\System\THnawXt.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\Bfxcpjj.exe
  C:\Windows\System\Bfxcpjj.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\mgnSwug.exe
  C:\Windows\System\mgnSwug.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\erxtcUM.exe
  C:\Windows\System\erxtcUM.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\bHNQpan.exe
  C:\Windows\System\bHNQpan.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\aaHJWFf.exe
  C:\Windows\System\aaHJWFf.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\uIizxZo.exe
  C:\Windows\System\uIizxZo.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\LDrrush.exe
  C:\Windows\System\LDrrush.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\XyDZGoj.exe
  C:\Windows\System\XyDZGoj.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\Kpmmhoz.exe
  C:\Windows\System\Kpmmhoz.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\QZhNZXb.exe
  C:\Windows\System\QZhNZXb.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\vpRRQft.exe
  C:\Windows\System\vpRRQft.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\jzymZuu.exe
  C:\Windows\System\jzymZuu.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\JjjgAJo.exe
  C:\Windows\System\JjjgAJo.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\tsaXLBT.exe
  C:\Windows\System\tsaXLBT.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\AaZkcvE.exe
  C:\Windows\System\AaZkcvE.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\pkVsWhR.exe
  C:\Windows\System\pkVsWhR.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\WPHDfVm.exe
  C:\Windows\System\WPHDfVm.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\TMHAgCX.exe
  C:\Windows\System\TMHAgCX.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\dHrcFsU.exe
  C:\Windows\System\dHrcFsU.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\DQGECcY.exe
  C:\Windows\System\DQGECcY.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\buzZEPp.exe
  C:\Windows\System\buzZEPp.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\UVVTlca.exe
  C:\Windows\System\UVVTlca.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\tzltgWD.exe
  C:\Windows\System\tzltgWD.exe
  2⤵
  PID:1908
- C:\Windows\System\AnjgnGi.exe
  C:\Windows\System\AnjgnGi.exe
  2⤵
  PID:1340
- C:\Windows\System\ACNSVVo.exe
  C:\Windows\System\ACNSVVo.exe
  2⤵
  PID:1880
- C:\Windows\System\CthZacN.exe
  C:\Windows\System\CthZacN.exe
  2⤵
  PID:3308
- C:\Windows\System\LdAuoeh.exe
  C:\Windows\System\LdAuoeh.exe
  2⤵
  PID:4148
- C:\Windows\System\ZGuztWm.exe
  C:\Windows\System\ZGuztWm.exe
  2⤵
  PID:4684
- C:\Windows\System\ctZjGLA.exe
  C:\Windows\System\ctZjGLA.exe
  2⤵
  PID:2244
- C:\Windows\System\RRHldAb.exe
  C:\Windows\System\RRHldAb.exe
  2⤵
  PID:1668
- C:\Windows\System\OLbPWmB.exe
  C:\Windows\System\OLbPWmB.exe
  2⤵
  PID:3392
- C:\Windows\System\KJoGbBb.exe
  C:\Windows\System\KJoGbBb.exe
  2⤵
  PID:2684
- C:\Windows\System\qwiCxUU.exe
  C:\Windows\System\qwiCxUU.exe
  2⤵
  PID:1568
- C:\Windows\System\SoyswhY.exe
  C:\Windows\System\SoyswhY.exe
  2⤵
  PID:4388
- C:\Windows\System\FqisYWa.exe
  C:\Windows\System\FqisYWa.exe
  2⤵
  PID:3964
- C:\Windows\System\RuVADrr.exe
  C:\Windows\System\RuVADrr.exe
  2⤵
  PID:1156
- C:\Windows\System\FaGtLPN.exe
  C:\Windows\System\FaGtLPN.exe
  2⤵
  PID:1608
- C:\Windows\System\OARexsh.exe
  C:\Windows\System\OARexsh.exe
  2⤵
  PID:116
- C:\Windows\System\iSsFfdG.exe
  C:\Windows\System\iSsFfdG.exe
  2⤵
  PID:3224
- C:\Windows\System\fdwiYzf.exe
  C:\Windows\System\fdwiYzf.exe
  2⤵
  PID:3816
- C:\Windows\System\qdiRRDC.exe
  C:\Windows\System\qdiRRDC.exe
  2⤵
  PID:3672
- C:\Windows\System\wsURoVT.exe
  C:\Windows\System\wsURoVT.exe
  2⤵
  PID:1664
- C:\Windows\System\nFUbfCH.exe
  C:\Windows\System\nFUbfCH.exe
  2⤵
  PID:704
- C:\Windows\System\msVoIMV.exe
  C:\Windows\System\msVoIMV.exe
  2⤵
  PID:4828
- C:\Windows\System\GqyjLXa.exe
  C:\Windows\System\GqyjLXa.exe
  2⤵
  PID:4428
- C:\Windows\System\KluRtos.exe
  C:\Windows\System\KluRtos.exe
  2⤵
  PID:4496
- C:\Windows\System\DjBVYYQ.exe
  C:\Windows\System\DjBVYYQ.exe
  2⤵
  PID:5136
- C:\Windows\System\IGWaMBj.exe
  C:\Windows\System\IGWaMBj.exe
  2⤵
  PID:5152
- C:\Windows\System\TRCEetr.exe
  C:\Windows\System\TRCEetr.exe
  2⤵
  PID:5176
- C:\Windows\System\zvIHkpa.exe
  C:\Windows\System\zvIHkpa.exe
  2⤵
  PID:5204
- C:\Windows\System\dFcFCBk.exe
  C:\Windows\System\dFcFCBk.exe
  2⤵
  PID:5224
- C:\Windows\System\POiJmcN.exe
  C:\Windows\System\POiJmcN.exe
  2⤵
  PID:5272
- C:\Windows\System\NgusywM.exe
  C:\Windows\System\NgusywM.exe
  2⤵
  PID:5300
- C:\Windows\System\hGHpJaT.exe
