Malware Analysis Report

2024-10-16 07:47

Sample ID 240602-hyy8baee4w
Target 4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe
SHA256 96495ff54eb2351edbfee03f211d8db60f4bd6c4bfd9b6929036e88ba11162ce
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

96495ff54eb2351edbfee03f211d8db60f4bd6c4bfd9b6929036e88ba11162ce

Threat Level: Known bad

The file 4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Kpot family

KPOT

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 07:09

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 07:09

Reported

2024-06-02 07:12

Platform

win7-20240221-en

Max time kernel

129s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\gjGDDex.exe N/A
N/A N/A C:\Windows\System\LcvqeCD.exe N/A
N/A N/A C:\Windows\System\CaVnZwr.exe N/A
N/A N/A C:\Windows\System\pUfZlRi.exe N/A
N/A N/A C:\Windows\System\brKGgsF.exe N/A
N/A N/A C:\Windows\System\SHoMveX.exe N/A
N/A N/A C:\Windows\System\mTCsnXm.exe N/A
N/A N/A C:\Windows\System\TfZeERA.exe N/A
N/A N/A C:\Windows\System\yhlDyDC.exe N/A
N/A N/A C:\Windows\System\lviHMbl.exe N/A
N/A N/A C:\Windows\System\OuAILZo.exe N/A
N/A N/A C:\Windows\System\bhbMqLk.exe N/A
N/A N/A C:\Windows\System\kNKBAPg.exe N/A
N/A N/A C:\Windows\System\QHTkupq.exe N/A
N/A N/A C:\Windows\System\BDNVOxq.exe N/A
N/A N/A C:\Windows\System\DBrGyGM.exe N/A
N/A N/A C:\Windows\System\XkcpElm.exe N/A
N/A N/A C:\Windows\System\aSazAaO.exe N/A
N/A N/A C:\Windows\System\amesFkr.exe N/A
N/A N/A C:\Windows\System\FUPsPzI.exe N/A
N/A N/A C:\Windows\System\Knyjayf.exe N/A
N/A N/A C:\Windows\System\lrzYkgr.exe N/A
N/A N/A C:\Windows\System\rbAIxXg.exe N/A
N/A N/A C:\Windows\System\tiiDkbx.exe N/A
N/A N/A C:\Windows\System\tjqFcrn.exe N/A
N/A N/A C:\Windows\System\OBnZIcm.exe N/A
N/A N/A C:\Windows\System\lnTmIDe.exe N/A
N/A N/A C:\Windows\System\oroJwBH.exe N/A
N/A N/A C:\Windows\System\CqUZtdt.exe N/A
N/A N/A C:\Windows\System\NRAkbiT.exe N/A
N/A N/A C:\Windows\System\ONYQFui.exe N/A
N/A N/A C:\Windows\System\hvNluvC.exe N/A
N/A N/A C:\Windows\System\oyPrrPd.exe N/A
N/A N/A C:\Windows\System\ibedpTV.exe N/A
N/A N/A C:\Windows\System\vBHAsfS.exe N/A
N/A N/A C:\Windows\System\VbSRGxG.exe N/A
N/A N/A C:\Windows\System\yRMgvmL.exe N/A
N/A N/A C:\Windows\System\cFIgedX.exe N/A
N/A N/A C:\Windows\System\grISDCX.exe N/A
N/A N/A C:\Windows\System\UOExfWF.exe N/A
N/A N/A C:\Windows\System\ikWIIyA.exe N/A
N/A N/A C:\Windows\System\QHOTdDa.exe N/A
N/A N/A C:\Windows\System\kwIKoha.exe N/A
N/A N/A C:\Windows\System\jpAIZBZ.exe N/A
N/A N/A C:\Windows\System\WPdLSFI.exe N/A
N/A N/A C:\Windows\System\YxAVJuj.exe N/A
N/A N/A C:\Windows\System\ithGCvE.exe N/A
N/A N/A C:\Windows\System\TjQnnWI.exe N/A
N/A N/A C:\Windows\System\hgAlJCj.exe N/A
N/A N/A C:\Windows\System\TMqnQOu.exe N/A
N/A N/A C:\Windows\System\GBdmqLa.exe N/A
N/A N/A C:\Windows\System\TlmJrcm.exe N/A
N/A N/A C:\Windows\System\AtixpqZ.exe N/A
N/A N/A C:\Windows\System\NtZUJDU.exe N/A
N/A N/A C:\Windows\System\NEoHBlA.exe N/A
N/A N/A C:\Windows\System\MhzyILR.exe N/A
N/A N/A C:\Windows\System\HdeQoYH.exe N/A
N/A N/A C:\Windows\System\COnMOJj.exe N/A
N/A N/A C:\Windows\System\FwksYys.exe N/A
N/A N/A C:\Windows\System\mrmWEzH.exe N/A
N/A N/A C:\Windows\System\uVcbFaN.exe N/A
N/A N/A C:\Windows\System\VPfNiTD.exe N/A
N/A N/A C:\Windows\System\HnXtaQN.exe N/A
N/A N/A C:\Windows\System\AJAreBW.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\oxTrSiB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HDeyDuT.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMJAQfy.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\orrFhrU.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jztrUtW.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOFmamJ.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImKZXfK.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkohEqC.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpnASJA.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\amesFkr.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpPAIOF.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SjyqQKa.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlBkaYz.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mxdkTqd.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhPGDoe.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWoKhMO.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NzCqgyg.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fPrpKWf.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ithGCvE.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GBdmqLa.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJAreBW.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmKVsyd.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XpDDJoz.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrKOMpW.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFIgedX.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbNJRLt.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCXepBa.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EerauLw.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cNgwCWe.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwUrGBd.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NusGhQk.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SHoMveX.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kNKBAPg.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIYxMlJ.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bOKVRvV.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgxkFvm.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RumqJpR.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fqCnmKu.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ujpqsqn.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgCdHbM.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTsdmPi.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtBfUcm.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZgKfno.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VBPuEVO.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfZeERA.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zEXpoKR.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uSNeDNI.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QkrvjMB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsDSdVX.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oLQxXsc.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\menrRzF.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CztFvsK.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\COnMOJj.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aCaNCPk.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYIEzXF.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\brOmeYd.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nmQqRXn.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pxOePIN.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LcvqeCD.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bhbMqLk.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TlmJrcm.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OvNsYNO.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oMihqeQ.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jhIxjgb.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2772 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\gjGDDex.exe
PID 2772 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\gjGDDex.exe
PID 2772 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\gjGDDex.exe
PID 2772 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\LcvqeCD.exe
PID 2772 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\LcvqeCD.exe
PID 2772 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\LcvqeCD.exe
PID 2772 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\CaVnZwr.exe
PID 2772 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\CaVnZwr.exe
PID 2772 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\CaVnZwr.exe
PID 2772 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\pUfZlRi.exe
PID 2772 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\pUfZlRi.exe
PID 2772 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\pUfZlRi.exe
PID 2772 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\brKGgsF.exe
PID 2772 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\brKGgsF.exe
PID 2772 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\brKGgsF.exe
PID 2772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\SHoMveX.exe
PID 2772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\SHoMveX.exe
PID 2772 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\SHoMveX.exe
PID 2772 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\mTCsnXm.exe
PID 2772 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\mTCsnXm.exe
PID 2772 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\mTCsnXm.exe
PID 2772 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TfZeERA.exe
PID 2772 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TfZeERA.exe
PID 2772 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TfZeERA.exe
PID 2772 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\yhlDyDC.exe
PID 2772 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\yhlDyDC.exe
PID 2772 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\yhlDyDC.exe
PID 2772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\OuAILZo.exe
PID 2772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\OuAILZo.exe
PID 2772 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\OuAILZo.exe
PID 2772 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\lviHMbl.exe
PID 2772 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\lviHMbl.exe
PID 2772 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\lviHMbl.exe
PID 2772 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\bhbMqLk.exe
PID 2772 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\bhbMqLk.exe
PID 2772 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\bhbMqLk.exe
PID 2772 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\kNKBAPg.exe
PID 2772 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\kNKBAPg.exe
PID 2772 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\kNKBAPg.exe
PID 2772 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\QHTkupq.exe
PID 2772 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\QHTkupq.exe
PID 2772 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\QHTkupq.exe
PID 2772 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\BDNVOxq.exe
PID 2772 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\BDNVOxq.exe
PID 2772 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\BDNVOxq.exe
PID 2772 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\DBrGyGM.exe
PID 2772 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\DBrGyGM.exe
PID 2772 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\DBrGyGM.exe
PID 2772 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\XkcpElm.exe
PID 2772 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\XkcpElm.exe
PID 2772 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\XkcpElm.exe
PID 2772 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aSazAaO.exe
PID 2772 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aSazAaO.exe
PID 2772 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aSazAaO.exe
PID 2772 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\amesFkr.exe
PID 2772 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\amesFkr.exe
PID 2772 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\amesFkr.exe
PID 2772 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\FUPsPzI.exe
PID 2772 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\FUPsPzI.exe
PID 2772 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\FUPsPzI.exe
PID 2772 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\Knyjayf.exe
PID 2772 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\Knyjayf.exe
PID 2772 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\Knyjayf.exe
PID 2772 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\lrzYkgr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe"

