kpot | b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
Size

2.1MB
MD5

3c9e4cbc505d9a92c718873c95b54940
SHA1

66e653d63148ddfe38be6d949df32332c6a4f0cf
SHA256

b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767
SHA512

32e1ff1e49118c3bf626a059860dce26ff4e518066fb0f6981f35225ce3beb1b8ba3cebe51ad8708138808bebf0d5202af1865b3f2d585cc69bc518053d5d520
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2rM:GemTLkNdfE0pZaQo

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 33 IoCs

resource	yara_rule
behavioral2/files/0x000a000000023458-4.dat	family_kpot
behavioral2/files/0x000700000002345e-8.dat	family_kpot
behavioral2/files/0x000700000002345d-9.dat	family_kpot
behavioral2/files/0x000700000002345f-20.dat	family_kpot
behavioral2/files/0x0007000000023462-38.dat	family_kpot
behavioral2/files/0x0007000000023463-42.dat	family_kpot
behavioral2/files/0x0007000000023465-53.dat	family_kpot
behavioral2/files/0x0007000000023467-59.dat	family_kpot
behavioral2/files/0x0007000000023469-73.dat	family_kpot
behavioral2/files/0x0007000000023471-107.dat	family_kpot
behavioral2/files/0x0007000000023474-122.dat	family_kpot
behavioral2/files/0x0007000000023477-137.dat	family_kpot
behavioral2/files/0x0007000000023479-155.dat	family_kpot
behavioral2/files/0x000700000002347c-162.dat	family_kpot
behavioral2/files/0x000700000002347a-160.dat	family_kpot
behavioral2/files/0x000700000002347b-157.dat	family_kpot
behavioral2/files/0x0007000000023478-150.dat	family_kpot
behavioral2/files/0x0007000000023476-140.dat	family_kpot
behavioral2/files/0x0007000000023475-135.dat	family_kpot
behavioral2/files/0x0007000000023473-125.dat	family_kpot
behavioral2/files/0x0007000000023472-120.dat	family_kpot
behavioral2/files/0x0007000000023470-110.dat	family_kpot
behavioral2/files/0x000700000002346f-105.dat	family_kpot
behavioral2/files/0x000700000002346e-100.dat	family_kpot
behavioral2/files/0x000700000002346d-95.dat	family_kpot
behavioral2/files/0x000700000002346c-90.dat	family_kpot
behavioral2/files/0x000700000002346b-85.dat	family_kpot
behavioral2/files/0x000700000002346a-77.dat	family_kpot
behavioral2/files/0x0007000000023468-67.dat	family_kpot
behavioral2/files/0x0007000000023466-57.dat	family_kpot
behavioral2/files/0x0007000000023464-48.dat	family_kpot
behavioral2/files/0x0007000000023461-32.dat	family_kpot
behavioral2/files/0x0007000000023460-24.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a000000023458-4.dat	xmrig
behavioral2/files/0x000700000002345e-8.dat	xmrig
behavioral2/files/0x000700000002345d-9.dat	xmrig
behavioral2/files/0x000700000002345f-20.dat	xmrig
behavioral2/files/0x0007000000023462-38.dat	xmrig
behavioral2/files/0x0007000000023463-42.dat	xmrig
behavioral2/files/0x0007000000023465-53.dat	xmrig
behavioral2/files/0x0007000000023467-59.dat	xmrig
behavioral2/files/0x0007000000023469-73.dat	xmrig
behavioral2/files/0x0007000000023471-107.dat	xmrig
behavioral2/files/0x0007000000023474-122.dat	xmrig
behavioral2/files/0x0007000000023477-137.dat	xmrig
behavioral2/files/0x0007000000023479-155.dat	xmrig
behavioral2/files/0x000700000002347c-162.dat	xmrig
behavioral2/files/0x000700000002347a-160.dat	xmrig
behavioral2/files/0x000700000002347b-157.dat	xmrig
behavioral2/files/0x0007000000023478-150.dat	xmrig
behavioral2/files/0x0007000000023476-140.dat	xmrig
behavioral2/files/0x0007000000023475-135.dat	xmrig
behavioral2/files/0x0007000000023473-125.dat	xmrig
behavioral2/files/0x0007000000023472-120.dat	xmrig
behavioral2/files/0x0007000000023470-110.dat	xmrig
behavioral2/files/0x000700000002346f-105.dat	xmrig
behavioral2/files/0x000700000002346e-100.dat	xmrig
behavioral2/files/0x000700000002346d-95.dat	xmrig
behavioral2/files/0x000700000002346c-90.dat	xmrig
behavioral2/files/0x000700000002346b-85.dat	xmrig
behavioral2/files/0x000700000002346a-77.dat	xmrig
behavioral2/files/0x0007000000023468-67.dat	xmrig
behavioral2/files/0x0007000000023466-57.dat	xmrig
behavioral2/files/0x0007000000023464-48.dat	xmrig
behavioral2/files/0x0007000000023461-32.dat	xmrig
behavioral2/files/0x0007000000023460-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3780	kumoQyY.exe
884	UkmZlXx.exe
3060	fcayNcJ.exe
4660	fVqzRJs.exe
3836	LxuTBJN.exe
5076	eZctXZt.exe
440	SPKKEmV.exe
1332	PcObEGQ.exe
1032	GdsarBS.exe
448	BpQwcne.exe
2216	krJlPZb.exe
4064	ArEuAOr.exe
2816	vLqvXpf.exe
3120	wjUWBvs.exe
436	snnjnjm.exe
1200	CTHEERS.exe
1448	BtsFidW.exe
2460	glmDUKg.exe
3196	ehVYeSg.exe
2020	ZqdoSPX.exe
1392	TiJPuOG.exe
2284	RnnUlXh.exe
4592	UUCMZyJ.exe
3124	QBKSAJM.exe
3968	bVoDNsu.exe
624	rNOzGgo.exe
1044	lbbGYue.exe
880	qMbxlwX.exe
2820	emPVfYF.exe
1792	UWhfgIi.exe
4536	SbcgFwb.exe
4168	hzMqiHO.exe
2428	JJOWCkp.exe
4036	PVlunTF.exe
1968	pAraKRj.exe
2052	IBoykTr.exe
4648	tMmQWQP.exe
1716	QWLJXHv.exe
4516	kjYjgzp.exe
960	PQJmoVP.exe
2764	xyOwwgN.exe
452	FiwNCVU.exe
1580	KhWhJhS.exe
3708	oTilMYB.exe
716	IRIBnfs.exe
1552	EmBYAbf.exe
2804	uOeiont.exe
3972	jynHIQP.exe
4328	PjXMAQI.exe
2640	ECRhyNO.exe
1160	pHMDoTh.exe
4220	waXtqnr.exe
4852	BkCzKqj.exe
2352	bKFyNiM.exe
2328	zkkYlbm.exe
4364	UORGeuW.exe
1052	VOwkpAM.exe
4556	UABXheX.exe
4920	aXrYOzN.exe
4908	BXzqGbR.exe
4228	HCPQiyQ.exe
3996	gLOVEge.exe
4876	RJuMeef.exe
4956	OFMkVHp.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PjXMAQI.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\svNCtZM.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\lbbGYue.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\pJrWvBP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\jpvIndv.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\mDwfCGM.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\DptleCP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\BqDbTsI.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\eBcToIO.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\HXaJbXb.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\VfIBNYs.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\tBkHhFp.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\tMmQWQP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\HCPQiyQ.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\RJuMeef.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\uwGJRZM.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\xkxNala.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\vLqvXpf.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\EywjUTs.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\pbsOYzm.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\fJlXjXT.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\UZnfheN.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\CRkdVBe.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\MFRyQgU.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\HhPyEfG.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\HklAmgH.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\zkkYlbm.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\VQXxnkl.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\giUsowC.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\QacPcnv.