kpot | a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
Size

2.1MB
MD5

d6335d4a1d6a2a8b89178f52b126c570
SHA1

eaf5b8ccfd9a9b466da959bce0c3abd346abfbb1
SHA256

a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38
SHA512

08e377180880e53ea84305cdc86512df815fbccc0c6285c1f6a25301427ddd8178d9cc9f0ae334ddd4ebe953c56270661d26f3cc226c028292dfbe4b1b165eb4
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rf:GemTLkNdfE0pZaQD

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 35 IoCs

resource	yara_rule
behavioral2/files/0x00090000000235f6-4.dat	family_kpot
behavioral2/files/0x00070000000235fd-6.dat	family_kpot
behavioral2/files/0x00080000000235f9-8.dat	family_kpot
behavioral2/files/0x0007000000023600-29.dat	family_kpot
behavioral2/files/0x0007000000023601-32.dat	family_kpot
behavioral2/files/0x0007000000023605-55.dat	family_kpot
behavioral2/files/0x0007000000023604-53.dat	family_kpot
behavioral2/files/0x0007000000023603-51.dat	family_kpot
behavioral2/files/0x0007000000023602-49.dat	family_kpot
behavioral2/files/0x00070000000235ff-26.dat	family_kpot
behavioral2/files/0x00070000000235fe-23.dat	family_kpot
behavioral2/files/0x0007000000023606-61.dat	family_kpot
behavioral2/files/0x00080000000235fa-65.dat	family_kpot
behavioral2/files/0x0007000000023609-83.dat	family_kpot
behavioral2/files/0x000700000002360a-95.dat	family_kpot
behavioral2/files/0x000700000002360d-91.dat	family_kpot
behavioral2/files/0x000700000002360c-89.dat	family_kpot
behavioral2/files/0x0007000000023608-87.dat	family_kpot
behavioral2/files/0x000700000002360b-80.dat	family_kpot
behavioral2/files/0x0007000000023607-71.dat	family_kpot
behavioral2/files/0x0007000000023616-141.dat	family_kpot
behavioral2/files/0x000700000002361a-149.dat	family_kpot
behavioral2/files/0x0007000000023618-171.dat	family_kpot
behavioral2/files/0x000700000002361d-169.dat	family_kpot
behavioral2/files/0x000700000002361c-168.dat	family_kpot
behavioral2/files/0x000700000002361b-159.dat	family_kpot
behavioral2/files/0x0007000000023619-148.dat	family_kpot
behavioral2/files/0x0007000000023617-146.dat	family_kpot
behavioral2/files/0x0007000000023614-152.dat	family_kpot
behavioral2/files/0x0007000000023613-123.dat	family_kpot
behavioral2/files/0x0007000000023612-122.dat	family_kpot
behavioral2/files/0x0007000000023611-121.dat	family_kpot
behavioral2/files/0x0007000000023610-120.dat	family_kpot
behavioral2/files/0x000700000002360f-118.dat	family_kpot
behavioral2/files/0x000700000002360e-113.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 35 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000235f6-4.dat	xmrig
behavioral2/files/0x00070000000235fd-6.dat	xmrig
behavioral2/files/0x00080000000235f9-8.dat	xmrig
behavioral2/files/0x0007000000023600-29.dat	xmrig
behavioral2/files/0x0007000000023601-32.dat	xmrig
behavioral2/files/0x0007000000023605-55.dat	xmrig
behavioral2/files/0x0007000000023604-53.dat	xmrig
behavioral2/files/0x0007000000023603-51.dat	xmrig
behavioral2/files/0x0007000000023602-49.dat	xmrig
behavioral2/files/0x00070000000235ff-26.dat	xmrig
behavioral2/files/0x00070000000235fe-23.dat	xmrig
behavioral2/files/0x0007000000023606-61.dat	xmrig
behavioral2/files/0x00080000000235fa-65.dat	xmrig
behavioral2/files/0x0007000000023609-83.dat	xmrig
behavioral2/files/0x000700000002360a-95.dat	xmrig
behavioral2/files/0x000700000002360d-91.dat	xmrig
behavioral2/files/0x000700000002360c-89.dat	xmrig
behavioral2/files/0x0007000000023608-87.dat	xmrig
behavioral2/files/0x000700000002360b-80.dat	xmrig
behavioral2/files/0x0007000000023607-71.dat	xmrig
behavioral2/files/0x0007000000023616-141.dat	xmrig
behavioral2/files/0x000700000002361a-149.dat	xmrig
behavioral2/files/0x0007000000023618-171.dat	xmrig
behavioral2/files/0x000700000002361d-169.dat	xmrig
behavioral2/files/0x000700000002361c-168.dat	xmrig
behavioral2/files/0x000700000002361b-159.dat	xmrig
behavioral2/files/0x0007000000023619-148.dat	xmrig
behavioral2/files/0x0007000000023617-146.dat	xmrig
behavioral2/files/0x0007000000023614-152.dat	xmrig
behavioral2/files/0x0007000000023613-123.dat	xmrig
behavioral2/files/0x0007000000023612-122.dat	xmrig
behavioral2/files/0x0007000000023611-121.dat	xmrig
behavioral2/files/0x0007000000023610-120.dat	xmrig
behavioral2/files/0x000700000002360f-118.dat	xmrig
behavioral2/files/0x000700000002360e-113.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3640	NfJFzDD.exe
2312	kkhIfBU.exe
2792	DQCjsjw.exe
1788	hOyZuJK.exe
1280	ZbIehNa.exe
944	OrwiLJo.exe
540	BUpCBtL.exe
3904	rGTGXMd.exe
2356	jxdBsLr.exe
4032	QQFSJew.exe
3000	QdBNisJ.exe
2016	gUwwcdr.exe
60	KsxMUJW.exe
1472	rgWFvLU.exe
1480	GZLSbas.exe
4644	TrQhqQw.exe
3956	lsKVfai.exe
1304	vDavDqB.exe
3040	gHfDCFN.exe
4952	OuJZfXY.exe
4632	TwkTbYp.exe
2516	KgvnNwC.exe
1068	zJVnhrq.exe
4724	TmNftfL.exe
3868	ObbExIH.exe
4896	JZRZxkP.exe
4608	zbafBgV.exe
1056	oVEBuSg.exe
3068	xBTmYNj.exe
2188	JgSroYv.exe
2608	xuSvzbn.exe
3740	XaMzunD.exe
3520	llGRexp.exe
1468	mAoggxj.exe
548	DtBqTOP.exe
336	KahRFrO.exe
4964	MSPCPpV.exe
4888	hhnARlg.exe
1040	ZkhantI.exe
3024	KKoraXn.exe
4212	BaLJtdC.exe
3780	swxKlsr.exe
1140	uynzYpv.exe
3664	zyANlNo.exe
3856	EBHqwVz.exe
2364	SgRLAYM.exe
3256	WBkCDEu.exe
228	blwpmHp.exe
4508	eqADvGb.exe
2384	qEdSmcF.exe
4820	eKNOggO.exe
4036	wXVXfef.exe
232	kOLVauC.exe
4812	URpHkzQ.exe
2400	mWAIKjn.exe
3028	mFsKtoM.exe
4596	EvhoXkE.exe
4344	Jyvviiv.exe
2192	BaHRPaL.exe
1216	HtxznPF.exe
1984	GZUeCMR.exe
2760	tBNOYTb.exe
3812	ZgEllhQ.exe
2580	haRSkCV.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WocqDDK.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\hOyZuJK.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\MSPCPpV.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\bvVjuyP.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\nqapqAc.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\RPBieLw.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\RyJIQIp.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\joEeZHL.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\EvhoXkE.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\TxsCSAW.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\muYbaOu.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\AnfdJzv.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\HBSFkrf.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\ozaUHHw.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\pudAKlZ.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\TwkTbYp.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\VCPuJkJ.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\DrnVlfh.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\PCyrRoE.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\PTqEHkm.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\ZgEllhQ.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\cvmfBvs.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\Jhwfjou.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\Rwrxrnc.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\EnJiGQf.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\KahRFrO.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\bNyPCKN.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\igpfvoZ.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\lVsByxj.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\ghYRbke.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\KWggkjz.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\YuVdDIN.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\kyNFNoo.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\oOlSiNo.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\uouKhfP.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\bSGgVXl.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\EBHqwVz.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\XKpGTyU.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\QGlaRxb.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\QsZcggY.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\PGkKTGs.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\rLsbzab.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\eqADvGb.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\mWAIKjn.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\xJGdBXP.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\eJdSdbX.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\ZqIouIP.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\aiEbFCu.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\NgMyRxP.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\hMnMRqs.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\xvmplOx.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\TWTCPnA.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\kLwVALV.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\SnUJElO.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\acxMVSJ.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\WOQuSVr.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\KKoraXn.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\bDplFIe.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\LRthkxG.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\TMBCGSU.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\hLOjfDp.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\Lclrxjv.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\UbsdkrD.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
File created	C:\Windows\System\ZkhantI.exe	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 3640	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	89
PID 1268 wrote to memory of 3640	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	89
PID 1268 wrote to memory of 2312	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	90
PID 1268 wrote to memory of 2312	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	90
PID 1268 wrote to memory of 2792	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	91
PID 1268 wrote to memory of 2792	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	91
PID 1268 wrote to memory of 1788	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	92
PID 1268 wrote to memory of 1788	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	92
PID 1268 wrote to memory of 1280	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	93
PID 1268 wrote to memory of 1280	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	93
PID 1268 wrote to memory of 944	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	94
PID 1268 wrote to memory of 944	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	94
PID 1268 wrote to memory of 540	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	95
PID 1268 wrote to memory of 540	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	95
PID 1268 wrote to memory of 3904	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	96
PID 1268 wrote to memory of 3904	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	96
PID 1268 wrote to memory of 2356	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	97
PID 1268 wrote to memory of 2356	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	97
PID 1268 wrote to memory of 4032	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	98
PID 1268 wrote to memory of 4032	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	98
PID 1268 wrote to memory of 3000	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	99
PID 1268 wrote to memory of 3000	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	99
PID 1268 wrote to memory of 2016	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	100
PID 1268 wrote to memory of 2016	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	100
PID 1268 wrote to memory of 60	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	101
PID 1268 wrote to memory of 60	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	101
PID 1268 wrote to memory of 1472	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	102
PID 1268 wrote to memory of 1472	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	102
PID 1268 wrote to memory of 1480	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	103
PID 1268 wrote to memory of 1480	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	103
PID 1268 wrote to memory of 3956	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	104
PID 1268 wrote to memory of 3956	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	104
PID 1268 wrote to memory of 1304	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	105
PID 1268 wrote to memory of 1304	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	105
PID 1268 wrote to memory of 4644	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	106
PID 1268 wrote to memory of 4644	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	106
PID 1268 wrote to memory of 3040	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	107
PID 1268 wrote to memory of 3040	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	107
PID 1268 wrote to memory of 4952	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	108
PID 1268 wrote to memory of 4952	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	108
PID 1268 wrote to memory of 4632	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	109
PID 1268 wrote to memory of 4632	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	109
PID 1268 wrote to memory of 2516	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	110
PID 1268 wrote to memory of 2516	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	110
PID 1268 wrote to memory of 1068	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	111
PID 1268 wrote to memory of 1068	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	111
PID 1268 wrote to memory of 4724	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	112
PID 1268 wrote to memory of 4724	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	112
PID 1268 wrote to memory of 3868	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	113
PID 1268 wrote to memory of 3868	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	113
PID 1268 wrote to memory of 4896	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	114
PID 1268 wrote to memory of 4896	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	114
PID 1268 wrote to memory of 4608	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	115
PID 1268 wrote to memory of 4608	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	115
PID 1268 wrote to memory of 1056	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	116
PID 1268 wrote to memory of 1056	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	116
PID 1268 wrote to memory of 3068	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	117
PID 1268 wrote to memory of 3068	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	117
PID 1268 wrote to memory of 2188	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	118
PID 1268 wrote to memory of 2188	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	118
PID 1268 wrote to memory of 2608	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	119
PID 1268 wrote to memory of 2608	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	119
PID 1268 wrote to memory of 3740	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	120
PID 1268 wrote to memory of 3740	1268	a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe	120