C:\Windows\System\gjGDDex.exe

C:\Windows\System\gjGDDex.exe

C:\Windows\System\LcvqeCD.exe

C:\Windows\System\LcvqeCD.exe

C:\Windows\System\CaVnZwr.exe

C:\Windows\System\CaVnZwr.exe

C:\Windows\System\pUfZlRi.exe

C:\Windows\System\pUfZlRi.exe

C:\Windows\System\brKGgsF.exe

C:\Windows\System\brKGgsF.exe

C:\Windows\System\SHoMveX.exe

C:\Windows\System\SHoMveX.exe

C:\Windows\System\mTCsnXm.exe

C:\Windows\System\mTCsnXm.exe

C:\Windows\System\TfZeERA.exe

C:\Windows\System\TfZeERA.exe

C:\Windows\System\yhlDyDC.exe

C:\Windows\System\yhlDyDC.exe

C:\Windows\System\OuAILZo.exe

C:\Windows\System\OuAILZo.exe

C:\Windows\System\lviHMbl.exe

C:\Windows\System\lviHMbl.exe

C:\Windows\System\bhbMqLk.exe

C:\Windows\System\bhbMqLk.exe

C:\Windows\System\kNKBAPg.exe

C:\Windows\System\kNKBAPg.exe

C:\Windows\System\QHTkupq.exe

C:\Windows\System\QHTkupq.exe

C:\Windows\System\BDNVOxq.exe

C:\Windows\System\BDNVOxq.exe

C:\Windows\System\DBrGyGM.exe

C:\Windows\System\DBrGyGM.exe

C:\Windows\System\XkcpElm.exe

C:\Windows\System\XkcpElm.exe

C:\Windows\System\aSazAaO.exe

C:\Windows\System\aSazAaO.exe

C:\Windows\System\amesFkr.exe

C:\Windows\System\amesFkr.exe

C:\Windows\System\FUPsPzI.exe

C:\Windows\System\FUPsPzI.exe

C:\Windows\System\Knyjayf.exe

C:\Windows\System\Knyjayf.exe

C:\Windows\System\lrzYkgr.exe

C:\Windows\System\lrzYkgr.exe

C:\Windows\System\rbAIxXg.exe

C:\Windows\System\rbAIxXg.exe

C:\Windows\System\tiiDkbx.exe

C:\Windows\System\tiiDkbx.exe

C:\Windows\System\tjqFcrn.exe

C:\Windows\System\tjqFcrn.exe

C:\Windows\System\OBnZIcm.exe

C:\Windows\System\OBnZIcm.exe

C:\Windows\System\lnTmIDe.exe

C:\Windows\System\lnTmIDe.exe

C:\Windows\System\oroJwBH.exe

C:\Windows\System\oroJwBH.exe

C:\Windows\System\CqUZtdt.exe

C:\Windows\System\CqUZtdt.exe

C:\Windows\System\NRAkbiT.exe

C:\Windows\System\NRAkbiT.exe

C:\Windows\System\ONYQFui.exe

C:\Windows\System\ONYQFui.exe

C:\Windows\System\hvNluvC.exe

C:\Windows\System\hvNluvC.exe

C:\Windows\System\oyPrrPd.exe

C:\Windows\System\oyPrrPd.exe

C:\Windows\System\ibedpTV.exe

C:\Windows\System\ibedpTV.exe

C:\Windows\System\vBHAsfS.exe

C:\Windows\System\vBHAsfS.exe

C:\Windows\System\VbSRGxG.exe

C:\Windows\System\VbSRGxG.exe

C:\Windows\System\yRMgvmL.exe

C:\Windows\System\yRMgvmL.exe

C:\Windows\System\cFIgedX.exe

C:\Windows\System\cFIgedX.exe

C:\Windows\System\grISDCX.exe

C:\Windows\System\grISDCX.exe

C:\Windows\System\UOExfWF.exe

C:\Windows\System\UOExfWF.exe

C:\Windows\System\ikWIIyA.exe

C:\Windows\System\ikWIIyA.exe

C:\Windows\System\QHOTdDa.exe

C:\Windows\System\QHOTdDa.exe

C:\Windows\System\kwIKoha.exe

C:\Windows\System\kwIKoha.exe

C:\Windows\System\jpAIZBZ.exe

C:\Windows\System\jpAIZBZ.exe

C:\Windows\System\WPdLSFI.exe

C:\Windows\System\WPdLSFI.exe

C:\Windows\System\YxAVJuj.exe

C:\Windows\System\YxAVJuj.exe

C:\Windows\System\ithGCvE.exe

C:\Windows\System\ithGCvE.exe

C:\Windows\System\TjQnnWI.exe

C:\Windows\System\TjQnnWI.exe

C:\Windows\System\hgAlJCj.exe

C:\Windows\System\hgAlJCj.exe

C:\Windows\System\TMqnQOu.exe

C:\Windows\System\TMqnQOu.exe

C:\Windows\System\GBdmqLa.exe

C:\Windows\System\GBdmqLa.exe

C:\Windows\System\TlmJrcm.exe

C:\Windows\System\TlmJrcm.exe

C:\Windows\System\AtixpqZ.exe

C:\Windows\System\AtixpqZ.exe

C:\Windows\System\NtZUJDU.exe

C:\Windows\System\NtZUJDU.exe

C:\Windows\System\NEoHBlA.exe

C:\Windows\System\NEoHBlA.exe

C:\Windows\System\MhzyILR.exe

C:\Windows\System\MhzyILR.exe

C:\Windows\System\HdeQoYH.exe

C:\Windows\System\HdeQoYH.exe

C:\Windows\System\mrmWEzH.exe

C:\Windows\System\mrmWEzH.exe

C:\Windows\System\COnMOJj.exe

C:\Windows\System\COnMOJj.exe

C:\Windows\System\uVcbFaN.exe

C:\Windows\System\uVcbFaN.exe

C:\Windows\System\FwksYys.exe

C:\Windows\System\FwksYys.exe

C:\Windows\System\VPfNiTD.exe

C:\Windows\System\VPfNiTD.exe

C:\Windows\System\HnXtaQN.exe

C:\Windows\System\HnXtaQN.exe

C:\Windows\System\AJAreBW.exe

C:\Windows\System\AJAreBW.exe

C:\Windows\System\MkqweRo.exe

C:\Windows\System\MkqweRo.exe

C:\Windows\System\uuMXEOC.exe

C:\Windows\System\uuMXEOC.exe

C:\Windows\System\YEDjWVt.exe

C:\Windows\System\YEDjWVt.exe

C:\Windows\System\IkEefdu.exe

C:\Windows\System\IkEefdu.exe

C:\Windows\System\xKfPudX.exe

C:\Windows\System\xKfPudX.exe

C:\Windows\System\mNjcSRP.exe

C:\Windows\System\mNjcSRP.exe

C:\Windows\System\VTzQGsq.exe

C:\Windows\System\VTzQGsq.exe

C:\Windows\System\EIZQjMU.exe

C:\Windows\System\EIZQjMU.exe

C:\Windows\System\HDeyDuT.exe

C:\Windows\System\HDeyDuT.exe

C:\Windows\System\boMZzFA.exe

C:\Windows\System\boMZzFA.exe

C:\Windows\System\OkQhYke.exe

C:\Windows\System\OkQhYke.exe

C:\Windows\System\VCGDXDs.exe

C:\Windows\System\VCGDXDs.exe

C:\Windows\System\YrXEwWj.exe

C:\Windows\System\YrXEwWj.exe

C:\Windows\System\IKVqxQg.exe

C:\Windows\System\IKVqxQg.exe

C:\Windows\System\PLFhQgX.exe

C:\Windows\System\PLFhQgX.exe

C:\Windows\System\JrZhOaZ.exe

C:\Windows\System\JrZhOaZ.exe

C:\Windows\System\XgkHIdF.exe

C:\Windows\System\XgkHIdF.exe

C:\Windows\System\OpPAIOF.exe

C:\Windows\System\OpPAIOF.exe

C:\Windows\System\jjaVSDc.exe

C:\Windows\System\jjaVSDc.exe

C:\Windows\System\zBhcBHq.exe

C:\Windows\System\zBhcBHq.exe

C:\Windows\System\ATGjhax.exe

C:\Windows\System\ATGjhax.exe

C:\Windows\System\qgxqQBH.exe

C:\Windows\System\qgxqQBH.exe

C:\Windows\System\bHbqhGZ.exe

C:\Windows\System\bHbqhGZ.exe

C:\Windows\System\zEXpoKR.exe

C:\Windows\System\zEXpoKR.exe

C:\Windows\System\AhPGDoe.exe

C:\Windows\System\AhPGDoe.exe

C:\Windows\System\EZIKXIj.exe

C:\Windows\System\EZIKXIj.exe

C:\Windows\System\ojqNOAc.exe

C:\Windows\System\ojqNOAc.exe

C:\Windows\System\oLQxXsc.exe

C:\Windows\System\oLQxXsc.exe

C:\Windows\System\yhRwyAt.exe

C:\Windows\System\yhRwyAt.exe

C:\Windows\System\TfHUjbS.exe

C:\Windows\System\TfHUjbS.exe

C:\Windows\System\gfsJMPn.exe

C:\Windows\System\gfsJMPn.exe

C:\Windows\System\fqCnmKu.exe

C:\Windows\System\fqCnmKu.exe

C:\Windows\System\fTsdmPi.exe

C:\Windows\System\fTsdmPi.exe

C:\Windows\System\VtBfUcm.exe

C:\Windows\System\VtBfUcm.exe

C:\Windows\System\JHPQeCA.exe

C:\Windows\System\JHPQeCA.exe

C:\Windows\System\XrMTcKJ.exe

C:\Windows\System\XrMTcKJ.exe

C:\Windows\System\mOZQJLa.exe

C:\Windows\System\mOZQJLa.exe

C:\Windows\System\sPgRFZF.exe

C:\Windows\System\sPgRFZF.exe

C:\Windows\System\IBVcTdY.exe

C:\Windows\System\IBVcTdY.exe

C:\Windows\System\xrfMuPo.exe

C:\Windows\System\xrfMuPo.exe

C:\Windows\System\osxNSDS.exe

C:\Windows\System\osxNSDS.exe

C:\Windows\System\SjyqQKa.exe

C:\Windows\System\SjyqQKa.exe

C:\Windows\System\jEjbbxg.exe

C:\Windows\System\jEjbbxg.exe

C:\Windows\System\qQmRcEy.exe

C:\Windows\System\qQmRcEy.exe

C:\Windows\System\hOYTzey.exe

C:\Windows\System\hOYTzey.exe

C:\Windows\System\xxZdqHl.exe

C:\Windows\System\xxZdqHl.exe

C:\Windows\System\OwSKMDT.exe

C:\Windows\System\OwSKMDT.exe

C:\Windows\System\HADmqKG.exe

C:\Windows\System\HADmqKG.exe

C:\Windows\System\IIMcViY.exe

C:\Windows\System\IIMcViY.exe

C:\Windows\System\fbNJRLt.exe

C:\Windows\System\fbNJRLt.exe

C:\Windows\System\rXYoTMX.exe

C:\Windows\System\rXYoTMX.exe

C:\Windows\System\AdppgFj.exe

C:\Windows\System\AdppgFj.exe

C:\Windows\System\oTmICiQ.exe

C:\Windows\System\oTmICiQ.exe

C:\Windows\System\wWoKhMO.exe

C:\Windows\System\wWoKhMO.exe

C:\Windows\System\GlJXPXu.exe

C:\Windows\System\GlJXPXu.exe

C:\Windows\System\uLGxZDx.exe

C:\Windows\System\uLGxZDx.exe

C:\Windows\System\ahKkcEu.exe

C:\Windows\System\ahKkcEu.exe

C:\Windows\System\menrRzF.exe

C:\Windows\System\menrRzF.exe

C:\Windows\System\rgmqfGv.exe

C:\Windows\System\rgmqfGv.exe

C:\Windows\System\esHRCzr.exe

C:\Windows\System\esHRCzr.exe

C:\Windows\System\FEbYnHI.exe

C:\Windows\System\FEbYnHI.exe

C:\Windows\System\zvdvYre.exe

C:\Windows\System\zvdvYre.exe

C:\Windows\System\sFgCFtY.exe

C:\Windows\System\sFgCFtY.exe

C:\Windows\System\oibsBwM.exe

C:\Windows\System\oibsBwM.exe

C:\Windows\System\hYMhhxP.exe

C:\Windows\System\hYMhhxP.exe

C:\Windows\System\lgKKtNn.exe

C:\Windows\System\lgKKtNn.exe

C:\Windows\System\WSuohKW.exe

C:\Windows\System\WSuohKW.exe

C:\Windows\System\unPLFzX.exe

C:\Windows\System\unPLFzX.exe

C:\Windows\System\ayNryik.exe

C:\Windows\System\ayNryik.exe

C:\Windows\System\sfztoBD.exe

C:\Windows\System\sfztoBD.exe

C:\Windows\System\ZrgsMiH.exe

C:\Windows\System\ZrgsMiH.exe

C:\Windows\System\AdWlUHe.exe

C:\Windows\System\AdWlUHe.exe

C:\Windows\System\RYBOnKZ.exe

C:\Windows\System\RYBOnKZ.exe

C:\Windows\System\XjMLpvm.exe

C:\Windows\System\XjMLpvm.exe

C:\Windows\System\GHbWBgJ.exe

C:\Windows\System\GHbWBgJ.exe

C:\Windows\System\ZeIaDBl.exe

C:\Windows\System\ZeIaDBl.exe

C:\Windows\System\PyUNCBJ.exe

C:\Windows\System\PyUNCBJ.exe

C:\Windows\System\CztFvsK.exe

C:\Windows\System\CztFvsK.exe

C:\Windows\System\aRMOOwJ.exe

C:\Windows\System\aRMOOwJ.exe

C:\Windows\System\uSNeDNI.exe

C:\Windows\System\uSNeDNI.exe

C:\Windows\System\NzCqgyg.exe

C:\Windows\System\NzCqgyg.exe

C:\Windows\System\qglrVQy.exe

C:\Windows\System\qglrVQy.exe

C:\Windows\System\gFeUMpX.exe

C:\Windows\System\gFeUMpX.exe

C:\Windows\System\LtqMKUB.exe

C:\Windows\System\LtqMKUB.exe

C:\Windows\System\hjrxJhZ.exe

C:\Windows\System\hjrxJhZ.exe

C:\Windows\System\AIdYryL.exe

C:\Windows\System\AIdYryL.exe

C:\Windows\System\BKfFZKv.exe

C:\Windows\System\BKfFZKv.exe

C:\Windows\System\APcoKcs.exe

C:\Windows\System\APcoKcs.exe

C:\Windows\System\zCbYFuF.exe

C:\Windows\System\zCbYFuF.exe

C:\Windows\System\vXBpPTa.exe

C:\Windows\System\vXBpPTa.exe

C:\Windows\System\brOmeYd.exe

C:\Windows\System\brOmeYd.exe

C:\Windows\System\tfaqmMu.exe

C:\Windows\System\tfaqmMu.exe

C:\Windows\System\aCaNCPk.exe

C:\Windows\System\aCaNCPk.exe

C:\Windows\System\yIYxMlJ.exe

C:\Windows\System\yIYxMlJ.exe

C:\Windows\System\gomLyUV.exe

C:\Windows\System\gomLyUV.exe

C:\Windows\System\wCxzvUg.exe

C:\Windows\System\wCxzvUg.exe

C:\Windows\System\nmQqRXn.exe

C:\Windows\System\nmQqRXn.exe

C:\Windows\System\YMZHRVb.exe

C:\Windows\System\YMZHRVb.exe

C:\Windows\System\vyMCpAs.exe

C:\Windows\System\vyMCpAs.exe

C:\Windows\System\kOVYCIs.exe

C:\Windows\System\kOVYCIs.exe

C:\Windows\System\dtTzXzI.exe

C:\Windows\System\dtTzXzI.exe

C:\Windows\System\sMqSDSU.exe

C:\Windows\System\sMqSDSU.exe

C:\Windows\System\dCUeHtR.exe

C:\Windows\System\dCUeHtR.exe

C:\Windows\System\BlmGnHG.exe

C:\Windows\System\BlmGnHG.exe

C:\Windows\System\rucfcOA.exe

C:\Windows\System\rucfcOA.exe

C:\Windows\System\stSIQYe.exe

C:\Windows\System\stSIQYe.exe

C:\Windows\System\pxOePIN.exe

C:\Windows\System\pxOePIN.exe

C:\Windows\System\zZXCuMj.exe

C:\Windows\System\zZXCuMj.exe

C:\Windows\System\EerauLw.exe

C:\Windows\System\EerauLw.exe

C:\Windows\System\sIphqpj.exe

C:\Windows\System\sIphqpj.exe

C:\Windows\System\MWCTVET.exe

C:\Windows\System\MWCTVET.exe

C:\Windows\System\aeXOyRC.exe

C:\Windows\System\aeXOyRC.exe

C:\Windows\System\gKcKhwe.exe

C:\Windows\System\gKcKhwe.exe

C:\Windows\System\DghxwPu.exe

C:\Windows\System\DghxwPu.exe

C:\Windows\System\AlaUavV.exe

C:\Windows\System\AlaUavV.exe

C:\Windows\System\zVQBRus.exe

C:\Windows\System\zVQBRus.exe

C:\Windows\System\HCXepBa.exe

C:\Windows\System\HCXepBa.exe

C:\Windows\System\JmKVsyd.exe

C:\Windows\System\JmKVsyd.exe

C:\Windows\System\QCBnxSg.exe

C:\Windows\System\QCBnxSg.exe

C:\Windows\System\zKpCTLf.exe

C:\Windows\System\zKpCTLf.exe

C:\Windows\System\jztrUtW.exe

C:\Windows\System\jztrUtW.exe

C:\Windows\System\GuVNoSq.exe

C:\Windows\System\GuVNoSq.exe

C:\Windows\System\nojSCeF.exe

C:\Windows\System\nojSCeF.exe

C:\Windows\System\cNgwCWe.exe

C:\Windows\System\cNgwCWe.exe

C:\Windows\System\FVKmHfq.exe

C:\Windows\System\FVKmHfq.exe

C:\Windows\System\LOVZjjS.exe

C:\Windows\System\LOVZjjS.exe

C:\Windows\System\LSQPvIo.exe

C:\Windows\System\LSQPvIo.exe

C:\Windows\System\HkZTxaY.exe

C:\Windows\System\HkZTxaY.exe

C:\Windows\System\Ujpqsqn.exe

C:\Windows\System\Ujpqsqn.exe

C:\Windows\System\DYIXzrK.exe

C:\Windows\System\DYIXzrK.exe

C:\Windows\System\AqBnZmK.exe

C:\Windows\System\AqBnZmK.exe

C:\Windows\System\dWlkPls.exe