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\MtdMBId.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\QIVbmnu.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\BtzFcaa.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\MoWTDmp.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\cKXuMZx.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\JfISdyA.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\gDNbvIZ.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\FUYMijm.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\GfOhxom.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\cMRSTIv.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\vGkmgSW.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\zjPAhUu.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\iPVrySb.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\oeWppqd.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\dRHZVOL.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\bMUZCiJ.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\BObnTLP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\SOWHotn.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\PcObEGQ.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\EmBYAbf.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\XvxdcOY.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\zOlLmnh.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\bQCqEaX.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\xQcLqvd.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\PQJmoVP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\tMWGnlM.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\ogBpwoD.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\drbGGcI.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\tHiieBC.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\HwWcWsK.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\fJjrhbT.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\LdiCoHJ.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\ECRhyNO.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
File created	C:\Windows\System\sbJBpUP.exe	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3780	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	84
PID 1972 wrote to memory of 3780	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	84
PID 1972 wrote to memory of 884	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	85
PID 1972 wrote to memory of 884	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	85
PID 1972 wrote to memory of 3060	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	86
PID 1972 wrote to memory of 3060	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	86
PID 1972 wrote to memory of 4660	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	87
PID 1972 wrote to memory of 4660	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	87
PID 1972 wrote to memory of 3836	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	88
PID 1972 wrote to memory of 3836	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	88
PID 1972 wrote to memory of 5076	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	89
PID 1972 wrote to memory of 5076	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	89
PID 1972 wrote to memory of 440	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	90
PID 1972 wrote to memory of 440	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	90
PID 1972 wrote to memory of 1332	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	91
PID 1972 wrote to memory of 1332	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	91
PID 1972 wrote to memory of 1032	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	92
PID 1972 wrote to memory of 1032	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	92
PID 1972 wrote to memory of 448	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	93
PID 1972 wrote to memory of 448	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	93
PID 1972 wrote to memory of 2216	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	94
PID 1972 wrote to memory of 2216	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	94
PID 1972 wrote to memory of 4064	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	95
PID 1972 wrote to memory of 4064	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	95
PID 1972 wrote to memory of 2816	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	96
PID 1972 wrote to memory of 2816	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	96
PID 1972 wrote to memory of 3120	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	97
PID 1972 wrote to memory of 3120	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	97
PID 1972 wrote to memory of 436	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	98
PID 1972 wrote to memory of 436	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	98
PID 1972 wrote to memory of 1200	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	99
PID 1972 wrote to memory of 1200	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	99
PID 1972 wrote to memory of 1448	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	100
PID 1972 wrote to memory of 1448	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	100
PID 1972 wrote to memory of 2460	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	101
PID 1972 wrote to memory of 2460	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	101
PID 1972 wrote to memory of 3196	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	102
PID 1972 wrote to memory of 3196	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	102
PID 1972 wrote to memory of 2020	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	103
PID 1972 wrote to memory of 2020	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	103
PID 1972 wrote to memory of 1392	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	104
PID 1972 wrote to memory of 1392	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	104
PID 1972 wrote to memory of 2284	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	105
PID 1972 wrote to memory of 2284	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	105
PID 1972 wrote to memory of 4592	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	106
PID 1972 wrote to memory of 4592	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	106
PID 1972 wrote to memory of 3124	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	107
PID 1972 wrote to memory of 3124	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	107
PID 1972 wrote to memory of 3968	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	108
PID 1972 wrote to memory of 3968	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	108
PID 1972 wrote to memory of 624	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	109
PID 1972 wrote to memory of 624	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	109
PID 1972 wrote to memory of 1044	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	110
