kpot | a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
Size

2.1MB
MD5

bd53319c709023b6f8cf40eded0feff0
SHA1

4d95ce9d1df9fa23def1da442c9b4863c5b1bbe9
SHA256

a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49
SHA512

170120a92079d3d4ef2bd659c7a0bea18cf71b65572160f22aab38fa3b8ff2a6217cbed075ad0c08040db92b14271c262aa81cce7fc2443d39d162cfb7dab0b3
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PY:GemTLkNdfE0pZaQY

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023268-4.dat	family_kpot
behavioral2/files/0x000800000002326b-9.dat	family_kpot
behavioral2/files/0x000800000002326e-8.dat	family_kpot
behavioral2/files/0x0008000000023270-19.dat	family_kpot
behavioral2/files/0x0007000000023271-23.dat	family_kpot
behavioral2/files/0x000800000002326c-27.dat	family_kpot
behavioral2/files/0x0007000000023272-31.dat	family_kpot
behavioral2/files/0x0007000000023273-36.dat	family_kpot
behavioral2/files/0x0007000000023275-44.dat	family_kpot
behavioral2/files/0x0007000000023276-54.dat	family_kpot
behavioral2/files/0x0007000000023277-58.dat	family_kpot
behavioral2/files/0x0007000000023278-64.dat	family_kpot
behavioral2/files/0x0007000000023274-47.dat	family_kpot
behavioral2/files/0x0007000000023279-69.dat	family_kpot
behavioral2/files/0x000700000002327b-72.dat	family_kpot
behavioral2/files/0x000700000002327c-78.dat	family_kpot
behavioral2/files/0x000700000002327d-85.dat	family_kpot
behavioral2/files/0x000700000002327f-91.dat	family_kpot
behavioral2/files/0x0007000000023280-95.dat	family_kpot
behavioral2/files/0x000700000002327e-96.dat	family_kpot
behavioral2/files/0x0007000000023281-105.dat	family_kpot
behavioral2/files/0x0007000000023282-109.dat	family_kpot
behavioral2/files/0x0007000000023283-112.dat	family_kpot
behavioral2/files/0x0007000000023286-119.dat	family_kpot
behavioral2/files/0x0007000000023285-122.dat	family_kpot
behavioral2/files/0x0007000000023287-126.dat	family_kpot
behavioral2/files/0x0007000000023288-129.dat	family_kpot
behavioral2/files/0x0007000000023289-138.dat	family_kpot
behavioral2/files/0x000700000002328a-144.dat	family_kpot
behavioral2/files/0x000700000002328b-146.dat	family_kpot
behavioral2/files/0x000700000002328c-153.dat	family_kpot
behavioral2/files/0x000700000002328d-160.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000023268-4.dat	xmrig
behavioral2/files/0x000800000002326b-9.dat	xmrig
behavioral2/files/0x000800000002326e-8.dat	xmrig
behavioral2/files/0x0008000000023270-19.dat	xmrig
behavioral2/files/0x0007000000023271-23.dat	xmrig
behavioral2/files/0x000800000002326c-27.dat	xmrig
behavioral2/files/0x0007000000023272-31.dat	xmrig
behavioral2/files/0x0007000000023273-36.dat	xmrig
behavioral2/files/0x0007000000023275-44.dat	xmrig
behavioral2/files/0x0007000000023276-54.dat	xmrig
behavioral2/files/0x0007000000023277-58.dat	xmrig
behavioral2/files/0x0007000000023278-64.dat	xmrig
behavioral2/files/0x0007000000023274-47.dat	xmrig
behavioral2/files/0x0007000000023279-69.dat	xmrig
behavioral2/files/0x000700000002327b-72.dat	xmrig
behavioral2/files/0x000700000002327c-78.dat	xmrig
behavioral2/files/0x000700000002327d-85.dat	xmrig
behavioral2/files/0x000700000002327f-91.dat	xmrig
behavioral2/files/0x0007000000023280-95.dat	xmrig
behavioral2/files/0x000700000002327e-96.dat	xmrig
behavioral2/files/0x0007000000023281-105.dat	xmrig
behavioral2/files/0x0007000000023282-109.dat	xmrig
behavioral2/files/0x0007000000023283-112.dat	xmrig
behavioral2/files/0x0007000000023286-119.dat	xmrig
behavioral2/files/0x0007000000023285-122.dat	xmrig
behavioral2/files/0x0007000000023287-126.dat	xmrig
behavioral2/files/0x0007000000023288-129.dat	xmrig
behavioral2/files/0x0007000000023289-138.dat	xmrig
behavioral2/files/0x000700000002328a-144.dat	xmrig
behavioral2/files/0x000700000002328b-146.dat	xmrig
behavioral2/files/0x000700000002328c-153.dat	xmrig
behavioral2/files/0x000700000002328d-160.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1448	gKvbpTg.exe
2600	kNDnrdL.exe
1384	zhvzZSk.exe
2912	vDgPRAe.exe
4740	GyofLSU.exe
3132	YNByvCQ.exe
2684	aNrxeAq.exe
4600	yhIFfpH.exe
4260	boVHisd.exe
5028	TSDaIAB.exe
1568	qgKOmoz.exe
2996	foLuOMn.exe
948	YCqFkHJ.exe
4928	SOPUSvM.exe
1804	HPkYVWb.exe
4304	gHTDsbs.exe
4604	OLlyqiS.exe
700	wZiACKF.exe
2864	JCZfLOy.exe
2496	LJazSKU.exe
3536	JTcCzDl.exe
5104	GKNwlJI.exe
4948	CUACQjA.exe
4560	syYhZYc.exe
3900	ggMSIeJ.exe
1060	QtUYowz.exe
1912	ttqEdKv.exe
3612	XcwOzhY.exe
4588	PFgEnVB.exe
2096	xvhpmGJ.exe
4248	erkaVBa.exe
4820	rCeefwT.exe
1368	FeNSzEj.exe
640	gnAwDdQ.exe
3516	Luwqtqh.exe
3172	nlmXPaB.exe
3280	lNejrpG.exe
2972	pEvuBfq.exe
892	bFlvCui.exe
4232	AEMZuWL.exe
4848	JJqQmCG.exe
2492	uJGhtVk.exe
2072	OzAfjwV.exe
2424	GOUwnQT.exe
1592	QUzblyT.exe
3744	kUlsGGz.exe
2412	uCTGBej.exe
1700	HdSKyke.exe
3020	RFwKdcP.exe
2712	lnSiaxJ.exe
3260	nxVdTpD.exe
4572	rLPyLhP.exe
1184	FEgsbbB.exe
2468	hDBxkmc.exe
3628	JIrINTy.exe
1724	jRjXQUb.exe
3352	WdAdNJb.exe
4608	TUdgABs.exe
1436	ctBDBMP.exe
4140	ulAyMrd.exe
4448	dDgjVfW.exe
572	pyEsgnX.exe
1636	bosVzGc.exe
1960	xPuvieo.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uLYexVg.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\qXwrvih.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\DkgVxKb.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\YLerWyc.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\BLLdUKJ.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\pAawWNP.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\MrdWALv.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\pvbHpjK.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\foAfnXY.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\ucGOfzB.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\QUzblyT.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\FyIIPfq.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\OtCADcT.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\PEIqXGx.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\aWalvMX.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\nlmXPaB.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\vjWPSYP.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\HhxnQgy.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\KPmClNV.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\ktpenYX.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\OBgqkxe.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\LsPPaRW.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\qnmARJk.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\lnSiaxJ.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\CrWWpxp.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\scJaDNa.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\WmbGUlT.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\NCvjhZT.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\tpRTePu.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\AkNPIii.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\WxDRTnx.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\MdvdbCv.