  C:\Windows\System\hGHpJaT.exe
  2⤵
  PID:5316
- C:\Windows\System\TJyjLEq.exe
  C:\Windows\System\TJyjLEq.exe
  2⤵
  PID:5348
- C:\Windows\System\nfedGMh.exe
  C:\Windows\System\nfedGMh.exe
  2⤵
  PID:5372
- C:\Windows\System\FSOASKp.exe
  C:\Windows\System\FSOASKp.exe
  2⤵
  PID:5404
- C:\Windows\System\MGbgzdJ.exe
  C:\Windows\System\MGbgzdJ.exe
  2⤵
  PID:5428
- C:\Windows\System\VjHFkNS.exe
  C:\Windows\System\VjHFkNS.exe
  2⤵
  PID:5448
- C:\Windows\System\TOeYjcz.exe
  C:\Windows\System\TOeYjcz.exe
  2⤵
  PID:5484
- C:\Windows\System\uIzWRvy.exe
  C:\Windows\System\uIzWRvy.exe
  2⤵
  PID:5516
- C:\Windows\System\PMDNLBo.exe
  C:\Windows\System\PMDNLBo.exe
  2⤵
  PID:5556
- C:\Windows\System\SjuJKHS.exe
  C:\Windows\System\SjuJKHS.exe
  2⤵
  PID:5576
- C:\Windows\System\GxJMBFO.exe
  C:\Windows\System\GxJMBFO.exe
  2⤵
  PID:5600
- C:\Windows\System\bdndOls.exe
  C:\Windows\System\bdndOls.exe
  2⤵
  PID:5616
- C:\Windows\System\iUApcYl.exe
  C:\Windows\System\iUApcYl.exe
  2⤵
  PID:5656
- C:\Windows\System\nmVZvWB.exe
  C:\Windows\System\nmVZvWB.exe
  2⤵
  PID:5688
- C:\Windows\System\FtKniSh.exe
  C:\Windows\System\FtKniSh.exe
  2⤵
  PID:5724
- C:\Windows\System\bMslGXP.exe
  C:\Windows\System\bMslGXP.exe
  2⤵
  PID:5740
- C:\Windows\System\jpmwLKL.exe
  C:\Windows\System\jpmwLKL.exe
  2⤵
  PID:5760
- C:\Windows\System\cTujhuz.exe
  C:\Windows\System\cTujhuz.exe
  2⤵
  PID:5796
- C:\Windows\System\YrpHhoR.exe
  C:\Windows\System\YrpHhoR.exe
  2⤵
  PID:5812
- C:\Windows\System\AACceKP.exe
  C:\Windows\System\AACceKP.exe
  2⤵
  PID:5844
- C:\Windows\System\eEHAWGj.exe
  C:\Windows\System\eEHAWGj.exe
  2⤵
  PID:5876
- C:\Windows\System\szZotzc.exe
  C:\Windows\System\szZotzc.exe
  2⤵
  PID:5908
- C:\Windows\System\hkuZQEs.exe
  C:\Windows\System\hkuZQEs.exe
  2⤵
  PID:5948
- C:\Windows\System\hehkWbW.exe
  C:\Windows\System\hehkWbW.exe
  2⤵
  PID:5964
- C:\Windows\System\AiIxZpZ.exe
  C:\Windows\System\AiIxZpZ.exe
  2⤵
  PID:5996
- C:\Windows\System\xDjjqcy.exe
  C:\Windows\System\xDjjqcy.exe
  2⤵
  PID:6032
- C:\Windows\System\pEbiHCB.exe
  C:\Windows\System\pEbiHCB.exe
  2⤵
  PID:6060
- C:\Windows\System\totMkPS.exe
  C:\Windows\System\totMkPS.exe
  2⤵
  PID:6076
- C:\Windows\System\yXNCCTJ.exe
  C:\Windows\System\yXNCCTJ.exe
  2⤵
  PID:6116
- C:\Windows\System\TbNajNn.exe
  C:\Windows\System\TbNajNn.exe
  2⤵
  PID:6136
- C:\Windows\System\coYKhTy.exe
  C:\Windows\System\coYKhTy.exe
  2⤵
  PID:5172
- C:\Windows\System\raRMBnc.exe
  C:\Windows\System\raRMBnc.exe
  2⤵
  PID:5264
- C:\Windows\System\qjXJRVN.exe
  C:\Windows\System\qjXJRVN.exe
  2⤵
  PID:5312
- C:\Windows\System\ybCCiTj.exe
  C:\Windows\System\ybCCiTj.exe
  2⤵
  PID:5360
- C:\Windows\System\YImkPvM.exe
  C:\Windows\System\YImkPvM.exe
  2⤵
  PID:5456
- C:\Windows\System\TrUICQG.exe
  C:\Windows\System\TrUICQG.exe
  2⤵
  PID:5504
- C:\Windows\System\LWgDAAQ.exe
  C:\Windows\System\LWgDAAQ.exe
  2⤵
  PID:5592
- C:\Windows\System\SZwZNAj.exe
  C:\Windows\System\SZwZNAj.exe
  2⤵
  PID:5648
- C:\Windows\System\WWVfcLm.exe
  C:\Windows\System\WWVfcLm.exe
  2⤵
  PID:5732
- C:\Windows\System\FNzgrOB.exe
  C:\Windows\System\FNzgrOB.exe
  2⤵
  PID:5772
- C:\Windows\System\CifsMAQ.exe
  C:\Windows\System\CifsMAQ.exe
  2⤵
  PID:5860
- C:\Windows\System\ooZoknC.exe
  C:\Windows\System\ooZoknC.exe
  2⤵
  PID:5936
- C:\Windows\System\uCNiKrj.exe
  C:\Windows\System\uCNiKrj.exe
  2⤵
  PID:5992
- C:\Windows\System\VBCoZbQ.exe
  C:\Windows\System\VBCoZbQ.exe
  2⤵
  PID:6052
- C:\Windows\System\PUUneLY.exe
  C:\Windows\System\PUUneLY.exe
  2⤵
  PID:6132
- C:\Windows\System\JWFTzPA.exe
  C:\Windows\System\JWFTzPA.exe
  2⤵
  PID:5256
- C:\Windows\System\bWfbhzW.exe
  C:\Windows\System\bWfbhzW.exe
  2⤵
  PID:5476
- C:\Windows\System\llisLvx.exe
  C:\Windows\System\llisLvx.exe
  2⤵
  PID:5644
- C:\Windows\System\lIzJJpq.exe
  C:\Windows\System\lIzJJpq.exe
  2⤵
  PID:5868
- C:\Windows\System\RvWVBVl.exe
  C:\Windows\System\RvWVBVl.exe
  2⤵
  PID:5976
- C:\Windows\System\AAmlfpu.exe
  C:\Windows\System\AAmlfpu.exe
  2⤵
  PID:5240
- C:\Windows\System\ohmDEnU.exe
  C:\Windows\System\ohmDEnU.exe
  2⤵
  PID:5564
- C:\Windows\System\gPFTJJv.exe
  C:\Windows\System\gPFTJJv.exe
  2⤵
  PID:6108
- C:\Windows\System\pmegytN.exe
  C:\Windows\System\pmegytN.exe
  2⤵
  PID:6044
- C:\Windows\System\WyNqPDP.exe
  C:\Windows\System\WyNqPDP.exe
  2⤵
  PID:6164
- C:\Windows\System\KEFrOAa.exe
  C:\Windows\System\KEFrOAa.exe
  2⤵
  PID:6192
- C:\Windows\System\NApyTaf.exe
  C:\Windows\System\NApyTaf.exe
  2⤵
  PID:6220
- C:\Windows\System\IykOrfd.exe
  C:\Windows\System\IykOrfd.exe
  2⤵