PID 1972 wrote to memory of 1044	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	110
PID 1972 wrote to memory of 880	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	111
PID 1972 wrote to memory of 880	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	111
PID 1972 wrote to memory of 2820	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	112
PID 1972 wrote to memory of 2820	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	112
PID 1972 wrote to memory of 1792	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	113
PID 1972 wrote to memory of 1792	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	113
PID 1972 wrote to memory of 4536	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	114
PID 1972 wrote to memory of 4536	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	114
PID 1972 wrote to memory of 4168	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	115
PID 1972 wrote to memory of 4168	1972	b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b20622019fb53e6dd3ee9729059854f3b977c556e9d39969a508a54c5021f767_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\System\kumoQyY.exe
  C:\Windows\System\kumoQyY.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\UkmZlXx.exe
  C:\Windows\System\UkmZlXx.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\fcayNcJ.exe
  C:\Windows\System\fcayNcJ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\fVqzRJs.exe
  C:\Windows\System\fVqzRJs.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\LxuTBJN.exe
  C:\Windows\System\LxuTBJN.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\eZctXZt.exe
  C:\Windows\System\eZctXZt.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\SPKKEmV.exe
  C:\Windows\System\SPKKEmV.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\PcObEGQ.exe
  C:\Windows\System\PcObEGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\GdsarBS.exe
  C:\Windows\System\GdsarBS.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\BpQwcne.exe
  C:\Windows\System\BpQwcne.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\krJlPZb.exe
  C:\Windows\System\krJlPZb.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ArEuAOr.exe
  C:\Windows\System\ArEuAOr.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\vLqvXpf.exe
  C:\Windows\System\vLqvXpf.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\wjUWBvs.exe
  C:\Windows\System\wjUWBvs.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\snnjnjm.exe
  C:\Windows\System\snnjnjm.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\CTHEERS.exe
  C:\Windows\System\CTHEERS.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\BtsFidW.exe
  C:\Windows\System\BtsFidW.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\glmDUKg.exe
  C:\Windows\System\glmDUKg.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ehVYeSg.exe
  C:\Windows\System\ehVYeSg.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\ZqdoSPX.exe
  C:\Windows\System\ZqdoSPX.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\TiJPuOG.exe
  C:\Windows\System\TiJPuOG.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\RnnUlXh.exe
  C:\Windows\System\RnnUlXh.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\UUCMZyJ.exe
  C:\Windows\System\UUCMZyJ.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\QBKSAJM.exe
  C:\Windows\System\QBKSAJM.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\bVoDNsu.exe
  C:\Windows\System\bVoDNsu.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\rNOzGgo.exe
  C:\Windows\System\rNOzGgo.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\lbbGYue.exe
  C:\Windows\System\lbbGYue.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\qMbxlwX.exe
  C:\Windows\System\qMbxlwX.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\emPVfYF.exe
  C:\Windows\System\emPVfYF.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\UWhfgIi.exe
  C:\Windows\System\UWhfgIi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\SbcgFwb.exe
  C:\Windows\System\SbcgFwb.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\hzMqiHO.exe
  C:\Windows\System\hzMqiHO.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\JJOWCkp.exe
  C:\Windows\System\JJOWCkp.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\PVlunTF.exe
  C:\Windows\System\PVlunTF.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\pAraKRj.exe
  C:\Windows\System\pAraKRj.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\IBoykTr.exe
  C:\Windows\System\IBoykTr.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\tMmQWQP.exe
  C:\Windows\System\tMmQWQP.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\QWLJXHv.exe
  C:\Windows\System\QWLJXHv.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\kjYjgzp.exe
  C:\Windows\System\kjYjgzp.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\PQJmoVP.exe
  C:\Windows\System\PQJmoVP.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\xyOwwgN.exe
  C:\Windows\System\xyOwwgN.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\FiwNCVU.exe
  C:\Windows\System\FiwNCVU.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\KhWhJhS.exe
  C:\Windows\System\KhWhJhS.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\oTilMYB.exe
  C:\Windows\System\oTilMYB.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\IRIBnfs.exe
  C:\Windows\System\IRIBnfs.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\EmBYAbf.exe
  C:\Windows\System\EmBYAbf.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\uOeiont.exe
  C:\Windows\System\uOeiont.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\jynHIQP.exe
  C:\Windows\System\jynHIQP.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\PjXMAQI.exe
  C:\Windows\System\PjXMAQI.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ECRhyNO.exe
  C:\Windows\System\ECRhyNO.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\pHMDoTh.exe
  C:\Windows\System\pHMDoTh.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\waXtqnr.exe
  C:\Windows\System\waXtqnr.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\BkCzKqj.exe
  C:\Windows\System\BkCzKqj.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\bKFyNiM.exe
  C:\Windows\System\bKFyNiM.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\zkkYlbm.exe
  C:\Windows\System\zkkYlbm.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UORGeuW.exe
  C:\Windows\System\UORGeuW.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\VOwkpAM.exe
  C:\Windows\System\VOwkpAM.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\UABXheX.exe
  C:\Windows\System\UABXheX.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\aXrYOzN.exe
  C:\Windows\System\aXrYOzN.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\BXzqGbR.exe
  C:\Windows\System\BXzqGbR.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\HCPQiyQ.exe
  C:\Windows\System\HCPQiyQ.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\gLOVEge.exe
  C:\Windows\System\gLOVEge.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\RJuMeef.exe
  C:\Windows\System\RJuMeef.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\OFMkVHp.exe
