kpot | b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
Size

2.1MB
MD5

2956ccc790b912d4a3872fd191ca5b40
SHA1

3ab6c8662e6f6094947f2ca7caccbd45bb34c19e
SHA256

b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2
SHA512

9e238926928405d9f79c940423f29632e78bd54c047ac6b980bbcdc7c4577ab254c23e552d4cf88bb0b5551f28f2f33e2015dc48b84bc84f3382208c88a0d4c8
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PVC:GemTLkNdfE0pZaQY

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000700000002327a-4.dat	family_kpot
behavioral2/files/0x0007000000023412-8.dat	family_kpot
behavioral2/files/0x000800000002340e-16.dat	family_kpot
behavioral2/files/0x0007000000023416-31.dat	family_kpot
behavioral2/files/0x0007000000023414-34.dat	family_kpot
behavioral2/files/0x0007000000023417-43.dat	family_kpot
behavioral2/files/0x0007000000023419-48.dat	family_kpot
behavioral2/files/0x0007000000023423-95.dat	family_kpot
behavioral2/files/0x0007000000023428-111.dat	family_kpot
behavioral2/files/0x0007000000023424-125.dat	family_kpot
behavioral2/files/0x000700000002342b-140.dat	family_kpot
behavioral2/files/0x000700000002342a-138.dat	family_kpot
behavioral2/files/0x0007000000023429-136.dat	family_kpot
behavioral2/files/0x0007000000023427-132.dat	family_kpot
behavioral2/files/0x0007000000023426-130.dat	family_kpot
behavioral2/files/0x0007000000023425-128.dat	family_kpot
behavioral2/files/0x0007000000023421-117.dat	family_kpot
behavioral2/files/0x0007000000023420-113.dat	family_kpot
behavioral2/files/0x0007000000023422-108.dat	family_kpot
behavioral2/files/0x000700000002341f-102.dat	family_kpot
behavioral2/files/0x000700000002341e-101.dat	family_kpot
behavioral2/files/0x000700000002341d-96.dat	family_kpot
behavioral2/files/0x000700000002341a-73.dat	family_kpot
behavioral2/files/0x000700000002341c-71.dat	family_kpot
behavioral2/files/0x000700000002341b-83.dat	family_kpot
behavioral2/files/0x0007000000023418-54.dat	family_kpot
behavioral2/files/0x0007000000023415-36.dat	family_kpot
behavioral2/files/0x0007000000023413-27.dat	family_kpot
behavioral2/files/0x000700000002342c-143.dat	family_kpot
behavioral2/files/0x000800000002340f-149.dat	family_kpot
behavioral2/files/0x000700000002342e-155.dat	family_kpot
behavioral2/files/0x000700000002342f-158.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000700000002327a-4.dat	xmrig
behavioral2/files/0x0007000000023412-8.dat	xmrig
behavioral2/files/0x000800000002340e-16.dat	xmrig
behavioral2/files/0x0007000000023416-31.dat	xmrig
behavioral2/files/0x0007000000023414-34.dat	xmrig
behavioral2/files/0x0007000000023417-43.dat	xmrig
behavioral2/files/0x0007000000023419-48.dat	xmrig
behavioral2/files/0x0007000000023423-95.dat	xmrig
behavioral2/files/0x0007000000023428-111.dat	xmrig
behavioral2/files/0x0007000000023424-125.dat	xmrig
behavioral2/files/0x000700000002342b-140.dat	xmrig
behavioral2/files/0x000700000002342a-138.dat	xmrig
behavioral2/files/0x0007000000023429-136.dat	xmrig
behavioral2/files/0x0007000000023427-132.dat	xmrig
behavioral2/files/0x0007000000023426-130.dat	xmrig
behavioral2/files/0x0007000000023425-128.dat	xmrig
behavioral2/files/0x0007000000023421-117.dat	xmrig
behavioral2/files/0x0007000000023420-113.dat	xmrig
behavioral2/files/0x0007000000023422-108.dat	xmrig
behavioral2/files/0x000700000002341f-102.dat	xmrig
behavioral2/files/0x000700000002341e-101.dat	xmrig
behavioral2/files/0x000700000002341d-96.dat	xmrig
behavioral2/files/0x000700000002341a-73.dat	xmrig
behavioral2/files/0x000700000002341c-71.dat	xmrig
behavioral2/files/0x000700000002341b-83.dat	xmrig
behavioral2/files/0x0007000000023418-54.dat	xmrig
behavioral2/files/0x0007000000023415-36.dat	xmrig
behavioral2/files/0x0007000000023413-27.dat	xmrig
behavioral2/files/0x000700000002342c-143.dat	xmrig
behavioral2/files/0x000800000002340f-149.dat	xmrig
behavioral2/files/0x000700000002342e-155.dat	xmrig
behavioral2/files/0x000700000002342f-158.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
676	qSiDQWM.exe
3288	zcVfWae.exe
844	jZXYbWT.exe
4796	VfrWCFj.exe
3692	YAzcoTD.exe
2416	OfuxfdR.exe
2156	mLqzYFQ.exe
32	EgLvktu.exe
2664	rHAqICq.exe
2720	PkDBerr.exe
3632	UKKBRTq.exe
3760	xNiEnfx.exe
1140	FNmuERD.exe
2012	PTzBAEP.exe
704	tVPXHYx.exe
4752	HrbFzaT.exe
4912	zjnbYIP.exe
4084	eLsBoBp.exe
2092	tWtSBfV.exe
2064	cLwTTHl.exe
940	WkIWBbB.exe
3240	cjncrrd.exe
4604	fYJobqS.exe
3280	AkqmaQY.exe
4252	UbwsVHK.exe
648	OWMEmzs.exe
1716	bsPiXZE.exe
3344	bwiUseS.exe
1528	xJvZRZi.exe
3648	nHqklyU.exe
2840	sbUXnyk.exe
1004	EkwvhdF.exe
860	xmVJMwJ.exe
2492	hkmfmQw.exe
3312	JfZeaeO.exe
3384	gwlmaxZ.exe
4976	RgHKdgp.exe
3624	zZogxqg.exe
4144	GAyTtBR.exe
3204	NKdVJNj.exe
4712	uXByMdX.exe
2244	dVNxEhZ.exe
2172	fHeamdq.exe
2152	VMLdLCO.exe
3784	FYzkFtZ.exe
5032	MvPrJUG.exe
4772	fEczSjc.exe
4520	RwwHwce.exe
3588	JOrCAwi.exe
3776	ksImjnL.exe
4728	bfCSEUl.exe
608	JVtETZL.exe
4480	mfyukiu.exe
3048	OpeUUOX.exe
3428	IsjnJOS.exe
3248	oUidnzc.exe
624	RfdFrBA.exe
4648	GBCJQuz.exe
4960	wkQkpIf.exe
244	anXCzrV.exe
4740	UaekERz.exe
1012	tVEGuDS.exe
2392	Oauiirt.exe
740	BtUcYNr.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oJlmpEo.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\IFKTeci.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\PbHVItS.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\ehoGhWv.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\YoTuryg.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\FYzkFtZ.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\fEczSjc.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\jaeJIWy.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\QfsnUre.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\wzRmlou.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\oGynOmC.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\DFjSVqz.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\SWRqVQo.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\sRLcRGB.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\BkeDeDF.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\qxEyoZP.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\NkbNYvf.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\JmlEDdA.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\nHqklyU.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\hucLVdR.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\dSGVNaR.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\vuCxwkH.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\HGpwefg.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\NHktjue.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\qSiDQWM.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\BtUcYNr.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\rYMugWi.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\ZswzDpx.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\kAYklzl.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\vAwIMuX.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\jxqBTkB.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\mLqzYFQ.