C:\Windows\System\dWlkPls.exe

C:\Windows\System\HnXEgar.exe

C:\Windows\System\HnXEgar.exe

C:\Windows\System\woXHuXE.exe

C:\Windows\System\woXHuXE.exe

C:\Windows\System\HdGQGNM.exe

C:\Windows\System\HdGQGNM.exe

C:\Windows\System\lcULmAj.exe

C:\Windows\System\lcULmAj.exe

C:\Windows\System\dgCdHbM.exe

C:\Windows\System\dgCdHbM.exe

C:\Windows\System\OvNsYNO.exe

C:\Windows\System\OvNsYNO.exe

C:\Windows\System\nLyIRqD.exe

C:\Windows\System\nLyIRqD.exe

C:\Windows\System\zBUpUXv.exe

C:\Windows\System\zBUpUXv.exe

C:\Windows\System\peppKrG.exe

C:\Windows\System\peppKrG.exe

C:\Windows\System\dwUrGBd.exe

C:\Windows\System\dwUrGBd.exe

C:\Windows\System\LHJKfpf.exe

C:\Windows\System\LHJKfpf.exe

C:\Windows\System\XDhKyYh.exe

C:\Windows\System\XDhKyYh.exe

C:\Windows\System\tNvIEgQ.exe

C:\Windows\System\tNvIEgQ.exe

C:\Windows\System\RCjjcOP.exe

C:\Windows\System\RCjjcOP.exe

C:\Windows\System\tYIEzXF.exe

C:\Windows\System\tYIEzXF.exe

C:\Windows\System\oMihqeQ.exe

C:\Windows\System\oMihqeQ.exe

C:\Windows\System\CJAVnsc.exe

C:\Windows\System\CJAVnsc.exe

C:\Windows\System\UMMzipQ.exe

C:\Windows\System\UMMzipQ.exe

C:\Windows\System\MtrTZLd.exe

C:\Windows\System\MtrTZLd.exe

C:\Windows\System\STSOVty.exe

C:\Windows\System\STSOVty.exe

C:\Windows\System\NOFmamJ.exe

C:\Windows\System\NOFmamJ.exe

C:\Windows\System\wdPSwOx.exe

C:\Windows\System\wdPSwOx.exe

C:\Windows\System\VpHlQwd.exe

C:\Windows\System\VpHlQwd.exe

C:\Windows\System\ICmQkVF.exe

C:\Windows\System\ICmQkVF.exe

C:\Windows\System\CzIozoZ.exe

C:\Windows\System\CzIozoZ.exe

C:\Windows\System\XJQBgAF.exe

C:\Windows\System\XJQBgAF.exe

C:\Windows\System\hZTkQHX.exe

C:\Windows\System\hZTkQHX.exe

C:\Windows\System\lKEJLVG.exe

C:\Windows\System\lKEJLVG.exe

C:\Windows\System\RViTzIx.exe

C:\Windows\System\RViTzIx.exe

C:\Windows\System\jpJWkop.exe

C:\Windows\System\jpJWkop.exe

C:\Windows\System\YvxDWaD.exe

C:\Windows\System\YvxDWaD.exe

C:\Windows\System\VggVgzr.exe

C:\Windows\System\VggVgzr.exe

C:\Windows\System\EtyjAqs.exe

C:\Windows\System\EtyjAqs.exe

C:\Windows\System\XpDDJoz.exe

C:\Windows\System\XpDDJoz.exe

C:\Windows\System\ImKZXfK.exe

C:\Windows\System\ImKZXfK.exe

C:\Windows\System\uIixqyi.exe

C:\Windows\System\uIixqyi.exe

C:\Windows\System\IgJJiuv.exe

C:\Windows\System\IgJJiuv.exe

C:\Windows\System\GjPMCFY.exe

C:\Windows\System\GjPMCFY.exe

C:\Windows\System\LcVIxXw.exe

C:\Windows\System\LcVIxXw.exe

C:\Windows\System\JSuvERJ.exe

C:\Windows\System\JSuvERJ.exe

C:\Windows\System\TTXvGKw.exe

C:\Windows\System\TTXvGKw.exe

C:\Windows\System\EHvyeBD.exe

C:\Windows\System\EHvyeBD.exe

C:\Windows\System\QIlfCSw.exe

C:\Windows\System\QIlfCSw.exe

C:\Windows\System\RpvRgvh.exe

C:\Windows\System\RpvRgvh.exe

C:\Windows\System\XQOUEbs.exe

C:\Windows\System\XQOUEbs.exe

C:\Windows\System\OeCXEap.exe

C:\Windows\System\OeCXEap.exe

C:\Windows\System\wVauraL.exe

C:\Windows\System\wVauraL.exe

C:\Windows\System\HQZadJq.exe

C:\Windows\System\HQZadJq.exe

C:\Windows\System\WixpKfC.exe

C:\Windows\System\WixpKfC.exe

C:\Windows\System\kFvHnmR.exe

C:\Windows\System\kFvHnmR.exe

C:\Windows\System\RCUzKan.exe

C:\Windows\System\RCUzKan.exe

C:\Windows\System\oDpVkWA.exe

C:\Windows\System\oDpVkWA.exe

C:\Windows\System\FdLDIHq.exe

C:\Windows\System\FdLDIHq.exe

C:\Windows\System\hzstEUO.exe

C:\Windows\System\hzstEUO.exe

C:\Windows\System\rgzYPZa.exe

C:\Windows\System\rgzYPZa.exe

C:\Windows\System\oVcEKpJ.exe

C:\Windows\System\oVcEKpJ.exe

C:\Windows\System\pfiTpSO.exe

C:\Windows\System\pfiTpSO.exe

C:\Windows\System\ZUgMQpK.exe

C:\Windows\System\ZUgMQpK.exe

C:\Windows\System\bOKVRvV.exe

C:\Windows\System\bOKVRvV.exe

C:\Windows\System\WMJAQfy.exe

C:\Windows\System\WMJAQfy.exe

C:\Windows\System\dlBkaYz.exe

C:\Windows\System\dlBkaYz.exe

C:\Windows\System\mBiLCcU.exe

C:\Windows\System\mBiLCcU.exe

C:\Windows\System\JfghzMc.exe

C:\Windows\System\JfghzMc.exe

C:\Windows\System\JrKOMpW.exe

C:\Windows\System\JrKOMpW.exe

C:\Windows\System\UqmADVF.exe

C:\Windows\System\UqmADVF.exe

C:\Windows\System\lHxYcRO.exe

C:\Windows\System\lHxYcRO.exe

C:\Windows\System\TXswvhv.exe

C:\Windows\System\TXswvhv.exe

C:\Windows\System\ljCsdRj.exe

C:\Windows\System\ljCsdRj.exe

C:\Windows\System\fPrpKWf.exe

C:\Windows\System\fPrpKWf.exe

C:\Windows\System\uJunhGy.exe

C:\Windows\System\uJunhGy.exe

C:\Windows\System\rgmlhMo.exe

C:\Windows\System\rgmlhMo.exe

C:\Windows\System\aMKcQPB.exe

C:\Windows\System\aMKcQPB.exe

C:\Windows\System\QkrvjMB.exe

C:\Windows\System\QkrvjMB.exe

C:\Windows\System\jMCKzLs.exe

C:\Windows\System\jMCKzLs.exe

C:\Windows\System\yYVTPoO.exe

C:\Windows\System\yYVTPoO.exe

C:\Windows\System\MwtLLeJ.exe

C:\Windows\System\MwtLLeJ.exe

C:\Windows\System\SKuDjsZ.exe

C:\Windows\System\SKuDjsZ.exe

C:\Windows\System\ssqGhbZ.exe

C:\Windows\System\ssqGhbZ.exe

C:\Windows\System\ZgxkFvm.exe

C:\Windows\System\ZgxkFvm.exe

C:\Windows\System\vjoZWFV.exe

C:\Windows\System\vjoZWFV.exe

C:\Windows\System\CoOMHaZ.exe

C:\Windows\System\CoOMHaZ.exe

C:\Windows\System\uuONlxu.exe

C:\Windows\System\uuONlxu.exe

C:\Windows\System\ZeZNxuR.exe

C:\Windows\System\ZeZNxuR.exe

C:\Windows\System\uQsTKdy.exe

C:\Windows\System\uQsTKdy.exe

C:\Windows\System\ANifITx.exe

C:\Windows\System\ANifITx.exe

C:\Windows\System\aFuqAvy.exe

C:\Windows\System\aFuqAvy.exe

C:\Windows\System\PZgKfno.exe

C:\Windows\System\PZgKfno.exe

C:\Windows\System\wAKRiHp.exe

C:\Windows\System\wAKRiHp.exe

C:\Windows\System\RumqJpR.exe

C:\Windows\System\RumqJpR.exe

C:\Windows\System\BRiCsZe.exe

C:\Windows\System\BRiCsZe.exe

C:\Windows\System\wcvmpXa.exe

C:\Windows\System\wcvmpXa.exe

C:\Windows\System\RkohEqC.exe

C:\Windows\System\RkohEqC.exe

C:\Windows\System\orrFhrU.exe

C:\Windows\System\orrFhrU.exe

C:\Windows\System\FKbusnb.exe

C:\Windows\System\FKbusnb.exe

C:\Windows\System\hcfZBeU.exe

C:\Windows\System\hcfZBeU.exe

C:\Windows\System\Zpmfhcw.exe

C:\Windows\System\Zpmfhcw.exe

C:\Windows\System\mOdaKVT.exe

C:\Windows\System\mOdaKVT.exe

C:\Windows\System\fcOVyrj.exe

C:\Windows\System\fcOVyrj.exe

C:\Windows\System\oxTrSiB.exe

C:\Windows\System\oxTrSiB.exe

C:\Windows\System\pRDbPsR.exe

C:\Windows\System\pRDbPsR.exe

C:\Windows\System\XZQWTTf.exe

C:\Windows\System\XZQWTTf.exe

C:\Windows\System\HjxSWmA.exe

C:\Windows\System\HjxSWmA.exe

C:\Windows\System\lnWPNIK.exe

C:\Windows\System\lnWPNIK.exe

C:\Windows\System\hSgwekg.exe

C:\Windows\System\hSgwekg.exe

C:\Windows\System\VBPuEVO.exe

C:\Windows\System\VBPuEVO.exe

C:\Windows\System\GkYvSFe.exe

C:\Windows\System\GkYvSFe.exe

C:\Windows\System\hQOQGdF.exe

C:\Windows\System\hQOQGdF.exe

C:\Windows\System\jhIxjgb.exe

C:\Windows\System\jhIxjgb.exe

C:\Windows\System\TsXXjXn.exe

C:\Windows\System\TsXXjXn.exe

C:\Windows\System\BsDSdVX.exe

C:\Windows\System\BsDSdVX.exe

C:\Windows\System\siumRhr.exe

C:\Windows\System\siumRhr.exe

C:\Windows\System\NusGhQk.exe

C:\Windows\System\NusGhQk.exe

C:\Windows\System\MDPyhot.exe

C:\Windows\System\MDPyhot.exe

C:\Windows\System\hbSVdOF.exe

C:\Windows\System\hbSVdOF.exe

C:\Windows\System\eZFQArS.exe

C:\Windows\System\eZFQArS.exe

C:\Windows\System\xQyDdco.exe

C:\Windows\System\xQyDdco.exe

C:\Windows\System\ROHzDKP.exe

C:\Windows\System\ROHzDKP.exe

C:\Windows\System\BpnASJA.exe

C:\Windows\System\BpnASJA.exe

C:\Windows\System\fytcxQC.exe

C:\Windows\System\fytcxQC.exe

C:\Windows\System\RFDvKyp.exe

C:\Windows\System\RFDvKyp.exe

C:\Windows\System\wXDNABe.exe

C:\Windows\System\wXDNABe.exe

C:\Windows\System\AmqTyoD.exe

C:\Windows\System\AmqTyoD.exe

C:\Windows\System\FpvbSba.exe

C:\Windows\System\FpvbSba.exe

C:\Windows\System\MEJvzXk.exe

C:\Windows\System\MEJvzXk.exe

C:\Windows\System\HqnNIHA.exe

C:\Windows\System\HqnNIHA.exe

C:\Windows\System\XnyozAB.exe

C:\Windows\System\XnyozAB.exe

C:\Windows\System\mxdkTqd.exe

C:\Windows\System\mxdkTqd.exe

C:\Windows\System\IkZXpCw.exe

C:\Windows\System\IkZXpCw.exe

C:\Windows\System\EeaCAfh.exe

C:\Windows\System\EeaCAfh.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2772-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2772-1-0x00000000003F0000-0x0000000000400000-memory.dmp

\Windows\system\gjGDDex.exe

MD5 71b59a3db415b1f9dd43e7f2ab4d963b
SHA1 632f296ff2e547a3a74fb617bdfcf6d04a77b2ce
SHA256 a29cab5358fa31b8ba1761889c311d2d62afb898917553edee3019e0e55b8454
SHA512 13be1fa98d735080bda6ecd0f1e1d8de33a5d8bf531f19c67688425af9f6122848abf259cbeed7ebbadb54c0773ca822df6d37e6fe3f525557e33a8a4e63ddd8

memory/2772-8-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2980-9-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

\Windows\system\LcvqeCD.exe

MD5 534a4ec4ac71cd2fd302a1610151d6c7
SHA1 ca3e921b23242948b03553617c1fef6c83cca130
SHA256 05161d1500a3f164ac6bb833dac63a55502bec4441026c1d994f71f274005e36
SHA512 472b2e9bdbad1ae1a8307e4bca1a8f5eafde26e86912d18db86fdd532aff38c0c5ccc4d1169f49f073a01c508d5c98d100f0231cba0de37b19224e02b766c789

memory/2596-15-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2772-20-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2956-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp

\Windows\system\pUfZlRi.exe

MD5 930c74fd67810d327bd018e121f123fa
SHA1 2686fa10a40c38efcd8a8539b6c09e2007441398
SHA256 78f884d07a4f0ea22d7f0a02427a7255f83ebccb8ba6d302fffe8b4b7fe4a2a3
SHA512 824d36ac5fc998dc815be9a56f7559cd88a2fcf5a4ba479c2cdeb658f4b262e0fd4fec5110342fc60d5a1df9a4bb6dc21ded4d12f9ee77f483cb5a3444dc6758

memory/2772-36-0x000000013F890000-0x000000013FBE4000-memory.dmp

C:\Windows\system\brKGgsF.exe

MD5 a2013c9884286174fd3fe03ca38222c3
SHA1 8183e1387f5728e3e763b60a32e9dfdc4686c54b
SHA256 aa6e9d5f9618f4d11cb3b687c804d601c3c14140241b68615d3e7ed4f2da1b5e
SHA512 a21ca799674f3ba5c9bd248ed9c7196dbacb31ab5e4a90c006e13b24454179916fa7c725eaf89204033b82ca1ad722b3e0c5ea3bddf8badeef3710132600040a

memory/2568-43-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/2748-50-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

\Windows\system\TfZeERA.exe

MD5 1b1ab62c6a54e676058998aa0d76ca7a
SHA1 dec8e3353b487adbd510202f9f2b7dfe408999c4
SHA256 e8d7d8eb7878395411332530dccbe09612efd6136e0635387d93806f6395e7f6
SHA512 96723b0753b73ed9f6aefc46145c4b57dd2cc8d1513bd821401f5076a63349289d1e616ba4ff855efdf205f077ffa5fd9a5ba9dc6a04b83f371d414ca92dc517

\Windows\system\bhbMqLk.exe

MD5 4c99908aa7657c3f4ff863ab57609d2b
SHA1 139c0d6724433f9a2571a8a24cf36b559c867368
SHA256 db4d38c4497a6eebd5d10236f1cca559692d8bf92ddc19954642e173f8212de2
SHA512 0e5244670bcd972418d12400f61c131dcba891fbc829bdd48d1683daac07f71e946cd59e1b86992fc5b3d9a371af3814cc0d4d9a7c45b56a4bb8c7ba35418d65

C:\Windows\system\kNKBAPg.exe

MD5 2dc23639f9e763fc16e65952b4bcb7ef
SHA1 4b24d4aa6de101b70a968fb7ff199c37e7b474af
SHA256 e3c19403a412a52bbd59df253bc3ef30564477a7cd39c3c04f49cc57261d41ef
SHA512 32a1f8a3718755758bdb78576b59d9b15ea262603d7a852943af445dcede28d365ddc697cc1b1324bd4da2eb6499ccc824f7e6bcfeeb30c50f3e422c2dc606ff

\Windows\system\DBrGyGM.exe

MD5 1a0bdad4671fa18c93fc0191ce4f5466
SHA1 94c4774007b764e264210091d570609fc37f3c8c
SHA256 cd1b64ebfa4b574c338be804654b10e04be7edd58c88474806d817889ea5f288
SHA512 781834debf3bf01485b373222287fbca30c42535819bdc60169a617975b3f76e6341584146e665d760109de12e6c546e2d6ca35cbf2ef4d0d5ddeeec36f73844

C:\Windows\system\CqUZtdt.exe

MD5 2d4cec70fa84daeb95eb1de550f4c45b
SHA1 365f38374fed1eb88644dec9ca23b166bf7a8f8e
SHA256 2f4ec7ab3bc28b6f18908bf3b57582017ef006de94dfd3c5454c8e0b92d03438
SHA512 84e367a5e53fd2fc0d9da24957605fbb6c226f52e909e964f2923fc308245938d5dabed9d3dad6c3d30939029f74dc69c32f8a51fa1dc90fbf67ee516b875be2

memory/2460-1004-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2856-1003-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2772-1002-0x0000000001E90000-0x00000000021E4000-memory.dmp

C:\Windows\system\hvNluvC.exe

MD5 616626c34cec063c3da22aeac25b6e73
SHA1 0d1fb8e6a6a5f1e3884b8093c5183a407a8e311c
SHA256 cea45a1b5b5c202e6113b8ac2b991321e460c0d74b14df2925d5c9e7cd356aae
SHA512 55b524fb6cd2a0e1d1490fd78f1a885bcc51be6aea5d8c06534cb51f769f4e1303bf8cebd55de2ebb1d333b410055a4e9c9305d27e085e36a4611f432a5d360a