  C:\Windows\System\OFMkVHp.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\IwqQQdd.exe
  C:\Windows\System\IwqQQdd.exe
  2⤵
  PID:3936
- C:\Windows\System\jUyzkOW.exe
  C:\Windows\System\jUyzkOW.exe
  2⤵
  PID:4612
- C:\Windows\System\bTuzGiq.exe
  C:\Windows\System\bTuzGiq.exe
  2⤵
  PID:3920
- C:\Windows\System\kTdJUNn.exe
  C:\Windows\System\kTdJUNn.exe
  2⤵
  PID:1860
- C:\Windows\System\fGToiJq.exe
  C:\Windows\System\fGToiJq.exe
  2⤵
  PID:628
- C:\Windows\System\MFRyQgU.exe
  C:\Windows\System\MFRyQgU.exe
  2⤵
  PID:1572
- C:\Windows\System\zsObjPW.exe
  C:\Windows\System\zsObjPW.exe
  2⤵
  PID:5104
- C:\Windows\System\eBcToIO.exe
  C:\Windows\System\eBcToIO.exe
  2⤵
  PID:1648
- C:\Windows\System\DvOvrOL.exe
  C:\Windows\System\DvOvrOL.exe
  2⤵
  PID:3508
- C:\Windows\System\BQLYDMI.exe
  C:\Windows\System\BQLYDMI.exe
  2⤵
  PID:1136
- C:\Windows\System\cKJxUkA.exe
  C:\Windows\System\cKJxUkA.exe
  2⤵
  PID:3608
- C:\Windows\System\pAoqHrp.exe
  C:\Windows\System\pAoqHrp.exe
  2⤵
  PID:816
- C:\Windows\System\iPVrySb.exe
  C:\Windows\System\iPVrySb.exe
  2⤵
  PID:1016
- C:\Windows\System\eCDPRPp.exe
  C:\Windows\System\eCDPRPp.exe
  2⤵
  PID:5020
- C:\Windows\System\cKXuMZx.exe
  C:\Windows\System\cKXuMZx.exe
  2⤵
  PID:4944
- C:\Windows\System\uiaExjC.exe
  C:\Windows\System\uiaExjC.exe
  2⤵
  PID:5156
- C:\Windows\System\AewWcYS.exe
  C:\Windows\System\AewWcYS.exe
  2⤵
  PID:5188
- C:\Windows\System\tFlvYmD.exe
  C:\Windows\System\tFlvYmD.exe
  2⤵
  PID:5216
- C:\Windows\System\JifECSR.exe
  C:\Windows\System\JifECSR.exe
  2⤵
  PID:5240
- C:\Windows\System\jzfIYRn.exe
  C:\Windows\System\jzfIYRn.exe
  2⤵
  PID:5272
- C:\Windows\System\oeWppqd.exe
  C:\Windows\System\oeWppqd.exe
  2⤵
  PID:5296
- C:\Windows\System\eKSijac.exe
  C:\Windows\System\eKSijac.exe
  2⤵
  PID:5324
- C:\Windows\System\pJrWvBP.exe
  C:\Windows\System\pJrWvBP.exe
  2⤵
  PID:5352
- C:\Windows\System\gxzjTns.exe
  C:\Windows\System\gxzjTns.exe
  2⤵
  PID:5380
- C:\Windows\System\MAwjISL.exe
  C:\Windows\System\MAwjISL.exe
  2⤵
  PID:5408
- C:\Windows\System\VxWilKJ.exe
  C:\Windows\System\VxWilKJ.exe
  2⤵
  PID:5436
- C:\Windows\System\zjPAhUu.exe
  C:\Windows\System\zjPAhUu.exe
  2⤵
  PID:5468
- C:\Windows\System\DmJfeKm.exe
  C:\Windows\System\DmJfeKm.exe
  2⤵
  PID:5492
- C:\Windows\System\TKztKWf.exe
  C:\Windows\System\TKztKWf.exe
  2⤵
  PID:5524
- C:\Windows\System\JWeqbag.exe
  C:\Windows\System\JWeqbag.exe
  2⤵
  PID:5552
- C:\Windows\System\ppBwgGV.exe
  C:\Windows\System\ppBwgGV.exe
  2⤵
  PID:5576
- C:\Windows\System\OpefWFX.exe
  C:\Windows\System\OpefWFX.exe
  2⤵
  PID:5604
- C:\Windows\System\tMWGnlM.exe
  C:\Windows\System\tMWGnlM.exe
  2⤵
  PID:5636
- C:\Windows\System\XvxdcOY.exe
  C:\Windows\System\XvxdcOY.exe
  2⤵
  PID:5660
- C:\Windows\System\yNQABOO.exe
  C:\Windows\System\yNQABOO.exe
  2⤵
  PID:5688
- C:\Windows\System\NxDTEyT.exe
  C:\Windows\System\NxDTEyT.exe
  2⤵
  PID:5720
- C:\Windows\System\tBToLtV.exe
  C:\Windows\System\tBToLtV.exe
  2⤵
  PID:5748
- C:\Windows\System\qyYmtYn.exe
  C:\Windows\System\qyYmtYn.exe
  2⤵
  PID:5772
- C:\Windows\System\CqyBCQl.exe
  C:\Windows\System\CqyBCQl.exe
  2⤵
  PID:5800
- C:\Windows\System\HvsztWz.exe
  C:\Windows\System\HvsztWz.exe
  2⤵
  PID:5828
- C:\Windows\System\IfOEzxR.exe
  C:\Windows\System\IfOEzxR.exe
  2⤵
  PID:5856
- C:\Windows\System\XhesEfa.exe
  C:\Windows\System\XhesEfa.exe
  2⤵
  PID:5888
- C:\Windows\System\tUNgVaH.exe
  C:\Windows\System\tUNgVaH.exe
  2⤵
  PID:5912
- C:\Windows\System\LvNvGES.exe
  C:\Windows\System\LvNvGES.exe
  2⤵
  PID:5940
- C:\Windows\System\ogBpwoD.exe
  C:\Windows\System\ogBpwoD.exe
  2⤵
  PID:5968
- C:\Windows\System\IFKnfIX.exe
  C:\Windows\System\IFKnfIX.exe
  2⤵
  PID:5996
- C:\Windows\System\dOOtTzR.exe
  C:\Windows\System\dOOtTzR.exe
  2⤵
  PID:6024
- C:\Windows\System\jWNvRLP.exe
  C:\Windows\System\jWNvRLP.exe
  2⤵
  PID:6052
- C:\Windows\System\OqrluRC.exe
  C:\Windows\System\OqrluRC.exe
  2⤵
  PID:6084
- C:\Windows\System\pBmWucQ.exe
  C:\Windows\System\pBmWucQ.exe
  2⤵
  PID:6108
- C:\Windows\System\AWXoFOc.exe
  C:\Windows\System\AWXoFOc.exe
  2⤵
  PID:6136
- C:\Windows\System\NMhtNIE.exe
  C:\Windows\System\NMhtNIE.exe
  2⤵
  PID:5088
- C:\Windows\System\UwxUpHN.exe
  C:\Windows\System\UwxUpHN.exe
  2⤵
  PID:3360
- C:\Windows\System\EywjUTs.exe
  C:\Windows\System\EywjUTs.exe
  2⤵
  PID:4372
- C:\Windows\System\dRHZVOL.exe
  C:\Windows\System\dRHZVOL.exe
  2⤵
  PID:1532
- C:\Windows\System\spEVzwQ.exe
  C:\Windows\System\spEVzwQ.exe
  2⤵
  PID:4604
- C:\Windows\System\UketSas.exe
  C:\Windows\System\UketSas.exe
  2⤵
  PID:4052
- C:\Windows\System\QYQgwJI.exe
  C:\Windows\System\QYQgwJI.exe
  2⤵
  PID:5200
- C:\Windows\System\ObqBABW.exe
  C:\Windows\System\ObqBABW.exe
  2⤵
  PID:5256
- C:\Windows\System\UAoKqVe.exe
  C:\Windows\System\UAoKqVe.exe
  2⤵
  PID:5316
- C:\Windows\System\VQXxnkl.exe
  C:\Windows\System\VQXxnkl.exe
  2⤵
  PID:5396
- C:\Windows\System\wqhqlqb.exe
  C:\Windows\System\wqhqlqb.exe
  2⤵
  PID:5456
- C:\Windows\System\nsXwCiO.exe
  C:\Windows\System\nsXwCiO.exe
  2⤵
  PID:5540
- C:\Windows\System\CvdksKe.exe
  C:\Windows\System\CvdksKe.exe
  2⤵
  PID:5592
- C:\Windows\System\bsJHVAV.exe
  C:\Windows\System\bsJHVAV.exe
  2⤵
  PID:5652
- C:\Windows\System\jpvIndv.exe
  C:\Windows\System\jpvIndv.exe
  2⤵
  PID:5712
- C:\Windows\System\MaZebtv.exe
  C:\Windows\System\MaZebtv.exe
  2⤵
  PID:5768
- C:\Windows\System\YBMywmo.exe
  C:\Windows\System\YBMywmo.exe
  2⤵
  PID:5844
- C:\Windows\System\ZrnziDL.exe
  C:\Windows\System\ZrnziDL.exe
  2⤵
  PID:5908
- C:\Windows\System\dSnSiDB.exe
  C:\Windows\System\dSnSiDB.exe
  2⤵
  PID:5964
- C:\Windows\System\HHBHvMC.exe
  C:\Windows\System\HHBHvMC.exe
  2⤵
  PID:6040
- C:\Windows\System\aqExLlv.exe
  C:\Windows\System\aqExLlv.exe
  2⤵
  PID:6100
- C:\Windows\System\gIYgdkK.exe
  C:\Windows\System\gIYgdkK.exe
  2⤵
  PID:1780
- C:\Windows\System\yrUJZHS.exe
  C:\Windows\System\yrUJZHS.exe
  2⤵
  PID:3988
- C:\Windows\System\NFyacTW.exe
  C:\Windows\System\NFyacTW.exe
  2⤵
  PID:5148
- C:\Windows\System\yklOvUN.exe
  C:\Windows\System\yklOvUN.exe
  2⤵
  PID:5232
- C:\Windows\System\vsjzkuU.exe
  C:\Windows\System\vsjzkuU.exe
  2⤵
  PID:5372
- C:\Windows\System\EXeUvZR.exe
  C:\Windows\System\EXeUvZR.exe
  2⤵
  PID:5536
- C:\Windows\System\fbrabzW.exe
  C:\Windows\System\fbrabzW.exe
  2⤵
  PID:5680
- C:\Windows\System\gdbnpkK.exe
  C:\Windows\System\gdbnpkK.exe
  2⤵
  PID:5820
- C:\Windows\System\zOlLmnh.exe
  C:\Windows\System\zOlLmnh.exe
  2⤵
  PID:5992
- C:\Windows\System\SGDMqVX.exe
  C:\Windows\System\SGDMqVX.exe
  2⤵
  PID:6076
- C:\Windows\System\yfYacwm.exe
  C:\Windows\System\yfYacwm.exe
  2⤵
  PID:6168
- C:\Windows\System\giUsowC.exe
  C:\Windows\System\giUsowC.exe
  2⤵
  PID:6200
- C:\Windows\System\WnkYQEj.exe
  C:\Windows\System\WnkYQEj.exe
  2⤵
  PID:6228
- C:\Windows\System\mDwfCGM.exe
  C:\Windows\System\mDwfCGM.exe
  2⤵
  PID:6256
- C:\Windows\System\gstotHL.exe
  C:\Windows\System\gstotHL.exe
