Malware Analysis Report

2024-10-10 08:52

Sample ID 240604-2yhecafb45
Target 13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe
SHA256 ae0d8d3f73276e932b06bf418369592847efc5584ab9c2a0f7f4ca042c2f9100
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ae0d8d3f73276e932b06bf418369592847efc5584ab9c2a0f7f4ca042c2f9100

Threat Level: Known bad

The file 13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

xmrig

KPOT

Kpot family

XMRig Miner payload

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 22:59

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 22:59

Reported

2024-06-04 23:01

Platform

win7-20240221-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pmruzYh.exe N/A
N/A N/A C:\Windows\System\kZkSbex.exe N/A
N/A N/A C:\Windows\System\sjgCuKx.exe N/A
N/A N/A C:\Windows\System\rcfFDvP.exe N/A
N/A N/A C:\Windows\System\NdhfQJp.exe N/A
N/A N/A C:\Windows\System\PASZdHq.exe N/A
N/A N/A C:\Windows\System\pUIytxI.exe N/A
N/A N/A C:\Windows\System\zkUsuGA.exe N/A
N/A N/A C:\Windows\System\QvjFcot.exe N/A
N/A N/A C:\Windows\System\RiuvukK.exe N/A
N/A N/A C:\Windows\System\hmeNroZ.exe N/A
N/A N/A C:\Windows\System\HPDWVDN.exe N/A
N/A N/A C:\Windows\System\crMiXUS.exe N/A
N/A N/A C:\Windows\System\wNkKbke.exe N/A
N/A N/A C:\Windows\System\INIIreQ.exe N/A
N/A N/A C:\Windows\System\NsPbwfO.exe N/A
N/A N/A C:\Windows\System\wmDBPLB.exe N/A
N/A N/A C:\Windows\System\taHTKrt.exe N/A
N/A N/A C:\Windows\System\VqtFPdw.exe N/A
N/A N/A C:\Windows\System\QSWTVkX.exe N/A
N/A N/A C:\Windows\System\wqakoZA.exe N/A
N/A N/A C:\Windows\System\fExjUKT.exe N/A
N/A N/A C:\Windows\System\DqeVKyo.exe N/A
N/A N/A C:\Windows\System\BllYOMX.exe N/A
N/A N/A C:\Windows\System\DFwzqot.exe N/A
N/A N/A C:\Windows\System\IDTZkxQ.exe N/A
N/A N/A C:\Windows\System\GQTbzvc.exe N/A
N/A N/A C:\Windows\System\IwIsfTa.exe N/A
N/A N/A C:\Windows\System\wDxMkUs.exe N/A
N/A N/A C:\Windows\System\wHUmnBy.exe N/A
N/A N/A C:\Windows\System\VsmLKXU.exe N/A
N/A N/A C:\Windows\System\eYkmuNx.exe N/A
N/A N/A C:\Windows\System\IoyZRAm.exe N/A
N/A N/A C:\Windows\System\HoYDbmd.exe N/A
N/A N/A C:\Windows\System\qfqkYvJ.exe N/A
N/A N/A C:\Windows\System\eOyjGGp.exe N/A
N/A N/A C:\Windows\System\xQlpLuE.exe N/A
N/A N/A C:\Windows\System\ajUneLQ.exe N/A
N/A N/A C:\Windows\System\sqSakjs.exe N/A
N/A N/A C:\Windows\System\TZHrPCq.exe N/A
N/A N/A C:\Windows\System\KHDSvbU.exe N/A
N/A N/A C:\Windows\System\xQRgVqw.exe N/A
N/A N/A C:\Windows\System\iInZzdr.exe N/A
N/A N/A C:\Windows\System\CrHDnwi.exe N/A
N/A N/A C:\Windows\System\iKMszgb.exe N/A
N/A N/A C:\Windows\System\MtLCmgQ.exe N/A
N/A N/A C:\Windows\System\hfUpIeg.exe N/A
N/A N/A C:\Windows\System\UhhICZO.exe N/A
N/A N/A C:\Windows\System\wfUpVYA.exe N/A
N/A N/A C:\Windows\System\whKVspL.exe N/A
N/A N/A C:\Windows\System\ZsTFUdf.exe N/A
N/A N/A C:\Windows\System\xwxnBFR.exe N/A
N/A N/A C:\Windows\System\FBnrWnD.exe N/A
N/A N/A C:\Windows\System\jyEWJEn.exe N/A
N/A N/A C:\Windows\System\jolHnmF.exe N/A
N/A N/A C:\Windows\System\JumocGn.exe N/A
N/A N/A C:\Windows\System\vHesVGk.exe N/A
N/A N/A C:\Windows\System\fMoVioy.exe N/A
N/A N/A C:\Windows\System\vFbVNpt.exe N/A
N/A N/A C:\Windows\System\WNmdRry.exe N/A
N/A N/A C:\Windows\System\iuSDeFo.exe N/A
N/A N/A C:\Windows\System\sPAMopt.exe N/A
N/A N/A C:\Windows\System\LmpiknX.exe N/A
N/A N/A C:\Windows\System\DoarIoy.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\pmruzYh.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gZcRjnc.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZLwNwZ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLhOAdI.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezPIyAX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSuXBMZ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\eQwlZiV.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmPciXy.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\jolHnmF.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\maLfsRX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNlSLXX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\vAPXieX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmDBPLB.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDTZkxQ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sPAMopt.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqtIoTU.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\KSMZmiw.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQPvMKu.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\CXpmwwB.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDQItsc.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtumUzW.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HyciNeV.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\dBOUxDL.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QTfdJIE.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\jOCOdLT.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SIDKGry.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rSOpRmN.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsPbwfO.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\phvJUBu.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\AnyLJBV.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFOOSXH.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqeVKyo.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\udAuWVZ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gNDKHGW.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNkKbke.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\iuSDeFo.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SrmAUdW.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvjFcot.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWKqYDa.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTBZZra.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVabHpH.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNyAtzd.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijMffGx.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\kczOpVI.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\YPhHeqU.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wqakoZA.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFxfPyf.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DWAOClp.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSDRVBX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wzUksMv.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCTtehI.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IYWZtTX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\cowtHYL.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BllYOMX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwIsfTa.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\qfqkYvJ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\whKVspL.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SeKDVVW.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDpPgDA.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCRuZUB.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\bvzjuvI.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\mgGoMSJ.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQWUAhU.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\MPwyPvf.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2820 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pmruzYh.exe
PID 2820 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pmruzYh.exe
PID 2820 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pmruzYh.exe
PID 2820 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\kZkSbex.exe
PID 2820 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\kZkSbex.exe
PID 2820 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\kZkSbex.exe
PID 2820 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\sjgCuKx.exe
PID 2820 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\sjgCuKx.exe
PID 2820 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\sjgCuKx.exe
PID 2820 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\rcfFDvP.exe
PID 2820 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\rcfFDvP.exe
PID 2820 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\rcfFDvP.exe
PID 2820 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NdhfQJp.exe
PID 2820 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NdhfQJp.exe
PID 2820 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NdhfQJp.exe
PID 2820 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\PASZdHq.exe
PID 2820 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\PASZdHq.exe
PID 2820 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\PASZdHq.exe
PID 2820 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pUIytxI.exe
PID 2820 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pUIytxI.exe
PID 2820 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\pUIytxI.exe
PID 2820 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zkUsuGA.exe
PID 2820 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zkUsuGA.exe
PID 2820 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zkUsuGA.exe
PID 2820 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QvjFcot.exe
PID 2820 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QvjFcot.exe
PID 2820 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QvjFcot.exe
PID 2820 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\RiuvukK.exe
PID 2820 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\RiuvukK.exe
PID 2820 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\RiuvukK.exe
PID 2820 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\hmeNroZ.exe
PID 2820 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\hmeNroZ.exe
PID 2820 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\hmeNroZ.exe
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HPDWVDN.exe
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HPDWVDN.exe
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HPDWVDN.exe
PID 2820 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\crMiXUS.exe
PID 2820 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\crMiXUS.exe
PID 2820 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\crMiXUS.exe
PID 2820 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wNkKbke.exe
PID 2820 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wNkKbke.exe
PID 2820 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wNkKbke.exe
PID 2820 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\INIIreQ.exe
PID 2820 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\INIIreQ.exe
PID 2820 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\INIIreQ.exe
PID 2820 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NsPbwfO.exe
PID 2820 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NsPbwfO.exe
PID 2820 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\NsPbwfO.exe
PID 2820 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wmDBPLB.exe
PID 2820 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wmDBPLB.exe
PID 2820 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wmDBPLB.exe
PID 2820 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\taHTKrt.exe
PID 2820 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\taHTKrt.exe
PID 2820 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\taHTKrt.exe
PID 2820 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\VqtFPdw.exe
PID 2820 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\VqtFPdw.exe
PID 2820 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\VqtFPdw.exe
PID 2820 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QSWTVkX.exe
PID 2820 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QSWTVkX.exe
PID 2820 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\QSWTVkX.exe
PID 2820 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wqakoZA.exe
PID 2820 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wqakoZA.exe
PID 2820 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\wqakoZA.exe
PID 2820 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\fExjUKT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe"

