Malware Analysis Report

2024-10-16 07:51

Sample ID 240530-2nyzcacd9s
Target 6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe
SHA256 9600d9b77af37a2002179e8be8cf83bea0e174349034faab49a41a180a896f73
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9600d9b77af37a2002179e8be8cf83bea0e174349034faab49a41a180a896f73

Threat Level: Known bad

The file 6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

Kpot family

KPOT Core Executable

XMRig Miner payload

KPOT

Xmrig family

xmrig

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 22:44

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 22:44

Reported

2024-05-30 22:46

Platform

win7-20240215-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\zQZqxOA.exe N/A
N/A N/A C:\Windows\System\WIIIZXp.exe N/A
N/A N/A C:\Windows\System\qjfuaid.exe N/A
N/A N/A C:\Windows\System\PApLCnI.exe N/A
N/A N/A C:\Windows\System\TWSiWuW.exe N/A
N/A N/A C:\Windows\System\SQUiTDY.exe N/A
N/A N/A C:\Windows\System\liDbaRK.exe N/A
N/A N/A C:\Windows\System\bncDLBY.exe N/A
N/A N/A C:\Windows\System\UXcznRL.exe N/A
N/A N/A C:\Windows\System\lDSwkxd.exe N/A
N/A N/A C:\Windows\System\uvMlziv.exe N/A
N/A N/A C:\Windows\System\czQSHPj.exe N/A
N/A N/A C:\Windows\System\wqcUddS.exe N/A
N/A N/A C:\Windows\System\uNlhfVZ.exe N/A
N/A N/A C:\Windows\System\vQZNVyA.exe N/A
N/A N/A C:\Windows\System\YldWnrb.exe N/A
N/A N/A C:\Windows\System\kMJRRcD.exe N/A
N/A N/A C:\Windows\System\AwySLdC.exe N/A
N/A N/A C:\Windows\System\xuLnxwq.exe N/A
N/A N/A C:\Windows\System\dzhSclM.exe N/A
N/A N/A C:\Windows\System\YSPVpTq.exe N/A
N/A N/A C:\Windows\System\wdwOIHt.exe N/A
N/A N/A C:\Windows\System\RBAXXXW.exe N/A
N/A N/A C:\Windows\System\yqXhWyn.exe N/A
N/A N/A C:\Windows\System\ZOcnSQf.exe N/A
N/A N/A C:\Windows\System\GZBQfDg.exe N/A
N/A N/A C:\Windows\System\sLtHuAy.exe N/A
N/A N/A C:\Windows\System\HSRILwI.exe N/A
N/A N/A C:\Windows\System\gWGQrlN.exe N/A
N/A N/A C:\Windows\System\WBYpBYH.exe N/A
N/A N/A C:\Windows\System\LkHHQuM.exe N/A
N/A N/A C:\Windows\System\KWpdYpu.exe N/A
N/A N/A C:\Windows\System\DGNkMcm.exe N/A
N/A N/A C:\Windows\System\yuYUAxx.exe N/A
N/A N/A C:\Windows\System\OhULkgL.exe N/A
N/A N/A C:\Windows\System\NidOIgF.exe N/A
N/A N/A C:\Windows\System\lgsEFyE.exe N/A
N/A N/A C:\Windows\System\SzWdLUu.exe N/A
N/A N/A C:\Windows\System\PaMIyCy.exe N/A
N/A N/A C:\Windows\System\jftrbwa.exe N/A
N/A N/A C:\Windows\System\LxRLNoi.exe N/A
N/A N/A C:\Windows\System\JuBZAcw.exe N/A
N/A N/A C:\Windows\System\BzSobcs.exe N/A
N/A N/A C:\Windows\System\jjClZSN.exe N/A
N/A N/A C:\Windows\System\xWjgPjj.exe N/A
N/A N/A C:\Windows\System\BwRVeOD.exe N/A
N/A N/A C:\Windows\System\TcJusnw.exe N/A
N/A N/A C:\Windows\System\kBVOPuB.exe N/A
N/A N/A C:\Windows\System\FDlhrHW.exe N/A
N/A N/A C:\Windows\System\xpcRlSD.exe N/A
N/A N/A C:\Windows\System\VzauuTz.exe N/A
N/A N/A C:\Windows\System\moOUJay.exe N/A
N/A N/A C:\Windows\System\Mupsdlm.exe N/A
N/A N/A C:\Windows\System\GrrQmvJ.exe N/A
N/A N/A C:\Windows\System\ReJdutX.exe N/A
N/A N/A C:\Windows\System\HzWGbhQ.exe N/A
N/A N/A C:\Windows\System\odpkGTF.exe N/A
N/A N/A C:\Windows\System\JBEhIqA.exe N/A
N/A N/A C:\Windows\System\vFBXWFE.exe N/A
N/A N/A C:\Windows\System\gOZQaxT.exe N/A
N/A N/A C:\Windows\System\ODvtxts.exe N/A
N/A N/A C:\Windows\System\mMNejCS.exe N/A
N/A N/A C:\Windows\System\LUATbGY.exe N/A
N/A N/A C:\Windows\System\zrIpRtB.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TIsktUP.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RapWssr.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyhaQRa.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\NaHhYYs.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ItwByfE.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQmOzRp.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\VXSVkCC.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\LxRLNoi.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\moOUJay.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\SeShJFh.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALjDQlU.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\juoFoRU.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\HSRILwI.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVYDGzM.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\oLaYppF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWUiMwB.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmdsGyb.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\NINSmqv.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\czQSHPj.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCNwLuS.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNOKpfa.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\LpZGMuI.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\GZBQfDg.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzWdLUu.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRCCrFY.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\qegHgYy.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRWPWSD.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdHyzDr.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaMIyCy.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\kBVOPuB.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\LUATbGY.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\utyOyKD.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZzzWLHZ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxWNkDq.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXDQAii.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZncYDe.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnzzFXA.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcAQEHc.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSCNRPk.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtvcxvL.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrkVgWH.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZIOssuF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\VPhqsze.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RyoUJEP.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYUOQAZ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJfGkMB.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqhVyBg.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\yuYUAxx.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\VztrGBC.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RimqLDy.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\qujDeXO.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\CfmgeOU.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\DAvuLHj.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\MksrRvV.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\SrTjTfx.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\MceJFLL.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLtHuAy.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\YSPVpTq.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\EuLoGOY.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFcGDTi.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLhpKZQ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\vcZKBXn.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdwOIHt.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBAXXXW.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2916 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\zQZqxOA.exe
PID 2916 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\zQZqxOA.exe
PID 2916 wrote to memory of 768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\zQZqxOA.exe
PID 2916 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WIIIZXp.exe
PID 2916 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WIIIZXp.exe
PID 2916 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WIIIZXp.exe
PID 2916 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\qjfuaid.exe
PID 2916 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\qjfuaid.exe
PID 2916 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\qjfuaid.exe
PID 2916 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PApLCnI.exe
PID 2916 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PApLCnI.exe
PID 2916 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PApLCnI.exe
PID 2916 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\TWSiWuW.exe
PID 2916 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\TWSiWuW.exe
PID 2916 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\TWSiWuW.exe
PID 2916 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\SQUiTDY.exe
PID 2916 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\SQUiTDY.exe
PID 2916 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\SQUiTDY.exe
PID 2916 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\liDbaRK.exe
PID 2916 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\liDbaRK.exe
PID 2916 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\liDbaRK.exe
PID 2916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\bncDLBY.exe
PID 2916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\bncDLBY.exe
PID 2916 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\bncDLBY.exe
PID 2916 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\UXcznRL.exe
PID 2916 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\UXcznRL.exe
PID 2916 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\UXcznRL.exe
PID 2916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\lDSwkxd.exe
PID 2916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\lDSwkxd.exe
PID 2916 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\lDSwkxd.exe
PID 2916 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uvMlziv.exe
PID 2916 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uvMlziv.exe
PID 2916 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uvMlziv.exe
PID 2916 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\czQSHPj.exe
PID 2916 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\czQSHPj.exe
PID 2916 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\czQSHPj.exe
PID 2916 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\wqcUddS.exe
PID 2916 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\wqcUddS.exe
PID 2916 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\wqcUddS.exe
PID 2916 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\vQZNVyA.exe
PID 2916 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\vQZNVyA.exe
PID 2916 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\vQZNVyA.exe
PID 2916 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uNlhfVZ.exe
PID 2916 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uNlhfVZ.exe
PID 2916 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uNlhfVZ.exe
PID 2916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\YldWnrb.exe
PID 2916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\YldWnrb.exe
PID 2916 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\YldWnrb.exe
PID 2916 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\kMJRRcD.exe
PID 2916 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\kMJRRcD.exe
PID 2916 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\kMJRRcD.exe
PID 2916 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ZOcnSQf.exe
PID 2916 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ZOcnSQf.exe
PID 2916 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ZOcnSQf.exe
PID 2916 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\AwySLdC.exe
PID 2916 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\AwySLdC.exe
PID 2916 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\AwySLdC.exe
PID 2916 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\sLtHuAy.exe
PID 2916 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\sLtHuAy.exe
PID 2916 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\sLtHuAy.exe
PID 2916 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\xuLnxwq.exe
PID 2916 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\xuLnxwq.exe
PID 2916 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\xuLnxwq.exe
PID 2916 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\HSRILwI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe"