  2⤵
  PID:6284
- C:\Windows\System\drbGGcI.exe
  C:\Windows\System\drbGGcI.exe
  2⤵
  PID:6308
- C:\Windows\System\wpXOnxX.exe
  C:\Windows\System\wpXOnxX.exe
  2⤵
  PID:6340
- C:\Windows\System\HhPyEfG.exe
  C:\Windows\System\HhPyEfG.exe
  2⤵
  PID:6368
- C:\Windows\System\HklAmgH.exe
  C:\Windows\System\HklAmgH.exe
  2⤵
  PID:6392
- C:\Windows\System\oqIZocG.exe
  C:\Windows\System\oqIZocG.exe
  2⤵
  PID:6420
- C:\Windows\System\tPMwYTG.exe
  C:\Windows\System\tPMwYTG.exe
  2⤵
  PID:6452
- C:\Windows\System\nsTFKAM.exe
  C:\Windows\System\nsTFKAM.exe
  2⤵
  PID:6480
- C:\Windows\System\HSBsQxe.exe
  C:\Windows\System\HSBsQxe.exe
  2⤵
  PID:6508
- C:\Windows\System\UcFmBag.exe
  C:\Windows\System\UcFmBag.exe
  2⤵
  PID:6524
- C:\Windows\System\gKxlEmU.exe
  C:\Windows\System\gKxlEmU.exe
  2⤵
  PID:6556
- C:\Windows\System\QacPcnv.exe
  C:\Windows\System\QacPcnv.exe
  2⤵
  PID:6588
- C:\Windows\System\zPAQMtV.exe
  C:\Windows\System\zPAQMtV.exe
  2⤵
  PID:6616
- C:\Windows\System\AgVUVpx.exe
  C:\Windows\System\AgVUVpx.exe
  2⤵
  PID:6644
- C:\Windows\System\tHiieBC.exe
  C:\Windows\System\tHiieBC.exe
  2⤵
  PID:6672
- C:\Windows\System\blGGnCt.exe
  C:\Windows\System\blGGnCt.exe
  2⤵
  PID:6704
- C:\Windows\System\AlDHJeI.exe
  C:\Windows\System\AlDHJeI.exe
  2⤵
  PID:6728
- C:\Windows\System\wqdtOef.exe
  C:\Windows\System\wqdtOef.exe
  2⤵
  PID:6756
- C:\Windows\System\OgOaPPL.exe
  C:\Windows\System\OgOaPPL.exe
  2⤵
  PID:6784
- C:\Windows\System\WtSIKMY.exe
  C:\Windows\System\WtSIKMY.exe
  2⤵
  PID:6816
- C:\Windows\System\MMGIReE.exe
  C:\Windows\System\MMGIReE.exe
  2⤵
  PID:6840
- C:\Windows\System\tCwoEiV.exe
  C:\Windows\System\tCwoEiV.exe
  2⤵
  PID:6868
- C:\Windows\System\pbsOYzm.exe
  C:\Windows\System\pbsOYzm.exe
  2⤵
  PID:6900
- C:\Windows\System\zOPxPGK.exe
  C:\Windows\System\zOPxPGK.exe
  2⤵
  PID:6924
- C:\Windows\System\oZZoyAP.exe
  C:\Windows\System\oZZoyAP.exe
  2⤵
  PID:6952
- C:\Windows\System\vxVsZGr.exe
  C:\Windows\System\vxVsZGr.exe
  2⤵
  PID:6980
- C:\Windows\System\rLUONme.exe
  C:\Windows\System\rLUONme.exe
  2⤵
  PID:7008
- C:\Windows\System\bMUZCiJ.exe
  C:\Windows\System\bMUZCiJ.exe
  2⤵
  PID:7040
- C:\Windows\System\lqFnNgr.exe
  C:\Windows\System\lqFnNgr.exe
  2⤵
  PID:7064
- C:\Windows\System\uwGJRZM.exe
  C:\Windows\System\uwGJRZM.exe
  2⤵
  PID:7092
- C:\Windows\System\pJiyLmP.exe
  C:\Windows\System\pJiyLmP.exe
  2⤵
  PID:7160
- C:\Windows\System\HBPBEht.exe
  C:\Windows\System\HBPBEht.exe
  2⤵
  PID:5176
- C:\Windows\System\KgnoHBG.exe
  C:\Windows\System\KgnoHBG.exe
  2⤵
  PID:5624
- C:\Windows\System\OEMoLIF.exe
  C:\Windows\System\OEMoLIF.exe
  2⤵
  PID:5956
- C:\Windows\System\qhYBsaH.exe
  C:\Windows\System\qhYBsaH.exe
  2⤵
  PID:6160
- C:\Windows\System\eVlLOvt.exe
  C:\Windows\System\eVlLOvt.exe
  2⤵
  PID:6212
- C:\Windows\System\EcLYMny.exe
  C:\Windows\System\EcLYMny.exe
  2⤵
  PID:3800
- C:\Windows\System\qMAxjXm.exe
  C:\Windows\System\qMAxjXm.exe
  2⤵
  PID:6300
- C:\Windows\System\HwWcWsK.exe
  C:\Windows\System\HwWcWsK.exe
  2⤵
  PID:6360
- C:\Windows\System\WEMiTpe.exe
  C:\Windows\System\WEMiTpe.exe
  2⤵
  PID:6472
- C:\Windows\System\AnIIKjc.exe
  C:\Windows\System\AnIIKjc.exe
  2⤵
  PID:6500
- C:\Windows\System\KqMyPAb.exe
  C:\Windows\System\KqMyPAb.exe
  2⤵
  PID:6548
- C:\Windows\System\qLpbore.exe
  C:\Windows\System\qLpbore.exe
  2⤵
  PID:6632
- C:\Windows\System\cuvaAtt.exe
  C:\Windows\System\cuvaAtt.exe
  2⤵
  PID:6688
- C:\Windows\System\DaRiHQc.exe
  C:\Windows\System\DaRiHQc.exe
  2⤵
  PID:6720
- C:\Windows\System\fJjrhbT.exe
  C:\Windows\System\fJjrhbT.exe
  2⤵
  PID:6780
- C:\Windows\System\MtdMBId.exe
  C:\Windows\System\MtdMBId.exe
  2⤵
  PID:6808
- C:\Windows\System\ifJCdgg.exe
  C:\Windows\System\ifJCdgg.exe
  2⤵
  PID:6860
- C:\Windows\System\uwBnlrI.exe
  C:\Windows\System\uwBnlrI.exe
  2⤵
  PID:6916
- C:\Windows\System\XEeIpUJ.exe
  C:\Windows\System\XEeIpUJ.exe
  2⤵
  PID:6968
- C:\Windows\System\HXaJbXb.exe
  C:\Windows\System\HXaJbXb.exe
  2⤵
  PID:6996
- C:\Windows\System\gLMVeVd.exe
  C:\Windows\System\gLMVeVd.exe
  2⤵
  PID:1004
- C:\Windows\System\bxiRTsL.exe
  C:\Windows\System\bxiRTsL.exe
  2⤵
  PID:4892
- C:\Windows\System\SKxapqv.exe
  C:\Windows\System\SKxapqv.exe
  2⤵
  PID:4560
- C:\Windows\System\INXuCkI.exe
  C:\Windows\System\INXuCkI.exe
  2⤵
  PID:4380
- C:\Windows\System\UHJYxXq.exe
  C:\Windows\System\UHJYxXq.exe
  2⤵
  PID:5052
- C:\Windows\System\pkqgbSd.exe
  C:\Windows\System\pkqgbSd.exe
  2⤵
  PID:336
- C:\Windows\System\MKybkQO.exe
  C:\Windows\System\MKybkQO.exe
  2⤵
  PID:7156
- C:\Windows\System\QIVbmnu.exe
  C:\Windows\System\QIVbmnu.exe
  2⤵
  PID:2232
- C:\Windows\System\BPeQDWy.exe
  C:\Windows\System\BPeQDWy.exe
  2⤵
  PID:5816
- C:\Windows\System\DZiauRn.exe
  C:\Windows\System\DZiauRn.exe
  2⤵
  PID:6156
- C:\Windows\System\rUCMBAS.exe
  C:\Windows\System\rUCMBAS.exe
  2⤵
  PID:6492
- C:\Windows\System\xkxNala.exe
  C:\Windows\System\xkxNala.exe
  2⤵
  PID:2260
- C:\Windows\System\ZEjEfOv.exe
  C:\Windows\System\ZEjEfOv.exe
  2⤵
  PID:6716
- C:\Windows\System\PbCyRfR.exe
  C:\Windows\System\PbCyRfR.exe
  2⤵
  PID:4008
- C:\Windows\System\oVUbwkk.exe
  C:\Windows\System\oVUbwkk.exe
  2⤵
  PID:2072
- C:\Windows\System\AefwExQ.exe
  C:\Windows\System\AefwExQ.exe
  2⤵
  PID:7024
- C:\Windows\System\EnHoKek.exe
  C:\Windows\System\EnHoKek.exe
  2⤵
  PID:3048
- C:\Windows\System\DptleCP.exe
  C:\Windows\System\DptleCP.exe
  2⤵
  PID:4216
- C:\Windows\System\LdiCoHJ.exe
  C:\Windows\System\LdiCoHJ.exe
  2⤵
  PID:5936
- C:\Windows\System\slADVmE.exe
  C:\Windows\System\slADVmE.exe
  2⤵
  PID:6468
- C:\Windows\System\LpQjvbi.exe
  C:\Windows\System\LpQjvbi.exe
  2⤵
  PID:6640
- C:\Windows\System\XyOgZYA.exe
  C:\Windows\System\XyOgZYA.exe
  2⤵
  PID:6856
- C:\Windows\System\sLHuftZ.exe
  C:\Windows\System\sLHuftZ.exe
  2⤵
  PID:1920
- C:\Windows\System\iixwDwH.exe
  C:\Windows\System\iixwDwH.exe
  2⤵
  PID:4532
- C:\Windows\System\SJpNvLr.exe
  C:\Windows\System\SJpNvLr.exe
  2⤵
  PID:6660
- C:\Windows\System\iRGVJqU.exe
  C:\Windows\System\iRGVJqU.exe
  2⤵
  PID:1084
- C:\Windows\System\LpQdKVp.exe
  C:\Windows\System\LpQdKVp.exe
  2⤵
  PID:7180
- C:\Windows\System\WqHZpnc.exe
  C:\Windows\System\WqHZpnc.exe
  2⤵
  PID:7224
- C:\Windows\System\DXkabsh.exe
  C:\Windows\System\DXkabsh.exe
  2⤵
  PID:7256
- C:\Windows\System\gathJRJ.exe
  C:\Windows\System\gathJRJ.exe
  2⤵
  PID:7272
- C:\Windows\System\VColpEL.exe
  C:\Windows\System\VColpEL.exe
  2⤵
  PID:7304
- C:\Windows\System\LmeJguX.exe
  C:\Windows\System\LmeJguX.exe
  2⤵
  PID:7336
- C:\Windows\System\yykrDLb.exe
  C:\Windows\System\yykrDLb.exe
  2⤵
  PID:7356
- C:\Windows\System\tBAyYwq.exe
  C:\Windows\System\tBAyYwq.exe
  2⤵
  PID:7372
- C:\Windows\System\fLyGckr.exe
  C:\Windows\System\fLyGckr.exe
  2⤵
  PID:7428
- C:\Windows\System\IPNuvRA.exe
  C:\Windows\System\IPNuvRA.exe
  2⤵
  PID:7460
- C:\Windows\System\VVMvcsP.exe
  C:\Windows\System\VVMvcsP.exe
  2⤵
  PID:7488
- C:\Windows\System\iPZnipP.exe
