kpot | 8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
Size

2.1MB
MD5

6d7a2f89e09be450d807f4e9d91e76b0
SHA1

e9b3e142a34e9fbdd6b6eac30acb09b4db50add1
SHA256

8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e
SHA512

0c33fc3ffbf2b2af2e0786d311fbde73ad6697c5d86193bf457a699277179617ffc67762ceb903f9be7c534d86037ec1bd41a2a21dc63822cd34bbcf5042811d
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2iVFl:GemTLkNdfE0pZaQw

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 35 IoCs

resource	yara_rule
behavioral2/files/0x00060000000233d6-4.dat	family_kpot
behavioral2/files/0x0007000000023566-6.dat	family_kpot
behavioral2/files/0x000900000002355f-7.dat	family_kpot
behavioral2/files/0x0007000000023568-23.dat	family_kpot
behavioral2/files/0x000700000002356a-54.dat	family_kpot
behavioral2/files/0x0007000000023573-75.dat	family_kpot
behavioral2/files/0x0007000000023574-114.dat	family_kpot
behavioral2/files/0x0007000000023581-144.dat	family_kpot
behavioral2/files/0x0007000000023580-163.dat	family_kpot
behavioral2/files/0x000700000002357f-161.dat	family_kpot
behavioral2/files/0x000700000002357e-159.dat	family_kpot
behavioral2/files/0x0007000000023586-156.dat	family_kpot
behavioral2/files/0x000700000002357c-154.dat	family_kpot
behavioral2/files/0x0007000000023585-153.dat	family_kpot
behavioral2/files/0x0007000000023584-152.dat	family_kpot
behavioral2/files/0x000700000002357b-150.dat	family_kpot
behavioral2/files/0x0007000000023583-149.dat	family_kpot
behavioral2/files/0x000700000002357d-148.dat	family_kpot
behavioral2/files/0x000700000002357a-146.dat	family_kpot
behavioral2/files/0x0007000000023582-145.dat	family_kpot
behavioral2/files/0x0007000000023578-141.dat	family_kpot
behavioral2/files/0x0007000000023577-135.dat	family_kpot
behavioral2/files/0x0007000000023576-131.dat	family_kpot
behavioral2/files/0x0007000000023575-123.dat	family_kpot
behavioral2/files/0x0007000000023579-118.dat	family_kpot
behavioral2/files/0x0007000000023572-109.dat	family_kpot
behavioral2/files/0x0007000000023571-106.dat	family_kpot
behavioral2/files/0x000700000002356f-103.dat	family_kpot
behavioral2/files/0x0007000000023570-85.dat	family_kpot
behavioral2/files/0x000700000002356e-96.dat	family_kpot
behavioral2/files/0x000700000002356b-67.dat	family_kpot
behavioral2/files/0x000700000002356d-50.dat	family_kpot
behavioral2/files/0x000700000002356c-45.dat	family_kpot
behavioral2/files/0x0007000000023569-34.dat	family_kpot
behavioral2/files/0x0007000000023567-20.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 35 IoCs