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\dumQXby.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\ODKaMzF.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\reTcxMv.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\ksFRhSP.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\MUhGLhu.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\xyXuEXl.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\VMLdLCO.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\OpeUUOX.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\YjsainQ.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\lVXKxjL.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\VfrWCFj.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\uXByMdX.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\RfdFrBA.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\rKxCBLF.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\pdcTAjy.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\gsQOmGY.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\agDnOzO.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\MRvYASK.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\MtwvKuA.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\GcWduaZ.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\KDZEKDx.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\mLNJNVX.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\SgrTqyo.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\AddYICT.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\MvPrJUG.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\gBbNJGg.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\oADemrO.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\NopbiAd.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\UKclpxP.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\sEnGMDh.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\YpGmHEC.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
File created	C:\Windows\System\XCvrwkU.exe	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 676	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	83
PID 2952 wrote to memory of 676	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	83
PID 2952 wrote to memory of 3288	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	84
PID 2952 wrote to memory of 3288	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	84
PID 2952 wrote to memory of 844	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	85
PID 2952 wrote to memory of 844	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	85
PID 2952 wrote to memory of 4796	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	86
PID 2952 wrote to memory of 4796	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	86
PID 2952 wrote to memory of 3692	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	87
PID 2952 wrote to memory of 3692	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	87
PID 2952 wrote to memory of 2416	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	88
PID 2952 wrote to memory of 2416	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	88
PID 2952 wrote to memory of 2156	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	89
PID 2952 wrote to memory of 2156	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	89
PID 2952 wrote to memory of 32	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	90
PID 2952 wrote to memory of 32	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	90
PID 2952 wrote to memory of 2664	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	91
PID 2952 wrote to memory of 2664	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	91
PID 2952 wrote to memory of 2720	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	92
PID 2952 wrote to memory of 2720	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	92
PID 2952 wrote to memory of 3632	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	93
PID 2952 wrote to memory of 3632	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	93
PID 2952 wrote to memory of 3760	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	94
PID 2952 wrote to memory of 3760	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	94
PID 2952 wrote to memory of 1140	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	95
PID 2952 wrote to memory of 1140	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	95
PID 2952 wrote to memory of 2012	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	96
PID 2952 wrote to memory of 2012	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	96
PID 2952 wrote to memory of 704	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	97
PID 2952 wrote to memory of 704	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	97
PID 2952 wrote to memory of 4752	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	98
PID 2952 wrote to memory of 4752	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	98
PID 2952 wrote to memory of 4912	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	99
PID 2952 wrote to memory of 4912	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	99
PID 2952 wrote to memory of 4084	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	100
PID 2952 wrote to memory of 4084	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	100
PID 2952 wrote to memory of 2092	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	101
PID 2952 wrote to memory of 2092	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	101
PID 2952 wrote to memory of 2064	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	102
PID 2952 wrote to memory of 2064	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	102
PID 2952 wrote to memory of 940	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	103
PID 2952 wrote to memory of 940	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	103
PID 2952 wrote to memory of 3240	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	104
PID 2952 wrote to memory of 3240	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	104
PID 2952 wrote to memory of 4604	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	105
PID 2952 wrote to memory of 4604	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	105
PID 2952 wrote to memory of 3280	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	106
PID 2952 wrote to memory of 3280	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	106
PID 2952 wrote to memory of 4252	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	107
PID 2952 wrote to memory of 4252	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	107
PID 2952 wrote to memory of 648	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	108
PID 2952 wrote to memory of 648	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	108
PID 2952 wrote to memory of 1716	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	109
PID 2952 wrote to memory of 1716	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	109
PID 2952 wrote to memory of 3344	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	110