  C:\Windows\System\iPZnipP.exe
  2⤵
  PID:7504
- C:\Windows\System\BObnTLP.exe
  C:\Windows\System\BObnTLP.exe
  2⤵
  PID:7528
- C:\Windows\System\svNCtZM.exe
  C:\Windows\System\svNCtZM.exe
  2⤵
  PID:7560
- C:\Windows\System\yUsNtTL.exe
  C:\Windows\System\yUsNtTL.exe
  2⤵
  PID:7580
- C:\Windows\System\bGIXAUi.exe
  C:\Windows\System\bGIXAUi.exe
  2⤵
  PID:7600
- C:\Windows\System\FUYMijm.exe
  C:\Windows\System\FUYMijm.exe
  2⤵
  PID:7632
- C:\Windows\System\GfOhxom.exe
  C:\Windows\System\GfOhxom.exe
  2⤵
  PID:7660
- C:\Windows\System\KjipMAZ.exe
  C:\Windows\System\KjipMAZ.exe
  2⤵
  PID:7688
- C:\Windows\System\nJPsZJY.exe
  C:\Windows\System\nJPsZJY.exe
  2⤵
  PID:7732
- C:\Windows\System\qYLiHUL.exe
  C:\Windows\System\qYLiHUL.exe
  2⤵
  PID:7760
- C:\Windows\System\bQCqEaX.exe
  C:\Windows\System\bQCqEaX.exe
  2⤵
  PID:7784
- C:\Windows\System\BOcAAMi.exe
  C:\Windows\System\BOcAAMi.exe
  2⤵
  PID:7808
- C:\Windows\System\jKLkgfL.exe
  C:\Windows\System\jKLkgfL.exe
  2⤵
  PID:7840
- C:\Windows\System\fCRVdfo.exe
  C:\Windows\System\fCRVdfo.exe
  2⤵
  PID:7860
- C:\Windows\System\rcCtBii.exe
  C:\Windows\System\rcCtBii.exe
  2⤵
  PID:7892
- C:\Windows\System\oYnirQb.exe
  C:\Windows\System\oYnirQb.exe
  2⤵
  PID:7916
- C:\Windows\System\FwZYcNw.exe
  C:\Windows\System\FwZYcNw.exe
  2⤵
  PID:7932
- C:\Windows\System\EmUhcxo.exe
  C:\Windows\System\EmUhcxo.exe
  2⤵
  PID:7948
- C:\Windows\System\AAZSLcS.exe
  C:\Windows\System\AAZSLcS.exe
  2⤵
  PID:7980
- C:\Windows\System\jcNxZcC.exe
  C:\Windows\System\jcNxZcC.exe
  2⤵
  PID:7996
- C:\Windows\System\SnsouJh.exe
  C:\Windows\System\SnsouJh.exe
  2⤵
  PID:8056
- C:\Windows\System\ZMSTEhJ.exe
  C:\Windows\System\ZMSTEhJ.exe
  2⤵
  PID:8092
- C:\Windows\System\cMRSTIv.exe
  C:\Windows\System\cMRSTIv.exe
  2⤵
  PID:8124
- C:\Windows\System\BmLSlYl.exe
  C:\Windows\System\BmLSlYl.exe
  2⤵
  PID:8148
- C:\Windows\System\gxAmXCf.exe
  C:\Windows\System\gxAmXCf.exe
  2⤵
  PID:8180
- C:\Windows\System\mSuEiCb.exe
  C:\Windows\System\mSuEiCb.exe
  2⤵
  PID:4016
- C:\Windows\System\mlEJnOi.exe
  C:\Windows\System\mlEJnOi.exe
  2⤵
  PID:7200
- C:\Windows\System\HkxKjxH.exe
  C:\Windows\System\HkxKjxH.exe
  2⤵
  PID:7288
- C:\Windows\System\OaQOSDZ.exe
  C:\Windows\System\OaQOSDZ.exe
  2⤵
  PID:7348
- C:\Windows\System\gHSxLUz.exe
  C:\Windows\System\gHSxLUz.exe
  2⤵
  PID:7444
- C:\Windows\System\vIWyyyJ.exe
  C:\Windows\System\vIWyyyJ.exe
  2⤵
  PID:7496
- C:\Windows\System\MiIQZdu.exe
  C:\Windows\System\MiIQZdu.exe
  2⤵
  PID:7588
- C:\Windows\System\iiWbAie.exe
  C:\Windows\System\iiWbAie.exe
  2⤵
  PID:7648
- C:\Windows\System\EOIBaGm.exe
  C:\Windows\System\EOIBaGm.exe
  2⤵
  PID:7680
- C:\Windows\System\oCqrGby.exe
  C:\Windows\System\oCqrGby.exe
  2⤵
  PID:7740
- C:\Windows\System\BtzFcaa.exe
  C:\Windows\System\BtzFcaa.exe
  2⤵
  PID:7796
- C:\Windows\System\WYSDbRo.exe
  C:\Windows\System\WYSDbRo.exe
  2⤵
  PID:7832
- C:\Windows\System\WAIbGgJ.exe
  C:\Windows\System\WAIbGgJ.exe
  2⤵
  PID:7968
- C:\Windows\System\BqDbTsI.exe
  C:\Windows\System\BqDbTsI.exe
  2⤵
  PID:8028
- C:\Windows\System\TOyhEnL.exe
  C:\Windows\System\TOyhEnL.exe
  2⤵
  PID:8104
- C:\Windows\System\xQcLqvd.exe
  C:\Windows\System\xQcLqvd.exe
  2⤵
  PID:8188
- C:\Windows\System\XLMZlnU.exe
  C:\Windows\System\XLMZlnU.exe
  2⤵
  PID:6240
- C:\Windows\System\ykMaiFA.exe
  C:\Windows\System\ykMaiFA.exe
  2⤵
  PID:7284
- C:\Windows\System\tgZPzAp.exe
  C:\Windows\System\tgZPzAp.exe
  2⤵
  PID:7524
- C:\Windows\System\VfIBNYs.exe
  C:\Windows\System\VfIBNYs.exe
  2⤵
  PID:7640
- C:\Windows\System\mLdzAeq.exe
  C:\Windows\System\mLdzAeq.exe
  2⤵
  PID:7704
- C:\Windows\System\sbJBpUP.exe
  C:\Windows\System\sbJBpUP.exe
  2⤵
  PID:7856
- C:\Windows\System\KUFtRzW.exe
  C:\Windows\System\KUFtRzW.exe
  2⤵
  PID:7992
- C:\Windows\System\HZjYXIN.exe
  C:\Windows\System\HZjYXIN.exe
  2⤵
  PID:8168
- C:\Windows\System\kLbkUHz.exe
  C:\Windows\System\kLbkUHz.exe
  2⤵
  PID:7656
- C:\Windows\System\fJlXjXT.exe
  C:\Windows\System\fJlXjXT.exe
  2⤵
  PID:8084
- C:\Windows\System\lyQqCuD.exe
  C:\Windows\System\lyQqCuD.exe
  2⤵
  PID:7988
- C:\Windows\System\GESTiPb.exe
  C:\Windows\System\GESTiPb.exe
  2⤵
  PID:8200
- C:\Windows\System\tNcxlhb.exe
  C:\Windows\System\tNcxlhb.exe
  2⤵
  PID:8228
- C:\Windows\System\txCGHYl.exe
  C:\Windows\System\txCGHYl.exe
  2⤵
  PID:8268
- C:\Windows\System\CUuCkPH.exe
  C:\Windows\System\CUuCkPH.exe
  2⤵
  PID:8296
- C:\Windows\System\odzOiAb.exe
  C:\Windows\System\odzOiAb.exe
  2⤵
  PID:8324
- C:\Windows\System\QrxGwNX.exe
  C:\Windows\System\QrxGwNX.exe
  2⤵
  PID:8340
- C:\Windows\System\MoWTDmp.exe
  C:\Windows\System\MoWTDmp.exe
  2⤵
  PID:8368
- C:\Windows\System\gDNbvIZ.exe
  C:\Windows\System\gDNbvIZ.exe
  2⤵
  PID:8408
- C:\Windows\System\KmdCBRb.exe
  C:\Windows\System\KmdCBRb.exe
  2⤵
  PID:8424
- C:\Windows\System\DchSRfq.exe
  C:\Windows\System\DchSRfq.exe
  2⤵
  PID:8456
- C:\Windows\System\rLIelWD.exe
  C:\Windows\System\rLIelWD.exe
  2⤵
  PID:8480
- C:\Windows\System\eLBRWvp.exe
  C:\Windows\System\eLBRWvp.exe
  2⤵
  PID:8520
- C:\Windows\System\qPRRcTi.exe
  C:\Windows\System\qPRRcTi.exe
  2⤵
  PID:8536
- C:\Windows\System\kfwUxjD.exe
  C:\Windows\System\kfwUxjD.exe
  2⤵
  PID:8568
- C:\Windows\System\IRSGuHE.exe
  C:\Windows\System\IRSGuHE.exe
  2⤵
  PID:8604
- C:\Windows\System\mcfPDqg.exe
  C:\Windows\System\mcfPDqg.exe
  2⤵
  PID:8624
- C:\Windows\System\eThNbga.exe
  C:\Windows\System\eThNbga.exe
  2⤵
  PID:8648
- C:\Windows\System\UZnfheN.exe
  C:\Windows\System\UZnfheN.exe
  2⤵
  PID:8668
- C:\Windows\System\tBkHhFp.exe
  C:\Windows\System\tBkHhFp.exe
  2⤵
  PID:8716
- C:\Windows\System\QHRWHff.exe
  C:\Windows\System\QHRWHff.exe
  2⤵
  PID:8740
- C:\Windows\System\SOWHotn.exe
  C:\Windows\System\SOWHotn.exe
  2⤵
  PID:8768
- C:\Windows\System\CRkdVBe.exe
  C:\Windows\System\CRkdVBe.exe
  2⤵
  PID:8796
- C:\Windows\System\vGkmgSW.exe
  C:\Windows\System\vGkmgSW.exe
  2⤵
  PID:8824
- C:\Windows\System\kVlCVHo.exe
  C:\Windows\System\kVlCVHo.exe
  2⤵
  PID:8848
- C:\Windows\System\DIcKGBn.exe
  C:\Windows\System\DIcKGBn.exe
  2⤵
  PID:8876
- C:\Windows\System\DHWDdiv.exe
  C:\Windows\System\DHWDdiv.exe
  2⤵
  PID:8908
- C:\Windows\System\boBjnff.exe
  C:\Windows\System\boBjnff.exe
  2⤵
  PID:8940
- C:\Windows\System\djuajYq.exe
  C:\Windows\System\djuajYq.exe
  2⤵
  PID:8960
- C:\Windows\System\gcqnrDR.exe
  C:\Windows\System\gcqnrDR.exe
  2⤵
  PID:8988
- C:\Windows\System\EinCxYi.exe
  C:\Windows\System\EinCxYi.exe
  2⤵
  PID:9016
- C:\Windows\System\wtlZYVY.exe
  C:\Windows\System\wtlZYVY.exe
  2⤵
  PID:9044
- C:\Windows\System\bWtDNuM.exe
  C:\Windows\System\bWtDNuM.exe
  2⤵
  PID:9084
- C:\Windows\System\CwtbVxD.exe
  C:\Windows\System\CwtbVxD.exe
  2⤵
  PID:9100
- C:\Windows\System\KiprPEs.exe
  C:\Windows\System\KiprPEs.exe
  2⤵
  PID:9128
- C:\Windows\System\JfISdyA.exe
  C:\Windows\System\JfISdyA.exe
  2⤵
  PID:9164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ArEuAOr.exe