C:\Windows\System\pmruzYh.exe

C:\Windows\System\pmruzYh.exe

C:\Windows\System\kZkSbex.exe

C:\Windows\System\kZkSbex.exe

C:\Windows\System\sjgCuKx.exe

C:\Windows\System\sjgCuKx.exe

C:\Windows\System\rcfFDvP.exe

C:\Windows\System\rcfFDvP.exe

C:\Windows\System\NdhfQJp.exe

C:\Windows\System\NdhfQJp.exe

C:\Windows\System\PASZdHq.exe

C:\Windows\System\PASZdHq.exe

C:\Windows\System\pUIytxI.exe

C:\Windows\System\pUIytxI.exe

C:\Windows\System\zkUsuGA.exe

C:\Windows\System\zkUsuGA.exe

C:\Windows\System\QvjFcot.exe

C:\Windows\System\QvjFcot.exe

C:\Windows\System\RiuvukK.exe

C:\Windows\System\RiuvukK.exe

C:\Windows\System\hmeNroZ.exe

C:\Windows\System\hmeNroZ.exe

C:\Windows\System\HPDWVDN.exe

C:\Windows\System\HPDWVDN.exe

C:\Windows\System\crMiXUS.exe

C:\Windows\System\crMiXUS.exe

C:\Windows\System\wNkKbke.exe

C:\Windows\System\wNkKbke.exe

C:\Windows\System\INIIreQ.exe

C:\Windows\System\INIIreQ.exe

C:\Windows\System\NsPbwfO.exe

C:\Windows\System\NsPbwfO.exe

C:\Windows\System\wmDBPLB.exe

C:\Windows\System\wmDBPLB.exe

C:\Windows\System\taHTKrt.exe

C:\Windows\System\taHTKrt.exe

C:\Windows\System\VqtFPdw.exe

C:\Windows\System\VqtFPdw.exe

C:\Windows\System\QSWTVkX.exe

C:\Windows\System\QSWTVkX.exe

C:\Windows\System\wqakoZA.exe

C:\Windows\System\wqakoZA.exe

C:\Windows\System\fExjUKT.exe

C:\Windows\System\fExjUKT.exe

C:\Windows\System\DqeVKyo.exe

C:\Windows\System\DqeVKyo.exe

C:\Windows\System\BllYOMX.exe

C:\Windows\System\BllYOMX.exe

C:\Windows\System\DFwzqot.exe

C:\Windows\System\DFwzqot.exe

C:\Windows\System\IDTZkxQ.exe

C:\Windows\System\IDTZkxQ.exe

C:\Windows\System\GQTbzvc.exe

C:\Windows\System\GQTbzvc.exe

C:\Windows\System\IwIsfTa.exe

C:\Windows\System\IwIsfTa.exe

C:\Windows\System\wDxMkUs.exe

C:\Windows\System\wDxMkUs.exe

C:\Windows\System\wHUmnBy.exe

C:\Windows\System\wHUmnBy.exe

C:\Windows\System\VsmLKXU.exe

C:\Windows\System\VsmLKXU.exe

C:\Windows\System\eYkmuNx.exe

C:\Windows\System\eYkmuNx.exe

C:\Windows\System\IoyZRAm.exe

C:\Windows\System\IoyZRAm.exe

C:\Windows\System\HoYDbmd.exe

C:\Windows\System\HoYDbmd.exe

C:\Windows\System\qfqkYvJ.exe

C:\Windows\System\qfqkYvJ.exe

C:\Windows\System\eOyjGGp.exe

C:\Windows\System\eOyjGGp.exe

C:\Windows\System\xQlpLuE.exe

C:\Windows\System\xQlpLuE.exe

C:\Windows\System\ajUneLQ.exe

C:\Windows\System\ajUneLQ.exe

C:\Windows\System\sqSakjs.exe

C:\Windows\System\sqSakjs.exe

C:\Windows\System\TZHrPCq.exe

C:\Windows\System\TZHrPCq.exe

C:\Windows\System\KHDSvbU.exe

C:\Windows\System\KHDSvbU.exe

C:\Windows\System\xQRgVqw.exe

C:\Windows\System\xQRgVqw.exe

C:\Windows\System\iInZzdr.exe

C:\Windows\System\iInZzdr.exe

C:\Windows\System\CrHDnwi.exe

C:\Windows\System\CrHDnwi.exe

C:\Windows\System\iKMszgb.exe

C:\Windows\System\iKMszgb.exe

C:\Windows\System\MtLCmgQ.exe

C:\Windows\System\MtLCmgQ.exe

C:\Windows\System\hfUpIeg.exe

C:\Windows\System\hfUpIeg.exe

C:\Windows\System\UhhICZO.exe

C:\Windows\System\UhhICZO.exe

C:\Windows\System\wfUpVYA.exe

C:\Windows\System\wfUpVYA.exe

C:\Windows\System\whKVspL.exe

C:\Windows\System\whKVspL.exe

C:\Windows\System\ZsTFUdf.exe

C:\Windows\System\ZsTFUdf.exe

C:\Windows\System\xwxnBFR.exe

C:\Windows\System\xwxnBFR.exe

C:\Windows\System\FBnrWnD.exe

C:\Windows\System\FBnrWnD.exe

C:\Windows\System\jyEWJEn.exe

C:\Windows\System\jyEWJEn.exe

C:\Windows\System\jolHnmF.exe

C:\Windows\System\jolHnmF.exe

C:\Windows\System\JumocGn.exe

C:\Windows\System\JumocGn.exe

C:\Windows\System\vHesVGk.exe

C:\Windows\System\vHesVGk.exe

C:\Windows\System\fMoVioy.exe

C:\Windows\System\fMoVioy.exe

C:\Windows\System\vFbVNpt.exe

C:\Windows\System\vFbVNpt.exe

C:\Windows\System\WNmdRry.exe

C:\Windows\System\WNmdRry.exe

C:\Windows\System\iuSDeFo.exe

C:\Windows\System\iuSDeFo.exe

C:\Windows\System\sPAMopt.exe

C:\Windows\System\sPAMopt.exe

C:\Windows\System\LmpiknX.exe

C:\Windows\System\LmpiknX.exe

C:\Windows\System\DoarIoy.exe

C:\Windows\System\DoarIoy.exe

C:\Windows\System\XCmsbaZ.exe

C:\Windows\System\XCmsbaZ.exe

C:\Windows\System\DtumUzW.exe

C:\Windows\System\DtumUzW.exe

C:\Windows\System\uxHNoMs.exe

C:\Windows\System\uxHNoMs.exe

C:\Windows\System\cUHYvbR.exe

C:\Windows\System\cUHYvbR.exe

C:\Windows\System\kEvBSGs.exe

C:\Windows\System\kEvBSGs.exe

C:\Windows\System\mRKsIus.exe

C:\Windows\System\mRKsIus.exe

C:\Windows\System\zuoCHTl.exe

C:\Windows\System\zuoCHTl.exe

C:\Windows\System\WmOCyhX.exe

C:\Windows\System\WmOCyhX.exe

C:\Windows\System\VFdNbKW.exe

C:\Windows\System\VFdNbKW.exe

C:\Windows\System\qJTwTqN.exe

C:\Windows\System\qJTwTqN.exe

C:\Windows\System\DztVOCH.exe

C:\Windows\System\DztVOCH.exe

C:\Windows\System\YtzrQyj.exe

C:\Windows\System\YtzrQyj.exe

C:\Windows\System\tDFlpoE.exe

C:\Windows\System\tDFlpoE.exe

C:\Windows\System\hKhXjPZ.exe

C:\Windows\System\hKhXjPZ.exe

C:\Windows\System\vnkocZU.exe

C:\Windows\System\vnkocZU.exe

C:\Windows\System\tUCsTUj.exe

C:\Windows\System\tUCsTUj.exe

C:\Windows\System\TCVXOIn.exe

C:\Windows\System\TCVXOIn.exe

C:\Windows\System\ZIIDZRN.exe

C:\Windows\System\ZIIDZRN.exe

C:\Windows\System\TGNdZEf.exe

C:\Windows\System\TGNdZEf.exe

C:\Windows\System\phvJUBu.exe

C:\Windows\System\phvJUBu.exe

C:\Windows\System\gbiFfXG.exe

C:\Windows\System\gbiFfXG.exe

C:\Windows\System\maLfsRX.exe

C:\Windows\System\maLfsRX.exe

C:\Windows\System\Aembesg.exe

C:\Windows\System\Aembesg.exe

C:\Windows\System\SCuVIxS.exe

C:\Windows\System\SCuVIxS.exe

C:\Windows\System\SIhUTuD.exe

C:\Windows\System\SIhUTuD.exe

C:\Windows\System\GuzrUqB.exe

C:\Windows\System\GuzrUqB.exe

C:\Windows\System\SeKDVVW.exe

C:\Windows\System\SeKDVVW.exe

C:\Windows\System\ErDHEGg.exe

C:\Windows\System\ErDHEGg.exe

C:\Windows\System\HyciNeV.exe

C:\Windows\System\HyciNeV.exe

C:\Windows\System\fyNQhXU.exe

C:\Windows\System\fyNQhXU.exe

C:\Windows\System\tXRkiBc.exe

C:\Windows\System\tXRkiBc.exe

C:\Windows\System\jlBpuXk.exe

C:\Windows\System\jlBpuXk.exe

C:\Windows\System\ijMffGx.exe

C:\Windows\System\ijMffGx.exe

C:\Windows\System\jIWHORr.exe

C:\Windows\System\jIWHORr.exe

C:\Windows\System\ShJgoKk.exe

C:\Windows\System\ShJgoKk.exe

C:\Windows\System\fqJxEqv.exe

C:\Windows\System\fqJxEqv.exe

C:\Windows\System\YZtKSyi.exe