C:\Users\Admin\AppData\Local\Temp\a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a274b35bdca0f5c40d4c3e1a559343fd03bc3803e611186424588cc770901c38_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\System\NfJFzDD.exe
  C:\Windows\System\NfJFzDD.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\kkhIfBU.exe
  C:\Windows\System\kkhIfBU.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\DQCjsjw.exe
  C:\Windows\System\DQCjsjw.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\hOyZuJK.exe
  C:\Windows\System\hOyZuJK.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ZbIehNa.exe
  C:\Windows\System\ZbIehNa.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\OrwiLJo.exe
  C:\Windows\System\OrwiLJo.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\BUpCBtL.exe
  C:\Windows\System\BUpCBtL.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\rGTGXMd.exe
  C:\Windows\System\rGTGXMd.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\jxdBsLr.exe
  C:\Windows\System\jxdBsLr.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\QQFSJew.exe
  C:\Windows\System\QQFSJew.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\QdBNisJ.exe
  C:\Windows\System\QdBNisJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\gUwwcdr.exe
  C:\Windows\System\gUwwcdr.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\KsxMUJW.exe
  C:\Windows\System\KsxMUJW.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\rgWFvLU.exe
  C:\Windows\System\rgWFvLU.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\GZLSbas.exe
  C:\Windows\System\GZLSbas.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\lsKVfai.exe
  C:\Windows\System\lsKVfai.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\vDavDqB.exe
  C:\Windows\System\vDavDqB.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\TrQhqQw.exe
  C:\Windows\System\TrQhqQw.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\gHfDCFN.exe
  C:\Windows\System\gHfDCFN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\OuJZfXY.exe
  C:\Windows\System\OuJZfXY.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\TwkTbYp.exe
  C:\Windows\System\TwkTbYp.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\KgvnNwC.exe
  C:\Windows\System\KgvnNwC.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\zJVnhrq.exe
  C:\Windows\System\zJVnhrq.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\TmNftfL.exe
  C:\Windows\System\TmNftfL.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\ObbExIH.exe
  C:\Windows\System\ObbExIH.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\JZRZxkP.exe
  C:\Windows\System\JZRZxkP.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\zbafBgV.exe
  C:\Windows\System\zbafBgV.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\oVEBuSg.exe
  C:\Windows\System\oVEBuSg.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\xBTmYNj.exe
  C:\Windows\System\xBTmYNj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\JgSroYv.exe
  C:\Windows\System\JgSroYv.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\xuSvzbn.exe
  C:\Windows\System\xuSvzbn.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\XaMzunD.exe
  C:\Windows\System\XaMzunD.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\llGRexp.exe
  C:\Windows\System\llGRexp.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\mAoggxj.exe
  C:\Windows\System\mAoggxj.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\DtBqTOP.exe
  C:\Windows\System\DtBqTOP.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\KahRFrO.exe
  C:\Windows\System\KahRFrO.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\MSPCPpV.exe
  C:\Windows\System\MSPCPpV.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\hhnARlg.exe
  C:\Windows\System\hhnARlg.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\ZkhantI.exe
  C:\Windows\System\ZkhantI.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\KKoraXn.exe
  C:\Windows\System\KKoraXn.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\BaLJtdC.exe
  C:\Windows\System\BaLJtdC.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\swxKlsr.exe
  C:\Windows\System\swxKlsr.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\uynzYpv.exe
  C:\Windows\System\uynzYpv.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\eKNOggO.exe
  C:\Windows\System\eKNOggO.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\zyANlNo.exe
  C:\Windows\System\zyANlNo.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\EBHqwVz.exe
  C:\Windows\System\EBHqwVz.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\SgRLAYM.exe
  C:\Windows\System\SgRLAYM.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\WBkCDEu.exe
  C:\Windows\System\WBkCDEu.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\blwpmHp.exe
  C:\Windows\System\blwpmHp.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\eqADvGb.exe
  C:\Windows\System\eqADvGb.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\qEdSmcF.exe
  C:\Windows\System\qEdSmcF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\wXVXfef.exe
  C:\Windows\System\wXVXfef.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\kOLVauC.exe
  C:\Windows\System\kOLVauC.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\URpHkzQ.exe
  C:\Windows\System\URpHkzQ.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\mWAIKjn.exe
  C:\Windows\System\mWAIKjn.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\mFsKtoM.exe
  C:\Windows\System\mFsKtoM.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\EvhoXkE.exe
  C:\Windows\System\EvhoXkE.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\Jyvviiv.exe
  C:\Windows\System\Jyvviiv.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\BaHRPaL.exe
  C:\Windows\System\BaHRPaL.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\HtxznPF.exe
  C:\Windows\System\HtxznPF.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\GZUeCMR.exe
  C:\Windows\System\GZUeCMR.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\tBNOYTb.exe
  C:\Windows\System\tBNOYTb.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ZgEllhQ.exe
  C:\Windows\System\ZgEllhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\haRSkCV.exe
  C:\Windows\System\haRSkCV.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\zgpdzab.exe
  C:\Windows\System\zgpdzab.exe
  2⤵
  PID:2272
- C:\Windows\System\VIfGWsj.exe
  C:\Windows\System\VIfGWsj.exe
  2⤵
  PID:716
- C:\Windows\System\VNhbLQY.exe
  C:\Windows\System\VNhbLQY.exe
  2⤵
  PID:2948
- C:\Windows\System\koVQFij.exe
  C:\Windows\System\koVQFij.exe
  2⤵
  PID:808
- C:\Windows\System\cvmfBvs.exe
  C:\Windows\System\cvmfBvs.exe
  2⤵
  PID:556
- C:\Windows\System\hLualge.exe
  C:\Windows\System\hLualge.exe
  2⤵
  PID:3416
- C:\Windows\System\ewZndEk.exe
  C:\Windows\System\ewZndEk.exe
  2⤵
  PID:5156
- C:\Windows\System\AQwNNRj.exe
  C:\Windows\System\AQwNNRj.exe