PID 2952 wrote to memory of 3344	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	110
PID 2952 wrote to memory of 1528	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	111
PID 2952 wrote to memory of 1528	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	111
PID 2952 wrote to memory of 3648	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	112
PID 2952 wrote to memory of 3648	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	112
PID 2952 wrote to memory of 2840	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	113
PID 2952 wrote to memory of 2840	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	113
PID 2952 wrote to memory of 1004	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	114
PID 2952 wrote to memory of 1004	2952	b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b2b7a01148565a768f311a8ff2b6d0a3e868f18162eced722959e47b2018e5c2_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\System\qSiDQWM.exe
  C:\Windows\System\qSiDQWM.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\zcVfWae.exe
  C:\Windows\System\zcVfWae.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\jZXYbWT.exe
  C:\Windows\System\jZXYbWT.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\VfrWCFj.exe
  C:\Windows\System\VfrWCFj.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\YAzcoTD.exe
  C:\Windows\System\YAzcoTD.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\OfuxfdR.exe
  C:\Windows\System\OfuxfdR.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\mLqzYFQ.exe
  C:\Windows\System\mLqzYFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EgLvktu.exe
  C:\Windows\System\EgLvktu.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\rHAqICq.exe
  C:\Windows\System\rHAqICq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\PkDBerr.exe
  C:\Windows\System\PkDBerr.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\UKKBRTq.exe
  C:\Windows\System\UKKBRTq.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\xNiEnfx.exe
  C:\Windows\System\xNiEnfx.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\FNmuERD.exe
  C:\Windows\System\FNmuERD.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\PTzBAEP.exe
  C:\Windows\System\PTzBAEP.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\tVPXHYx.exe
  C:\Windows\System\tVPXHYx.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\HrbFzaT.exe
  C:\Windows\System\HrbFzaT.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\zjnbYIP.exe
  C:\Windows\System\zjnbYIP.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\eLsBoBp.exe
  C:\Windows\System\eLsBoBp.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\tWtSBfV.exe
  C:\Windows\System\tWtSBfV.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\cLwTTHl.exe
  C:\Windows\System\cLwTTHl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\WkIWBbB.exe
  C:\Windows\System\WkIWBbB.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\cjncrrd.exe
  C:\Windows\System\cjncrrd.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\fYJobqS.exe
  C:\Windows\System\fYJobqS.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\AkqmaQY.exe
  C:\Windows\System\AkqmaQY.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\UbwsVHK.exe
  C:\Windows\System\UbwsVHK.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\OWMEmzs.exe
  C:\Windows\System\OWMEmzs.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\bsPiXZE.exe
  C:\Windows\System\bsPiXZE.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\bwiUseS.exe
  C:\Windows\System\bwiUseS.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\xJvZRZi.exe
  C:\Windows\System\xJvZRZi.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\nHqklyU.exe
  C:\Windows\System\nHqklyU.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\sbUXnyk.exe
  C:\Windows\System\sbUXnyk.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\EkwvhdF.exe
  C:\Windows\System\EkwvhdF.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\xmVJMwJ.exe
  C:\Windows\System\xmVJMwJ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\hkmfmQw.exe
  C:\Windows\System\hkmfmQw.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\JfZeaeO.exe
  C:\Windows\System\JfZeaeO.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\gwlmaxZ.exe
  C:\Windows\System\gwlmaxZ.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\RgHKdgp.exe
  C:\Windows\System\RgHKdgp.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\zZogxqg.exe
  C:\Windows\System\zZogxqg.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\GAyTtBR.exe
  C:\Windows\System\GAyTtBR.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\NKdVJNj.exe
  C:\Windows\System\NKdVJNj.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\uXByMdX.exe
  C:\Windows\System\uXByMdX.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\dVNxEhZ.exe
  C:\Windows\System\dVNxEhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\fHeamdq.exe
  C:\Windows\System\fHeamdq.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VMLdLCO.exe
  C:\Windows\System\VMLdLCO.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\FYzkFtZ.exe
  C:\Windows\System\FYzkFtZ.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\MvPrJUG.exe
  C:\Windows\System\MvPrJUG.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\fEczSjc.exe
  C:\Windows\System\fEczSjc.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\RwwHwce.exe
  C:\Windows\System\RwwHwce.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\JOrCAwi.exe
  C:\Windows\System\JOrCAwi.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\ksImjnL.exe
  C:\Windows\System\ksImjnL.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\bfCSEUl.exe
  C:\Windows\System\bfCSEUl.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\JVtETZL.exe
  C:\Windows\System\JVtETZL.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\mfyukiu.exe
  C:\Windows\System\mfyukiu.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\OpeUUOX.exe
  C:\Windows\System\OpeUUOX.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\IsjnJOS.exe
  C:\Windows\System\IsjnJOS.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\oUidnzc.exe
  C:\Windows\System\oUidnzc.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\RfdFrBA.exe
  C:\Windows\System\RfdFrBA.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\GBCJQuz.exe
  C:\Windows\System\GBCJQuz.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\wkQkpIf.exe
  C:\Windows\System\wkQkpIf.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\anXCzrV.exe
  C:\Windows\System\anXCzrV.exe
  2⤵
  - Executes dropped EXE
  PID:244
- C:\Windows\System\UaekERz.exe
  C:\Windows\System\UaekERz.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\tVEGuDS.exe
  C:\Windows\System\tVEGuDS.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\Oauiirt.exe
  C:\Windows\System\Oauiirt.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\BtUcYNr.exe
  C:\Windows\System\BtUcYNr.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\wayJNCw.exe