miner

resource	yara_rule
behavioral2/files/0x00060000000233d6-4.dat	xmrig
behavioral2/files/0x0007000000023566-6.dat	xmrig
behavioral2/files/0x000900000002355f-7.dat	xmrig
behavioral2/files/0x0007000000023568-23.dat	xmrig
behavioral2/files/0x000700000002356a-54.dat	xmrig
behavioral2/files/0x0007000000023573-75.dat	xmrig
behavioral2/files/0x0007000000023574-114.dat	xmrig
behavioral2/files/0x0007000000023581-144.dat	xmrig
behavioral2/files/0x0007000000023580-163.dat	xmrig
behavioral2/files/0x000700000002357f-161.dat	xmrig
behavioral2/files/0x000700000002357e-159.dat	xmrig
behavioral2/files/0x0007000000023586-156.dat	xmrig
behavioral2/files/0x000700000002357c-154.dat	xmrig
behavioral2/files/0x0007000000023585-153.dat	xmrig
behavioral2/files/0x0007000000023584-152.dat	xmrig
behavioral2/files/0x000700000002357b-150.dat	xmrig
behavioral2/files/0x0007000000023583-149.dat	xmrig
behavioral2/files/0x000700000002357d-148.dat	xmrig
behavioral2/files/0x000700000002357a-146.dat	xmrig
behavioral2/files/0x0007000000023582-145.dat	xmrig
behavioral2/files/0x0007000000023578-141.dat	xmrig
behavioral2/files/0x0007000000023577-135.dat	xmrig
behavioral2/files/0x0007000000023576-131.dat	xmrig
behavioral2/files/0x0007000000023575-123.dat	xmrig
behavioral2/files/0x0007000000023579-118.dat	xmrig
behavioral2/files/0x0007000000023572-109.dat	xmrig
behavioral2/files/0x0007000000023571-106.dat	xmrig
behavioral2/files/0x000700000002356f-103.dat	xmrig
behavioral2/files/0x0007000000023570-85.dat	xmrig
behavioral2/files/0x000700000002356e-96.dat	xmrig
behavioral2/files/0x000700000002356b-67.dat	xmrig
behavioral2/files/0x000700000002356d-50.dat	xmrig
behavioral2/files/0x000700000002356c-45.dat	xmrig
behavioral2/files/0x0007000000023569-34.dat	xmrig
behavioral2/files/0x0007000000023567-20.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1504	gJARMhh.exe
1616	NbIndqR.exe
748	yMTmxjd.exe
1636	TrbvVae.exe
3320	azpnwmB.exe
1432	LnCyhGC.exe
2484	vHcvTzV.exe
4148	uCAtAYR.exe
4224	vzNCeKw.exe
232	yHusVdF.exe
3692	JXFQLBl.exe
4924	qbmjfQU.exe
4852	miFEBge.exe
3872	slsZKoq.exe
2376	iUSLQkb.exe
1028	RFxIgXr.exe
1300	MoceUbs.exe
1668	kryrxJl.exe
2848	UoEYupa.exe
2712	EhnZVIi.exe
1580	wnyHGwx.exe
5072	evZHggl.exe
1520	AkzpHzd.exe
2440	otoqEKM.exe
3540	Mgyihpk.exe
2824	MKevzuw.exe
4412	EGEAVds.exe
4000	MhEtVtv.exe
2308	VdDeeSs.exe
3472	ZoqBhkb.exe
4836	clRKIte.exe
4828	JSyVHXw.exe
4368	igBgxrI.exe
2708	UyWTQWN.exe
3544	uZJihaW.exe
4956	zareOsb.exe
3264	VMrocAo.exe
652	TNQnQDc.exe
4032	cWukRrx.exe
3748	hXJhyUG.exe
3552	BZpzpnd.exe
4324	KyqvFqG.exe
2452	wGMEONn.exe
3912	LDgrYEn.exe
4432	pgVjsBg.exe
3236	zKHaVgY.exe
2652	EEZnaxO.exe
4664	wphYNeT.exe
640	yjNbfKs.exe
1920	tAtkluu.exe
4516	XaoaUIl.exe
4152	BhImiEt.exe
4400	GIOVAkT.exe
436	mlPqWpR.exe
4160	HzgNikk.exe
1228	qayHyIO.exe
2020	fgHTjqd.exe
2416	nTWwRPx.exe
4576	KcvKLnI.exe
2088	ygIRhoR.exe
2680	hsJlcwh.exe
4608	uGpOJvW.exe
3508	MoirWSr.exe
4500	JSwimbv.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yMTmxjd.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\ivLNPqq.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\sfeXkjP.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\oQrLFQG.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\gJARMhh.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\UyWTQWN.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\IaxoCcW.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\LXnLZRR.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\aPLoSKo.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\dcUnWZs.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\JcMxJPa.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\cWukRrx.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\mlPqWpR.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\Rngwtra.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\tUUgtcx.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\iUSLQkb.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\nTWwRPx.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\MpeddAH.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\AAlpAwu.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\vPurmcv.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\wGAzNHV.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\cWmAFjp.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\zKHaVgY.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\CClCqqi.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\DgqkJtS.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\GEddQwO.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\YbFQOsh.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\lvJBNOL.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\ZvUSGzd.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\BZpzpnd.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\pgVjsBg.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\hzgvxyb.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\ylxQZyP.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\NodixyI.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\yHusVdF.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\znEsWAR.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\dAOVuyO.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\JbaiLxo.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\fgHTjqd.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\znYHmil.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\eiaDVub.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\HUjTNHE.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\QoUydsW.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\AXlkChf.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\GZvjAiP.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\KMFnqoc.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\lfuytSA.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\vzNCeKw.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\UoEYupa.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\eGhygAW.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\RxuqEfo.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\ljZsAua.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\DwDfRtK.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\ZoqBhkb.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\GPzgDCj.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\xoKxJTY.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\wngLUsa.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\zareOsb.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\mdEiSQn.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\nxfuWIP.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\yXIHUsU.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\TiYpfXF.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\miFEBge.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
File created	C:\Windows\System\RFxIgXr.exe	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 1504	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	84
PID 880 wrote to memory of 1504	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	84
PID 880 wrote to memory of 1616	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	85
PID 880 wrote to memory of 1616	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	85
PID 880 wrote to memory of 748	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	86
PID 880 wrote to memory of 748	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	86
PID 880 wrote to memory of 1636	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	87
PID 880 wrote to memory of 1636	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	87
PID 880 wrote to memory of 3320	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	88
PID 880 wrote to memory of 3320	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	88
PID 880 wrote to memory of 1432	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	89
PID 880 wrote to memory of 1432	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	89
PID 880 wrote to memory of 2484	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	90
PID 880 wrote to memory of 2484	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	90
PID 880 wrote to memory of 4148	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	91
PID 880 wrote to memory of 4148	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	91
PID 880 wrote to memory of 4224	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	92
PID 880 wrote to memory of 4224	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	92
PID 880 wrote to memory of 232	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	93
PID 880 wrote to memory of 232	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	93
PID 880 wrote to memory of 3692	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	94
PID 880 wrote to memory of 3692	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	94
PID 880 wrote to memory of 4924	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	95
PID 880 wrote to memory of 4924	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	95
PID 880 wrote to memory of 4852	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	96
PID 880 wrote to memory of 4852	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	96
PID 880 wrote to memory of 3872	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	97
PID 880 wrote to memory of 3872	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	97
PID 880 wrote to memory of 2376	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	98
PID 880 wrote to memory of 2376	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	98
PID 880 wrote to memory of 1028	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	99
PID 880 wrote to memory of 1028	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	99
PID 880 wrote to memory of 1300	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	100
PID 880 wrote to memory of 1300	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	100