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\OtjAZvP.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\dBYVEVG.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\JoBoTOu.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\bRVuPrT.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\OvmEGzx.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\INsIjTg.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\SDiQzRC.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\aNrxeAq.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\JTcCzDl.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\bosVzGc.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\rsyxcnD.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\IrQoSSQ.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\vJxXmow.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\ykUMYCU.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\swmfUut.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\gHTDsbs.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\vAkwrxW.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\CRDpUEv.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\zacgoYp.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\isjQthM.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\sFncaHk.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\uYAkWpR.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\DYABuRa.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\JJqQmCG.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\kUlsGGz.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\dDgjVfW.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\yPbUdGf.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\RPfDjJd.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\TvIuJNP.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\GYZbNkn.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\XcwOzhY.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
File created	C:\Windows\System\TiwSlqV.exe	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1448	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	92
PID 628 wrote to memory of 1448	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	92
PID 628 wrote to memory of 2600	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	93
PID 628 wrote to memory of 2600	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	93
PID 628 wrote to memory of 1384	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	94
PID 628 wrote to memory of 1384	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	94
PID 628 wrote to memory of 2912	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	95
PID 628 wrote to memory of 2912	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	95
PID 628 wrote to memory of 4740	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	96
PID 628 wrote to memory of 4740	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	96
PID 628 wrote to memory of 3132	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	97
PID 628 wrote to memory of 3132	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	97
PID 628 wrote to memory of 2684	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	98
PID 628 wrote to memory of 2684	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	98
PID 628 wrote to memory of 4600	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	99
PID 628 wrote to memory of 4600	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	99
PID 628 wrote to memory of 4260	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	100
PID 628 wrote to memory of 4260	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	100
PID 628 wrote to memory of 5028	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	101
PID 628 wrote to memory of 5028	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	101
PID 628 wrote to memory of 1568	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	102
PID 628 wrote to memory of 1568	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	102
PID 628 wrote to memory of 2996	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	103
PID 628 wrote to memory of 2996	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	103
PID 628 wrote to memory of 948	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	104
PID 628 wrote to memory of 948	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	104
PID 628 wrote to memory of 4928	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	105
PID 628 wrote to memory of 4928	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	105
PID 628 wrote to memory of 1804	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	106
PID 628 wrote to memory of 1804	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	106
PID 628 wrote to memory of 4304	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	107
PID 628 wrote to memory of 4304	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	107
PID 628 wrote to memory of 4604	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	108
PID 628 wrote to memory of 4604	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	108
PID 628 wrote to memory of 700	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	109
PID 628 wrote to memory of 700	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	109
PID 628 wrote to memory of 2864	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	110
PID 628 wrote to memory of 2864	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	110
PID 628 wrote to memory of 2496	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	111
PID 628 wrote to memory of 2496	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	111
PID 628 wrote to memory of 3536	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	112
PID 628 wrote to memory of 3536	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	112
PID 628 wrote to memory of 5104	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	113
PID 628 wrote to memory of 5104	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	113
PID 628 wrote to memory of 4948	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	114
PID 628 wrote to memory of 4948	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	114
PID 628 wrote to memory of 4560	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	115
PID 628 wrote to memory of 4560	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	115
PID 628 wrote to memory of 3900	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	116
PID 628 wrote to memory of 3900	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	116
PID 628 wrote to memory of 1060	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	117
PID 628 wrote to memory of 1060	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	117
PID 628 wrote to memory of 1912	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	118
PID 628 wrote to memory of 1912	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	118
PID 628 wrote to memory of 3612	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	119