  C:\Windows\System\wayJNCw.exe
  2⤵
  PID:4204
- C:\Windows\System\HgaeEbn.exe
  C:\Windows\System\HgaeEbn.exe
  2⤵
  PID:3848
- C:\Windows\System\feJKTcN.exe
  C:\Windows\System\feJKTcN.exe
  2⤵
  PID:2836
- C:\Windows\System\CSzvuBR.exe
  C:\Windows\System\CSzvuBR.exe
  2⤵
  PID:3468
- C:\Windows\System\FfbKfeb.exe
  C:\Windows\System\FfbKfeb.exe
  2⤵
  PID:1672
- C:\Windows\System\uHlaicK.exe
  C:\Windows\System\uHlaicK.exe
  2⤵
  PID:1936
- C:\Windows\System\OJcsWQz.exe
  C:\Windows\System\OJcsWQz.exe
  2⤵
  PID:1296
- C:\Windows\System\gmqPEPa.exe
  C:\Windows\System\gmqPEPa.exe
  2⤵
  PID:448
- C:\Windows\System\GlEwROz.exe
  C:\Windows\System\GlEwROz.exe
  2⤵
  PID:3128
- C:\Windows\System\wDpgtpM.exe
  C:\Windows\System\wDpgtpM.exe
  2⤵
  PID:1476
- C:\Windows\System\BQshUsy.exe
  C:\Windows\System\BQshUsy.exe
  2⤵
  PID:4812
- C:\Windows\System\SeuGnkY.exe
  C:\Windows\System\SeuGnkY.exe
  2⤵
  PID:4192
- C:\Windows\System\NcalBGT.exe
  C:\Windows\System\NcalBGT.exe
  2⤵
  PID:2116
- C:\Windows\System\XsEFTiU.exe
  C:\Windows\System\XsEFTiU.exe
  2⤵
  PID:2168
- C:\Windows\System\UuLmfJv.exe
  C:\Windows\System\UuLmfJv.exe
  2⤵
  PID:224
- C:\Windows\System\gLdcwBq.exe
  C:\Windows\System\gLdcwBq.exe
  2⤵
  PID:2068
- C:\Windows\System\nAMcKKK.exe
  C:\Windows\System\nAMcKKK.exe
  2⤵
  PID:3192
- C:\Windows\System\sUsnasE.exe
  C:\Windows\System\sUsnasE.exe
  2⤵
  PID:4908
- C:\Windows\System\MKQpvRD.exe
  C:\Windows\System\MKQpvRD.exe
  2⤵
  PID:864
- C:\Windows\System\xFDFObA.exe
  C:\Windows\System\xFDFObA.exe
  2⤵
  PID:632
- C:\Windows\System\PYiOWnp.exe
  C:\Windows\System\PYiOWnp.exe
  2⤵
  PID:3888
- C:\Windows\System\HBmLDQx.exe
  C:\Windows\System\HBmLDQx.exe
  2⤵
  PID:2292
- C:\Windows\System\bgZlLQR.exe
  C:\Windows\System\bgZlLQR.exe
  2⤵
  PID:3844
- C:\Windows\System\FjEBKrR.exe
  C:\Windows\System\FjEBKrR.exe
  2⤵
  PID:2556
- C:\Windows\System\uSpisOL.exe
  C:\Windows\System\uSpisOL.exe
  2⤵
  PID:3584
- C:\Windows\System\ZEyjwNW.exe
  C:\Windows\System\ZEyjwNW.exe
  2⤵
  PID:1660
- C:\Windows\System\FxZaCqX.exe
  C:\Windows\System\FxZaCqX.exe
  2⤵
  PID:4256
- C:\Windows\System\MckyqKO.exe
  C:\Windows\System\MckyqKO.exe
  2⤵
  PID:4588
- C:\Windows\System\pOWvEBs.exe
  C:\Windows\System\pOWvEBs.exe
  2⤵
  PID:1952
- C:\Windows\System\fuBMyPO.exe
  C:\Windows\System\fuBMyPO.exe
  2⤵
  PID:5104
- C:\Windows\System\NBIcAxV.exe
  C:\Windows\System\NBIcAxV.exe
  2⤵
  PID:3896
- C:\Windows\System\pBQhMxJ.exe
  C:\Windows\System\pBQhMxJ.exe
  2⤵
  PID:1276
- C:\Windows\System\hucLVdR.exe
  C:\Windows\System\hucLVdR.exe
  2⤵
  PID:5100
- C:\Windows\System\lVXKxjL.exe
  C:\Windows\System\lVXKxjL.exe
  2⤵
  PID:1056
- C:\Windows\System\RNeRXyN.exe
  C:\Windows\System\RNeRXyN.exe
  2⤵
  PID:4924
- C:\Windows\System\YjsainQ.exe
  C:\Windows\System\YjsainQ.exe
  2⤵
  PID:5060
- C:\Windows\System\MqNSenA.exe
  C:\Windows\System\MqNSenA.exe
  2⤵
  PID:3852
- C:\Windows\System\ayVdcTx.exe
  C:\Windows\System\ayVdcTx.exe
  2⤵
  PID:5148
- C:\Windows\System\HlNVNsy.exe
  C:\Windows\System\HlNVNsy.exe
  2⤵
  PID:5172
- C:\Windows\System\JEAguQj.exe
  C:\Windows\System\JEAguQj.exe
  2⤵
  PID:5200
- C:\Windows\System\NbShfYe.exe
  C:\Windows\System\NbShfYe.exe
  2⤵
  PID:5228
- C:\Windows\System\fvpuxwo.exe
  C:\Windows\System\fvpuxwo.exe
  2⤵
  PID:5244
- C:\Windows\System\hQPNYLK.exe
  C:\Windows\System\hQPNYLK.exe
  2⤵
  PID:5272
- C:\Windows\System\PcrwNvE.exe
  C:\Windows\System\PcrwNvE.exe
  2⤵
  PID:5312
- C:\Windows\System\cYDHule.exe
  C:\Windows\System\cYDHule.exe
  2⤵
  PID:5340
- C:\Windows\System\dSGVNaR.exe
  C:\Windows\System\dSGVNaR.exe
  2⤵
  PID:5364
- C:\Windows\System\pSjgmKm.exe
  C:\Windows\System\pSjgmKm.exe
  2⤵
  PID:5400
- C:\Windows\System\UQIVjPY.exe
  C:\Windows\System\UQIVjPY.exe
  2⤵
  PID:5440
- C:\Windows\System\QoSJxHF.exe
  C:\Windows\System\QoSJxHF.exe
  2⤵
  PID:5464
- C:\Windows\System\drkwuYE.exe
  C:\Windows\System\drkwuYE.exe
  2⤵
  PID:5492
- C:\Windows\System\CNFtSFc.exe
  C:\Windows\System\CNFtSFc.exe
  2⤵
  PID:5520
- C:\Windows\System\BLmBWPu.exe
  C:\Windows\System\BLmBWPu.exe
  2⤵
  PID:5548
- C:\Windows\System\dumQXby.exe
  C:\Windows\System\dumQXby.exe
  2⤵
  PID:5588
- C:\Windows\System\XHoWkdM.exe
  C:\Windows\System\XHoWkdM.exe
  2⤵
  PID:5620
- C:\Windows\System\oiXIezD.exe
  C:\Windows\System\oiXIezD.exe
  2⤵
  PID:5648
- C:\Windows\System\NgcjzxS.exe
  C:\Windows\System\NgcjzxS.exe
  2⤵
  PID:5676
- C:\Windows\System\sZgILDz.exe
  C:\Windows\System\sZgILDz.exe
  2⤵
  PID:5704
- C:\Windows\System\GuTJuEZ.exe
  C:\Windows\System\GuTJuEZ.exe
  2⤵
  PID:5732
- C:\Windows\System\PEYnftx.exe
  C:\Windows\System\PEYnftx.exe
  2⤵
  PID:5760
- C:\Windows\System\MhVlyLW.exe
  C:\Windows\System\MhVlyLW.exe
  2⤵
  PID:5788
- C:\Windows\System\EAttVTK.exe
  C:\Windows\System\EAttVTK.exe
  2⤵
  PID:5816
- C:\Windows\System\ZitzgHu.exe
  C:\Windows\System\ZitzgHu.exe
  2⤵
  PID:5856
- C:\Windows\System\RdiOTfm.exe
  C:\Windows\System\RdiOTfm.exe
  2⤵
  PID:5892
- C:\Windows\System\oGynOmC.exe
  C:\Windows\System\oGynOmC.exe
  2⤵
  PID:5928
- C:\Windows\System\wHVehxM.exe
  C:\Windows\System\wHVehxM.exe
  2⤵
  PID:5968
- C:\Windows\System\reTcxMv.exe
  C:\Windows\System\reTcxMv.exe
  2⤵
  PID:6000
- C:\Windows\System\jaeJIWy.exe
  C:\Windows\System\jaeJIWy.exe
  2⤵
  PID:6028
- C:\Windows\System\oJlmpEo.exe
  C:\Windows\System\oJlmpEo.exe
  2⤵
  PID:6060
- C:\Windows\System\ZswzDpx.exe
  C:\Windows\System\ZswzDpx.exe
  2⤵
  PID:6096
- C:\Windows\System\ksFRhSP.exe
  C:\Windows\System\ksFRhSP.exe
  2⤵
  PID:6124
- C:\Windows\System\rYMugWi.exe
  C:\Windows\System\rYMugWi.exe
  2⤵
  PID:5128
- C:\Windows\System\XyemVtf.exe
  C:\Windows\System\XyemVtf.exe
  2⤵
  PID:5184
- C:\Windows\System\mnSgtco.exe
  C:\Windows\System\mnSgtco.exe
  2⤵
  PID:5292
- C:\Windows\System\sRgDMYe.exe
  C:\Windows\System\sRgDMYe.exe
  2⤵
  PID:5356
- C:\Windows\System\UxuhMmx.exe
  C:\Windows\System\UxuhMmx.exe
  2⤵
  PID:5420
- C:\Windows\System\tkEiusM.exe
  C:\Windows\System\tkEiusM.exe
  2⤵
  PID:5484
- C:\Windows\System\IFKTeci.exe
  C:\Windows\System\IFKTeci.exe
  2⤵
  PID:5532
- C:\Windows\System\pdcTAjy.exe
  C:\Windows\System\pdcTAjy.exe
  2⤵
  PID:5612
- C:\Windows\System\MUhGLhu.exe
  C:\Windows\System\MUhGLhu.exe
  2⤵
  PID:5692
- C:\Windows\System\ZCPkygH.exe
  C:\Windows\System\ZCPkygH.exe
  2⤵
  PID:5772
- C:\Windows\System\VCbOTmd.exe
  C:\Windows\System\VCbOTmd.exe
  2⤵
  PID:5812
- C:\Windows\System\kUEZCYC.exe
  C:\Windows\System\kUEZCYC.exe
  2⤵
  PID:5888
- C:\Windows\System\CmOxJED.exe
  C:\Windows\System\CmOxJED.exe
  2⤵
  PID:5952
- C:\Windows\System\gXwIsRI.exe
  C:\Windows\System\gXwIsRI.exe
  2⤵
  PID:6020
- C:\Windows\System\HetlwIf.exe
  C:\Windows\System\HetlwIf.exe
  2⤵
  PID:6120
- C:\Windows\System\fboRuUu.exe
  C:\Windows\System\fboRuUu.exe
  2⤵
  PID:5208
- C:\Windows\System\bZKSaUc.exe
  C:\Windows\System\bZKSaUc.exe
  2⤵
  PID:5900
- C:\Windows\System\dZKQagg.exe