C:\Windows\System\YZtKSyi.exe

C:\Windows\System\truaibq.exe

C:\Windows\System\truaibq.exe

C:\Windows\System\dBOUxDL.exe

C:\Windows\System\dBOUxDL.exe

C:\Windows\System\MoROBfu.exe

C:\Windows\System\MoROBfu.exe

C:\Windows\System\lqtIoTU.exe

C:\Windows\System\lqtIoTU.exe

C:\Windows\System\YZEEWXK.exe

C:\Windows\System\YZEEWXK.exe

C:\Windows\System\bvzjuvI.exe

C:\Windows\System\bvzjuvI.exe

C:\Windows\System\airFRpS.exe

C:\Windows\System\airFRpS.exe

C:\Windows\System\BfgAoVm.exe

C:\Windows\System\BfgAoVm.exe

C:\Windows\System\PEZpVEF.exe

C:\Windows\System\PEZpVEF.exe

C:\Windows\System\MkntHxc.exe

C:\Windows\System\MkntHxc.exe

C:\Windows\System\MaWXOxO.exe

C:\Windows\System\MaWXOxO.exe

C:\Windows\System\bmhfBBy.exe

C:\Windows\System\bmhfBBy.exe

C:\Windows\System\ikPdpJE.exe

C:\Windows\System\ikPdpJE.exe

C:\Windows\System\QTfdJIE.exe

C:\Windows\System\QTfdJIE.exe

C:\Windows\System\KSMZmiw.exe

C:\Windows\System\KSMZmiw.exe

C:\Windows\System\oYwDqkQ.exe

C:\Windows\System\oYwDqkQ.exe

C:\Windows\System\HONqGjU.exe

C:\Windows\System\HONqGjU.exe

C:\Windows\System\mFxfPyf.exe

C:\Windows\System\mFxfPyf.exe

C:\Windows\System\bUXBlEf.exe

C:\Windows\System\bUXBlEf.exe

C:\Windows\System\cfYwxGb.exe

C:\Windows\System\cfYwxGb.exe

C:\Windows\System\hKzumfB.exe

C:\Windows\System\hKzumfB.exe

C:\Windows\System\CxPYAFj.exe

C:\Windows\System\CxPYAFj.exe

C:\Windows\System\cqqpqDV.exe

C:\Windows\System\cqqpqDV.exe

C:\Windows\System\rWWVuET.exe

C:\Windows\System\rWWVuET.exe

C:\Windows\System\tHtIttd.exe

C:\Windows\System\tHtIttd.exe

C:\Windows\System\IIiHoWe.exe

C:\Windows\System\IIiHoWe.exe

C:\Windows\System\PHZdRRA.exe

C:\Windows\System\PHZdRRA.exe

C:\Windows\System\tQvBfpk.exe

C:\Windows\System\tQvBfpk.exe

C:\Windows\System\wBcPpzJ.exe

C:\Windows\System\wBcPpzJ.exe

C:\Windows\System\CYeFONc.exe

C:\Windows\System\CYeFONc.exe

C:\Windows\System\SvdCpDL.exe

C:\Windows\System\SvdCpDL.exe

C:\Windows\System\aPQhdmN.exe

C:\Windows\System\aPQhdmN.exe

C:\Windows\System\NwAzVim.exe

C:\Windows\System\NwAzVim.exe

C:\Windows\System\mWGtAZN.exe

C:\Windows\System\mWGtAZN.exe

C:\Windows\System\gZcRjnc.exe

C:\Windows\System\gZcRjnc.exe

C:\Windows\System\CcYwQzw.exe

C:\Windows\System\CcYwQzw.exe

C:\Windows\System\sQPvMKu.exe

C:\Windows\System\sQPvMKu.exe

C:\Windows\System\qhjuejf.exe

C:\Windows\System\qhjuejf.exe

C:\Windows\System\DWAOClp.exe

C:\Windows\System\DWAOClp.exe

C:\Windows\System\JwhJlGj.exe

C:\Windows\System\JwhJlGj.exe

C:\Windows\System\ueHHUFn.exe

C:\Windows\System\ueHHUFn.exe

C:\Windows\System\AnyLJBV.exe

C:\Windows\System\AnyLJBV.exe

C:\Windows\System\sfFibIh.exe

C:\Windows\System\sfFibIh.exe

C:\Windows\System\KoBZHKd.exe

C:\Windows\System\KoBZHKd.exe

C:\Windows\System\sDpPgDA.exe

C:\Windows\System\sDpPgDA.exe

C:\Windows\System\XtguDMh.exe

C:\Windows\System\XtguDMh.exe

C:\Windows\System\dCpSieB.exe

C:\Windows\System\dCpSieB.exe

C:\Windows\System\mgGoMSJ.exe

C:\Windows\System\mgGoMSJ.exe

C:\Windows\System\ipXHLAQ.exe

C:\Windows\System\ipXHLAQ.exe

C:\Windows\System\BEHAiGA.exe

C:\Windows\System\BEHAiGA.exe

C:\Windows\System\FQmLHYC.exe

C:\Windows\System\FQmLHYC.exe

C:\Windows\System\qRENTPQ.exe

C:\Windows\System\qRENTPQ.exe

C:\Windows\System\EKrqwYi.exe

C:\Windows\System\EKrqwYi.exe

C:\Windows\System\wzUksMv.exe

C:\Windows\System\wzUksMv.exe

C:\Windows\System\hhLgNEu.exe

C:\Windows\System\hhLgNEu.exe

C:\Windows\System\BCTtehI.exe

C:\Windows\System\BCTtehI.exe

C:\Windows\System\CDiaalH.exe

C:\Windows\System\CDiaalH.exe

C:\Windows\System\bYhJAsD.exe

C:\Windows\System\bYhJAsD.exe

C:\Windows\System\KDmdMDV.exe

C:\Windows\System\KDmdMDV.exe

C:\Windows\System\YIsffZY.exe

C:\Windows\System\YIsffZY.exe

C:\Windows\System\dQgtGpe.exe

C:\Windows\System\dQgtGpe.exe

C:\Windows\System\oswQBQd.exe

C:\Windows\System\oswQBQd.exe

C:\Windows\System\dvenvSl.exe

C:\Windows\System\dvenvSl.exe

C:\Windows\System\RithJZR.exe

C:\Windows\System\RithJZR.exe

C:\Windows\System\wErIkPz.exe

C:\Windows\System\wErIkPz.exe

C:\Windows\System\qGxRmXM.exe

C:\Windows\System\qGxRmXM.exe

C:\Windows\System\XSGJYeL.exe

C:\Windows\System\XSGJYeL.exe

C:\Windows\System\ljdtdHH.exe

C:\Windows\System\ljdtdHH.exe

C:\Windows\System\uWKqYDa.exe

C:\Windows\System\uWKqYDa.exe

C:\Windows\System\ajcyPDj.exe

C:\Windows\System\ajcyPDj.exe

C:\Windows\System\HDhDWax.exe

C:\Windows\System\HDhDWax.exe

C:\Windows\System\mjkQWsr.exe

C:\Windows\System\mjkQWsr.exe

C:\Windows\System\udAuWVZ.exe

C:\Windows\System\udAuWVZ.exe

C:\Windows\System\RfkUpcB.exe

C:\Windows\System\RfkUpcB.exe

C:\Windows\System\CHzUyQQ.exe

C:\Windows\System\CHzUyQQ.exe

C:\Windows\System\PooxTnI.exe

C:\Windows\System\PooxTnI.exe

C:\Windows\System\KjQePnb.exe

C:\Windows\System\KjQePnb.exe

C:\Windows\System\tHyjWyC.exe

C:\Windows\System\tHyjWyC.exe

C:\Windows\System\bTBZZra.exe

C:\Windows\System\bTBZZra.exe

C:\Windows\System\WTurHXl.exe

C:\Windows\System\WTurHXl.exe

C:\Windows\System\gBMxiyw.exe

C:\Windows\System\gBMxiyw.exe

C:\Windows\System\ZbrJqyN.exe

C:\Windows\System\ZbrJqyN.exe

C:\Windows\System\Aijgqts.exe

C:\Windows\System\Aijgqts.exe

C:\Windows\System\KSXSwyK.exe

C:\Windows\System\KSXSwyK.exe

C:\Windows\System\aLlTmFp.exe

C:\Windows\System\aLlTmFp.exe

C:\Windows\System\AYoYrkC.exe

C:\Windows\System\AYoYrkC.exe

C:\Windows\System\HZLwNwZ.exe

C:\Windows\System\HZLwNwZ.exe

C:\Windows\System\iGtVShG.exe

C:\Windows\System\iGtVShG.exe

C:\Windows\System\fRULlie.exe

C:\Windows\System\fRULlie.exe

C:\Windows\System\CXpmwwB.exe

C:\Windows\System\CXpmwwB.exe

C:\Windows\System\hrgXaQg.exe

C:\Windows\System\hrgXaQg.exe

C:\Windows\System\IYWZtTX.exe

C:\Windows\System\IYWZtTX.exe

C:\Windows\System\cpWevky.exe

C:\Windows\System\cpWevky.exe

C:\Windows\System\emoSyst.exe

C:\Windows\System\emoSyst.exe

C:\Windows\System\MfUAGvw.exe

C:\Windows\System\MfUAGvw.exe

C:\Windows\System\jOCOdLT.exe

C:\Windows\System\jOCOdLT.exe

C:\Windows\System\YovtBbD.exe

C:\Windows\System\YovtBbD.exe

C:\Windows\System\pBhjvDx.exe

C:\Windows\System\pBhjvDx.exe

C:\Windows\System\MEVFADz.exe

C:\Windows\System\MEVFADz.exe

C:\Windows\System\ZadqPBk.exe

C:\Windows\System\ZadqPBk.exe

C:\Windows\System\OTLDqYN.exe