  PID:6248
- C:\Windows\System\CCSOgzO.exe
  C:\Windows\System\CCSOgzO.exe
  2⤵
  PID:6276
- C:\Windows\System\MdSXazS.exe
  C:\Windows\System\MdSXazS.exe
  2⤵
  PID:6304
- C:\Windows\System\PwvSMhq.exe
  C:\Windows\System\PwvSMhq.exe
  2⤵
  PID:6336
- C:\Windows\System\yPLnxYc.exe
  C:\Windows\System\yPLnxYc.exe
  2⤵
  PID:6360
- C:\Windows\System\ERVDmfw.exe
  C:\Windows\System\ERVDmfw.exe
  2⤵
  PID:6392
- C:\Windows\System\TISpzqD.exe
  C:\Windows\System\TISpzqD.exe
  2⤵
  PID:6416
- C:\Windows\System\sPQOXUC.exe
  C:\Windows\System\sPQOXUC.exe
  2⤵
  PID:6444
- C:\Windows\System\GVHycvh.exe
  C:\Windows\System\GVHycvh.exe
  2⤵
  PID:6472
- C:\Windows\System\ySFZfzo.exe
  C:\Windows\System\ySFZfzo.exe
  2⤵
  PID:6500
- C:\Windows\System\gspxcgY.exe
  C:\Windows\System\gspxcgY.exe
  2⤵
  PID:6528
- C:\Windows\System\DKJgkTw.exe
  C:\Windows\System\DKJgkTw.exe
  2⤵
  PID:6564
- C:\Windows\System\VWJpwLC.exe
  C:\Windows\System\VWJpwLC.exe
  2⤵
  PID:6592
- C:\Windows\System\DbAfNTr.exe
  C:\Windows\System\DbAfNTr.exe
  2⤵
  PID:6624
- C:\Windows\System\oyygYtp.exe
  C:\Windows\System\oyygYtp.exe
  2⤵
  PID:6652
- C:\Windows\System\MfbjHGr.exe
  C:\Windows\System\MfbjHGr.exe
  2⤵
  PID:6680
- C:\Windows\System\sKpiqYV.exe
  C:\Windows\System\sKpiqYV.exe
  2⤵
  PID:6712
- C:\Windows\System\cxcaLjC.exe
  C:\Windows\System\cxcaLjC.exe
  2⤵
  PID:6740
- C:\Windows\System\fGlpRcP.exe
  C:\Windows\System\fGlpRcP.exe
  2⤵
  PID:6768
- C:\Windows\System\IaHtHxX.exe
  C:\Windows\System\IaHtHxX.exe
  2⤵
  PID:6796
- C:\Windows\System\bHsYCto.exe
  C:\Windows\System\bHsYCto.exe
  2⤵
  PID:6824
- C:\Windows\System\jQxHBCX.exe
  C:\Windows\System\jQxHBCX.exe
  2⤵
  PID:6852
- C:\Windows\System\WPHvxJL.exe
  C:\Windows\System\WPHvxJL.exe
  2⤵
  PID:6884
- C:\Windows\System\wtXkmfw.exe
  C:\Windows\System\wtXkmfw.exe
  2⤵
  PID:6912
- C:\Windows\System\GkoifaC.exe
  C:\Windows\System\GkoifaC.exe
  2⤵
  PID:6940
- C:\Windows\System\ZsnWxxe.exe
  C:\Windows\System\ZsnWxxe.exe
  2⤵
  PID:6968
- C:\Windows\System\idqupIy.exe
  C:\Windows\System\idqupIy.exe
  2⤵
  PID:6996
- C:\Windows\System\ucvlSrT.exe
  C:\Windows\System\ucvlSrT.exe
  2⤵
  PID:7036
- C:\Windows\System\nXZWDyp.exe
  C:\Windows\System\nXZWDyp.exe
  2⤵
  PID:7052
- C:\Windows\System\vdtTEkv.exe
  C:\Windows\System\vdtTEkv.exe
  2⤵
  PID:7080
- C:\Windows\System\heqxfLh.exe
  C:\Windows\System\heqxfLh.exe
  2⤵
  PID:7108
- C:\Windows\System\JqXSsoV.exe
  C:\Windows\System\JqXSsoV.exe
  2⤵
  PID:7136
- C:\Windows\System\HVQJvfh.exe
  C:\Windows\System\HVQJvfh.exe
  2⤵
  PID:7164
- C:\Windows\System\NbCXOYz.exe
  C:\Windows\System\NbCXOYz.exe
  2⤵
  PID:6188
- C:\Windows\System\LYHBTBg.exe
  C:\Windows\System\LYHBTBg.exe
  2⤵
  PID:6260
- C:\Windows\System\bmCByOe.exe
  C:\Windows\System\bmCByOe.exe
  2⤵
  PID:6328
- C:\Windows\System\sCMUamk.exe
  C:\Windows\System\sCMUamk.exe
  2⤵
  PID:6384
- C:\Windows\System\NVhhahM.exe
  C:\Windows\System\NVhhahM.exe
  2⤵
  PID:6492
- C:\Windows\System\QGwAIOb.exe
  C:\Windows\System\QGwAIOb.exe
  2⤵
  PID:6524
- C:\Windows\System\CndLybS.exe
  C:\Windows\System\CndLybS.exe
  2⤵
  PID:6588
- C:\Windows\System\UPaMrMy.exe
  C:\Windows\System\UPaMrMy.exe
  2⤵
  PID:6692
- C:\Windows\System\EYGrUwU.exe
  C:\Windows\System\EYGrUwU.exe
  2⤵
  PID:6752
- C:\Windows\System\JCwQsIj.exe
  C:\Windows\System\JCwQsIj.exe
  2⤵
  PID:6808
- C:\Windows\System\wLpjZzz.exe
  C:\Windows\System\wLpjZzz.exe
  2⤵
  PID:6848
- C:\Windows\System\XcgTbLu.exe
  C:\Windows\System\XcgTbLu.exe
  2⤵
  PID:6952
- C:\Windows\System\JvjByHN.exe
  C:\Windows\System\JvjByHN.exe
  2⤵
  PID:7008
- C:\Windows\System\jxvLvXa.exe
  C:\Windows\System\jxvLvXa.exe
  2⤵
  PID:7048
- C:\Windows\System\DODCFYk.exe
  C:\Windows\System\DODCFYk.exe
  2⤵
  PID:7160
- C:\Windows\System\HZVPkbn.exe
  C:\Windows\System\HZVPkbn.exe
  2⤵
  PID:6356
- C:\Windows\System\CCVBvuK.exe
  C:\Windows\System\CCVBvuK.exe
  2⤵
  PID:6620
- C:\Windows\System\UySnuSq.exe
  C:\Windows\System\UySnuSq.exe
  2⤵
  PID:6908
- C:\Windows\System\hbUIuuz.exe
  C:\Windows\System\hbUIuuz.exe
  2⤵
  PID:7132
- C:\Windows\System\BBFKQwB.exe
  C:\Windows\System\BBFKQwB.exe
  2⤵
  PID:6664
- C:\Windows\System\RjQACey.exe
  C:\Windows\System\RjQACey.exe
  2⤵
  PID:6300
- C:\Windows\System\mkUFNCZ.exe
  C:\Windows\System\mkUFNCZ.exe
  2⤵
  PID:7176
- C:\Windows\System\XTJvWee.exe
  C:\Windows\System\XTJvWee.exe
  2⤵
  PID:7204
- C:\Windows\System\BsDuziD.exe
  C:\Windows\System\BsDuziD.exe
  2⤵
  PID:7240
- C:\Windows\System\IipHIlg.exe
  C:\Windows\System\IipHIlg.exe
  2⤵
  PID:7276
- C:\Windows\System\qwGRPbE.exe