PID 880 wrote to memory of 1668	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	101
PID 880 wrote to memory of 1668	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	101
PID 880 wrote to memory of 2848	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	102
PID 880 wrote to memory of 2848	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	102
PID 880 wrote to memory of 2712	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	103
PID 880 wrote to memory of 2712	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	103
PID 880 wrote to memory of 1580	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	104
PID 880 wrote to memory of 1580	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	104
PID 880 wrote to memory of 5072	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	105
PID 880 wrote to memory of 5072	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	105
PID 880 wrote to memory of 1520	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	106
PID 880 wrote to memory of 1520	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	106
PID 880 wrote to memory of 2440	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	107
PID 880 wrote to memory of 2440	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	107
PID 880 wrote to memory of 3540	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	108
PID 880 wrote to memory of 3540	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	108
PID 880 wrote to memory of 4836	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	109
PID 880 wrote to memory of 4836	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	109
PID 880 wrote to memory of 2824	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	110
PID 880 wrote to memory of 2824	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	110
PID 880 wrote to memory of 4412	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	111
PID 880 wrote to memory of 4412	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	111
PID 880 wrote to memory of 4000	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	112
PID 880 wrote to memory of 4000	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	112
PID 880 wrote to memory of 2308	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	113
PID 880 wrote to memory of 2308	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	113
PID 880 wrote to memory of 3472	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	114
PID 880 wrote to memory of 3472	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	114
PID 880 wrote to memory of 4828	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	115
PID 880 wrote to memory of 4828	880	8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8b3d32e3c9324ca419322c45aa664f31b5915bc650f22226e3d04c448854812e_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\System\gJARMhh.exe
  C:\Windows\System\gJARMhh.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\NbIndqR.exe
  C:\Windows\System\NbIndqR.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\yMTmxjd.exe
  C:\Windows\System\yMTmxjd.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\TrbvVae.exe
  C:\Windows\System\TrbvVae.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\azpnwmB.exe
  C:\Windows\System\azpnwmB.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\LnCyhGC.exe
  C:\Windows\System\LnCyhGC.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\vHcvTzV.exe
  C:\Windows\System\vHcvTzV.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\uCAtAYR.exe
  C:\Windows\System\uCAtAYR.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\vzNCeKw.exe
  C:\Windows\System\vzNCeKw.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\yHusVdF.exe
  C:\Windows\System\yHusVdF.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\JXFQLBl.exe
  C:\Windows\System\JXFQLBl.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\qbmjfQU.exe
  C:\Windows\System\qbmjfQU.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\miFEBge.exe
  C:\Windows\System\miFEBge.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\slsZKoq.exe
  C:\Windows\System\slsZKoq.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\iUSLQkb.exe
  C:\Windows\System\iUSLQkb.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\RFxIgXr.exe
  C:\Windows\System\RFxIgXr.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\MoceUbs.exe
  C:\Windows\System\MoceUbs.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\kryrxJl.exe
  C:\Windows\System\kryrxJl.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\UoEYupa.exe
  C:\Windows\System\UoEYupa.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\EhnZVIi.exe
  C:\Windows\System\EhnZVIi.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\wnyHGwx.exe
  C:\Windows\System\wnyHGwx.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\evZHggl.exe
  C:\Windows\System\evZHggl.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\AkzpHzd.exe
  C:\Windows\System\AkzpHzd.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\otoqEKM.exe
  C:\Windows\System\otoqEKM.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\Mgyihpk.exe
  C:\Windows\System\Mgyihpk.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\clRKIte.exe
  C:\Windows\System\clRKIte.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\MKevzuw.exe
  C:\Windows\System\MKevzuw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\EGEAVds.exe
  C:\Windows\System\EGEAVds.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\MhEtVtv.exe
  C:\Windows\System\MhEtVtv.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\VdDeeSs.exe
  C:\Windows\System\VdDeeSs.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ZoqBhkb.exe
  C:\Windows\System\ZoqBhkb.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\JSyVHXw.exe
  C:\Windows\System\JSyVHXw.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\igBgxrI.exe
  C:\Windows\System\igBgxrI.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\UyWTQWN.exe
  C:\Windows\System\UyWTQWN.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\uZJihaW.exe
  C:\Windows\System\uZJihaW.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\zareOsb.exe
  C:\Windows\System\zareOsb.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\VMrocAo.exe
  C:\Windows\System\VMrocAo.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\TNQnQDc.exe
  C:\Windows\System\TNQnQDc.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\cWukRrx.exe
  C:\Windows\System\cWukRrx.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\hXJhyUG.exe
  C:\Windows\System\hXJhyUG.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\BZpzpnd.exe
  C:\Windows\System\BZpzpnd.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\KyqvFqG.exe
  C:\Windows\System\KyqvFqG.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\wGMEONn.exe
  C:\Windows\System\wGMEONn.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\LDgrYEn.exe
  C:\Windows\System\LDgrYEn.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\pgVjsBg.exe
  C:\Windows\System\pgVjsBg.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\zKHaVgY.exe
  C:\Windows\System\zKHaVgY.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\EEZnaxO.exe
  C:\Windows\System\EEZnaxO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\wphYNeT.exe
  C:\Windows\System\wphYNeT.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\yjNbfKs.exe
  C:\Windows\System\yjNbfKs.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\tAtkluu.exe
  C:\Windows\System\tAtkluu.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XaoaUIl.exe
  C:\Windows\System\XaoaUIl.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\BhImiEt.exe
  C:\Windows\System\BhImiEt.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\GIOVAkT.exe
  C:\Windows\System\GIOVAkT.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\mlPqWpR.exe
  C:\Windows\System\mlPqWpR.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\HzgNikk.exe
  C:\Windows\System\HzgNikk.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\qayHyIO.exe
  C:\Windows\System\qayHyIO.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\fgHTjqd.exe
  C:\Windows\System\fgHTjqd.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\nTWwRPx.exe
  C:\Windows\System\nTWwRPx.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\KcvKLnI.exe
  C:\Windows\System\KcvKLnI.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\ygIRhoR.exe
  C:\Windows\System\ygIRhoR.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\hsJlcwh.exe
  C:\Windows\System\hsJlcwh.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\uGpOJvW.exe
  C:\Windows\System\uGpOJvW.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\MoirWSr.exe
  C:\Windows\System\MoirWSr.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\JSwimbv.exe
  C:\Windows\System\JSwimbv.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\irvoYYC.exe
  C:\Windows\System\irvoYYC.exe
  2⤵
  PID:1100
- C:\Windows\System\ERDqtKo.exe
  C:\Windows\System\ERDqtKo.exe
  2⤵
  PID:1304
- C:\Windows\System\QAKVcHO.exe
  C:\Windows\System\QAKVcHO.exe
  2⤵
  PID:3136
- C:\Windows\System\gFsBpBX.exe
  C:\Windows\System\gFsBpBX.exe
  2⤵
  PID:2908
- C:\Windows\System\Rngwtra.exe
  C:\Windows\System\Rngwtra.exe
  2⤵
  PID:1928
- C:\Windows\System\NMQFWai.exe
  C:\Windows\System\NMQFWai.exe
  2⤵
  PID:2660
- C:\Windows\System\YNpdNdm.exe
  C:\Windows\System\YNpdNdm.exe
  2⤵
  PID:2956
- C:\Windows\System\nkbmEko.exe
  C:\Windows\System\nkbmEko.exe
  2⤵
  PID:3972
- C:\Windows\System\OoEMmRF.exe
  C:\Windows\System\OoEMmRF.exe
  2⤵
  PID:3232
- C:\Windows\System\NZVpLhU.exe
  C:\Windows\System\NZVpLhU.exe
  2⤵
  PID:3148
- C:\Windows\System\QGaNKuc.exe
  C:\Windows\System\QGaNKuc.exe
  2⤵
  PID:3812
- C:\Windows\System\hzgvxyb.exe
  C:\Windows\System\hzgvxyb.exe
  2⤵
  PID:1516
- C:\Windows\System\VUBFRYZ.exe
  C:\Windows\System\VUBFRYZ.exe
  2⤵
  PID:184
- C:\Windows\System\fIFWmbm.exe