  C:\Windows\System\dZKQagg.exe
  2⤵
  PID:5408
- C:\Windows\System\aXZmtnw.exe
  C:\Windows\System\aXZmtnw.exe
  2⤵
  PID:5544
- C:\Windows\System\vMIpAPz.exe
  C:\Windows\System\vMIpAPz.exe
  2⤵
  PID:5688
- C:\Windows\System\KAPyHTd.exe
  C:\Windows\System\KAPyHTd.exe
  2⤵
  PID:5756
- C:\Windows\System\isrCLJp.exe
  C:\Windows\System\isrCLJp.exe
  2⤵
  PID:6088
- C:\Windows\System\pZpEhhc.exe
  C:\Windows\System\pZpEhhc.exe
  2⤵
  PID:5156
- C:\Windows\System\DFjSVqz.exe
  C:\Windows\System\DFjSVqz.exe
  2⤵
  PID:5460
- C:\Windows\System\zpLuJyy.exe
  C:\Windows\System\zpLuJyy.exe
  2⤵
  PID:5848
- C:\Windows\System\GNYqpaq.exe
  C:\Windows\System\GNYqpaq.exe
  2⤵
  PID:5256
- C:\Windows\System\zsFOQRR.exe
  C:\Windows\System\zsFOQRR.exe
  2⤵
  PID:4664
- C:\Windows\System\hYBcGmI.exe
  C:\Windows\System\hYBcGmI.exe
  2⤵
  PID:6180
- C:\Windows\System\cWgvAjb.exe
  C:\Windows\System\cWgvAjb.exe
  2⤵
  PID:6196
- C:\Windows\System\FXGvBnm.exe
  C:\Windows\System\FXGvBnm.exe
  2⤵
  PID:6216
- C:\Windows\System\xyXuEXl.exe
  C:\Windows\System\xyXuEXl.exe
  2⤵
  PID:6236
- C:\Windows\System\GTFfKKn.exe
  C:\Windows\System\GTFfKKn.exe
  2⤵
  PID:6276
- C:\Windows\System\RKisppD.exe
  C:\Windows\System\RKisppD.exe
  2⤵
  PID:6308
- C:\Windows\System\riTkANZ.exe
  C:\Windows\System\riTkANZ.exe
  2⤵
  PID:6324
- C:\Windows\System\uUOqMKZ.exe
  C:\Windows\System\uUOqMKZ.exe
  2⤵
  PID:6360
- C:\Windows\System\tgtjfTl.exe
  C:\Windows\System\tgtjfTl.exe
  2⤵
  PID:6396
- C:\Windows\System\KwzjSBk.exe
  C:\Windows\System\KwzjSBk.exe
  2⤵
  PID:6444
- C:\Windows\System\GcWduaZ.exe
  C:\Windows\System\GcWduaZ.exe
  2⤵
  PID:6464
- C:\Windows\System\PbHVItS.exe
  C:\Windows\System\PbHVItS.exe
  2⤵
  PID:6488
- C:\Windows\System\XGzzIKR.exe
  C:\Windows\System\XGzzIKR.exe
  2⤵
  PID:6528
- C:\Windows\System\TRkzRmN.exe
  C:\Windows\System\TRkzRmN.exe
  2⤵
  PID:6556
- C:\Windows\System\fOEGkXM.exe
  C:\Windows\System\fOEGkXM.exe
  2⤵
  PID:6584
- C:\Windows\System\casbuhQ.exe
  C:\Windows\System\casbuhQ.exe
  2⤵
  PID:6612
- C:\Windows\System\JocpiWO.exe
  C:\Windows\System\JocpiWO.exe
  2⤵
  PID:6640
- C:\Windows\System\sRLcRGB.exe
  C:\Windows\System\sRLcRGB.exe
  2⤵
  PID:6668
- C:\Windows\System\yheiobO.exe
  C:\Windows\System\yheiobO.exe
  2⤵
  PID:6692
- C:\Windows\System\qTmtPIz.exe
  C:\Windows\System\qTmtPIz.exe
  2⤵
  PID:6724
- C:\Windows\System\xRprGWg.exe
  C:\Windows\System\xRprGWg.exe
  2⤵
  PID:6740
- C:\Windows\System\dWmLfbc.exe
  C:\Windows\System\dWmLfbc.exe
  2⤵
  PID:6764
- C:\Windows\System\AjOuUQu.exe
  C:\Windows\System\AjOuUQu.exe
  2⤵
  PID:6800
- C:\Windows\System\YAwoSHT.exe
  C:\Windows\System\YAwoSHT.exe
  2⤵
  PID:6836
- C:\Windows\System\SWLGEyV.exe
  C:\Windows\System\SWLGEyV.exe
  2⤵
  PID:6864
- C:\Windows\System\KDZEKDx.exe
  C:\Windows\System\KDZEKDx.exe
  2⤵
  PID:6880
- C:\Windows\System\mLNJNVX.exe
  C:\Windows\System\mLNJNVX.exe
  2⤵
  PID:6908
- C:\Windows\System\gsQOmGY.exe
  C:\Windows\System\gsQOmGY.exe
  2⤵
  PID:6948
- C:\Windows\System\SLXFBFh.exe
  C:\Windows\System\SLXFBFh.exe
  2⤵
  PID:6976
- C:\Windows\System\SQLAPNQ.exe
  C:\Windows\System\SQLAPNQ.exe
  2⤵
  PID:7004
- C:\Windows\System\ehoGhWv.exe
  C:\Windows\System\ehoGhWv.exe
  2⤵
  PID:7032
- C:\Windows\System\QsFjgbk.exe
  C:\Windows\System\QsFjgbk.exe
  2⤵
  PID:7060
- C:\Windows\System\WnIWqCx.exe
  C:\Windows\System\WnIWqCx.exe
  2⤵
  PID:7088
- C:\Windows\System\ZYIbvOZ.exe
  C:\Windows\System\ZYIbvOZ.exe
  2⤵
  PID:7104
- C:\Windows\System\HcpOQyf.exe
  C:\Windows\System\HcpOQyf.exe
  2⤵
  PID:7124
- C:\Windows\System\xUMBjyU.exe
  C:\Windows\System\xUMBjyU.exe
  2⤵
  PID:7156
- C:\Windows\System\KyoKaHU.exe
  C:\Windows\System\KyoKaHU.exe
  2⤵
  PID:6152
- C:\Windows\System\ODKaMzF.exe
  C:\Windows\System\ODKaMzF.exe
  2⤵
  PID:6260
- C:\Windows\System\BcptbcW.exe
  C:\Windows\System\BcptbcW.exe
  2⤵
  PID:6264
- C:\Windows\System\ElyKMpF.exe
  C:\Windows\System\ElyKMpF.exe
  2⤵
  PID:6344
- C:\Windows\System\zpWBlIG.exe
  C:\Windows\System\zpWBlIG.exe
  2⤵
  PID:6424
- C:\Windows\System\SAYxaIa.exe
  C:\Windows\System\SAYxaIa.exe
  2⤵
  PID:6512
- C:\Windows\System\obcgwnj.exe
  C:\Windows\System\obcgwnj.exe
  2⤵
  PID:6576
- C:\Windows\System\uliZtvT.exe
  C:\Windows\System\uliZtvT.exe
  2⤵
  PID:6632
- C:\Windows\System\bjqaRWb.exe
  C:\Windows\System\bjqaRWb.exe
  2⤵
  PID:6688
- C:\Windows\System\iLJgOvU.exe
  C:\Windows\System\iLJgOvU.exe
  2⤵
  PID:6776
- C:\Windows\System\FkFCpcP.exe
  C:\Windows\System\FkFCpcP.exe
  2⤵
  PID:6828
- C:\Windows\System\HFjbSqQ.exe
  C:\Windows\System\HFjbSqQ.exe
  2⤵
  PID:6904
- C:\Windows\System\QbACOwl.exe
  C:\Windows\System\QbACOwl.exe
  2⤵
  PID:6968
- C:\Windows\System\kAYklzl.exe
  C:\Windows\System\kAYklzl.exe
  2⤵
  PID:7048
- C:\Windows\System\zKfQpnQ.exe
  C:\Windows\System\zKfQpnQ.exe
  2⤵
  PID:7100
- C:\Windows\System\eajsvVM.exe
  C:\Windows\System\eajsvVM.exe
  2⤵
  PID:7144
- C:\Windows\System\MRvYASK.exe
  C:\Windows\System\MRvYASK.exe
  2⤵
  PID:6228
- C:\Windows\System\djKmdvH.exe
  C:\Windows\System\djKmdvH.exe
  2⤵
  PID:6392
- C:\Windows\System\UxJmbJZ.exe
  C:\Windows\System\UxJmbJZ.exe
  2⤵
  PID:6608
- C:\Windows\System\agDnOzO.exe
  C:\Windows\System\agDnOzO.exe
  2⤵
  PID:6708
- C:\Windows\System\QzbHReC.exe
  C:\Windows\System\QzbHReC.exe
  2⤵
  PID:6872
- C:\Windows\System\SWRqVQo.exe
  C:\Windows\System\SWRqVQo.exe
  2⤵
  PID:7028
- C:\Windows\System\BkAbHiJ.exe
  C:\Windows\System\BkAbHiJ.exe
  2⤵
  PID:6164
- C:\Windows\System\cDEZfOG.exe
  C:\Windows\System\cDEZfOG.exe
  2⤵
  PID:6596
- C:\Windows\System\xtaJwAJ.exe
  C:\Windows\System\xtaJwAJ.exe
  2⤵
  PID:6960
- C:\Windows\System\nMjDkiT.exe
  C:\Windows\System\nMjDkiT.exe
  2⤵
  PID:6472
- C:\Windows\System\BIxHavK.exe
  C:\Windows\System\BIxHavK.exe
  2⤵
  PID:6320
- C:\Windows\System\qZIrLkZ.exe
  C:\Windows\System\qZIrLkZ.exe
  2⤵
  PID:7180
- C:\Windows\System\HOWuASX.exe
  C:\Windows\System\HOWuASX.exe
  2⤵
  PID:7196
- C:\Windows\System\OWlRrtD.exe
  C:\Windows\System\OWlRrtD.exe
  2⤵
  PID:7212
- C:\Windows\System\bHhLnud.exe
  C:\Windows\System\bHhLnud.exe
  2⤵
  PID:7232
- C:\Windows\System\vuCxwkH.exe
  C:\Windows\System\vuCxwkH.exe
  2⤵
  PID:7256
- C:\Windows\System\UhTOHwU.exe
  C:\Windows\System\UhTOHwU.exe
  2⤵
  PID:7292
- C:\Windows\System\nopNHMM.exe
  C:\Windows\System\nopNHMM.exe
  2⤵
  PID:7316
- C:\Windows\System\JmranaG.exe
  C:\Windows\System\JmranaG.exe
  2⤵
  PID:7364
- C:\Windows\System\gBbNJGg.exe
  C:\Windows\System\gBbNJGg.exe
  2⤵
  PID:7404
- C:\Windows\System\BkeDeDF.exe
  C:\Windows\System\BkeDeDF.exe
  2⤵
  PID:7440
- C:\Windows\System\dnbQmcH.exe
  C:\Windows\System\dnbQmcH.exe
  2⤵
  PID:7464
- C:\Windows\System\WVfHBAr.exe
  C:\Windows\System\WVfHBAr.exe
  2⤵
  PID:7488
- C:\Windows\System\lAovciA.exe
  C:\Windows\System\lAovciA.exe
  2⤵
  PID:7528
- C:\Windows\System\CiGIXQZ.exe
  C:\Windows\System\CiGIXQZ.exe
  2⤵
  PID:7556
- C:\Windows\System\vAwIMuX.exe