  C:\Windows\System\qwGRPbE.exe
  2⤵
  PID:7328
- C:\Windows\System\avQfIjj.exe
  C:\Windows\System\avQfIjj.exe
  2⤵
  PID:7372
- C:\Windows\System\WlQXrmN.exe
  C:\Windows\System\WlQXrmN.exe
  2⤵
  PID:7400
- C:\Windows\System\XsvryES.exe
  C:\Windows\System\XsvryES.exe
  2⤵
  PID:7428
- C:\Windows\System\DKnhgMT.exe
  C:\Windows\System\DKnhgMT.exe
  2⤵
  PID:7460
- C:\Windows\System\OdzInwU.exe
  C:\Windows\System\OdzInwU.exe
  2⤵
  PID:7492
- C:\Windows\System\yiCgqie.exe
  C:\Windows\System\yiCgqie.exe
  2⤵
  PID:7520
- C:\Windows\System\PMPqZRr.exe
  C:\Windows\System\PMPqZRr.exe
  2⤵
  PID:7548
- C:\Windows\System\wIOBEFT.exe
  C:\Windows\System\wIOBEFT.exe
  2⤵
  PID:7568
- C:\Windows\System\dGtjuQK.exe
  C:\Windows\System\dGtjuQK.exe
  2⤵
  PID:7604
- C:\Windows\System\XUqhMvm.exe
  C:\Windows\System\XUqhMvm.exe
  2⤵
  PID:7632
- C:\Windows\System\WUHEIIU.exe
  C:\Windows\System\WUHEIIU.exe
  2⤵
  PID:7648
- C:\Windows\System\GVFsmDy.exe
  C:\Windows\System\GVFsmDy.exe
  2⤵
  PID:7676
- C:\Windows\System\iDAiDry.exe
  C:\Windows\System\iDAiDry.exe
  2⤵
  PID:7704
- C:\Windows\System\XFOUlRh.exe
  C:\Windows\System\XFOUlRh.exe
  2⤵
  PID:7736
- C:\Windows\System\pzAIZmN.exe
  C:\Windows\System\pzAIZmN.exe
  2⤵
  PID:7772
- C:\Windows\System\uEImuCi.exe
  C:\Windows\System\uEImuCi.exe
  2⤵
  PID:7804
- C:\Windows\System\bfYDtbr.exe
  C:\Windows\System\bfYDtbr.exe
  2⤵
  PID:7832
- C:\Windows\System\Qggllvx.exe
  C:\Windows\System\Qggllvx.exe
  2⤵
  PID:7860
- C:\Windows\System\xcwYekq.exe
  C:\Windows\System\xcwYekq.exe
  2⤵
  PID:7880
- C:\Windows\System\fETDuNw.exe
  C:\Windows\System\fETDuNw.exe
  2⤵
  PID:7896
- C:\Windows\System\EgHFYgE.exe
  C:\Windows\System\EgHFYgE.exe
  2⤵
  PID:7932
- C:\Windows\System\MuyCULI.exe
  C:\Windows\System\MuyCULI.exe
  2⤵
  PID:7964
- C:\Windows\System\ckyXHTs.exe
  C:\Windows\System\ckyXHTs.exe
  2⤵
  PID:8008
- C:\Windows\System\HhfCkYN.exe
  C:\Windows\System\HhfCkYN.exe
  2⤵
  PID:8032
- C:\Windows\System\assjdEJ.exe
  C:\Windows\System\assjdEJ.exe
  2⤵
  PID:8056
- C:\Windows\System\TjMqTxO.exe
  C:\Windows\System\TjMqTxO.exe
  2⤵
  PID:8080
- C:\Windows\System\ygOgUAx.exe
  C:\Windows\System\ygOgUAx.exe
  2⤵
  PID:8112
- C:\Windows\System\hvUujtH.exe
  C:\Windows\System\hvUujtH.exe
  2⤵
  PID:8148
- C:\Windows\System\YTzQeYW.exe
  C:\Windows\System\YTzQeYW.exe
  2⤵
  PID:8180
- C:\Windows\System\EujdsJF.exe
  C:\Windows\System\EujdsJF.exe
  2⤵
  PID:7196
- C:\Windows\System\kfeYTXF.exe
  C:\Windows\System\kfeYTXF.exe
  2⤵
  PID:7256
- C:\Windows\System\PZKEhCk.exe
  C:\Windows\System\PZKEhCk.exe
  2⤵
  PID:7352
- C:\Windows\System\OtCUZnz.exe
  C:\Windows\System\OtCUZnz.exe
  2⤵
  PID:7420
- C:\Windows\System\eOOUizQ.exe
  C:\Windows\System\eOOUizQ.exe
  2⤵
  PID:7504
- C:\Windows\System\vgOiuPl.exe
  C:\Windows\System\vgOiuPl.exe
  2⤵
  PID:7564
- C:\Windows\System\PjkImmQ.exe
  C:\Windows\System\PjkImmQ.exe
  2⤵
  PID:7620
- C:\Windows\System\GlWvkBI.exe
  C:\Windows\System\GlWvkBI.exe
  2⤵
  PID:7688
- C:\Windows\System\Obijbtw.exe
  C:\Windows\System\Obijbtw.exe
  2⤵
  PID:7748
- C:\Windows\System\ftdVhev.exe
  C:\Windows\System\ftdVhev.exe
  2⤵
  PID:7820
- C:\Windows\System\VipRjoo.exe
  C:\Windows\System\VipRjoo.exe
  2⤵
  PID:1976
- C:\Windows\System\NjhumYU.exe
  C:\Windows\System\NjhumYU.exe
  2⤵
  PID:7888
- C:\Windows\System\IUnujkv.exe
  C:\Windows\System\IUnujkv.exe
  2⤵
  PID:8052
- C:\Windows\System\cqMaCOy.exe
  C:\Windows\System\cqMaCOy.exe
  2⤵
  PID:8072
- C:\Windows\System\uzdSHke.exe
  C:\Windows\System\uzdSHke.exe
  2⤵
  PID:8160
- C:\Windows\System\dKIRleZ.exe
  C:\Windows\System\dKIRleZ.exe
  2⤵
  PID:6640
- C:\Windows\System\XYZNSDq.exe
  C:\Windows\System\XYZNSDq.exe
  2⤵
  PID:7456
- C:\Windows\System\aLhSLqf.exe
  C:\Windows\System\aLhSLqf.exe
  2⤵
  PID:7540
- C:\Windows\System\rkztPBx.exe
  C:\Windows\System\rkztPBx.exe
  2⤵
  PID:7764
- C:\Windows\System\jUDQVcm.exe
  C:\Windows\System\jUDQVcm.exe
  2⤵
  PID:7960
- C:\Windows\System\rhwkXnQ.exe
  C:\Windows\System\rhwkXnQ.exe
  2⤵
  PID:8092
- C:\Windows\System\pYqpbSt.exe
  C:\Windows\System\pYqpbSt.exe
  2⤵
  PID:7320
- C:\Windows\System\iaBvHHb.exe
  C:\Windows\System\iaBvHHb.exe
  2⤵
  PID:7800
- C:\Windows\System\akuoboS.exe
  C:\Windows\System\akuoboS.exe
  2⤵
  PID:8076
- C:\Windows\System\LTHzsZo.exe
  C:\Windows\System\LTHzsZo.exe
  2⤵
  PID:7940
- C:\Windows\System\QEuQpWr.exe
  C:\Windows\System\QEuQpWr.exe
  2⤵
  PID:8208
- C:\Windows\System\tMyVUGL.exe
  C:\Windows\System\tMyVUGL.exe
  2⤵
  PID:8236
- C:\Windows\System\wEGWuFr.exe
  C:\Windows\System\wEGWuFr.exe
  2⤵
  PID:8276