  C:\Windows\System\fIFWmbm.exe
  2⤵
  PID:2072
- C:\Windows\System\eGhygAW.exe
  C:\Windows\System\eGhygAW.exe
  2⤵
  PID:3816
- C:\Windows\System\ylxQZyP.exe
  C:\Windows\System\ylxQZyP.exe
  2⤵
  PID:2656
- C:\Windows\System\okWbjmU.exe
  C:\Windows\System\okWbjmU.exe
  2⤵
  PID:5088
- C:\Windows\System\JCNukLk.exe
  C:\Windows\System\JCNukLk.exe
  2⤵
  PID:4860
- C:\Windows\System\CClCqqi.exe
  C:\Windows\System\CClCqqi.exe
  2⤵
  PID:4244
- C:\Windows\System\tPFuCRF.exe
  C:\Windows\System\tPFuCRF.exe
  2⤵
  PID:4676
- C:\Windows\System\wqHPRKC.exe
  C:\Windows\System\wqHPRKC.exe
  2⤵
  PID:868
- C:\Windows\System\WqyoQUd.exe
  C:\Windows\System\WqyoQUd.exe
  2⤵
  PID:1452
- C:\Windows\System\wYZixSm.exe
  C:\Windows\System\wYZixSm.exe
  2⤵
  PID:3696
- C:\Windows\System\JPLzbVw.exe
  C:\Windows\System\JPLzbVw.exe
  2⤵
  PID:448
- C:\Windows\System\rPSrFVZ.exe
  C:\Windows\System\rPSrFVZ.exe
  2⤵
  PID:2644
- C:\Windows\System\PMdAfFj.exe
  C:\Windows\System\PMdAfFj.exe
  2⤵
  PID:3292
- C:\Windows\System\fKEReSd.exe
  C:\Windows\System\fKEReSd.exe
  2⤵
  PID:3032
- C:\Windows\System\LUHPrsB.exe
  C:\Windows\System\LUHPrsB.exe
  2⤵
  PID:348
- C:\Windows\System\OMkicnS.exe
  C:\Windows\System\OMkicnS.exe
  2⤵
  PID:4280
- C:\Windows\System\bqIBpCt.exe
  C:\Windows\System\bqIBpCt.exe
  2⤵
  PID:3448
- C:\Windows\System\AAlpAwu.exe
  C:\Windows\System\AAlpAwu.exe
  2⤵
  PID:5052
- C:\Windows\System\MFAQXco.exe
  C:\Windows\System\MFAQXco.exe
  2⤵
  PID:2044
- C:\Windows\System\LXwFNEe.exe
  C:\Windows\System\LXwFNEe.exe
  2⤵
  PID:4844
- C:\Windows\System\qvXNgca.exe
  C:\Windows\System\qvXNgca.exe
  2⤵
  PID:648
- C:\Windows\System\zPWIQCm.exe
  C:\Windows\System\zPWIQCm.exe
  2⤵
  PID:4684
- C:\Windows\System\atYhWcy.exe
  C:\Windows\System\atYhWcy.exe
  2⤵
  PID:4696
- C:\Windows\System\FUOFQiC.exe
  C:\Windows\System\FUOFQiC.exe
  2⤵
  PID:4388
- C:\Windows\System\DgqkJtS.exe
  C:\Windows\System\DgqkJtS.exe
  2⤵
  PID:5128
- C:\Windows\System\BvKJRFh.exe
  C:\Windows\System\BvKJRFh.exe
  2⤵
  PID:5144
- C:\Windows\System\qPawGQA.exe
  C:\Windows\System\qPawGQA.exe
  2⤵
  PID:5184
- C:\Windows\System\qdboPil.exe
  C:\Windows\System\qdboPil.exe
  2⤵
  PID:5212
- C:\Windows\System\noloVMC.exe
  C:\Windows\System\noloVMC.exe
  2⤵
  PID:5244
- C:\Windows\System\cFdBnrk.exe
  C:\Windows\System\cFdBnrk.exe
  2⤵
  PID:5276
- C:\Windows\System\kCKTHqq.exe
  C:\Windows\System\kCKTHqq.exe
  2⤵
  PID:5304
- C:\Windows\System\AUDCdYp.exe
  C:\Windows\System\AUDCdYp.exe
  2⤵
  PID:5340
- C:\Windows\System\OcGqGvA.exe
  C:\Windows\System\OcGqGvA.exe
  2⤵
  PID:5372
- C:\Windows\System\LjBLWPr.exe
  C:\Windows\System\LjBLWPr.exe
  2⤵
  PID:5400
- C:\Windows\System\fwpchGs.exe
  C:\Windows\System\fwpchGs.exe
  2⤵
  PID:5432
- C:\Windows\System\dEISqPS.exe
  C:\Windows\System\dEISqPS.exe
  2⤵
  PID:5456
- C:\Windows\System\aoSWcXo.exe
  C:\Windows\System\aoSWcXo.exe
  2⤵
  PID:5476
- C:\Windows\System\MqDrYoc.exe
  C:\Windows\System\MqDrYoc.exe
  2⤵
  PID:5500
- C:\Windows\System\gnvtabW.exe
  C:\Windows\System\gnvtabW.exe
  2⤵
  PID:5520
- C:\Windows\System\oDApyrI.exe
  C:\Windows\System\oDApyrI.exe
  2⤵
  PID:5560
- C:\Windows\System\FdRolgb.exe
  C:\Windows\System\FdRolgb.exe
  2⤵
  PID:5596
- C:\Windows\System\vfwUJQh.exe
  C:\Windows\System\vfwUJQh.exe
  2⤵
  PID:5628
- C:\Windows\System\eWoqdTF.exe
  C:\Windows\System\eWoqdTF.exe
  2⤵
  PID:5660
- C:\Windows\System\eiaDVub.exe
  C:\Windows\System\eiaDVub.exe
  2⤵
  PID:5692
- C:\Windows\System\vPurmcv.exe
  C:\Windows\System\vPurmcv.exe
  2⤵
  PID:5708
- C:\Windows\System\GEddQwO.exe
  C:\Windows\System\GEddQwO.exe
  2⤵
  PID:5736
- C:\Windows\System\aliTEcR.exe
  C:\Windows\System\aliTEcR.exe
  2⤵
  PID:5764
- C:\Windows\System\fQTgIqf.exe
  C:\Windows\System\fQTgIqf.exe
  2⤵
  PID:5796
- C:\Windows\System\IaxoCcW.exe
  C:\Windows\System\IaxoCcW.exe
  2⤵
  PID:5824
- C:\Windows\System\BtyoYYk.exe
  C:\Windows\System\BtyoYYk.exe
  2⤵
  PID:5852
- C:\Windows\System\dFaBMRD.exe
  C:\Windows\System\dFaBMRD.exe
  2⤵
  PID:5876
- C:\Windows\System\JksjDsR.exe
  C:\Windows\System\JksjDsR.exe
  2⤵
  PID:5904
- C:\Windows\System\GXdOegE.exe
  C:\Windows\System\GXdOegE.exe
  2⤵
  PID:5944
- C:\Windows\System\YMJWPuJ.exe
  C:\Windows\System\YMJWPuJ.exe
  2⤵
  PID:5976
- C:\Windows\System\RxuqEfo.exe
  C:\Windows\System\RxuqEfo.exe
  2⤵
  PID:6004
- C:\Windows\System\CzOtDRR.exe
  C:\Windows\System\CzOtDRR.exe
  2⤵
  PID:6032
- C:\Windows\System\joHftHm.exe
  C:\Windows\System\joHftHm.exe
  2⤵
  PID:6048
- C:\Windows\System\GREJyXy.exe
  C:\Windows\System\GREJyXy.exe
  2⤵
  PID:6068
- C:\Windows\System\IWmAgrV.exe
  C:\Windows\System\IWmAgrV.exe
  2⤵
  PID:6108
- C:\Windows\System\vThOWYt.exe
  C:\Windows\System\vThOWYt.exe
  2⤵
  PID:4960
- C:\Windows\System\znEsWAR.exe
  C:\Windows\System\znEsWAR.exe
  2⤵
  PID:3584
- C:\Windows\System\yefoVhi.exe
  C:\Windows\System\yefoVhi.exe
  2⤵
  PID:5192
- C:\Windows\System\mdEiSQn.exe
  C:\Windows\System\mdEiSQn.exe
  2⤵
  PID:5232
- C:\Windows\System\znYHmil.exe
  C:\Windows\System\znYHmil.exe
  2⤵
  PID:5292
- C:\Windows\System\zZztBfW.exe
  C:\Windows\System\zZztBfW.exe
  2⤵
  PID:5368
- C:\Windows\System\UruLrMN.exe
  C:\Windows\System\UruLrMN.exe
  2⤵
  PID:5428
- C:\Windows\System\uoBJsYt.exe
  C:\Windows\System\uoBJsYt.exe
  2⤵
  PID:5464
- C:\Windows\System\xWKEQKI.exe
  C:\Windows\System\xWKEQKI.exe
  2⤵
  PID:5548
- C:\Windows\System\SorTYzw.exe
  C:\Windows\System\SorTYzw.exe
  2⤵
  PID:5620
- C:\Windows\System\TsBmTFL.exe
  C:\Windows\System\TsBmTFL.exe
  2⤵
  PID:5644
- C:\Windows\System\OaZjFmA.exe
  C:\Windows\System\OaZjFmA.exe
  2⤵
  PID:5720
- C:\Windows\System\vhsQxzQ.exe
  C:\Windows\System\vhsQxzQ.exe
  2⤵
  PID:5808
- C:\Windows\System\PfBziFx.exe
  C:\Windows\System\PfBziFx.exe
  2⤵
  PID:5860
- C:\Windows\System\MnktVhQ.exe
  C:\Windows\System\MnktVhQ.exe
  2⤵
  PID:5936
- C:\Windows\System\shvlWWR.exe
  C:\Windows\System\shvlWWR.exe
  2⤵
  PID:6020
- C:\Windows\System\KpYHAFr.exe
  C:\Windows\System\KpYHAFr.exe
  2⤵
  PID:6088
- C:\Windows\System\YbFQOsh.exe
  C:\Windows\System\YbFQOsh.exe
  2⤵
  PID:2444
- C:\Windows\System\UGNFlxE.exe
  C:\Windows\System\UGNFlxE.exe
  2⤵
  PID:5200
- C:\Windows\System\zMIVbDJ.exe
  C:\Windows\System\zMIVbDJ.exe
  2⤵
  PID:5324
- C:\Windows\System\nmrUQwC.exe
  C:\Windows\System\nmrUQwC.exe
  2⤵
  PID:5468
- C:\Windows\System\WaHHwzy.exe
  C:\Windows\System\WaHHwzy.exe
  2⤵
  PID:5572
- C:\Windows\System\rWxcKDJ.exe
  C:\Windows\System\rWxcKDJ.exe
  2⤵
  PID:5816
- C:\Windows\System\SnbtrLV.exe
  C:\Windows\System\SnbtrLV.exe
  2⤵
  PID:5992
- C:\Windows\System\MxWpPGs.exe
  C:\Windows\System\MxWpPGs.exe
  2⤵
  PID:6056
- C:\Windows\System\LXnLZRR.exe
  C:\Windows\System\LXnLZRR.exe
  2⤵
  PID:5328
- C:\Windows\System\KxOIwvj.exe
  C:\Windows\System\KxOIwvj.exe
  2⤵
  PID:5676
- C:\Windows\System\pGfrMph.exe
  C:\Windows\System\pGfrMph.exe
  2⤵
  PID:4396
- C:\Windows\System\YowvAJS.exe
  C:\Windows\System\YowvAJS.exe
  2⤵
  PID:6152
- C:\Windows\System\QwSTMAY.exe
  C:\Windows\System\QwSTMAY.exe
  2⤵
  PID:6176
- C:\Windows\System\bqTNXDB.exe
  C:\Windows\System\bqTNXDB.exe
  2⤵
  PID:6208
- C:\Windows\System\aPLoSKo.exe
  C:\Windows\System\aPLoSKo.exe
  2⤵
  PID:6232
- C:\Windows\System\ivLNPqq.exe
  C:\Windows\System\ivLNPqq.exe
  2⤵
  PID:6272
- C:\Windows\System\ymYvmvM.exe
  C:\Windows\System\ymYvmvM.exe
  2⤵
  PID:6288
- C:\Windows\System\zkKgMXu.exe
  C:\Windows\System\zkKgMXu.exe
  2⤵
  PID:6316
- C:\Windows\System\VbVNFQB.exe
  C:\Windows\System\VbVNFQB.exe
  2⤵
  PID:6332
- C:\Windows\System\dcUnWZs.exe
  C:\Windows\System\dcUnWZs.exe
  2⤵
  PID:6372
- C:\Windows\System\WgQGOST.exe
  C:\Windows\System\WgQGOST.exe
  2⤵
  PID:6396
- C:\Windows\System\PprSUBc.exe
  C:\Windows\System\PprSUBc.exe
  2⤵
  PID:6444
- C:\Windows\System\QoUydsW.exe
  C:\Windows\System\QoUydsW.exe
  2⤵
  PID:6464
- C:\Windows\System\AXlkChf.exe
  C:\Windows\System\AXlkChf.exe
  2⤵
  PID:6504
- C:\Windows\System\xZChMrH.exe
  C:\Windows\System\xZChMrH.exe
  2⤵
  PID:6532
- C:\Windows\System\cmdNpqw.exe
  C:\Windows\System\cmdNpqw.exe
  2⤵
  PID:6560
- C:\Windows\System\YzDzVqj.exe
  C:\Windows\System\YzDzVqj.exe
  2⤵
  PID:6580
- C:\Windows\System\xbBeIkT.exe
  C:\Windows\System\xbBeIkT.exe
  2⤵
  PID:6616
- C:\Windows\System\gvohzqo.exe
  C:\Windows\System\gvohzqo.exe
  2⤵
  PID:6644
- C:\Windows\System\gEKHvzC.exe
  C:\Windows\System\gEKHvzC.exe
  2⤵
  PID:6660
- C:\Windows\System\wGAzNHV.exe
  C:\Windows\System\wGAzNHV.exe
  2⤵
  PID:6688
- C:\Windows\System\GfebdCE.exe
  C:\Windows\System\GfebdCE.exe
  2⤵
  PID:6704
- C:\Windows\System\yaerPga.exe
  C:\Windows\System\yaerPga.exe
  2⤵
  PID:6736
- C:\Windows\System\tAWNuci.exe
  C:\Windows\System\tAWNuci.exe
  2⤵
  PID:6776
- C:\Windows\System\yxpYJbJ.exe
  C:\Windows\System\yxpYJbJ.exe
  2⤵
  PID:6800
- C:\Windows\System\LNMlgdK.exe
  C:\Windows\System\LNMlgdK.exe
  2⤵
  PID:6832
- C:\Windows\System\nxfuWIP.exe
  C:\Windows\System\nxfuWIP.exe
  2⤵
  PID:6856
- C:\Windows\System\bUzxNad.exe
  C:\Windows\System\bUzxNad.exe
  2⤵
  PID:6888
- C:\Windows\System\crpSTJB.exe
  C:\Windows\System\crpSTJB.exe
  2⤵
  PID:6920
- C:\Windows\System\cWmAFjp.exe
  C:\Windows\System\cWmAFjp.exe
  2⤵
  PID:6952
- C:\Windows\System\aWbYrQJ.exe
  C:\Windows\System\aWbYrQJ.exe
  2⤵
  PID:6984
- C:\Windows\System\rYTJvCl.exe
  C:\Windows\System\rYTJvCl.exe
  2⤵
  PID:7008
- C:\Windows\System\bPKyVyh.exe
  C:\Windows\System\bPKyVyh.exe
  2⤵
  PID:7040
- C:\Windows\System\qfgMuGx.exe
  C:\Windows\System\qfgMuGx.exe
  2⤵
  PID:7068
- C:\Windows\System\XlwsEkx.exe
  C:\Windows\System\XlwsEkx.exe
  2⤵
  PID:7100
- C:\Windows\System\ATchxBa.exe
  C:\Windows\System\ATchxBa.exe
  2⤵
  PID:7128
- C:\Windows\System\HVJaxcs.exe
  C:\Windows\System\HVJaxcs.exe
  2⤵
  PID:7148
- C:\Windows\System\UZwanXG.exe
  C:\Windows\System\UZwanXG.exe
  2⤵
  PID:5888
- C:\Windows\System\ravHKVg.exe
  C:\Windows\System\ravHKVg.exe