C:\Windows\system\ONYQFui.exe

MD5 fbbbb0b237eb17e519ab305a5a28004c
SHA1 74fac3636e8cb31a72fecd59c3013a32ac4f661e
SHA256 3bc5dad027fa02d8f5c7cd268b995218c3927ecac545f50c6408bab53d14d62f
SHA512 3ded4ae781738c7bc00a4aaf6aa28d4b92b7aaa09d506ba0dee86e5eb566d329439edc664e96e355c40ff5321a2e93fc758e9229c3fc99b2ed210fb9f5e1d8d2

C:\Windows\system\NRAkbiT.exe

MD5 ca649dd34924e0d36c0f8d84060e72f3
SHA1 ce769bc9178da33c770bdc2391b15e78c10bf6b5
SHA256 0243fd1e01a9fffbe5e865ab3526175e1433c745dbfa1f416e416868f8b7885d
SHA512 2c652515f9a73b6f80c6b0a3f3db10dd2e4ebe9ceefc76c547c835ddf7eebfd8d2ee129a3d18ae6852bac5fbc54441bb406596b9e6894513b28031c04999759f

C:\Windows\system\oroJwBH.exe

MD5 97343671330fa87e16923ec394700093
SHA1 cb5be3973c69de9076e46f8b70da1a5e700d18de
SHA256 346ea995bc9ed42a2c5e0cf7f52cd5bbe697e919169f3caf482ca4156ff14bb3
SHA512 324fac281fee6500f0f57bc4de0f9b56f48a95ba0fcaee79b17901db6e26d14c4f5a216d07bdaf966428ba86c9c369876dc87230748d80de14ba502f5bc7e3e5

C:\Windows\system\lnTmIDe.exe

MD5 ebe424584fa57c29e7e0fa45c06dab12
SHA1 da8e587bee5403df2196d98aef4bdaf3ca9de0e4
SHA256 d7d3c86ffa7c4d2e11eb71d214919d27470555bbf27469701ccd9a1319d6336d
SHA512 0121161c14eead927dba24df85b2062329915ce488b0d50140e3b0e5ae54ce46f76e4e58e7ce025059184aad6cf016949b7f4eecd13310022d217e8c6416d25b

C:\Windows\system\OBnZIcm.exe

MD5 e11249592355f61260aea4de6b9d95d2
SHA1 f3a2dc46581787b60b7be55bd937315de936172c
SHA256 490f8e40275fe13f3a83967edeffbd47527bf316c7c26e76550da9695ced9e48
SHA512 473568834eccece0923f34c1a20a61da8cbd5bfe097fd3c600c1fdaa1043529e3ba10925944e824548e3472137c0bd0efb13c7fff1b5905c9a560717be6eb001

C:\Windows\system\tjqFcrn.exe

MD5 a37ec467efa3f08a58c9a3d39041ceac
SHA1 fd9de598da0bf315c950b40be7403d90975eeca6
SHA256 943fc720993cc1d87cba841a80fa9a44683f852c2ff97354fcdce135e6c180bc
SHA512 fa43bd360b849cd0a2c0bdfb73150084794865bdbf18bcd845478f04771ec839e60767d3e5b23ba65861c3ea83c4902137859fd393d83cd3e9356fc73a3cf51c

C:\Windows\system\tiiDkbx.exe

MD5 fe84c14c6235cbf36e1b495cfe0422cc
SHA1 49dce386a8a724c5ca6cd9cc3d57ffd6cbe04c04
SHA256 cfbb4c472847e7b220215a90e575d4c29fb5eb4017b0b32bacacb360f44cfbde
SHA512 855e640768f100c57dc90a478078f31e208fdb5ec18aab749b60573aa7832c2c8285e1753d2cc4e319f45d387795602271ba824e74e816131aba9b67e991e43b

C:\Windows\system\rbAIxXg.exe

MD5 d4d5726e1a0a51866679c22b19d804a4
SHA1 dae629ae1d6d5f9e3d614e500c4ff39eb4b0e495
SHA256 02e6290fbc214c8073a8787585f02861efe8121c72928e57e6a51f0a91542251
SHA512 b809524e009cd70ff6f83da6392d8e25dffa352cd82449085af76474d51340d3bdde32bf3e20845c17e81ec50d8d3f54c97d6210180de828158dc4dd25b81a6f

C:\Windows\system\lrzYkgr.exe

MD5 4f4a28f698aa34d17bcd898d669046e8
SHA1 59cc47dbd406a4d4f7ea8763a4628a013c592247
SHA256 d83b7153de7d7f3f0085dfbcaa1480e7c32998f0ead150b1c959e26c9a01ef88
SHA512 1a7d12f21d89ec2f869d1cb448af50c50198e888c142b6929421b4791312bfb5f265c017ef41d8bb6a1d9af54f66b19ba746df74a0d970d18b57cf5fc121add7

C:\Windows\system\FUPsPzI.exe

MD5 60893eceee46026d7c98ee607d057a78
SHA1 a2c3e437fbd7969732d942374d45b026c0758d63
SHA256 034b64c9f5ebbbc471eacd68031b3ce8539e3444cbd8e621f817e0f0757dd3de
SHA512 b5c4d4da170927444be146adec6805066244b5898fcab1cb93e1a4fa1c00019cb1bb5f943213657e98bd0b4eb32a9332945a094b8308c805616d3576306dccbe

C:\Windows\system\Knyjayf.exe

MD5 eb1eba0149acd82e75dcbf4961a5ab47
SHA1 c69eff79009117c9a4043d1e66ca6e8243276fe1
SHA256 5a68d682c205acdde0bd84787e8b9ed42c9fdaf2df513d30eb302df76d289128
SHA512 68cc901fdf8236319775ebf85c86758852e8fa8fc20a4783d30f3be0419329a90b10f4c27d3a4d7b1f29717aec0c64af0fd50e2ff55575124bae52f797ee7ef0

C:\Windows\system\amesFkr.exe

MD5 8b71f5c9c96828fcef5f3ffa5516bc86
SHA1 dc8ae2923528a98ea8433fb167a00eebf6435055
SHA256 03753ffec3989216b27d623a6681124be8408713a22e76ed0a7a53bcc2d8bb4d
SHA512 8f9f38b0ee7450fe0c11343dc7416384829a970d825b82d68f3903df1453670b4ff19d94b16f5a107150b6902bf11b05d5bfe1cb70012c00b996442d85448e84

C:\Windows\system\aSazAaO.exe

MD5 8eada3ac1cddd77646997bc8c4f7c431
SHA1 5d77461412b15fb230c006596b3a8eaeb451fe14
SHA256 3efe7fcf424d60780108497dc15dba4860e0ca1e5402604d0c781559f977aafc
SHA512 266e487faff8b1207a26ad942a0db889e57870210f33d1f043279dc8356f531fa299a75176056d859660131e41dfd1845e0b28e2514a42822015ab7ca70de843

C:\Windows\system\XkcpElm.exe

MD5 95ffc630918347a4a2d1b0793df0ce43
SHA1 df4383412c7c76a7276648ffc00987f64edf48fe
SHA256 fc795875f9d4dff0fb5000a451c4c2256e18fbe3c445b60f213c13135b051540
SHA512 28d028a012bb19c291209ede55596d9b90ddca45fb73f8ebadd7eb08962ca85a306a0b816c1865b15ea08ca5b46d8e1997267671a4c961c1807dbe0b8998ec22

memory/2772-104-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2304-99-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2568-98-0x000000013F710000-0x000000013FA64000-memory.dmp

C:\Windows\system\BDNVOxq.exe

MD5 f720930850386ee904387ebc30adea43
SHA1 feec0c404a6245305cf3829ee3c985a585d686b5
SHA256 a65cc1215e995ec80dca1f42d314696cb66a2f0d6eb92cc4e98dbe9f2a8786f5
SHA512 818f4b0abcf6ab5a236147d82b58454cb7f71e6506c33099260c027e65c26ce72474e05b22c036899c4335e29c10327f0f489764173a539a51275a0f66244a31

C:\Windows\system\QHTkupq.exe

MD5 65d604ce524086f3d79d5b5c5f2366a9
SHA1 be14c17c8ddb6164adc6fce339f7dd8f679309e4
SHA256 79810a45e4a76e0ae8a07fe7ced328c075881106deb661b515304facf368cd22
SHA512 d1562e1185b3e9ec0aadf63b489d65ab1283749d77e0dd45c36ea1c40be5a1720b25f233b5b96d5bf1583bf0fc0123d696fdeb5a567be7ffc1cb9f33c5915802

memory/2772-94-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2392-93-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/552-86-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2772-91-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2772-82-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2956-81-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2460-80-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2772-65-0x0000000001E90000-0x00000000021E4000-memory.dmp

\Windows\system\OuAILZo.exe

MD5 00691f5de077f44720c6a69d5754eeac
SHA1 acd5feb57e0e111858667042e7d5ea918f99c5ca
SHA256 95b4ba89c33bff1543a2cc36107fe08851c0060bf0cb2cab1cbc4153bd41b986
SHA512 b1c974d7edfbbc542c151e3410e5d516dca0e07f07a7e30d9b04f47f8ce7a0821841562fa73e7b2115464a23e3821c4e79c8e80d0d7826e9677cfd6049682150

memory/2596-78-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2856-76-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2772-75-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2772-74-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2696-73-0x000000013FDD0000-0x0000000140124000-memory.dmp

C:\Windows\system\lviHMbl.exe

MD5 e61cc9568786c842e5c5f24c2349318b
SHA1 4cd219f32d52de94bfecb3f17f64181492dbeea4
SHA256 3da49780220e64e28634033718d2b28d8606a311a2431bdfd76f28af8b080efc
SHA512 9a809a10d733dd81c541cadd7ecb3ab969f8b7af5e45224a686c6e8802fe41ed22947c162fb507dd81aee74671b474c7ea8f4d9c36016462e093e5d722569fb7

memory/2772-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2580-61-0x000000013F1B0000-0x000000013F504000-memory.dmp

C:\Windows\system\yhlDyDC.exe

MD5 9f75d2eee2ac4aa8763016bd63ada891
SHA1 8f6b303ad9686f9ecd7fb905a6ec2724fe70f7c4
SHA256 0c296b1e91a160b8ea361eee9f626ab2e824f0ab764d061b16d62c1f20a2d5f4
SHA512 c72a2cd93d3c39dd219efc7bf45e9795c80500bf96d394bf448213f815c6d4821718f9d195a2d80355bd0b0802837fde44c58f7afe8f6087dcb2a85d22bb423d

memory/2772-57-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/2772-49-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

C:\Windows\system\SHoMveX.exe

MD5 a49510a9e829b78d534d35f5c42bf55d
SHA1 320f2e052986ec58bf3784d2fa353b7d0e476e4b
SHA256 d0fefc7a30845715b386bf1b3c8d6237c6134c27b41880b657d957e496650793
SHA512 26a760ab7df3f4a0520f08786fcf000dd87172ff82458d1ccfc64e841a13e66806ebc48bd8506f19877774a3c6c24dfbb74c1aa2ca4c815289525ad302606b89

C:\Windows\system\mTCsnXm.exe

MD5 d14628ec38e56ec8bd1f66fbbf61bf8b
SHA1 0b6912f1d309fd361c92afaf647c08588b94a93e
SHA256 32f3e0031919725588822868c902db3239e34a95c74da7aef5c56696523d29fe
SHA512 49903ca76ff5ee423dfe51afa81840e67323c70ac8fe3dd1ea91de0a18a2327d153e060f3dd4602b895eb2100cb7b5ce05fe093095fd0a77782bdbd977ceca31

memory/2772-41-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/2416-39-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2712-30-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2772-29-0x000000013F2E0000-0x000000013F634000-memory.dmp

C:\Windows\system\CaVnZwr.exe

MD5 37e558185452414fd2c33524598b6fde
SHA1 24c56ad9425f489c4fbf661ad22f9776f2839598
SHA256 42a53ac2f58bc188c6a8225a29b087f58d3d29428fccebb03da8cf49062d2df8
SHA512 b6c91a51285a6587a371fa8fa714b0aede69beadda3612cc2204ebd2942691650f767c7e9c94623e159b4d08abdf58272723876b31ee8b1d152dbd78b3003d21

memory/2772-13-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2772-1077-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2392-1079-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/552-1078-0x000000013F4C0000-0x000000013F814000-memory.dmp

memory/2772-1080-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2772-1081-0x0000000001E90000-0x00000000021E4000-memory.dmp

memory/2304-1082-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2772-1083-0x000000013F270000-0x000000013F5C4000-memory.dmp

memory/2980-1084-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

memory/2596-1086-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2956-1085-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2712-1087-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2416-1088-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2748-1089-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2580-1090-0x000000013F1B0000-0x000000013F504000-memory.dmp

memory/2696-1091-0x000000013FDD0000-0x0000000140124000-memory.dmp

memory/2568-1092-0x000000013F710000-0x000000013FA64000-memory.dmp

memory/2856-1093-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2392-1094-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2460-1097-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2304-1096-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/552-1095-0x000000013F4C0000-0x000000013F814000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 07:09