PID 628 wrote to memory of 3612	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	119
PID 628 wrote to memory of 4588	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	120
PID 628 wrote to memory of 4588	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	120
PID 628 wrote to memory of 2096	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	121
PID 628 wrote to memory of 2096	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	121
PID 628 wrote to memory of 4248	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	122
PID 628 wrote to memory of 4248	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	122
PID 628 wrote to memory of 4820	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	123
PID 628 wrote to memory of 4820	628	a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a3e90c130f19ee4136faba83545cf443c71cbad70626a66a2085659bd63dbe49_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\System\gKvbpTg.exe
  C:\Windows\System\gKvbpTg.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\kNDnrdL.exe
  C:\Windows\System\kNDnrdL.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\zhvzZSk.exe
  C:\Windows\System\zhvzZSk.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\vDgPRAe.exe
  C:\Windows\System\vDgPRAe.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\GyofLSU.exe
  C:\Windows\System\GyofLSU.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\YNByvCQ.exe
  C:\Windows\System\YNByvCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\aNrxeAq.exe
  C:\Windows\System\aNrxeAq.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\yhIFfpH.exe
  C:\Windows\System\yhIFfpH.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\boVHisd.exe
  C:\Windows\System\boVHisd.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\TSDaIAB.exe
  C:\Windows\System\TSDaIAB.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\qgKOmoz.exe
  C:\Windows\System\qgKOmoz.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\foLuOMn.exe
  C:\Windows\System\foLuOMn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\YCqFkHJ.exe
  C:\Windows\System\YCqFkHJ.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\SOPUSvM.exe
  C:\Windows\System\SOPUSvM.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\HPkYVWb.exe
  C:\Windows\System\HPkYVWb.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\gHTDsbs.exe
  C:\Windows\System\gHTDsbs.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\OLlyqiS.exe
  C:\Windows\System\OLlyqiS.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\wZiACKF.exe
  C:\Windows\System\wZiACKF.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\JCZfLOy.exe
  C:\Windows\System\JCZfLOy.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\LJazSKU.exe
  C:\Windows\System\LJazSKU.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\JTcCzDl.exe
  C:\Windows\System\JTcCzDl.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\GKNwlJI.exe
  C:\Windows\System\GKNwlJI.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\CUACQjA.exe
  C:\Windows\System\CUACQjA.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\syYhZYc.exe
  C:\Windows\System\syYhZYc.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\ggMSIeJ.exe
  C:\Windows\System\ggMSIeJ.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\QtUYowz.exe
  C:\Windows\System\QtUYowz.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\ttqEdKv.exe
  C:\Windows\System\ttqEdKv.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\XcwOzhY.exe
  C:\Windows\System\XcwOzhY.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\PFgEnVB.exe
  C:\Windows\System\PFgEnVB.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\xvhpmGJ.exe
  C:\Windows\System\xvhpmGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\erkaVBa.exe
  C:\Windows\System\erkaVBa.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\rCeefwT.exe
  C:\Windows\System\rCeefwT.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\FeNSzEj.exe
  C:\Windows\System\FeNSzEj.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\gnAwDdQ.exe
  C:\Windows\System\gnAwDdQ.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\Luwqtqh.exe
  C:\Windows\System\Luwqtqh.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\nlmXPaB.exe
  C:\Windows\System\nlmXPaB.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\lNejrpG.exe
  C:\Windows\System\lNejrpG.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\pEvuBfq.exe
  C:\Windows\System\pEvuBfq.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\bFlvCui.exe
  C:\Windows\System\bFlvCui.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\AEMZuWL.exe
  C:\Windows\System\AEMZuWL.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\JJqQmCG.exe
  C:\Windows\System\JJqQmCG.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\uJGhtVk.exe
  C:\Windows\System\uJGhtVk.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\OzAfjwV.exe
  C:\Windows\System\OzAfjwV.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GOUwnQT.exe
  C:\Windows\System\GOUwnQT.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\QUzblyT.exe
  C:\Windows\System\QUzblyT.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\kUlsGGz.exe
  C:\Windows\System\kUlsGGz.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\uCTGBej.exe
  C:\Windows\System\uCTGBej.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\HdSKyke.exe
  C:\Windows\System\HdSKyke.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\RFwKdcP.exe
  C:\Windows\System\RFwKdcP.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\lnSiaxJ.exe
  C:\Windows\System\lnSiaxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\nxVdTpD.exe
  C:\Windows\System\nxVdTpD.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\rLPyLhP.exe
  C:\Windows\System\rLPyLhP.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\FEgsbbB.exe
  C:\Windows\System\FEgsbbB.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\hDBxkmc.exe
  C:\Windows\System\hDBxkmc.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\JIrINTy.exe
  C:\Windows\System\JIrINTy.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\jRjXQUb.exe
  C:\Windows\System\jRjXQUb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\WdAdNJb.exe
  C:\Windows\System\WdAdNJb.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\TUdgABs.exe
  C:\Windows\System\TUdgABs.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\ctBDBMP.exe
  C:\Windows\System\ctBDBMP.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\ulAyMrd.exe
  C:\Windows\System\ulAyMrd.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\dDgjVfW.exe
  C:\Windows\System\dDgjVfW.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\pyEsgnX.exe
  C:\Windows\System\pyEsgnX.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\bosVzGc.exe
  C:\Windows\System\bosVzGc.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\xPuvieo.exe
  C:\Windows\System\xPuvieo.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\rsyxcnD.exe
  C:\Windows\System\rsyxcnD.exe