  2⤵
  PID:6196
- C:\Windows\System\WxHLEWp.exe
  C:\Windows\System\WxHLEWp.exe
  2⤵
  PID:6284
- C:\Windows\System\PFWcZWK.exe
  C:\Windows\System\PFWcZWK.exe
  2⤵
  PID:6304
- C:\Windows\System\IJreTyO.exe
  C:\Windows\System\IJreTyO.exe
  2⤵
  PID:6388
- C:\Windows\System\bsksKih.exe
  C:\Windows\System\bsksKih.exe
  2⤵
  PID:6456
- C:\Windows\System\ChFrRoc.exe
  C:\Windows\System\ChFrRoc.exe
  2⤵
  PID:6520
- C:\Windows\System\RvcXKjs.exe
  C:\Windows\System\RvcXKjs.exe
  2⤵
  PID:6636
- C:\Windows\System\mzInchz.exe
  C:\Windows\System\mzInchz.exe
  2⤵
  PID:6700
- C:\Windows\System\ljZsAua.exe
  C:\Windows\System\ljZsAua.exe
  2⤵
  PID:6724
- C:\Windows\System\euJqIDO.exe
  C:\Windows\System\euJqIDO.exe
  2⤵
  PID:6796
- C:\Windows\System\sfeXkjP.exe
  C:\Windows\System\sfeXkjP.exe
  2⤵
  PID:6900
- C:\Windows\System\ZwlmKtj.exe
  C:\Windows\System\ZwlmKtj.exe
  2⤵
  PID:6964
- C:\Windows\System\IGNGbFk.exe
  C:\Windows\System\IGNGbFk.exe
  2⤵
  PID:7000
- C:\Windows\System\yXIHUsU.exe
  C:\Windows\System\yXIHUsU.exe
  2⤵
  PID:7088
- C:\Windows\System\CThICWx.exe
  C:\Windows\System\CThICWx.exe
  2⤵
  PID:2492
- C:\Windows\System\eBfSuas.exe
  C:\Windows\System\eBfSuas.exe
  2⤵
  PID:6300
- C:\Windows\System\AaJMlEN.exe
  C:\Windows\System\AaJMlEN.exe
  2⤵
  PID:6500
- C:\Windows\System\IqyudSk.exe
  C:\Windows\System\IqyudSk.exe
  2⤵
  PID:6652
- C:\Windows\System\fLSqmap.exe
  C:\Windows\System\fLSqmap.exe
  2⤵
  PID:6840
- C:\Windows\System\KUaTEzs.exe
  C:\Windows\System\KUaTEzs.exe
  2⤵
  PID:1900
- C:\Windows\System\JcMxJPa.exe
  C:\Windows\System\JcMxJPa.exe
  2⤵
  PID:7112
- C:\Windows\System\bKYaCLc.exe
  C:\Windows\System\bKYaCLc.exe
  2⤵
  PID:7156
- C:\Windows\System\CJpCUQX.exe
  C:\Windows\System\CJpCUQX.exe
  2⤵
  PID:6516
- C:\Windows\System\dRpQwYx.exe
  C:\Windows\System\dRpQwYx.exe
  2⤵
  PID:6784
- C:\Windows\System\rMrLDId.exe
  C:\Windows\System\rMrLDId.exe
  2⤵
  PID:2880
- C:\Windows\System\IjypsPj.exe
  C:\Windows\System\IjypsPj.exe
  2⤵
  PID:2516
- C:\Windows\System\BNQFFub.exe
  C:\Windows\System\BNQFFub.exe
  2⤵
  PID:7172
- C:\Windows\System\ZEOmhXP.exe
  C:\Windows\System\ZEOmhXP.exe
  2⤵
  PID:7200
- C:\Windows\System\OPcGduF.exe
  C:\Windows\System\OPcGduF.exe
  2⤵
  PID:7228
- C:\Windows\System\pfmMsxd.exe
  C:\Windows\System\pfmMsxd.exe
  2⤵
  PID:7260
- C:\Windows\System\UfsekGq.exe
  C:\Windows\System\UfsekGq.exe
  2⤵
  PID:7284
- C:\Windows\System\orRROxS.exe
  C:\Windows\System\orRROxS.exe
  2⤵
  PID:7312
- C:\Windows\System\cNergCj.exe
  C:\Windows\System\cNergCj.exe
  2⤵
  PID:7340
- C:\Windows\System\dAOVuyO.exe
  C:\Windows\System\dAOVuyO.exe
  2⤵
  PID:7368
- C:\Windows\System\iiJPBaE.exe
  C:\Windows\System\iiJPBaE.exe
  2⤵
  PID:7396
- C:\Windows\System\NlxIfhA.exe
  C:\Windows\System\NlxIfhA.exe
  2⤵
  PID:7424
- C:\Windows\System\GKjUVaG.exe
  C:\Windows\System\GKjUVaG.exe
  2⤵
  PID:7452
- C:\Windows\System\HUjTNHE.exe
  C:\Windows\System\HUjTNHE.exe
  2⤵
  PID:7468
- C:\Windows\System\szLtKJe.exe
  C:\Windows\System\szLtKJe.exe
  2⤵
  PID:7504
- C:\Windows\System\IBgJizk.exe
  C:\Windows\System\IBgJizk.exe
  2⤵
  PID:7528
- C:\Windows\System\MpeddAH.exe
  C:\Windows\System\MpeddAH.exe
  2⤵
  PID:7552
- C:\Windows\System\rTLsPya.exe
  C:\Windows\System\rTLsPya.exe
  2⤵
  PID:7580
- C:\Windows\System\MeJxqdI.exe
  C:\Windows\System\MeJxqdI.exe
  2⤵
  PID:7608
- C:\Windows\System\wqixnok.exe
  C:\Windows\System\wqixnok.exe
  2⤵
  PID:7636
- C:\Windows\System\sHlyLVp.exe
  C:\Windows\System\sHlyLVp.exe
  2⤵
  PID:7668
- C:\Windows\System\OsyBEWj.exe
  C:\Windows\System\OsyBEWj.exe
  2⤵
  PID:7692
- C:\Windows\System\lvJBNOL.exe
  C:\Windows\System\lvJBNOL.exe
  2⤵
  PID:7720
- C:\Windows\System\TiYpfXF.exe
  C:\Windows\System\TiYpfXF.exe
  2⤵
  PID:7744
- C:\Windows\System\HxyoZVa.exe
  C:\Windows\System\HxyoZVa.exe
  2⤵
  PID:7776
- C:\Windows\System\GZvjAiP.exe
  C:\Windows\System\GZvjAiP.exe
  2⤵
  PID:7804
- C:\Windows\System\GWmxZec.exe
  C:\Windows\System\GWmxZec.exe
  2⤵
  PID:7828
- C:\Windows\System\hBhbZvL.exe
  C:\Windows\System\hBhbZvL.exe
  2⤵
  PID:7852
- C:\Windows\System\vGOXUZX.exe
  C:\Windows\System\vGOXUZX.exe
  2⤵
  PID:7868
- C:\Windows\System\ZRWoVQl.exe
  C:\Windows\System\ZRWoVQl.exe
  2⤵
  PID:7892
- C:\Windows\System\uSmVync.exe
  C:\Windows\System\uSmVync.exe
  2⤵
  PID:7932
- C:\Windows\System\YreJxzs.exe
  C:\Windows\System\YreJxzs.exe
  2⤵
  PID:7952
- C:\Windows\System\NodixyI.exe
  C:\Windows\System\NodixyI.exe
  2⤵
  PID:7988
- C:\Windows\System\gJQsIxU.exe
  C:\Windows\System\gJQsIxU.exe
  2⤵
  PID:8024
- C:\Windows\System\BrUZOdR.exe
  C:\Windows\System\BrUZOdR.exe
  2⤵
  PID:8048
- C:\Windows\System\pTpHNBH.exe
  C:\Windows\System\pTpHNBH.exe
  2⤵
  PID:8080
- C:\Windows\System\TJSwdwM.exe
  C:\Windows\System\TJSwdwM.exe
  2⤵
  PID:8112
- C:\Windows\System\DfKwvcN.exe
  C:\Windows\System\DfKwvcN.exe
  2⤵
  PID:8144
- C:\Windows\System\ZvUSGzd.exe
  C:\Windows\System\ZvUSGzd.exe
  2⤵
  PID:8176
- C:\Windows\System\GEUJEXV.exe
  C:\Windows\System\GEUJEXV.exe
  2⤵
  PID:7196
- C:\Windows\System\KMFnqoc.exe
  C:\Windows\System\KMFnqoc.exe
  2⤵
  PID:7248
- C:\Windows\System\ZRjkJSi.exe
  C:\Windows\System\ZRjkJSi.exe
  2⤵
  PID:7324
- C:\Windows\System\JbaiLxo.exe
  C:\Windows\System\JbaiLxo.exe
  2⤵
  PID:7408
- C:\Windows\System\rgiiNBS.exe
  C:\Windows\System\rgiiNBS.exe
  2⤵
  PID:7440
- C:\Windows\System\URuaKqT.exe
  C:\Windows\System\URuaKqT.exe
  2⤵
  PID:7540
- C:\Windows\System\gyNXdEq.exe
  C:\Windows\System\gyNXdEq.exe
  2⤵
  PID:7596
- C:\Windows\System\eLaXSJl.exe
  C:\Windows\System\eLaXSJl.exe
  2⤵
  PID:7652
- C:\Windows\System\oxjyfpW.exe
  C:\Windows\System\oxjyfpW.exe
  2⤵
  PID:7736
- C:\Windows\System\KRPLFCG.exe
  C:\Windows\System\KRPLFCG.exe
  2⤵
  PID:7816
- C:\Windows\System\EgBIpqH.exe
  C:\Windows\System\EgBIpqH.exe
  2⤵
  PID:7820
- C:\Windows\System\zbZFYcp.exe
  C:\Windows\System\zbZFYcp.exe
  2⤵
  PID:7924
- C:\Windows\System\xMyJjtk.exe
  C:\Windows\System\xMyJjtk.exe
  2⤵
  PID:7980
- C:\Windows\System\GPzgDCj.exe
  C:\Windows\System\GPzgDCj.exe
  2⤵
  PID:8016
- C:\Windows\System\cmPBqUB.exe
  C:\Windows\System\cmPBqUB.exe
  2⤵
  PID:8124
- C:\Windows\System\KFwlHnZ.exe
  C:\Windows\System\KFwlHnZ.exe
  2⤵
  PID:8160
- C:\Windows\System\LWfEKGp.exe
  C:\Windows\System\LWfEKGp.exe
  2⤵
  PID:7296
- C:\Windows\System\zeEKuzO.exe
  C:\Windows\System\zeEKuzO.exe
  2⤵
  PID:7484
- C:\Windows\System\LvHwONu.exe
  C:\Windows\System\LvHwONu.exe
  2⤵
  PID:7600
- C:\Windows\System\MnKiruE.exe
  C:\Windows\System\MnKiruE.exe
  2⤵
  PID:7760
- C:\Windows\System\kXBcWcM.exe
  C:\Windows\System\kXBcWcM.exe
  2⤵
  PID:7912
- C:\Windows\System\hvqGssl.exe
  C:\Windows\System\hvqGssl.exe
  2⤵
  PID:8060
- C:\Windows\System\oQrLFQG.exe
  C:\Windows\System\oQrLFQG.exe
  2⤵
  PID:7252
- C:\Windows\System\xoKxJTY.exe
  C:\Windows\System\xoKxJTY.exe
  2⤵
  PID:7568
- C:\Windows\System\vmKPMWq.exe
  C:\Windows\System\vmKPMWq.exe
  2⤵
  PID:7948
- C:\Windows\System\dYeBZlX.exe
  C:\Windows\System\dYeBZlX.exe
  2⤵
  PID:8164
- C:\Windows\System\BdinBhk.exe
  C:\Windows\System\BdinBhk.exe
  2⤵
  PID:7512
- C:\Windows\System\KqCacvV.exe
  C:\Windows\System\KqCacvV.exe
  2⤵
  PID:8032
- C:\Windows\System\lBrffHx.exe
  C:\Windows\System\lBrffHx.exe
  2⤵
  PID:8196
- C:\Windows\System\QArUhxi.exe
  C:\Windows\System\QArUhxi.exe
  2⤵
  PID:8224
- C:\Windows\System\oWHHvcE.exe
  C:\Windows\System\oWHHvcE.exe
  2⤵
  PID:8264
- C:\Windows\System\tUUgtcx.exe
  C:\Windows\System\tUUgtcx.exe
  2⤵
  PID:8300
- C:\Windows\System\eqMUkpF.exe
  C:\Windows\System\eqMUkpF.exe
  2⤵
  PID:8336
- C:\Windows\System\sXUgXeg.exe
  C:\Windows\System\sXUgXeg.exe
  2⤵
  PID:8360
- C:\Windows\System\lfuytSA.exe
  C:\Windows\System\lfuytSA.exe
  2⤵
  PID:8388
- C:\Windows\System\UrHEUNe.exe
  C:\Windows\System\UrHEUNe.exe
  2⤵
  PID:8428
- C:\Windows\System\YqePiWi.exe
  C:\Windows\System\YqePiWi.exe
  2⤵
  PID:8460
- C:\Windows\System\zOENyOR.exe
  C:\Windows\System\zOENyOR.exe
  2⤵
  PID:8488
- C:\Windows\System\gWgIwJs.exe
  C:\Windows\System\gWgIwJs.exe
  2⤵
  PID:8524
- C:\Windows\System\DHKBUHM.exe
  C:\Windows\System\DHKBUHM.exe
  2⤵
  PID:8544
- C:\Windows\System\wEMVMZR.exe
  C:\Windows\System\wEMVMZR.exe
  2⤵
  PID:8568
- C:\Windows\System\ZuFrGIC.exe
  C:\Windows\System\ZuFrGIC.exe
  2⤵
  PID:8592
- C:\Windows\System\FvsEdlx.exe
  C:\Windows\System\FvsEdlx.exe
  2⤵
  PID:8608
- C:\Windows\System\hytViog.exe
  C:\Windows\System\hytViog.exe
  2⤵
  PID:8644
- C:\Windows\System\edKxzBK.exe
  C:\Windows\System\edKxzBK.exe
  2⤵
  PID:8668
- C:\Windows\System\MtsFKoO.exe
  C:\Windows\System\MtsFKoO.exe
  2⤵
  PID:8704
- C:\Windows\System\oqfuPVX.exe
  C:\Windows\System\oqfuPVX.exe
  2⤵
  PID:8736
- C:\Windows\System\JbdcuaD.exe
  C:\Windows\System\JbdcuaD.exe
  2⤵
  PID:8760
- C:\Windows\System\wngLUsa.exe
  C:\Windows\System\wngLUsa.exe
  2⤵
  PID:8792
- C:\Windows\System\vRtuYRZ.exe
  C:\Windows\System\vRtuYRZ.exe
  2⤵
  PID:8820
- C:\Windows\System\CxgBfKy.exe
  C:\Windows\System\CxgBfKy.exe
  2⤵
  PID:8840
- C:\Windows\System\wGlwcxk.exe
  C:\Windows\System\wGlwcxk.exe
  2⤵
  PID:8876
- C:\Windows\System\XuJaiDS.exe
  C:\Windows\System\XuJaiDS.exe
  2⤵
  PID:8916
- C:\Windows\System\DwDfRtK.exe
  C:\Windows\System\DwDfRtK.exe
  2⤵
  PID:8932
- C:\Windows\System\IErDXWB.exe
  C:\Windows\System\IErDXWB.exe
  2⤵
  PID:8960
- C:\Windows\System\CMUcmXJ.exe
  C:\Windows\System\CMUcmXJ.exe
  2⤵
  PID:8988
- C:\Windows\System\MGwdYLT.exe
  C:\Windows\System\MGwdYLT.exe
  2⤵
  PID:9020
- C:\Windows\System\bjSyvGx.exe
  C:\Windows\System\bjSyvGx.exe
  2⤵
  PID:9048
- C:\Windows\System\MZigVSz.exe
  C:\Windows\System\MZigVSz.exe
  2⤵
  PID:9076
- C:\Windows\System\QZXvchl.exe
  C:\Windows\System\QZXvchl.exe
  2⤵
  PID:9112
- C:\Windows\System\mgzwRWG.exe
  C:\Windows\System\mgzwRWG.exe
  2⤵
  PID:9128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AkzpHzd.exe