C:\Windows\System\zQZqxOA.exe

C:\Windows\System\zQZqxOA.exe

C:\Windows\System\WIIIZXp.exe

C:\Windows\System\WIIIZXp.exe

C:\Windows\System\qjfuaid.exe

C:\Windows\System\qjfuaid.exe

C:\Windows\System\PApLCnI.exe

C:\Windows\System\PApLCnI.exe

C:\Windows\System\TWSiWuW.exe

C:\Windows\System\TWSiWuW.exe

C:\Windows\System\SQUiTDY.exe

C:\Windows\System\SQUiTDY.exe

C:\Windows\System\liDbaRK.exe

C:\Windows\System\liDbaRK.exe

C:\Windows\System\bncDLBY.exe

C:\Windows\System\bncDLBY.exe

C:\Windows\System\UXcznRL.exe

C:\Windows\System\UXcznRL.exe

C:\Windows\System\lDSwkxd.exe

C:\Windows\System\lDSwkxd.exe

C:\Windows\System\uvMlziv.exe

C:\Windows\System\uvMlziv.exe

C:\Windows\System\czQSHPj.exe

C:\Windows\System\czQSHPj.exe

C:\Windows\System\wqcUddS.exe

C:\Windows\System\wqcUddS.exe

C:\Windows\System\vQZNVyA.exe

C:\Windows\System\vQZNVyA.exe

C:\Windows\System\uNlhfVZ.exe

C:\Windows\System\uNlhfVZ.exe

C:\Windows\System\YldWnrb.exe

C:\Windows\System\YldWnrb.exe

C:\Windows\System\kMJRRcD.exe

C:\Windows\System\kMJRRcD.exe

C:\Windows\System\ZOcnSQf.exe

C:\Windows\System\ZOcnSQf.exe

C:\Windows\System\AwySLdC.exe

C:\Windows\System\AwySLdC.exe

C:\Windows\System\sLtHuAy.exe

C:\Windows\System\sLtHuAy.exe

C:\Windows\System\xuLnxwq.exe

C:\Windows\System\xuLnxwq.exe

C:\Windows\System\HSRILwI.exe

C:\Windows\System\HSRILwI.exe

C:\Windows\System\dzhSclM.exe

C:\Windows\System\dzhSclM.exe

C:\Windows\System\gWGQrlN.exe

C:\Windows\System\gWGQrlN.exe

C:\Windows\System\YSPVpTq.exe

C:\Windows\System\YSPVpTq.exe

C:\Windows\System\WBYpBYH.exe

C:\Windows\System\WBYpBYH.exe

C:\Windows\System\wdwOIHt.exe

C:\Windows\System\wdwOIHt.exe

C:\Windows\System\KWpdYpu.exe

C:\Windows\System\KWpdYpu.exe

C:\Windows\System\RBAXXXW.exe

C:\Windows\System\RBAXXXW.exe

C:\Windows\System\DGNkMcm.exe

C:\Windows\System\DGNkMcm.exe

C:\Windows\System\yqXhWyn.exe

C:\Windows\System\yqXhWyn.exe

C:\Windows\System\yuYUAxx.exe

C:\Windows\System\yuYUAxx.exe

C:\Windows\System\GZBQfDg.exe

C:\Windows\System\GZBQfDg.exe

C:\Windows\System\OhULkgL.exe

C:\Windows\System\OhULkgL.exe

C:\Windows\System\LkHHQuM.exe

C:\Windows\System\LkHHQuM.exe

C:\Windows\System\NidOIgF.exe

C:\Windows\System\NidOIgF.exe

C:\Windows\System\lgsEFyE.exe

C:\Windows\System\lgsEFyE.exe

C:\Windows\System\SzWdLUu.exe

C:\Windows\System\SzWdLUu.exe

C:\Windows\System\PaMIyCy.exe

C:\Windows\System\PaMIyCy.exe

C:\Windows\System\jftrbwa.exe

C:\Windows\System\jftrbwa.exe

C:\Windows\System\LxRLNoi.exe

C:\Windows\System\LxRLNoi.exe

C:\Windows\System\BzSobcs.exe

C:\Windows\System\BzSobcs.exe

C:\Windows\System\JuBZAcw.exe

C:\Windows\System\JuBZAcw.exe

C:\Windows\System\jjClZSN.exe

C:\Windows\System\jjClZSN.exe

C:\Windows\System\xWjgPjj.exe

C:\Windows\System\xWjgPjj.exe

C:\Windows\System\BwRVeOD.exe

C:\Windows\System\BwRVeOD.exe

C:\Windows\System\TcJusnw.exe

C:\Windows\System\TcJusnw.exe

C:\Windows\System\kBVOPuB.exe

C:\Windows\System\kBVOPuB.exe

C:\Windows\System\FDlhrHW.exe

C:\Windows\System\FDlhrHW.exe

C:\Windows\System\xpcRlSD.exe

C:\Windows\System\xpcRlSD.exe

C:\Windows\System\VzauuTz.exe

C:\Windows\System\VzauuTz.exe

C:\Windows\System\moOUJay.exe

C:\Windows\System\moOUJay.exe

C:\Windows\System\Mupsdlm.exe

C:\Windows\System\Mupsdlm.exe

C:\Windows\System\GrrQmvJ.exe

C:\Windows\System\GrrQmvJ.exe

C:\Windows\System\ReJdutX.exe

C:\Windows\System\ReJdutX.exe

C:\Windows\System\HzWGbhQ.exe

C:\Windows\System\HzWGbhQ.exe

C:\Windows\System\odpkGTF.exe

C:\Windows\System\odpkGTF.exe

C:\Windows\System\JBEhIqA.exe

C:\Windows\System\JBEhIqA.exe

C:\Windows\System\vFBXWFE.exe

C:\Windows\System\vFBXWFE.exe

C:\Windows\System\gOZQaxT.exe

C:\Windows\System\gOZQaxT.exe

C:\Windows\System\ODvtxts.exe

C:\Windows\System\ODvtxts.exe

C:\Windows\System\mMNejCS.exe

C:\Windows\System\mMNejCS.exe

C:\Windows\System\LUATbGY.exe

C:\Windows\System\LUATbGY.exe

C:\Windows\System\zrIpRtB.exe

C:\Windows\System\zrIpRtB.exe

C:\Windows\System\IgYyNNX.exe

C:\Windows\System\IgYyNNX.exe

C:\Windows\System\HSrtcDl.exe

C:\Windows\System\HSrtcDl.exe

C:\Windows\System\bsOJOES.exe

C:\Windows\System\bsOJOES.exe

C:\Windows\System\DtbQrgs.exe

C:\Windows\System\DtbQrgs.exe

C:\Windows\System\KZPIXYt.exe

C:\Windows\System\KZPIXYt.exe

C:\Windows\System\VMisPWq.exe

C:\Windows\System\VMisPWq.exe

C:\Windows\System\DyLgdzB.exe

C:\Windows\System\DyLgdzB.exe

C:\Windows\System\BxTjSdV.exe

C:\Windows\System\BxTjSdV.exe

C:\Windows\System\nCNwLuS.exe

C:\Windows\System\nCNwLuS.exe

C:\Windows\System\NHSiWSg.exe

C:\Windows\System\NHSiWSg.exe

C:\Windows\System\wqNloFQ.exe

C:\Windows\System\wqNloFQ.exe

C:\Windows\System\cHWzhNy.exe

C:\Windows\System\cHWzhNy.exe

C:\Windows\System\TCWmVYc.exe

C:\Windows\System\TCWmVYc.exe

C:\Windows\System\LOVajnL.exe

C:\Windows\System\LOVajnL.exe

C:\Windows\System\lPBQcUI.exe

C:\Windows\System\lPBQcUI.exe

C:\Windows\System\xjwhwyn.exe

C:\Windows\System\xjwhwyn.exe

C:\Windows\System\sTvayoW.exe

C:\Windows\System\sTvayoW.exe

C:\Windows\System\aaoHzvA.exe

C:\Windows\System\aaoHzvA.exe

C:\Windows\System\sEDvfJd.exe

C:\Windows\System\sEDvfJd.exe

C:\Windows\System\CVYDGzM.exe

C:\Windows\System\CVYDGzM.exe

C:\Windows\System\EuLoGOY.exe

C:\Windows\System\EuLoGOY.exe

C:\Windows\System\WFfjMNv.exe

C:\Windows\System\WFfjMNv.exe

C:\Windows\System\JchpBud.exe

C:\Windows\System\JchpBud.exe

C:\Windows\System\axdHfhS.exe

C:\Windows\System\axdHfhS.exe

C:\Windows\System\hlMLSCm.exe

C:\Windows\System\hlMLSCm.exe

C:\Windows\System\PbBkGOP.exe

C:\Windows\System\PbBkGOP.exe

C:\Windows\System\UnzzFXA.exe

C:\Windows\System\UnzzFXA.exe

C:\Windows\System\jJkxYiB.exe

C:\Windows\System\jJkxYiB.exe

C:\Windows\System\oLaYppF.exe

C:\Windows\System\oLaYppF.exe

C:\Windows\System\pnVzwrF.exe

C:\Windows\System\pnVzwrF.exe

C:\Windows\System\yXTKXep.exe

C:\Windows\System\yXTKXep.exe

C:\Windows\System\uAmlVTk.exe

C:\Windows\System\uAmlVTk.exe

C:\Windows\System\BAJxAuZ.exe

C:\Windows\System\BAJxAuZ.exe

C:\Windows\System\zgulcYG.exe

C:\Windows\System\zgulcYG.exe

C:\Windows\System\cREnhps.exe

C:\Windows\System\cREnhps.exe

C:\Windows\System\seYjJMH.exe

C:\Windows\System\seYjJMH.exe

C:\Windows\System\CmZpUoo.exe

C:\Windows\System\CmZpUoo.exe

C:\Windows\System\PrhjfFK.exe

C:\Windows\System\PrhjfFK.exe

C:\Windows\System\GEHrTfK.exe

C:\Windows\System\GEHrTfK.exe

C:\Windows\System\MyGErCK.exe

C:\Windows\System\MyGErCK.exe

C:\Windows\System\TWdimwG.exe

C:\Windows\System\TWdimwG.exe

C:\Windows\System\eZndQgg.exe

C:\Windows\System\eZndQgg.exe

C:\Windows\System\lIPAgLK.exe

C:\Windows\System\lIPAgLK.exe

C:\Windows\System\jcAQEHc.exe

C:\Windows\System\jcAQEHc.exe

C:\Windows\System\gnknQMd.exe

C:\Windows\System\gnknQMd.exe

C:\Windows\System\aDwUCiK.exe

C:\Windows\System\aDwUCiK.exe

C:\Windows\System\BSCNRPk.exe

C:\Windows\System\BSCNRPk.exe

C:\Windows\System\uqILrxG.exe

C:\Windows\System\uqILrxG.exe

C:\Windows\System\RapWssr.exe

C:\Windows\System\RapWssr.exe

C:\Windows\System\utyOyKD.exe

C:\Windows\System\utyOyKD.exe

C:\Windows\System\Zgacnke.exe

C:\Windows\System\Zgacnke.exe

C:\Windows\System\PtvcxvL.exe

C:\Windows\System\PtvcxvL.exe

C:\Windows\System\NslPZqK.exe

C:\Windows\System\NslPZqK.exe

C:\Windows\System\YGqLrlS.exe

C:\Windows\System\YGqLrlS.exe

C:\Windows\System\ywZmdIw.exe

C:\Windows\System\ywZmdIw.exe

C:\Windows\System\SgHGIXl.exe

C:\Windows\System\SgHGIXl.exe

C:\Windows\System\laKJOBW.exe

C:\Windows\System\laKJOBW.exe

C:\Windows\System\EqNfHnu.exe

C:\Windows\System\EqNfHnu.exe

C:\Windows\System\lxgHlth.exe

C:\Windows\System\lxgHlth.exe

C:\Windows\System\uLTSDEb.exe

C:\Windows\System\uLTSDEb.exe

C:\Windows\System\tZfwfCO.exe

C:\Windows\System\tZfwfCO.exe

C:\Windows\System\dEMfNYe.exe

C:\Windows\System\dEMfNYe.exe

C:\Windows\System\dcNAcHx.exe

C:\Windows\System\dcNAcHx.exe

C:\Windows\System\RNOKpfa.exe

C:\Windows\System\RNOKpfa.exe

C:\Windows\System\VztrGBC.exe

C:\Windows\System\VztrGBC.exe

C:\Windows\System\XRLUExr.exe

C:\Windows\System\XRLUExr.exe

C:\Windows\System\kfiPJxt.exe

C:\Windows\System\kfiPJxt.exe

C:\Windows\System\wVYOjJp.exe

C:\Windows\System\wVYOjJp.exe

C:\Windows\System\FiJkNuK.exe

C:\Windows\System\FiJkNuK.exe

C:\Windows\System\ZzzWLHZ.exe

C:\Windows\System\ZzzWLHZ.exe

C:\Windows\System\XiZBQeF.exe

C:\Windows\System\XiZBQeF.exe

C:\Windows\System\GFaRasB.exe

C:\Windows\System\GFaRasB.exe

C:\Windows\System\EEldfEu.exe

C:\Windows\System\EEldfEu.exe

C:\Windows\System\URjXemh.exe

C:\Windows\System\URjXemh.exe

C:\Windows\System\RCrkEvA.exe

C:\Windows\System\RCrkEvA.exe

C:\Windows\System\VObVOEl.exe

C:\Windows\System\VObVOEl.exe

C:\Windows\System\NMhGXaR.exe

C:\Windows\System\NMhGXaR.exe

C:\Windows\System\Kvnrlha.exe

C:\Windows\System\Kvnrlha.exe

C:\Windows\System\CYMIAcS.exe

C:\Windows\System\CYMIAcS.exe

C:\Windows\System\hWUiMwB.exe

C:\Windows\System\hWUiMwB.exe

C:\Windows\System\SAQsXlN.exe

C:\Windows\System\SAQsXlN.exe

C:\Windows\System\DuEGAqj.exe

C:\Windows\System\DuEGAqj.exe

C:\Windows\System\IyxaBor.exe

C:\Windows\System\IyxaBor.exe

C:\Windows\System\BSTEuIb.exe

C:\Windows\System\BSTEuIb.exe

C:\Windows\System\znseFmp.exe

C:\Windows\System\znseFmp.exe

C:\Windows\System\zibWEfG.exe

C:\Windows\System\zibWEfG.exe

C:\Windows\System\zggBOcW.exe

C:\Windows\System\zggBOcW.exe

C:\Windows\System\RyoUJEP.exe

C:\Windows\System\RyoUJEP.exe

C:\Windows\System\LjVDQyv.exe

C:\Windows\System\LjVDQyv.exe

C:\Windows\System\wrkVgWH.exe

C:\Windows\System\wrkVgWH.exe

C:\Windows\System\fFaemmm.exe

C:\Windows\System\fFaemmm.exe

C:\Windows\System\KwpYjDy.exe

C:\Windows\System\KwpYjDy.exe

C:\Windows\System\QthkUPm.exe

C:\Windows\System\QthkUPm.exe

C:\Windows\System\AYUOQAZ.exe

C:\Windows\System\AYUOQAZ.exe

C:\Windows\System\IDKGgTM.exe

C:\Windows\System\IDKGgTM.exe

C:\Windows\System\yMVMtUi.exe

C:\Windows\System\yMVMtUi.exe

C:\Windows\System\hbMmYbG.exe

C:\Windows\System\hbMmYbG.exe

C:\Windows\System\zjgJRcU.exe

C:\Windows\System\zjgJRcU.exe

C:\Windows\System\scCZpUG.exe

C:\Windows\System\scCZpUG.exe

C:\Windows\System\AWaVZzW.exe

C:\Windows\System\AWaVZzW.exe

C:\Windows\System\XdPYpdr.exe

C:\Windows\System\XdPYpdr.exe

C:\Windows\System\ulLZLuc.exe

C:\Windows\System\ulLZLuc.exe

C:\Windows\System\vyhaQRa.exe

C:\Windows\System\vyhaQRa.exe

C:\Windows\System\WWQvgzh.exe

C:\Windows\System\WWQvgzh.exe

C:\Windows\System\luMZIVC.exe

C:\Windows\System\luMZIVC.exe

C:\Windows\System\PigdKkX.exe

C:\Windows\System\PigdKkX.exe

C:\Windows\System\IDxNzRY.exe

C:\Windows\System\IDxNzRY.exe

C:\Windows\System\OBEgrlY.exe

C:\Windows\System\OBEgrlY.exe

C:\Windows\System\extIXvh.exe

C:\Windows\System\extIXvh.exe

C:\Windows\System\tGNfdyh.exe

C:\Windows\System\tGNfdyh.exe

C:\Windows\System\xTrQpra.exe

C:\Windows\System\xTrQpra.exe

C:\Windows\System\MksrRvV.exe

C:\Windows\System\MksrRvV.exe

C:\Windows\System\GDjkdRs.exe

C:\Windows\System\GDjkdRs.exe

C:\Windows\System\TScORuZ.exe

C:\Windows\System\TScORuZ.exe

C:\Windows\System\YqGQCgH.exe

C:\Windows\System\YqGQCgH.exe

C:\Windows\System\NaHhYYs.exe

C:\Windows\System\NaHhYYs.exe

C:\Windows\System\dTiZmKA.exe

C:\Windows\System\dTiZmKA.exe

C:\Windows\System\zXEWTDf.exe

C:\Windows\System\zXEWTDf.exe

C:\Windows\System\IWzcccJ.exe

C:\Windows\System\IWzcccJ.exe

C:\Windows\System\ItwByfE.exe

C:\Windows\System\ItwByfE.exe

C:\Windows\System\ghiHxsf.exe

C:\Windows\System\ghiHxsf.exe

C:\Windows\System\fMEbgfa.exe

C:\Windows\System\fMEbgfa.exe

C:\Windows\System\mWcBZjX.exe

C:\Windows\System\mWcBZjX.exe

C:\Windows\System\KLPvAEA.exe

C:\Windows\System\KLPvAEA.exe

C:\Windows\System\YYpQcNr.exe

C:\Windows\System\YYpQcNr.exe

C:\Windows\System\tmOwSPG.exe

C:\Windows\System\tmOwSPG.exe

C:\Windows\System\aEdQVgi.exe

C:\Windows\System\aEdQVgi.exe

C:\Windows\System\ynZYAHt.exe

C:\Windows\System\ynZYAHt.exe

C:\Windows\System\FxBUBZx.exe

C:\Windows\System\FxBUBZx.exe

C:\Windows\System\qagVyqx.exe

C:\Windows\System\qagVyqx.exe

C:\Windows\System\piOuZdn.exe

C:\Windows\System\piOuZdn.exe

C:\Windows\System\fprUUgD.exe

C:\Windows\System\fprUUgD.exe

C:\Windows\System\zPHOhHq.exe

C:\Windows\System\zPHOhHq.exe

C:\Windows\System\LNuYiVZ.exe

C:\Windows\System\LNuYiVZ.exe

C:\Windows\System\RimqLDy.exe

C:\Windows\System\RimqLDy.exe

C:\Windows\System\LVClUjL.exe

C:\Windows\System\LVClUjL.exe

C:\Windows\System\qujDeXO.exe

C:\Windows\System\qujDeXO.exe

C:\Windows\System\fnBWoNm.exe

C:\Windows\System\fnBWoNm.exe

C:\Windows\System\qvWYZYK.exe

C:\Windows\System\qvWYZYK.exe