  2⤵
  PID:5188
- C:\Windows\System\RWyCsLP.exe
  C:\Windows\System\RWyCsLP.exe
  2⤵
  PID:5204
- C:\Windows\System\usyVUAB.exe
  C:\Windows\System\usyVUAB.exe
  2⤵
  PID:5228
- C:\Windows\System\sSZaaDM.exe
  C:\Windows\System\sSZaaDM.exe
  2⤵
  PID:5268
- C:\Windows\System\gLBPUWo.exe
  C:\Windows\System\gLBPUWo.exe
  2⤵
  PID:5288
- C:\Windows\System\CLQwQIP.exe
  C:\Windows\System\CLQwQIP.exe
  2⤵
  PID:5324
- C:\Windows\System\QsZcggY.exe
  C:\Windows\System\QsZcggY.exe
  2⤵
  PID:5360
- C:\Windows\System\xJGdBXP.exe
  C:\Windows\System\xJGdBXP.exe
  2⤵
  PID:5384
- C:\Windows\System\VCPuJkJ.exe
  C:\Windows\System\VCPuJkJ.exe
  2⤵
  PID:5420
- C:\Windows\System\bXfUKen.exe
  C:\Windows\System\bXfUKen.exe
  2⤵
  PID:5468
- C:\Windows\System\jbzSUlR.exe
  C:\Windows\System\jbzSUlR.exe
  2⤵
  PID:5488
- C:\Windows\System\jDtMmgZ.exe
  C:\Windows\System\jDtMmgZ.exe
  2⤵
  PID:5516
- C:\Windows\System\dIjPWDE.exe
  C:\Windows\System\dIjPWDE.exe
  2⤵
  PID:5548
- C:\Windows\System\gAXGQvl.exe
  C:\Windows\System\gAXGQvl.exe
  2⤵
  PID:5584
- C:\Windows\System\SqCwZTV.exe
  C:\Windows\System\SqCwZTV.exe
  2⤵
  PID:5600
- C:\Windows\System\zJQtxYW.exe
  C:\Windows\System\zJQtxYW.exe
  2⤵
  PID:5616
- C:\Windows\System\ucUwuYz.exe
  C:\Windows\System\ucUwuYz.exe
  2⤵
  PID:5632
- C:\Windows\System\nYveROR.exe
  C:\Windows\System\nYveROR.exe
  2⤵
  PID:5648
- C:\Windows\System\JTVJkqn.exe
  C:\Windows\System\JTVJkqn.exe
  2⤵
  PID:5664
- C:\Windows\System\CCdDVIL.exe
  C:\Windows\System\CCdDVIL.exe
  2⤵
  PID:5680
- C:\Windows\System\DnAGeJY.exe
  C:\Windows\System\DnAGeJY.exe
  2⤵
  PID:5704
- C:\Windows\System\rcUKwna.exe
  C:\Windows\System\rcUKwna.exe
  2⤵
  PID:5736
- C:\Windows\System\VrDTckO.exe
  C:\Windows\System\VrDTckO.exe
  2⤵
  PID:5768
- C:\Windows\System\aIvmEyn.exe
  C:\Windows\System\aIvmEyn.exe
  2⤵
  PID:5808
- C:\Windows\System\EoaCyLv.exe
  C:\Windows\System\EoaCyLv.exe
  2⤵
  PID:5840
- C:\Windows\System\ypbZNQC.exe
  C:\Windows\System\ypbZNQC.exe
  2⤵
  PID:5888
- C:\Windows\System\iATaPoo.exe
  C:\Windows\System\iATaPoo.exe
  2⤵
  PID:5924
- C:\Windows\System\EyNSBYx.exe
  C:\Windows\System\EyNSBYx.exe
  2⤵
  PID:5960
- C:\Windows\System\HroHfhw.exe
  C:\Windows\System\HroHfhw.exe
  2⤵
  PID:5996
- C:\Windows\System\wLppchs.exe
  C:\Windows\System\wLppchs.exe
  2⤵
  PID:6020
- C:\Windows\System\tLCLuDb.exe
  C:\Windows\System\tLCLuDb.exe
  2⤵
  PID:6060
- C:\Windows\System\elwrkqA.exe
  C:\Windows\System\elwrkqA.exe
  2⤵
  PID:6076
- C:\Windows\System\ZnreIlz.exe
  C:\Windows\System\ZnreIlz.exe
  2⤵
  PID:6116
- C:\Windows\System\bNyPCKN.exe
  C:\Windows\System\bNyPCKN.exe
  2⤵
  PID:6132
- C:\Windows\System\CCSTSEI.exe
  C:\Windows\System\CCSTSEI.exe
  2⤵
  PID:4904
- C:\Windows\System\aBnSiPy.exe
  C:\Windows\System\aBnSiPy.exe
  2⤵
  PID:1600
- C:\Windows\System\eJdSdbX.exe
  C:\Windows\System\eJdSdbX.exe
  2⤵
  PID:1880
- C:\Windows\System\NgMyRxP.exe
  C:\Windows\System\NgMyRxP.exe
  2⤵
  PID:4116
- C:\Windows\System\ZVIqmcr.exe
  C:\Windows\System\ZVIqmcr.exe
  2⤵
  PID:3964
- C:\Windows\System\XSBRFxo.exe
  C:\Windows\System\XSBRFxo.exe
  2⤵
  PID:3884
- C:\Windows\System\TxsCSAW.exe
  C:\Windows\System\TxsCSAW.exe
  2⤵
  PID:2664
- C:\Windows\System\qXJpojk.exe
  C:\Windows\System\qXJpojk.exe
  2⤵
  PID:4944
- C:\Windows\System\IOVEJBT.exe
  C:\Windows\System\IOVEJBT.exe
  2⤵
  PID:3460
- C:\Windows\System\Lclrxjv.exe
  C:\Windows\System\Lclrxjv.exe
  2⤵
  PID:3648
- C:\Windows\System\hMnMRqs.exe
  C:\Windows\System\hMnMRqs.exe
  2⤵
  PID:324
- C:\Windows\System\tbhiukO.exe
  C:\Windows\System\tbhiukO.exe
  2⤵
  PID:5224
- C:\Windows\System\zVJGOBl.exe
  C:\Windows\System\zVJGOBl.exe
  2⤵
  PID:5280
- C:\Windows\System\muYbaOu.exe
  C:\Windows\System\muYbaOu.exe
  2⤵
  PID:5372
- C:\Windows\System\QLRgCpG.exe
  C:\Windows\System\QLRgCpG.exe
  2⤵
  PID:5476
- C:\Windows\System\dZDzDbW.exe
  C:\Windows\System\dZDzDbW.exe
  2⤵
  PID:5528
- C:\Windows\System\iOnArjT.exe
  C:\Windows\System\iOnArjT.exe
  2⤵
  PID:5596
- C:\Windows\System\pKYAtNy.exe
  C:\Windows\System\pKYAtNy.exe
  2⤵
  PID:5724
- C:\Windows\System\iYLhEMB.exe
  C:\Windows\System\iYLhEMB.exe
  2⤵
  PID:5760
- C:\Windows\System\PwWiJTL.exe
  C:\Windows\System\PwWiJTL.exe
  2⤵
  PID:5864
- C:\Windows\System\JNUTtYZ.exe
  C:\Windows\System\JNUTtYZ.exe
  2⤵
  PID:5948
- C:\Windows\System\vZhHgqu.exe
  C:\Windows\System\vZhHgqu.exe
  2⤵
  PID:6012
- C:\Windows\System\YyCjtpd.exe
  C:\Windows\System\YyCjtpd.exe
  2⤵
  PID:6032
- C:\Windows\System\FadwxBO.exe
  C:\Windows\System\FadwxBO.exe
  2⤵
  PID:6140
- C:\Windows\System\AnfdJzv.exe
  C:\Windows\System\AnfdJzv.exe
  2⤵
  PID:1612
- C:\Windows\System\BqCfFuQ.exe
  C:\Windows\System\BqCfFuQ.exe
  2⤵
  PID:1332
- C:\Windows\System\XLYSSrW.exe
  C:\Windows\System\XLYSSrW.exe
  2⤵
  PID:4612
- C:\Windows\System\sqAMtRw.exe
  C:\Windows\System\sqAMtRw.exe
  2⤵
  PID:3596
- C:\Windows\System\zUJAoCa.exe
  C:\Windows\System\zUJAoCa.exe
  2⤵
  PID:5180
- C:\Windows\System\XKpGTyU.exe
  C:\Windows\System\XKpGTyU.exe
  2⤵
  PID:5456
- C:\Windows\System\igpfvoZ.exe
  C:\Windows\System\igpfvoZ.exe
  2⤵
  PID:5676
- C:\Windows\System\PhAIydV.exe
  C:\Windows\System\PhAIydV.exe
  2⤵
  PID:5832
- C:\Windows\System\UUacvDy.exe
  C:\Windows\System\UUacvDy.exe
  2⤵
  PID:5972
- C:\Windows\System\hSEnCEU.exe
  C:\Windows\System\hSEnCEU.exe
  2⤵
  PID:3788
- C:\Windows\System\YHMQrKN.exe
  C:\Windows\System\YHMQrKN.exe
  2⤵
  PID:2068
- C:\Windows\System\DYZxwYd.exe
  C:\Windows\System\DYZxwYd.exe
  2⤵
  PID:5276
- C:\Windows\System\lVsByxj.exe
  C:\Windows\System\lVsByxj.exe
  2⤵
  PID:5568
- C:\Windows\System\TaqKtQA.exe
  C:\Windows\System\TaqKtQA.exe
  2⤵
  PID:5788
- C:\Windows\System\vpvcKkM.exe
  C:\Windows\System\vpvcKkM.exe
  2⤵
  PID:2160
- C:\Windows\System\bvVjuyP.exe
  C:\Windows\System\bvVjuyP.exe
  2⤵
  PID:6124
- C:\Windows\System\sjhLmQD.exe
  C:\Windows\System\sjhLmQD.exe
  2⤵
  PID:6156
- C:\Windows\System\DrnVlfh.exe
  C:\Windows\System\DrnVlfh.exe
  2⤵
  PID:6172
- C:\Windows\System\AYBLADH.exe
  C:\Windows\System\AYBLADH.exe
  2⤵
  PID:6212
- C:\Windows\System\ajNJOol.exe
  C:\Windows\System\ajNJOol.exe
  2⤵
  PID:6252
- C:\Windows\System\ypLiTqL.exe
  C:\Windows\System\ypLiTqL.exe
  2⤵
  PID:6292
- C:\Windows\System\nqapqAc.exe
  C:\Windows\System\nqapqAc.exe
  2⤵
  PID:6308
- C:\Windows\System\TVWCPJX.exe
  C:\Windows\System\TVWCPJX.exe
  2⤵
  PID:6340
- C:\Windows\System\nyzDqCi.exe
  C:\Windows\System\nyzDqCi.exe
  2⤵
  PID:6364
- C:\Windows\System\LUEcfNX.exe
  C:\Windows\System\LUEcfNX.exe
  2⤵
  PID:6392
- C:\Windows\System\DQmcFxa.exe
  C:\Windows\System\DQmcFxa.exe
  2⤵
  PID:6420
- C:\Windows\System\KWggkjz.exe
  C:\Windows\System\KWggkjz.exe
  2⤵
  PID:6452
- C:\Windows\System\SbGCTTm.exe
  C:\Windows\System\SbGCTTm.exe
  2⤵
  PID:6476