Filesize
2.1MB

MD5
5161d6d0a7ebe63e900e4f83963ec7d4

SHA1
7a8cde0c0314f9807f8ef2c9c6f72b72afc6e67d

SHA256
253861db76b1cce81f770fbcf0894bc451f4e78e45e19e6e6946012dcc7cb8f7

SHA512
e5e56b93c49cbb82cb5c34c2ff927c99e86ed6122b64266f3c5892164234c610916225441ec18084872824e7e711e33ad2a5b48ae4e48fa5d0a5320304ee4e8c

Download Submit
C:\Windows\System\EGEAVds.exe

Filesize
2.1MB

MD5
213e823a3f54607b4d142bdaa2b051cc

SHA1
318e2e44ef5b5430973ce874887bd22aba38c5fc

SHA256
44cc3947d5f43573bf36e54525a74f36021a0dc5bceacdee2ac58ac8a4b8b466

SHA512
83abf6af04173137d075eb9dc8bc919053634447f075999c4c3b917eae83764ecb0badd5627163e0e4dce1f397ec9ef7d8957d553481bd224efceeb4cb28d399

Download Submit
C:\Windows\System\EhnZVIi.exe

Filesize
2.1MB

MD5
910bd162e9c95fe7cd551c18405fd6bb

SHA1
1b6744fd6e4b196166fdee99ce9cf8481c5a905c

SHA256
02500e6553e42b01182b40c0c155ef1fa93dfc42b1554cbfbb7736537dcc0081

SHA512
5f0516650daa111cc04a8356c5867c9a7f700f77c41f9d8cbaea752a9942597407c7124472c867ed506cad59fd6b66d29fd035c3679e10cd6cef81b84ab31375

Download Submit
C:\Windows\System\JSyVHXw.exe

Filesize
2.1MB

MD5
68bf0a0de4f3bea8aa17fdd360c975d8

SHA1
a65f0d18c81f12fa6ca8d6cfbdb72b2bd00db1af

SHA256
d6029f4c0569ae23dfee830ddbb3b185e470e7af19f66a2a5c8fa0f8985952a4

SHA512
876bfe3e4b81f5f58953ca6b2ecd9da4c3c13bdc7188da68abeba9efd3ffa196a86b14b851b7cfd777a4a1d70fdf569cb79392825dcc61efc2b1c26e5bada25e