C:\Windows\System\pQmOzRp.exe

C:\Windows\System\pQmOzRp.exe

C:\Windows\System\fCgcDLd.exe

C:\Windows\System\fCgcDLd.exe

C:\Windows\System\VbjYqtN.exe

C:\Windows\System\VbjYqtN.exe

C:\Windows\System\BlKXgBC.exe

C:\Windows\System\BlKXgBC.exe

C:\Windows\System\ErYEkaa.exe

C:\Windows\System\ErYEkaa.exe

C:\Windows\System\iJfGkMB.exe

C:\Windows\System\iJfGkMB.exe

C:\Windows\System\AgZmsHR.exe

C:\Windows\System\AgZmsHR.exe

C:\Windows\System\zYgPECI.exe

C:\Windows\System\zYgPECI.exe

C:\Windows\System\KSwIBSP.exe

C:\Windows\System\KSwIBSP.exe

C:\Windows\System\dEBXBeQ.exe

C:\Windows\System\dEBXBeQ.exe

C:\Windows\System\VXSVkCC.exe

C:\Windows\System\VXSVkCC.exe

C:\Windows\System\CfmgeOU.exe

C:\Windows\System\CfmgeOU.exe

C:\Windows\System\PgAcAep.exe

C:\Windows\System\PgAcAep.exe

C:\Windows\System\TYASVUF.exe

C:\Windows\System\TYASVUF.exe

C:\Windows\System\ZIOssuF.exe

C:\Windows\System\ZIOssuF.exe

C:\Windows\System\uJWLeoa.exe

C:\Windows\System\uJWLeoa.exe

C:\Windows\System\LmdsGyb.exe

C:\Windows\System\LmdsGyb.exe

C:\Windows\System\XFZJuEC.exe

C:\Windows\System\XFZJuEC.exe

C:\Windows\System\FAyCjWy.exe

C:\Windows\System\FAyCjWy.exe

C:\Windows\System\bOHjNSU.exe

C:\Windows\System\bOHjNSU.exe

C:\Windows\System\OlEaeBP.exe

C:\Windows\System\OlEaeBP.exe

C:\Windows\System\AZNHHAk.exe

C:\Windows\System\AZNHHAk.exe

C:\Windows\System\mInHwLl.exe

C:\Windows\System\mInHwLl.exe

C:\Windows\System\NINSmqv.exe

C:\Windows\System\NINSmqv.exe

C:\Windows\System\NdqbKOK.exe

C:\Windows\System\NdqbKOK.exe

C:\Windows\System\LpZGMuI.exe

C:\Windows\System\LpZGMuI.exe

C:\Windows\System\jHzPWoO.exe

C:\Windows\System\jHzPWoO.exe

C:\Windows\System\yChyZwv.exe

C:\Windows\System\yChyZwv.exe

C:\Windows\System\KnuoyPL.exe

C:\Windows\System\KnuoyPL.exe

C:\Windows\System\QxWNkDq.exe

C:\Windows\System\QxWNkDq.exe

C:\Windows\System\UXueHSV.exe

C:\Windows\System\UXueHSV.exe

C:\Windows\System\nnAtOCX.exe

C:\Windows\System\nnAtOCX.exe

C:\Windows\System\aUOzKko.exe

C:\Windows\System\aUOzKko.exe

C:\Windows\System\ALjDQlU.exe

C:\Windows\System\ALjDQlU.exe

C:\Windows\System\mwtzdsN.exe

C:\Windows\System\mwtzdsN.exe

C:\Windows\System\vmiIMJo.exe

C:\Windows\System\vmiIMJo.exe

C:\Windows\System\SzgVRoX.exe

C:\Windows\System\SzgVRoX.exe

C:\Windows\System\oIkixAe.exe

C:\Windows\System\oIkixAe.exe

C:\Windows\System\TIsktUP.exe

C:\Windows\System\TIsktUP.exe

C:\Windows\System\vFTiCMj.exe

C:\Windows\System\vFTiCMj.exe

C:\Windows\System\lCdWDvS.exe

C:\Windows\System\lCdWDvS.exe

C:\Windows\System\RzAxipt.exe

C:\Windows\System\RzAxipt.exe

C:\Windows\System\kvISHDm.exe

C:\Windows\System\kvISHDm.exe

C:\Windows\System\seEFKmL.exe

C:\Windows\System\seEFKmL.exe

C:\Windows\System\pXfRynO.exe

C:\Windows\System\pXfRynO.exe

C:\Windows\System\coEUXsR.exe

C:\Windows\System\coEUXsR.exe

C:\Windows\System\WEXOTba.exe

C:\Windows\System\WEXOTba.exe

C:\Windows\System\LoIJcxt.exe

C:\Windows\System\LoIJcxt.exe

C:\Windows\System\fLDdJOt.exe

C:\Windows\System\fLDdJOt.exe

C:\Windows\System\TomTezz.exe

C:\Windows\System\TomTezz.exe

C:\Windows\System\DAvuLHj.exe

C:\Windows\System\DAvuLHj.exe

C:\Windows\System\QyghxvI.exe

C:\Windows\System\QyghxvI.exe

C:\Windows\System\kaJRcnP.exe

C:\Windows\System\kaJRcnP.exe

C:\Windows\System\umElpMa.exe

C:\Windows\System\umElpMa.exe

C:\Windows\System\KHtIOfp.exe

C:\Windows\System\KHtIOfp.exe

C:\Windows\System\BKDYfxf.exe

C:\Windows\System\BKDYfxf.exe

C:\Windows\System\PHJKfEt.exe

C:\Windows\System\PHJKfEt.exe

C:\Windows\System\xWeeiXp.exe

C:\Windows\System\xWeeiXp.exe

C:\Windows\System\SDAutwm.exe

C:\Windows\System\SDAutwm.exe

C:\Windows\System\JAGolZb.exe

C:\Windows\System\JAGolZb.exe

C:\Windows\System\YfzDPso.exe

C:\Windows\System\YfzDPso.exe

C:\Windows\System\GuMYEoH.exe

C:\Windows\System\GuMYEoH.exe

C:\Windows\System\SrTjTfx.exe

C:\Windows\System\SrTjTfx.exe

C:\Windows\System\PVpDrJb.exe

C:\Windows\System\PVpDrJb.exe

C:\Windows\System\JdcMoKJ.exe

C:\Windows\System\JdcMoKJ.exe

C:\Windows\System\lNkQNfP.exe

C:\Windows\System\lNkQNfP.exe

C:\Windows\System\TzXCHVx.exe

C:\Windows\System\TzXCHVx.exe

C:\Windows\System\twqTbfu.exe

C:\Windows\System\twqTbfu.exe

C:\Windows\System\sglymLN.exe

C:\Windows\System\sglymLN.exe

C:\Windows\System\oKmAwrF.exe

C:\Windows\System\oKmAwrF.exe

C:\Windows\System\UuTVhPy.exe

C:\Windows\System\UuTVhPy.exe

C:\Windows\System\aofSaDP.exe

C:\Windows\System\aofSaDP.exe

C:\Windows\System\tVjlAFn.exe

C:\Windows\System\tVjlAFn.exe

C:\Windows\System\DLDWTxf.exe

C:\Windows\System\DLDWTxf.exe

C:\Windows\System\ZXDQAii.exe

C:\Windows\System\ZXDQAii.exe

C:\Windows\System\zRWPWSD.exe

C:\Windows\System\zRWPWSD.exe

C:\Windows\System\wztBZnb.exe

C:\Windows\System\wztBZnb.exe

C:\Windows\System\MceJFLL.exe

C:\Windows\System\MceJFLL.exe

C:\Windows\System\SeShJFh.exe

C:\Windows\System\SeShJFh.exe

C:\Windows\System\JRCCrFY.exe

C:\Windows\System\JRCCrFY.exe

C:\Windows\System\VbMrZCs.exe

C:\Windows\System\VbMrZCs.exe

C:\Windows\System\JuZBJDF.exe

C:\Windows\System\JuZBJDF.exe

C:\Windows\System\sAKVCUT.exe

C:\Windows\System\sAKVCUT.exe

C:\Windows\System\YIrnBpA.exe

C:\Windows\System\YIrnBpA.exe

C:\Windows\System\pnMJRsG.exe

C:\Windows\System\pnMJRsG.exe

C:\Windows\System\YChkvnq.exe

C:\Windows\System\YChkvnq.exe

C:\Windows\System\FyXgQFw.exe

C:\Windows\System\FyXgQFw.exe

C:\Windows\System\Epoocen.exe

C:\Windows\System\Epoocen.exe

C:\Windows\System\cDalBOz.exe

C:\Windows\System\cDalBOz.exe

C:\Windows\System\juoFoRU.exe

C:\Windows\System\juoFoRU.exe

C:\Windows\System\ZQmaoQc.exe

C:\Windows\System\ZQmaoQc.exe

C:\Windows\System\OmYZxAp.exe

C:\Windows\System\OmYZxAp.exe

C:\Windows\System\nBtHyOP.exe

C:\Windows\System\nBtHyOP.exe

C:\Windows\System\pfSUBCY.exe

C:\Windows\System\pfSUBCY.exe

C:\Windows\System\AhtaFUV.exe

C:\Windows\System\AhtaFUV.exe

C:\Windows\System\iYkScay.exe

C:\Windows\System\iYkScay.exe

C:\Windows\System\rPcPJEB.exe

C:\Windows\System\rPcPJEB.exe

C:\Windows\System\pwZUGPy.exe

C:\Windows\System\pwZUGPy.exe

C:\Windows\System\cFcGDTi.exe

C:\Windows\System\cFcGDTi.exe

C:\Windows\System\SZncYDe.exe

C:\Windows\System\SZncYDe.exe

C:\Windows\System\HLhpKZQ.exe

C:\Windows\System\HLhpKZQ.exe

C:\Windows\System\srYYmcx.exe

C:\Windows\System\srYYmcx.exe

C:\Windows\System\XXUfHiu.exe

C:\Windows\System\XXUfHiu.exe

C:\Windows\System\Wxwqsfd.exe

C:\Windows\System\Wxwqsfd.exe

C:\Windows\System\qdyPqmN.exe

C:\Windows\System\qdyPqmN.exe

C:\Windows\System\RBqWyQt.exe

C:\Windows\System\RBqWyQt.exe

C:\Windows\System\zPjxDEM.exe

C:\Windows\System\zPjxDEM.exe

C:\Windows\System\qegHgYy.exe

C:\Windows\System\qegHgYy.exe

C:\Windows\System\HzOIgaD.exe

C:\Windows\System\HzOIgaD.exe

C:\Windows\System\jqhVyBg.exe

C:\Windows\System\jqhVyBg.exe

C:\Windows\System\sErynVX.exe

C:\Windows\System\sErynVX.exe

C:\Windows\System\nEJzcGB.exe

C:\Windows\System\nEJzcGB.exe

C:\Windows\System\WNtPpgT.exe

C:\Windows\System\WNtPpgT.exe

C:\Windows\System\WZpwuxN.exe

C:\Windows\System\WZpwuxN.exe

C:\Windows\System\DoCQoVd.exe

C:\Windows\System\DoCQoVd.exe

C:\Windows\System\vcZKBXn.exe

C:\Windows\System\vcZKBXn.exe

C:\Windows\System\NeNXxez.exe

C:\Windows\System\NeNXxez.exe

C:\Windows\System\VPhqsze.exe

C:\Windows\System\VPhqsze.exe

C:\Windows\System\tdHyzDr.exe

C:\Windows\System\tdHyzDr.exe

C:\Windows\System\UwcIGzD.exe

C:\Windows\System\UwcIGzD.exe

C:\Windows\System\FpZknlU.exe

C:\Windows\System\FpZknlU.exe

C:\Windows\System\zNVBeiG.exe

C:\Windows\System\zNVBeiG.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2916-0-0x000000013FD60000-0x00000001400B1000-memory.dmp

memory/2916-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\zQZqxOA.exe

MD5 949eedcff565777e0398cad5221950ba
SHA1 b043fe120460522d1be7bd052dfe3688346c643b
SHA256 360dc17933c2a86791cf9fdb6d78f21577b66ced100c560ada8fa4df4451745e
SHA512 a7ac3de6d745ff50739f0cb90bd70206f851a56c99938428f9f8bbf1a0b897483f86e33c7b86b3da92118ef9963fdc2c47469a1c19c6c6d8f3f15487485c3d93

memory/2916-12-0x0000000001F90000-0x00000000022E1000-memory.dmp

memory/768-13-0x000000013FA30000-0x000000013FD81000-memory.dmp

C:\Windows\system\WIIIZXp.exe

MD5 43e6a53d632244baa0dcad80189b699d
SHA1 b1052cfdf55c58f5b8ab36a94a885bac742d6946
SHA256 a945860bc30ab632bc29830719b1e4cce84358b62db3ffb190bce11eee6ecc17
SHA512 2e8eb54e142064cbba96a412b401f9205aced3e732f77f034a5529f20c9f196a7f4eb1bf697281a6ac1e74209d0b66b41be9d6896304281d24b2341960972a2b

memory/3028-14-0x000000013FB10000-0x000000013FE61000-memory.dmp

C:\Windows\system\qjfuaid.exe

MD5 c5c0f6349cddd593e6773adb5292d9e6
SHA1 99829b87b6d5c1d74624f56dfff65f6636ed5741
SHA256 aec597ba135ff0b024172351387ff4262a2b2689f3f772746d51aaa658c3d9ae
SHA512 8c451ee6bca621c73802a1e82c8c1eceb7f639aaa34fdec94a66875ea3ca891639d5a2b2d3f1cbdc8b4c2886428a05afc430398bb95cdb9c3ff273b3cbfd2c2d

memory/2916-21-0x000000013F320000-0x000000013F671000-memory.dmp

memory/3056-22-0x000000013F320000-0x000000013F671000-memory.dmp

\Windows\system\PApLCnI.exe

MD5 3cf8c758656f31cdad4dfc08be616d82
SHA1 3732acf196a97d014abf2afabbee4fe699a714c4
SHA256 4b5bb9925bdaba9bdaa56f45e0c30fcfc61b43d4a498330173a483583d8c1d92
SHA512 7fec3c3e9dba90dcffba5535f59dbad3c018a193abfeef5d3a063838168dc3df1995cbf36a9a93bab8f1a50fb4addf9e7bbde3af032540600256fc586f7f9f0b

C:\Windows\system\TWSiWuW.exe

MD5 6fd22339c959d72b0de9cab7b6050b20
SHA1 2f7eb1c1ed115fb853712ae5641d8d4ef92b1368
SHA256 5ed108411b834ae6afe11aecadddd0b432b318d4c4439741cd0059c8beeeebce
SHA512 a9bcfbb027db1d7a687c7f7e0ec7b00e6e4ba86fc4edda9075f3f7428d9bd6e3d4f3ab1834557526f2d3358937f7c1c398a207420bebf4338f372f61113e2eb6

C:\Windows\system\SQUiTDY.exe

MD5 106aafb069c6c3b0d3cde5d4bbb7fd2b
SHA1 4ce97b463ed25d5b57d7a6d57477acc59c9dcbd7
SHA256 bb3357a553d87c73d5cbd4c504ac7c8128fa64c38b3bda3f4414b43aa39916c5
SHA512 fe2489f47b959ee71bb8640e11b5ae1853ee4988706be4eb1f8704222e6f2cb65b4ce0343c32b86f678e8c8ac310b1284cc85cf008f4588b2a48d9b8c260378b

memory/2536-50-0x000000013F8B0000-0x000000013FC01000-memory.dmp

C:\Windows\system\bncDLBY.exe

MD5 d34fe1cc1f2fc7f67a7852b321a8ed6c
SHA1 e7c3276a98de9664c9281fe9847c24952ebc2c70
SHA256 1dff22dd5686da7f0a814e9d779da2bdc03f76929be6743e4000f7f00d2d7e34
SHA512 479269e7a2cccad1c049dc1d54e05bdf800aa43e9464913d5def994e869357a4bb26b75de77296274f7688bff70bc3ed187be6dad602740770911e459bd584af

C:\Windows\system\UXcznRL.exe

MD5 a3f554b54597c828052bd08dfb8cef1b
SHA1 33174430bfff9a534f3d74d9b0fd5d6668089c35
SHA256 15e00ca38a09e963fa5e39432c8ff3f0da4c4421a7191e8aef862bbe364c7f08
SHA512 4b62292c8d5477bbc7d2783d4036eb97f3af67d5be6dbdc7481a2ef094e0b809b193819da47da2eec22b9ceb4aa9df6556bccd49d305d9dccb56e37d2d455fe3

memory/2588-64-0x000000013F9D0000-0x000000013FD21000-memory.dmp

C:\Windows\system\uvMlziv.exe

MD5 549d90660c3bffc3654e0c7d1698caf7
SHA1 f4f773f8f591e3a6f105e08a12fb9dd433f7536b
SHA256 5aa8e376a836465d837adf03b9c0a22e1a4f328cd88ac5c24b64ae51366fb5cf
SHA512 c73058b1b05af6e2693c5787cc75a1bc9df32b4c9a61975915be75678c90caf8f0af87b93211e036bf8d4cf7e4050a772479bda3091e07b54074f27af63f936f

C:\Windows\system\lDSwkxd.exe

MD5 a48c2ab2c5b5ea283097ce4fce614a94
SHA1 0fdb59a21e33a68efc9995f0ee922518578d1f3c
SHA256 2dba861ac6e207a33a117d819e9f8294fcbf62e1dd7c24671101dc3afcfea7a3
SHA512 cfe59671b77d625067535da8b3651a47b0ff6220f66dfc7b239d36b685fbf66789c742b5fec64ad2bc012359b6a7ded9a8b99a61843823035be347afed688f97

memory/3028-85-0x000000013FB10000-0x000000013FE61000-memory.dmp

\Windows\system\vQZNVyA.exe

MD5 371d38aed06c8af561e69bbeb2c3fc48
SHA1 c6095c041e49b484fbd837d425480d6f2813e9ff
SHA256 e862ba5e203d428ffe7ab9eab4358b7300a5d1a4d77b41d0a12ccb321a9e533a
SHA512 7ef3241403be18ef812577705e2b7616e39387440eb89032a042d048ba94bfed5001672918c42a4cc63ae31818c464f5f78629c183c298e1ab8e204243d0066b

C:\Windows\system\YldWnrb.exe

MD5 0f2c67e567205a01b0b83cca5a22eeed
SHA1 b6689b21448920c81e62fb36fdbf68b9a1d3015b
SHA256 4c7fc61900b84bc2696bc55440f4325e0686381cd3ab9149354ad870d16d1367
SHA512 a51c2bd2603177202fc7e1c27b7bbeea7f2ebe495daeb03f5363f055d3453a16542bde66593f8baa3ef2640d9c902de27ad08fade523817c6075d468e5dff5fd

C:\Windows\system\ZOcnSQf.exe

MD5 aaa791e2b7cae3bb74cdca07c102e68b
SHA1 bdd618596292bf09502c52929315c971a62015ff
SHA256 415fcc830a31f8d395c45c4412026fd8ee67050a0ca839f958fc1bd2e3d456f4
SHA512 dc0864564ae9d807b289f85d79aff94d41b4297ab6459ae171d9de99691ff2b8950dde3f2533b9ece1fd385632e089d3e42d36bbf3683d23467cd36b13f5eaa3

memory/2428-1054-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2712-516-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