  2⤵
  PID:4268
- C:\Windows\System\MnfggnM.exe
  C:\Windows\System\MnfggnM.exe
  2⤵
  PID:2748
- C:\Windows\System\ydfyJtt.exe
  C:\Windows\System\ydfyJtt.exe
  2⤵
  PID:1944
- C:\Windows\System\RRrjhOS.exe
  C:\Windows\System\RRrjhOS.exe
  2⤵
  PID:4860
- C:\Windows\System\OBgqkxe.exe
  C:\Windows\System\OBgqkxe.exe
  2⤵
  PID:444
- C:\Windows\System\rpdZDpe.exe
  C:\Windows\System\rpdZDpe.exe
  2⤵
  PID:1396
- C:\Windows\System\HhxnQgy.exe
  C:\Windows\System\HhxnQgy.exe
  2⤵
  PID:2316
- C:\Windows\System\XkBXVjp.exe
  C:\Windows\System\XkBXVjp.exe
  2⤵
  PID:2672
- C:\Windows\System\hOTFffl.exe
  C:\Windows\System\hOTFffl.exe
  2⤵
  PID:1736
- C:\Windows\System\IrQoSSQ.exe
  C:\Windows\System\IrQoSSQ.exe
  2⤵
  PID:3248
- C:\Windows\System\LsPPaRW.exe
  C:\Windows\System\LsPPaRW.exe
  2⤵
  PID:3492
- C:\Windows\System\IoCEnKM.exe
  C:\Windows\System\IoCEnKM.exe
  2⤵
  PID:2428
- C:\Windows\System\gDNVsII.exe
  C:\Windows\System\gDNVsII.exe
  2⤵
  PID:4376
- C:\Windows\System\vhvruoZ.exe
  C:\Windows\System\vhvruoZ.exe
  2⤵
  PID:2556
- C:\Windows\System\MdvdbCv.exe
  C:\Windows\System\MdvdbCv.exe
  2⤵
  PID:5132
- C:\Windows\System\pvHxkZe.exe
  C:\Windows\System\pvHxkZe.exe
  2⤵
  PID:5164
- C:\Windows\System\XXsIKpQ.exe
  C:\Windows\System\XXsIKpQ.exe
  2⤵
  PID:5192
- C:\Windows\System\AiZBSAn.exe
  C:\Windows\System\AiZBSAn.exe
  2⤵
  PID:5216
- C:\Windows\System\LYdZjCa.exe
  C:\Windows\System\LYdZjCa.exe
  2⤵
  PID:5236
- C:\Windows\System\dBYVEVG.exe
  C:\Windows\System\dBYVEVG.exe
  2⤵
  PID:5272
- C:\Windows\System\pAawWNP.exe
  C:\Windows\System\pAawWNP.exe
  2⤵
  PID:5292
- C:\Windows\System\nQqekso.exe
  C:\Windows\System\nQqekso.exe
  2⤵
  PID:5320
- C:\Windows\System\ODepbTH.exe
  C:\Windows\System\ODepbTH.exe
  2⤵
  PID:5348
- C:\Windows\System\yPbUdGf.exe
  C:\Windows\System\yPbUdGf.exe
  2⤵
  PID:5380
- C:\Windows\System\UybCXtl.exe
  C:\Windows\System\UybCXtl.exe
  2⤵
  PID:5404
- C:\Windows\System\vJxXmow.exe
  C:\Windows\System\vJxXmow.exe
  2⤵
  PID:5440
- C:\Windows\System\DNCPJzg.exe
  C:\Windows\System\DNCPJzg.exe
  2⤵
  PID:5464
- C:\Windows\System\iYQtavA.exe
  C:\Windows\System\iYQtavA.exe
  2⤵
  PID:5488
- C:\Windows\System\MZKAmFF.exe
  C:\Windows\System\MZKAmFF.exe
  2⤵
  PID:5516
- C:\Windows\System\FOVJoee.exe
  C:\Windows\System\FOVJoee.exe
  2⤵
  PID:5536
- C:\Windows\System\pLPLQdQ.exe
  C:\Windows\System\pLPLQdQ.exe
  2⤵
  PID:5560
- C:\Windows\System\iorYVtN.exe
  C:\Windows\System\iorYVtN.exe
  2⤵
  PID:5588
- C:\Windows\System\CrWWpxp.exe
  C:\Windows\System\CrWWpxp.exe
  2⤵
  PID:5604
- C:\Windows\System\HKUUoUF.exe
  C:\Windows\System\HKUUoUF.exe
  2⤵
  PID:5628
- C:\Windows\System\FPToACS.exe
  C:\Windows\System\FPToACS.exe
  2⤵
  PID:5660
- C:\Windows\System\zfHZBYJ.exe
  C:\Windows\System\zfHZBYJ.exe
  2⤵
  PID:5688
- C:\Windows\System\iyfHlrG.exe
  C:\Windows\System\iyfHlrG.exe
  2⤵
  PID:5716
- C:\Windows\System\KfOefyv.exe
  C:\Windows\System\KfOefyv.exe
  2⤵
  PID:5748
- C:\Windows\System\HKSBkMz.exe
  C:\Windows\System\HKSBkMz.exe
  2⤵
  PID:5776
- C:\Windows\System\MDliXRp.exe
  C:\Windows\System\MDliXRp.exe
  2⤵
  PID:5804
- C:\Windows\System\OhJuMnf.exe
  C:\Windows\System\OhJuMnf.exe
  2⤵
  PID:5828
- C:\Windows\System\gAUINfN.exe
  C:\Windows\System\gAUINfN.exe
  2⤵
  PID:5844
- C:\Windows\System\rGilSsC.exe
  C:\Windows\System\rGilSsC.exe
  2⤵
  PID:5868
- C:\Windows\System\KPmClNV.exe
  C:\Windows\System\KPmClNV.exe
  2⤵
  PID:5896
- C:\Windows\System\fClKtoi.exe
  C:\Windows\System\fClKtoi.exe
  2⤵
  PID:5912
- C:\Windows\System\scJaDNa.exe
  C:\Windows\System\scJaDNa.exe
  2⤵
  PID:5936
- C:\Windows\System\BHEJqrB.exe
  C:\Windows\System\BHEJqrB.exe
  2⤵
  PID:5960
- C:\Windows\System\MrrlAhS.exe
  C:\Windows\System\MrrlAhS.exe
  2⤵
  PID:5988
- C:\Windows\System\ElNCrLM.exe
  C:\Windows\System\ElNCrLM.exe
  2⤵
  PID:6020
- C:\Windows\System\wJEOyYT.exe
  C:\Windows\System\wJEOyYT.exe
  2⤵
  PID:6044
- C:\Windows\System\ITRxjvH.exe
  C:\Windows\System\ITRxjvH.exe
  2⤵
  PID:6080
- C:\Windows\System\mmaRDtf.exe
  C:\Windows\System\mmaRDtf.exe
  2⤵
  PID:6112
- C:\Windows\System\pfGDwMK.exe
  C:\Windows\System\pfGDwMK.exe
  2⤵
  PID:6140
- C:\Windows\System\wBwNiFX.exe
  C:\Windows\System\wBwNiFX.exe
  2⤵
  PID:5176
- C:\Windows\System\xBOepOn.exe
  C:\Windows\System\xBOepOn.exe
  2⤵
  PID:5256
- C:\Windows\System\TLOUAPT.exe
  C:\Windows\System\TLOUAPT.exe
  2⤵
  PID:5312
- C:\Windows\System\ykUMYCU.exe
  C:\Windows\System\ykUMYCU.exe
  2⤵
  PID:5416
- C:\Windows\System\SEOYAwE.exe
  C:\Windows\System\SEOYAwE.exe
  2⤵
  PID:5460
- C:\Windows\System\boibHZO.exe
  C:\Windows\System\boibHZO.exe
  2⤵
  PID:5552
- C:\Windows\System\FyIIPfq.exe
  C:\Windows\System\FyIIPfq.exe
  2⤵
  PID:5708
- C:\Windows\System\ogFaEUu.exe
  C:\Windows\System\ogFaEUu.exe
  2⤵
  PID:5764
- C:\Windows\System\YmZzSjO.exe
  C:\Windows\System\YmZzSjO.exe
  2⤵
  PID:5812
- C:\Windows\System\swmfUut.exe
  C:\Windows\System\swmfUut.exe
  2⤵
  PID:5856
- C:\Windows\System\uLYexVg.exe
  C:\Windows\System\uLYexVg.exe
  2⤵
  PID:5956
- C:\Windows\System\RMdGlMx.exe
  C:\Windows\System\RMdGlMx.exe
  2⤵
  PID:5952
- C:\Windows\System\FHyDBQO.exe
  C:\Windows\System\FHyDBQO.exe
  2⤵
  PID:5996
- C:\Windows\System\jGRGxCO.exe
  C:\Windows\System\jGRGxCO.exe
  2⤵
  PID:6036
- C:\Windows\System\yvHKtZB.exe
  C:\Windows\System\yvHKtZB.exe
  2⤵
  PID:5316
- C:\Windows\System\vYWmUDZ.exe
  C:\Windows\System\vYWmUDZ.exe
  2⤵
  PID:5372
- C:\Windows\System\RPfDjJd.exe
  C:\Windows\System\RPfDjJd.exe
  2⤵
  PID:5396
- C:\Windows\System\DfOBHFd.exe
  C:\Windows\System\DfOBHFd.exe
  2⤵
  PID:5668
- C:\Windows\System\BOAGljA.exe
  C:\Windows\System\BOAGljA.exe
  2⤵
  PID:5740
- C:\Windows\System\hiubSmQ.exe
  C:\Windows\System\hiubSmQ.exe
  2⤵
  PID:5948
- C:\Windows\System\jQjkHgM.exe
  C:\Windows\System\jQjkHgM.exe
  2⤵
  PID:6008
- C:\Windows\System\BZpymQJ.exe
  C:\Windows\System\BZpymQJ.exe
  2⤵
  PID:5980
- C:\Windows\System\TvIuJNP.exe
  C:\Windows\System\TvIuJNP.exe
  2⤵
  PID:5772
- C:\Windows\System\yOviUPv.exe
  C:\Windows\System\yOviUPv.exe
  2⤵
  PID:5224
- C:\Windows\System\vWvBIRJ.exe
  C:\Windows\System\vWvBIRJ.exe
  2⤵
  PID:6176
- C:\Windows\System\tVaeqzU.exe
  C:\Windows\System\tVaeqzU.exe
  2⤵
  PID:6204
- C:\Windows\System\LjhCvdQ.exe
  C:\Windows\System\LjhCvdQ.exe
  2⤵
  PID:6244
- C:\Windows\System\DuHdiqg.exe
  C:\Windows\System\DuHdiqg.exe
  2⤵
  PID:6272
- C:\Windows\System\JoGYFIF.exe
  C:\Windows\System\JoGYFIF.exe
  2⤵
  PID:6300
- C:\Windows\System\yCEzXlC.exe
  C:\Windows\System\yCEzXlC.exe
  2⤵
  PID:6328
- C:\Windows\System\CDRSLpJ.exe
  C:\Windows\System\CDRSLpJ.exe
  2⤵
  PID:6356
- C:\Windows\System\lqFzkiN.exe
  C:\Windows\System\lqFzkiN.exe
  2⤵
  PID:6400
- C:\Windows\System\MRjBVHe.exe
  C:\Windows\System\MRjBVHe.exe
  2⤵
  PID:6416
- C:\Windows\System\BldsgwF.exe
  C:\Windows\System\BldsgwF.exe
  2⤵
  PID:6448
- C:\Windows\System\AdRkAqK.exe
  C:\Windows\System\AdRkAqK.exe
  2⤵
  PID:6472