Filesize
2.1MB

MD5
655b70547caca8255d4aca348846e189

SHA1
bbb2e5df24925bb6da841d0d06d8a4024306937b

SHA256
1e80a70ff595ebfb7936bddbcffda99774c9a06656a6ba0c8ca2612f2a4d6ed9

SHA512
cb6d9e132ef6f077c0c6349a5f6a70053550c1e37bf4f1a510995c1f3d3819274cccdfc00365c4010211429106302f8281d9feeba7616ee8f1077ca52e538b54

Download Submit
C:\Windows\System\BpQwcne.exe

Filesize
2.1MB

MD5
7486726639709b276ca513d0b3ee9dd6

SHA1
ea0a95891f912edc65f4255d4924a7075e8b4fce

SHA256
0a7b861ba378e222ff121377b5d9f8b707f14d9af3f9e3bc340c556cfdd3a4e3

SHA512
170bd119664e2f021027f1645400980e50bde5457c2d4ff1d46f705c362c4b12b102ef1201a3286ec807aef6206d8f7f56c52a42ff276ba8faff665e75176f08

Download Submit
C:\Windows\System\BtsFidW.exe

Filesize
2.1MB

MD5
794572ecc85205c953a281bc54a4e8d7

SHA1
12b56f9f647cc8e991da9548652105f50b0bd1a5

SHA256
1c364fb409a0ef3a40d47222a8b21cd0dc29de389c03ce4c676efada41925824

SHA512
040f6ccda292112afc74422bad8bf4b19a28ae4ee4a4ec63abe57262ae43617ca0edd0a6299b987f2edb3e5a4412fed938d174281ac69786344d5000791856e7

Download Submit
C:\Windows\System\CTHEERS.exe

Filesize
2.1MB

MD5
2f45a4b3d201ef9b9f40aeec82622d9b

SHA1
d49d7a0480a6ed2c33ce804037584acb39e26fbf

SHA256
5df996fc8363359918f293abe557ac0ba277c2419d3fd375de32c363c5baa07f

SHA512
c6c3983a510c611fd3b9a0e55b2e4f247350ecd3e5703233ba3fc509ebbbb528f242719dd2f877214737a74519764f53b34a6d94dc3c7d4b054a313bd172e67e

Download Submit
C:\Windows\System\GdsarBS.exe

Filesize
2.1MB

MD5
c9cab092a00c8a124509fce59aba840f

SHA1
b5ee83ed89140a291af908e863691115be1b927f

SHA256
72baf3cf2a050096208e3179d9ad03ca2a93acab672b089564520366afc92cd9

SHA512
9a83b27fb3f7f771fa5d96f86f0854f0779fd9e15b6dfd4491b732abcd83f2f9e4e9f55457895712694ab26659b6544ffe79adc347db2bc2eacc105089784f97

Download Submit
C:\Windows\System\JJOWCkp.exe

Filesize
2.1MB

MD5
cb42794265641ef6bec841870a30d077

SHA1
afb2fb0e69b3bf8a48df8ff37c6b02b893dd1448

SHA256
c53fe949edd06d13b3dd3d91aeaa1c65444420c35b7c94c401cfde384c574e48

SHA512
f0cab49c307ba58a6548531ad4185987c24c29a2228712c93d979d03366a7ed155bff852b7ba10930f643f222fd023043228be0a15c1befbd12452a2a0861630

Download Submit
C:\Windows\System\LxuTBJN.exe

Filesize
2.1MB

MD5
02948e0fd0269420816ff3b0ca74fabc

SHA1
be49afa1c0cb80459e65cb7d36bfc3b4bf6df442

SHA256
70849c868c01f9004d63227ba1d3dd32f6922df03b919764eb81685cdeb6cf07

SHA512
bc498cea9b612b3ec688d7cc4a3657d24c21783235cfe1aa6ca295c30304acd085b1febbd90367c59ca6d3f6f3e8773cb47f4587a148681e836b6e258bfb3dba

Download Submit
C:\Windows\System\PcObEGQ.exe

Filesize
2.1MB

MD5
10c11d3da86d19dd101c32a038fff6d8

SHA1
c7c79d665432830fc649c734d12f780bed90cbe0

SHA256
20974ad071286c0d203186691d9202bce890056ff73695586a4613b87b4c60b8

SHA512
33fd1642ade973c9913a6641d1273338d28d01b8aa88fba8b1fc29bbdd166b6e8c375e36eda0a5815b73096a17b5fbe1fa5a2c391b74a80d48570a77fc769b8c

Download Submit
C:\Windows\System\QBKSAJM.exe

Filesize
2.1MB

MD5
e246803aad8cb31e05972d9c00875ff9

SHA1
71ac792416bf8132936f58267c62eeb6d0ffbd50

SHA256
d12fc411ef5953d1585d942b5be28449616efe3a5428ff9ae74b2ce96fca3379

SHA512
46b6b8dd22ab49ab33c65f5776b951432cfd12333e7b59d219bb721951fbf25f3b7ab4128b66b4c27118709a17f5cc208d38279269b35424a155ef3fda840d29

Download Submit
C:\Windows\System\RnnUlXh.exe

Filesize
2.1MB

MD5
2c42cbb6a5e7091152b6f794f0902ca9

SHA1
1a725b2168ec3f2e3d0b7879d65aa3b6016361c5

SHA256
3643866159f2e2e62fa20725e62e4c9f72ac59007d4e841c96ad6534b88731a1

SHA512
2bd25f4eab05cf080d42bb54abbb85490eb349f2cf4f2abe06150ef33fb2343b3c237f51dc456aa59a8e1c4a2562fde54c0e9b337c2348aa327eaeff4647794d

Download Submit
C:\Windows\System\SPKKEmV.exe

Filesize
2.1MB

MD5
02b05104ec833c3b2ce3ba6c57e4684d

SHA1
06e8756e2bbbf988b5d903ccc31d0735a0944e46

SHA256
a5d75c802d9a688d18873e33e91aafe598ef24eb36e6bbc11e9a7a3b4dd17abc

SHA512
0c75b727a84424f95243153c4efccdcf7554966109b26a930488fbe69f889b5383e8a12ae83f3e07f6f41325bb2d33b294bbcfa89296304374b4a6998ce83cd0

Download Submit
C:\Windows\System\SbcgFwb.exe

Filesize
2.1MB

MD5
2c36186b593cdba7778f146b70670e14

SHA1
992f3525832515cb2b500b7f5e20306d56d54d2f

SHA256
1aa631fe23f8d2b03645c8f03f45f5073044541d486a3970cb6062abd4ef72f1

SHA512
523d327b4faf647e213e3092a611d9e2a7ace29a65cb357ed3d967e66d88339e2a03b1f67818923cd44fd9816d297bc1c4ff43f95a5ecbf2d597772a60c24f12

Download Submit
C:\Windows\System\TiJPuOG.exe

Filesize
2.1MB

MD5
c1b62942f193ab065a52ffe28b4852da

SHA1
1bae30b5a106c982b99565043dee9f592530ee77

SHA256
5fbc23bcc55827842725cb0c6cccb3f4f0de4911c9becfe4d7b4c21569dc0cec

SHA512
82728f062e262c5d08a25a276502577681f4d71c038cdda47529421057b87f53bd789e9e857babe26b7a01057a4002c688bbcf5830cb746b5d1fa02e5d553872

Download Submit
C:\Windows\System\UUCMZyJ.exe

Filesize
2.1MB

MD5
9dc5c1993ef17bff2280f7987597f00a

SHA1
6331044b6feb817cabf2adad5a7660b94e54a72b

SHA256
0ae87e20233485a98f7a9ba1bc4d2c3df9d15fe82c1e1f9193dff762371b2b49

SHA512
04e5d5fb979846ebaf8b55b28a7bc62aa582fba8ffae8e835fe2528ed42f3552dda8515f786bccd27de6d32327c1a29dc63dd07657c3bb428202c80dade853cd

Download Submit
C:\Windows\System\UWhfgIi.exe

Filesize
2.1MB

MD5
fde518659ab0c40ae22d395633ca01b4

SHA1
608742463382a04f83a11907edd4185c123db165

SHA256
8c75c89e392841549e32f61a98c007bf538e21e0fa5a83440f264393fdf8a597

SHA512
73f2a6edf73eb2f98d802b91434bd8fe2003123d77861e52f16f7dfcf4271fb2361f81929fe9221d418d8f6778660d0b35c9437450e73d8a80f09f74bb414d29

Download Submit
C:\Windows\System\UkmZlXx.exe

Filesize
2.1MB

MD5
8491bf8cbc56fe4c0b244eeb3b8eb9c7

SHA1
cbe741fba48554066fc2b8f331e93fabf958d116

SHA256
673dcf8531304b358bc0570a0b688e96edb73e61ca29f89e84f0b0e6eca881e1

SHA512
b360bbcde53183168bcf2fda2d36b0ce4c39cd119655fedabc7c3f48259a699d022f51a1c0abfc9cce1b6c264f8cdeaccc19b14e798845edcbdb2552c383b5ea

Download Submit
C:\Windows\System\ZqdoSPX.exe

Filesize
2.1MB

MD5
01a03eb6bb515ef426249a0de0d590d9

SHA1
de650002a30a298aec6a6d5a07322ea55f27a389

SHA256
ebe0dd33b4f25c2fdcfacdde2cec491e31abca7f4869303e4e899f1ef4f9e7c0

SHA512
caa018eb1efa430ecde62b1b069a60502a2a5e77f8875b6cfbb07590232a0044615236e1d276860a4b88ef6e72dbd2bbec991ff0be8a6a9509c2f68079319395

Download Submit
C:\Windows\System\bVoDNsu.exe

Filesize
2.1MB

MD5
e0b1b13140d63e76a312301ec875e203

SHA1
e8e560eb87274ac82c00efb4874d1c13316ab2fc

SHA256
d783640708cc516c1912e793a04854c262a6cb3981295aed820087ad56c38d40

SHA512
41be2cd51c52fb10726dd5c6b9c9349de7c888e855d93f45d4f2cb62d9df5c2c9e61261e6a5ae51068121f7060e8a04ea93e82d18f62f0fef1a1c26fc51700d1