C:\Windows\system\WBYpBYH.exe

MD5 d781c35e065462c923043953436dd909
SHA1 bcd7677097fb7e660a6797834be02faf4058d85e
SHA256 89b57909f90d560c3eab5aca3297db5707173c4f892bb26d00f239a2e6b07fb5
SHA512 2d7a6019468a18a508040d5471491a41732f78f82a136c2506c2f5943d174573adcf9bc370f6a7064b0e1af0b0951587fbb4920365e6acc849ec1e4e87a318b6

C:\Windows\system\gWGQrlN.exe

MD5 6c9734536debe973c0d3b0a2fb33976e
SHA1 6f70fa50e87dd17d25dccf6ae268bb33e991b09f
SHA256 6cdf4595f887fef8378bf741f9c25751b9622c2e601e99efd14d662e1fe6d764
SHA512 a727ce7a766fac48f37527de1ec03a9825006f346ab0a9efd0bf8986e3ba7915a21a7d0cd05633da755bbb6ea3398d8a55758ec0dee51aa841a5b30bd04de9e0

C:\Windows\system\HSRILwI.exe

MD5 393f6a0a8e426c379b73f642d71cdfc1
SHA1 3f7ed918b517e3c1d8658f3946d0def5e4b0bdea
SHA256 4c0afeeea8f5e50dbad7136fcf55b2e2d96b01caf15a434186efb66a7c1f92e0
SHA512 66332e31e3a971640948afbfb55052b0aa34cf6d361a9e12e37f4a5fe60936fc0a8d678de630cb62c6235763e99d14ec2591971ae4e53bf4c6fe398720e97b61

\Windows\system\OhULkgL.exe

MD5 45bf935dc8b8a14a7cee12df8f5442d4
SHA1 ee6fdc89a3bb1bf81d1254988317af796a0bebaa
SHA256 623661426e35b0b3796b92ace605ab463fb5f45aa66d1d7b67f1d6df9e66312c
SHA512 3d21a238cd84b4d89b7ea3257637f893de1724bd600d62fe3f972234cb408c53876a20cc914208f8f7a94c60709aa06c78722828250f582921f009f8b10eeca9

\Windows\system\yuYUAxx.exe

MD5 451add461f54ac8478825424fcd5a5e2
SHA1 bd557c7931d965c30dbbea8d6ee05e240c563c18
SHA256 a9c2aec53c70aa2b6567ffb395161a89cd8525d5ff4392544c6a7f46db527903
SHA512 ed607f881b9324161078304295d8e9c2b9ab32c9f9e2f83d424f1dcebf8c7207e30c446e0c15b14231bf8123172256608af3d94dc54d9dd18d1b2054a34dd75c

\Windows\system\DGNkMcm.exe

MD5 705480460e00b61a5b30fce41dea56f4
SHA1 eec47d20549cdab65681a4bc546390edefadcb66
SHA256 ee8f63b1be568c9c5363a60bb3ae8a5d89168afdaf8e4f2e4805969125ccb84b
SHA512 0e8c07b1cc2f5df4390677814a4f3600a612501ef0f2400055ee9350102d217293da6bf8d1bf9f79dfc96c656acead2e8d7ad7c1deaf3d6c7ec26064f1af287b

C:\Windows\system\wdwOIHt.exe

MD5 e1999f68d9cf7e6315dfd161b279b540
SHA1 e3f328d7a7b259a99c5a95e77f4c17b8691318bc
SHA256 7c537104b31f40a1ab4f6bd7badbf76312efb5458ca73717f4932eb752dac1ff
SHA512 5a78ee0a84fccbc65dca6e31cf560fafa9c8c79f2a774012df2ce12da65834c22a3e6116cecefed5af56fdaec952a2a412036180eda136d815165c82194198f1

\Windows\system\KWpdYpu.exe

MD5 ac0b5bce608ef44758e48e9a61b42630
SHA1 893d014ecab523faba940150638c051442372546
SHA256 8ee6ab7f573730bbaab92a12301929b86e6e84bde877682bb2e5cf88c2c06c96
SHA512 ab013bb3663734915e83a3438f73264cc1f822e24aa11e4f0186e20a492ba21a8055137a3c474e9b82e9768c05d3c696485c09ce5793653f398efe1535220181

C:\Windows\system\AwySLdC.exe

MD5 79c5e6320d0800ba0c772ed52eb54a45
SHA1 e87c9f636b834db4b0840be3b424b053415e3abc
SHA256 aab1f2c5e3cbef0b3a620adf87780d6ea6162a13409b66150eaf3e7f3fcf313b
SHA512 a9fbca5978284313c5a73e7fc2b2981da6bc226afb4ed4f99b3b383f0a3d78cd25c2cd563ef763271eae3af46f6da245158f15dd5705fd7db376cbc82782fa7b

\Windows\system\sLtHuAy.exe

MD5 246118747937cb627c0798698f0a0bc8
SHA1 70ecdbf8defe149e76a395ffcc83beb3a1af2df7
SHA256 55cd6333215e400c3f48103bc1a0df5a17d64941877e75c07d33e556c67f76de
SHA512 b127ee9db4569d7cb3b0cd6e4785dab6e8890433f23aadfabce5525a9883fc68421dd39ecce65609f7a632c3c4fb70bfe946ec8c82b0b3e824e6e45c2cb12f25

C:\Windows\system\GZBQfDg.exe

MD5 fcf97d025a20b3f0f614ee50264d3ecf
SHA1 b84a9b81d5de8f4f8007887e180550e9949af600
SHA256 080ffbed18fb3a46c59d7004cfaee10405eba1c52758fcdc478ca70b9b34028c
SHA512 e3a5adceabd8e40964900ce58f8dd10e46102e7f3d6c4981316c41d123c762bc1be9cff262dcb4e77a06f1f56602c402b529c3bf9207b12e24991e31eb97f5e5

C:\Windows\system\yqXhWyn.exe

MD5 f2908d38d9773efb563cc111cd7ae957
SHA1 a14bdf80fbe6973d4d04815a57c0c7a79cf3f4a9
SHA256 f3d756fd00d98ac9653e61833ff05a495cf82ead19442202d847fa5eebe1aebe
SHA512 ac3e51bb830824b0e2732195ed1bf013deffe885b0a0606f661bc9c1687942a365d96f0dc98f37fab0890a2cd5030973370abb26e56286d58117374774c4d0a2

C:\Windows\system\RBAXXXW.exe

MD5 53cf4accf55414b754aa3d039eb215ca
SHA1 993476e0626b59fa76955b0c1155986f9de3208e
SHA256 5bc4cfe84265a1b8d84491a3f75ffebeea200f4edc16ea0fb68b4714672f3430
SHA512 76defd392be086e6b4ebc142dcb16a1966a92bcf4697f43ca32841b9e1eb01ad9456b18a374af1ecc9bab326c7bbab30b7cb0ce834eaafa386ab2bc2c4fb2d9c

C:\Windows\system\YSPVpTq.exe

MD5 ff8c099baea4ec367fdf559a613b01f9
SHA1 bf4199ab8d10594894e58aa9ab80afec67b74225
SHA256 f51a4ff0283f1f7720aff4ebe085bb14d2c99f128254e06c2d11e97ddc9d4079
SHA512 747709ffc0442231bd2e281019893d6f14f9e314a020878972ed398ee52ae27ee55c227f61088dc10c4f4dc1ee7edf648b056e40964df153ce87dd6b8d522340

C:\Windows\system\dzhSclM.exe

MD5 25411ac6e56dadcdb1dd5f557726c8fa
SHA1 c59a6ae9d1faae272fad7b927dc9749b7179eb1a
SHA256 f16ffd6c3ff9c775214888c552f788ecaf777b42eebf98909461e36ecbe0b092
SHA512 61d23a6245e38d3c47be181e3736723b4a7de30b2a764b175aed11f5c38cc4d10c96364809761d8f024cd402248b26f49b82852b6adf68b08be8982151a266d1

C:\Windows\system\xuLnxwq.exe

MD5 260e3eb3cd966c015b7ceb9bf10f4cc2
SHA1 2f16db3fd13ba3b838b4dfe89fc335576f6d2b04
SHA256 07ced9ecec50ca2c69169231eb4f52aaacb8b819a913672e16800adbf98ee43f
SHA512 2e98060cc02bc4b33dfc0d2375f5594e69b13ca815beaf490e574e0f95089418158b294f6e818fb13a4cf3376c73db2d863d18fe8af47fa9229ff6ceca0c3999

memory/2916-1105-0x0000000001F90000-0x00000000022E1000-memory.dmp

C:\Windows\system\kMJRRcD.exe

MD5 1451ea7c8e270d01a0cf747e5b173da7
SHA1 03960bc3b68d0f0ac612913bab02285fd3ffe592
SHA256 72c3471a6ec85d15b2e1d3ce414d86e9548c009e76808a710591b0a2eb19a03c
SHA512 62309d38c0f896df2ecee6b351884d383840c683729eecd18e614f1766c67281ebd379bda476cfb3e60c6ad0e7a761e3da2dcc967c9bff37707be1bbc6662b67

memory/2856-106-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/2956-86-0x000000013FE90000-0x00000001401E1000-memory.dmp

C:\Windows\system\czQSHPj.exe

MD5 612d83da6c341e6e93dc1fc3d5ed8be3
SHA1 9ca7b4a2cca9159e973409783cc86235e5c171d8
SHA256 4017bc6cc5fb5219d0b27701709fbcec39047725276ae24091e52bcfe6c5c025
SHA512 3c3915cf20187e272f587dc94f655bd590ee419e0d4c7908dd48a8396bbe43b7509a3312a49975a5fd337e9371161f6451741d6eebbe6be9cb8e7ef1c5f3d30f

memory/2916-105-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/1728-103-0x000000013F860000-0x000000013FBB1000-memory.dmp

memory/2916-102-0x000000013F960000-0x000000013FCB1000-memory.dmp

C:\Windows\system\uNlhfVZ.exe

MD5 b7ba6e6384796a2693cc0a9bdaa55c10
SHA1 dc9bd884ce7319b1034f00bc1e5d29fbe9abce3e
SHA256 fc916c225fb0a4fb8a49fc1f660b67a4e7b4c3337a88c945c710c3dee8e2e6aa
SHA512 d6f27349641b983546986debd7c1ea1d2dee4a1301e399e4b7419832c520a791e0f86f256f8da0d2a916799187d1b3c70ced8f7366fea8e50ac0e638ae06244a

memory/2768-98-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2916-97-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2916-83-0x0000000001F90000-0x00000000022E1000-memory.dmp

C:\Windows\system\wqcUddS.exe

MD5 4bf39ad028c4d2fe3657d578815fe305
SHA1 fb87ab8c6f9d2eb239f11d2a17e9586545ec3471
SHA256 3cd06803d9112a2a599ef99c22f98064ad597caeeb864592fbf4b1a40df841ef
SHA512 6b14f299befb3b331527d1c91d12e72f565eb6b189c361dcf33b1a7e85689ef82d569f99d2924d1f4cc51a65ea72c36937b4e2abae1908666b3a981fbeb39fe8

memory/2484-82-0x000000013FF60000-0x00000001402B1000-memory.dmp

memory/2916-81-0x0000000001F90000-0x00000000022E1000-memory.dmp

memory/2416-80-0x000000013FFC0000-0x0000000140311000-memory.dmp

memory/2916-78-0x0000000001F90000-0x00000000022E1000-memory.dmp

memory/2916-76-0x000000013FD60000-0x00000001400B1000-memory.dmp

memory/2916-63-0x000000013F9D0000-0x000000013FD21000-memory.dmp

memory/2940-57-0x000000013F450000-0x000000013F7A1000-memory.dmp

memory/2916-56-0x000000013F450000-0x000000013F7A1000-memory.dmp

memory/2916-49-0x000000013F8B0000-0x000000013FC01000-memory.dmp

memory/2428-42-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2916-41-0x000000013FA00000-0x000000013FD51000-memory.dmp

C:\Windows\system\liDbaRK.exe

MD5 eab03d408626d1332b4d7001644372fb
SHA1 79190ff2106d0d7d8eb1979be07d05c14c30d5af
SHA256 ef16d99f3b682f3d9dce7cae537a49b2d84859bcb4325035f7c2a14d074b6d8d
SHA512 8073a80f68f8977aeb0b890bed24070dc604de291cf0c1be4baa3f60618a72c3020297c33f5a605893f0dfd972dd4fc64dd525ecebb07b9142af357040110691

memory/2712-36-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

memory/2916-34-0x0000000001F90000-0x00000000022E1000-memory.dmp

memory/1728-29-0x000000013F860000-0x000000013FBB1000-memory.dmp

memory/2916-27-0x000000013F860000-0x000000013FBB1000-memory.dmp

memory/2916-1122-0x0000000001F90000-0x00000000022E1000-memory.dmp

memory/2956-1139-0x000000013FE90000-0x00000001401E1000-memory.dmp

memory/2916-1140-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2916-1141-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/768-1175-0x000000013FA30000-0x000000013FD81000-memory.dmp

memory/3028-1177-0x000000013FB10000-0x000000013FE61000-memory.dmp

memory/3056-1179-0x000000013F320000-0x000000013F671000-memory.dmp

memory/1728-1181-0x000000013F860000-0x000000013FBB1000-memory.dmp

memory/2712-1183-0x000000013FCA0000-0x000000013FFF1000-memory.dmp

memory/2536-1187-0x000000013F8B0000-0x000000013FC01000-memory.dmp

memory/2428-1186-0x000000013FA00000-0x000000013FD51000-memory.dmp

memory/2940-1189-0x000000013F450000-0x000000013F7A1000-memory.dmp

memory/2588-1191-0x000000013F9D0000-0x000000013FD21000-memory.dmp

memory/2416-1193-0x000000013FFC0000-0x0000000140311000-memory.dmp

memory/2484-1195-0x000000013FF60000-0x00000001402B1000-memory.dmp

memory/2956-1197-0x000000013FE90000-0x00000001401E1000-memory.dmp

memory/2768-1199-0x000000013F830000-0x000000013FB81000-memory.dmp

memory/2856-1201-0x000000013F3B0000-0x000000013F701000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 22:44