- C:\Windows\System\kefdfdH.exe
  C:\Windows\System\kefdfdH.exe
  2⤵
  PID:6500
- C:\Windows\System\vrgErOK.exe
  C:\Windows\System\vrgErOK.exe
  2⤵
  PID:6524
- C:\Windows\System\quYPBDJ.exe
  C:\Windows\System\quYPBDJ.exe
  2⤵
  PID:6552
- C:\Windows\System\lHvUJuT.exe
  C:\Windows\System\lHvUJuT.exe
  2⤵
  PID:6584
- C:\Windows\System\CTLORIh.exe
  C:\Windows\System\CTLORIh.exe
  2⤵
  PID:6608
- C:\Windows\System\gbOwKoh.exe
  C:\Windows\System\gbOwKoh.exe
  2⤵
  PID:6632
- C:\Windows\System\cirTndM.exe
  C:\Windows\System\cirTndM.exe
  2⤵
  PID:6656
- C:\Windows\System\vjWPSYP.exe
  C:\Windows\System\vjWPSYP.exe
  2⤵
  PID:6680
- C:\Windows\System\pzfxMiS.exe
  C:\Windows\System\pzfxMiS.exe
  2⤵
  PID:6700
- C:\Windows\System\ulVtXDS.exe
  C:\Windows\System\ulVtXDS.exe
  2⤵
  PID:6728
- C:\Windows\System\YIlzvwv.exe
  C:\Windows\System\YIlzvwv.exe
  2⤵
  PID:6756
- C:\Windows\System\GYZbNkn.exe
  C:\Windows\System\GYZbNkn.exe
  2⤵
  PID:6784
- C:\Windows\System\HsyEnNm.exe
  C:\Windows\System\HsyEnNm.exe
  2⤵
  PID:6828
- C:\Windows\System\ucGOfzB.exe
  C:\Windows\System\ucGOfzB.exe
  2⤵
  PID:6852
- C:\Windows\System\vVUWILX.exe
  C:\Windows\System\vVUWILX.exe
  2⤵
  PID:6892
- C:\Windows\System\ZyXoTCc.exe
  C:\Windows\System\ZyXoTCc.exe
  2⤵
  PID:6948
- C:\Windows\System\muEQzgH.exe
  C:\Windows\System\muEQzgH.exe
  2⤵
  PID:6972
- C:\Windows\System\HrtAEwL.exe
  C:\Windows\System\HrtAEwL.exe
  2⤵
  PID:6992
- C:\Windows\System\FRFdDyv.exe
  C:\Windows\System\FRFdDyv.exe
  2⤵
  PID:7016
- C:\Windows\System\JoBoTOu.exe
  C:\Windows\System\JoBoTOu.exe
  2⤵
  PID:7052
- C:\Windows\System\XQiWZUl.exe
  C:\Windows\System\XQiWZUl.exe
  2⤵
  PID:7080
- C:\Windows\System\knFwhES.exe
  C:\Windows\System\knFwhES.exe
  2⤵
  PID:7104
- C:\Windows\System\vvlXgoW.exe
  C:\Windows\System\vvlXgoW.exe
  2⤵
  PID:5600
- C:\Windows\System\GWZawli.exe
  C:\Windows\System\GWZawli.exe
  2⤵
  PID:6168
- C:\Windows\System\VYKtjIX.exe
  C:\Windows\System\VYKtjIX.exe
  2⤵
  PID:6192
- C:\Windows\System\cYwggNB.exe
  C:\Windows\System\cYwggNB.exe
  2⤵
  PID:6268
- C:\Windows\System\JNCDjHv.exe
  C:\Windows\System\JNCDjHv.exe
  2⤵
  PID:6292
- C:\Windows\System\ZHRURdW.exe
  C:\Windows\System\ZHRURdW.exe
  2⤵
  PID:6392
- C:\Windows\System\dDfwrYS.exe
  C:\Windows\System\dDfwrYS.exe
  2⤵
  PID:6464
- C:\Windows\System\OxspCNN.exe
  C:\Windows\System\OxspCNN.exe
  2⤵
  PID:6496
- C:\Windows\System\DYABuRa.exe
  C:\Windows\System\DYABuRa.exe
  2⤵
  PID:6544
- C:\Windows\System\UlWnOgq.exe
  C:\Windows\System\UlWnOgq.exe
  2⤵
  PID:6692
- C:\Windows\System\tZovIED.exe
  C:\Windows\System\tZovIED.exe
  2⤵
  PID:6676
- C:\Windows\System\PvKaXRL.exe
  C:\Windows\System\PvKaXRL.exe
  2⤵
  PID:6688
- C:\Windows\System\OnBEtEB.exe
  C:\Windows\System\OnBEtEB.exe
  2⤵
  PID:6872
- C:\Windows\System\Oevvfoe.exe
  C:\Windows\System\Oevvfoe.exe
  2⤵
  PID:6928
- C:\Windows\System\syczyVy.exe
  C:\Windows\System\syczyVy.exe
  2⤵
  PID:6956
- C:\Windows\System\TEqalOG.exe
  C:\Windows\System\TEqalOG.exe
  2⤵
  PID:6984
- C:\Windows\System\AqfeOLQ.exe
  C:\Windows\System\AqfeOLQ.exe
  2⤵
  PID:7044
- C:\Windows\System\vghOrwc.exe
  C:\Windows\System\vghOrwc.exe
  2⤵
  PID:7120
- C:\Windows\System\qXwrvih.exe
  C:\Windows\System\qXwrvih.exe
  2⤵
  PID:1144
- C:\Windows\System\LaazsMn.exe
  C:\Windows\System\LaazsMn.exe
  2⤵
  PID:416
- C:\Windows\System\RjNYDms.exe
  C:\Windows\System\RjNYDms.exe
  2⤵
  PID:6256
- C:\Windows\System\bfKyzUa.exe
  C:\Windows\System\bfKyzUa.exe
  2⤵
  PID:6492
- C:\Windows\System\OtCADcT.exe
  C:\Windows\System\OtCADcT.exe
  2⤵
  PID:6628
- C:\Windows\System\DkgVxKb.exe
  C:\Windows\System\DkgVxKb.exe
  2⤵
  PID:6648
- C:\Windows\System\GwUqsuF.exe
  C:\Windows\System\GwUqsuF.exe
  2⤵
  PID:6844
- C:\Windows\System\lOxoQKu.exe
  C:\Windows\System\lOxoQKu.exe
  2⤵
  PID:1316
- C:\Windows\System\hNhFZCF.exe
  C:\Windows\System\hNhFZCF.exe
  2⤵
  PID:7008
- C:\Windows\System\fyNhgcX.exe
  C:\Windows\System\fyNhgcX.exe
  2⤵
  PID:6160
- C:\Windows\System\weuSxSI.exe
  C:\Windows\System\weuSxSI.exe
  2⤵
  PID:6408
- C:\Windows\System\StPzskh.exe
  C:\Windows\System\StPzskh.exe
  2⤵
  PID:4952
- C:\Windows\System\AVTBXZX.exe
  C:\Windows\System\AVTBXZX.exe
  2⤵
  PID:6716
- C:\Windows\System\DiXXuDa.exe
  C:\Windows\System\DiXXuDa.exe
  2⤵
  PID:6076
- C:\Windows\System\BUuKLZj.exe
  C:\Windows\System\BUuKLZj.exe
  2⤵
  PID:7184
- C:\Windows\System\VIFXdMC.exe
  C:\Windows\System\VIFXdMC.exe
  2⤵
  PID:7208
- C:\Windows\System\GYuSMSC.exe
  C:\Windows\System\GYuSMSC.exe
  2⤵
  PID:7232
- C:\Windows\System\DfNVjrH.exe
  C:\Windows\System\DfNVjrH.exe
  2⤵
  PID:7252
- C:\Windows\System\uAdUiKf.exe
  C:\Windows\System\uAdUiKf.exe
  2⤵
  PID:7280
- C:\Windows\System\vUXnsui.exe
  C:\Windows\System\vUXnsui.exe
  2⤵
  PID:7308
- C:\Windows\System\isjQthM.exe
  C:\Windows\System\isjQthM.exe
  2⤵
  PID:7336
- C:\Windows\System\bRVuPrT.exe
  C:\Windows\System\bRVuPrT.exe
  2⤵
  PID:7356
- C:\Windows\System\TiwSlqV.exe
  C:\Windows\System\TiwSlqV.exe
  2⤵
  PID:7384
- C:\Windows\System\ArdmWlu.exe
  C:\Windows\System\ArdmWlu.exe
  2⤵
  PID:7412
- C:\Windows\System\GRTDHFI.exe
  C:\Windows\System\GRTDHFI.exe
  2⤵
  PID:7432
- C:\Windows\System\gZNSXST.exe
  C:\Windows\System\gZNSXST.exe
  2⤵
  PID:7464
- C:\Windows\System\HvgRvtO.exe
  C:\Windows\System\HvgRvtO.exe
  2⤵
  PID:7488
- C:\Windows\System\uoDyWqs.exe
  C:\Windows\System\uoDyWqs.exe
  2⤵
  PID:7520
- C:\Windows\System\dVVtrWB.exe
  C:\Windows\System\dVVtrWB.exe
  2⤵
  PID:7540
- C:\Windows\System\uCbWuCX.exe
  C:\Windows\System\uCbWuCX.exe
  2⤵
  PID:7580
- C:\Windows\System\uQqPYeC.exe
  C:\Windows\System\uQqPYeC.exe
  2⤵
  PID:7608
- C:\Windows\System\tGwYGeZ.exe
  C:\Windows\System\tGwYGeZ.exe
  2⤵
  PID:7624
- C:\Windows\System\ARQoEkN.exe
  C:\Windows\System\ARQoEkN.exe
  2⤵
  PID:7644
- C:\Windows\System\HRBkGHY.exe
  C:\Windows\System\HRBkGHY.exe
  2⤵
  PID:7672
- C:\Windows\System\wdUsNeY.exe
  C:\Windows\System\wdUsNeY.exe
  2⤵
  PID:7700
- C:\Windows\System\ojuMlTK.exe
  C:\Windows\System\ojuMlTK.exe
  2⤵
  PID:7732
- C:\Windows\System\WmbGUlT.exe
  C:\Windows\System\WmbGUlT.exe
  2⤵
  PID:7756
- C:\Windows\System\JQlKPfq.exe
  C:\Windows\System\JQlKPfq.exe
  2⤵
  PID:7780
- C:\Windows\System\yESIFHQ.exe
  C:\Windows\System\yESIFHQ.exe
  2⤵
  PID:7808
- C:\Windows\System\WqTVCPO.exe
  C:\Windows\System\WqTVCPO.exe
  2⤵
  PID:7832
- C:\Windows\System\ifXxHbN.exe
  C:\Windows\System\ifXxHbN.exe
  2⤵
  PID:7852
- C:\Windows\System\rojCKPl.exe
  C:\Windows\System\rojCKPl.exe
  2⤵
  PID:7872
- C:\Windows\System\RwvCXfw.exe
  C:\Windows\System\RwvCXfw.exe
  2⤵
  PID:7888
- C:\Windows\System\bSjZXfY.exe
  C:\Windows\System\bSjZXfY.exe
  2⤵
  PID:7908
- C:\Windows\System\ETZgPMU.exe
  C:\Windows\System\ETZgPMU.exe
  2⤵
  PID:7936
- C:\Windows\System\TUJhsdl.exe
  C:\Windows\System\TUJhsdl.exe
  2⤵
  PID:7956
- C:\Windows\System\pZXZjKw.exe
  C:\Windows\System\pZXZjKw.exe
  2⤵
  PID:7980
- C:\Windows\System\xSmtcvP.exe