- C:\Windows\System\RPBieLw.exe
  C:\Windows\System\RPBieLw.exe
  2⤵
  PID:6508
- C:\Windows\System\afMnyvy.exe
  C:\Windows\System\afMnyvy.exe
  2⤵
  PID:6540
- C:\Windows\System\YqaBJRA.exe
  C:\Windows\System\YqaBJRA.exe
  2⤵
  PID:6568
- C:\Windows\System\ixAHOiC.exe
  C:\Windows\System\ixAHOiC.exe
  2⤵
  PID:6596
- C:\Windows\System\bDplFIe.exe
  C:\Windows\System\bDplFIe.exe
  2⤵
  PID:6628
- C:\Windows\System\PGkKTGs.exe
  C:\Windows\System\PGkKTGs.exe
  2⤵
  PID:6652
- C:\Windows\System\UZYMHhR.exe
  C:\Windows\System\UZYMHhR.exe
  2⤵
  PID:6680
- C:\Windows\System\FASIyWI.exe
  C:\Windows\System\FASIyWI.exe
  2⤵
  PID:6696
- C:\Windows\System\RyJIQIp.exe
  C:\Windows\System\RyJIQIp.exe
  2⤵
  PID:6712
- C:\Windows\System\jQaLjuz.exe
  C:\Windows\System\jQaLjuz.exe
  2⤵
  PID:6728
- C:\Windows\System\mXVdGYH.exe
  C:\Windows\System\mXVdGYH.exe
  2⤵
  PID:6744
- C:\Windows\System\doXblGb.exe
  C:\Windows\System\doXblGb.exe
  2⤵
  PID:6764
- C:\Windows\System\hiJlfpO.exe
  C:\Windows\System\hiJlfpO.exe
  2⤵
  PID:6804
- C:\Windows\System\heJlDjm.exe
  C:\Windows\System\heJlDjm.exe
  2⤵
  PID:6848
- C:\Windows\System\qhVgMRS.exe
  C:\Windows\System\qhVgMRS.exe
  2⤵
  PID:6884
- C:\Windows\System\FJjTlOj.exe
  C:\Windows\System\FJjTlOj.exe
  2⤵
  PID:6920
- C:\Windows\System\myKBZvV.exe
  C:\Windows\System\myKBZvV.exe
  2⤵
  PID:6960
- C:\Windows\System\LRthkxG.exe
  C:\Windows\System\LRthkxG.exe
  2⤵
  PID:6976
- C:\Windows\System\ZtTddWS.exe
  C:\Windows\System\ZtTddWS.exe
  2⤵
  PID:6992
- C:\Windows\System\kyPLXih.exe
  C:\Windows\System\kyPLXih.exe
  2⤵
  PID:7016
- C:\Windows\System\AGcyagn.exe
  C:\Windows\System\AGcyagn.exe
  2⤵
  PID:7056
- C:\Windows\System\rDjcIri.exe
  C:\Windows\System\rDjcIri.exe
  2⤵
  PID:7092
- C:\Windows\System\RHiDtNg.exe
  C:\Windows\System\RHiDtNg.exe
  2⤵
  PID:7120
- C:\Windows\System\sXWbVbr.exe
  C:\Windows\System\sXWbVbr.exe
  2⤵
  PID:7140
- C:\Windows\System\JTWoTUA.exe
  C:\Windows\System\JTWoTUA.exe
  2⤵
  PID:6152
- C:\Windows\System\OwRQBIQ.exe
  C:\Windows\System\OwRQBIQ.exe
  2⤵
  PID:6248
- C:\Windows\System\fjUSSwd.exe
  C:\Windows\System\fjUSSwd.exe
  2⤵
  PID:6272
- C:\Windows\System\KEaFNpK.exe
  C:\Windows\System\KEaFNpK.exe
  2⤵
  PID:6304
- C:\Windows\System\dgZaIcQ.exe
  C:\Windows\System\dgZaIcQ.exe
  2⤵
  PID:6356
- C:\Windows\System\TCNPrFV.exe
  C:\Windows\System\TCNPrFV.exe
  2⤵
  PID:6440
- C:\Windows\System\gjeQibf.exe
  C:\Windows\System\gjeQibf.exe
  2⤵
  PID:6556
- C:\Windows\System\VOKmkrd.exe
  C:\Windows\System\VOKmkrd.exe
  2⤵
  PID:6616
- C:\Windows\System\Jhwfjou.exe
  C:\Windows\System\Jhwfjou.exe
  2⤵
  PID:6692
- C:\Windows\System\aGybCbm.exe
  C:\Windows\System\aGybCbm.exe
  2⤵
  PID:6740
- C:\Windows\System\YBVMytm.exe
  C:\Windows\System\YBVMytm.exe
  2⤵
  PID:6816
- C:\Windows\System\HBSFkrf.exe
  C:\Windows\System\HBSFkrf.exe
  2⤵
  PID:6864
- C:\Windows\System\squrMTj.exe
  C:\Windows\System\squrMTj.exe
  2⤵
  PID:6932
- C:\Windows\System\HpWnvpN.exe
  C:\Windows\System\HpWnvpN.exe
  2⤵
  PID:7004
- C:\Windows\System\BcsdNPE.exe
  C:\Windows\System\BcsdNPE.exe
  2⤵
  PID:7072
- C:\Windows\System\GIThkBc.exe
  C:\Windows\System\GIThkBc.exe
  2⤵
  PID:5764
- C:\Windows\System\pyFEViF.exe
  C:\Windows\System\pyFEViF.exe
  2⤵
  PID:6276
- C:\Windows\System\jVTLvsC.exe
  C:\Windows\System\jVTLvsC.exe
  2⤵
  PID:6496
- C:\Windows\System\yYTWMXA.exe
  C:\Windows\System\yYTWMXA.exe
  2⤵
  PID:6664
- C:\Windows\System\xdaZOTK.exe
  C:\Windows\System\xdaZOTK.exe
  2⤵
  PID:6836
- C:\Windows\System\NuFoJbs.exe
  C:\Windows\System\NuFoJbs.exe
  2⤵
  PID:7036
- C:\Windows\System\wZZEhes.exe
  C:\Windows\System\wZZEhes.exe
  2⤵
  PID:6236
- C:\Windows\System\fcKDreA.exe
  C:\Windows\System\fcKDreA.exe
  2⤵
  PID:6772
- C:\Windows\System\xpRCMNf.exe
  C:\Windows\System\xpRCMNf.exe
  2⤵
  PID:7128
- C:\Windows\System\RWMMWhF.exe
  C:\Windows\System\RWMMWhF.exe
  2⤵
  PID:6588
- C:\Windows\System\Rwrxrnc.exe
  C:\Windows\System\Rwrxrnc.exe
  2⤵
  PID:7188
- C:\Windows\System\WiZhHMB.exe
  C:\Windows\System\WiZhHMB.exe
  2⤵
  PID:7216
- C:\Windows\System\TgPFQEm.exe
  C:\Windows\System\TgPFQEm.exe
  2⤵
  PID:7244
- C:\Windows\System\PiypvMF.exe
  C:\Windows\System\PiypvMF.exe
  2⤵
  PID:7272
- C:\Windows\System\NtGScjW.exe
  C:\Windows\System\NtGScjW.exe
  2⤵
  PID:7304
- C:\Windows\System\eJcVOdU.exe
  C:\Windows\System\eJcVOdU.exe
  2⤵
  PID:7324
- C:\Windows\System\JpZAvRP.exe
  C:\Windows\System\JpZAvRP.exe
  2⤵
  PID:7352
- C:\Windows\System\yhrzCHk.exe
  C:\Windows\System\yhrzCHk.exe
  2⤵
  PID:7368
- C:\Windows\System\eNKQRUd.exe
  C:\Windows\System\eNKQRUd.exe
  2⤵
  PID:7404
- C:\Windows\System\VFPrfow.exe
  C:\Windows\System\VFPrfow.exe
  2⤵
  PID:7428
- C:\Windows\System\kNzZtKu.exe
  C:\Windows\System\kNzZtKu.exe
  2⤵
  PID:7464
- C:\Windows\System\XcBwFhY.exe
  C:\Windows\System\XcBwFhY.exe
  2⤵
  PID:7492
- C:\Windows\System\CwSVonq.exe
  C:\Windows\System\CwSVonq.exe
  2⤵
  PID:7520
- C:\Windows\System\YuVdDIN.exe
  C:\Windows\System\YuVdDIN.exe
  2⤵
  PID:7540
- C:\Windows\System\joEeZHL.exe
  C:\Windows\System\joEeZHL.exe
  2⤵
  PID:7576
- C:\Windows\System\RUDDFoM.exe
  C:\Windows\System\RUDDFoM.exe
  2⤵
  PID:7608
- C:\Windows\System\CHJnenv.exe
  C:\Windows\System\CHJnenv.exe
  2⤵
  PID:7632
- C:\Windows\System\kLwVALV.exe
  C:\Windows\System\kLwVALV.exe
  2⤵
  PID:7660
- C:\Windows\System\FHNXAHJ.exe
  C:\Windows\System\FHNXAHJ.exe
  2⤵
  PID:7700
- C:\Windows\System\jkhjoFl.exe
  C:\Windows\System\jkhjoFl.exe
  2⤵
  PID:7716
- C:\Windows\System\IJNWwyD.exe
  C:\Windows\System\IJNWwyD.exe
  2⤵
  PID:7748
- C:\Windows\System\kUMykMQ.exe
  C:\Windows\System\kUMykMQ.exe
  2⤵
  PID:7764
- C:\Windows\System\gAZnGMM.exe
  C:\Windows\System\gAZnGMM.exe
  2⤵
  PID:7804
- C:\Windows\System\RTdHDIF.exe
  C:\Windows\System\RTdHDIF.exe
  2⤵
  PID:7848
- C:\Windows\System\vnqZHtV.exe
  C:\Windows\System\vnqZHtV.exe
  2⤵
  PID:7872
- C:\Windows\System\BGNPDkp.exe
  C:\Windows\System\BGNPDkp.exe
  2⤵
  PID:7896
- C:\Windows\System\CRjFVtP.exe
  C:\Windows\System\CRjFVtP.exe
  2⤵
  PID:7928
- C:\Windows\System\TWTCPnA.exe
  C:\Windows\System\TWTCPnA.exe
  2⤵
  PID:7960
- C:\Windows\System\ZDdAJrL.exe
  C:\Windows\System\ZDdAJrL.exe
  2⤵
  PID:7992
- C:\Windows\System\xvmplOx.exe
  C:\Windows\System\xvmplOx.exe
  2⤵
  PID:8008
- C:\Windows\System\DNgElos.exe
  C:\Windows\System\DNgElos.exe
  2⤵
  PID:8028
- C:\Windows\System\LFEthwa.exe
  C:\Windows\System\LFEthwa.exe
  2⤵
  PID:8064
- C:\Windows\System\PCyrRoE.exe
  C:\Windows\System\PCyrRoE.exe
  2⤵
  PID:8096
- C:\Windows\System\SnUJElO.exe
  C:\Windows\System\SnUJElO.exe
  2⤵
  PID:8120
- C:\Windows\System\VWiogIN.exe
  C:\Windows\System\VWiogIN.exe
  2⤵
  PID:8160
- C:\Windows\System\uMeHwUT.exe
  C:\Windows\System\uMeHwUT.exe
  2⤵
  PID:7196