Reported

2024-05-30 22:46

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\DABdPpt.exe N/A
N/A N/A C:\Windows\System\rrBIbHe.exe N/A
N/A N/A C:\Windows\System\ZbOZrBg.exe N/A
N/A N/A C:\Windows\System\yAbVXPC.exe N/A
N/A N/A C:\Windows\System\jFPdrTR.exe N/A
N/A N/A C:\Windows\System\VizWhkk.exe N/A
N/A N/A C:\Windows\System\vLADSGT.exe N/A
N/A N/A C:\Windows\System\uCOzJDu.exe N/A
N/A N/A C:\Windows\System\WzUPUqF.exe N/A
N/A N/A C:\Windows\System\FebFtCG.exe N/A
N/A N/A C:\Windows\System\QPsCmVq.exe N/A
N/A N/A C:\Windows\System\cZMInpS.exe N/A
N/A N/A C:\Windows\System\uzAgxjE.exe N/A
N/A N/A C:\Windows\System\PVnrjVP.exe N/A
N/A N/A C:\Windows\System\ttWeacB.exe N/A
N/A N/A C:\Windows\System\pIKaCaW.exe N/A
N/A N/A C:\Windows\System\WLHvapt.exe N/A
N/A N/A C:\Windows\System\HvjkrwD.exe N/A
N/A N/A C:\Windows\System\JoTKxzG.exe N/A
N/A N/A C:\Windows\System\xEoaVos.exe N/A
N/A N/A C:\Windows\System\fksdoev.exe N/A
N/A N/A C:\Windows\System\EPeqkIt.exe N/A
N/A N/A C:\Windows\System\idZPWIf.exe N/A
N/A N/A C:\Windows\System\ANOAnyi.exe N/A
N/A N/A C:\Windows\System\sOOmbGq.exe N/A
N/A N/A C:\Windows\System\dlHZXgY.exe N/A
N/A N/A C:\Windows\System\tdyfBET.exe N/A
N/A N/A C:\Windows\System\eHOVytx.exe N/A
N/A N/A C:\Windows\System\PeFHCvi.exe N/A
N/A N/A C:\Windows\System\zvRoUNV.exe N/A
N/A N/A C:\Windows\System\OsLTLwf.exe N/A
N/A N/A C:\Windows\System\rMUBBoh.exe N/A
N/A N/A C:\Windows\System\yjOubWw.exe N/A
N/A N/A C:\Windows\System\DOyAGEU.exe N/A
N/A N/A C:\Windows\System\daCmnSZ.exe N/A
N/A N/A C:\Windows\System\wjYCbIr.exe N/A
N/A N/A C:\Windows\System\GGsIFPV.exe N/A
N/A N/A C:\Windows\System\unOqFIv.exe N/A
N/A N/A C:\Windows\System\esFmZIZ.exe N/A
N/A N/A C:\Windows\System\cEFxkjF.exe N/A
N/A N/A C:\Windows\System\WfZbVTK.exe N/A
N/A N/A C:\Windows\System\zMtPOjG.exe N/A
N/A N/A C:\Windows\System\eqTYtYw.exe N/A
N/A N/A C:\Windows\System\HzTgbgI.exe N/A
N/A N/A C:\Windows\System\LPIHJYW.exe N/A
N/A N/A C:\Windows\System\SaHYKUP.exe N/A
N/A N/A C:\Windows\System\kOvZkmc.exe N/A
N/A N/A C:\Windows\System\mFPOwRR.exe N/A
N/A N/A C:\Windows\System\CxhSGFb.exe N/A
N/A N/A C:\Windows\System\OQFzqFQ.exe N/A
N/A N/A C:\Windows\System\twxVbFO.exe N/A
N/A N/A C:\Windows\System\gRDvcQa.exe N/A
N/A N/A C:\Windows\System\CtYmbHP.exe N/A
N/A N/A C:\Windows\System\haTZvqy.exe N/A
N/A N/A C:\Windows\System\CZJcbxZ.exe N/A
N/A N/A C:\Windows\System\wvHpVAh.exe N/A
N/A N/A C:\Windows\System\QMETJDv.exe N/A
N/A N/A C:\Windows\System\nOLdprO.exe N/A
N/A N/A C:\Windows\System\gzHRTSs.exe N/A
N/A N/A C:\Windows\System\FlrqcOO.exe N/A
N/A N/A C:\Windows\System\bEPTvmA.exe N/A
N/A N/A C:\Windows\System\XTGxQZj.exe N/A
N/A N/A C:\Windows\System\oayXLRP.exe N/A
N/A N/A C:\Windows\System\zcuizrR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JdgEWlX.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\gLCRmss.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzHRTSs.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHHfhZG.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\CiJduiq.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnGMemn.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCpQHrF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\vgyggbI.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjDYqkQ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\WBNmeav.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\lcUIQpg.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFLPdRs.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvRoUNV.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPIVDWN.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXDCVmA.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZbOZrBg.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\lACGqnJ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\GANzLRk.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\XCrYNGB.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\UCMOQsB.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIzpyaU.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\epiWNOw.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\EIRwmkk.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\awCqiTS.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\zsyaOMg.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRICObh.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUocRme.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\wrjUaGR.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\FWTalxM.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwBEKdE.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJVbsne.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzAgxjE.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOyAGEU.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\fOdVmDr.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\yrvEgLZ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMaRHSz.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\jFPdrTR.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKnrOsP.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\fRgqgzs.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\bEPTvmA.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\lnWvUHx.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\bgZgpBM.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\KoBvjzm.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\iPwxxrm.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsLTLwf.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZJcbxZ.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\HyQisCL.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\CHlxYiD.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaZvmAG.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrBIbHe.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\yznIXPD.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\DBznZqz.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\eaRvSsP.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzqfexL.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMETJDv.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\BiRUnPq.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\mqsvfsx.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRVCphF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFYgPDY.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpFqBLm.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYdgmAt.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDmgFDF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwvVQkq.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrekqeF.exe C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 540 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\DABdPpt.exe
PID 540 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\DABdPpt.exe
PID 540 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\rrBIbHe.exe
PID 540 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\rrBIbHe.exe
PID 540 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ZbOZrBg.exe
PID 540 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ZbOZrBg.exe
PID 540 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\yAbVXPC.exe
PID 540 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\yAbVXPC.exe
PID 540 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\jFPdrTR.exe
PID 540 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\jFPdrTR.exe
PID 540 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\VizWhkk.exe
PID 540 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\VizWhkk.exe
PID 540 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\vLADSGT.exe
PID 540 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\vLADSGT.exe
PID 540 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uCOzJDu.exe
PID 540 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uCOzJDu.exe
PID 540 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WzUPUqF.exe
PID 540 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WzUPUqF.exe
PID 540 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\FebFtCG.exe
PID 540 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\FebFtCG.exe
PID 540 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\QPsCmVq.exe
PID 540 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\QPsCmVq.exe
PID 540 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\cZMInpS.exe
PID 540 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\cZMInpS.exe
PID 540 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uzAgxjE.exe
PID 540 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\uzAgxjE.exe
PID 540 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PVnrjVP.exe
PID 540 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PVnrjVP.exe
PID 540 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ttWeacB.exe
PID 540 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ttWeacB.exe
PID 540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\pIKaCaW.exe
PID 540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\pIKaCaW.exe
PID 540 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ANOAnyi.exe
PID 540 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\ANOAnyi.exe
PID 540 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WLHvapt.exe
PID 540 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\WLHvapt.exe
PID 540 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\tdyfBET.exe
PID 540 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\tdyfBET.exe
PID 540 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\HvjkrwD.exe
PID 540 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\HvjkrwD.exe
PID 540 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\JoTKxzG.exe
PID 540 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\JoTKxzG.exe
PID 540 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\xEoaVos.exe
PID 540 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\xEoaVos.exe
PID 540 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\fksdoev.exe
PID 540 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\fksdoev.exe
PID 540 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\EPeqkIt.exe
PID 540 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\EPeqkIt.exe
PID 540 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\idZPWIf.exe
PID 540 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\idZPWIf.exe
PID 540 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\sOOmbGq.exe
PID 540 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\sOOmbGq.exe
PID 540 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\zvRoUNV.exe
PID 540 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\zvRoUNV.exe
PID 540 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\dlHZXgY.exe
PID 540 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\dlHZXgY.exe
PID 540 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PeFHCvi.exe
PID 540 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\PeFHCvi.exe
PID 540 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\eHOVytx.exe
PID 540 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\eHOVytx.exe
PID 540 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\OsLTLwf.exe
PID 540 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\OsLTLwf.exe
PID 540 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\rMUBBoh.exe
PID 540 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe C:\Windows\System\rMUBBoh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6b638dee12b9cddcfa72872596a11230_NeikiAnalytics.exe"