Reported

2024-06-02 07:11

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TBNapjb.exe N/A
N/A N/A C:\Windows\System\wkViViv.exe N/A
N/A N/A C:\Windows\System\aHBTZGW.exe N/A
N/A N/A C:\Windows\System\gMIbFKg.exe N/A
N/A N/A C:\Windows\System\GXeizWL.exe N/A
N/A N/A C:\Windows\System\BFWIjHa.exe N/A
N/A N/A C:\Windows\System\HrNLTUJ.exe N/A
N/A N/A C:\Windows\System\yHLmZbC.exe N/A
N/A N/A C:\Windows\System\wngmIsC.exe N/A
N/A N/A C:\Windows\System\DkrSjJd.exe N/A
N/A N/A C:\Windows\System\srKcELN.exe N/A
N/A N/A C:\Windows\System\jpsPCmm.exe N/A
N/A N/A C:\Windows\System\TfqFQkU.exe N/A
N/A N/A C:\Windows\System\PexRWdV.exe N/A
N/A N/A C:\Windows\System\OvWnSyT.exe N/A
N/A N/A C:\Windows\System\TuthNcJ.exe N/A
N/A N/A C:\Windows\System\IapxNwJ.exe N/A
N/A N/A C:\Windows\System\dgPsLvb.exe N/A
N/A N/A C:\Windows\System\aYdtbNS.exe N/A
N/A N/A C:\Windows\System\EOjdlOo.exe N/A
N/A N/A C:\Windows\System\QFSDLOI.exe N/A
N/A N/A C:\Windows\System\ZgiigBd.exe N/A
N/A N/A C:\Windows\System\jjHLfkp.exe N/A
N/A N/A C:\Windows\System\rtoLeeR.exe N/A
N/A N/A C:\Windows\System\AsXsxfp.exe N/A
N/A N/A C:\Windows\System\bHSJumz.exe N/A
N/A N/A C:\Windows\System\oMmpOVA.exe N/A
N/A N/A C:\Windows\System\ealTnOS.exe N/A
N/A N/A C:\Windows\System\kezqzcC.exe N/A
N/A N/A C:\Windows\System\RpOlxUB.exe N/A
N/A N/A C:\Windows\System\eHOxpuW.exe N/A
N/A N/A C:\Windows\System\PBNADlO.exe N/A
N/A N/A C:\Windows\System\aLjkGHg.exe N/A
N/A N/A C:\Windows\System\jqmszqB.exe N/A
N/A N/A C:\Windows\System\KCaUCln.exe N/A
N/A N/A C:\Windows\System\fVsNiDJ.exe N/A
N/A N/A C:\Windows\System\kPNZKVw.exe N/A
N/A N/A C:\Windows\System\gSLKuhk.exe N/A
N/A N/A C:\Windows\System\mbHtbVj.exe N/A
N/A N/A C:\Windows\System\wQRHxjA.exe N/A
N/A N/A C:\Windows\System\OAXfDFz.exe N/A
N/A N/A C:\Windows\System\SwgnztG.exe N/A
N/A N/A C:\Windows\System\YNNDTHX.exe N/A
N/A N/A C:\Windows\System\qNdmXyt.exe N/A
N/A N/A C:\Windows\System\dlGNxrj.exe N/A
N/A N/A C:\Windows\System\zhmRqEh.exe N/A
N/A N/A C:\Windows\System\AztVkIv.exe N/A
N/A N/A C:\Windows\System\DbOtdcl.exe N/A
N/A N/A C:\Windows\System\CWgPBlO.exe N/A
N/A N/A C:\Windows\System\KAbzjMu.exe N/A
N/A N/A C:\Windows\System\FVXUENS.exe N/A
N/A N/A C:\Windows\System\aeendZO.exe N/A
N/A N/A C:\Windows\System\NmGbydR.exe N/A
N/A N/A C:\Windows\System\SCwLRIw.exe N/A
N/A N/A C:\Windows\System\XxZGgHZ.exe N/A
N/A N/A C:\Windows\System\pAGYpxB.exe N/A
N/A N/A C:\Windows\System\ydOrepO.exe N/A
N/A N/A C:\Windows\System\NwPhhCK.exe N/A
N/A N/A C:\Windows\System\fCSiJAQ.exe N/A
N/A N/A C:\Windows\System\HSrcnCh.exe N/A
N/A N/A C:\Windows\System\cyImnEE.exe N/A
N/A N/A C:\Windows\System\enrRuJE.exe N/A
N/A N/A C:\Windows\System\uuzvihy.exe N/A
N/A N/A C:\Windows\System\HjTcHJO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fCSiJAQ.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xSMIDKz.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgDiJQc.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQhNznY.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cgezaYX.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\goROPeS.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yihlktJ.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\owdFsYM.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\euskRky.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TfqFQkU.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KKAmkYa.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEcFxbY.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPoZwBj.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TVchgav.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOkjbNb.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVjUWaT.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvgDMKj.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZjOKKp.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HjTcHJO.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vGeopxN.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZHuQwT.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BVnBHuq.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQHhXNT.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JXQqCLU.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGttjhs.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\znvfRbh.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AosvToP.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DAUpkow.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZArCjBc.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iATBjfd.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHSJumz.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KAbzjMu.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\amgmtuV.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NZrpvEe.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ElxMlrK.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\swezXCs.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpsPCmm.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zhmRqEh.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sTjRPCb.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASopllB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KAnrdyq.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGvoxxH.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWzmpQA.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wpYFFgy.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgwUEeB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rXszaOf.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AsXsxfp.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SCwLRIw.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SpGlpJj.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pqLkkIm.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcRyFHb.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VPqqlGT.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uCMrrmK.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGaKSxF.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\blTclWL.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uEGidxV.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xttMMhV.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\srKcELN.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pAGYpxB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KLpqxIB.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fMaWzgg.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yHLmZbC.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYdtbNS.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQRHxjA.exe C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 904 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TBNapjb.exe
PID 904 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TBNapjb.exe
PID 904 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\wkViViv.exe
PID 904 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\wkViViv.exe
PID 904 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aHBTZGW.exe
PID 904 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aHBTZGW.exe
PID 904 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\gMIbFKg.exe
PID 904 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\gMIbFKg.exe
PID 904 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\GXeizWL.exe
PID 904 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\GXeizWL.exe
PID 904 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\BFWIjHa.exe
PID 904 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\BFWIjHa.exe
PID 904 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\HrNLTUJ.exe
PID 904 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\HrNLTUJ.exe
PID 904 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\wngmIsC.exe
PID 904 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\wngmIsC.exe
PID 904 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\yHLmZbC.exe
PID 904 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\yHLmZbC.exe
PID 904 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\DkrSjJd.exe
PID 904 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\DkrSjJd.exe
PID 904 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\srKcELN.exe
PID 904 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\srKcELN.exe
PID 904 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\jpsPCmm.exe
PID 904 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\jpsPCmm.exe
PID 904 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TfqFQkU.exe
PID 904 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TfqFQkU.exe
PID 904 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\PexRWdV.exe
PID 904 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\PexRWdV.exe
PID 904 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\OvWnSyT.exe
PID 904 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\OvWnSyT.exe
PID 904 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TuthNcJ.exe
PID 904 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\TuthNcJ.exe
PID 904 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\IapxNwJ.exe
PID 904 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\IapxNwJ.exe
PID 904 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\dgPsLvb.exe
PID 904 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\dgPsLvb.exe
PID 904 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aYdtbNS.exe
PID 904 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\aYdtbNS.exe
PID 904 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\EOjdlOo.exe
PID 904 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\EOjdlOo.exe
PID 904 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\QFSDLOI.exe
PID 904 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\QFSDLOI.exe
PID 904 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\ZgiigBd.exe
PID 904 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\ZgiigBd.exe
PID 904 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\jjHLfkp.exe
PID 904 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\jjHLfkp.exe
PID 904 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\rtoLeeR.exe
PID 904 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\rtoLeeR.exe
PID 904 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\AsXsxfp.exe
PID 904 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\AsXsxfp.exe
PID 904 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\bHSJumz.exe
PID 904 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\bHSJumz.exe
PID 904 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\oMmpOVA.exe
PID 904 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\oMmpOVA.exe
PID 904 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\ealTnOS.exe
PID 904 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\ealTnOS.exe
PID 904 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\kezqzcC.exe
PID 904 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\kezqzcC.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\RpOlxUB.exe
PID 904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\RpOlxUB.exe
PID 904 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\eHOxpuW.exe
PID 904 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\eHOxpuW.exe
PID 904 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\PBNADlO.exe
PID 904 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe C:\Windows\System\PBNADlO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4e2ed89e364dff63fff341909df18ad0_NeikiAnalytics.exe"