C:\Windows\System\OTLDqYN.exe

C:\Windows\System\NyJEnax.exe

C:\Windows\System\NyJEnax.exe

C:\Windows\System\SIDKGry.exe

C:\Windows\System\SIDKGry.exe

C:\Windows\System\oVJVlTc.exe

C:\Windows\System\oVJVlTc.exe

C:\Windows\System\cQXOFzO.exe

C:\Windows\System\cQXOFzO.exe

C:\Windows\System\YlVakEV.exe

C:\Windows\System\YlVakEV.exe

C:\Windows\System\RvgREaC.exe

C:\Windows\System\RvgREaC.exe

C:\Windows\System\mFOOSXH.exe

C:\Windows\System\mFOOSXH.exe

C:\Windows\System\uCiFBOL.exe

C:\Windows\System\uCiFBOL.exe

C:\Windows\System\SVgkTWI.exe

C:\Windows\System\SVgkTWI.exe

C:\Windows\System\XNlSLXX.exe

C:\Windows\System\XNlSLXX.exe

C:\Windows\System\rZBTcAV.exe

C:\Windows\System\rZBTcAV.exe

C:\Windows\System\PKhmAEM.exe

C:\Windows\System\PKhmAEM.exe

C:\Windows\System\qQWUAhU.exe

C:\Windows\System\qQWUAhU.exe

C:\Windows\System\vKqTahg.exe

C:\Windows\System\vKqTahg.exe

C:\Windows\System\epwdFhN.exe

C:\Windows\System\epwdFhN.exe

C:\Windows\System\EVfuxdp.exe

C:\Windows\System\EVfuxdp.exe

C:\Windows\System\pYeDQxJ.exe

C:\Windows\System\pYeDQxJ.exe

C:\Windows\System\KBFRvzv.exe

C:\Windows\System\KBFRvzv.exe

C:\Windows\System\JayRIft.exe

C:\Windows\System\JayRIft.exe

C:\Windows\System\mSuXBMZ.exe

C:\Windows\System\mSuXBMZ.exe

C:\Windows\System\lfPggWu.exe

C:\Windows\System\lfPggWu.exe

C:\Windows\System\kczOpVI.exe

C:\Windows\System\kczOpVI.exe

C:\Windows\System\AjWHyoD.exe

C:\Windows\System\AjWHyoD.exe

C:\Windows\System\jQWkuMj.exe

C:\Windows\System\jQWkuMj.exe

C:\Windows\System\ErCavII.exe

C:\Windows\System\ErCavII.exe

C:\Windows\System\obEIeuq.exe

C:\Windows\System\obEIeuq.exe

C:\Windows\System\UPEUphq.exe

C:\Windows\System\UPEUphq.exe

C:\Windows\System\kkFGdEg.exe

C:\Windows\System\kkFGdEg.exe

C:\Windows\System\UmJNsQS.exe

C:\Windows\System\UmJNsQS.exe

C:\Windows\System\gNDKHGW.exe

C:\Windows\System\gNDKHGW.exe

C:\Windows\System\JWTsnjV.exe

C:\Windows\System\JWTsnjV.exe

C:\Windows\System\HYnUWAY.exe

C:\Windows\System\HYnUWAY.exe

C:\Windows\System\vCwPTFw.exe

C:\Windows\System\vCwPTFw.exe

C:\Windows\System\YPhHeqU.exe

C:\Windows\System\YPhHeqU.exe

C:\Windows\System\eQwlZiV.exe

C:\Windows\System\eQwlZiV.exe

C:\Windows\System\CzNvdxd.exe

C:\Windows\System\CzNvdxd.exe

C:\Windows\System\SZCeVEM.exe

C:\Windows\System\SZCeVEM.exe

C:\Windows\System\qlUhfJb.exe

C:\Windows\System\qlUhfJb.exe

C:\Windows\System\rrABYwR.exe

C:\Windows\System\rrABYwR.exe

C:\Windows\System\NSAMdjw.exe

C:\Windows\System\NSAMdjw.exe

C:\Windows\System\xHdSXZC.exe

C:\Windows\System\xHdSXZC.exe

C:\Windows\System\BJEBwIx.exe

C:\Windows\System\BJEBwIx.exe

C:\Windows\System\ymrBUod.exe

C:\Windows\System\ymrBUod.exe

C:\Windows\System\FdpwZtU.exe

C:\Windows\System\FdpwZtU.exe

C:\Windows\System\xcrvQWG.exe

C:\Windows\System\xcrvQWG.exe

C:\Windows\System\zMbccba.exe

C:\Windows\System\zMbccba.exe

C:\Windows\System\xaAQZSB.exe

C:\Windows\System\xaAQZSB.exe

C:\Windows\System\dMKuDNX.exe

C:\Windows\System\dMKuDNX.exe

C:\Windows\System\cowtHYL.exe

C:\Windows\System\cowtHYL.exe

C:\Windows\System\iVabHpH.exe

C:\Windows\System\iVabHpH.exe

C:\Windows\System\rarBaUM.exe

C:\Windows\System\rarBaUM.exe

C:\Windows\System\Zuwtwuy.exe

C:\Windows\System\Zuwtwuy.exe

C:\Windows\System\gButGfk.exe

C:\Windows\System\gButGfk.exe

C:\Windows\System\rHXLwCZ.exe

C:\Windows\System\rHXLwCZ.exe

C:\Windows\System\rSOpRmN.exe

C:\Windows\System\rSOpRmN.exe

C:\Windows\System\KBTRGEg.exe

C:\Windows\System\KBTRGEg.exe

C:\Windows\System\nhSIhVZ.exe

C:\Windows\System\nhSIhVZ.exe

C:\Windows\System\ryxQCbd.exe

C:\Windows\System\ryxQCbd.exe

C:\Windows\System\udSkdHj.exe

C:\Windows\System\udSkdHj.exe

C:\Windows\System\MPwyPvf.exe

C:\Windows\System\MPwyPvf.exe

C:\Windows\System\ltaJFpw.exe

C:\Windows\System\ltaJFpw.exe

C:\Windows\System\rjKrCRn.exe

C:\Windows\System\rjKrCRn.exe

C:\Windows\System\vybIBjV.exe

C:\Windows\System\vybIBjV.exe

C:\Windows\System\SrmAUdW.exe

C:\Windows\System\SrmAUdW.exe

C:\Windows\System\yEXXoLA.exe

C:\Windows\System\yEXXoLA.exe

C:\Windows\System\yoHENij.exe

C:\Windows\System\yoHENij.exe

C:\Windows\System\lSJfJxz.exe

C:\Windows\System\lSJfJxz.exe

C:\Windows\System\CstMwCY.exe

C:\Windows\System\CstMwCY.exe

C:\Windows\System\SqivVco.exe

C:\Windows\System\SqivVco.exe

C:\Windows\System\BSDRVBX.exe

C:\Windows\System\BSDRVBX.exe

C:\Windows\System\LLhOAdI.exe

C:\Windows\System\LLhOAdI.exe

C:\Windows\System\uNyAtzd.exe

C:\Windows\System\uNyAtzd.exe

C:\Windows\System\wxPsbDF.exe

C:\Windows\System\wxPsbDF.exe

C:\Windows\System\huaunoR.exe

C:\Windows\System\huaunoR.exe

C:\Windows\System\rLzLKAk.exe

C:\Windows\System\rLzLKAk.exe

C:\Windows\System\QhYrcvM.exe

C:\Windows\System\QhYrcvM.exe

C:\Windows\System\UCKHBfn.exe

C:\Windows\System\UCKHBfn.exe

C:\Windows\System\EMKTaJr.exe

C:\Windows\System\EMKTaJr.exe

C:\Windows\System\zOtROHl.exe

C:\Windows\System\zOtROHl.exe

C:\Windows\System\DwuDmIa.exe

C:\Windows\System\DwuDmIa.exe

C:\Windows\System\VukGoth.exe

C:\Windows\System\VukGoth.exe

C:\Windows\System\QntNlWb.exe

C:\Windows\System\QntNlWb.exe

C:\Windows\System\wmZmLrn.exe

C:\Windows\System\wmZmLrn.exe

C:\Windows\System\vAPXieX.exe

C:\Windows\System\vAPXieX.exe

C:\Windows\System\XMuiIBo.exe

C:\Windows\System\XMuiIBo.exe

C:\Windows\System\NObxQKU.exe

C:\Windows\System\NObxQKU.exe

C:\Windows\System\fYpSoWJ.exe

C:\Windows\System\fYpSoWJ.exe

C:\Windows\System\SUzlPNa.exe

C:\Windows\System\SUzlPNa.exe

C:\Windows\System\jpYhxyg.exe

C:\Windows\System\jpYhxyg.exe

C:\Windows\System\HpAEHuD.exe

C:\Windows\System\HpAEHuD.exe

C:\Windows\System\LNCtKsl.exe

C:\Windows\System\LNCtKsl.exe

C:\Windows\System\FCRuZUB.exe

C:\Windows\System\FCRuZUB.exe

C:\Windows\System\ezPIyAX.exe

C:\Windows\System\ezPIyAX.exe

C:\Windows\System\wYQQshv.exe

C:\Windows\System\wYQQshv.exe

C:\Windows\System\frykNPk.exe

C:\Windows\System\frykNPk.exe

C:\Windows\System\KJhQBvf.exe

C:\Windows\System\KJhQBvf.exe

C:\Windows\System\MWnFFxa.exe

C:\Windows\System\MWnFFxa.exe

C:\Windows\System\SwCvEvG.exe

C:\Windows\System\SwCvEvG.exe

C:\Windows\System\kJDwjZs.exe

C:\Windows\System\kJDwjZs.exe

C:\Windows\System\bQQPcid.exe

C:\Windows\System\bQQPcid.exe