  C:\Windows\System\xSmtcvP.exe
  2⤵
  PID:8000
- C:\Windows\System\FJzXLJN.exe
  C:\Windows\System\FJzXLJN.exe
  2⤵
  PID:8020
- C:\Windows\System\YLerWyc.exe
  C:\Windows\System\YLerWyc.exe
  2⤵
  PID:8044
- C:\Windows\System\MEOqBKg.exe
  C:\Windows\System\MEOqBKg.exe
  2⤵
  PID:8068
- C:\Windows\System\LDNjcPS.exe
  C:\Windows\System\LDNjcPS.exe
  2⤵
  PID:8088
- C:\Windows\System\PgKhezv.exe
  C:\Windows\System\PgKhezv.exe
  2⤵
  PID:8112
- C:\Windows\System\vcvNWBo.exe
  C:\Windows\System\vcvNWBo.exe
  2⤵
  PID:8128
- C:\Windows\System\NCvjhZT.exe
  C:\Windows\System\NCvjhZT.exe
  2⤵
  PID:8152
- C:\Windows\System\mwhEEIy.exe
  C:\Windows\System\mwhEEIy.exe
  2⤵
  PID:8172
- C:\Windows\System\fxIVxiV.exe
  C:\Windows\System\fxIVxiV.exe
  2⤵
  PID:5148
- C:\Windows\System\IkURRhD.exe
  C:\Windows\System\IkURRhD.exe
  2⤵
  PID:6520
- C:\Windows\System\LDmvZGE.exe
  C:\Windows\System\LDmvZGE.exe
  2⤵
  PID:7264
- C:\Windows\System\fxPBZyI.exe
  C:\Windows\System\fxPBZyI.exe
  2⤵
  PID:7248
- C:\Windows\System\SgpJbvK.exe
  C:\Windows\System\SgpJbvK.exe
  2⤵
  PID:7332
- C:\Windows\System\sFncaHk.exe
  C:\Windows\System\sFncaHk.exe
  2⤵
  PID:7380
- C:\Windows\System\YbRPtAB.exe
  C:\Windows\System\YbRPtAB.exe
  2⤵
  PID:7724
- C:\Windows\System\SyDMFhZ.exe
  C:\Windows\System\SyDMFhZ.exe
  2⤵
  PID:7800
- C:\Windows\System\ilnrlgD.exe
  C:\Windows\System\ilnrlgD.exe
  2⤵
  PID:7684
- C:\Windows\System\OCZoqSY.exe
  C:\Windows\System\OCZoqSY.exe
  2⤵
  PID:7976
- C:\Windows\System\zacgoYp.exe
  C:\Windows\System\zacgoYp.exe
  2⤵
  PID:7844
- C:\Windows\System\qRqEndZ.exe
  C:\Windows\System\qRqEndZ.exe
  2⤵
  PID:8064
- C:\Windows\System\tpRTePu.exe
  C:\Windows\System\tpRTePu.exe
  2⤵
  PID:7948
- C:\Windows\System\MrdWALv.exe
  C:\Windows\System\MrdWALv.exe
  2⤵
  PID:8168
- C:\Windows\System\JQKLRYA.exe
  C:\Windows\System\JQKLRYA.exe
  2⤵
  PID:8084
- C:\Windows\System\NSlHLsR.exe
  C:\Windows\System\NSlHLsR.exe
  2⤵
  PID:5108
- C:\Windows\System\kbguGvo.exe
  C:\Windows\System\kbguGvo.exe
  2⤵
  PID:7328
- C:\Windows\System\YNpTTmP.exe
  C:\Windows\System\YNpTTmP.exe
  2⤵
  PID:7500
- C:\Windows\System\kUZkjWX.exe
  C:\Windows\System\kUZkjWX.exe
  2⤵
  PID:8016
- C:\Windows\System\kZWgVIU.exe
  C:\Windows\System\kZWgVIU.exe
  2⤵
  PID:7316
- C:\Windows\System\kANilde.exe
  C:\Windows\System\kANilde.exe
  2⤵
  PID:7996
- C:\Windows\System\pFXUmtO.exe
  C:\Windows\System\pFXUmtO.exe
  2⤵
  PID:8008
- C:\Windows\System\QyFxwzV.exe
  C:\Windows\System\QyFxwzV.exe
  2⤵
  PID:8220
- C:\Windows\System\tOfjiqE.exe
  C:\Windows\System\tOfjiqE.exe
  2⤵
  PID:8248
- C:\Windows\System\ktpenYX.exe
  C:\Windows\System\ktpenYX.exe
  2⤵
  PID:8276
- C:\Windows\System\bnCbkdy.exe
  C:\Windows\System\bnCbkdy.exe
  2⤵
  PID:8308
- C:\Windows\System\rsHiYyX.exe
  C:\Windows\System\rsHiYyX.exe
  2⤵
  PID:8336
- C:\Windows\System\ejAghjm.exe
  C:\Windows\System\ejAghjm.exe
  2⤵
  PID:8364
- C:\Windows\System\pvbHpjK.exe
  C:\Windows\System\pvbHpjK.exe
  2⤵
  PID:8392
- C:\Windows\System\OvmEGzx.exe
  C:\Windows\System\OvmEGzx.exe
  2⤵
  PID:8408
- C:\Windows\System\ARnAkAz.exe
  C:\Windows\System\ARnAkAz.exe
  2⤵
  PID:8436
- C:\Windows\System\BLLdUKJ.exe
  C:\Windows\System\BLLdUKJ.exe
  2⤵
  PID:8464
- C:\Windows\System\QSTpNZK.exe
  C:\Windows\System\QSTpNZK.exe
  2⤵
  PID:8492
- C:\Windows\System\PEIqXGx.exe
  C:\Windows\System\PEIqXGx.exe
  2⤵
  PID:8520
- C:\Windows\System\MRStpan.exe
  C:\Windows\System\MRStpan.exe
  2⤵
  PID:8536
- C:\Windows\System\LwfIoSL.exe
  C:\Windows\System\LwfIoSL.exe
  2⤵
  PID:8560
- C:\Windows\System\AkNPIii.exe
  C:\Windows\System\AkNPIii.exe
  2⤵
  PID:8584
- C:\Windows\System\vAkwrxW.exe
  C:\Windows\System\vAkwrxW.exe
  2⤵
  PID:8608
- C:\Windows\System\iEezpce.exe
  C:\Windows\System\iEezpce.exe
  2⤵
  PID:8640
- C:\Windows\System\hujnlez.exe
  C:\Windows\System\hujnlez.exe
  2⤵
  PID:8664
- C:\Windows\System\yKdGqai.exe
  C:\Windows\System\yKdGqai.exe
  2⤵
  PID:8688
- C:\Windows\System\IKKosXd.exe
  C:\Windows\System\IKKosXd.exe
  2⤵
  PID:8716
- C:\Windows\System\motjOFS.exe
  C:\Windows\System\motjOFS.exe
  2⤵
  PID:8748
- C:\Windows\System\BpIcLEp.exe
  C:\Windows\System\BpIcLEp.exe
  2⤵
  PID:8768
- C:\Windows\System\qBzSUrM.exe
  C:\Windows\System\qBzSUrM.exe
  2⤵
  PID:8800
- C:\Windows\System\bnoeAJd.exe
  C:\Windows\System\bnoeAJd.exe
  2⤵
  PID:8828
- C:\Windows\System\INsIjTg.exe
  C:\Windows\System\INsIjTg.exe
  2⤵
  PID:8852
- C:\Windows\System\WaOaYeB.exe
  C:\Windows\System\WaOaYeB.exe
  2⤵
  PID:8876
- C:\Windows\System\UaqmVCF.exe
  C:\Windows\System\UaqmVCF.exe
  2⤵
  PID:8900
- C:\Windows\System\pRIZrJm.exe
  C:\Windows\System\pRIZrJm.exe
  2⤵
  PID:8932
- C:\Windows\System\WxDRTnx.exe
  C:\Windows\System\WxDRTnx.exe
  2⤵
  PID:8964
- C:\Windows\System\AMuyQGx.exe
  C:\Windows\System\AMuyQGx.exe
  2⤵
  PID:8996
- C:\Windows\System\qnmARJk.exe
  C:\Windows\System\qnmARJk.exe
  2⤵
  PID:9024
- C:\Windows\System\hwJecJa.exe
  C:\Windows\System\hwJecJa.exe
  2⤵
  PID:9052
- C:\Windows\System\ZahzDFB.exe
  C:\Windows\System\ZahzDFB.exe
  2⤵
  PID:9076
- C:\Windows\System\aWalvMX.exe
  C:\Windows\System\aWalvMX.exe
  2⤵
  PID:9104
- C:\Windows\System\RoYqJPA.exe
  C:\Windows\System\RoYqJPA.exe
  2⤵
  PID:9132
- C:\Windows\System\SDiQzRC.exe
  C:\Windows\System\SDiQzRC.exe
  2⤵
  PID:9164
- C:\Windows\System\foAfnXY.exe
  C:\Windows\System\foAfnXY.exe
  2⤵
  PID:9184
- C:\Windows\System\YyMOwYx.exe
  C:\Windows\System\YyMOwYx.exe
  2⤵
  PID:9208
- C:\Windows\System\CRDpUEv.exe
  C:\Windows\System\CRDpUEv.exe
  2⤵
  PID:8216
- C:\Windows\System\jlSQwKl.exe
  C:\Windows\System\jlSQwKl.exe
  2⤵
  PID:8288
- C:\Windows\System\RKmRMBK.exe
  C:\Windows\System\RKmRMBK.exe
  2⤵
  PID:8400
- C:\Windows\System\uPiSVDR.exe
  C:\Windows\System\uPiSVDR.exe
  2⤵
  PID:8556
- C:\Windows\System\FcYbEhQ.exe
  C:\Windows\System\FcYbEhQ.exe
  2⤵
  PID:8696
- C:\Windows\System\LNNqOYb.exe
  C:\Windows\System\LNNqOYb.exe
  2⤵
  PID:8728
- C:\Windows\System\VXlfkCn.exe
  C:\Windows\System\VXlfkCn.exe
  2⤵
  PID:8840
- C:\Windows\System\MeLnbFM.exe
  C:\Windows\System\MeLnbFM.exe
  2⤵
  PID:8824
- C:\Windows\System\sTNpYBj.exe
  C:\Windows\System\sTNpYBj.exe
  2⤵
  PID:8896
- C:\Windows\System\NAcmDkM.exe
  C:\Windows\System\NAcmDkM.exe
  2⤵
  PID:9016
- C:\Windows\System\qXWpReA.exe
  C:\Windows\System\qXWpReA.exe
  2⤵
  PID:8980
- C:\Windows\System\uYAkWpR.exe
  C:\Windows\System\uYAkWpR.exe
  2⤵
  PID:9152
- C:\Windows\System\OtjAZvP.exe
  C:\Windows\System\OtjAZvP.exe
  2⤵
  PID:9160
- C:\Windows\System\ivtocSS.exe
  C:\Windows\System\ivtocSS.exe
  2⤵
  PID:4372
- C:\Windows\System\HgElBxa.exe
  C:\Windows\System\HgElBxa.exe
  2⤵
  PID:8356
- C:\Windows\System\tfBXvZu.exe
  C:\Windows\System\tfBXvZu.exe
  2⤵
  PID:8452
- C:\Windows\System\RfhwDNs.exe
  C:\Windows\System\RfhwDNs.exe
  2⤵
  PID:8600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:9780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CUACQjA.exe