Download Submit
C:\Windows\System\JXFQLBl.exe

Filesize
2.1MB

MD5
a288c823e72290bb15884ef6d0013e02

SHA1
8078cd9710c5bbf74f6de58e3a5a8648e898f509

SHA256
9b5adc8729e2c7614dc468d2f20dd4a165b54358ac0f9322629e2c5e75f8ec07

SHA512
984e6eb743f3776c311fa6455e3753d30e12998f12c8887cf988b38e7c95ad57d793b49cdd35301b19c9149859de6008a2269b73faafa4c7a1f120afa8377dd7

Download Submit
C:\Windows\System\LnCyhGC.exe

Filesize
2.1MB

MD5
fe78e0af89b4a62ace6aae802ad7f2dd

SHA1
0889f98ab496e7c150ebfc3243a724292b792d0a

SHA256
4737454af8aec3e570af7b3275e53ce13442abaa0c8c2df7a8b7e20f5d77d0b7

SHA512
1a0643277be315966bbf03b31956cac009a7cd2fe567620a65551437d3abef00f42dc94d85f20ffadc90c1532911d13826a86881bfda94700dfb5f1dd7447ddf

Download Submit
C:\Windows\System\MKevzuw.exe

Filesize
2.1MB

MD5
7423dae9876f6c56bbc0b342c0d3d059

SHA1
ca338cfa926bf350fc8490500e800dd8ff5d4077

SHA256
3802439d1f5b655fc8cc5067cca47e126505a865a30c583e5f1983b0d70cf1fc

SHA512
bd5cad6ca47fdcab18899647bbd0f301025598b537489f2f3aa155e7fed85eb99fe903b086980181c57c2b4c84a9f6a1418e23013a5dd3be5a4f70d0ed30d9f8

Download Submit
C:\Windows\System\Mgyihpk.exe

Filesize
2.1MB

MD5
ee4a9e6fcbc010e4d5c861939ea77486

SHA1
d6dd1aa034c4caef289bf050a8f7448f35cbb5bd

SHA256
55f5d1fb3c8a5b44c0d603421fbdb09ea011053087659896d463805bec9b3290

SHA512
6b870a174d0d46f26c8a383dafe6c77e0a5f1bc3f6246e0bf60cd38b2546a033dfa572b75030cfe209903fd63472d5182f12d80d12870b4e449eededdafa8d7b

Download Submit
C:\Windows\System\MhEtVtv.exe

Filesize
2.1MB

MD5
c7ce5a17ac774fea44362e166394e4b3

SHA1
179626f78829e535862076502d043559a2a696aa

SHA256
e0f04f503eaaffecdfd7172091c3fdfb08a945d5d67d39c4f1e3cfdbcf78f639

SHA512
f4bd8ed98956ca2e26503fb887c097b1f27000a1e4caa3f3425dd7a7e17b2affc5ef74fcd7a4df21cee60cfa8bc95cc31827e839176beff558b10d77c34d2b6f

Download Submit
C:\Windows\System\MoceUbs.exe

Filesize
2.1MB

MD5
4f3e1465cfaed1d44ade67f3aec7875c

SHA1
7d1218173a46fad0b57e5d123a8be3833936b3fb

SHA256
44dc8877863e581e2c70a217f08406b5030f4678caf08494b651e04cac36ff51

SHA512
bdcd8c5c653e194136dfe5e47d9c66fdb28cc9e23dae86a5395ba10d5a0ca656f4f46b75143850b020bfcf83c1a34a702292a2ad49fc333fae48b2fd5f2fd4ec

Download Submit
C:\Windows\System\NbIndqR.exe

Filesize
2.1MB

MD5
bcaa4d75684f433a2996b69df80fcef1

SHA1
b620cab2527972cf44664e648642ac1046f71188

SHA256
2d9e4b7bd0de24572136533e2ee4d6332767203c505008204bf876b7a2d850be

SHA512
6c053bb24459b3ffe13ea29d49bfe905028569d959db11c557ef52acfd2bba372b787740c3878f0b283547551573db75fdbbdfbaa8b83ab3391294d20270126b

Download Submit
C:\Windows\System\RFxIgXr.exe

Filesize
2.1MB

MD5
770165b31af1746b6590e44e72bab6e3

SHA1
a3223014fe33f3a31539606f89cea6c9cabfe6b4

SHA256
c18ff3ac54278cf694fc8fb724904df4e8506161f629032cd20ff5cc174de68d

SHA512
779a3cd693e1ba2f0deb925aed24609b8a88a35a0361b5cad4dddc63ed3e224dce432acf9b225d05811e34484848c13d8a725e842e3f48146894485dd1a91e58

Download Submit
C:\Windows\System\TrbvVae.exe

Filesize
2.1MB

MD5
d20a7e4f505f23284a0d5882387375eb

SHA1
5350350999ea6f2b5f5e5d36c13c541633657747

SHA256
482f5f68384f53834cc745dd2111097419c74f8f236ce69490aa5c7da36ef09a

SHA512
5be5885568312222e829cd988c6972f5a322ea6fe30a1981efc3afc7a90c90e7fb4995e21620b5fa38ac29ee06394558d5ba286552827f2a51801755eaeda57e

Download Submit
C:\Windows\System\UoEYupa.exe

Filesize
2.1MB

MD5
578f14f1da035eb1fab1a9df982d040c

SHA1
d4b0e9b343eb0bdee0cd716ecc5a011b5eb4cff4

SHA256
476e58c6ceb644b8a16f911c8377a4082f0fce073eb50f2b06dedd341bd67019

SHA512
ce8c36628575043606384260b4efd4aa04c88b7f48d1974dcbfbdc61d7a888d83d7200021da82409fc981fc55b15ea2ddc71753127a0dbd5fc205786c76c7c77

Download Submit
C:\Windows\System\UyWTQWN.exe

Filesize
2.1MB

MD5
df0bfeaede042f42d7a03dc7d6247673

SHA1
08b67606048f3cd2c321874e701e49a2952a7193

SHA256
66b9213846bcff317661e0d4d7650a6c04ed6a572a2a40794a93af8d115c3373

SHA512
73248a83e861104d0860eed7d9755825e61099b17fee7f6014d85b45fb4eb34c5ca2be585cce1f2ecf3450a4fa3bfcd703b38e087981c1d736db96d535b46644

Download Submit
C:\Windows\System\VdDeeSs.exe

Filesize
2.1MB

MD5
2c8929d4aca3c0d43ac2ebdccc209d70

SHA1
cfea264ab9d9ff283f06691d06b37e381ee8f7c3

SHA256
8100bb955188e54d0b489884df0d2a48841da4e6681d4aca1b716cebccafa0e9

SHA512
337acd5dfa21fe9f4e45493ce85d4e076b9ecd4c7bf781e02bad317a9a7cb394b847904ceb37f653a250fa7b85b85d667d578bb580f6c14e01566b93804881c7

Download Submit
C:\Windows\System\ZoqBhkb.exe

Filesize
2.1MB

MD5
d536306f4b5a249646c8ec2e0eeb592b

SHA1
448948c6ff5aa7c2fe6a0e6be92b8fdbb2918af1

SHA256
fc268a636a83730097fc71d0c54ca2e4809a7caf05fdd6e7d6c275b70c7e5898

SHA512
6dc3a8bbb8009f7ea8c595a6387d1f0220fe29a0e5abaecbbbf77c7ed46002d5b0e3dcc9c375537201a82dccfd16d7e05366ae334706ef9fe111ba5d88bf653f

Download Submit
C:\Windows\System\azpnwmB.exe

Filesize
2.1MB

MD5
4a8b49e6b94a1e0a9f7b847913439df4

SHA1
05e272955b226ba4bf3483969dd5ff82f712e77a

SHA256
d7f658d559b40a180d5e14a327db62da3ffada9bffffb01335089441e1ec3900

SHA512
7a6c632862153cb9414316b8edf444b1c90655bab42bbd838cfa3d0d2b91149a7379707a45a16126f7e2c0b114a9e31562773452b4cd5efa50df58ecb1cf2783

Download Submit
C:\Windows\System\clRKIte.exe

Filesize
2.1MB

MD5
35ae666bcc9817043f2988cba8fb5a0e

SHA1
a26b6e6e03ea7a6e29b04be686459c0ea4b0875e

SHA256
86b8487b8c6d88dc806e28f07860c25846ee0ff713b24439cc54ff652ca091dd

SHA512
f20b0bd51179f78e260817354be459f0853bbfb2441a351ce0ab200fbaec5bfc3c2f2e164338737310d2b4f1fc949d7c0c9f27523a35977ae0c824d6373a37ee