C:\Windows\System\AABPoYY.exe

C:\Windows\System\AABPoYY.exe

C:\Windows\System\yDQItsc.exe

C:\Windows\System\yDQItsc.exe

C:\Windows\System\MNRNYyi.exe

C:\Windows\System\MNRNYyi.exe

C:\Windows\System\aVUAsmO.exe

C:\Windows\System\aVUAsmO.exe

C:\Windows\System\ALwaNnc.exe

C:\Windows\System\ALwaNnc.exe

C:\Windows\System\DxoAUFy.exe

C:\Windows\System\DxoAUFy.exe

C:\Windows\System\RmPciXy.exe

C:\Windows\System\RmPciXy.exe

C:\Windows\System\yDjdaNv.exe

C:\Windows\System\yDjdaNv.exe

C:\Windows\System\tjswIPP.exe

C:\Windows\System\tjswIPP.exe

C:\Windows\System\Vqrlqjm.exe

C:\Windows\System\Vqrlqjm.exe

C:\Windows\System\YhPgyKj.exe

C:\Windows\System\YhPgyKj.exe

C:\Windows\System\fpnGFTT.exe

C:\Windows\System\fpnGFTT.exe

C:\Windows\System\XzbTbja.exe

C:\Windows\System\XzbTbja.exe

C:\Windows\System\TsHkoiO.exe

C:\Windows\System\TsHkoiO.exe

C:\Windows\System\PqaTnNz.exe

C:\Windows\System\PqaTnNz.exe

C:\Windows\System\MMeXoDp.exe

C:\Windows\System\MMeXoDp.exe

C:\Windows\System\nxITyVS.exe

C:\Windows\System\nxITyVS.exe

C:\Windows\System\HmpIbJp.exe

C:\Windows\System\HmpIbJp.exe

C:\Windows\System\fCIPIZL.exe

C:\Windows\System\fCIPIZL.exe

C:\Windows\System\bZAeNSH.exe

C:\Windows\System\bZAeNSH.exe

C:\Windows\System\UAcEeAK.exe

C:\Windows\System\UAcEeAK.exe

C:\Windows\System\DTcAkkC.exe

C:\Windows\System\DTcAkkC.exe

C:\Windows\System\MFDnicY.exe

C:\Windows\System\MFDnicY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2820-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2820-1-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\system\pmruzYh.exe

MD5 d6e7239d7db5a2e74276543f191106af
SHA1 2921a3eb6320706c84fe2cc44d19298075f8b3ca
SHA256 3271d2fd99af2f2fe958c92267b53b8b6c7535979cf33b6a9e6e61d31194e99a
SHA512 80e4a719d487ac499cfd017ecef3bbb358d2801ce038a1b6eac687e0662ad6592c0656c1d78939d6fe7709387d5f984cc6d979e2807a9fbac7c7cf1b13f49522

memory/2368-9-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2820-17-0x000000013FEE0000-0x0000000140234000-memory.dmp

C:\Windows\system\rcfFDvP.exe

MD5 7b27c9179ce6308614f32652a289d565
SHA1 c1be0c4119a275891c27c68fd593317abf875a78
SHA256 797edd825651fe3100636b90dc233d9b74dcc18162cd7be25872ebf3f31cc703
SHA512 394c021a5a1b0dc0168b50ae4cc1b5bf98db31f3c0b94184d09174458b341e3a3a1a7239ce6fc151bc72ae02d50e930f5dd794cdd5e1a6bf9413d6cf5039c900

C:\Windows\system\sjgCuKx.exe

MD5 588563105865c2e5a692345820b88988
SHA1 9f77cbb04b69210ccc601b4645686cd2120027f8
SHA256 55951b35079fc3aa67d51098400e8027bafc92bfe9369c69f1e5bd270e16cc61
SHA512 fd9843e8f866b4b13d3e336903c34eb8ed3695f0ca59bf659d7b57a97ec5756747deeacd8cea8091b08c08b1d88c7736897b9fc910a69b7c7f0db3aefab429ba

memory/2992-21-0x000000013FEE0000-0x0000000140234000-memory.dmp

C:\Windows\system\NdhfQJp.exe

MD5 84463c30f241d9df4a10728125dcf421
SHA1 5017b8fc40f580516170dbde91cc061988c91d05
SHA256 f23637f4e58b6b47fa16c98ba5bcf3a23a4672abb82e56b707f9c844835214b1
SHA512 3bea928894db5dcfaa30b35bd0b52395e1ad5c7b95f8252b1108391fd0fccc6c7d0c323f0fb3825e92c561d66f1a1ad61a4eec4138826b1168e75ea515775c5a

C:\Windows\system\pUIytxI.exe

MD5 cbf9faf0b0994d6198569ad88a1dc590
SHA1 10fd9f38f108ea0983b90c05d39ec62fe0a64c0a
SHA256 56faa2e3dd631dabc54f0ef24a8bc4ec748720cc6106358825c615062bb9bdb9
SHA512 535e793e87ef1f7371d0758b3412f71710a7b7cda13f09d1a7115ed9b075eabe9659beed6205f53139cec02fafddc532ad37f0025cd4b4f9f3987a7d4fcc409c

C:\Windows\system\QvjFcot.exe

MD5 77f80ec77c8892d624a4657761d006ed
SHA1 a6937b2470c719113be32b23b5d5ec97ca2193e5
SHA256 1f8390f0d6fadf2a64d52991f00c2f57d4221b4648f06ae373288773f57f37cd
SHA512 17d97d81263c398f3babf782f70ca1e1258ffca993764f7d4148e7ab2241379fc6a7b65faf40714392d4d04fe2ae0e082bb8592a74d8673a7cce3794a439c9ff

C:\Windows\system\INIIreQ.exe

MD5 191c4f6aa7921c188f9308ee87ccd06e
SHA1 01617cd2c2527d3037445485abcb9fd8302e029b
SHA256 cf70942d4d21c1694164fbeb10acf2dec6fd7bf4392da35d103d59aff83cf281
SHA512 8d4c30624ae94ff0f5dbfdfa2fa6a4e969b06e04857aa910c485e0025d5cddc596807c451fb5a851cd5a0ff2d6ca3bf594f37f30a5f5f853f5ba6ff115feed07

C:\Windows\system\wqakoZA.exe

MD5 53a6eb1406eb0b424aa3087e1922e2af
SHA1 1fab749f162efe53aeb97be3b5f706ef0a04b0b4
SHA256 01767390a3cefb82554accb02da664effb79b338317c5988ccf4d889d32e175f
SHA512 8d66d946afa0db7b9676c456c41e6087f03f6fdd97198ce27eb3bd9f0c756eb4c98d28c01cd3da5a31c1887e75d7025247a7f19536149ccaee567c51517b9bbd

memory/3048-943-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2672-956-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2820-952-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2748-1006-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2820-994-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2064-981-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2832-972-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2820-975-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2820-961-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2580-949-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/2820-1061-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1038-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2520-1018-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2820-1009-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2820-1062-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1060-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2932-1059-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2820-1058-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2920-1057-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2820-1056-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2484-1055-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2820-1053-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2436-1052-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2820-1050-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2596-1045-0x000000013F2D0000-0x000000013F624000-memory.dmp

C:\Windows\system\eYkmuNx.exe

MD5 94c63cc23f8cc791722029affdfe8486
SHA1 a7bfb88a3b547147519082e0b667485fae0cbf90
SHA256 929a717967bb91293f62615b8ee762020a488c9c963909758ad5ba5622f8f123
SHA512 37cbf263f1f4f4a13b4586c6865fafd14290a2c46214a982462d4274f52f4840f1f783c19918fa2066e3cded592ab8814f558d87de6933274ef0dfb7becdffee