C:\Windows\System\TBNapjb.exe

C:\Windows\System\TBNapjb.exe

C:\Windows\System\wkViViv.exe

C:\Windows\System\wkViViv.exe

C:\Windows\System\aHBTZGW.exe

C:\Windows\System\aHBTZGW.exe

C:\Windows\System\gMIbFKg.exe

C:\Windows\System\gMIbFKg.exe

C:\Windows\System\GXeizWL.exe

C:\Windows\System\GXeizWL.exe

C:\Windows\System\BFWIjHa.exe

C:\Windows\System\BFWIjHa.exe

C:\Windows\System\HrNLTUJ.exe

C:\Windows\System\HrNLTUJ.exe

C:\Windows\System\wngmIsC.exe

C:\Windows\System\wngmIsC.exe

C:\Windows\System\yHLmZbC.exe

C:\Windows\System\yHLmZbC.exe

C:\Windows\System\DkrSjJd.exe

C:\Windows\System\DkrSjJd.exe

C:\Windows\System\srKcELN.exe

C:\Windows\System\srKcELN.exe

C:\Windows\System\jpsPCmm.exe

C:\Windows\System\jpsPCmm.exe

C:\Windows\System\TfqFQkU.exe

C:\Windows\System\TfqFQkU.exe

C:\Windows\System\PexRWdV.exe

C:\Windows\System\PexRWdV.exe

C:\Windows\System\OvWnSyT.exe

C:\Windows\System\OvWnSyT.exe

C:\Windows\System\TuthNcJ.exe

C:\Windows\System\TuthNcJ.exe

C:\Windows\System\IapxNwJ.exe

C:\Windows\System\IapxNwJ.exe

C:\Windows\System\dgPsLvb.exe

C:\Windows\System\dgPsLvb.exe

C:\Windows\System\aYdtbNS.exe

C:\Windows\System\aYdtbNS.exe

C:\Windows\System\EOjdlOo.exe

C:\Windows\System\EOjdlOo.exe

C:\Windows\System\QFSDLOI.exe

C:\Windows\System\QFSDLOI.exe

C:\Windows\System\ZgiigBd.exe

C:\Windows\System\ZgiigBd.exe

C:\Windows\System\jjHLfkp.exe

C:\Windows\System\jjHLfkp.exe

C:\Windows\System\rtoLeeR.exe

C:\Windows\System\rtoLeeR.exe

C:\Windows\System\AsXsxfp.exe

C:\Windows\System\AsXsxfp.exe

C:\Windows\System\bHSJumz.exe

C:\Windows\System\bHSJumz.exe

C:\Windows\System\oMmpOVA.exe

C:\Windows\System\oMmpOVA.exe

C:\Windows\System\ealTnOS.exe

C:\Windows\System\ealTnOS.exe

C:\Windows\System\kezqzcC.exe

C:\Windows\System\kezqzcC.exe

C:\Windows\System\RpOlxUB.exe

C:\Windows\System\RpOlxUB.exe

C:\Windows\System\eHOxpuW.exe

C:\Windows\System\eHOxpuW.exe

C:\Windows\System\PBNADlO.exe

C:\Windows\System\PBNADlO.exe

C:\Windows\System\aLjkGHg.exe

C:\Windows\System\aLjkGHg.exe

C:\Windows\System\jqmszqB.exe

C:\Windows\System\jqmszqB.exe

C:\Windows\System\KCaUCln.exe

C:\Windows\System\KCaUCln.exe

C:\Windows\System\fVsNiDJ.exe

C:\Windows\System\fVsNiDJ.exe

C:\Windows\System\kPNZKVw.exe

C:\Windows\System\kPNZKVw.exe

C:\Windows\System\gSLKuhk.exe

C:\Windows\System\gSLKuhk.exe

C:\Windows\System\mbHtbVj.exe

C:\Windows\System\mbHtbVj.exe

C:\Windows\System\wQRHxjA.exe

C:\Windows\System\wQRHxjA.exe

C:\Windows\System\OAXfDFz.exe

C:\Windows\System\OAXfDFz.exe

C:\Windows\System\SwgnztG.exe

C:\Windows\System\SwgnztG.exe

C:\Windows\System\YNNDTHX.exe

C:\Windows\System\YNNDTHX.exe

C:\Windows\System\qNdmXyt.exe

C:\Windows\System\qNdmXyt.exe

C:\Windows\System\dlGNxrj.exe

C:\Windows\System\dlGNxrj.exe

C:\Windows\System\zhmRqEh.exe

C:\Windows\System\zhmRqEh.exe

C:\Windows\System\AztVkIv.exe

C:\Windows\System\AztVkIv.exe

C:\Windows\System\DbOtdcl.exe

C:\Windows\System\DbOtdcl.exe

C:\Windows\System\CWgPBlO.exe

C:\Windows\System\CWgPBlO.exe

C:\Windows\System\KAbzjMu.exe

C:\Windows\System\KAbzjMu.exe

C:\Windows\System\FVXUENS.exe

C:\Windows\System\FVXUENS.exe

C:\Windows\System\aeendZO.exe

C:\Windows\System\aeendZO.exe

C:\Windows\System\NmGbydR.exe

C:\Windows\System\NmGbydR.exe

C:\Windows\System\SCwLRIw.exe

C:\Windows\System\SCwLRIw.exe

C:\Windows\System\XxZGgHZ.exe

C:\Windows\System\XxZGgHZ.exe

C:\Windows\System\pAGYpxB.exe

C:\Windows\System\pAGYpxB.exe

C:\Windows\System\ydOrepO.exe

C:\Windows\System\ydOrepO.exe

C:\Windows\System\NwPhhCK.exe

C:\Windows\System\NwPhhCK.exe

C:\Windows\System\fCSiJAQ.exe

C:\Windows\System\fCSiJAQ.exe

C:\Windows\System\HSrcnCh.exe

C:\Windows\System\HSrcnCh.exe

C:\Windows\System\cyImnEE.exe

C:\Windows\System\cyImnEE.exe

C:\Windows\System\enrRuJE.exe

C:\Windows\System\enrRuJE.exe

C:\Windows\System\uuzvihy.exe

C:\Windows\System\uuzvihy.exe

C:\Windows\System\HjTcHJO.exe

C:\Windows\System\HjTcHJO.exe

C:\Windows\System\amgmtuV.exe

C:\Windows\System\amgmtuV.exe

C:\Windows\System\HAblDVf.exe

C:\Windows\System\HAblDVf.exe

C:\Windows\System\LYAnhmB.exe

C:\Windows\System\LYAnhmB.exe

C:\Windows\System\KKAmkYa.exe

C:\Windows\System\KKAmkYa.exe

C:\Windows\System\BGOCNhS.exe

C:\Windows\System\BGOCNhS.exe

C:\Windows\System\kwzUauH.exe

C:\Windows\System\kwzUauH.exe

C:\Windows\System\NnwOIRs.exe

C:\Windows\System\NnwOIRs.exe

C:\Windows\System\vGeopxN.exe

C:\Windows\System\vGeopxN.exe

C:\Windows\System\fjVlsAF.exe

C:\Windows\System\fjVlsAF.exe

C:\Windows\System\feWwnpQ.exe

C:\Windows\System\feWwnpQ.exe

C:\Windows\System\IyougER.exe

C:\Windows\System\IyougER.exe

C:\Windows\System\UBZgkNQ.exe

C:\Windows\System\UBZgkNQ.exe

C:\Windows\System\QHsbxcA.exe

C:\Windows\System\QHsbxcA.exe

C:\Windows\System\aixqpxX.exe

C:\Windows\System\aixqpxX.exe

C:\Windows\System\oPSujoO.exe

C:\Windows\System\oPSujoO.exe

C:\Windows\System\zZkDcIH.exe

C:\Windows\System\zZkDcIH.exe

C:\Windows\System\CpFSAoB.exe

C:\Windows\System\CpFSAoB.exe

C:\Windows\System\qhCKzZZ.exe

C:\Windows\System\qhCKzZZ.exe

C:\Windows\System\vsIaAmF.exe

C:\Windows\System\vsIaAmF.exe

C:\Windows\System\WxPnxLb.exe

C:\Windows\System\WxPnxLb.exe

C:\Windows\System\hsLlIAY.exe

C:\Windows\System\hsLlIAY.exe

C:\Windows\System\attKRUd.exe

C:\Windows\System\attKRUd.exe

C:\Windows\System\xSMIDKz.exe

C:\Windows\System\xSMIDKz.exe

C:\Windows\System\cWgsyOi.exe

C:\Windows\System\cWgsyOi.exe

C:\Windows\System\sTjRPCb.exe

C:\Windows\System\sTjRPCb.exe

C:\Windows\System\vnsbafS.exe

C:\Windows\System\vnsbafS.exe

C:\Windows\System\ItDryyP.exe

C:\Windows\System\ItDryyP.exe

C:\Windows\System\mZIRxnO.exe

C:\Windows\System\mZIRxnO.exe

C:\Windows\System\AXTygDg.exe

C:\Windows\System\AXTygDg.exe

C:\Windows\System\AtcPsNS.exe

C:\Windows\System\AtcPsNS.exe

C:\Windows\System\DiMEtQm.exe

C:\Windows\System\DiMEtQm.exe

C:\Windows\System\oQBxLHm.exe

C:\Windows\System\oQBxLHm.exe

C:\Windows\System\UPikqhv.exe

C:\Windows\System\UPikqhv.exe

C:\Windows\System\MuUfYuD.exe

C:\Windows\System\MuUfYuD.exe

C:\Windows\System\CvWISdA.exe

C:\Windows\System\CvWISdA.exe

C:\Windows\System\OlUTERh.exe

C:\Windows\System\OlUTERh.exe

C:\Windows\System\cIkPmXg.exe

C:\Windows\System\cIkPmXg.exe

C:\Windows\System\QvMhszX.exe

C:\Windows\System\QvMhszX.exe

C:\Windows\System\lvRNNgF.exe

C:\Windows\System\lvRNNgF.exe

C:\Windows\System\ZPlVdEh.exe

C:\Windows\System\ZPlVdEh.exe

C:\Windows\System\rRbzXIJ.exe

C:\Windows\System\rRbzXIJ.exe

C:\Windows\System\nAiXNRV.exe

C:\Windows\System\nAiXNRV.exe

C:\Windows\System\xKDnRrk.exe

C:\Windows\System\xKDnRrk.exe

C:\Windows\System\vmIwSgm.exe

C:\Windows\System\vmIwSgm.exe

C:\Windows\System\VRafPHF.exe

C:\Windows\System\VRafPHF.exe

C:\Windows\System\TCkzfuO.exe

C:\Windows\System\TCkzfuO.exe

C:\Windows\System\wTewUBD.exe

C:\Windows\System\wTewUBD.exe

C:\Windows\System\oEcFxbY.exe

C:\Windows\System\oEcFxbY.exe

C:\Windows\System\RsEDWoi.exe

C:\Windows\System\RsEDWoi.exe

C:\Windows\System\FwIxHPT.exe

C:\Windows\System\FwIxHPT.exe

C:\Windows\System\JAjQJvb.exe

C:\Windows\System\JAjQJvb.exe

C:\Windows\System\hDFwEKi.exe

C:\Windows\System\hDFwEKi.exe

C:\Windows\System\izKTBSK.exe

C:\Windows\System\izKTBSK.exe

C:\Windows\System\wSTWhvU.exe

C:\Windows\System\wSTWhvU.exe

C:\Windows\System\xJBrNvn.exe

C:\Windows\System\xJBrNvn.exe

C:\Windows\System\lMXtIhI.exe

C:\Windows\System\lMXtIhI.exe

C:\Windows\System\yNkRtJn.exe

C:\Windows\System\yNkRtJn.exe

C:\Windows\System\NxYqrqp.exe

C:\Windows\System\NxYqrqp.exe

C:\Windows\System\ssqemYw.exe

C:\Windows\System\ssqemYw.exe

C:\Windows\System\DypDKVh.exe

C:\Windows\System\DypDKVh.exe

C:\Windows\System\vKRbUXQ.exe

C:\Windows\System\vKRbUXQ.exe

C:\Windows\System\pwfUOsU.exe

C:\Windows\System\pwfUOsU.exe

C:\Windows\System\UXxFRHb.exe

C:\Windows\System\UXxFRHb.exe

C:\Windows\System\qQyKRGS.exe

C:\Windows\System\qQyKRGS.exe

C:\Windows\System\eZLJwcx.exe

C:\Windows\System\eZLJwcx.exe

C:\Windows\System\nTHAMhb.exe

C:\Windows\System\nTHAMhb.exe

C:\Windows\System\yVFqFzo.exe

C:\Windows\System\yVFqFzo.exe

C:\Windows\System\kpEItRY.exe

C:\Windows\System\kpEItRY.exe

C:\Windows\System\yNhmkaq.exe

C:\Windows\System\yNhmkaq.exe

C:\Windows\System\yQhNznY.exe

C:\Windows\System\yQhNznY.exe

C:\Windows\System\gAobjtW.exe

C:\Windows\System\gAobjtW.exe

C:\Windows\System\ftKeyLt.exe

C:\Windows\System\ftKeyLt.exe

C:\Windows\System\wZHuQwT.exe

C:\Windows\System\wZHuQwT.exe

C:\Windows\System\JXQqCLU.exe

C:\Windows\System\JXQqCLU.exe

C:\Windows\System\ScRFbue.exe

C:\Windows\System\ScRFbue.exe

C:\Windows\System\FWzDZkA.exe

C:\Windows\System\FWzDZkA.exe

C:\Windows\System\HGttjhs.exe

C:\Windows\System\HGttjhs.exe

C:\Windows\System\usZZzjY.exe

C:\Windows\System\usZZzjY.exe

C:\Windows\System\rVkPJkz.exe

C:\Windows\System\rVkPJkz.exe

C:\Windows\System\AAOCuxu.exe

C:\Windows\System\AAOCuxu.exe

C:\Windows\System\LStaoab.exe

C:\Windows\System\LStaoab.exe

C:\Windows\System\gpYITlD.exe

C:\Windows\System\gpYITlD.exe

C:\Windows\System\KLpqxIB.exe

C:\Windows\System\KLpqxIB.exe

C:\Windows\System\bEWbuPg.exe

C:\Windows\System\bEWbuPg.exe

C:\Windows\System\znvfRbh.exe

C:\Windows\System\znvfRbh.exe

C:\Windows\System\KzwMYzS.exe

C:\Windows\System\KzwMYzS.exe

C:\Windows\System\ySODtsw.exe

C:\Windows\System\ySODtsw.exe

C:\Windows\System\LReklrv.exe

C:\Windows\System\LReklrv.exe

C:\Windows\System\AosvToP.exe

C:\Windows\System\AosvToP.exe

C:\Windows\System\ASopllB.exe

C:\Windows\System\ASopllB.exe

C:\Windows\System\SpGlpJj.exe

C:\Windows\System\SpGlpJj.exe

C:\Windows\System\emvGRMG.exe

C:\Windows\System\emvGRMG.exe

C:\Windows\System\uLKbYXn.exe

C:\Windows\System\uLKbYXn.exe

C:\Windows\System\qmarRWN.exe

C:\Windows\System\qmarRWN.exe

C:\Windows\System\HGaKSxF.exe

C:\Windows\System\HGaKSxF.exe

C:\Windows\System\HOjVfCi.exe

C:\Windows\System\HOjVfCi.exe

C:\Windows\System\FcNqbXh.exe

C:\Windows\System\FcNqbXh.exe

C:\Windows\System\bteWVvl.exe

C:\Windows\System\bteWVvl.exe

C:\Windows\System\AuFTGTm.exe

C:\Windows\System\AuFTGTm.exe

C:\Windows\System\ayBgUaI.exe

C:\Windows\System\ayBgUaI.exe

C:\Windows\System\hUqBHyQ.exe

C:\Windows\System\hUqBHyQ.exe

C:\Windows\System\RiHWfYB.exe

C:\Windows\System\RiHWfYB.exe

C:\Windows\System\blTclWL.exe

C:\Windows\System\blTclWL.exe

C:\Windows\System\AKTCyvv.exe

C:\Windows\System\AKTCyvv.exe

C:\Windows\System\gPoZwBj.exe

C:\Windows\System\gPoZwBj.exe

C:\Windows\System\GnHgidi.exe

C:\Windows\System\GnHgidi.exe

C:\Windows\System\olXDOLd.exe

C:\Windows\System\olXDOLd.exe

C:\Windows\System\PvckTsW.exe

C:\Windows\System\PvckTsW.exe

C:\Windows\System\DAUpkow.exe

C:\Windows\System\DAUpkow.exe

C:\Windows\System\KAnrdyq.exe

C:\Windows\System\KAnrdyq.exe

C:\Windows\System\ALzsWpi.exe

C:\Windows\System\ALzsWpi.exe

C:\Windows\System\HIRqlqD.exe

C:\Windows\System\HIRqlqD.exe

C:\Windows\System\kPxiaiu.exe

C:\Windows\System\kPxiaiu.exe

C:\Windows\System\jzrvjPz.exe

C:\Windows\System\jzrvjPz.exe

C:\Windows\System\Pvmtdyx.exe

C:\Windows\System\Pvmtdyx.exe

C:\Windows\System\sQxzsiB.exe

C:\Windows\System\sQxzsiB.exe

C:\Windows\System\FzhLfLT.exe

C:\Windows\System\FzhLfLT.exe

C:\Windows\System\TzukTlL.exe

C:\Windows\System\TzukTlL.exe

C:\Windows\System\mmFXgfa.exe

C:\Windows\System\mmFXgfa.exe

C:\Windows\System\ebmSIjo.exe

C:\Windows\System\ebmSIjo.exe

C:\Windows\System\qGvoxxH.exe

C:\Windows\System\qGvoxxH.exe

C:\Windows\System\AmEqUKR.exe

C:\Windows\System\AmEqUKR.exe

C:\Windows\System\yiQvnVA.exe

C:\Windows\System\yiQvnVA.exe

C:\Windows\System\zznpCQA.exe

C:\Windows\System\zznpCQA.exe

C:\Windows\System\DWFssjR.exe

C:\Windows\System\DWFssjR.exe

C:\Windows\System\TVchgav.exe

C:\Windows\System\TVchgav.exe

C:\Windows\System\CWzmpQA.exe

C:\Windows\System\CWzmpQA.exe

C:\Windows\System\aMIFbzm.exe

C:\Windows\System\aMIFbzm.exe

C:\Windows\System\ZArCjBc.exe

C:\Windows\System\ZArCjBc.exe

C:\Windows\System\VyKDIfk.exe

C:\Windows\System\VyKDIfk.exe

C:\Windows\System\uEGidxV.exe

C:\Windows\System\uEGidxV.exe

C:\Windows\System\thWQkqA.exe

C:\Windows\System\thWQkqA.exe

C:\Windows\System\gWrGyAL.exe

C:\Windows\System\gWrGyAL.exe

C:\Windows\System\wpYFFgy.exe

C:\Windows\System\wpYFFgy.exe

C:\Windows\System\GOkjbNb.exe

C:\Windows\System\GOkjbNb.exe

C:\Windows\System\tPRXSKl.exe

C:\Windows\System\tPRXSKl.exe

C:\Windows\System\FbKZCrU.exe

C:\Windows\System\FbKZCrU.exe

C:\Windows\System\FDwYNSV.exe

C:\Windows\System\FDwYNSV.exe

C:\Windows\System\eBAvqtk.exe

C:\Windows\System\eBAvqtk.exe

C:\Windows\System\mdxcGWU.exe

C:\Windows\System\mdxcGWU.exe

C:\Windows\System\IFsHXjh.exe

C:\Windows\System\IFsHXjh.exe