Download Submit
C:\Windows\System\evZHggl.exe

Filesize
2.1MB

MD5
06fd83ff4cac879c780a15df04b2bacc

SHA1
ffd3fd2142384d40361dc02dc9f3db58e71999e7

SHA256
338722753a0ab5a738dc19f3a6bae7da04ad4485b23765b6eb379b7f140662f0

SHA512
303814f8dd3c0eadf92689b7f2ab31c78932f9ae49ff5c2eb97e9fb036d1d53bac2ba4c7b022e46e87ad0820339d71bac72dca3c3bd72e27356cd004a9fb1fcf

Download Submit
C:\Windows\System\gJARMhh.exe

Filesize
2.1MB

MD5
6caa833b4b32bcc6f7d539cf0175aab9

SHA1
d0883f1786ca58c68e8f3046ab7054236e7f0311

SHA256
9fb15eefaf4d8ddbbc55e2670419386389128e35971058b44eec25bc1d8ec149

SHA512
76d37ec453a770b740f17feeca69414b17e9fc385265154e4cb8ad61af6f8be9b78e4ed1eeebe7a5f3bcfab19f74762a0b2a0d015d3e5b52d9c78937bf512a85

Download Submit
C:\Windows\System\iUSLQkb.exe

Filesize
2.1MB

MD5
339df1b1558e65b61c40a78f2eaa8e81

SHA1
4c76730c2d0cfca65372136f62ee3b830f78a2e6

SHA256
af6bae073006d6941ab050f8103ddd35a04fc2c7e7ec4c4b9d335f00e079efa0

SHA512
b62fa0dd0d5532981a356394cbd6287ddcc1598dea1db75b1d357c5b70ff66f8266e791b131c2a836af63345626e6eb3ed04e533c819af83b03f3faa9c96ec99

Download Submit
C:\Windows\System\igBgxrI.exe

Filesize
2.1MB

MD5
7b3d7f837fcfb59e5c5b958f5405e0d8

SHA1
5ea8e8b6bf34769aa60d938a0caa3a443d4f3194

SHA256
fcb7c5097d88e80d58c04cb2f468a26bee95b3c74600d27a57bbf12f12bf9389

SHA512
dc20f510c9e649c78a41a7b7b248dffeddf3affaf5c1382bf9308e78e8483c33c5569e3bb80cecf213f8d561ed8f49d5f7bf83641a1de3305254a42ec6be08bb

Download Submit
C:\Windows\System\kryrxJl.exe

Filesize
2.1MB

MD5
ff6ab4bffb01108fc828e1402ca6b158

SHA1
79e04aa0ede7cb38ef5fa08ed4eeceefe6d97b1e

SHA256
3b2a0e45da7f24e63659b0ecb70c2e2099c75a812989fcf50ee3f080200d090f

SHA512
8318da7b40f6fd1225b4cf5576f75d96e6dc6d6ac65c73068bad392cabcef5179c51eb532736efa0518d130eb108fcd9e34aff9dd1ab91f7e1bb250e9fbfdbb7

Download Submit
C:\Windows\System\miFEBge.exe

Filesize
2.1MB

MD5
7c4081d4ca1874dca59c912bab4158ea

SHA1
d3b3901ac324f6102a82a99992b089991c9c842d

SHA256
9db9ef6626cc47e3c1f966f9b6f9605cfdccc00cfa1fe57183bf1a60f5f3ac8e

SHA512
c3cc20f15ddb0711441873d6da960be59ed40472701f41d04421b043b535063138c5dc2c081177b91192bf7402717f31c1fe3138d4b6cfa0e772b1c59f456bc9

Download Submit
C:\Windows\System\otoqEKM.exe

Filesize
2.1MB

MD5
8c0c8ef99cfb1284f7d1a6406ec647b1

SHA1
c16234b46bc31b5833ffdb4acabe07dcb34b883f

SHA256
4bf910fa65b8d8c8e92296abbf424e4e383e19ac1ef46df88f71a2958ae8f89f

SHA512
03607de8db90795ec832e4998ab5b1cb1cc7d338601c92bb571d8c70faa0bf8f7ea828df49189ba4f14fc6aab2c0c96c828a01c8c8d34320ece0dc1e41742cee

Download Submit
C:\Windows\System\qbmjfQU.exe

Filesize
2.1MB

MD5
c4468c90a166509620d0e6ec05862a8d

SHA1
cd9f2e2334338ba428d3a3f36dbaf7c9c2280a39

SHA256
d5cb43bee13fe613d999f26479111fcae00bf30f15da48f8a711fd05a9b217ee

SHA512
4cb0cac84f9706ed52373863afdac3bc1129cb5c57f2e1aa3abf80cf3b7ca44ac44cc581fcfa9379fe891f9579c5d090f36bb23c1a4742576edc585d5c0720c5

Download Submit
C:\Windows\System\slsZKoq.exe

Filesize
2.1MB

MD5
adac9a25c48615c51c7fea1a480f81fb

SHA1
2f6aaae179aebb15397dc4562552baf6d7b883ff

SHA256
fc3a165223ad14556e52ea607eb7988ef71908e4d1d4219d946498aaf21ab849

SHA512
ef00ddd04c8079c1b4539ddd7e24d8203b72459cec6264b1abb63601f25c149bb25450c3b876e1db7505fb000058a4b703fba68814cabdced59a63266c17530f

Download Submit
C:\Windows\System\uCAtAYR.exe

Filesize
2.1MB

MD5
30bc5070a36a67ec1904f2d49647ae38

SHA1
6d712d3d7dcf7840a19b0491f804a8c0d9d75015

SHA256
ef71dcffb672ba9a7061905b91ba3cf68578f09208360057516263a6589ddc81

SHA512
a56186f320b3fd84987170b4cd36a0a1aa7d1586bbae99b6020fc1c0ad69e62acfbf89d50de6df71639283143521b9d7709f73c8c66e41f9bb1177670bf743df

Download Submit
C:\Windows\System\uZJihaW.exe

Filesize
2.1MB

MD5
f8205b0e42dd985ef07d2c5b878b8325

SHA1
47dc4704b7833268b537012914cecd2da41cbf05

SHA256
1a6ca71fca231c15a1167c8e4f592c2a85b5def9cc14efb8dae02f8302266599

SHA512
846361f2d62697b1a15970e57049da7886101127d59bfc86d78f066cb4ab843095db5a2c913c7d55034f18aca3df2a0c34aefa8177590eaf44775c64539c32cd

Download Submit
C:\Windows\System\vHcvTzV.exe

Filesize
2.1MB

MD5
1647e3066ed1e2e5ab6e2cf61de481c9

SHA1
84d17ada464a35825d85fba797a4c626258c5181

SHA256
ce590d8d506479db1308fe572fae373ddc2b4d89373d751e097808116555e272

SHA512
77e01a07d56ad8f1d16387c8548390805e207a4451340424a06282f23600fe40ed5c7f3d27dd11f2c5c99c42da2ff989e19f108e7589ba23ba2194d36b0c1d67

Download Submit
C:\Windows\System\vzNCeKw.exe

Filesize
2.1MB

MD5
d3414e38fd9e7ccc95b8d5066f2691fa

SHA1
4167cef68203cec77db607a13c010b9dd603b7b8

SHA256
fe6c39bb6d2f7c298a3a55949615ae911f0acfe8c81ca07c7912c48e28df31a3

SHA512
6b8e7ab213208793e44bb1bfaed31307351eef501d279e9de289c8d2b43374ecf2feb2b6e366e6f554e84d299880548a7d12b6002d8bb201109b50763b747c48

Download Submit
C:\Windows\System\wnyHGwx.exe

Filesize
2.1MB

MD5
a48a4732c85dfe6ca2b9d6a6d2d6d9c4

SHA1
b7af1152e1c5ad707dc5e69cac2ffa9b61a6be5a

SHA256
765ed9fc911a4b79b16b24a73a2271767d696ed949f07c37aa60f3708d1d8a51

SHA512
87e04c431cc55f153daf1808519646486dffe316ed158025f56c343bbe4dc0eb9c26a024add7b8dd6489394134c184b8e86ebd705213d268127125ee0fc8a301

Download Submit
C:\Windows\System\yHusVdF.exe

Filesize
2.1MB

MD5
0524edb5a5a9fcfdb73f4927a5f29ecb

SHA1
11c13791cabe85d29cab8c956dbc22579adc298f

SHA256
12aaa924269d22aee0f56bdfacc4af4af62a4c2c8e07a570fb2f5de3958f5454

SHA512
9cff52d5978f78c3090b839c6e249896efc2409d89d8a331a3b343178c297ebca435d43ba8c0d72704708cfd6959b45ee35f5f4d2bace5bdf6cb5dd0389ad67a

Download Submit
C:\Windows\System\yMTmxjd.exe

Filesize
2.1MB

MD5
514cb62be3c93638bc111721f7ae9713

SHA1
21c68822599c2a62d6a6884f340f4610b3b38d13

SHA256
0ebc460c891d53e967098360cb4b61b2d7fd54fa4ac830e662e19247fe5561db

SHA512
bbd65171f320e09b9282c27ba871153857cf856ec1054c55cfa35be7dc8dc8d298ee0ebdc09794defc44bcd7201a7692228c6862a8adc4fbde7c70dae1a51d71

Download Submit
memory/880-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download