  C:\Windows\System\vAwIMuX.exe
  2⤵
  PID:7592
- C:\Windows\System\ALBKFjj.exe
  C:\Windows\System\ALBKFjj.exe
  2⤵
  PID:7616
- C:\Windows\System\xNEiFxj.exe
  C:\Windows\System\xNEiFxj.exe
  2⤵
  PID:7644
- C:\Windows\System\koNOjsW.exe
  C:\Windows\System\koNOjsW.exe
  2⤵
  PID:7664
- C:\Windows\System\lFSfZgg.exe
  C:\Windows\System\lFSfZgg.exe
  2⤵
  PID:7692
- C:\Windows\System\AYkitxW.exe
  C:\Windows\System\AYkitxW.exe
  2⤵
  PID:7724
- C:\Windows\System\bvPCNtm.exe
  C:\Windows\System\bvPCNtm.exe
  2⤵
  PID:7760
- C:\Windows\System\VQDcwRM.exe
  C:\Windows\System\VQDcwRM.exe
  2⤵
  PID:7788
- C:\Windows\System\zRfDTFh.exe
  C:\Windows\System\zRfDTFh.exe
  2⤵
  PID:7804
- C:\Windows\System\LhlnePM.exe
  C:\Windows\System\LhlnePM.exe
  2⤵
  PID:7836
- C:\Windows\System\FbnWRye.exe
  C:\Windows\System\FbnWRye.exe
  2⤵
  PID:7860
- C:\Windows\System\wMYCrqL.exe
  C:\Windows\System\wMYCrqL.exe
  2⤵
  PID:7900
- C:\Windows\System\vsxeOFo.exe
  C:\Windows\System\vsxeOFo.exe
  2⤵
  PID:7924
- C:\Windows\System\BecHKKx.exe
  C:\Windows\System\BecHKKx.exe
  2⤵
  PID:7952
- C:\Windows\System\SjkzYBD.exe
  C:\Windows\System\SjkzYBD.exe
  2⤵
  PID:7980
- C:\Windows\System\tywZxzF.exe
  C:\Windows\System\tywZxzF.exe
  2⤵
  PID:8012
- C:\Windows\System\YhfvOmJ.exe
  C:\Windows\System\YhfvOmJ.exe
  2⤵
  PID:8040
- C:\Windows\System\rCWMFAe.exe
  C:\Windows\System\rCWMFAe.exe
  2⤵
  PID:8060
- C:\Windows\System\yuTjaPk.exe
  C:\Windows\System\yuTjaPk.exe
  2⤵
  PID:8100
- C:\Windows\System\MmpYUYd.exe
  C:\Windows\System\MmpYUYd.exe
  2⤵
  PID:8120
- C:\Windows\System\bNxsqtF.exe
  C:\Windows\System\bNxsqtF.exe
  2⤵
  PID:8160
- C:\Windows\System\HxwoiyJ.exe
  C:\Windows\System\HxwoiyJ.exe
  2⤵
  PID:8180
- C:\Windows\System\rrlSVKG.exe
  C:\Windows\System\rrlSVKG.exe
  2⤵
  PID:7204
- C:\Windows\System\WwxsfGi.exe
  C:\Windows\System\WwxsfGi.exe
  2⤵
  PID:7244
- C:\Windows\System\tfrEAeg.exe
  C:\Windows\System\tfrEAeg.exe
  2⤵
  PID:7312
- C:\Windows\System\HGpwefg.exe
  C:\Windows\System\HGpwefg.exe
  2⤵
  PID:7384
- C:\Windows\System\mtsmndH.exe
  C:\Windows\System\mtsmndH.exe
  2⤵
  PID:7472
- C:\Windows\System\NopbiAd.exe
  C:\Windows\System\NopbiAd.exe
  2⤵
  PID:7540
- C:\Windows\System\AyXgAgB.exe
  C:\Windows\System\AyXgAgB.exe
  2⤵
  PID:7608
- C:\Windows\System\dqSXqkr.exe
  C:\Windows\System\dqSXqkr.exe
  2⤵
  PID:7656
- C:\Windows\System\PcfWJCy.exe
  C:\Windows\System\PcfWJCy.exe
  2⤵
  PID:7736
- C:\Windows\System\DeSgtcJ.exe
  C:\Windows\System\DeSgtcJ.exe
  2⤵
  PID:7816
- C:\Windows\System\QfsnUre.exe
  C:\Windows\System\QfsnUre.exe
  2⤵
  PID:7872
- C:\Windows\System\EMbRlpI.exe
  C:\Windows\System\EMbRlpI.exe
  2⤵
  PID:7940
- C:\Windows\System\DwmsNfz.exe
  C:\Windows\System\DwmsNfz.exe
  2⤵
  PID:8004
- C:\Windows\System\rUlykAD.exe
  C:\Windows\System\rUlykAD.exe
  2⤵
  PID:8088
- C:\Windows\System\oADemrO.exe
  C:\Windows\System\oADemrO.exe
  2⤵
  PID:8132
- C:\Windows\System\MtwvKuA.exe
  C:\Windows\System\MtwvKuA.exe
  2⤵
  PID:7152
- C:\Windows\System\BqCnjYO.exe
  C:\Windows\System\BqCnjYO.exe
  2⤵
  PID:7340
- C:\Windows\System\SZpMCzr.exe
  C:\Windows\System\SZpMCzr.exe
  2⤵
  PID:7524
- C:\Windows\System\ItAjaha.exe
  C:\Windows\System\ItAjaha.exe
  2⤵
  PID:7676
- C:\Windows\System\SgrTqyo.exe
  C:\Windows\System\SgrTqyo.exe
  2⤵
  PID:7780
- C:\Windows\System\oBuyqFb.exe
  C:\Windows\System\oBuyqFb.exe
  2⤵
  PID:7888
- C:\Windows\System\XpVBbpX.exe
  C:\Windows\System\XpVBbpX.exe
  2⤵
  PID:8140
- C:\Windows\System\ZHMVLrB.exe
  C:\Windows\System\ZHMVLrB.exe
  2⤵
  PID:7080
- C:\Windows\System\lGMmimM.exe
  C:\Windows\System\lGMmimM.exe
  2⤵
  PID:7500
- C:\Windows\System\uDbtKLy.exe
  C:\Windows\System\uDbtKLy.exe
  2⤵
  PID:7988
- C:\Windows\System\UKclpxP.exe
  C:\Windows\System\UKclpxP.exe
  2⤵
  PID:7588
- C:\Windows\System\jxqBTkB.exe
  C:\Windows\System\jxqBTkB.exe
  2⤵
  PID:7416
- C:\Windows\System\stFflVo.exe
  C:\Windows\System\stFflVo.exe
  2⤵
  PID:8216
- C:\Windows\System\SEuNQeR.exe
  C:\Windows\System\SEuNQeR.exe
  2⤵
  PID:8244
- C:\Windows\System\dLTMnng.exe
  C:\Windows\System\dLTMnng.exe
  2⤵
  PID:8272
- C:\Windows\System\sEnGMDh.exe
  C:\Windows\System\sEnGMDh.exe
  2⤵
  PID:8300
- C:\Windows\System\OTrzIjw.exe
  C:\Windows\System\OTrzIjw.exe
  2⤵
  PID:8328
- C:\Windows\System\zckjQFM.exe
  C:\Windows\System\zckjQFM.exe
  2⤵
  PID:8356
- C:\Windows\System\WHrHndp.exe
  C:\Windows\System\WHrHndp.exe
  2⤵
  PID:8384
- C:\Windows\System\HizjQLR.exe
  C:\Windows\System\HizjQLR.exe
  2⤵
  PID:8424
- C:\Windows\System\eUrZyLc.exe
  C:\Windows\System\eUrZyLc.exe
  2⤵
  PID:8444
- C:\Windows\System\fmSplxM.exe
  C:\Windows\System\fmSplxM.exe
  2⤵
  PID:8480
- C:\Windows\System\ZWWnqMa.exe
  C:\Windows\System\ZWWnqMa.exe
  2⤵
  PID:8500
- C:\Windows\System\pNUVzkt.exe
  C:\Windows\System\pNUVzkt.exe
  2⤵
  PID:8520
- C:\Windows\System\YOSwAlI.exe
  C:\Windows\System\YOSwAlI.exe
  2⤵
  PID:8552
- C:\Windows\System\NsYAMPw.exe
  C:\Windows\System\NsYAMPw.exe
  2⤵
  PID:8580
- C:\Windows\System\WHfywuU.exe
  C:\Windows\System\WHfywuU.exe
  2⤵
  PID:8608
- C:\Windows\System\wzRmlou.exe
  C:\Windows\System\wzRmlou.exe
  2⤵
  PID:8632
- C:\Windows\System\RfVekEj.exe
  C:\Windows\System\RfVekEj.exe
  2⤵
  PID:8660
- C:\Windows\System\YpGmHEC.exe
  C:\Windows\System\YpGmHEC.exe
  2⤵
  PID:8680
- C:\Windows\System\rKxCBLF.exe
  C:\Windows\System\rKxCBLF.exe
  2⤵
  PID:8724
- C:\Windows\System\NHktjue.exe
  C:\Windows\System\NHktjue.exe
  2⤵
  PID:8748
- C:\Windows\System\XcgrlGm.exe
  C:\Windows\System\XcgrlGm.exe
  2⤵
  PID:8780
- C:\Windows\System\XCvrwkU.exe
  C:\Windows\System\XCvrwkU.exe
  2⤵
  PID:8804
- C:\Windows\System\OMEkhAh.exe
  C:\Windows\System\OMEkhAh.exe
  2⤵
  PID:8832
- C:\Windows\System\SGlVavm.exe
  C:\Windows\System\SGlVavm.exe
  2⤵
  PID:8868
- C:\Windows\System\dRkFhLI.exe
  C:\Windows\System\dRkFhLI.exe
  2⤵
  PID:8896
- C:\Windows\System\jHEankR.exe
  C:\Windows\System\jHEankR.exe
  2⤵
  PID:8928
- C:\Windows\System\qxEyoZP.exe
  C:\Windows\System\qxEyoZP.exe
  2⤵
  PID:8956
- C:\Windows\System\IcqPoDs.exe
  C:\Windows\System\IcqPoDs.exe
  2⤵
  PID:8984
- C:\Windows\System\mqcTvRH.exe
  C:\Windows\System\mqcTvRH.exe
  2⤵
  PID:9008
- C:\Windows\System\ItLvkEQ.exe
  C:\Windows\System\ItLvkEQ.exe
  2⤵
  PID:9040
- C:\Windows\System\ABCyILd.exe
  C:\Windows\System\ABCyILd.exe
  2⤵
  PID:9064
- C:\Windows\System\AddYICT.exe
  C:\Windows\System\AddYICT.exe
  2⤵
  PID:9084
- C:\Windows\System\ULFKeWj.exe
  C:\Windows\System\ULFKeWj.exe
  2⤵
  PID:9116
- C:\Windows\System\MpwoHOg.exe
  C:\Windows\System\MpwoHOg.exe
  2⤵
  PID:9140
- C:\Windows\System\NkbNYvf.exe
  C:\Windows\System\NkbNYvf.exe
  2⤵
  PID:9168
- C:\Windows\System\YoTuryg.exe
  C:\Windows\System\YoTuryg.exe
  2⤵
  PID:9200
- C:\Windows\System\JmlEDdA.exe
  C:\Windows\System\JmlEDdA.exe
  2⤵
  PID:8200
- C:\Windows\System\JspaQMC.exe
  C:\Windows\System\JspaQMC.exe
  2⤵
  PID:8256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AkqmaQY.exe