- C:\Windows\System\cHFYJyE.exe
  C:\Windows\System\cHFYJyE.exe
  2⤵
  PID:8312
- C:\Windows\System\NpuDuPW.exe
  C:\Windows\System\NpuDuPW.exe
  2⤵
  PID:8340
- C:\Windows\System\wgcrTnV.exe
  C:\Windows\System\wgcrTnV.exe
  2⤵
  PID:8368
- C:\Windows\System\JhMUdgg.exe
  C:\Windows\System\JhMUdgg.exe
  2⤵
  PID:8396
- C:\Windows\System\vuqYfTy.exe
  C:\Windows\System\vuqYfTy.exe
  2⤵
  PID:8424
- C:\Windows\System\zeDdSlw.exe
  C:\Windows\System\zeDdSlw.exe
  2⤵
  PID:8452
- C:\Windows\System\eJumsEi.exe
  C:\Windows\System\eJumsEi.exe
  2⤵
  PID:8480
- C:\Windows\System\ZIxEnJr.exe
  C:\Windows\System\ZIxEnJr.exe
  2⤵
  PID:8508
- C:\Windows\System\OrWbVmr.exe
  C:\Windows\System\OrWbVmr.exe
  2⤵
  PID:8524
- C:\Windows\System\iCnRrJl.exe
  C:\Windows\System\iCnRrJl.exe
  2⤵
  PID:8552
- C:\Windows\System\SpKlZGU.exe
  C:\Windows\System\SpKlZGU.exe
  2⤵
  PID:8580
- C:\Windows\System\qtydwvQ.exe
  C:\Windows\System\qtydwvQ.exe
  2⤵
  PID:8608
- C:\Windows\System\lyhfMTX.exe
  C:\Windows\System\lyhfMTX.exe
  2⤵
  PID:8644
- C:\Windows\System\fdIhbYH.exe
  C:\Windows\System\fdIhbYH.exe
  2⤵
  PID:8664
- C:\Windows\System\HOaXepS.exe
  C:\Windows\System\HOaXepS.exe
  2⤵
  PID:8692
- C:\Windows\System\vVxhzhm.exe
  C:\Windows\System\vVxhzhm.exe
  2⤵
  PID:8720
- C:\Windows\System\fTZeNYe.exe
  C:\Windows\System\fTZeNYe.exe
  2⤵
  PID:8748
- C:\Windows\System\RcvdOUs.exe
  C:\Windows\System\RcvdOUs.exe
  2⤵
  PID:8788
- C:\Windows\System\myWpEGN.exe
  C:\Windows\System\myWpEGN.exe
  2⤵
  PID:8816
- C:\Windows\System\vhVdUyM.exe
  C:\Windows\System\vhVdUyM.exe
  2⤵
  PID:8844
- C:\Windows\System\xHfTAZx.exe
  C:\Windows\System\xHfTAZx.exe
  2⤵
  PID:8872
- C:\Windows\System\XrMTIyl.exe
  C:\Windows\System\XrMTIyl.exe
  2⤵
  PID:8900
- C:\Windows\System\jzQaaFl.exe
  C:\Windows\System\jzQaaFl.exe
  2⤵
  PID:8928
- C:\Windows\System\cJunsKy.exe
  C:\Windows\System\cJunsKy.exe
  2⤵
  PID:8956
- C:\Windows\System\ihSwDfC.exe
  C:\Windows\System\ihSwDfC.exe
  2⤵
  PID:8984
- C:\Windows\System\TxvqzQq.exe
  C:\Windows\System\TxvqzQq.exe
  2⤵
  PID:9012
- C:\Windows\System\qzmMTAr.exe
  C:\Windows\System\qzmMTAr.exe
  2⤵
  PID:9040
- C:\Windows\System\HoGbWPX.exe
  C:\Windows\System\HoGbWPX.exe
  2⤵
  PID:9068
- C:\Windows\System\lOlLKln.exe
  C:\Windows\System\lOlLKln.exe
  2⤵
  PID:9104
- C:\Windows\System\YGxUnHT.exe
  C:\Windows\System\YGxUnHT.exe
  2⤵
  PID:9132
- C:\Windows\System\mjpFZgx.exe
  C:\Windows\System\mjpFZgx.exe
  2⤵
  PID:9160
- C:\Windows\System\STnCKOD.exe
  C:\Windows\System\STnCKOD.exe
  2⤵
  PID:9188
- C:\Windows\System\xCsIhFa.exe
  C:\Windows\System\xCsIhFa.exe
  2⤵
  PID:7720
- C:\Windows\System\jEuzZwb.exe
  C:\Windows\System\jEuzZwb.exe
  2⤵
  PID:8248
- C:\Windows\System\yoTDxgv.exe
  C:\Windows\System\yoTDxgv.exe
  2⤵
  PID:8336
- C:\Windows\System\DQwXfin.exe
  C:\Windows\System\DQwXfin.exe
  2⤵
  PID:8380
- C:\Windows\System\pYVDYHT.exe
  C:\Windows\System\pYVDYHT.exe
  2⤵
  PID:8440
- C:\Windows\System\nwYeJpZ.exe
  C:\Windows\System\nwYeJpZ.exe
  2⤵
  PID:8516
- C:\Windows\System\HgbtCFn.exe
  C:\Windows\System\HgbtCFn.exe
  2⤵
  PID:8588
- C:\Windows\System\zaOgLJf.exe
  C:\Windows\System\zaOgLJf.exe
  2⤵
  PID:8652
- C:\Windows\System\QveBToZ.exe
  C:\Windows\System\QveBToZ.exe
  2⤵
  PID:8768
- C:\Windows\System\YvhzTRw.exe
  C:\Windows\System\YvhzTRw.exe
  2⤵
  PID:8836
- C:\Windows\System\eElENIv.exe
  C:\Windows\System\eElENIv.exe
  2⤵
  PID:8896
- C:\Windows\System\qfVwKmc.exe
  C:\Windows\System\qfVwKmc.exe
  2⤵
  PID:8968
- C:\Windows\System\adzsTlP.exe
  C:\Windows\System\adzsTlP.exe
  2⤵
  PID:9036
- C:\Windows\System\RZAOidy.exe
  C:\Windows\System\RZAOidy.exe
  2⤵
  PID:9084
- C:\Windows\System\RbjRIja.exe
  C:\Windows\System\RbjRIja.exe
  2⤵
  PID:9156
- C:\Windows\System\UsmRJgu.exe
  C:\Windows\System\UsmRJgu.exe
  2⤵
  PID:9200
- C:\Windows\System\TBrHcCg.exe
  C:\Windows\System\TBrHcCg.exe
  2⤵
  PID:8308
- C:\Windows\System\flxVZpE.exe
  C:\Windows\System\flxVZpE.exe
  2⤵
  PID:8496
- C:\Windows\System\FxVNJEq.exe
  C:\Windows\System\FxVNJEq.exe
  2⤵
  PID:8712
- C:\Windows\System\YwPSwZn.exe
  C:\Windows\System\YwPSwZn.exe
  2⤵
  PID:8892
- C:\Windows\System\vZljBoG.exe
  C:\Windows\System\vZljBoG.exe
  2⤵
  PID:9052
- C:\Windows\System\jYRxvkv.exe
  C:\Windows\System\jYRxvkv.exe
  2⤵
  PID:9176
- C:\Windows\System\owvdwai.exe
  C:\Windows\System\owvdwai.exe
  2⤵
  PID:8632
- C:\Windows\System\TrADoUx.exe
  C:\Windows\System\TrADoUx.exe
  2⤵
  PID:8864
- C:\Windows\System\XlVxQDn.exe
  C:\Windows\System\XlVxQDn.exe
  2⤵
  PID:8304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AMoERld.exe