- C:\Windows\System\ghYRbke.exe
  C:\Windows\System\ghYRbke.exe
  2⤵
  PID:7236
- C:\Windows\System\xixJvHv.exe
  C:\Windows\System\xixJvHv.exe
  2⤵
  PID:7280
- C:\Windows\System\ozaUHHw.exe
  C:\Windows\System\ozaUHHw.exe
  2⤵
  PID:7320
- C:\Windows\System\eOjodlu.exe
  C:\Windows\System\eOjodlu.exe
  2⤵
  PID:7448
- C:\Windows\System\VffUhkY.exe
  C:\Windows\System\VffUhkY.exe
  2⤵
  PID:7548
- C:\Windows\System\hvmzSbV.exe
  C:\Windows\System\hvmzSbV.exe
  2⤵
  PID:7600
- C:\Windows\System\acxMVSJ.exe
  C:\Windows\System\acxMVSJ.exe
  2⤵
  PID:7640
- C:\Windows\System\aixAYHt.exe
  C:\Windows\System\aixAYHt.exe
  2⤵
  PID:7756
- C:\Windows\System\DcgCEqd.exe
  C:\Windows\System\DcgCEqd.exe
  2⤵
  PID:7800
- C:\Windows\System\TMBCGSU.exe
  C:\Windows\System\TMBCGSU.exe
  2⤵
  PID:7864
- C:\Windows\System\sUFyHMg.exe
  C:\Windows\System\sUFyHMg.exe
  2⤵
  PID:7968
- C:\Windows\System\QjhlrLi.exe
  C:\Windows\System\QjhlrLi.exe
  2⤵
  PID:8060
- C:\Windows\System\zJQypLJ.exe
  C:\Windows\System\zJQypLJ.exe
  2⤵
  PID:8156
- C:\Windows\System\ZAHGzbg.exe
  C:\Windows\System\ZAHGzbg.exe
  2⤵
  PID:7264
- C:\Windows\System\ZqIouIP.exe
  C:\Windows\System\ZqIouIP.exe
  2⤵
  PID:7512
- C:\Windows\System\GrIpKhY.exe
  C:\Windows\System\GrIpKhY.exe
  2⤵
  PID:7712
- C:\Windows\System\uopzYBb.exe
  C:\Windows\System\uopzYBb.exe
  2⤵
  PID:7844
- C:\Windows\System\XaMfhSA.exe
  C:\Windows\System\XaMfhSA.exe
  2⤵
  PID:8004
- C:\Windows\System\KeqaqpE.exe
  C:\Windows\System\KeqaqpE.exe
  2⤵
  PID:8148
- C:\Windows\System\atKurWb.exe
  C:\Windows\System\atKurWb.exe
  2⤵
  PID:7588
- C:\Windows\System\LyIigYL.exe
  C:\Windows\System\LyIigYL.exe
  2⤵
  PID:8116
- C:\Windows\System\kyNFNoo.exe
  C:\Windows\System\kyNFNoo.exe
  2⤵
  PID:8200
- C:\Windows\System\mKZtvAO.exe
  C:\Windows\System\mKZtvAO.exe
  2⤵
  PID:8228
- C:\Windows\System\PTqEHkm.exe
  C:\Windows\System\PTqEHkm.exe
  2⤵
  PID:8260
- C:\Windows\System\dnFdhaJ.exe
  C:\Windows\System\dnFdhaJ.exe
  2⤵
  PID:8284
- C:\Windows\System\XiqBwxF.exe
  C:\Windows\System\XiqBwxF.exe
  2⤵
  PID:8324
- C:\Windows\System\RxDrboS.exe
  C:\Windows\System\RxDrboS.exe
  2⤵
  PID:8364
- C:\Windows\System\qlhefYt.exe
  C:\Windows\System\qlhefYt.exe
  2⤵
  PID:8400
- C:\Windows\System\PvYuaCG.exe
  C:\Windows\System\PvYuaCG.exe
  2⤵
  PID:8436
- C:\Windows\System\LCJjoue.exe
  C:\Windows\System\LCJjoue.exe
  2⤵
  PID:8472
- C:\Windows\System\CDGMkqD.exe
  C:\Windows\System\CDGMkqD.exe
  2⤵
  PID:8504
- C:\Windows\System\QMJKMdg.exe
  C:\Windows\System\QMJKMdg.exe
  2⤵
  PID:8536
- C:\Windows\System\hmFQqRw.exe
  C:\Windows\System\hmFQqRw.exe
  2⤵
  PID:8568
- C:\Windows\System\AaUqTvN.exe
  C:\Windows\System\AaUqTvN.exe
  2⤵
  PID:8584
- C:\Windows\System\OioQjIA.exe
  C:\Windows\System\OioQjIA.exe
  2⤵
  PID:8612
- C:\Windows\System\VCZWngj.exe
  C:\Windows\System\VCZWngj.exe
  2⤵
  PID:8628
- C:\Windows\System\JoatWGB.exe
  C:\Windows\System\JoatWGB.exe
  2⤵
  PID:8648
- C:\Windows\System\ZhOxjAO.exe
  C:\Windows\System\ZhOxjAO.exe
  2⤵
  PID:8668
- C:\Windows\System\oOlSiNo.exe
  C:\Windows\System\oOlSiNo.exe
  2⤵
  PID:8700
- C:\Windows\System\ZLFcgau.exe
  C:\Windows\System\ZLFcgau.exe
  2⤵
  PID:8728
- C:\Windows\System\WocqDDK.exe
  C:\Windows\System\WocqDDK.exe
  2⤵
  PID:8764
- C:\Windows\System\vYmAMZF.exe
  C:\Windows\System\vYmAMZF.exe
  2⤵
  PID:8804
- C:\Windows\System\FFUiAds.exe
  C:\Windows\System\FFUiAds.exe
  2⤵
  PID:8832
- C:\Windows\System\wqWqCpD.exe
  C:\Windows\System\wqWqCpD.exe
  2⤵
  PID:8860
- C:\Windows\System\CBMIkTL.exe
  C:\Windows\System\CBMIkTL.exe
  2⤵
  PID:8892
- C:\Windows\System\bjSobHP.exe
  C:\Windows\System\bjSobHP.exe
  2⤵
  PID:8916
- C:\Windows\System\ZyvpEoW.exe
  C:\Windows\System\ZyvpEoW.exe
  2⤵
  PID:8948
- C:\Windows\System\EZMqZbY.exe
  C:\Windows\System\EZMqZbY.exe
  2⤵
  PID:8992
- C:\Windows\System\avJyunT.exe
  C:\Windows\System\avJyunT.exe
  2⤵
  PID:9024
- C:\Windows\System\cQxTzrZ.exe
  C:\Windows\System\cQxTzrZ.exe
  2⤵
  PID:9056
- C:\Windows\System\hLOjfDp.exe
  C:\Windows\System\hLOjfDp.exe
  2⤵
  PID:9092
- C:\Windows\System\YgWRpUM.exe
  C:\Windows\System\YgWRpUM.exe
  2⤵
  PID:9120
- C:\Windows\System\HcyBWjR.exe
  C:\Windows\System\HcyBWjR.exe
  2⤵
  PID:9148
- C:\Windows\System\aUcCgRz.exe
  C:\Windows\System\aUcCgRz.exe
  2⤵
  PID:9180
- C:\Windows\System\XippDUu.exe
  C:\Windows\System\XippDUu.exe
  2⤵
  PID:9208
- C:\Windows\System\xpXAvrb.exe
  C:\Windows\System\xpXAvrb.exe
  2⤵
  PID:8292
- C:\Windows\System\SLgvFlk.exe
  C:\Windows\System\SLgvFlk.exe
  2⤵
  PID:8356
- C:\Windows\System\cVYXsSd.exe
  C:\Windows\System\cVYXsSd.exe
  2⤵
  PID:8388
- C:\Windows\System\RxwlEvd.exe
  C:\Windows\System\RxwlEvd.exe
  2⤵
  PID:8496
- C:\Windows\System\XYfbcdR.exe
  C:\Windows\System\XYfbcdR.exe
  2⤵
  PID:8600
- C:\Windows\System\rLsbzab.exe
  C:\Windows\System\rLsbzab.exe
  2⤵
  PID:8624
- C:\Windows\System\YVgETdj.exe
  C:\Windows\System\YVgETdj.exe
  2⤵
  PID:8676
- C:\Windows\System\WrVnCFg.exe
  C:\Windows\System\WrVnCFg.exe
  2⤵
  PID:8748
- C:\Windows\System\hOzBkRU.exe
  C:\Windows\System\hOzBkRU.exe
  2⤵
  PID:8880
- C:\Windows\System\aiEbFCu.exe
  C:\Windows\System\aiEbFCu.exe
  2⤵
  PID:8872
- C:\Windows\System\pudAKlZ.exe
  C:\Windows\System\pudAKlZ.exe
  2⤵
  PID:8956
- C:\Windows\System\WOQuSVr.exe
  C:\Windows\System\WOQuSVr.exe
  2⤵
  PID:9032
- C:\Windows\System\QGlaRxb.exe
  C:\Windows\System\QGlaRxb.exe
  2⤵
  PID:9080
- C:\Windows\System\EnJiGQf.exe
  C:\Windows\System\EnJiGQf.exe
  2⤵
  PID:9160
- C:\Windows\System\oKeZCYB.exe
  C:\Windows\System\oKeZCYB.exe
  2⤵
  PID:7980
- C:\Windows\System\OBcafme.exe
  C:\Windows\System\OBcafme.exe
  2⤵
  PID:8464
- C:\Windows\System\UbsdkrD.exe
  C:\Windows\System\UbsdkrD.exe
  2⤵
  PID:8576
- C:\Windows\System\wSOOFUl.exe
  C:\Windows\System\wSOOFUl.exe
  2⤵
  PID:8736
- C:\Windows\System\cCliQUE.exe
  C:\Windows\System\cCliQUE.exe
  2⤵
  PID:8888
- C:\Windows\System\uouKhfP.exe
  C:\Windows\System\uouKhfP.exe
  2⤵
  PID:9076
- C:\Windows\System\vOmxNSQ.exe
  C:\Windows\System\vOmxNSQ.exe
  2⤵
  PID:8220
- C:\Windows\System\ZRbPdGy.exe
  C:\Windows\System\ZRbPdGy.exe
  2⤵
  PID:8608
- C:\Windows\System\JpIkvFG.exe
  C:\Windows\System\JpIkvFG.exe
  2⤵
  PID:8908
- C:\Windows\System\WPeVwwN.exe
  C:\Windows\System\WPeVwwN.exe
  2⤵
  PID:7176
- C:\Windows\System\ufQYXgl.exe
  C:\Windows\System\ufQYXgl.exe
  2⤵
  PID:8488
- C:\Windows\System\bSGgVXl.exe
  C:\Windows\System\bSGgVXl.exe
  2⤵
  PID:9224
- C:\Windows\System\hkizvsX.exe
  C:\Windows\System\hkizvsX.exe
  2⤵
  PID:9260
- C:\Windows\System\UqLskrK.exe
  C:\Windows\System\UqLskrK.exe
  2⤵
  PID:9292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4268,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
1⤵
PID:5172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BUpCBtL.exe