Filesize
2.1MB

MD5
bd0cb7ea502da3522660c18702486ba7

SHA1
2ed2d0dc67328e2f6fe31ae19c33f9c58150975a

SHA256
ec4167ab9f032038b857c578a70a5514b1f3775f99d7531b0f0774053e0c1a74

SHA512
3912b229df937a74a87ea4a0aae3292bc7f53bf0d2f84f2449fc236fce53210e263f68f87bf9ff124e40e2193717bbf10af9743b3d344c7d08cc0ce849540384

Download Submit
C:\Windows\System\GKNwlJI.exe

Filesize
2.1MB

MD5
a098e160b8d7cbe2c780f9ce110144c6

SHA1
5a51a8150409e190ea317b8fa61f7c098b0da539

SHA256
30bf359c2fc251d5b6b478d76eae97d80cd12bd646e064ab147f42c3375b3f8a

SHA512
a389f346f5103b2133f91a3884efc931114a19a689a1d2f9cea2d4382b56afe4dc6b9ab106312de09fe6b309f22d98284fb852a6680a519d43dbb397109035e6

Download Submit
C:\Windows\System\GyofLSU.exe

Filesize
2.1MB

MD5
7b05a086efb38b20080c27c1b3ddb306

SHA1
b40a4111ef53b2e704b2d601cd2673cdef90504c

SHA256
8706a2f000ea3a687afad32e1eab3574f83ce097278ce5be91b3e5d512f90bbf

SHA512
da9bd748c51ed680c3ca90929b79161c7200d4776fde2d199134733921a440387a340c7bdd3c5dce74b3b250d55c9c2698392b36309c7a29f45ccb9aa42d35d5

Download Submit
C:\Windows\System\HPkYVWb.exe

Filesize
2.1MB

MD5
46c4d66addb856532f62a66b2d973b00

SHA1
449fa588e8c87a1bd22e054b37be1cb8ef7d91e2

SHA256
4ed78d42231a3d5c3d236f225d0a2e5188e503efa0c2da426dee8e65ab9078ce

SHA512
51f0e15b148e46a3a0bad285a6e626e6d9c10e19874675221b61f113f8f297c77cc22b1d76efe439037af4470065295aca46644c525430964ae38d8a3d07162a

Download Submit
C:\Windows\System\JCZfLOy.exe

Filesize
2.1MB

MD5
31113150f98d6e4b697980cba9b7d515

SHA1
e2e0042994479f2bfabf41335bb0ccd5b25e9fd3

SHA256
50c705368c1d6ec8bc24c6ea7556c7683cc864d608af5c58724c560139698a02

SHA512
bbf4f5db55af81c3fedd2231ae50621c07c3e436e087bf9a5de3a272094f14d7575eaf195c136d15033e9998904d8570715a2ea97d4fd1f092c1dc0a42144eb0

Download Submit
C:\Windows\System\JTcCzDl.exe

Filesize
2.1MB

MD5
8ce80d391ae76b2d0a7bbb92e8ddd286

SHA1
b632f1a1aa0e41f6fb468210c8375395588d7674

SHA256
3f9fc493abd84f9a89384421782120d15d17fc480b9c215c55f267c6cba1fe74

SHA512
c9e396bf7492de4dd634fa42e1566950adfe5fca8ce3386de4a88cef516ef662afba2dcfc672d5cacccbb1d6e49d598c9b3c961010e921b6b8638704e7ca1570

Download Submit
C:\Windows\System\LJazSKU.exe

Filesize
2.1MB

MD5
96b9101fda8caa0c0fde7eb3ce4c5577

SHA1
1736cde9c895ac4db42f434b3ced8c4a18586e15

SHA256
b8e93841708dc1dcab22f941337bd79dbc0f1d31bac730eed2c810851909e9e4

SHA512
16e79496f383603da4ea1b1f7df106831a1c744a6b930554d4870c90967526f8477fa3a458c94529460b4c5eab29279f371d2bdcbb44b219fb2d2d4a4955b014

Download Submit
C:\Windows\System\OLlyqiS.exe

Filesize
2.1MB

MD5
7a088a5df4565bc7869d901f76c64aa2

SHA1
b7d2d3c2d61142a80913df226b27b7b1c512e039

SHA256
394454c1063d3885dfb1fdcf03114e21e489a7228e24dee44d61403179da2d73

SHA512
bbd8a6ed60e0b8af4f46e4701ef327768f33f2bfe9636f9a2c8a88f193b3fdfa72b1b6d095b9f67a660e5a4d658ade386a0b185622a859eeb2be193b2b9e25c7

Download Submit
C:\Windows\System\PFgEnVB.exe

Filesize
2.1MB

MD5
4113d8306b478f9a60c82b9f7abaad6b

SHA1
e4672e8c67cc5cba78171f376c5bb2e5d1487edd

SHA256
5f28d8bb68d3b73dfc7deb2c040a48774d1f83b212affa2e24448b092d2bfde5

SHA512
f14f4f5223e4caf2d811d087a5e7870da7ee5a1527fe1a5059bf79aa20ef97840c16a983761960030b588da6f53d79cb590b22c00ba1f780e529def4613b74b4

Download Submit
C:\Windows\System\QtUYowz.exe

Filesize
2.1MB

MD5
93ad467046e3e0d1f2e5dcbfcbf7c67f

SHA1
6f1ace86cf855feed29d1a6fee2159b325b3a4d5

SHA256
25fdbd7b410679967c9a848af7e48d9ae65755476ea226a94adc545c8698be3e

SHA512
3432a10914c17c575b354a7c12feb678934a9b583131fb6c5e754baaa7eecb4bef85a927397e7b14890edd9e2476c87bba61f93887f2699d2b2c89cf97884fee

Download Submit
C:\Windows\System\SOPUSvM.exe

Filesize
2.1MB

MD5
165ea926ebb06290f09b3da33070f18e

SHA1
1fd348a36f01dba2bcaa29c3c253a61d9ea1bb35

SHA256
2deff68a62383a49edcdda1d877b764ddd17b3c5da5d2f82fc242c9f091e22e5

SHA512
55544f824ca7f659c7fda0cc95745aaa5dd30571de838f1d1536a87456945e008adbb69668fde8901a018a9d35326a69cc4fd687c7d7e933ffa1836d1f65fe7d

Download Submit
C:\Windows\System\TSDaIAB.exe

Filesize
2.1MB

MD5
a33029de07273be53af5f6cd10e9d376

SHA1
7ea2d880036d2a2b6af7cb6e50b06cdf7fed2dd5

SHA256
2a6fc132ea4fee4c034559789efe8ef6bab5eb61fbb08211c2dc53ece2c585b1

SHA512
88995697c5c9158c8c6d6e79859358acb05b86b2a56f24e51926d28ad40410a6ea16ace65a73a8eeae8ba465ad0771bbeb0f9cf28ac7df6d978eaf99df2cbc11

Download Submit
C:\Windows\System\XcwOzhY.exe

Filesize
2.1MB

MD5
a4a47ef5e766bc74ff765040bd6df772

SHA1
50d5633076159d7307b6adaa1762275c4e6f983d

SHA256
198b6a42e8c21b8c207fe4cc4c42d83ccab50a72d74c4b42eadb61adface603a

SHA512
b8203c9feda90b5cbb1ef9412be73cb92d6c36ebdffa57cfc8c28e985761c666e919700244fb6c9df23a0f1098ae3c80b411764644a4afaabaac11e2df74fa5a

Download Submit
C:\Windows\System\YCqFkHJ.exe

Filesize
2.1MB

MD5
88d6929836d190b83187febae58ce301

SHA1
84273f18dba6bc7d96f5dfdea360b0a09313a278

SHA256
9afd4943485e3694cb06ce3930fa736186c32f63ebc9cbca38f6e70e61094d82

SHA512
9236b4783e00db4bee6c691e306f4415d82062988eaec64863049dc833566b584b80e7e479cc918b115a4294d86678ca3f1f26be4e5af5a1a55251c9198cbb53

Download Submit
C:\Windows\System\YNByvCQ.exe

Filesize
2.1MB

MD5
9c24f107146fa339ab6d972c4ab64498

SHA1
4e5d63d45bc7b580690b2ea331ddb98026b36ce6

SHA256
c85bc1f0a0b6da2fc31cf05a256a22ed2a2a540b9676b7664a7cb1671f194088

SHA512
d068b64ba29cd649b1a2761c0680209b9b75c78f2e8f4afeab7e6bf61452bc4220f06e5066e180ebb00df651066c6791980c658f5316e885fb4ce7f2810c599a

Download Submit
C:\Windows\System\aNrxeAq.exe

Filesize
2.1MB

MD5
3107508079a376833336f42f384bb482

SHA1
722b7d92beeb370640ebfd46fca070896d8151ff

SHA256
82236a7ca2e05a5cc867681a343f9d4f0b65473e867035d3742d965011afeb5a

SHA512
f99a24dd26c6c2980ac02488dd0ecc2180400c71eb0b54539607248f5179937a4241ea65cdcb918b8727dfbddac1eccb15d8704040c7a4987a0091ba80ddcbc4

Download Submit
C:\Windows\System\boVHisd.exe

Filesize
2.1MB

MD5
9ae0db31626a1d197d7b37aed70c09da

SHA1
1e3f177376d09da779a82edf9d59a6fbeeaa8336

SHA256
97cc6c7f1e679293efc8c392aa0f6678fed832ea0ac5572fb46b781b5462d08f

SHA512
1539cf717d37d4aad04cda2af046c144a5aa67f799d83935c50926e308239d4f902d4a295e7de06c298f069a0192acfc7c9721f994dfee2530f049b2d9cfa975