Filesize
2.1MB

MD5
7f97f03d4939d89910f63022d7b4018a

SHA1
57a19fa9301c1a09306bd92d1510c80543b6a452

SHA256
82726f1113e380c57bb43572e748f41e0ad8037b017deb46eb46739211c27cd8

SHA512
fad56f8c223d9b04f94d3afb39b72486d5c9d72b1325183162359305eebbfbca6faa6cf3aa1785e3ca1b4cda7891198aca716ee4513e290ce04dfa39f5c84a5d

Download Submit
C:\Windows\System\AOeKAcX.exe

Filesize
2.1MB

MD5
6b4ce5d412656d499afd335932b48c31

SHA1
83a9f142cfd41c0e1aa214328abe2785f7b1331f

SHA256
10b9744e7f0022d3474f7aaeab8c6fb402989a5b6e91732a6b79ca152a1ab504

SHA512
82b8ccdf26e34ad7e74f0b2f6f88cda976ddcf98c7c7569dc5a1d4469c4453d6ee067365598f79d367905c69c08ec6a82c8911f73b242cdb00a8ced81953a878

Download Submit
C:\Windows\System\BsdKaTE.exe

Filesize
2.1MB

MD5
86f9a5d60f5a112ab8b1f18096ff9645

SHA1
340f776cb7557d9bfbaaa025b311b0da9eaab4d2

SHA256
2a41cd8a264f6f88bcfc05ad68fd688f7607255de9178b92312145aebff4fb32

SHA512
433a6990d100f010ca38ed8cf288715356d37645690b93db19efbe2a52049cf6b2c2f1badce88e3d3a2d6b4621df4dca13b9423c57653eed02f2231667a97889

Download Submit
C:\Windows\System\ITRQSTf.exe

Filesize
2.1MB

MD5
be0120426d5601186e6886d390d934dc

SHA1
ff54114d11c3feca0b97e863c2edfcfd5e628f20

SHA256
2da9acbdeeac060f58671d3a60ba92b4f356f2b5f6957e62b331a1be5670e673

SHA512
7f838e4587e36ba410949a256030a08c62b66107db82a286e003d2e569fe35249acdb53551ac57f660521b07a743cdb55b78bfb365d3b22e8efd9f248b8f89a9

Download Submit
C:\Windows\System\NpyvVNt.exe

Filesize
2.1MB

MD5
4a8ec58696956f71978d6bbcb89f872e

SHA1
4026fa550cfc19dec2b64ba6f3d38390b25f651c

SHA256
7a3b3b2e919cc90f17e974b05c266858f3483fd087d597e85b81f78d1a715285

SHA512
8c5e29d0658a961fa781c6542cf95f52398f9aa6042bd2f11fcc25d29cc803ac5555c65b2f5e314c6418017b00641bdf3a3515fe0e0e752c09bb2b69bcf4ca8f

Download Submit
C:\Windows\System\RGPwrXU.exe

Filesize
2.1MB

MD5
5da2cc79b7ce1a790d4cd28dbb833815

SHA1
e9adf27fb9a887675ac9e86198f7d9223fbdaf1b

SHA256
0dd209c3aff5397b86132e45f9975a16470f838318b54c49b0cb82cd2aa0eae4

SHA512
30c532a08e34fc5a4f4224d062890fa35089993355784fe6430a22c93b0820012f1861830deb690201005ae33224cfd7f8fbb42d59a40f2498697516e2e206db

Download Submit
C:\Windows\System\TaBZjqO.exe

Filesize
2.1MB

MD5
dd528417bf83bcedd45f73ece41622da

SHA1
57f098a31eae662dfb83c44ce483cd529225f3c7

SHA256
c3f2a54c26c4d6832dd84bb698071251ae63ea2d77b7db2c0477bffc85ae1ed5

SHA512
ae1c24ddd003c1fec6210b17010fbf9fd60c386b99721ca920d3e0bca178183992bccb58f45f06f11ed7d56b8e245eb7c983c71b850e6a1d46f0f46cddfda438

Download Submit
C:\Windows\System\UGXxtQW.exe

Filesize
2.1MB

MD5
65d5b2ced36eb051c88eccf9b9e44ed8

SHA1
3ad740f92e8e108b3c08f1a0204ffd7647cd69b5

SHA256
5c104c14eb56ac88083f25e9072ecb06b50912d61fc2721baca5bdaed4147263

SHA512
e32aa901ed92d0efa82ee79ca199ebf86ae43f83558acfc5a4e57cc8431d2c23555da197dc19974f80b18d4e536e413c7b8329bf1e307f14973696f55c4b73f3

Download Submit
C:\Windows\System\VYiFbky.exe

Filesize
2.1MB

MD5
361f437f8069dbcb5fd57644969778d6

SHA1
c8012280628c2c53eb583cf0202014fc7af88073

SHA256
6764048359bf0c31cafe9ac18f2b04b68417027af8cdd186cf858f9d3694b79a

SHA512
b7bb860a12cf5462659e9b33794dd8da75196bc3c8ae509c1249c622e98afa520476f8c16aa80b5b870dc68e802233d4abd25f5fa267dd94bf2363cc361d78e9