Filesize
2.1MB

MD5
6833ad290b4f89493cf0d78a256f0048

SHA1
a66e6ffa3ae0b4c95feac63c0a1bafc2c649e6b5

SHA256
9827ddec4e6d8e07d33ee567717add59fd2f39c88a9e77bed61f3e232d832b59

SHA512
95e8db02a3aff5e1439838a275882931fd4b6ea966912285748821ff0a20a9619401395c0f67fbd9c5e90d1ea3f52362918f11d3a954b06c085d1af13a755699

Download Submit
C:\Windows\System\DQCjsjw.exe

Filesize
2.1MB

MD5
14c72ad867a5e5465ba3fbf5c2c1462a

SHA1
1d1f2c7c5b7956510e2237447ecf0bd5f7ecb511

SHA256
fdc1b45a60dd2284ec37a657ebb434b1d0f15250d1ff5a985b43c84eaab7b1f4

SHA512
83c5739ab9e84e12c34ea8d6c21b7ea334684ed0f0061ca6391ebe5f79805dbfb987e2bf8d4fe13a3bff6b76b24fd068e4212ccf196b67e91e2175c3ec6cf8f9

Download Submit
C:\Windows\System\DtBqTOP.exe

Filesize
2.1MB

MD5
cf79982c288a9e774bf3e217c7204185

SHA1
8bfc7cfc6dff0fceef237e7d10b0bc41e270ca2e

SHA256
2524aadcd96ffecfb57c54435cfa9c34b6abe9a1123eb96e05b86a797e55bad3

SHA512
098aacb6e2a695f64a4bf13985f9ea70e0f973f1842c6b12789b69e4f5384680d2f4357ff56527c4f00c173b2d4e721ed1642cbddf076da0b26e68bac151b1a8

Download Submit
C:\Windows\System\GZLSbas.exe

Filesize
2.1MB

MD5
558cab6601869ab2864094851b1e3d6e

SHA1
dbf39d3e6e37c2ef12c0305a42c38c874281c634

SHA256
5d5a4cff5a6690f83fbf587b3aea1139d00f0eb8d8838b773953366e336f8da8

SHA512
97461629fe476ea467757a7ee6016051c1e2a22b8247ee9feeece2ba113595c379ad112a49d2a77f9a19259984a53057da9bd1b5796b66203b125c9d2cf1c817