C:\Windows\system\VsmLKXU.exe

MD5 a4fbbd1e9a0e3ced1d280c9125dee7bb
SHA1 591bc1d00cd1eb7880a18680786c4d54699de913
SHA256 b4728e73cdc01550d988d52d6c658b5a5f684b5baebf767abdd9eec6956f4b46
SHA512 f706371c23e7c81a69286713209ee67c10813ac8e341a4c270ee0fae305306b8b646ba3389253fb2702419e7e2d763400ff5e5a5d6753ef739c77079f60d14b1

C:\Windows\system\wHUmnBy.exe

MD5 30bc886e0e169f13de5bb49532ee912d
SHA1 7ab9d485869c43f21ac7161e858d61a0ba757a40
SHA256 5c166a42ec2d3d809190cbb96b244385e4c82ba2c0ff9e11776299c01c984f1c
SHA512 133260e1e1c037306415f738c446779a93880c08e3ba450cc4992220f39aad2b9ec688de6dfbc222ac7bb91584446e3e1f56e43b5aea5f750cd7eb7980eaa6bb

C:\Windows\system\wDxMkUs.exe

MD5 42a4e5163ecc65be3d88f838b600feec
SHA1 b0dcbbf496662f7120c9bf88b1f5ddb10b32802e
SHA256 833c20283442ccfd4f045c54222cf577cfbcb8fab8c022398d926a9eba613ead
SHA512 db7e0b1614bd6ef49d4b9954c9ecb7f38c3a06a6acf83a71a47b8a789a08859ae326206fcfcba223515980977f3717904ca9a003c4d575b255e083e9fb93d9af

C:\Windows\system\IwIsfTa.exe

MD5 d54488948637fd23e7e55cfe9a4a134e
SHA1 3949fd2f4cf3137aa96e6cc96e64410e7fc901ed
SHA256 f10e5a7ef4843ea1af95eebe384626eb9447412a00865a3f8299e152341acac6
SHA512 c14ca9586687ab4800c9223a8e8e0c546ea32b8600d10d8222ec778b355760eefecb4d44de5dc836933457db3b8a6bb6bc6bba51a5a07e1a7fb8a6ded1cb531c

C:\Windows\system\GQTbzvc.exe

MD5 3be7fc9ac0d1fb9e2528ddd1ca9ab5c0
SHA1 ab0630f6472efe55fa9c914acae3a8e6acd62f67
SHA256 d4b494d60e9bb8a0d6e93ec58877aaaa200fde329ac162e462543f30b071dc5c
SHA512 4db56b38b8166dfa29a75d468c5148d3a8d648cc28ab1e8408d14857ca2f24693339c5dd53e245dad0228ba305947676c95daea82ed91e6ae7f06ea7b6f7a56f

C:\Windows\system\IDTZkxQ.exe

MD5 37a7a60060479a53c75d653a9f64b8bf
SHA1 f5c3033d6d384ec0f5977f58882df213a40cd726
SHA256 b12f684a557c5248b9c589a6119a79c2a86a0bc8b140de0c17093b93c6cd3d94
SHA512 9b8858fe1d27d9ff74c2828ca2ac17d4675d70603e0aae191eb4a39542ede9cf308f340f8b03dad59edf93df3b4a5c5bfdf7382870acb8e71dd3aaa1dc17ef38

C:\Windows\system\DFwzqot.exe

MD5 6f09d0a652add76a08b3296ff4fdd980
SHA1 4f2d777e8bc42f85286433d0694f0fed6bf5b37f
SHA256 91f49c9e3f222a4739f682cfa02212c33aeaf5a13436242948f85a406589da5d
SHA512 86116d5be875676f3fb6a4de220c9a4acf8b2d58b82ee38a3be57b4a3e2e8014cd8bc9fae102bc137371208ede7451d402a79b38a77c78e50e83c642f1a08b19

C:\Windows\system\BllYOMX.exe

MD5 e77585e3670c77c74aa4065644d5dc07
SHA1 9035b6d04ee5b3ed5cbdd7a948be4f316e4d4371
SHA256 7b71a9784df86a2665ee8993765270038177c5645afac13676004c6e8b15f8ed
SHA512 1a0895e387f6634ae7f0e8cd3ef06e424864d94ea08f1a9966d776183c1e1c82fde784c986856486b4f833697631e41c1c442b7ef7dd89c7338c0066920a27e0

C:\Windows\system\DqeVKyo.exe

MD5 d64cdb3879a7a99470b0a038ea858e3d
SHA1 0333f5b89b76334b58e8568f4dca17ca03bad994
SHA256 5468b497b2074a90546a85386a5d6de41cf7dc5f8b99113f7d91148525f7def0
SHA512 ac1fd5077a9714ca9657c1b0c1cb0d4e39cb2876bcb9589c553f27582f6ec3a690ffbdf7a8a91131b284f5e70acdad0bcf7f33d7c1fb2dd159a6b9cc60503094

C:\Windows\system\fExjUKT.exe

MD5 8253d366b4448e84c6be711ffa2df615
SHA1 2eb00b007d1a294b1dc110bb32fbd536f3338307
SHA256 52a93feb34e7c247bd5658aecbb5e83c303e4a2902d53e0b423cf147c001ff8b
SHA512 825b130c86b3389abec611488cf8539a5d275bf0e549ecaf668c1b4c4dc0d6a32621648fe49099856acb00d37abc7acedb64379080b938f255919b39860c049d

C:\Windows\system\QSWTVkX.exe

MD5 a794c0b61ea2b0c6a293baa0dac54992
SHA1 2ef76459851ad1b0da91edb5804d22105d2db648
SHA256 ea6377bce62ba93f80426caa77167b826828717152cd4b5bbed140e77ef0dce6
SHA512 0c38282df055b234b3cfcff083694ebe58b5209016f1dd416ca9c2cf16e3469e46093452fea89b8637093cc4164a709fcd6d39c9372f495c9ac969f70e735180

C:\Windows\system\VqtFPdw.exe

MD5 f323df9bba561284f01d827d586b6e20
SHA1 c2bdee97aa2ba7288e092b1e70073eb7ebaa6b4e
SHA256 a5dfbcabcfb4cd957ce17bb6e086324e3d255cd0ea3400bb05cce679423a682e
SHA512 0cf3fa7e947d6a579042e24126f2c96bcb0e8818966797e05509abb8b67ba82730736ca54ad582667b93c813dd44c9b2cce24191c45da8d878825ad5e0fbdb22

C:\Windows\system\taHTKrt.exe

MD5 445c2732ffd3b3a938a11ed39f17f9ff
SHA1 cd1b853666f6384ad61efbcae048d559d84aef45
SHA256 a22466463edaf3102e4219b4a780deb0a341c0bdcf3c670c0d127c30bb0f1008
SHA512 99c496aa7a96c868370149a65948541c378508fa3a2efd48f986cd92d34eb92a8ed40d23e0a0c4b3665c8e73d16067a7ea43bd69cd09ba6490275946ec067302

C:\Windows\system\wmDBPLB.exe

MD5 cf864bf0413b54707f8fe9f12a7b0eb9
SHA1 ea5111c920efed7174719fa999e673ab9b44339c
SHA256 ff5fd40b18c007dd6e58e2be8ab61a0feb7df3d0676c9bc1b5f2cea230033fb3
SHA512 5425e832d4e8e05ff3d5c27e312667b8f51902ded310366677d55a8185da3337cfe1008595115fe482f2a5d391bca8467bf213747526349e5a693cc30f767e96

C:\Windows\system\NsPbwfO.exe

MD5 10c7ad91b5e0cbc5e9c04e18aa844aa0
SHA1 5de700b248a52052a73e27dec494d6189f84471b
SHA256 c9a6579a87cef8e5cae88d6f10ac293b18df5814eadea02e90928333116de960
SHA512 2775e719460f752cf06236a51ae49a601d31fbcb39125c9d6ad0f3087581ea9be81f8b7bebbf7a08b11ee4ef7addf06d53e27eaf3207f1c7b3ddd81993101201

C:\Windows\system\wNkKbke.exe

MD5 0f79cae9db283184285579d7b72fbd91
SHA1 aac3190dc9bc4fa06035bd780ec13762c821d1a7
SHA256 dba808413d17f122d729d0c05c086863a9146e16de7093289e5fcee3b870d7df
SHA512 408ec01ea7319ff6f90bb0d0c2da44fcf272cfc23520499691269a6bda2e73736bdb782d8162a9659f1f464fe663a6f9c2c507e983cc75250100569be5e84acd

C:\Windows\system\crMiXUS.exe

MD5 973820f60dbf2434bd8212bc89cf9878
SHA1 e93e5f5e0ab9072a372bce51e706dbf34d78b10d
SHA256 bb00f4b7feadf87c7160ae0e349997f65bd7ba32d33b4e51fb94305d81c69d59
SHA512 ff3a075268c26b602dc8eba50dfe9809fd3d6905f0287533ca5426a3880f475fe012754b5e9ff850a0336a088c7d7969a460fef3ac14c160b79e66a876e919bd