Download Submit
C:\Windows\System\WCmWefJ.exe

Filesize
2.1MB

MD5
36155e8c81d079985f570ee894138ebf

SHA1
d4f9f07aa875aef3891a9d8ed214a420cbacc27d

SHA256
461ba8eb3254620b4e6d426c6b97aaef0f65e8e338284362d30d7331e06bc157

SHA512
2d69e718626d5e9b25d2a60e1f325134275e49acde48b1feed97f156099f81d24e9725bf6e909f3a2821cef241ff9854d6d2ffb29741062bd010359ab35cde5f

Download Submit
C:\Windows\System\XXGXsNK.exe

Filesize
2.1MB

MD5
64e4a60a8debf13b84dcc25b4e2f8162

SHA1
4936375318aef0024c42cfdc528ec799783b60d2

SHA256
c078db312cb185b96c0efe76414dadd1c32b12407d2b54407e19ded36b279421

SHA512
e655da2024742004362d986f929d2d5d4bee58fea2f9fbdc07124b5808c95e7818879050fd186dc6a848fcb7c2e4125c0e78b437e15554e0ee73c2d6fcd82180

Download Submit
C:\Windows\System\XwMHnLK.exe

Filesize
2.1MB

MD5
21e86fae8b76998d3b0393e3e5b03095

SHA1
6e45e5cb6be3a55cf6557ec70d4adb0214b2c5cb

SHA256
9e456d6710a1ffba0557105be7c21924c82303253b4abfe6d4dcb9a11c202e32

SHA512
fa9cf348ee218048741ea93a555c5b342c09c51836bde2cdecad422e45f68c71ed498ebc9e6151172f0954b0bf57cb908aaf5fd77b9b732e5e767b9d0f50049e

Download Submit
C:\Windows\System\ckUwbya.exe

Filesize
2.1MB

MD5
1169c842a7bcb94e036dec12efb77f27

SHA1
56c482d35b1f686d798b4a168d8aac753b63548a

SHA256
17215567033634d91fd9eddb0df1c1cc00ceb1b8e712d759d4d238f13a1367b2

SHA512
4b4455172421cd8ab85f48f81abdf62a16ee4ab403ce9d7de0da27b5e3fd43f2523df4793848e80dbd530870e276bbdd8f007ab71404f2ad3c2a858e685f5c2a

Download Submit
C:\Windows\System\esvZDFg.exe

Filesize
2.1MB

MD5
e38dd886b35784c3585baa0cfb9f768a

SHA1
cef156ccba5805cf5b2b751be49a059f66d27bbd

SHA256
c71b56dd4bd2c9c9c4fd221a11082f7fcf3358a27fe44e3ab7076c639b21464e

SHA512
a5858a60316f48196ae8a5de5d64229c58474063158b2ebc58b641fe8aaacfef24868fa8d860b4bad9758a4affef61c7cd43578c9198261a6e5235200d8120aa

Download Submit
C:\Windows\System\gatHkub.exe

Filesize
2.1MB

MD5
102a67777e1cd79b35a1fb9bb757f4a2

SHA1
845edd4c1f66594e8472a37b595bb916e99381cb

SHA256
bf4a223a15ab82533517042b897b4815f2cfa90bf4d74aede2a64b978b28fe3d

SHA512
ea17895e4cbe22607a09266d27e4b3fdea457a19e2cd47b0ca15f8f9c9d662ec4c0746d3c267cddb6252615fc7f233df932dd2794c044977ad6c4503449001aa

Download Submit
C:\Windows\System\hpJutce.exe

Filesize
2.1MB

MD5
b76e3f2a35e4ee012382a50959f30c6b

SHA1
683c7dfced992b169e3b41d62531a553924fdca3

SHA256
8b7bf5c5f350e30029b7234b00a6e2e23289a849d3700f9a0dbf18ac439cfa03

SHA512
684c79438894c680cfec6035a21b338ba0f077cf1ea6962f6bf36164a0c45fe34f6ec8d9c43244920723ae5a757378e9e00512c4c50e9fb98c08e9fdca7fffba

Download Submit
C:\Windows\System\iCxHBfW.exe

Filesize
2.1MB

MD5
75fadae78ef15a5bc1b5343b5a98cc78

SHA1
6747395d3e4822786e6c1a851ed51b764c59e58f

SHA256
7342c1648fe7427fce1405ed1c094304dbdeea9430908990426888f85633cd62

SHA512
abed1799bc4c18487c0e010db7abbc41c613806b069db7b1ef62b3cac2e22af985b213d89ce268f43ac51b7d6cd9159efc22beef8169fd82ebbb36f3914635b3

Download Submit
C:\Windows\System\iJFETop.exe

Filesize
2.1MB

MD5
4b40b48ae305604c9cdcfa87192284be

SHA1
0d1e8a668ba2406c849b2c9e52218bb976458d13

SHA256
d859b9331ed4ea7023499de171ee9dcb86557c9a8a7825aaa3567e8275a5c585

SHA512
1f06718f3c3d2ebe092a91f912237fa53afc47336bd5969b552ff4dd1578c496650d5ed9c30cc9885a35ce0ac860ae112da3ca926a0876482b5432470924518d

Download Submit
C:\Windows\System\kdBQTgb.exe

Filesize
2.1MB

MD5
d9764e7748ed71cad2dca656b9b7d3d7

SHA1
c4a2afe33bbfe89b94fa267c3ba2cb1bc4265464

SHA256
262794f2f62073fc1f1c735e1c972ef6a0cfc545879ce459ef1a3970847f1f73

SHA512
bf0d556a74c4fcdbb73b54ddeab08ca87a4b7d64e06878292461ecff14bd235b5196eaffff6dcc7ab7b8964f5e5d403cace6094a0e8d1dfc170ff9f4b0afed98

Download Submit
C:\Windows\System\kqYscxX.exe

Filesize
2.1MB

MD5
61bd56d7963dd3d403a925b0b43aa4c6

SHA1
7f21455d9df71555d8410575692450b4b3b48109

SHA256
641c826a4f714dd6d05393001f1d8e9f44ea523d96c49881c83b9e14e9a18826

SHA512
815a6a97e997f6d7ecbecba77ebcb6e4bb15e2df7eb7c6ad303bfb4dbc91ef7c10e64b5d0883aa37d1c6eb5e53be453588c98de157232738dfc9da23237de1d7

Download Submit
C:\Windows\System\nJzXHes.exe

Filesize
2.1MB

MD5
395f7de9508beb148c6b1be6ec44920e

SHA1
4e513cf852924dfc9af477377769c241c6ac3d9d

SHA256
3740ddb4561385895bfb5d319c298011b252c7ee5cfbe9bd373ef0d6a93b1b34

SHA512
16fa91d2f79eff72d2528d2e368f4dc8c5532b86b78fc2902125251a71154035c3babf3a60b342266a0ed101f10f351d59af8ff567f0257f24716c9cd2c09ad5