Download Submit
C:\Windows\System\JZRZxkP.exe

Filesize
2.1MB

MD5
23cd5cd04b94429550bad86c76a7e6ed

SHA1
875a227c937ea49af3cfd8123d1e7eda659fd80e

SHA256
22975094bfdfe45462d371b62aa39fe544d94c4e555f7819cd778068c29ec8dc

SHA512
b97f1df2211c2ec63fd134ba5942a016882ce517dbb1377bea63b90e45a6c54fe0e74c546ee20941c4d9f32bd521703b909afdfb66214f6c8126606e1cf77730

Download Submit
C:\Windows\System\JgSroYv.exe

Filesize
2.1MB

MD5
b3b17a7dffd698e775fd7bd2e5046379

SHA1
5946b7d2ca669f7564804c06138c4e8df7923413

SHA256
9bc289424ae0f0b476ee74e9f8e5eae4c3571ded5826bef9f080599e8797d665

SHA512
ab66df3d1da8f8adf15832f8c24dd1b9c287aa370a8583fc1309b4e8098b68d6446ae86e44ccd1c1fb1dc24afbc0b2ca2e44e3a39326c232c6199786119f069b

Download Submit
C:\Windows\System\KgvnNwC.exe

Filesize
2.1MB

MD5
279ed6f4b0d35cff7f832076bc9b00c0

SHA1
c7c92fc199680eba99c6b56144892ffe581072d8

SHA256
787a033261fcd2bfedf67a45e095ef3352bbe9d915ae9b424a0172670b171bff

SHA512
e9d587436e5afdef85c9df1b8f4393fb887fd86a715155fd4daac7063dce0951b26357452fcd2fcd108bea4234cc7acbbceaa980c3d6be3fdfae443d8a75c2cb

Download Submit
C:\Windows\System\KsxMUJW.exe

Filesize
2.1MB

MD5
c227979743522af4c2827ff845d9131e

SHA1
ebeb32c9c71f59ad939561c5e195d07d3bc91b53

SHA256
8d9864c41a0aaf2cf029fe393d36679942bd550646e57a079d3a86242df4ff49

SHA512
6c0387e350a613e2e25e4f964616055bf89f01dd7e1c81ee54945d9f4c64c2ae64a42e7689532f4f63544f221d18be343baca27ee88ababfe393e23d0443ae45

Download Submit
C:\Windows\System\NfJFzDD.exe

Filesize
2.1MB

MD5
12564e202b89ad0884ef7a8be08f640d

SHA1
e73e2580b81cafd4c6f4af4ba69544f0bbc731ee

SHA256
742a5f527cdc5eb4c2c71237dc2d56d34ab2faf3b4ac09e70d1f9a761af6aee7

SHA512
b2f3613f825b86324296917a19c1687717cf8afb8a68cbae4117d6cd9d1b76e372c4be783e2a380f2fe3f6e3070e6c950c67dde6843c4f02dbc1cabd332747ac

Download Submit
C:\Windows\System\ObbExIH.exe

Filesize
2.1MB

MD5
603dd43358f36500ebf1fef6b5c3ffa1

SHA1
431608cb561ef8198e5b47c44d1135102b8a548c

SHA256
f3d56ba0ec5f4b596a542b70facacf1c4045c2f352cfa94a39a4ae0c3158c8cb

SHA512
a9fe7b7c972a47f160ff4965c478e70a167a5c6c516873f8cfc8181857f21c6a64aa719feed52516eae140c2db9056d892fcef9ac0ca3c757ed02234dd10a052

Download Submit
C:\Windows\System\OrwiLJo.exe

Filesize
2.1MB

MD5
e1b861e9c8820a81451d7829a1258a22

SHA1
22e3175d4c5bf4fa2dfbedfe30ad9874f0629f60

SHA256
470d23f36595fb58ba7990ae7bd073bae627ba0f9c3de4d92feb4322592feb9e

SHA512
567a98316225a1d13c200c5ff3542f203d711860ec4d4037401d07952606d995a0b9863bb2236ed259d5af1e06d9dbd010d091018e702a5fabba835996ffbea4

Download Submit
C:\Windows\System\OuJZfXY.exe

Filesize
2.1MB

MD5
aeae79111ae69dc0ed0448bedf163977

SHA1
41285809442afb434fdf87a19d8732d33191d0aa

SHA256
9dc369807add0d55da9a4b3bdda27cba0918dbfc176a3d14f7f45ca6c0f13309

SHA512
f134e9bd697b979b50f74ad1a8751123bd61fb57d03b7379190745418ce92c461ee7f71766a7857d55253716a41fe6aa31c9aacdea4a55b456119f08da2d65be

Download Submit
C:\Windows\System\QQFSJew.exe

Filesize
2.1MB

MD5
55f588cd4e97ab351d647f0cb02a9848

SHA1
cf729dff5f998598826e68346aa8e371667b8d9a

SHA256
eb60b0c67e89ba729060e885340b7461dd96b959cc84f1e76b5ca0e0b344f032

SHA512
3df7abc8ee760b57e55fcdf737fa0b2c5592010c470ff23e4f4657ecd4465c8eaa41fbb1b24beaed36e78fb0060af59e90e3c2ae6e3d7153fba1ba4c0eec6e1c

Download Submit
C:\Windows\System\QdBNisJ.exe

Filesize
2.1MB

MD5
fa6252a5d3dae2404aea3fba2da8e193

SHA1
3f8581a2b45abbcd1dc5858e67c07b8cf80dc206

SHA256
72a53a0155488fbaf5045cddf4e9b44d598c861a194280256837fed9238153f3

SHA512
6b81ef2c5a5e210602c9b141a1d1a36afe7844043ef5f6a2c025be6ff62dc6ccfd602ce18ffd50b115c225b0a8048d27aabc6765192be909882dc2c41e8aba02

Download Submit
C:\Windows\System\TmNftfL.exe

Filesize
2.1MB

MD5
2ec33e107f7d8a53de12ee9b622ab433

SHA1
8ebd939d6abee7b0f59849850e629fa03f4c9697

SHA256
0e19d799305dac1ea49ab432c148a9927e4fbaabdeb61a54f98595fd62caec57

SHA512
45c512abb92ec4c36c923eb1e95ba049aa3e328a2fd3d418c59295aba97b5ea66906a2a9359a6428a877d16763f29bd624658600215b0089f12965dfb8b7d246

Download Submit
C:\Windows\System\TrQhqQw.exe

Filesize
2.1MB

MD5
1bbee95038f4772644b90d054d0de132

SHA1
9977dab66edfaf6805bb731c088c70a1fa97ebdc

SHA256
82bebf321d1f724432e3141f1cf20c9c5c42eb06e2e0c870c66a806b82316583

SHA512
809f3f5f9c634c59faa2867336f6b7391d21f3b264837b5b4122f8214234fe632cc8a994c64ed7d406a5f1bc4442b0698d50d0d73fd33811c345b95f6b1917d5

Download Submit
C:\Windows\System\TwkTbYp.exe

Filesize
2.1MB

MD5
5e7628f8359f950b99e91908b1ee852c

SHA1
2cf587fb8b98c089bf32374bb86cd7bfc919f74f

SHA256
3895b36b1fb2774d752d2c9dccb2d85d96411291a571fca2aa8add08644d16b9

SHA512
d2cc1bc15337b73374ab40c3f6572ea28089b696f4c3a72ff4627d14e5e71bed84f49051b1675e717716f9741a612b1f22c64e1f8b6a9c8fbfd192c0560cd102

Download Submit
C:\Windows\System\XaMzunD.exe

Filesize
2.1MB

MD5
68aaf1211f3fa9ecb28641fbd97dc813

SHA1
f40852aac003ca81be59732b796848c5faf7a7ac

SHA256
8c3411c67bfa1ca4a57fbd516891a15a070f24cb395b65cf49ba107f6807b8f0

SHA512
2b5ab11c16883d041773ce9c359395f18512031ab3ef5b60d8d99d348334de2331e2046efb5b9151520c4bfef6a5e2c2ff42f4733e96f21f392cc0cc3cc59478

Download Submit
C:\Windows\System\ZbIehNa.exe

Filesize
2.1MB

MD5
e4b66d622e992fc66a68f8870d7e1ac6

SHA1
ce02182d83ab5cba4c3c0a425f58f33ed4e21a28

SHA256
e8810f24e1c6c439a010acd6369b28850aefa9c4fec3bf269be5dca281cc0047

SHA512
027ebdcf79356af67d1125b1c06014f7df2e577313bfa0e36d9a4e8ada48fc69e0d40e40dc8807be8c834a469f99940bd8786d88a31343f92624bd51779e4868