C:\Windows\System\DABdPpt.exe

C:\Windows\System\DABdPpt.exe

C:\Windows\System\rrBIbHe.exe

C:\Windows\System\rrBIbHe.exe

C:\Windows\System\ZbOZrBg.exe

C:\Windows\System\ZbOZrBg.exe

C:\Windows\System\yAbVXPC.exe

C:\Windows\System\yAbVXPC.exe

C:\Windows\System\jFPdrTR.exe

C:\Windows\System\jFPdrTR.exe

C:\Windows\System\VizWhkk.exe

C:\Windows\System\VizWhkk.exe

C:\Windows\System\vLADSGT.exe

C:\Windows\System\vLADSGT.exe

C:\Windows\System\uCOzJDu.exe

C:\Windows\System\uCOzJDu.exe

C:\Windows\System\WzUPUqF.exe

C:\Windows\System\WzUPUqF.exe

C:\Windows\System\FebFtCG.exe

C:\Windows\System\FebFtCG.exe

C:\Windows\System\QPsCmVq.exe

C:\Windows\System\QPsCmVq.exe

C:\Windows\System\cZMInpS.exe

C:\Windows\System\cZMInpS.exe

C:\Windows\System\uzAgxjE.exe

C:\Windows\System\uzAgxjE.exe

C:\Windows\System\PVnrjVP.exe

C:\Windows\System\PVnrjVP.exe

C:\Windows\System\ttWeacB.exe

C:\Windows\System\ttWeacB.exe

C:\Windows\System\pIKaCaW.exe

C:\Windows\System\pIKaCaW.exe

C:\Windows\System\ANOAnyi.exe

C:\Windows\System\ANOAnyi.exe

C:\Windows\System\WLHvapt.exe

C:\Windows\System\WLHvapt.exe

C:\Windows\System\tdyfBET.exe

C:\Windows\System\tdyfBET.exe

C:\Windows\System\HvjkrwD.exe

C:\Windows\System\HvjkrwD.exe

C:\Windows\System\JoTKxzG.exe

C:\Windows\System\JoTKxzG.exe

C:\Windows\System\xEoaVos.exe

C:\Windows\System\xEoaVos.exe

C:\Windows\System\fksdoev.exe

C:\Windows\System\fksdoev.exe

C:\Windows\System\EPeqkIt.exe

C:\Windows\System\EPeqkIt.exe

C:\Windows\System\idZPWIf.exe

C:\Windows\System\idZPWIf.exe

C:\Windows\System\sOOmbGq.exe

C:\Windows\System\sOOmbGq.exe

C:\Windows\System\zvRoUNV.exe

C:\Windows\System\zvRoUNV.exe

C:\Windows\System\dlHZXgY.exe

C:\Windows\System\dlHZXgY.exe

C:\Windows\System\PeFHCvi.exe

C:\Windows\System\PeFHCvi.exe

C:\Windows\System\eHOVytx.exe

C:\Windows\System\eHOVytx.exe

C:\Windows\System\OsLTLwf.exe

C:\Windows\System\OsLTLwf.exe

C:\Windows\System\rMUBBoh.exe

C:\Windows\System\rMUBBoh.exe

C:\Windows\System\yjOubWw.exe

C:\Windows\System\yjOubWw.exe

C:\Windows\System\DOyAGEU.exe

C:\Windows\System\DOyAGEU.exe

C:\Windows\System\daCmnSZ.exe

C:\Windows\System\daCmnSZ.exe

C:\Windows\System\wjYCbIr.exe

C:\Windows\System\wjYCbIr.exe

C:\Windows\System\GGsIFPV.exe

C:\Windows\System\GGsIFPV.exe

C:\Windows\System\eqTYtYw.exe

C:\Windows\System\eqTYtYw.exe

C:\Windows\System\unOqFIv.exe

C:\Windows\System\unOqFIv.exe

C:\Windows\System\esFmZIZ.exe

C:\Windows\System\esFmZIZ.exe

C:\Windows\System\cEFxkjF.exe

C:\Windows\System\cEFxkjF.exe

C:\Windows\System\WfZbVTK.exe

C:\Windows\System\WfZbVTK.exe

C:\Windows\System\zMtPOjG.exe

C:\Windows\System\zMtPOjG.exe

C:\Windows\System\HzTgbgI.exe

C:\Windows\System\HzTgbgI.exe

C:\Windows\System\LPIHJYW.exe

C:\Windows\System\LPIHJYW.exe

C:\Windows\System\SaHYKUP.exe

C:\Windows\System\SaHYKUP.exe

C:\Windows\System\kOvZkmc.exe

C:\Windows\System\kOvZkmc.exe

C:\Windows\System\mFPOwRR.exe

C:\Windows\System\mFPOwRR.exe

C:\Windows\System\CxhSGFb.exe

C:\Windows\System\CxhSGFb.exe

C:\Windows\System\OQFzqFQ.exe

C:\Windows\System\OQFzqFQ.exe

C:\Windows\System\twxVbFO.exe

C:\Windows\System\twxVbFO.exe

C:\Windows\System\gRDvcQa.exe

C:\Windows\System\gRDvcQa.exe

C:\Windows\System\CtYmbHP.exe

C:\Windows\System\CtYmbHP.exe

C:\Windows\System\haTZvqy.exe

C:\Windows\System\haTZvqy.exe

C:\Windows\System\CZJcbxZ.exe

C:\Windows\System\CZJcbxZ.exe

C:\Windows\System\wvHpVAh.exe

C:\Windows\System\wvHpVAh.exe

C:\Windows\System\QMETJDv.exe

C:\Windows\System\QMETJDv.exe

C:\Windows\System\nOLdprO.exe

C:\Windows\System\nOLdprO.exe

C:\Windows\System\gzHRTSs.exe

C:\Windows\System\gzHRTSs.exe

C:\Windows\System\FlrqcOO.exe

C:\Windows\System\FlrqcOO.exe

C:\Windows\System\bEPTvmA.exe

C:\Windows\System\bEPTvmA.exe

C:\Windows\System\XTGxQZj.exe

C:\Windows\System\XTGxQZj.exe

C:\Windows\System\oayXLRP.exe

C:\Windows\System\oayXLRP.exe

C:\Windows\System\zcuizrR.exe

C:\Windows\System\zcuizrR.exe

C:\Windows\System\nSUjbFb.exe

C:\Windows\System\nSUjbFb.exe

C:\Windows\System\vPahaDV.exe

C:\Windows\System\vPahaDV.exe

C:\Windows\System\hrekqeF.exe

C:\Windows\System\hrekqeF.exe

C:\Windows\System\TAPOLWM.exe

C:\Windows\System\TAPOLWM.exe

C:\Windows\System\jcjWoMS.exe

C:\Windows\System\jcjWoMS.exe

C:\Windows\System\NENNPgs.exe

C:\Windows\System\NENNPgs.exe

C:\Windows\System\OfZEbrG.exe

C:\Windows\System\OfZEbrG.exe

C:\Windows\System\UkqQZSZ.exe

C:\Windows\System\UkqQZSZ.exe

C:\Windows\System\HjpwxZZ.exe

C:\Windows\System\HjpwxZZ.exe

C:\Windows\System\gzDUEwC.exe

C:\Windows\System\gzDUEwC.exe

C:\Windows\System\xmJkXav.exe

C:\Windows\System\xmJkXav.exe

C:\Windows\System\awCqiTS.exe

C:\Windows\System\awCqiTS.exe

C:\Windows\System\vAgrXvp.exe

C:\Windows\System\vAgrXvp.exe

C:\Windows\System\LIzpyaU.exe

C:\Windows\System\LIzpyaU.exe

C:\Windows\System\fxjlvUx.exe

C:\Windows\System\fxjlvUx.exe

C:\Windows\System\vgyggbI.exe

C:\Windows\System\vgyggbI.exe

C:\Windows\System\iwUPGxi.exe

C:\Windows\System\iwUPGxi.exe

C:\Windows\System\PVpSBtv.exe

C:\Windows\System\PVpSBtv.exe

C:\Windows\System\naVuFaJ.exe

C:\Windows\System\naVuFaJ.exe

C:\Windows\System\pjDYqkQ.exe

C:\Windows\System\pjDYqkQ.exe

C:\Windows\System\YFOwzSi.exe

C:\Windows\System\YFOwzSi.exe

C:\Windows\System\PfVeLvV.exe

C:\Windows\System\PfVeLvV.exe

C:\Windows\System\abscKiY.exe

C:\Windows\System\abscKiY.exe

C:\Windows\System\XgncQhb.exe

C:\Windows\System\XgncQhb.exe

C:\Windows\System\ubWWpXp.exe

C:\Windows\System\ubWWpXp.exe

C:\Windows\System\dHHfhZG.exe

C:\Windows\System\dHHfhZG.exe

C:\Windows\System\CiJduiq.exe

C:\Windows\System\CiJduiq.exe

C:\Windows\System\uvBJGaq.exe

C:\Windows\System\uvBJGaq.exe

C:\Windows\System\QCaIQZX.exe

C:\Windows\System\QCaIQZX.exe

C:\Windows\System\cgFguxU.exe

C:\Windows\System\cgFguxU.exe

C:\Windows\System\vNPHYTP.exe

C:\Windows\System\vNPHYTP.exe

C:\Windows\System\hBvvNDV.exe

C:\Windows\System\hBvvNDV.exe

C:\Windows\System\lmMkKqm.exe

C:\Windows\System\lmMkKqm.exe

C:\Windows\System\DsrnVwT.exe

C:\Windows\System\DsrnVwT.exe

C:\Windows\System\YJNjeXG.exe

C:\Windows\System\YJNjeXG.exe

C:\Windows\System\UpnLvuF.exe

C:\Windows\System\UpnLvuF.exe

C:\Windows\System\zGwwYSp.exe

C:\Windows\System\zGwwYSp.exe

C:\Windows\System\wuojaWk.exe

C:\Windows\System\wuojaWk.exe

C:\Windows\System\qOvCrRt.exe

C:\Windows\System\qOvCrRt.exe

C:\Windows\System\zFhNCbF.exe

C:\Windows\System\zFhNCbF.exe

C:\Windows\System\RkQoyib.exe

C:\Windows\System\RkQoyib.exe

C:\Windows\System\mpeeFUV.exe

C:\Windows\System\mpeeFUV.exe

C:\Windows\System\hlIZuaK.exe

C:\Windows\System\hlIZuaK.exe

C:\Windows\System\BKWYjLS.exe

C:\Windows\System\BKWYjLS.exe

C:\Windows\System\yznIXPD.exe

C:\Windows\System\yznIXPD.exe

C:\Windows\System\eYEXCyS.exe

C:\Windows\System\eYEXCyS.exe

C:\Windows\System\VvOccpc.exe

C:\Windows\System\VvOccpc.exe

C:\Windows\System\BiRUnPq.exe

C:\Windows\System\BiRUnPq.exe

C:\Windows\System\mPpphjK.exe

C:\Windows\System\mPpphjK.exe

C:\Windows\System\advrkQS.exe

C:\Windows\System\advrkQS.exe

C:\Windows\System\SLXRQDc.exe

C:\Windows\System\SLXRQDc.exe

C:\Windows\System\cnGMemn.exe

C:\Windows\System\cnGMemn.exe

C:\Windows\System\mqsvfsx.exe

C:\Windows\System\mqsvfsx.exe

C:\Windows\System\JQuRtnO.exe

C:\Windows\System\JQuRtnO.exe

C:\Windows\System\wEVhWlI.exe

C:\Windows\System\wEVhWlI.exe

C:\Windows\System\yqTxVlE.exe

C:\Windows\System\yqTxVlE.exe

C:\Windows\System\wedQYOj.exe

C:\Windows\System\wedQYOj.exe

C:\Windows\System\lACGqnJ.exe

C:\Windows\System\lACGqnJ.exe

C:\Windows\System\EHHKnBE.exe

C:\Windows\System\EHHKnBE.exe

C:\Windows\System\OXFgdAe.exe

C:\Windows\System\OXFgdAe.exe

C:\Windows\System\LrzpQFB.exe

C:\Windows\System\LrzpQFB.exe

C:\Windows\System\aMNDayU.exe

C:\Windows\System\aMNDayU.exe

C:\Windows\System\yCwXomr.exe

C:\Windows\System\yCwXomr.exe

C:\Windows\System\devQUrg.exe

C:\Windows\System\devQUrg.exe

C:\Windows\System\nQkxcAx.exe

C:\Windows\System\nQkxcAx.exe

C:\Windows\System\ukfpRjs.exe

C:\Windows\System\ukfpRjs.exe

C:\Windows\System\mpFqBLm.exe

C:\Windows\System\mpFqBLm.exe

C:\Windows\System\iTccmbe.exe

C:\Windows\System\iTccmbe.exe

C:\Windows\System\xRVCphF.exe

C:\Windows\System\xRVCphF.exe

C:\Windows\System\hdkRveH.exe

C:\Windows\System\hdkRveH.exe

C:\Windows\System\uimmasV.exe

C:\Windows\System\uimmasV.exe

C:\Windows\System\wYdgmAt.exe

C:\Windows\System\wYdgmAt.exe

C:\Windows\System\YGAVghZ.exe

C:\Windows\System\YGAVghZ.exe

C:\Windows\System\tStlqiv.exe

C:\Windows\System\tStlqiv.exe

C:\Windows\System\MkuFxal.exe

C:\Windows\System\MkuFxal.exe

C:\Windows\System\cjqwybJ.exe

C:\Windows\System\cjqwybJ.exe

C:\Windows\System\NfXJlSY.exe

C:\Windows\System\NfXJlSY.exe

C:\Windows\System\zqszvss.exe

C:\Windows\System\zqszvss.exe

C:\Windows\System\RoNoqOI.exe

C:\Windows\System\RoNoqOI.exe

C:\Windows\System\fOdVmDr.exe

C:\Windows\System\fOdVmDr.exe

C:\Windows\System\ZUuqIRM.exe

C:\Windows\System\ZUuqIRM.exe

C:\Windows\System\rYbHvXG.exe

C:\Windows\System\rYbHvXG.exe

C:\Windows\System\fAuHOUE.exe

C:\Windows\System\fAuHOUE.exe

C:\Windows\System\zClNYxk.exe

C:\Windows\System\zClNYxk.exe

C:\Windows\System\FvINuxj.exe

C:\Windows\System\FvINuxj.exe

C:\Windows\System\lnWvUHx.exe

C:\Windows\System\lnWvUHx.exe

C:\Windows\System\oCpQHrF.exe

C:\Windows\System\oCpQHrF.exe

C:\Windows\System\MKPtcrz.exe

C:\Windows\System\MKPtcrz.exe

C:\Windows\System\WBNmeav.exe

C:\Windows\System\WBNmeav.exe

C:\Windows\System\PFYgPDY.exe

C:\Windows\System\PFYgPDY.exe

C:\Windows\System\yrvEgLZ.exe

C:\Windows\System\yrvEgLZ.exe

C:\Windows\System\sUIdlBv.exe

C:\Windows\System\sUIdlBv.exe

C:\Windows\System\LANElAY.exe

C:\Windows\System\LANElAY.exe

C:\Windows\System\PVydRny.exe

C:\Windows\System\PVydRny.exe

C:\Windows\System\fvHTDXf.exe

C:\Windows\System\fvHTDXf.exe

C:\Windows\System\IYWFBVz.exe

C:\Windows\System\IYWFBVz.exe

C:\Windows\System\bCKvCTE.exe

C:\Windows\System\bCKvCTE.exe

C:\Windows\System\lUfUQwU.exe

C:\Windows\System\lUfUQwU.exe

C:\Windows\System\EuYexER.exe

C:\Windows\System\EuYexER.exe

C:\Windows\System\waDxtJu.exe

C:\Windows\System\waDxtJu.exe

C:\Windows\System\yYAcClW.exe

C:\Windows\System\yYAcClW.exe

C:\Windows\System\ORyLRSn.exe

C:\Windows\System\ORyLRSn.exe

C:\Windows\System\aadOLgp.exe

C:\Windows\System\aadOLgp.exe

C:\Windows\System\HwMtXlK.exe

C:\Windows\System\HwMtXlK.exe

C:\Windows\System\mnnoDjc.exe

C:\Windows\System\mnnoDjc.exe

C:\Windows\System\gJezGsQ.exe

C:\Windows\System\gJezGsQ.exe

C:\Windows\System\RrKhOQH.exe

C:\Windows\System\RrKhOQH.exe

C:\Windows\System\MgCkwUX.exe

C:\Windows\System\MgCkwUX.exe

C:\Windows\System\npuPeGO.exe

C:\Windows\System\npuPeGO.exe

C:\Windows\System\eeqQMNM.exe

C:\Windows\System\eeqQMNM.exe

C:\Windows\System\NITvaGu.exe

C:\Windows\System\NITvaGu.exe

C:\Windows\System\GANzLRk.exe

C:\Windows\System\GANzLRk.exe

C:\Windows\System\fACVSrQ.exe

C:\Windows\System\fACVSrQ.exe

C:\Windows\System\JPcqWDy.exe

C:\Windows\System\JPcqWDy.exe

C:\Windows\System\lcUIQpg.exe

C:\Windows\System\lcUIQpg.exe

C:\Windows\System\QMaRHSz.exe

C:\Windows\System\QMaRHSz.exe

C:\Windows\System\RRcbAtw.exe

C:\Windows\System\RRcbAtw.exe

C:\Windows\System\VhGXkWO.exe

C:\Windows\System\VhGXkWO.exe

C:\Windows\System\fWCcMTH.exe

C:\Windows\System\fWCcMTH.exe

C:\Windows\System\ewzXBuE.exe

C:\Windows\System\ewzXBuE.exe

C:\Windows\System\ksQyyTS.exe

C:\Windows\System\ksQyyTS.exe

C:\Windows\System\wbIpuLF.exe

C:\Windows\System\wbIpuLF.exe

C:\Windows\System\lNrlHQh.exe

C:\Windows\System\lNrlHQh.exe

C:\Windows\System\PEBXEpV.exe

C:\Windows\System\PEBXEpV.exe

C:\Windows\System\xcqCmXA.exe

C:\Windows\System\xcqCmXA.exe

C:\Windows\System\hViFGAX.exe

C:\Windows\System\hViFGAX.exe

C:\Windows\System\JdgEWlX.exe

C:\Windows\System\JdgEWlX.exe

C:\Windows\System\qicJSDQ.exe

C:\Windows\System\qicJSDQ.exe

C:\Windows\System\gZOIAoC.exe

C:\Windows\System\gZOIAoC.exe

C:\Windows\System\XCrYNGB.exe

C:\Windows\System\XCrYNGB.exe

C:\Windows\System\KBHLYLx.exe

C:\Windows\System\KBHLYLx.exe

C:\Windows\System\kqTqzdb.exe

C:\Windows\System\kqTqzdb.exe

C:\Windows\System\praFpNw.exe

C:\Windows\System\praFpNw.exe

C:\Windows\System\lelhCxO.exe

C:\Windows\System\lelhCxO.exe

C:\Windows\System\uhFVXsD.exe

C:\Windows\System\uhFVXsD.exe

C:\Windows\System\HyQisCL.exe

C:\Windows\System\HyQisCL.exe

C:\Windows\System\hZAEKrI.exe

C:\Windows\System\hZAEKrI.exe

C:\Windows\System\IzHOpQR.exe

C:\Windows\System\IzHOpQR.exe

C:\Windows\System\hOtRHTN.exe

C:\Windows\System\hOtRHTN.exe

C:\Windows\System\DFLPdRs.exe

C:\Windows\System\DFLPdRs.exe

C:\Windows\System\NgVCYlP.exe

C:\Windows\System\NgVCYlP.exe

C:\Windows\System\zsyaOMg.exe

C:\Windows\System\zsyaOMg.exe

C:\Windows\System\IztYHVW.exe

C:\Windows\System\IztYHVW.exe

C:\Windows\System\hhzQweo.exe

C:\Windows\System\hhzQweo.exe

C:\Windows\System\bHFCkoO.exe

C:\Windows\System\bHFCkoO.exe

C:\Windows\System\YdTYtmS.exe

C:\Windows\System\YdTYtmS.exe

C:\Windows\System\RoDbWiA.exe

C:\Windows\System\RoDbWiA.exe

C:\Windows\System\VlHyDvc.exe

C:\Windows\System\VlHyDvc.exe

C:\Windows\System\tLRoNPd.exe

C:\Windows\System\tLRoNPd.exe

C:\Windows\System\oOlwrAQ.exe

C:\Windows\System\oOlwrAQ.exe

C:\Windows\System\DkmJtaV.exe

C:\Windows\System\DkmJtaV.exe

C:\Windows\System\LaTBMEP.exe

C:\Windows\System\LaTBMEP.exe