Filesize
2.1MB

MD5
70989adb6c2f7c05e2ab8d77d30dd7ac

SHA1
55fde7030cd0efe58ec20910087507d1a4e32770

SHA256
cb966dd2f26ad8b237e3a2fb791878bbc78237cee61502522e56d8df66422510

SHA512
f222c77f7955bce48c976d2a999edf81b25dbf3b8fca747d3eff6c5bc409a3a4e8f3dfe6950a10726738f001deca4a623d23a1e165e635a92a9780574d83a021

Download Submit
C:\Windows\System\EgLvktu.exe

Filesize
2.1MB

MD5
af1fb6cf065f4cfcdd64ef76df29a734

SHA1
379cded6187584435f8000bf68a9fc55dc492379

SHA256
70f6eae0454934a5d812ea6c7bc9aab6bd431b68372a56654393aa5ac1041b59

SHA512
029645f87ed54a0ab852f3c894281e57ceffdc6f2f06dd132d6766b7786e183a033bd2d303caaf8d43716bb2262ec3f9b1c01feb555c8b5ba5d2c989890e0553

Download Submit
C:\Windows\System\EkwvhdF.exe

Filesize
2.1MB

MD5
c4b2651c3ea17caacd4abbf391839be5

SHA1
72e95df97a7fd5aefcb1cd94572e1da42516390d

SHA256
e0525e7e726d7bd0bcdb6062ecf41ee96bca71b3f8af202f939f834e58612e99

SHA512
1c88b5595af4b2f8fa508233d18f4bce82956e8f1a71354a34ca0c5b6b43cb5ec45cf8bc7fb6322d8b6cafb9978e39de3e8cf561224ee9f0a87a7de6bff27264

Download Submit
C:\Windows\System\FNmuERD.exe

Filesize
2.1MB

MD5
9dfa7d5994e4b21505769ea9d8f77a2e

SHA1
e5fdf186aa1e43d60ddb82a3dc2a773ee3d2f8b7

SHA256
de6f29635aa7064df57704a47cc76cb70dd5c9d2bc32f580f52c140a19ea694c

SHA512
75ee0009b2a11dc772deed69bae951617cfd41e77370e24faff9facbd4591bd853fe896a0dda2c1549629eb491bad79245633c627109ec3cdf6eb7a4268a5fa6

Download Submit
C:\Windows\System\HrbFzaT.exe

Filesize
2.1MB

MD5
43bb3ee7048fe48f17bfb74074572f7c

SHA1
0358a89be80e0a50b7a130a1338c2ef8645e6a82

SHA256
a198a65196588978bdbfb08199d9242342d20d4384cc4ce3ffee826464ced693

SHA512
8c91940af6a6d491bf24da9c5ddf5689e5363118ccc1fc58493dd857e2430ac7847df84c8f5b4087fc20ee1e7315ca2b830179b3a48f068474c4390787a55fd3

Download Submit
C:\Windows\System\OWMEmzs.exe

Filesize
2.1MB

MD5
79cbdd33fec97765458450466a996800

SHA1
2a513b50cfeca62c98ee61e94ae955450954af63

SHA256
0ba4ac4bf90ea0de1954eab6e5306b13bcc521151a5647a128ffaa2cbb92029a

SHA512
5e03ad4961ae757320c150dd73f04bb03c4401e086ea32ea808a5d4bf1316b0152b1aa3a48da25631c89d58842deb0efb760c83a564900d89737539c734ed602

Download Submit
C:\Windows\System\OfuxfdR.exe

Filesize
2.1MB

MD5
199bbbf09f5847fac86b0a8e7405b4e1

SHA1
52b0e4a07b69fefb94fc006f0b6e5eac6f71fda0

SHA256
9315ef1e11aeb695a47cdb39fae9574ef74f50c9f5c10d295c07b3a10256d49b

SHA512
dffc625afab2524e0cc99c3199a82e37edcc28cc26dbf264719f87b2e9509bb0774bb5ba86bb0d08568e539ed5d215b7bced3e61c83e156c72bfc33699174ad1

Download Submit
C:\Windows\System\PTzBAEP.exe

Filesize
2.1MB

MD5
5167a5675d59e9aec52c34efa69d05f6

SHA1
cf912e480c53fbf4940e80bef93feac0eb2261c9

SHA256
227b87762426a71119496aaf4787c2fc4c636d22101bea226fa862c89cbb16bc

SHA512
a59b3f0564c75ff838835b8bdbacf9b55ed7fdb8bfd8211d7ca0acfc2adea7c1a10a547435f113e0c8e55d28522088e728e0e635b630870b55093b379033a4a0

Download Submit
C:\Windows\System\PkDBerr.exe

Filesize
2.1MB

MD5
b0364c1b70d2de7c085bcff0631ffaa5

SHA1
b6893fc8a71610f2f4e027f773482fcf548e0ec7

SHA256
f85e12f20c050a95f02463291ff9a277a7fa2110831c250d43ae543a02aa92eb

SHA512
30d80ea313a33f5e0619198d56c15b204466ab60ff823b902987d5327db375322de851d6deb9f1f3ff27d90e01b373d3e05f262c146a14353dc8a92def719b77

Download Submit
C:\Windows\System\UKKBRTq.exe

Filesize
2.1MB

MD5
b1b81310978f86ba2f2e1598fc97a5ba

SHA1
f4268bbc6294752414df68c6dcc191a8a06b04df

SHA256
45c9eb1068631ec915713d1dc7edf59a5ef29d1517640087cdc3d83ba01f65dc

SHA512
254dade295ac96e766dbcefd1d3b35fef274a4b67eb6fb72a00d990c9c5dd52ee30cea3e0eaac7f9f21ce090c68125653693be50421b1b6a38578dd80ed7896f

Download Submit
C:\Windows\System\UbwsVHK.exe

Filesize
2.1MB

MD5
29e96d4cbe6489ab9ebbda1d96c82b4b

SHA1
596f44a5516b2addf0f74b9835745f0a481efbdc

SHA256
1e88d09189f5ccf2286b8ebeeaf1679c0ff83c36594a36b48edd8deec3b31501

SHA512
94c9985e1134f11dddcdf6a4418cc3f3adb357fef9e2ac99005699628dca9cea0616e875541c8fca84c465a5a26bcbbf9a6e835aeac414f70f4dafb9c44fb94b

Download Submit
C:\Windows\System\VfrWCFj.exe

Filesize
2.1MB

MD5
f8e26ab802091230a33adcad6168f909

SHA1
6861b6bf399dcabff87e3d61ffc5765b2d718b53

SHA256
9eba9375b35bb9b65e45608e06b472cf7a52e563c3fa6c28ae6f50f8cc544834

SHA512
5b90f31cfd1aa2981fc26417fefdf39e2ebc54df15b19cf4b865afc4e223235d06e83411db248a504caa81244f51585acd34fb3a548c080e7e6283f8fec82f92

Download Submit
C:\Windows\System\WkIWBbB.exe

Filesize
2.1MB

MD5
d2811bdec07e06fb9d8f858ff20d1824

SHA1
cb7353dd24be1b454ad6131921da91de9dbcaf96

SHA256
4856d1c1e197e9ca873a88a570fc52cd1c912b82731f081ca35c0a0310e67e19

SHA512
949532fee704893b96a20bcd2a15bc52cde63c040f03f9c6b6b93f45e04ee85aa045a11bc81d3601e0568ecbf1e01379dedeacda94082a3a61108983b416e30c

Download Submit
C:\Windows\System\YAzcoTD.exe

Filesize
2.1MB

MD5
9ad166e3149833e2897ce54033302445

SHA1
aba84a4305924dfec66192bfaa63949c9fbc6222

SHA256
ffc5ed451abc2cc7c6a8771085490f6281308e056c3b2cc08d8177b2ef82dc8f

SHA512
e1b469d2bc99b41bfba1ae1d37f4c9960134c5438b868f2f90019e697fe06905e80234f64c2077765858900a0774ae211e42f7f174b0ea50085f41269ef35c5d

Download Submit
C:\Windows\System\bsPiXZE.exe

Filesize
2.1MB

MD5
18b59bd4e6973a34770a64e88f6f3ef6

SHA1
0210e7d93fd03ff5dc1678593beaaffaac420e63

SHA256
d1fdf4b0e35e95b1a009c9d0d9d2fdbf05ffdf6b6f13a55cf06090c7aa342f3f

SHA512
6e7f8ee2c1e1d6cd79f0c70d4cd2da0a32e5e8fc4df01b9174a13c6d9c209a5a5269c6ed3f72844898a02a6dc9e6ebf837bb3b02210a3d7c79fe9d61d9e36022

Download Submit
C:\Windows\System\bwiUseS.exe

Filesize
2.1MB

MD5
ad95306aa438c8c1c25877c359020040

SHA1
c61e31cf8d78c09ebffa4ba9ee4b4ab3b6844f97

SHA256
9b18a97198513a53accbec8e356a66c7ad721888b654e8493485a44df6555612

SHA512
319c21a770678782eb5677d02699fc38fa3d3f7457dff7954601523a38fdf2a20bbbade746513a47b36c5d51756c16b98deb203e6cf8c283d18d9971d4006a9c

Download Submit
C:\Windows\System\cLwTTHl.exe

Filesize
2.1MB

MD5
9c92e3297255c7fb236833154dcd90fe

SHA1
e1e1e9514cabe2ed0c74ed1c0ba17515ea2f6e4b

SHA256
1905a76df49e52da07d445824735d03c21e13c87f3efde97d6f371b8dc3a2012

SHA512
438cd71baf72b4c6f994e0f557d5f41c36288e8ce41f1400c9d99defc2f7a33a0e66c3e09c539012eb3e9dfe2c2ec1e6763f31c1825c681577b6b343fdaccee7