C:\Windows\system\HPDWVDN.exe

MD5 58ea8f753be10c615b8918408f4c8eae
SHA1 0df1915e179edff385f1b1088fb7f47608a09ac1
SHA256 a86767a97ba6f3cb87a268901bca1aa9990485bba16453332f9c15d575f4e614
SHA512 1eede1a7b349cfeb6a20258c3498c13c913b8210d7b49dc99d9c5024d5c3114a1fb7bb99646c456690af34086a447302b8a070283e7cc1c93f98eb8cf0670881

C:\Windows\system\hmeNroZ.exe

MD5 04000ccc448ff36435aba40d6b356403
SHA1 cbebcaf33dc34880e0382b63291286ad5a4e75b6
SHA256 8786ea2cfa66ced92d0a93dbf1ff677a053d88db6efb031e276db3351f2c5362
SHA512 b5fbe9f293a1aedb3dfd0c6abd8d4da5342c0f09de7170643547490adc1f6e477d4537f10c1fe64d45f4cb39834ef737b68e55c2622765566a8795594bd1c0ab

C:\Windows\system\RiuvukK.exe

MD5 7793b58334a5b45490d0cca6dc99e631
SHA1 db004b6969c957bb8d1bf0d9921af827822b032d
SHA256 c18d8b2d0d3865ce48c4a341985db2a09a4cac2045f9d28f1867a85e2e67c546
SHA512 e20339ac73cf0dda8859a35c4ee0962d3ccd0939f4eba8f7f4d25d329d6f3bf4b2e74990b368b88c044316dbdc49d2dba11eb87ee1606f5fe01c6c22cb76095d

C:\Windows\system\zkUsuGA.exe

MD5 de3ee6a84f608f1e7d63f3e4b388897d
SHA1 5f396bda827da0b76a228c03fe91fef000b8041c
SHA256 a66549ff2247ba344413462293a238913d5112517cc597bd0436675fa001e188
SHA512 262ec6b40c7375765a91133965ec052bafd013ea8b6ce8bf054d8c5d3ef0b8390a75155b5be68a63f38aa82cbe792ef0b805cbfe55580262a16dfd8993522a7a

C:\Windows\system\PASZdHq.exe

MD5 7acd26d1f5401ad903a29585f8dab468
SHA1 649f5ba2b4c3bb03f5a9e90151ce6e2b495738bb
SHA256 f7acac7b1ef7d84c4da8f6dbe9401777efdc587fe9ee22b70e6d30d966212a3c
SHA512 8542f75e029ff0f91ad30457a30f3b902d7cd059f0fa47f12f4a22814c989231c7893440aaa779b412271f3db1e21102142ac61dbb59b4c0689d5fcb4e23149f

C:\Windows\system\kZkSbex.exe

MD5 12da411b55834b20c2f566df35e041cd
SHA1 20977ebac85d88bb65b33106784bad459ae8f780
SHA256 a3054adbc79539e437510c508042ef52229e99181fb801508316e9f7f4960f79
SHA512 68c9265df381171232cabd15ec13629e703fdbc123e93cad8a2fe4e3d216bc0fdabc35f22c8a204e1267ee07bba87ed80137af5f3a2bf44c0fb62e1a4aa36cc3

memory/2820-8-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2820-1070-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2992-1071-0x000000013FEE0000-0x0000000140234000-memory.dmp

memory/2820-1072-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2820-1073-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2820-1074-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2820-1075-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2820-1078-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2820-1077-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1076-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2820-1081-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2820-1082-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1080-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1079-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2820-1083-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2820-1084-0x0000000002050000-0x00000000023A4000-memory.dmp

memory/2368-1085-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2580-1086-0x000000013F2F0000-0x000000013F644000-memory.dmp

memory/3048-1088-0x000000013F020000-0x000000013F374000-memory.dmp

memory/2672-1087-0x000000013FD30000-0x0000000140084000-memory.dmp

memory/2832-1089-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2748-1091-0x000000013FFE0000-0x0000000140334000-memory.dmp

memory/2064-1090-0x000000013FF00000-0x0000000140254000-memory.dmp

memory/2596-1093-0x000000013F2D0000-0x000000013F624000-memory.dmp

memory/2436-1094-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2920-1096-0x000000013F030000-0x000000013F384000-memory.dmp

memory/2932-1097-0x000000013FFD0000-0x0000000140324000-memory.dmp

memory/2484-1095-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2520-1092-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2992-1098-0x000000013FEE0000-0x0000000140234000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 22:59

Reported

2024-06-04 23:01

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\sXTaRza.exe N/A
N/A N/A C:\Windows\System\FIdSdNm.exe N/A
N/A N/A C:\Windows\System\aaHhDUA.exe N/A
N/A N/A C:\Windows\System\SjJPYXA.exe N/A
N/A N/A C:\Windows\System\dEWZlrk.exe N/A
N/A N/A C:\Windows\System\SSxMroC.exe N/A
N/A N/A C:\Windows\System\zxFileK.exe N/A
N/A N/A C:\Windows\System\SrForQe.exe N/A
N/A N/A C:\Windows\System\SXjUJGv.exe N/A
N/A N/A C:\Windows\System\lJMDDom.exe N/A
N/A N/A C:\Windows\System\MyKmejU.exe N/A
N/A N/A C:\Windows\System\izdurZE.exe N/A
N/A N/A C:\Windows\System\HqzEJmE.exe N/A
N/A N/A C:\Windows\System\YSppiQs.exe N/A
N/A N/A C:\Windows\System\zttFutr.exe N/A
N/A N/A C:\Windows\System\WYDoLOI.exe N/A
N/A N/A C:\Windows\System\MmJstgg.exe N/A
N/A N/A C:\Windows\System\qWmTSPz.exe N/A
N/A N/A C:\Windows\System\GYtRNwN.exe N/A
N/A N/A C:\Windows\System\fCExRhU.exe N/A
N/A N/A C:\Windows\System\HkizvkR.exe N/A
N/A N/A C:\Windows\System\VqMBmDD.exe N/A
N/A N/A C:\Windows\System\FbqfOrf.exe N/A
N/A N/A C:\Windows\System\ieJyGrD.exe N/A
N/A N/A C:\Windows\System\MQHlYei.exe N/A
N/A N/A C:\Windows\System\eJJOJgA.exe N/A
N/A N/A C:\Windows\System\BioBKCL.exe N/A
N/A N/A C:\Windows\System\cTZwdKN.exe N/A
N/A N/A C:\Windows\System\vgCxXAF.exe N/A
N/A N/A C:\Windows\System\XPNeZRR.exe N/A
N/A N/A C:\Windows\System\tuaFzVM.exe N/A
N/A N/A C:\Windows\System\YigTowh.exe N/A
N/A N/A C:\Windows\System\sqTvNLC.exe N/A
N/A N/A C:\Windows\System\wVuswKm.exe N/A
N/A N/A C:\Windows\System\ROmQwTP.exe N/A
N/A N/A C:\Windows\System\UQuXZjb.exe N/A
N/A N/A C:\Windows\System\SrltELU.exe N/A
N/A N/A C:\Windows\System\naRhLHT.exe N/A
N/A N/A C:\Windows\System\gDMBrpp.exe N/A
N/A N/A C:\Windows\System\PmTvMOp.exe N/A
N/A N/A C:\Windows\System\aOkvSVy.exe N/A
N/A N/A C:\Windows\System\SpYUQiO.exe N/A
N/A N/A C:\Windows\System\YaWPVkB.exe N/A
N/A N/A C:\Windows\System\SPXpqKd.exe N/A
N/A N/A C:\Windows\System\wCcUuUF.exe N/A
N/A N/A C:\Windows\System\dXBFTmb.exe N/A
N/A N/A C:\Windows\System\yQGcAcE.exe N/A
N/A N/A C:\Windows\System\WdcJbvf.exe N/A
N/A N/A C:\Windows\System\tZQTkWF.exe N/A
N/A N/A C:\Windows\System\NInDwcY.exe N/A
N/A N/A C:\Windows\System\xphfCQu.exe N/A
N/A N/A C:\Windows\System\AamPUuB.exe N/A
N/A N/A C:\Windows\System\nBOmUBg.exe N/A
N/A N/A C:\Windows\System\KhfXSzc.exe N/A
N/A N/A C:\Windows\System\UalGUpH.exe N/A
N/A N/A C:\Windows\System\GqQOWZE.exe N/A
N/A N/A C:\Windows\System\XquaXrZ.exe N/A
N/A N/A C:\Windows\System\RawYPpM.exe N/A
N/A N/A C:\Windows\System\ozgQSKp.exe N/A
N/A N/A C:\Windows\System\ukMLTQt.exe N/A
N/A N/A C:\Windows\System\owmkdGx.exe N/A
N/A N/A C:\Windows\System\cOBmWUB.exe N/A
N/A N/A C:\Windows\System\okvlVqO.exe N/A
N/A N/A C:\Windows\System\DZMcqmN.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AamPUuB.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fFdpivS.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IJhDFSA.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\lGmPYXR.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\Syoyfcj.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdekeoE.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHLHRIM.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFmCUur.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\naRhLHT.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gxuNMLy.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\YELextq.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\ulHcXWX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\rMBxwrV.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HxcWRBW.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPoWUMe.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\bZGjwWO.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\qaHHjWj.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhiCQWy.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvsvUwT.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\NInDwcY.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\UalGUpH.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcdfdwX.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sMJseHG.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\yirUtJt.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\sqTvNLC.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\Cojdgbe.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZMcqmN.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXhSeCS.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\auclnEb.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYTyKQC.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\PpDKKVH.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BioBKCL.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYDoLOI.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUoUUgY.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SjJPYXA.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\BkvxpzP.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdOKyRF.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\uJJffvw.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHagrKU.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\zpeiSzy.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBDaAUj.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\fABSszq.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVEFogc.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfDrpmC.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoebYAC.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRwQRpl.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiBWcJM.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\wVuswKm.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XjnhRME.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\TrcdwZM.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrcalcD.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\EJhwNMA.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqVZeuh.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\AjMohhm.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbVjEpb.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\YigTowh.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\SaCaMKi.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\igoAOIl.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\FIdSdNm.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzxnFtH.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\zxFileK.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\gDMBrpp.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\VZbcttz.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
File created C:\Windows\System\pIwyJJn.exe C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2872 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\sXTaRza.exe
PID 2872 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\sXTaRza.exe
PID 2872 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\FIdSdNm.exe
PID 2872 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\FIdSdNm.exe
PID 2872 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\aaHhDUA.exe
PID 2872 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\aaHhDUA.exe
PID 2872 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SjJPYXA.exe
PID 2872 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SjJPYXA.exe
PID 2872 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\dEWZlrk.exe
PID 2872 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\dEWZlrk.exe
PID 2872 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SSxMroC.exe
PID 2872 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SSxMroC.exe
PID 2872 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zxFileK.exe
PID 2872 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zxFileK.exe
PID 2872 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SrForQe.exe
PID 2872 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SrForQe.exe
PID 2872 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SXjUJGv.exe
PID 2872 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\SXjUJGv.exe
PID 2872 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\lJMDDom.exe
PID 2872 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\lJMDDom.exe
PID 2872 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MyKmejU.exe
PID 2872 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MyKmejU.exe
PID 2872 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HqzEJmE.exe
PID 2872 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HqzEJmE.exe
PID 2872 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\izdurZE.exe
PID 2872 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\izdurZE.exe
PID 2872 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\YSppiQs.exe
PID 2872 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\YSppiQs.exe
PID 2872 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zttFutr.exe
PID 2872 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\zttFutr.exe
PID 2872 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\WYDoLOI.exe
PID 2872 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\WYDoLOI.exe
PID 2872 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MmJstgg.exe
PID 2872 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MmJstgg.exe
PID 2872 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\qWmTSPz.exe
PID 2872 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\qWmTSPz.exe
PID 2872 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\GYtRNwN.exe
PID 2872 wrote to memory of 3212 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\GYtRNwN.exe
PID 2872 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\fCExRhU.exe
PID 2872 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\fCExRhU.exe
PID 2872 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HkizvkR.exe
PID 2872 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\HkizvkR.exe
PID 2872 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\VqMBmDD.exe
PID 2872 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\VqMBmDD.exe
PID 2872 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\FbqfOrf.exe
PID 2872 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\FbqfOrf.exe
PID 2872 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\ieJyGrD.exe
PID 2872 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\ieJyGrD.exe
PID 2872 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MQHlYei.exe
PID 2872 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\MQHlYei.exe
PID 2872 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\eJJOJgA.exe
PID 2872 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\eJJOJgA.exe
PID 2872 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\BioBKCL.exe
PID 2872 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\BioBKCL.exe
PID 2872 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\cTZwdKN.exe
PID 2872 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\cTZwdKN.exe
PID 2872 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\vgCxXAF.exe
PID 2872 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\vgCxXAF.exe
PID 2872 wrote to memory of 244 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\XPNeZRR.exe
PID 2872 wrote to memory of 244 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\XPNeZRR.exe
PID 2872 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\tuaFzVM.exe
PID 2872 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\tuaFzVM.exe
PID 2872 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\YigTowh.exe
PID 2872 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe C:\Windows\System\YigTowh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\13a12af93f45900655fcf5f878eb1020_NeikiAnalytics.exe"