Download Submit
C:\Windows\System\gHfDCFN.exe

Filesize
2.1MB

MD5
538ddc83d05423d78e81faee1ce1dbc4

SHA1
a7102b14a5a35ffb91b191d341a64f5c4746b963

SHA256
e50985898797f309f2afe5bbb74f10823e6234821b546cbff60fc8d41e10b45f

SHA512
2065896ee602c93ea33233fcaf9186f1ac8ff8a7b2b8103aa750c6fe89ea9b88aa48f918756292c9e690afc6497c54fd70064cf42b60b32f454a60f0bbe44607

Download Submit
C:\Windows\System\gUwwcdr.exe

Filesize
2.1MB

MD5
1070e5e3baf27b4f8a5117ef53715df8

SHA1
184cf2f945c8d50099bb826439879da39cb6e212

SHA256
4da8d65425089fc05986aece9a739918b89aa83e64ff6a53ac53796b5813eb06

SHA512
79da2619ed83b8896bddfb1916e3a6f864ed57e3156f4c9aab24b062c408005e705cadefb771cdbc625c13ee10e665d31b3f024e454ae255cc95576a4497f210

Download Submit
C:\Windows\System\hOyZuJK.exe

Filesize
2.1MB

MD5
8f139980234b0bb7650a6c4f4be7d68e

SHA1
78e0117f826f2fd22caeef61304a6a5cb48060c2

SHA256
54e07ff6820762d7ef0f1b9d926182eb2a0cb229fdb4c0e3a52cb7f1fa674039

SHA512
9e613cb770d0b891ee287f1f43800b6a4ece52a3578212139853ea6cd6bedecebefbb14d76a3248d81d3b4dcb88cbae9688283aae7b342cdca2d62961d284e63

Download Submit
C:\Windows\System\jxdBsLr.exe

Filesize
2.1MB

MD5
bd2972d633716d3ec03fd19d4e1af02a

SHA1
5b0849e4d8eff36516f9465de233314c117cbce7

SHA256
172985e5cc8914bc4a9255a4189e5d3be3b99bee9fad65982700549e6e8e57cd

SHA512
de608ca7d2f851c7aa81ff6b546da383f9d7ab4c8d8b850d22fd3af31b60e2332767dc49e7e0ebd9ad3e1deb04de99c61b8aa11d16566081050f3b70ab7e042d

Download Submit
C:\Windows\System\kkhIfBU.exe

Filesize
2.1MB

MD5
ba5c1738a9ed4b2e78dcbd4a38786dc7

SHA1
f0286fcf2d003c428da3c73ea3eddb88b69aedb5

SHA256
6456f01d2665756523bb468c38b0f98b001b5a6679e7dfc083268de880f533ba

SHA512
a33f0dac59c2522fc94159282bf4b8553365026e8a89fabee49f1d518df52b181a02041c4954a16a58a80060e4858dfe2fc9ab9e0f8e679223c9fa3bc72cc409

Download Submit
C:\Windows\System\llGRexp.exe

Filesize
2.1MB

MD5
faa69eacc4341eca56c219a1da073ea4

SHA1
e32819b8c175f0f793d43955b0062d5c63b4c75d

SHA256
205ca93e3a52f3ef40d1d2ef04777b3f51772cd4d053c7fdcf2a8c716a5fb21b

SHA512
7408b7682f516f92d44b3b2d8086a8ae02731136f08bf05cfa563b18b5a4687966e24f6aed43b48326d16126f57ef9b53ac62d2e09c0f9f87e32d7b420551850

Download Submit
C:\Windows\System\lsKVfai.exe

Filesize
2.1MB

MD5
9885a06f0f963be2913bd368059afc88

SHA1
dd7c8396898746b00e22c3c3f3c597c1d10e6fbe

SHA256
e775ab6b5b7123a3dec188795dd923fb0183e7f389e6bc951e76a0cf6c2de72c

SHA512
16381bb7298d9b767252647946e2afd0c3cbb2eb2bd7dd921b3acdbc9827a5c015ce212aa816fb3f9812cb9a71b8b2b15b9ffca30992110cd242b9042a39fd7a

Download Submit
C:\Windows\System\mAoggxj.exe

Filesize
2.1MB

MD5
ffa27bc0d9c56a762547c4b11ff1db3a

SHA1
76df7ae88e3c57ba844f0bcae7182d6b60ad2857

SHA256
c5462471eb37ecb56ec626a2fd33378412c96a4b7ec9dddcf2e0bd852528cca1

SHA512
71e829cb6aee1f0dc55f336acec6a3679962882bcc0cbee6c4766c5d3e829135e72be08404d509f27e06606286e0a917a2d33b2e5a1d8aac11ed6cdb1c5b8256

Download Submit
C:\Windows\System\oVEBuSg.exe

Filesize
2.1MB

MD5
d48fe7d7c7a3ccf3e69945d4fea62120

SHA1
db1036bd2b1ac89d0398d51cbf7ab9efac756a4d

SHA256
201e98d0d01039932e940c4070ad62ebd5e08ce53b2da3ec6f400c3490fb9089

SHA512
782ad4342cb3e9d719af613d2508e15162d13f5067646e0c1fb5494b3abfb45b9dc8466e8ab53f9efb9c9cd046c112ba46eecc72f477f2d49b72a2438ece762e

Download Submit
C:\Windows\System\rGTGXMd.exe

Filesize
2.1MB

MD5
2f4a16b6b4ca6a4cdf7f5e557cb7c4b0

SHA1
e2fbefa2593a4bb39645e8af673017a5a1f3bd64

SHA256
eca9e1f8df3537ca593c985b44a4fed5c57c1021af78efc13d4f59ce5fc7d2eb

SHA512
848efe5218c88b8f6372e4a18a7cc32904edb4347ef00a632d2da2f151f7c7f8a701659501ce3d044ea975d848e778f8288f6daddf3d60c1be3200dfb7c83a80

Download Submit
C:\Windows\System\rgWFvLU.exe

Filesize
2.1MB

MD5
0b11637dc5a175fa738f1391d2fe71c1

SHA1
8770f3d3de65a345d9b01dd435398b9f1341728f

SHA256
52f2be63021419a6cdce25865a72b8ddd267ed985a4cdd1b14fbf03edfde8db6

SHA512
fc4dd0e245a887cabac5364b068cd62f9ced99bfdd0ddc1fbb4f3796b3c975407bd2d90f4da4ce1b35b3fb7853804750e40316b8d2d538d4e9ef41c58c929d9e

Download Submit
C:\Windows\System\vDavDqB.exe

Filesize
2.1MB

MD5
1ae0f76a882aa15fa55fbd1953713106

SHA1
1f2725ecf5cc7310048a7afd6f16895da2beae4f

SHA256
e0ad5c6f9a37f3275927212e11bbfe6c67379f8a3e5f5b9e9d631b01c40a10fc

SHA512
397e13cda6acddc475a4ec78cccb56436dd9c0364a4dc3e6164290a69ac72051dbda66e67ce978ed526c94a679adb7d3cc866180f0c6016c76583735581dbf2f

Download Submit
C:\Windows\System\xBTmYNj.exe

Filesize
2.1MB

MD5
31b4af55068e0a88534ce5a597a9337b

SHA1
99b58609b69e971d996a4fd97748d6a93d9f3da1

SHA256
24aebefe876ff2e8671e5767c3f4ef8af0b20d0fc56653b925b06a0ac88ce1ae

SHA512
6ad4dfd464aa883fa0a8eb308d98cede65b7bcec6edc489f9d144368c462fb4f9ef3107c7ba0bb9bc382d74e592794f56ca4eb4881639639f425eb464564b5e8

Download Submit
C:\Windows\System\xuSvzbn.exe

Filesize
2.1MB

MD5
9452a61ff231ca924171bb73c369185e

SHA1
9182ae984bd5c9125718c899281dee3a1fe6b0ae

SHA256
f903471017ce62a813eec702eeed13aa938169b41c31627e5136e458fe7f9e0c

SHA512
78c993d13cda722f59160bd4af119506679b5923d0cc57fb049ee07e957fd9db9e29658eab3feb390b4ea2e69a7723afe691058c6473d9428fcbb020805dcc73

Download Submit
C:\Windows\System\zJVnhrq.exe

Filesize
2.1MB

MD5
b2b1f372a572d9d7a6eeca03c3e24257

SHA1
ef903697365a8954ef218ee1784763c2eaf0c183

SHA256
9ca86a641ff0942ee7226da90810f9754e074ccfc6b920354b2c5e193812f520

SHA512
3b0f0a53dd65a61cfdb217cd7e8b277ad7b6d5f394b299e3a46403f353776a5403a0079f4e634198aa0c8bf791595392e8b5601cb91658e387ccf26ca1419ba4

Download Submit
C:\Windows\System\zbafBgV.exe

Filesize
2.1MB

MD5
c03b5dedb9dcd789ee33e9bd29777348

SHA1
aa52d021ded31635b286ede19c25894951736122

SHA256
c0076fb6a2f8894d3187ddda9563dd4404fb59cd8896da4ac6c65306adcf7959

SHA512
ac4a5829fe98235116896687d4651f26e507e636fab9fb89a34ea31d51a5a1e7f50d4c3a895848fcbfb2016f32fd9f3fe4ec9effc7fba4d8782c593471331f48

Download Submit
memory/1268-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download