C:\Windows\System\Ibydmhr.exe

C:\Windows\System\Ibydmhr.exe

C:\Windows\System\lAZGSvT.exe

C:\Windows\System\lAZGSvT.exe

C:\Windows\System\LimoYXW.exe

C:\Windows\System\LimoYXW.exe

C:\Windows\System\cgezaYX.exe

C:\Windows\System\cgezaYX.exe

C:\Windows\System\goROPeS.exe

C:\Windows\System\goROPeS.exe

C:\Windows\System\nlBPZIN.exe

C:\Windows\System\nlBPZIN.exe

C:\Windows\System\gwvdRKo.exe

C:\Windows\System\gwvdRKo.exe

C:\Windows\System\akxplTv.exe

C:\Windows\System\akxplTv.exe

C:\Windows\System\yGnlBxb.exe

C:\Windows\System\yGnlBxb.exe

C:\Windows\System\fXhYZab.exe

C:\Windows\System\fXhYZab.exe

C:\Windows\System\XQnRoCy.exe

C:\Windows\System\XQnRoCy.exe

C:\Windows\System\cFFfIpH.exe

C:\Windows\System\cFFfIpH.exe

C:\Windows\System\LEDDjdJ.exe

C:\Windows\System\LEDDjdJ.exe

C:\Windows\System\FPscMgQ.exe

C:\Windows\System\FPscMgQ.exe

C:\Windows\System\hLLVisz.exe

C:\Windows\System\hLLVisz.exe

C:\Windows\System\pqLkkIm.exe

C:\Windows\System\pqLkkIm.exe

C:\Windows\System\QAZewSI.exe

C:\Windows\System\QAZewSI.exe

C:\Windows\System\nDRydGf.exe

C:\Windows\System\nDRydGf.exe

C:\Windows\System\wYoqLaz.exe

C:\Windows\System\wYoqLaz.exe

C:\Windows\System\KSVKlIt.exe

C:\Windows\System\KSVKlIt.exe

C:\Windows\System\UeaNRlA.exe

C:\Windows\System\UeaNRlA.exe

C:\Windows\System\vdbjhhx.exe

C:\Windows\System\vdbjhhx.exe

C:\Windows\System\FhSvRiR.exe

C:\Windows\System\FhSvRiR.exe

C:\Windows\System\IHnsXXp.exe

C:\Windows\System\IHnsXXp.exe

C:\Windows\System\xttMMhV.exe

C:\Windows\System\xttMMhV.exe

C:\Windows\System\trhQmTG.exe

C:\Windows\System\trhQmTG.exe

C:\Windows\System\dXvcyKu.exe

C:\Windows\System\dXvcyKu.exe

C:\Windows\System\EqKxGGy.exe

C:\Windows\System\EqKxGGy.exe

C:\Windows\System\iVjUWaT.exe

C:\Windows\System\iVjUWaT.exe

C:\Windows\System\NwtovMP.exe

C:\Windows\System\NwtovMP.exe

C:\Windows\System\ozMOmMp.exe

C:\Windows\System\ozMOmMp.exe

C:\Windows\System\meNrZjz.exe

C:\Windows\System\meNrZjz.exe

C:\Windows\System\JIClZut.exe

C:\Windows\System\JIClZut.exe

C:\Windows\System\cpdSRkH.exe

C:\Windows\System\cpdSRkH.exe

C:\Windows\System\TcRyFHb.exe

C:\Windows\System\TcRyFHb.exe

C:\Windows\System\fMaWzgg.exe

C:\Windows\System\fMaWzgg.exe

C:\Windows\System\uepFLJB.exe

C:\Windows\System\uepFLJB.exe

C:\Windows\System\TpDlZGo.exe

C:\Windows\System\TpDlZGo.exe

C:\Windows\System\HPCYRwG.exe

C:\Windows\System\HPCYRwG.exe

C:\Windows\System\KuaTpKd.exe

C:\Windows\System\KuaTpKd.exe

C:\Windows\System\BdrDyiV.exe

C:\Windows\System\BdrDyiV.exe

C:\Windows\System\XnWlJRp.exe

C:\Windows\System\XnWlJRp.exe

C:\Windows\System\pJVXOCd.exe

C:\Windows\System\pJVXOCd.exe

C:\Windows\System\NZrpvEe.exe

C:\Windows\System\NZrpvEe.exe

C:\Windows\System\YZSekMZ.exe

C:\Windows\System\YZSekMZ.exe

C:\Windows\System\KCyrMGZ.exe

C:\Windows\System\KCyrMGZ.exe

C:\Windows\System\yihlktJ.exe

C:\Windows\System\yihlktJ.exe

C:\Windows\System\ttQFzhq.exe

C:\Windows\System\ttQFzhq.exe

C:\Windows\System\owdFsYM.exe

C:\Windows\System\owdFsYM.exe

C:\Windows\System\YqCJmMb.exe

C:\Windows\System\YqCJmMb.exe

C:\Windows\System\DvgDMKj.exe

C:\Windows\System\DvgDMKj.exe

C:\Windows\System\rNsRZeS.exe

C:\Windows\System\rNsRZeS.exe

C:\Windows\System\QvXuVJq.exe

C:\Windows\System\QvXuVJq.exe

C:\Windows\System\EPEWgYd.exe

C:\Windows\System\EPEWgYd.exe

C:\Windows\System\auXZEJr.exe

C:\Windows\System\auXZEJr.exe

C:\Windows\System\QDbesDo.exe

C:\Windows\System\QDbesDo.exe

C:\Windows\System\urjzlMQ.exe

C:\Windows\System\urjzlMQ.exe

C:\Windows\System\ElxMlrK.exe

C:\Windows\System\ElxMlrK.exe

C:\Windows\System\QJLdivu.exe

C:\Windows\System\QJLdivu.exe

C:\Windows\System\VPqqlGT.exe

C:\Windows\System\VPqqlGT.exe

C:\Windows\System\uznCbqr.exe

C:\Windows\System\uznCbqr.exe

C:\Windows\System\INOGlpy.exe

C:\Windows\System\INOGlpy.exe

C:\Windows\System\NYjDGAV.exe

C:\Windows\System\NYjDGAV.exe

C:\Windows\System\qCTJEyP.exe

C:\Windows\System\qCTJEyP.exe

C:\Windows\System\PbHcjTl.exe

C:\Windows\System\PbHcjTl.exe

C:\Windows\System\mgwUEeB.exe

C:\Windows\System\mgwUEeB.exe

C:\Windows\System\AfxTtaq.exe

C:\Windows\System\AfxTtaq.exe

C:\Windows\System\VDQfGFv.exe

C:\Windows\System\VDQfGFv.exe

C:\Windows\System\aqEAGou.exe

C:\Windows\System\aqEAGou.exe

C:\Windows\System\euskRky.exe

C:\Windows\System\euskRky.exe

C:\Windows\System\tWwhVMq.exe

C:\Windows\System\tWwhVMq.exe

C:\Windows\System\INdkwQe.exe

C:\Windows\System\INdkwQe.exe

C:\Windows\System\uCMrrmK.exe

C:\Windows\System\uCMrrmK.exe

C:\Windows\System\EmYXrGQ.exe

C:\Windows\System\EmYXrGQ.exe

C:\Windows\System\NOzObNZ.exe

C:\Windows\System\NOzObNZ.exe

C:\Windows\System\ngXavFA.exe

C:\Windows\System\ngXavFA.exe

C:\Windows\System\kZxGCxO.exe

C:\Windows\System\kZxGCxO.exe

C:\Windows\System\aFtyjYJ.exe

C:\Windows\System\aFtyjYJ.exe

C:\Windows\System\UywxxXU.exe

C:\Windows\System\UywxxXU.exe

C:\Windows\System\BVnBHuq.exe

C:\Windows\System\BVnBHuq.exe

C:\Windows\System\hgdqcJo.exe

C:\Windows\System\hgdqcJo.exe

C:\Windows\System\aKIYNFr.exe

C:\Windows\System\aKIYNFr.exe

C:\Windows\System\yALKHTU.exe

C:\Windows\System\yALKHTU.exe

C:\Windows\System\uJykOwU.exe

C:\Windows\System\uJykOwU.exe

C:\Windows\System\CfJYOIg.exe

C:\Windows\System\CfJYOIg.exe

C:\Windows\System\EjTHsBs.exe

C:\Windows\System\EjTHsBs.exe

C:\Windows\System\XBtMMtN.exe

C:\Windows\System\XBtMMtN.exe

C:\Windows\System\VCmmCNb.exe

C:\Windows\System\VCmmCNb.exe

C:\Windows\System\EeVJbIk.exe

C:\Windows\System\EeVJbIk.exe

C:\Windows\System\XbBfpHh.exe

C:\Windows\System\XbBfpHh.exe

C:\Windows\System\rYiWdbh.exe

C:\Windows\System\rYiWdbh.exe

C:\Windows\System\gWMziiF.exe

C:\Windows\System\gWMziiF.exe

C:\Windows\System\EOdsHJh.exe

C:\Windows\System\EOdsHJh.exe

C:\Windows\System\POTFsTh.exe

C:\Windows\System\POTFsTh.exe

C:\Windows\System\HvFHSyq.exe

C:\Windows\System\HvFHSyq.exe

C:\Windows\System\QbVVVSn.exe

C:\Windows\System\QbVVVSn.exe

C:\Windows\System\rUaVHwG.exe

C:\Windows\System\rUaVHwG.exe

C:\Windows\System\rXszaOf.exe

C:\Windows\System\rXszaOf.exe

C:\Windows\System\sCLDwEA.exe

C:\Windows\System\sCLDwEA.exe

C:\Windows\System\BxQBRBI.exe

C:\Windows\System\BxQBRBI.exe

C:\Windows\System\qYtfeLr.exe

C:\Windows\System\qYtfeLr.exe

C:\Windows\System\weXCZjH.exe

C:\Windows\System\weXCZjH.exe

C:\Windows\System\GnoMEyB.exe

C:\Windows\System\GnoMEyB.exe

C:\Windows\System\swezXCs.exe

C:\Windows\System\swezXCs.exe

C:\Windows\System\iATBjfd.exe

C:\Windows\System\iATBjfd.exe

C:\Windows\System\rnvBjPa.exe

C:\Windows\System\rnvBjPa.exe

C:\Windows\System\uXZcxym.exe

C:\Windows\System\uXZcxym.exe

C:\Windows\System\IQHhXNT.exe

C:\Windows\System\IQHhXNT.exe

C:\Windows\System\pMvaofS.exe

C:\Windows\System\pMvaofS.exe

C:\Windows\System\UqaUxhX.exe

C:\Windows\System\UqaUxhX.exe

C:\Windows\System\IBEDoqh.exe

C:\Windows\System\IBEDoqh.exe

C:\Windows\System\tydSPUA.exe

C:\Windows\System\tydSPUA.exe

C:\Windows\System\qgDiJQc.exe

C:\Windows\System\qgDiJQc.exe

C:\Windows\System\VXqSduc.exe

C:\Windows\System\VXqSduc.exe

C:\Windows\System\aZjOKKp.exe

C:\Windows\System\aZjOKKp.exe

C:\Windows\System\KHFiklS.exe

C:\Windows\System\KHFiklS.exe

C:\Windows\System\pHDxUVc.exe

C:\Windows\System\pHDxUVc.exe

C:\Windows\System\MgSyqNr.exe

C:\Windows\System\MgSyqNr.exe

C:\Windows\System\WRWNtAM.exe

C:\Windows\System\WRWNtAM.exe

C:\Windows\System\aXinpLe.exe

C:\Windows\System\aXinpLe.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

memory/904-0-0x00007FF7511A0000-0x00007FF7514F4000-memory.dmp

memory/904-1-0x0000018755C80000-0x0000018755C90000-memory.dmp

C:\Windows\System\aHBTZGW.exe

MD5 5b1e3cc457264b5cf86da422edd70bf4
SHA1 56e35a48656ffd6bb371fe4f8dc856ed60d12b5f
SHA256 a4b15a57e31dcb1b6da7b5c090ec997b6a8005399e2a4bcdc232f67cb7f4c841
SHA512 cc2b8de2b34d61560899f955d3a4c906f35774d6a59b23f9d29a7a7df0cb13711275539b0e21deb881e5d783d7d482001ee82174812fa0af165588d3049bf99f

memory/2612-13-0x00007FF745E90000-0x00007FF7461E4000-memory.dmp

C:\Windows\System\gMIbFKg.exe

MD5 f3eeaad296ef267ae4508f51a92fc2cd
SHA1 ce8c163ad4480df74bce80276f3a6f76c868c49a
SHA256 f621540358c8c6cb2b8a20383285ff655027709992da5425d473b2512665db03
SHA512 bd1bb4cff61c6f94831f7a845377e8ae34d60a23cc74fc27c0ed27a8cbf1398bb8e58f38ba56b59566c90df3116efbaec9f93577cabbf04ec0e36c4894e60ca8

C:\Windows\System\GXeizWL.exe

MD5 8a530f310a70032ca62baa454b4ff4b8
SHA1 aac5ba28fd0ecc08ad8d5ba076bb1c4d9e74a9cb
SHA256 2dec27aef17bfebea74e339e72f4103000b485fa6ce8c0784e8576a1bbf5945d
SHA512 57498350a2a71759502fe22bc0854467fae05ecc65fdaacff199b8b965e2026a2bf2a089493c0b8781c0b4cc5534bc99afb8348060f16a2d5447878c72e878c4

C:\Windows\System\HrNLTUJ.exe

MD5 02b6137325eda3f78711e7351d4ed8ba
SHA1 1a5b4a366c254491bb654dc981ee03877c6cc7e1
SHA256 72fd02033fa66a0eec59164eec6696d4a845429bcfaa1b4a0b3bef63e899a998
SHA512 5ba5bcc232955dc09bd5c5b38b8da47b46cd7c16a06e871861e42e08e0115b73242aef657f35e8b257130e8593100c693a3f685b011bd41fef3afbfc33763fb3

C:\Windows\System\BFWIjHa.exe

MD5 3370c6b8ed45ff1775ef018ee0ba2e84
SHA1 239fc614a585a2e97a39c24b22f084ea607ec9ef
SHA256 3f3cf21387c98b263d38b7f88d6bdd145030977110f776a4b45053b7bfd73e8a
SHA512 a92c1c8d5beca5735f84a9c4f022ad30e87505703b75a954bc2b8108aaf131a84918147228adce23110d91fb8abef9ab3b55760192d0e2363508e8b3bf679703

C:\Windows\System\wngmIsC.exe

MD5 ca338a07aa07725da6169fed9b131951
SHA1 14292031977309e9c945aa5ab00d47af863bff96
SHA256 389b7a635d80525fa906789d8796d81e7f25cb4c263ad940d1d484ce1eb3038d
SHA512 edcf5151ce69262173099f2b5c3bd7853b0cd5afa652b10c43f3d89b399e5d1e0efb1f6a959a93566731cc6f6422ce4b5d9d36bb631604c49575fa3d2c1af6b9

C:\Windows\System\yHLmZbC.exe

MD5 3fce01f749197813ec4a84ce36f9778f
SHA1 9cd659cc0ff39cb424beee2fffda7bf6ac3c842f
SHA256 7eaa4c6b2ad492d0d1914f2dc6941b3c6c5f8cb97b41a23361a8d4e375732b6e
SHA512 b9310d3bd6b064cfde785d68f2432ce60a4da57873cf1d5044f832128c2abfb3586ea4b754d93dd840eb5bdbac5c3c141a1fb53d3cfd3291c899c72d8eb6df0d

memory/5056-51-0x00007FF733250000-0x00007FF7335A4000-memory.dmp

memory/4880-49-0x00007FF62FDF0000-0x00007FF630144000-memory.dmp

memory/1372-43-0x00007FF7D62E0000-0x00007FF7D6634000-memory.dmp

memory/2296-42-0x00007FF70AA60000-0x00007FF70ADB4000-memory.dmp

memory/2464-38-0x00007FF67BD20000-0x00007FF67C074000-memory.dmp

memory/2904-34-0x00007FF733FD0000-0x00007FF734324000-memory.dmp

memory/1020-28-0x00007FF6D3360000-0x00007FF6D36B4000-memory.dmp

C:\Windows\System\wkViViv.exe

MD5 b29d316560aee83ed62b7728dfab07cf
SHA1 c2847d57d3bbf348a2db19e859371c38c9165a23
SHA256 2b894be53fade117fd831f419869f5a1d5cf00e454d013cf13e160753b18ea90
SHA512 8169a7b0c8410b1527b6eb90c521334fb33f1b2e209c70c28189b189fcf6472b66df1f77d69492c2e1f8a381da09a79babf8c64e3419f7eb2b09ffd2ecad0dc6

memory/4416-17-0x00007FF77D7B0000-0x00007FF77DB04000-memory.dmp

C:\Windows\System\TBNapjb.exe

MD5 74edb60fb0cf21a0579bb9ef06a45e52
SHA1 3d03f58dbcfd0a4835d0d47a0d110c7b99655b26
SHA256 37fd7fe344a6543653ee45cc3c6c534d1ec13337437e9b2b650413aab59d6823
SHA512 2f4b93c3d5327ece856e4e0accda53ccc4d72b8687c43a18d6a74b92227b2289de145250cd3839aaed256613e84e431426ce946cb4bf34ece1887fdb4b6c9a88

C:\Windows\System\DkrSjJd.exe

MD5 b5e3ef8d99059be8e2d27cc66bfa5b67
SHA1 8d7e0501da0550e9839ebf30f09c5b0c108246b2
SHA256 012da005dc25bcd0916565b4b0308b56dbff60a75fd3d7611d83bd16ff23c0ca
SHA512 c20b15321b0680a0c867033d931a5dc2f0356c8260b0807c89fccd3a9d9f18172a1f71fca86e317b56c49ea45245d8a1fa5c43bd4c4c3a3603c52e3029a4bb44

C:\Windows\System\srKcELN.exe

MD5 dc0acd0afb2d96c5be21857ede6ac39d
SHA1 57a4fd92f0138e59f468db6dc9af6b39b79d28c4
SHA256 6ff9a8f6745f946c55ff02ea661c29e8c383584f02f99625e7968fdd80974d47
SHA512 6954cb7155a4598c1b0830a3a407e3629abc8128ac7671618d52e2fb1439fc03ae0937ef43b0643be280040061e96cffaec0e922a880e57266bada0819ee6e82

C:\Windows\System\jpsPCmm.exe

MD5 2976881c7ec475cfa0eb0b433e69558d
SHA1 b97b83dc2e501e4f42aa79b0568ea8c752451a43
SHA256 2ad44789c59b1f8dc8b7c1119d7be30267d55d837c775f7f4fcd67c0f9362bbf
SHA512 1e48b07f3851fa257f830481d3993a42c91f3e6f87b6fe9cc26b76239c57c7f2771d13ff486a4527357eec35c35c7d96e85b070065df1e711220a797d7ce2f2b

C:\Windows\System\PexRWdV.exe

MD5 aca7bd91e198ef10afea4a44a6aefb4d
SHA1 b072ae8bb507d741cb23c8ca09d636599d287a83
SHA256 4012380f10e730c7a5c029612764c55b56e92b6fff566eef2fa08709419feb25
SHA512 639140a6a337f854f52dc028367fa37b9dee6c8a8c230d3be7ded825893f40455e2bb58a1019db4910f09f2e561661bb4adc60c12b76b60eb7c2f9ecad892384

C:\Windows\System\OvWnSyT.exe

MD5 dabd9434de13bd20b70164b3693712c1
SHA1 845a1de600dff5ed0f78b19ee05136ce7f632d5b
SHA256 7d90a93378431b6794475bd94be417affe47888d5ba492c07b1b870567d974c5
SHA512 0406dd491c6ce9305554b8198c6a44bdda8ffb364d9035238c528cffacfbfdefcb63a7627fd0469736e74ad603ccfe938e805385f06670174ed9f50550300fdf