Download Submit
C:\Windows\System\noDzTYL.exe

Filesize
2.1MB

MD5
8e8591b0098fb836fd074150d4d07c48

SHA1
6f2c3be750175768092ca5fb41e3c109999305a5

SHA256
306720f384793c85bfa11a49a727bfea1c2976a31c6a8593cd108a782eb4b50d

SHA512
858a433341c2634633b9c7f50aa3d48d6f91bb917558d3f295907f9980da47f13ca6283e040f5bda704baeefe8c03ed4e6190df5547e65343fcf88541f42811b

Download Submit
C:\Windows\System\noypOiy.exe

Filesize
2.1MB

MD5
8c8cf9127f0d92c3d30d042fc03a9de2

SHA1
6dea3b5996673bdf512ccb64493b3e4df1f92ca8

SHA256
699f0e372288d51088945b94e3f987dcfd531945817cd72b7a29be67e905dc4b

SHA512
79bbbc9ab8de4b865d1944f949b7fcb8ba2b587ae77794a53827a7c25299948d7447857d51688daf22469317c618d6330a6b4a063ba308ddbd02240ce0661ef8

Download Submit
C:\Windows\System\ofRwQLo.exe

Filesize
2.1MB

MD5
91ebff00da7405ed5db1df7350d2e8e4

SHA1
9c5bc7320c921b8fd2609860c4b2255946c48d13

SHA256
25998bb735845fae8e25e9d4e611d279f351197437e912503f97c57b8cf59438

SHA512
53402d1163ebfc501e445e2d7bfe411c6598119294976e59a1a7b61ec6ba4fa61513cc415476b989d4cdc607f20551cb8d04413a15a622cb403de39fc5fbf4a8

Download Submit
C:\Windows\System\onmjEfU.exe

Filesize
2.1MB

MD5
90f4cce9299737d65d76e1deecc5c280

SHA1
c907c73ac9cbc6c617b1fbde54eba4c1bdb2566e

SHA256
335b3ba5e7eb289b0872bd99904262eeaddd59b03547961a6b46cbb28e91e767

SHA512
cc7a032faa48946c06f593f4500a6e0248ea6d1615812b12730ae417c736cac2b8aa8c4dc6115bc8772b71be4b7a46e754df9a787bf093ed34b48ede042e991e

Download Submit
C:\Windows\System\pvgxwDU.exe

Filesize
2.1MB

MD5
1691508ab8521826345f90524a94af81

SHA1
722f7a363c2a5f3ce57c8d0c13a788411751f449

SHA256
d553b3dcefe02680a41a0aafd19f6704ccf40a1ec853235ee068f0c732bd7faf

SHA512
8a7adba65bb77bfc7a8acfbefd05069434ff4e90d740fd2051a17e85f74ce44d1c270a442a471beaa0fb62615a43bb8ae23402fec9899929ceaffa0116190e37

Download Submit
C:\Windows\System\qWeTNwB.exe

Filesize
2.1MB

MD5
946dfeabfb57ed80e75a5bc7a22d5c79

SHA1
2f405693176c381ecb54afd853d12387cea704e9

SHA256
41149d308d745592a7d9c6f7d13495d5a05b53e8155673e711d4896edac1370a

SHA512
390f23ff22e8a78bddcf9eb925a5d127f759b33920da51126d55cd28087185746162118fee544e0e5ed2232c8a10a489aefac79908311d2f8e9c19e07cbee3d7

Download Submit
C:\Windows\System\rqIGXaA.exe

Filesize
2.1MB

MD5
f65eeed02de7238e89d6e171f59fedbf

SHA1
4049c2da54328d0015600cff7ac8a0a9df3eefa8

SHA256
38a9fcfdc109e88c70149749f42b8e1ad926f3d7355dcf61486b9f4d53525cb6

SHA512
aa17fe2eb4883e494fcefcacfb603fa8c2f4ba0676920feb37d68cee85943dcbd711624871b67c8fd76ca74eef1fcd3b15d062943363d22e84aacf6c7a6d07f7

Download Submit
C:\Windows\System\rwQgWgJ.exe

Filesize
2.1MB

MD5
70c1457870a131079504865d18b85b72

SHA1
611b3c646a85163f2d7419c4ee7718c56b376fda

SHA256
c2ea4cc99a328014fd2c2a733136962afc9b0a2764e164ac0e7bd756bb8266a3

SHA512
0d28d4e970d0ac0672cd1fab04a91f21882594d3a695c2f86877c62812321ae64651e0065634cc30e2759a2664fe3a01e3a6da93b1df0429915e425a9f7e518a

Download Submit
C:\Windows\System\sXUffwS.exe

Filesize
2.1MB

MD5
37b37f2c6c85559d496049bda3833426

SHA1
37f4204182348ebd5c812186b1e1276640751de5

SHA256
96ca38990953241cbea65d318cf381b499f963447d9559b30999eaa7225d97eb

SHA512
8d16ff1bc273fe69c9f05134d35659b8176f1c5688e2c947cd5b1b5f9f8353f31bdba0696368ed88d9767086a0738aa6dae3ca4dba3d14151e70d007957a560f

Download Submit
C:\Windows\System\uLVcDJN.exe

Filesize
2.1MB

MD5
43e76432df8868598cb8466d726787c8

SHA1
a96d97ba72cd4987fb50342c5ba6f5a039f48b8b

SHA256
5d76bc9d47b30599a6df9408feda411b62824aec3b77511313d6bc788617aea6

SHA512
a770cab26f8f4514e81da15593ebd18c641e6330963c8c4049f40a7f737c04db728fb6548a012293d0635de8d81bfa57a2866e5b39235370327b46471d1473f5

Download Submit
C:\Windows\System\vsyBtaz.exe

Filesize
2.1MB

MD5
fa9e4a193281aa9a853b42d1442bbc1d

SHA1
17546023441e91f1195e9c82c1753fc25e23f14e

SHA256
027ea8421f82904b278dfad4d6145568efc51e7540d71044895a211ef65da0c8

SHA512
90d4dea88e59959619c10d44287c02834ab64b59555143973d27fed3a9db01104dfb083834ddf80dc5e5b78e545e4dce816a4949ef06f5295eb17645674d0dc8

Download Submit
C:\Windows\System\zpOyCeJ.exe

Filesize
2.1MB

MD5
49392870a0a189f7a293381435ae1974

SHA1
67ed8070a47dedfc8138363fe6b88f835f432a16

SHA256
8848b43ae5f50a3047ad8ffeeac934c62a7cef119eb39d16a7684fb74830bf78

SHA512
050503a25b23e3bfe4ff76ba9d87fc9d5f8738b0877089eb87b25f817b2ce68e266d1f91da86bcb3ab1999c2b6518788399d01c0b19bcc3608b1d986640cacdd

Download Submit
memory/4576-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download