Download Submit
C:\Windows\System\eZctXZt.exe

Filesize
2.1MB

MD5
32597f495beb9f83daa0a125be151e37

SHA1
3e6b0277bfba8b769a1a6d1dbd7ab1d4425716dd

SHA256
78b977aafcd6dd291363d9d46572bd298ac1fad32dbaaddbc488c933725c2646

SHA512
2003ba0f8e8e9a7936755cb22518dd789dc31e14ae28c743c328ad4c3763353ffdee6f2a9b23f01af71edb361f78b4b366890c703d50b7511eeb2a068db43755

Download Submit
C:\Windows\System\ehVYeSg.exe

Filesize
2.1MB

MD5
544e9d60afef42a200a0b201a2ae90e5

SHA1
13e49b85822e47348a0b8419e0ece9dd91f9ae19

SHA256
38751dc8eaa2ce18d5bfcbd285f0dc15ef6317f76dd46556b18a5a70c4e27aca

SHA512
9c2f7b48f5f5dbe693b057fdb90df8ef9e2495bf2150812dc44315456e0b967af5635f27d358693ca99784465a6abc27a5b035dd9621c4e008912647e67534bf

Download Submit
C:\Windows\System\emPVfYF.exe

Filesize
2.1MB

MD5
88297e6d84a696edfe0f262562de40c2

SHA1
5c0ac9b8125417a0206980346b36f50eefc2b9be

SHA256
ea07697c091eb7c61d9890383bb4d000aed5ef2a7fb4d72a866d88b0f1716b0a

SHA512
f8b1d091982e8eab525656896bbaa2c953a66781885d024481598dc3ca07e8253b47664590431bb8eef46e8e403737b2acfc3dd6939acebec8339e3814bae9ab

Download Submit
C:\Windows\System\fVqzRJs.exe

Filesize
2.1MB

MD5
564f87344818c4ac5e381e6c0214bdc1

SHA1
57032755f1d79cfa0dca4e01e14b13b5e42f9405

SHA256
dd083a9917fbd0f1f4914ddac7d4c2054049211c27a6c2ec3d8d017cb440f940

SHA512
b4df0486d337e7b9b64aca7e8ef51fa86c96bdc11bc989b444b2cf0f10b3ef2bf9680a410fb78a0390d91bd149feeada4f43d7fa28f422a0c348c70c1fd13536

Download Submit
C:\Windows\System\fcayNcJ.exe

Filesize
2.1MB

MD5
41c6ae76f7917707fc97973ce5b26d43

SHA1
7567e3947691086794a84c547c316baaab0311da

SHA256
51f0f570268e1993fa3e57d3c14fc2c0bec386abb409ac45709db930f512e00e

SHA512
e6621b8fdb4827d5cb2c806fd59dfc65cbc1604d1f269f22e54ff61c308b489cc369b4a75c4f911ab9ea8a972947551cff656f0ead5a8d75e6496b26b8c928d1

Download Submit
C:\Windows\System\glmDUKg.exe

Filesize
2.1MB

MD5
11d45940202639f07a3a49e55f8c445f

SHA1
d26f58287bf0c79fb30489a0b7624f9ab7fe6693

SHA256
23af1ea48108451a382cb9e09838ed61b9a72339ddc2b6456fd37427ac1f2980

SHA512
1e97efc41bd0d4538fc23739ed86bd6b941a04ba267e7a2384aeafde2139cb060b2d48e5a720b165d46f19fc646f1dd63e6ed48c355c901b255095befcdaa6c4

Download Submit
C:\Windows\System\hzMqiHO.exe

Filesize
2.1MB

MD5
c21443ad5bb696a716a306739cf71ceb

SHA1
17c29402e2cf6e4af4ed4f318d8ce456976d2a4e

SHA256
aff1747c88134f014fbb1664004d39e3195c2992a52243dc5eebba2b050fe9d7

SHA512
47c826cd4392a15f3795d5b7cf9a4108791abc12a206df12c1aa7ed5dad71f7e36bc42735d769afbcf62a78fd4835a81a3eebc171024d70f9ec12b0a89be572f

Download Submit
C:\Windows\System\krJlPZb.exe

Filesize
2.1MB

MD5
63cefa87bd075f4b809e33420084f776

SHA1
6d1f573d48518d0d4dcbe48f1b53f7a1225fbd2e

SHA256
a257b6a4936bd72410471d8e9d33640e2c0e4f5b9d1d548f7e1b1070f8ff8aaf

SHA512
4bd08dc4e8e228a2866b9224af9dc078c66fb7c5e7c9bfcb64b6cf61595f517c0ecaa0991c2da82784dc47d96f3c9bcd9d3829d38f637ba8693b6388726fd3f3

Download Submit
C:\Windows\System\kumoQyY.exe

Filesize
2.1MB

MD5
3a0c65714e2720339e761c6bd57147c1

SHA1
11af1aeeb9c63d124adf089bab21a363bfba7c8c

SHA256
1dd4445e9b5ca2b1a02b9a8b847469168c95c8f4b617a6e98aa1958ee36acded

SHA512
ded2fe9146bc3790b8c5c6698ecbe42ee0803d7c2bc5ae3bd35eadd20a888a740d0f9fe5ccbb367394906df89d2d7c0655d4fbef08236d560a49ad5d67795f64

Download Submit
C:\Windows\System\lbbGYue.exe

Filesize
2.1MB

MD5
8a7449c0e3ad80b35aceacadfb944a90

SHA1
fa5b8e20a5185574747b89e445b2e1b76621b739

SHA256
b24db606c7e61cc96b5ef91415198b9dbee23bfeb2065bdcbea4997ea2b9db62

SHA512
268cf83abe6c0cf101edd17722e8d604c97ecb070d4c49773769ed8b283ccee634fd57fc5b634121bddd0fe983a4c45790c477df676bf91d97c07796f66d09fb

Download Submit
C:\Windows\System\qMbxlwX.exe

Filesize
2.1MB

MD5
fd085587bdf34051a9698d63bb077585

SHA1
939ee3b2aae540cf351b587ddb29de2c1efc0d58

SHA256
676055be0b58b5d792a5e85dac6f4204d0a4e5473c02aa4e6969420fef6c97db

SHA512
17b3dcb40282a4a211fd340db54f30978380870c8772f119ead6960f52ec2cc75236d601413db0ffa935674811a17f44b9fe8ae7c59798488a30393ac42ac88e

Download Submit
C:\Windows\System\rNOzGgo.exe

Filesize
2.1MB

MD5
76c6d1d31a6c5e87f3fbcb3eb027e85e

SHA1
f69f896ef3b5182aecdacc3f3090acf00ae46b6c

SHA256
664d4eed2002abcc32686fd925d42bae893426f11672bbe66816b81ed82c8b80

SHA512
bee0aee46964d87a4cd1ca52d332f2a9f1897ab8487de8c76f5be33a003607289c6e54155f19856502b2b9e4eeed36a8263fbc9df5403f1a5b8744e5da893655

Download Submit
C:\Windows\System\snnjnjm.exe

Filesize
2.1MB

MD5
faf41b365feb0de03e65128cb36efecb

SHA1
e72a7a08506d379c1226ac58d11aaaf5a61a3299

SHA256
67ef10f14a7a7f8da94fbad4974a9ced3be17c35729409cd3d64ae7ef46b1100

SHA512
c665384f424428d8d845c91673cd9e92d760820783a4003006f75229c9d60fde436111f06f1317184d8b52a44eb2ee775ef54fdcf464679bdd2c435f542eeabe

Download Submit
C:\Windows\System\vLqvXpf.exe

Filesize
2.1MB

MD5
14eff71b0a1550593661cec2733e8193

SHA1
72462ad6655897fd83b48138a4a7c30ef4f3fa1f

SHA256
ce038b36d73f2a3324a0400143694071c52e05a11206d00adc809a20ab4b7dd1

SHA512
8bf28906c840012a7b771f5a5830f812e7e0b378afc4cfdd99368fc4e328125c936dc94a885ff039b6d7d5f8eb24fae1a86d1ba94387fe932e0e45e1b62c5fe5

Download Submit
C:\Windows\System\wjUWBvs.exe

Filesize
2.1MB

MD5
659a6156671f5e36840d7dc7eeb4ca41

SHA1
11bd936e400e295863be14344481c1d02209579b

SHA256
4d76ed6d71850b0e912a2c4ca9190a070d3f906642f484085da9efe5e2eddb29

SHA512
d7979246365e4e016c6524af3042b1f314dc2a4ee5dcadfe008076995109d2edf50b581af74c5e83d4a35a724eb99ab89ddb60cce66bbe121cb710fbb370d167

Download Submit
memory/1972-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download