Download Submit
C:\Windows\System\erkaVBa.exe

Filesize
2.1MB

MD5
aa47f0bb6798be84b29b4c1bb50b4a4d

SHA1
1b7b5bf4dfa25f3c8c79bc62b2c286029d9fe9ed

SHA256
1332ef4908898d6178b22787e49bf90d4b03ec3551f185af548c53744d5c09f9

SHA512
6b617be25c3baf644c4c4d8f0ff36573e0f3c5b5f99bf95c0bc0145fae058c0bf29b2bdfacebcfa20bb1169cd55d423fe8dc29e301d60adddf8391eece48d47b

Download Submit
C:\Windows\System\foLuOMn.exe

Filesize
2.1MB

MD5
0021c7a72241ca94b4608cf7b145e2af

SHA1
a09deeda5c3f8bedcea426e5d5c3eaf546214d02

SHA256
594245cefd70bb347beddfb76c28e0cb96ebaa85c5a7e6e66828f4f815caead2

SHA512
564c291726c5f92e3803cd9ba8ee33341893d8f5b92de52ebbd6bcc196485860d244a63a24405797684d4d563ab13e0975f59e8b7fc21024140db4dabe8de22d

Download Submit
C:\Windows\System\gHTDsbs.exe

Filesize
2.1MB

MD5
92f1e99dabbede3a5fc8517f482db14a

SHA1
eb52b473739293ac5dfdbd730b13da4f2c6134a2

SHA256
2adf975926eb317293eb867a592b4d5042d488bbe80789f311f1b5aaa6ae70c7

SHA512
c73a6293fe36d7d34fe9fb39e82e0f29532c2c6d770b97816233d501fb6523dae2a70b75b7f03052287a2e8fcd85d686699f829ac895d2926566f4df30dfbd27

Download Submit
C:\Windows\System\gKvbpTg.exe

Filesize
2.1MB

MD5
30be28b6127c0a37453f74c12631bcca

SHA1
3c4ff07c3b0531b3195a3ddaa4c66ad9a197e457

SHA256
77fec05a6edc2d98e296cafb64228c1702304c31c2ae6b5ba09732fd5858d4f3

SHA512
6175d8dd9b2dd09ed9a7dfba78505437af3eb0509cd986632c300665c6c4c2bea110c80431d145fd5ff569c842261237208509e47a9eb5c7363fe7883913091a

Download Submit
C:\Windows\System\ggMSIeJ.exe

Filesize
2.1MB

MD5
7308b9bdce07f6e6352ea1d4ef57af22

SHA1
29b84409e25ebf13019fc955d0db0fccf60f1b72

SHA256
9a67b768af7f52e8c19bb103bd69ec67ca2c6cc19aa211495cb8f7b6f30d3baa

SHA512
31be143660381ab0fbfbbadd9db61bd5ce59df22b7e1d9713a07c252f330b5f34998788fd5f627353ebd9f5a54baed5da86d1846af7eb12171acf3396f07b10d

Download Submit
C:\Windows\System\kNDnrdL.exe

Filesize
2.1MB

MD5
579f780fe90a3d888f11962a3c1ab373

SHA1
2f07d308c956f20c5ef395a6c694bfcfeede68f1

SHA256
a472093d1a97a3b0d43c66db0044d6c9516f9cc88933a3c867f867ff91c3825b

SHA512
0df529aefe3bd10cc2ad106ed36a026c07451f77b579857e1ba6cf9d0977990777b5382cee6283d3763003372f5c0b3561b497964205c2ab8f16937da9aa87a5

Download Submit
C:\Windows\System\qgKOmoz.exe

Filesize
2.1MB

MD5
30a913ebc588d45014e583e2edaad5ed

SHA1
33a935cce683ec3fdaf44cca1a95a5d07564f183

SHA256
181a084d6d09aa61236609f0ccb6cf58cb4edff84f669f49df8091191467451c

SHA512
e9295ce11b0562920d241f412b6a8908d08613016d919d7da5771470a11eed91ed9b61a210aba235112369d0e9623923dd3569467773e62a39c6c96a6c6fb554

Download Submit
C:\Windows\System\rCeefwT.exe

Filesize
2.1MB

MD5
6622b6bafbc9982bbe96cb0ddcfaba10

SHA1
c3eebbb13fcec4bd2544044ff8a7b1bb1bfa5730

SHA256
bc581c008b99abce672983d1d17c101fdac6e7375344bed9bdc6f5d9f151c0d7

SHA512
82b6c6281fd2b25e67402988e8df3150f81e26590637ea8be72c15dc873ef5234dab1acba796e550d4136033b5d99caa7484ad22009472956d5a48e28d298381

Download Submit
C:\Windows\System\syYhZYc.exe

Filesize
2.1MB

MD5
d220e4de7b3bb139df264da006e6d3a0

SHA1
d5f9641a350df128ec8f717928931f55fcec3dd7

SHA256
0e6ab1e4ddb054b4e6ef3c451a9c640a2854afb1b256f7ce2ca35b08afbd8338

SHA512
3987ef0fbc1fc846594b75910d4ad28d08ca636efd90e89590a8dee45e566d39efddaa8cdadf1bbd678fbdd833c79f79eb4215f9136702806e2c7071120575ec

Download Submit
C:\Windows\System\ttqEdKv.exe

Filesize
2.1MB

MD5
6c918d457770f9e3c0925cd5f53fe977

SHA1
185aa7f420082e34d2d3d1fbdcd41230fb4adfbc

SHA256
4b262bf73d52458618e575566222c2b7d8542e3ca2613e359d26be5801fc06b4

SHA512
1997d45e633545f4c58cf2d0246b3d9f0b3fd85d295d80da3919d571e93520d44eea6a255e571f470f2bbf71b270b681a888b23e4961a8afb7ff5fbddbaf9f44

Download Submit
C:\Windows\System\vDgPRAe.exe

Filesize
2.1MB

MD5
28358337ad0990582e2b8172ee764d6c

SHA1
c33df061a1f4c3c665938950518396f46eef3212

SHA256
42662b70c6513cb832b717075bda3212d4bff0f489ae2ad74a54008b59493b35

SHA512
a516a81dc2344b82c2de5c4ff8d69071366fdcef1e9ed55a0e91aad3f880492b401d12dc227a8a1b863ab6fac1bb2f708bc625fca0bd12cd3d989f2dd429cd72

Download Submit
C:\Windows\System\wZiACKF.exe

Filesize
2.1MB

MD5
8e72f7f723793f273c70689d448b7a5e

SHA1
065568dd390a7b5e5f825b4159e572fba26299bf

SHA256
d4a36cef12e3d366ca221f09fb5abb80588bf749933aacf1c07ab1d479e3dc25

SHA512
3b031539a348814041ca46e6dff94311647f868a13414c2eb3418aa9a312f6006579d9271e2755e271be6e8445380ee771d612cc274ceb10e6f7b64e1d535070

Download Submit
C:\Windows\System\xvhpmGJ.exe

Filesize
2.1MB

MD5
b4fcfa85556d1b2cf849d53193ee6af8

SHA1
98fb426937f120bb6be6745b1a936391ff4682aa

SHA256
c62a2b2d7bffdc4063e703bf074a3f1fe25b1ff3047d55b651a9e773e4ce7e59

SHA512
810d7b4a3f60b88b89378b83d35d2ec43a384b06302404c27977c4ed127afe71cfe71f849653e89fec1867a8e459bd67664671541ee35412b541cb4fbd24e24c

Download Submit
C:\Windows\System\yhIFfpH.exe

Filesize
2.1MB

MD5
191a280720917793e420fcec8bafad5e

SHA1
b6d084e10f79d6aac9e2d624e4a262143bec7e9c

SHA256
9afd8d652750d97a65d08f7acfb3632e13ed19739e96b5f038de1d43d88934f5

SHA512
ed1726ff09ca4179dc576b05535b60a565aa6d6f68e0e8ba27e1a2847e3b1ffc8e715221f08c8955b3579aaff7f3660c8a6e69f6980e968d63ad550f0444d48d

Download Submit
C:\Windows\System\zhvzZSk.exe

Filesize
2.1MB

MD5
e1607b5f2140d8f2f6a83a6357bfdc08

SHA1
a971f8e30aff08a0c0ac66575b352e7a55fb799f

SHA256
bd2a6945a081597753989000afedc2230da2b261309fed78c32ec657c1271ca2

SHA512
142cc8600c5467705cc05b52a675f2cf85bd241db41adce2e3ff33ec7c4573d3a5310836c7f0cb3bf0c0d216542295a0cc44c11a846f379982e599717b35c588

Download Submit
memory/628-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download