C:\Windows\System\ejAeZvf.exe

C:\Windows\System\ejAeZvf.exe

C:\Windows\System\vhLjiUq.exe

C:\Windows\System\vhLjiUq.exe

C:\Windows\System\RRICObh.exe

C:\Windows\System\RRICObh.exe

C:\Windows\System\tJIqhWL.exe

C:\Windows\System\tJIqhWL.exe

C:\Windows\System\AnALKqD.exe

C:\Windows\System\AnALKqD.exe

C:\Windows\System\SmzKlKT.exe

C:\Windows\System\SmzKlKT.exe

C:\Windows\System\YQxwZdO.exe

C:\Windows\System\YQxwZdO.exe

C:\Windows\System\aUocRme.exe

C:\Windows\System\aUocRme.exe

C:\Windows\System\epiWNOw.exe

C:\Windows\System\epiWNOw.exe

C:\Windows\System\BWyAIzx.exe

C:\Windows\System\BWyAIzx.exe

C:\Windows\System\bgZgpBM.exe

C:\Windows\System\bgZgpBM.exe

C:\Windows\System\EHYHNWn.exe

C:\Windows\System\EHYHNWn.exe

C:\Windows\System\vjnBtzQ.exe

C:\Windows\System\vjnBtzQ.exe

C:\Windows\System\EIRwmkk.exe

C:\Windows\System\EIRwmkk.exe

C:\Windows\System\xdxnZoc.exe

C:\Windows\System\xdxnZoc.exe

C:\Windows\System\NsitYvI.exe

C:\Windows\System\NsitYvI.exe

C:\Windows\System\LFEZRCd.exe

C:\Windows\System\LFEZRCd.exe

C:\Windows\System\wupePTd.exe

C:\Windows\System\wupePTd.exe

C:\Windows\System\wrjUaGR.exe

C:\Windows\System\wrjUaGR.exe

C:\Windows\System\qSkiYyX.exe

C:\Windows\System\qSkiYyX.exe

C:\Windows\System\zpntYhi.exe

C:\Windows\System\zpntYhi.exe

C:\Windows\System\yvJVtWA.exe

C:\Windows\System\yvJVtWA.exe

C:\Windows\System\OpmjCAY.exe

C:\Windows\System\OpmjCAY.exe

C:\Windows\System\xAZWvzf.exe

C:\Windows\System\xAZWvzf.exe

C:\Windows\System\XFUKZIh.exe

C:\Windows\System\XFUKZIh.exe

C:\Windows\System\lbgQgxX.exe

C:\Windows\System\lbgQgxX.exe

C:\Windows\System\fHwxkiQ.exe

C:\Windows\System\fHwxkiQ.exe

C:\Windows\System\hVwutwu.exe

C:\Windows\System\hVwutwu.exe

C:\Windows\System\FWTalxM.exe

C:\Windows\System\FWTalxM.exe

C:\Windows\System\pNLQCGk.exe

C:\Windows\System\pNLQCGk.exe

C:\Windows\System\CgNjzHA.exe

C:\Windows\System\CgNjzHA.exe

C:\Windows\System\IDmgFDF.exe

C:\Windows\System\IDmgFDF.exe

C:\Windows\System\YCsxbZQ.exe

C:\Windows\System\YCsxbZQ.exe

C:\Windows\System\KoBvjzm.exe

C:\Windows\System\KoBvjzm.exe

C:\Windows\System\ZUmGLag.exe

C:\Windows\System\ZUmGLag.exe

C:\Windows\System\hBeTunC.exe

C:\Windows\System\hBeTunC.exe

C:\Windows\System\FykKDIf.exe

C:\Windows\System\FykKDIf.exe

C:\Windows\System\ECclTdu.exe

C:\Windows\System\ECclTdu.exe

C:\Windows\System\DPIVDWN.exe

C:\Windows\System\DPIVDWN.exe

C:\Windows\System\NnHMITV.exe

C:\Windows\System\NnHMITV.exe

C:\Windows\System\MdcwNxm.exe

C:\Windows\System\MdcwNxm.exe

C:\Windows\System\CHlxYiD.exe

C:\Windows\System\CHlxYiD.exe

C:\Windows\System\UCMOQsB.exe

C:\Windows\System\UCMOQsB.exe

C:\Windows\System\CNyBvZb.exe

C:\Windows\System\CNyBvZb.exe

C:\Windows\System\LfKiWFR.exe

C:\Windows\System\LfKiWFR.exe

C:\Windows\System\dzqfexL.exe

C:\Windows\System\dzqfexL.exe

C:\Windows\System\xwBEKdE.exe

C:\Windows\System\xwBEKdE.exe

C:\Windows\System\QpFGxwN.exe

C:\Windows\System\QpFGxwN.exe

C:\Windows\System\HHajRHm.exe

C:\Windows\System\HHajRHm.exe

C:\Windows\System\dhEBHlZ.exe

C:\Windows\System\dhEBHlZ.exe

C:\Windows\System\NfoPePm.exe

C:\Windows\System\NfoPePm.exe

C:\Windows\System\ZPhHdsR.exe

C:\Windows\System\ZPhHdsR.exe

C:\Windows\System\gLCRmss.exe

C:\Windows\System\gLCRmss.exe

C:\Windows\System\jVtZoiK.exe

C:\Windows\System\jVtZoiK.exe

C:\Windows\System\SSKNKub.exe

C:\Windows\System\SSKNKub.exe

C:\Windows\System\iekaCKd.exe

C:\Windows\System\iekaCKd.exe

C:\Windows\System\epmPTMm.exe

C:\Windows\System\epmPTMm.exe

C:\Windows\System\IEHXQgj.exe

C:\Windows\System\IEHXQgj.exe

C:\Windows\System\mevSqzd.exe

C:\Windows\System\mevSqzd.exe

C:\Windows\System\LQfYlDX.exe

C:\Windows\System\LQfYlDX.exe

C:\Windows\System\TYBOsdz.exe

C:\Windows\System\TYBOsdz.exe

C:\Windows\System\igUnrna.exe

C:\Windows\System\igUnrna.exe

C:\Windows\System\Cameyek.exe

C:\Windows\System\Cameyek.exe

C:\Windows\System\doRoUch.exe

C:\Windows\System\doRoUch.exe

C:\Windows\System\DJJziOX.exe

C:\Windows\System\DJJziOX.exe

C:\Windows\System\eXawhSO.exe

C:\Windows\System\eXawhSO.exe

C:\Windows\System\GJVbsne.exe

C:\Windows\System\GJVbsne.exe

C:\Windows\System\rKpwzRK.exe

C:\Windows\System\rKpwzRK.exe

C:\Windows\System\rAGLUPz.exe

C:\Windows\System\rAGLUPz.exe

C:\Windows\System\ZqaHgfg.exe

C:\Windows\System\ZqaHgfg.exe

C:\Windows\System\ocseFgU.exe

C:\Windows\System\ocseFgU.exe

C:\Windows\System\uGtrdAx.exe

C:\Windows\System\uGtrdAx.exe

C:\Windows\System\wXDCVmA.exe

C:\Windows\System\wXDCVmA.exe

C:\Windows\System\vVsjjaI.exe

C:\Windows\System\vVsjjaI.exe

C:\Windows\System\oYeEYxw.exe

C:\Windows\System\oYeEYxw.exe

C:\Windows\System\dLuCUVS.exe

C:\Windows\System\dLuCUVS.exe

C:\Windows\System\GoZaQED.exe

C:\Windows\System\GoZaQED.exe

C:\Windows\System\TalNJop.exe

C:\Windows\System\TalNJop.exe

C:\Windows\System\dQdExWH.exe

C:\Windows\System\dQdExWH.exe

C:\Windows\System\sKnrOsP.exe

C:\Windows\System\sKnrOsP.exe

C:\Windows\System\gkuCiWI.exe

C:\Windows\System\gkuCiWI.exe

C:\Windows\System\qhUNvKj.exe

C:\Windows\System\qhUNvKj.exe

C:\Windows\System\cEcpWIs.exe

C:\Windows\System\cEcpWIs.exe

C:\Windows\System\hkGfKbC.exe

C:\Windows\System\hkGfKbC.exe

C:\Windows\System\VCcOjQP.exe

C:\Windows\System\VCcOjQP.exe

C:\Windows\System\KdgLrhd.exe

C:\Windows\System\KdgLrhd.exe

C:\Windows\System\aWRIIQN.exe

C:\Windows\System\aWRIIQN.exe

C:\Windows\System\GiAbXkX.exe

C:\Windows\System\GiAbXkX.exe

C:\Windows\System\MFTvKbq.exe

C:\Windows\System\MFTvKbq.exe

C:\Windows\System\ccfEDLY.exe

C:\Windows\System\ccfEDLY.exe

C:\Windows\System\iPwxxrm.exe

C:\Windows\System\iPwxxrm.exe

C:\Windows\System\lRmgOnl.exe

C:\Windows\System\lRmgOnl.exe

C:\Windows\System\scojOIC.exe

C:\Windows\System\scojOIC.exe

C:\Windows\System\KaZvmAG.exe

C:\Windows\System\KaZvmAG.exe

C:\Windows\System\NuMGtoc.exe

C:\Windows\System\NuMGtoc.exe

C:\Windows\System\xTAcijk.exe

C:\Windows\System\xTAcijk.exe

C:\Windows\System\RrBJtAx.exe

C:\Windows\System\RrBJtAx.exe

C:\Windows\System\BCZEouI.exe

C:\Windows\System\BCZEouI.exe

C:\Windows\System\fRgqgzs.exe

C:\Windows\System\fRgqgzs.exe

C:\Windows\System\DBznZqz.exe

C:\Windows\System\DBznZqz.exe

C:\Windows\System\PiacFOH.exe

C:\Windows\System\PiacFOH.exe

C:\Windows\System\POoxnCk.exe

C:\Windows\System\POoxnCk.exe

C:\Windows\System\eaRvSsP.exe

C:\Windows\System\eaRvSsP.exe

C:\Windows\System\piueXKj.exe

C:\Windows\System\piueXKj.exe

C:\Windows\System\JyrYhgp.exe

C:\Windows\System\JyrYhgp.exe

C:\Windows\System\XwvVQkq.exe

C:\Windows\System\XwvVQkq.exe

C:\Windows\System\QAQnHwG.exe

C:\Windows\System\QAQnHwG.exe

C:\Windows\System\IHrkICK.exe

C:\Windows\System\IHrkICK.exe

C:\Windows\System\LpCSPJL.exe

C:\Windows\System\LpCSPJL.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/540-0-0x00007FF7406C0000-0x00007FF740A11000-memory.dmp

C:\Windows\System\rrBIbHe.exe

MD5 c6da8be8dcaa94944fb6d1743fcb7c0f
SHA1 d50bec83c6a78d2d0d1a5b1ef6e75f1ef5363bd8
SHA256 4018fb6fa29af3267f1340971a3cf709ede9950b79af425a80f83347826cf8b7
SHA512 b1b3a84a1e7c50259f67ff4217f75129264b6d0a9e2fa6b0750c7df5e6fd121acb4ab0de16bb9ff3d97534a60a783952247bfc880dac860b44a0b0a61e7c5a65

memory/4688-25-0x00007FF725D80000-0x00007FF7260D1000-memory.dmp

memory/548-33-0x00007FF7CC330000-0x00007FF7CC681000-memory.dmp

C:\Windows\System\QPsCmVq.exe

MD5 6888cdbe0c9c21bd0420e0ecb46d2657
SHA1 9c8d6b796b3de91f529cee04117461f6d9f50d0f
SHA256 a4c82fb0af3e9df013b877388f7711a032268ecefa5e7fd632d9d2136bc35f0f
SHA512 8896e983dbdbf33f621404264f3c89530cb2cbc0c6b42f13969ffdffb60b3926a782cae5553fda6cd17b67da729826728e15185244bed57dfd8bba4fac801463

C:\Windows\System\WLHvapt.exe

MD5 c009a6960c531a5a91439fff3aa3503a
SHA1 2969c3b0677e3d587553edd5ebc19442292e14df
SHA256 0b30d3b456d30bd48bac9a434ec1f989486e8b13118f49869b2771460dab07f4
SHA512 0223d8e27dcb51759bbb5ca8ad9a0e53702219801ba194d3d5d43a1634036db109745bced55ba6a911b12eeb59bcbd143b694350a164eb2fe930feee851e0535

C:\Windows\System\rMUBBoh.exe

MD5 23c7c634c0e45484f4e33e56b67d14df
SHA1 23dc927950b7936d2a1227125924c143c6cc9027
SHA256 603c2613372d9799366eb4558e7ffdd039748d6e87acce8ca1f4c847070b859f
SHA512 adf064257e72802cbe478d55935c5d72359da2bc7bd3833cca84e8a8ce5c0abdc5a06b59d9101652dd32dcbcb9b995356b209d3290046059e1b132b707f4b96f

C:\Windows\System\eHOVytx.exe

MD5 67462c76380a20bfca3f844f7e806e59
SHA1 4116dfa2771b4b8afb31f9909fdd1f49ee5b1ad8
SHA256 85ef5520ae77c158188ad10b55e6ce9d41f6ea672392d8495feec752a7739f2e
SHA512 526ef74eeb0241cb83ed96eaba15d0ff7276ec4052bc14feff4e3d88a48eeb4c6134dbf697090967214058717420fda6660cbe0afece7f44101c7c7da10cfe7c

memory/4164-230-0x00007FF754A50000-0x00007FF754DA1000-memory.dmp

memory/644-236-0x00007FF748960000-0x00007FF748CB1000-memory.dmp

memory/3140-263-0x00007FF689750000-0x00007FF689AA1000-memory.dmp

memory/1804-262-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp

memory/4836-261-0x00007FF646F40000-0x00007FF647291000-memory.dmp

memory/2876-260-0x00007FF7269F0000-0x00007FF726D41000-memory.dmp

memory/3640-259-0x00007FF659A90000-0x00007FF659DE1000-memory.dmp

memory/3232-258-0x00007FF7AA1D0000-0x00007FF7AA521000-memory.dmp

memory/1000-257-0x00007FF722330000-0x00007FF722681000-memory.dmp

memory/5032-255-0x00007FF6415F0000-0x00007FF641941000-memory.dmp

memory/700-254-0x00007FF741F30000-0x00007FF742281000-memory.dmp

memory/3888-253-0x00007FF6BED80000-0x00007FF6BF0D1000-memory.dmp

memory/2728-245-0x00007FF68DA80000-0x00007FF68DDD1000-memory.dmp

memory/1184-244-0x00007FF7B4740000-0x00007FF7B4A91000-memory.dmp

memory/2076-235-0x00007FF69FFB0000-0x00007FF6A0301000-memory.dmp

memory/4708-210-0x00007FF6F6310000-0x00007FF6F6661000-memory.dmp

memory/4292-209-0x00007FF7E8A70000-0x00007FF7E8DC1000-memory.dmp

C:\Windows\System\unOqFIv.exe

MD5 fc1391322f52e3e6922ee18b26d4226d
SHA1 74349d06924bb7d9ad34347a70cd99707527b2b3
SHA256 7e87f02eea65120c13a31e64982457253e2a268b0c768df5cb9f27d16730f44d
SHA512 977b034049381753c988e69ec5b94ae2a11ca21c5eadc3440679b37f04ba3d516d1d4f9f430ab967536f1626f793903eda941abf5eaf1740977b547779a54c8d

C:\Windows\System\ANOAnyi.exe

MD5 2f90cbae07c372aa2115dc10a8282319
SHA1 6b5c2179e9cc326d3b8c778363ca2e72297baa48
SHA256 0fcccbe740063ede0e5f8b4d13bca31123a88bfb5ed66b3f4a2faa8bc0296cbd
SHA512 1e0c7bf831a1863c3aa91984acf57a1184093825d3ed7223b791a0bb0e129f5eb81235ed8796672c4b9eb56aa489725d07661789b73f46b263c9ef1ae9790e67

memory/2560-186-0x00007FF625C30000-0x00007FF625F81000-memory.dmp

memory/3160-183-0x00007FF737F60000-0x00007FF7382B1000-memory.dmp

C:\Windows\System\idZPWIf.exe

MD5 1e7db2f7ec481155fb90c6d705e8a15b
SHA1 0260df1af54a241a79c1e130326e0d5c523ffe34
SHA256 ffaa1a09a61d16b10a0cb2c90cf150a1b9ad540fe201a846d1fa4ac23a494a88
SHA512 d1106a889e2257bb69a289bf910db9ff8e9a3eefdf5bbbb640a252a17e66a9ec0c762800b544b817eab598bada6473f20777dbed5134b9998168623bb32008ed

C:\Windows\System\EPeqkIt.exe

MD5 3893605628e5cdd0cea248be617ca4b1
SHA1 443bcae096abcd2bcd7499505dec938062697bd3
SHA256 878835c5ddba19d56dd617355a230ef8a76bdfae4e4a97a5032da3495e4dbfce
SHA512 e7eca2370fb398f9848e65b2335881c2407fabb5770a45c5060f67888bd4fa184865479f0f75746c11f1b4097085e8842b9558139cf4dbe149adc51909fa7caa

C:\Windows\System\fksdoev.exe

MD5 e29080d8ce67b771cce6ec4212fca904
SHA1 c3faf56ce7d07cd997e682a30e1a8047bb5af0b1
SHA256 48beb037cc6a62d2ffb09b0f287a28dc007c2854c9f274f85ae9a540caa5fc83
SHA512 91dcad9a8f4cf1d0c1524bd2557336ed907dc6b782699afe33e8f81ab2f018e55d627326da9e45128e509cd645ab49ea0338ac367d71fc253c6a7261f0b73038

C:\Windows\System\GGsIFPV.exe

MD5 e8316cfb0ad6a846602d132cf0bfd346
SHA1 3fbc5ad9845e55df3645442cbc2fd1e929d9a1f5
SHA256 8e504df5255a8a4acdd5f72975b847f3a087fd55da3ed87a33359f054a8770d3
SHA512 7b9e73b31ee98115222c4ad271943abfa118d6d34bf525f6cdda4bb27a08e72818ddac9fff5212ce797c8b88e90432afee8d820f1aee223dd159be7fd5a0f2f2

C:\Windows\System\JoTKxzG.exe

MD5 cf388df0c41406a5d0ae455fa2b688d9
SHA1 12c8e6c0157636d70a5f3787f181b235103b0e5e
SHA256 1a1b79bc7c2e328dc3bbfaea766b72410652ee4182c4cfac009068a90e8ef336
SHA512 1a552d33bd912e49c497bb1b0272b286455af3a7ea8583889ffedefdea7b18aece04dd6560955a2fe105529f1a154f5b14d5c5e7df220d82863e8203a589e956

C:\Windows\System\wjYCbIr.exe

MD5 c48ceabb1ba6b9851ac64e01a401652a
SHA1 b5e920ee01c38e5557c3a898c2c92d31d5c73daa
SHA256 4abfefe3a8f7d475201bf6c70bbc23840300167122a440bfd78cf15bb9dbf110
SHA512 c39bec86e1f9728cda4ca4be8a242342190682449a0eb81985e857abdb3e3f31829c5ac80bc4ae0c45bfaa9074f140117dda986ae5ebef8c47a964efc1f0f433

C:\Windows\System\daCmnSZ.exe

MD5 8f132ca7cfca636c5a2b43acb0adbc63
SHA1 c185484f4c10cd26bb6114e43db86394653a795b
SHA256 86dcf34f5998de4794a4240ecd5fbfa29f33abe49fb48be25a92e0aff379e75c
SHA512 5ac35830a56f6c92d2c07c670f0107eb0ac5f84fb135a9c961213d3b1e58a006d64465e31d3723715ec9e432e3811f69162538728226c38b7aa34d8f3d452952

C:\Windows\System\DOyAGEU.exe

MD5 5ede4744cc1d209c77618c4572eaf3ee
SHA1 83dc345081c9a6b0dc8e7e1725b4d736dcd69ad7
SHA256 1d8f11bdf37225af1916fbbf1bb3cffc983e41ead6cf835194a84e7c82dec264
SHA512 719ce20864ba2f47fff832f57b8c4fc940ab73445b4dab7e6129d9fe2fb076b9f4f18b1e5e5de53f43f43f7d9d17e5235ca294d47e0cecd8f519e83ac9287cb1

C:\Windows\System\OsLTLwf.exe

MD5 e72c6773b06f4e651ec24fba25549295
SHA1 144d6b42b612ce8accd5c5cfd88d3e0490aff52c
SHA256 5bff8864594242a81508ac65eac1ec142d72628aa6843976a426f9930efeaf9d
SHA512 8b66c9ecae9301c3084e0814e4887808e19f923dd10af0dcdf6710d80e94f20f0797ebdb2abb868158274e61a0106019cf528eca16e28cbfaa0bbe2f61b1d965