C:\Windows\System\TfqFQkU.exe

MD5 0b83b6331a26417b7a60903466e8622c
SHA1 e081d048f9058932531b1a0447a956e46a40e849
SHA256 ee1998ffec012e38853f654588087821fb608490a478c3dc58e1ae8d1a6c244d
SHA512 854b2cac8adacd4907849b105abe70be78cc0559946979ad34269e9610629fdeb20c3a98d229bf323e1ac43b9a7d574c4551f9271e524454c173c4285429d517

memory/3312-79-0x00007FF6062F0000-0x00007FF606644000-memory.dmp

memory/4816-74-0x00007FF71EAC0000-0x00007FF71EE14000-memory.dmp

memory/544-68-0x00007FF7ECAE0000-0x00007FF7ECE34000-memory.dmp

memory/5080-91-0x00007FF7E7F50000-0x00007FF7E82A4000-memory.dmp

memory/460-90-0x00007FF7DB250000-0x00007FF7DB5A4000-memory.dmp

memory/904-92-0x00007FF7511A0000-0x00007FF7514F4000-memory.dmp

memory/2712-93-0x00007FF619680000-0x00007FF6199D4000-memory.dmp

memory/1020-94-0x00007FF6D3360000-0x00007FF6D36B4000-memory.dmp

C:\Windows\System\TuthNcJ.exe

MD5 37faa53af7a2060305d04504fb58b66a
SHA1 87cd5c3163084a037c0359322e146a659f2e033d
SHA256 2bb03bd9717153214a915a6b89772399fc9ec85303b2c065ec51c41f35103c7f
SHA512 c2cd96af6c1fdae7f4c374b5ed483d3436e59727a6a8584622298cc35a353e817645811aa13863cda92a3cef7d9a6e2d8ddf948d37f8d4ac2b182fae9296354a

C:\Windows\System\dgPsLvb.exe

MD5 ce8c47dd3cfa1df935081ef78f8d773a
SHA1 73987bf54a0a9ad6142193b3ced429b3ef02bff8
SHA256 e72c19d6a12cea5493b061ebf09e8fbb6c81092be1e4449e0c6d1ed582c0c2bb
SHA512 4a96eed52721aad40aeca3f115034fc7c3c261051932bc67306e0ca37c4745cd0d2a0a5f25e90da9073880e99576111e2cff2a5d6df381563f7ea3d5e0560fbb

C:\Windows\System\aYdtbNS.exe

MD5 58ef94a2622ba96c01cb7462f67e2d1b
SHA1 c3ae9da462e37fb9dbb78c0969f43a3b2f4c68f5
SHA256 29b030714c01b5dd2a203f27c39a73b0c59520debf6b2936ec60baa6f1559f16
SHA512 78326c46ce5e09e4ea0570e474d03bb1f25cea8549a78d4290cc9941e578243d71c4a5f00f5f76d0006e80b57be83be5c6a2ef34b736f87db37f72ece17f856b

memory/3924-117-0x00007FF75B110000-0x00007FF75B464000-memory.dmp

C:\Windows\System\EOjdlOo.exe

MD5 c15dd5150d699766033c045aaa8c88d0
SHA1 2bfe2b864f26e5d20d68807afb3cfb14e36ebfb6
SHA256 10760ea1c265a3f47e4fa32528a7fdd032aa906f0088f3bdf339a3b090004354
SHA512 5819d4c162ed38827c25add9ee8150cc5aaf50e2cbb3a22c3d704fc55b081b1ef86a9b5eb72b87e11f74d40f9a9c2f88e877ec84d4b3af490e07e079cfdda1c2

C:\Windows\System\IapxNwJ.exe

MD5 a1af0a00c356a8d76392485ecff3c4de
SHA1 acd0aa9aed47708a56d62c47c41a89ecf7a950a7
SHA256 bc7929634d65866d122cc525cb88baf0ebb445f7fc9ca9120dbcbf7a5de805ca
SHA512 eb7c1cf6c7b15dc0ef29770af5420ad291631c7789f08493b646c598e03ec5b3d43cb9eacf7673d81d0fe31c1c75093f5c22ed1387a4def8e26673c334be138f

C:\Windows\System\QFSDLOI.exe

MD5 9a8cc228944db322b386cbab8ca42f9d
SHA1 ea001194d70ed150edbf221d7d8e10e3893d9db7
SHA256 c251308a74d1bc577f564a271936ad05eae6ba857c3b48523fdd304ca6a69a5d
SHA512 ce2cd8733ca21bd2e413c59c05f0e107a9999537ddf827506e631277b4a396d7fe1721f65057afae3b3381a99b75d9abcab4f66f9071199bf562a1e3e99b5d67

memory/2084-123-0x00007FF6A73B0000-0x00007FF6A7704000-memory.dmp

memory/632-105-0x00007FF703180000-0x00007FF7034D4000-memory.dmp

memory/4416-101-0x00007FF77D7B0000-0x00007FF77DB04000-memory.dmp

C:\Windows\System\jjHLfkp.exe

MD5 ff48499a5bbaa7d61e8e82639f30d42d
SHA1 a36153cdad97ee66575d1ebb9ac870ece20f1243
SHA256 eb886d90a942fd3db7f290f1ebac7443e2989c9b8386fa07cc5c44aeaab64c3a
SHA512 d5cfbbb44d7c267941dbefb174f2e008b9a60110a526084a91a4f276ce423f3122f1760972e080ddc73356777d029d0a50381e7c815ca056223fe73453104f32

C:\Windows\System\AsXsxfp.exe

MD5 843ebb7a02453eba2053f9f3b6c1e708
SHA1 56f6f3330f820329541bf556ad26b0179ae64cd8
SHA256 3b15cd3d9a5648202402a7bdb24dc076a7bd29a0216b092e222615f00e66121c
SHA512 046404c37b9d107c2cd01a0e6e02b43c8cbacb122281a8bf93806f32b8572767be0d28200320154a3b5873f3bab598833fad35432570a33d3cd373bfecb1cb65

C:\Windows\System\bHSJumz.exe

MD5 f70ae04c622c8004972704afd9813160
SHA1 561161a81aaf3301d57a135567e34983bd412179
SHA256 025e95953f85a179f4f1e4c0cde12ac10d55523441ffd4ee30cbde9374a0bbb1
SHA512 86053a512ebd6b3a6fe2ea34ffda7ac3480149dac8d7f30a045f1c035bc4dec550c4126652efd19c45eae969473c0c093d5bd4059d682e203492b32556ff9feb

C:\Windows\System\ealTnOS.exe

MD5 ff3040f80b87e67f53facbffdcd590a3
SHA1 92a59736c335c60e9e5db72c3fd6adac046e8c73
SHA256 149e687bdc16932d99d7fe047c446938138a3365df303a016a141eab816b0ac6
SHA512 8f14dfa250fb2cecf73f5cf7bc3c98fc67a7aa8764a20750e3b7f85bc6a7cab46dd8832a8ca77ffca6885cad49dd19949c6b89e5ff6d682a5360b006f5b6e9a5

C:\Windows\System\kezqzcC.exe

MD5 4a27c69ae085989ed7eae127713751c3
SHA1 18d7f996845c17c216046767785da69f9a17b9da
SHA256 05f9fc2c24cecfb72a767557587e52c33e5765f3db9fe59947f0c12e22421bbb
SHA512 16eb3984c0100b526ae95c676683ecd2000420e7f4b7d8a80735a43d969c15c1bd6f5cba4c1c6d608afe8dfb5ba9a98aecaa7a08f9aa83fafb091a1db5dd413f

C:\Windows\System\RpOlxUB.exe

MD5 79a35eb521822badd6640c952b39fafa
SHA1 90c0045c40ec0b71762fbf141d58a1c534d514a4
SHA256 9e23e2b9b58aac2d62ee0eb875695aa7b0d8db34c8f1786a33a1771f6e42941a
SHA512 646f6cf81aa8ba494701b9ac8a7ed50fcd49ff8dcde42f168707da191cec26d341acf7fe73937b360c3f68ef64d1646c0acde8b29ee2de64f885b9767051e02f

C:\Windows\System\aLjkGHg.exe

MD5 03ae9f59d89b3cb79ac5f92f593c4f43
SHA1 ddd155f5a76271c58e5554acc766fc2169da7baf
SHA256 75f060e761ef6ed391f0c2245b345b5cbf586a39a9f88d5d6f2ba9900709fd76
SHA512 2db062f19849c3a623b5ae2b086a0d7799051a283110aa8664398f007a94aa2a6c91fbc123f546539b2ca06364f9cdf40efd5e027889ca14eff910ae604c89a3

C:\Windows\System\eHOxpuW.exe

MD5 dca048db10746dde0d5b0c4115760201
SHA1 294b5fee80743c9b61595e1bb94158490bd1c3e9
SHA256 51f9acaa0e2cd75ae01c64555fe4319435f713f3a6f6df3a42e100ff2dbf9df4
SHA512 2ecdaf17fd4591fd9f1114b791961f5a6baf2aa2546ea37f9891348a67e0de9fe6245743d5a1dd428297295f5f3ee4399c3e4b795fc779d5becab50cf081bcc0

C:\Windows\System\PBNADlO.exe

MD5 12c8176637b48454f439c97a06e7d75a
SHA1 c787e4a9aa66bd3b2dce2481f14708b60440568f
SHA256 2b8b7d3e8ff502073e9ccaa352114469cc311f5cd27de2caa669496692b7089d
SHA512 12343a6e59b1a32977d3e51fc63f2a3af4117b8988503cc8109bdd9d208ca406e5aa096e0ca2711a6d29fbae99fa58e554af73d788fcb86209142090baacc04e

C:\Windows\System\oMmpOVA.exe

MD5 f0f0d96b3646ba45e1479a34537116cd
SHA1 2ca4f897064ef4313d93b7cfefa767beb4475e65
SHA256 c19539056faeef11203c442d3a0b7a54ccb9550d97db66289bc0273bf5b416f2
SHA512 1705780f3a373be81817e3a40712c152048460343a82c935803d477e447fc921216ed7f6b1d160c8145033e69eeac07627f178f542c0ef4259b3a5d03c408361

C:\Windows\System\rtoLeeR.exe

MD5 e759ab5dd8a64563b8153bc4c391a3a3
SHA1 44185cb2f8d8c36c225c85b79772478c7035161f
SHA256 cbc084e483a3fae07edf371315e16c6ab9a41233020d8e0c83eb889a718ee935
SHA512 4d15bc066fd62bd76f3301f169064df10666a71dc8b5452e9ca468f2297dd4a7e942bbc0b38715478b544a3a981f7fe853e6a5bf2f37f2318d0daddff5db87d7

memory/4036-400-0x00007FF615AE0000-0x00007FF615E34000-memory.dmp

memory/4080-407-0x00007FF6E54F0000-0x00007FF6E5844000-memory.dmp

memory/4560-428-0x00007FF6A2820000-0x00007FF6A2B74000-memory.dmp

memory/4492-445-0x00007FF735100000-0x00007FF735454000-memory.dmp

memory/4712-442-0x00007FF6AD7A0000-0x00007FF6ADAF4000-memory.dmp

memory/2316-431-0x00007FF72A9E0000-0x00007FF72AD34000-memory.dmp

memory/1400-423-0x00007FF602010000-0x00007FF602364000-memory.dmp

memory/4020-415-0x00007FF631CE0000-0x00007FF632034000-memory.dmp

memory/1136-401-0x00007FF626D20000-0x00007FF627074000-memory.dmp

C:\Windows\System\ZgiigBd.exe

MD5 fc7b5cd6f1b62b3f31995502ec5840f7
SHA1 24a8934c5f51b7a8046323b527e244bc311e3376
SHA256 6366002499215474566358505d3432c52d958a1a945071366342319f04c1bc68
SHA512 dad7227e431ec40bd8f05b35b8ee04b37107d2fd670dd107edb8667b644818b6d40235186c9cf319fb31729e0e8e9e2b153df8b951f79c87bf7fedeed5a0f177

memory/844-458-0x00007FF6B4A00000-0x00007FF6B4D54000-memory.dmp

memory/4336-452-0x00007FF71F240000-0x00007FF71F594000-memory.dmp

memory/1372-449-0x00007FF7D62E0000-0x00007FF7D6634000-memory.dmp

memory/2296-971-0x00007FF70AA60000-0x00007FF70ADB4000-memory.dmp

memory/4880-977-0x00007FF62FDF0000-0x00007FF630144000-memory.dmp

memory/5056-1075-0x00007FF733250000-0x00007FF7335A4000-memory.dmp

memory/4816-1076-0x00007FF71EAC0000-0x00007FF71EE14000-memory.dmp

memory/3312-1077-0x00007FF6062F0000-0x00007FF606644000-memory.dmp

memory/460-1078-0x00007FF7DB250000-0x00007FF7DB5A4000-memory.dmp

memory/632-1079-0x00007FF703180000-0x00007FF7034D4000-memory.dmp

memory/2612-1080-0x00007FF745E90000-0x00007FF7461E4000-memory.dmp

memory/2904-1081-0x00007FF733FD0000-0x00007FF734324000-memory.dmp

memory/4416-1082-0x00007FF77D7B0000-0x00007FF77DB04000-memory.dmp

memory/1020-1083-0x00007FF6D3360000-0x00007FF6D36B4000-memory.dmp

memory/2296-1085-0x00007FF70AA60000-0x00007FF70ADB4000-memory.dmp

memory/2464-1084-0x00007FF67BD20000-0x00007FF67C074000-memory.dmp

memory/5056-1088-0x00007FF733250000-0x00007FF7335A4000-memory.dmp

memory/1372-1087-0x00007FF7D62E0000-0x00007FF7D6634000-memory.dmp

memory/4880-1086-0x00007FF62FDF0000-0x00007FF630144000-memory.dmp

memory/544-1089-0x00007FF7ECAE0000-0x00007FF7ECE34000-memory.dmp

memory/4816-1090-0x00007FF71EAC0000-0x00007FF71EE14000-memory.dmp

memory/3312-1091-0x00007FF6062F0000-0x00007FF606644000-memory.dmp

memory/5080-1093-0x00007FF7E7F50000-0x00007FF7E82A4000-memory.dmp

memory/2712-1092-0x00007FF619680000-0x00007FF6199D4000-memory.dmp

memory/460-1094-0x00007FF7DB250000-0x00007FF7DB5A4000-memory.dmp

memory/632-1095-0x00007FF703180000-0x00007FF7034D4000-memory.dmp

memory/2084-1096-0x00007FF6A73B0000-0x00007FF6A7704000-memory.dmp

memory/3924-1097-0x00007FF75B110000-0x00007FF75B464000-memory.dmp

memory/4036-1099-0x00007FF615AE0000-0x00007FF615E34000-memory.dmp

memory/4336-1098-0x00007FF71F240000-0x00007FF71F594000-memory.dmp

memory/844-1100-0x00007FF6B4A00000-0x00007FF6B4D54000-memory.dmp

memory/1136-1101-0x00007FF626D20000-0x00007FF627074000-memory.dmp

memory/4080-1102-0x00007FF6E54F0000-0x00007FF6E5844000-memory.dmp

memory/4020-1103-0x00007FF631CE0000-0x00007FF632034000-memory.dmp

memory/1400-1104-0x00007FF602010000-0x00007FF602364000-memory.dmp

memory/2316-1106-0x00007FF72A9E0000-0x00007FF72AD34000-memory.dmp

memory/4712-1108-0x00007FF6AD7A0000-0x00007FF6ADAF4000-memory.dmp

memory/4492-1107-0x00007FF735100000-0x00007FF735454000-memory.dmp

memory/4560-1105-0x00007FF6A2820000-0x00007FF6A2B74000-memory.dmp