Download Submit
C:\Windows\System\cjncrrd.exe

Filesize
2.1MB

MD5
4a3015d4eaebdd1097ad1122398ab4fe

SHA1
3104b8f23a8b48c1257f1c2736143630f02018f9

SHA256
85b7016d351f73c5d006168b546e4996b600b14571fa5433ed56f504a5ec3fa8

SHA512
72c3a23baa88dfa2b339d5b13997d05f3df7dd67e9ec692856f7412a8c3bc12b6f50248cbe739621c25bc51f2cb9bc61ac8280d494d5b19c5cf090ce161cd797

Download Submit
C:\Windows\System\eLsBoBp.exe

Filesize
2.1MB

MD5
65c17d8683094b94c8e1225063ccb86c

SHA1
a43059408859dbbc9cf0905cf8feddaea4575a32

SHA256
1d33fcfc579b04733e58abaac80661afa0c97060ff0e771061ab40ffb5ceb342

SHA512
29c0bc985ec8f8e5cdba2824f83f8c109f75f793f8628ae9a55f53dc2045925419c4c88ca3df0f2b3977c9c8c8f4cdbea4388e342341ecc0452a43b40beb3434

Download Submit
C:\Windows\System\fYJobqS.exe

Filesize
2.1MB

MD5
9aa1f4eee6ca75103d759e9a8c8af355

SHA1
f22c60c95a2c6501471388ef86546be2565335bd

SHA256
1de34c629aaae187dbca5bc095a74617c3da19b1b9a647771bbb541b7b16c841

SHA512
30e7ea192a11aa08035cf8dcc5d6cc9b04b05568f1e834e9ed57f7b85982b639ae7195ac3b37b2876a8e51208ba68b7419c05978efbcb2c452ff644c63d58002

Download Submit
C:\Windows\System\jZXYbWT.exe

Filesize
2.1MB

MD5
cdd440381efd4220eeedb8a2798e54a3

SHA1
9087e2b10311aa080d0c3e3823168ffb4f6e626e

SHA256
935d559f805169af6a35f090fcebf5a7df0cd9bf36c04096d0ee0493fea54528

SHA512
22f812e33fd094e8d36305797e11165d0256b0c3e98c868643758420ffeef124b51a65514c58729864b519e29bcb2f0303793ffc6cf5adfb589f824c69ac0e2a

Download Submit
C:\Windows\System\mLqzYFQ.exe

Filesize
2.1MB

MD5
b15757b8bb915844cfbf56c53f8514df

SHA1
1df1b2d1e7db382625067e8f308d698f56a1b722

SHA256
75ebbe4b599665a526be2f662b6bf17cc1b9f91efa6258fd5416dff993935479

SHA512
71c47cc504ce45b76e4cdb607273e7b33c8c76da3cc3a03f031e50f79d6096c12af266432482b28b065780f7fb46d619be456150ed0dea9dadc38cd3322f65d2

Download Submit
C:\Windows\System\nHqklyU.exe

Filesize
2.1MB

MD5
7047533faedf7b84cb94448ee05b3953

SHA1
e0fd2ecdccb2e037e078c764404896c43a274388

SHA256
80e2acfbc0db89bf9aeeea1441d6e1ba68ca6b35d86d7bf85efe29129fefeb47

SHA512
f35035a6411162b88d356baa3db95f9826f7771fb5cf51696409a6bac3843b88725abefa85d7b55b9f0d1f93aedaaee7467da4ba51fe3e05705f42541aadc8b7

Download Submit
C:\Windows\System\qSiDQWM.exe

Filesize
2.1MB

MD5
e2b28efcc53fd62275499596697d122c

SHA1
8342c86c83ff4d141be72e927c449117533e0779

SHA256
061e7b64940fcc8027c9e620026164d9433a96d481a9541df59693e55adc521e

SHA512
0e3125eeea037add20a142f4380d012c40d0b5ad10596624156edcde7b3bfcd336fb6b4178fbe523a515ec551e851fbcf04c29b529b402ffe702d925f1e9cdf4

Download Submit
C:\Windows\System\rHAqICq.exe

Filesize
2.1MB

MD5
4c3a139b4dda978d736c5ca763334a1e

SHA1
59503121f4cdf1955a1314ccea5f9193156228f0

SHA256
e2e5000e24e7fce09221253b7543eb2783973d191ae5eb303a651f0b5c5baaf7

SHA512
8e1ddaa70aee46abcdf8735ae476182165525e9f5d912a1b41f882bf3eaae7b23f40bd5753c8f53fe8c940775b4d1260fcfc8ac9da468c192079cde8b50a120d

Download Submit
C:\Windows\System\sbUXnyk.exe

Filesize
2.1MB

MD5
d2862af1c785f1eababf139ccdebe51a

SHA1
98f49ee1decefec29ff01106958e1e1faba551eb

SHA256
cd746be54a5ed31c874546f9dd8d42423c16847a5a49977db085bdf1fff70b1e

SHA512
f19cdc7e0ea790140206fcf225cab72d92eb0409b496a68788349e5b33265a04bb866a8e6026a9d14cb6b14e8467236d02c65f9a9b54d11ea517daf69fb6de99

Download Submit
C:\Windows\System\tVPXHYx.exe

Filesize
2.1MB

MD5
7696df75dfa50575e086ef2a2e4a2b81

SHA1
d4d0aba7a685fe41d9f15a7ff6f20ef26b3a700d

SHA256
06440af4295b0e4f49b7bc1fc3b64750aeba48ea23f80174bb8253642bfb691e

SHA512
4fe9aab7bf905ce458d7a93146e592c1d8705fce582abe862388256f6e85c9bd25c3288b00ffb78cab565f3116b713ec7577f707afa2b77f5538ade1e4f9165f

Download Submit
C:\Windows\System\tWtSBfV.exe

Filesize
2.1MB

MD5
a4068039e31f76748965cdd3b1c00587

SHA1
cc19fb280976bee7b1d863e5786b8e89c5b73def

SHA256
ef201a0d57f87a40ce3c8fcba2517d708d2d9a24a911dc8aa02dc31489dbf8be

SHA512
03caec471a816148bbeae2f0febc5c6249915b42096bf89fa7eaa793f956ae766a2e03e333b8f08d151efbe60144c0ebd1f58308f58727a008523eb2c4ca2e97

Download Submit
C:\Windows\System\xJvZRZi.exe

Filesize
2.1MB

MD5
5408ced1b736152720e34c44ece6a060

SHA1
39733c697e831a75a4a761d96a4cf657c1033ba8

SHA256
5ad074eeca3ac0fc157740097dc614404eed8906a8ee74f55624aaa7df066ffd

SHA512
427167c410f909d60ed4d57c541369ef8984e0c5dc37ffe87ee2fa24748206584f1c13e04db6105ca7916e1df5ee187ed04cf36ffe5765741b5472e7c2890029

Download Submit
C:\Windows\System\xNiEnfx.exe

Filesize
2.1MB

MD5
2c9fcdc33f0df4d19a0876b49c571667

SHA1
3a09266a871f8f8e8782be2734c846abdffb5b5f

SHA256
cb9a6ee009fa9800495b7610893ca33421114e123ad8d748eb0bac56cb863245

SHA512
ddaae0ff8275d7f16895305feae776f5faf6eea5651ad625383278e9843eada8d860f0f11607856f6491ec61eba3f0b5749090b110986e128d565f5df5dee060

Download Submit
C:\Windows\System\zcVfWae.exe

Filesize
2.1MB

MD5
e08d655c71fb43de07e9e4b6fc366e4b

SHA1
0a10f75823e8b6239607b1660dd8c571219d6776

SHA256
a852a885f74c00d7ffb67b4ded6eb1940d02b2713a0e936efd0519d4768be70c

SHA512
8b4bcadfff3cc8274bfb5a185fbf141c776548f75391df6f979774667536e1fdf794cf403e3c9183acedfa9090ca03ccaeb255b473538cbde51ee01d2d6cd053

Download Submit
C:\Windows\System\zjnbYIP.exe

Filesize
2.1MB

MD5
030dc57ba63d02255afae70b74f07642

SHA1
421e1deda732191088fd170605889b735e293ca3

SHA256
602695e71075b4612c47a3bad8fba2f489f2a581e132d1a8a9c060948bf2bef4

SHA512
53ceb3f93ec7887027ab515becfbcf25fce4eda107553c06678f3aaf3b0eb4e4b51bb24e9040358a0788d4ec6d14a363c66ea0da8b5e0f4e8a8935a4c4e56aa9

Download Submit
memory/2952-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download