C:\Windows\System\zvRoUNV.exe

MD5 5ecea4eccd66c6a930d96dac396e0db8
SHA1 058a97869012e183111aeb86d5a4164d847174df
SHA256 97ecb99d6dcd51d2b2c8fe3d33ced6fcb604a2d1409421f218779bb7d88a6efb
SHA512 c4fa0572fceaddba12b22e2a570299ced3e5db1c2e569c388237c537c6f5cf4c7544831987ace7f19cef0ca8bd238a967b11ce69df8cad2a997222e3164b8ff5

C:\Windows\System\sOOmbGq.exe

MD5 db0d62370518da76764b61e9941e24aa
SHA1 57d56a51759b98686faebbcc2de321cc166209fc
SHA256 58394f628ef47b6bd3f5251b3f047941b516b6e5754f2c996b588f83bb793f00
SHA512 1ac2ebb58c2bb1d7d1894a056d3b0aa74e7147f6b8afd338f509ca42d4b08328124403cbbf8e726c76ccf6bbacd84ac90f35a521533e35ee1c2d772033c11fee

C:\Windows\System\ttWeacB.exe

MD5 3fc539d32a93f0e5ce1f9e94ab27d686
SHA1 c4a877f77cb5d76c9d8d3792ae37bb1838c85856
SHA256 adbf81fbec00d427757d8234d31cb4bfe354d05510d316639bd00101be1e6148
SHA512 5a468cbb4ed025da19c25da16d0f17c8bc08ed41efa98b39450c7e808366b883e6f6fcd9a3231efa9970bd14a5b7f9ac5098cb08e1f033f718373e70b49e929a

C:\Windows\System\HvjkrwD.exe

MD5 8da025de3c380c3a808f1e36e99439cf
SHA1 1d964601c0a1b210467a7d165eeec2ecc4725c96
SHA256 f2efac33d475de4495cfe587c26e499b9d1fdabe4e3a95283b17bec54aa905af
SHA512 aa1ee5afd76ed70797025033d9667adaa47944f9b47686e8618ec42c9e80af499733da6a1f42fb900a169e2f4f5835836de3e657103e0dc92a8e286c70570c07

C:\Windows\System\yjOubWw.exe

MD5 f36fc1db5c666c806fe8f04052a1f4be
SHA1 e1fec7a37ffd9d993be1600b15e160215910a3b2
SHA256 2de9ad2ed0e8883c90369bcdd47ace7a84a4b0e4e0cba2334a3b88c976cd013e
SHA512 6b063915cf56a5ec4f15cb2448d1798563be40a90e3ae5da4ca51db1ec2f55fb340f9a647ffb53c491e2005db335500c9545f4edbfd3bd419e6067d6beef5013

C:\Windows\System\tdyfBET.exe

MD5 e50628350a3a5452b63bd49d726124c2
SHA1 98797d4aab85686bb37d73b5683c1ba6076d4034
SHA256 83a0ddec3d36b718f2b9bd19a42e724e3d805e5c528c265b96242871417fc245
SHA512 076ed19737583fad0bf7a0bd3751433e26389b59089f9c5c588ae8aa76a0528417380251b945133059e3e00d6d39b2aef65495b13c80f1978ace8377e6fc2b5f

C:\Windows\System\dlHZXgY.exe

MD5 6817375a6da40a244450537a884b18d0
SHA1 1cd10975a3f5356b8753ca131a3bb03346c6016a
SHA256 a77e13f09dc70d376798c618feead292a6a61eb3d178b8f6e4ce5bb6f1bc9148
SHA512 d4c7a4e58b6de166a9901baf22f5a543f6d0d4fb4dffd2eb2189058611206bfdb56cf9690a24ab026039403b7ce658cc64bf4fbf4de4f576d3a38dcd939fd61f

C:\Windows\System\cZMInpS.exe

MD5 f94b9c1d77dce163ce00b8e10631f4ed
SHA1 817fc7024c17ef7dbb84ad748d400ece502396c1
SHA256 92ac53bd1a02afe6a61c573747470321f6cdd809fc77f345a9c011d210b048f0
SHA512 1bd1ebdacd43b45960b68a9062e78ee884cc1af9c217956e924837b01d93bde13fd6b26d3ab1282f80c45cebb1a2f8a2ec77f219752de4537b6a949e1bd456fb

C:\Windows\System\PeFHCvi.exe

MD5 fa482eafb021a255342d5eb4ac2da2e7
SHA1 0b8e8b0e85129f415664a571aa25efdc97849477
SHA256 87194be2d89f35209d9cd56eb3c44e1cbb1551d99147156975dfc31aa2c53847
SHA512 e95e35365cf4fe75ee97daeb50d3b38789fc53c67ff585a75776c125e725bcb61632d33d86ca1d44e85d3fb619f03e3992febb19eed3f970ac51a43a4b30970a

memory/3432-143-0x00007FF6EC7E0000-0x00007FF6ECB31000-memory.dmp

memory/2224-114-0x00007FF7A89B0000-0x00007FF7A8D01000-memory.dmp

C:\Windows\System\pIKaCaW.exe

MD5 70cb5ab3b624baefd27f7d5a6c30a0bd
SHA1 7af3f46df02c2bae700d2b1d82174e20e4eba686
SHA256 6ef8fb676efc892faacdde44c546af2a2de47076123aeaa9d61c410a511a5d6f
SHA512 c9dbe5ac004cb5c2ac7d8ffe9214f8efb377f9d1586cd523de32fb17a7fcf773203a38e13ab3d19f824e462e682c1168e10c3460501d38df845c0660f7de448c

C:\Windows\System\xEoaVos.exe

MD5 2e1e16d8db0ecc8fb249a0ee0f684988
SHA1 d93524aff71010acba30a2537bf8e25139ba4148
SHA256 6ac0b9e3e6c1e22002331448b06ab6e374e56ab7ce70e4c57d88b7a185ba0a56
SHA512 b594a76f297db240be3c3bfab185fb8d1a4da346d89feace039da7c420f3a0ce766c182dabed9a3547dd44b91bef52cd5742451e514fc8144fe8048083f1744e

C:\Windows\System\vLADSGT.exe

MD5 d0831fe72fe608f861b34b4c7285c18c
SHA1 43e38eee3cdd153941c9607e0be5eec81d475852
SHA256 22f3367fd3abaf45474c09b9923c1a74658575b7691ca6ac365149c22f3c3ec1
SHA512 c9c05ea07ebd338f786e1b2aa7ae60d1876887bf6f9f25cb0b03f9fb2b2bdfebfbbb3ac29978265eea0965e348c0a89b5cfdb0980c1b73ac5c4edc03e71636e6

memory/1564-87-0x00007FF75BE60000-0x00007FF75C1B1000-memory.dmp

C:\Windows\System\PVnrjVP.exe

MD5 87278f0e2a06ca4c5c2c7f1857917535
SHA1 15428dce98a25b991d764122ba5d77d2001ff948
SHA256 a3c9468e5de688768cb2b4e576a6917bf372cad582642dde372d917f82099708
SHA512 14179cfe65271c75a96bed25feac98f25d4172773de21758d375eeb872e9a21c1b7775fd1c140d41a8d287c38884a5336d19e8ed1faaa0ddcc1ad2a2941d5b10

C:\Windows\System\uzAgxjE.exe

MD5 a03c68cfecc1d683e06e7623f2f6b9f2
SHA1 798e75c0d17ff309a3b97fb1870e9f9367f978d8
SHA256 6b15ab5a5e5922dc6abb1048b75b5e808bc8e47bfec1a3285c896edd3b265469
SHA512 0607682c6dab93f9ca48fa90026168a2cd64c7540d42799ce1f9d2a76b1a9ed8d0c6d462afe2952cd972351c4761501a7938d1102b9378abf93be0937dd98ab9

C:\Windows\System\FebFtCG.exe

MD5 e69cafe6b72588abdf77063f7cf672c5
SHA1 316b129516abd0f4f6fb0273dcbf3c5fd0c43ad2
SHA256 77a1879d1cac748d12682d6bb4096678881a707d26266281432775505a09dc52
SHA512 732d40655ffa67068128ba0e10d36d150daf5f0811b440d14779a6c28d4a95116bc09044c18a2fdb7e6998337013319a95653ec071cfce9ee9ebfb60d6880fcc

memory/4976-56-0x00007FF6EF410000-0x00007FF6EF761000-memory.dmp

C:\Windows\System\WzUPUqF.exe

MD5 bc57f57754e2842c96ea28a0d3fb8761
SHA1 a215f7f1e22ed0dd60ccc830588858253f56f2fd
SHA256 37444ef7b3f6dbebfedca0f23cdc561eb19df64630dba1a7eeb70f1140eed55e
SHA512 0f3e4ff57028f300d31433bc1cd456787bc20c88c1fbb9be601a9003ca5a380247e56939519b2bc5abe492fb0f2a2a9e35b76c9877724b884728d228009294f7

C:\Windows\System\uCOzJDu.exe

MD5 45ebcf8e300c5187043d1b4e641226b4
SHA1 c2a74d76106e3f03351358f4d1b4ba66a60861e0
SHA256 9783fccf7b013b53c91ba4febf7ed10130617157d1a5a012f97fc82953e31e86
SHA512 e268ae8e5720c5b443c41a2bc9f947fe7d96979ef7b3293f94036e74f6602fe6106f9446483eb764831f3b73f467f97eb863a59c07f536b18ad32d1576bb1464

C:\Windows\System\VizWhkk.exe

MD5 e6934e9f9a53f3367f6b9655118db2cc
SHA1 3a3428961e634f9dca833bdc02a343c564ad6cc3
SHA256 c909713b1760ca51e0452b863b98ba1b8ceae510f3d4ffb4844518a1d6e5ee46
SHA512 956d6584116471a886a92b59649b9c7d3e4dab0d138e0c7d574bdf5a56013a992016016a06c473b4a09c7b718800e1fb39de12014b8ca42912c5e9e83a903f84

C:\Windows\System\jFPdrTR.exe

MD5 d2b034ec68ac5db73e26b1e2dc2ed242
SHA1 ca9a4bb0592b9b41adc16e56f803ae28a0360cb5
SHA256 92a93d36262dc22d462ad9047e1506a61589fb4fcd2e8725011adbe6980430fc
SHA512 ce085bd8140d95a56acfd62966dbcb51035d2ef086bbedde8175d12dbdf1931bc6c04bd201a929dd74f6aa6b68b85c6eef803f4b69cbc8a8ce92d5536083d670

memory/888-45-0x00007FF617020000-0x00007FF617371000-memory.dmp

memory/1648-37-0x00007FF7CD0A0000-0x00007FF7CD3F1000-memory.dmp

C:\Windows\System\ZbOZrBg.exe

MD5 47abbb3b49023e0e1bb428029f927820
SHA1 2bf82d2285cbf42bc6de6afa887acf1ab208c9ed
SHA256 9f67dd6207866cfd75a705aea8ce96af6879d7170342c6259e94804f130c615c
SHA512 f716f533e2b796fdfde4812a89a0065651698488fed12ecd964a888e51155c3d753da2ca327428bddb123724c1af03948132afe491827f23257e648a0d553119

C:\Windows\System\yAbVXPC.exe

MD5 6f62ae8f484d8268c6d113042610def8
SHA1 102820000920820fc467d626845161c2d3e8d65b
SHA256 81f6d69cfc2cfeb55e1411242cb8f186416eff290197961ad0ed9f109d37f356
SHA512 22d0f7b89ff9e23dadd72442ce49fe51cd05c3b08cfcd481b0a1acdeb23df989fab887d3a9a143eef3d99fea89f0dc0390c2d22d571f9e984e743ae21b9c732e

memory/2164-18-0x00007FF60DF20000-0x00007FF60E271000-memory.dmp

memory/2268-12-0x00007FF637220000-0x00007FF637571000-memory.dmp

C:\Windows\System\DABdPpt.exe

MD5 f5d9be9b7e2fc60e43dddf29d4009a2c
SHA1 2b614244fde82cd552c59f9882d6c7c54f3e4035
SHA256 2ce9b78c54b68f904c961db6b29eb64f3ee895193faef9cce49be166475e7f6c
SHA512 2722a878b69c2b7119dc76bf7c359b75f45e5075a6cd68f0b36e97f07146e571a164d7ea5978adf612f7f0dce35b2a2f180ec94b8e5cd9c10c9c81d5f97880c2

memory/540-1-0x000001E1E2620000-0x000001E1E2630000-memory.dmp

memory/2268-1135-0x00007FF637220000-0x00007FF637571000-memory.dmp

memory/540-1134-0x00007FF7406C0000-0x00007FF740A11000-memory.dmp

memory/2164-1136-0x00007FF60DF20000-0x00007FF60E271000-memory.dmp

memory/4688-1137-0x00007FF725D80000-0x00007FF7260D1000-memory.dmp

memory/548-1138-0x00007FF7CC330000-0x00007FF7CC681000-memory.dmp

memory/4976-1139-0x00007FF6EF410000-0x00007FF6EF761000-memory.dmp

memory/1648-1172-0x00007FF7CD0A0000-0x00007FF7CD3F1000-memory.dmp

memory/888-1173-0x00007FF617020000-0x00007FF617371000-memory.dmp

memory/1564-1174-0x00007FF75BE60000-0x00007FF75C1B1000-memory.dmp

memory/2224-1175-0x00007FF7A89B0000-0x00007FF7A8D01000-memory.dmp

memory/4164-1176-0x00007FF754A50000-0x00007FF754DA1000-memory.dmp

memory/2268-1178-0x00007FF637220000-0x00007FF637571000-memory.dmp

memory/2164-1180-0x00007FF60DF20000-0x00007FF60E271000-memory.dmp

memory/548-1182-0x00007FF7CC330000-0x00007FF7CC681000-memory.dmp

memory/4688-1184-0x00007FF725D80000-0x00007FF7260D1000-memory.dmp

memory/1648-1186-0x00007FF7CD0A0000-0x00007FF7CD3F1000-memory.dmp

memory/888-1188-0x00007FF617020000-0x00007FF617371000-memory.dmp

memory/4976-1190-0x00007FF6EF410000-0x00007FF6EF761000-memory.dmp

memory/1564-1192-0x00007FF75BE60000-0x00007FF75C1B1000-memory.dmp

memory/3160-1201-0x00007FF737F60000-0x00007FF7382B1000-memory.dmp

memory/1000-1230-0x00007FF722330000-0x00007FF722681000-memory.dmp

memory/3432-1232-0x00007FF6EC7E0000-0x00007FF6ECB31000-memory.dmp

memory/2876-1233-0x00007FF7269F0000-0x00007FF726D41000-memory.dmp

memory/2224-1235-0x00007FF7A89B0000-0x00007FF7A8D01000-memory.dmp

memory/2560-1248-0x00007FF625C30000-0x00007FF625F81000-memory.dmp

memory/4292-1249-0x00007FF7E8A70000-0x00007FF7E8DC1000-memory.dmp

memory/1804-1254-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp

memory/644-1255-0x00007FF748960000-0x00007FF748CB1000-memory.dmp

memory/2076-1252-0x00007FF69FFB0000-0x00007FF6A0301000-memory.dmp

memory/2728-1246-0x00007FF68DA80000-0x00007FF68DDD1000-memory.dmp

memory/4836-1242-0x00007FF646F40000-0x00007FF647291000-memory.dmp

memory/3232-1240-0x00007FF7AA1D0000-0x00007FF7AA521000-memory.dmp

memory/3640-1244-0x00007FF659A90000-0x00007FF659DE1000-memory.dmp

memory/4708-1238-0x00007FF6F6310000-0x00007FF6F6661000-memory.dmp

memory/5032-1262-0x00007FF6415F0000-0x00007FF641941000-memory.dmp

memory/3888-1260-0x00007FF6BED80000-0x00007FF6BF0D1000-memory.dmp

memory/1184-1270-0x00007FF7B4740000-0x00007FF7B4A91000-memory.dmp

memory/4164-1275-0x00007FF754A50000-0x00007FF754DA1000-memory.dmp

memory/3140-1267-0x00007FF689750000-0x00007FF689AA1000-memory.dmp

memory/700-1266-0x00007FF741F30000-0x00007FF742281000-memory.dmp