C:\Windows\System\sXTaRza.exe

C:\Windows\System\sXTaRza.exe

C:\Windows\System\FIdSdNm.exe

C:\Windows\System\FIdSdNm.exe

C:\Windows\System\aaHhDUA.exe

C:\Windows\System\aaHhDUA.exe

C:\Windows\System\SjJPYXA.exe

C:\Windows\System\SjJPYXA.exe

C:\Windows\System\dEWZlrk.exe

C:\Windows\System\dEWZlrk.exe

C:\Windows\System\SSxMroC.exe

C:\Windows\System\SSxMroC.exe

C:\Windows\System\zxFileK.exe

C:\Windows\System\zxFileK.exe

C:\Windows\System\SrForQe.exe

C:\Windows\System\SrForQe.exe

C:\Windows\System\SXjUJGv.exe

C:\Windows\System\SXjUJGv.exe

C:\Windows\System\lJMDDom.exe

C:\Windows\System\lJMDDom.exe

C:\Windows\System\MyKmejU.exe

C:\Windows\System\MyKmejU.exe

C:\Windows\System\HqzEJmE.exe

C:\Windows\System\HqzEJmE.exe

C:\Windows\System\izdurZE.exe

C:\Windows\System\izdurZE.exe

C:\Windows\System\YSppiQs.exe

C:\Windows\System\YSppiQs.exe

C:\Windows\System\zttFutr.exe

C:\Windows\System\zttFutr.exe

C:\Windows\System\WYDoLOI.exe

C:\Windows\System\WYDoLOI.exe

C:\Windows\System\MmJstgg.exe

C:\Windows\System\MmJstgg.exe

C:\Windows\System\qWmTSPz.exe

C:\Windows\System\qWmTSPz.exe

C:\Windows\System\GYtRNwN.exe

C:\Windows\System\GYtRNwN.exe

C:\Windows\System\fCExRhU.exe

C:\Windows\System\fCExRhU.exe

C:\Windows\System\HkizvkR.exe

C:\Windows\System\HkizvkR.exe

C:\Windows\System\VqMBmDD.exe

C:\Windows\System\VqMBmDD.exe

C:\Windows\System\FbqfOrf.exe

C:\Windows\System\FbqfOrf.exe

C:\Windows\System\ieJyGrD.exe

C:\Windows\System\ieJyGrD.exe

C:\Windows\System\MQHlYei.exe

C:\Windows\System\MQHlYei.exe

C:\Windows\System\eJJOJgA.exe

C:\Windows\System\eJJOJgA.exe

C:\Windows\System\BioBKCL.exe

C:\Windows\System\BioBKCL.exe

C:\Windows\System\cTZwdKN.exe

C:\Windows\System\cTZwdKN.exe

C:\Windows\System\vgCxXAF.exe

C:\Windows\System\vgCxXAF.exe

C:\Windows\System\XPNeZRR.exe

C:\Windows\System\XPNeZRR.exe

C:\Windows\System\tuaFzVM.exe

C:\Windows\System\tuaFzVM.exe

C:\Windows\System\YigTowh.exe

C:\Windows\System\YigTowh.exe

C:\Windows\System\sqTvNLC.exe

C:\Windows\System\sqTvNLC.exe

C:\Windows\System\wVuswKm.exe

C:\Windows\System\wVuswKm.exe

C:\Windows\System\ROmQwTP.exe

C:\Windows\System\ROmQwTP.exe

C:\Windows\System\UQuXZjb.exe

C:\Windows\System\UQuXZjb.exe

C:\Windows\System\SrltELU.exe

C:\Windows\System\SrltELU.exe

C:\Windows\System\naRhLHT.exe

C:\Windows\System\naRhLHT.exe

C:\Windows\System\gDMBrpp.exe

C:\Windows\System\gDMBrpp.exe

C:\Windows\System\PmTvMOp.exe

C:\Windows\System\PmTvMOp.exe

C:\Windows\System\aOkvSVy.exe

C:\Windows\System\aOkvSVy.exe

C:\Windows\System\SpYUQiO.exe

C:\Windows\System\SpYUQiO.exe

C:\Windows\System\YaWPVkB.exe

C:\Windows\System\YaWPVkB.exe

C:\Windows\System\SPXpqKd.exe

C:\Windows\System\SPXpqKd.exe

C:\Windows\System\wCcUuUF.exe

C:\Windows\System\wCcUuUF.exe

C:\Windows\System\dXBFTmb.exe

C:\Windows\System\dXBFTmb.exe

C:\Windows\System\yQGcAcE.exe

C:\Windows\System\yQGcAcE.exe

C:\Windows\System\WdcJbvf.exe

C:\Windows\System\WdcJbvf.exe

C:\Windows\System\tZQTkWF.exe

C:\Windows\System\tZQTkWF.exe

C:\Windows\System\NInDwcY.exe

C:\Windows\System\NInDwcY.exe

C:\Windows\System\xphfCQu.exe

C:\Windows\System\xphfCQu.exe

C:\Windows\System\AamPUuB.exe

C:\Windows\System\AamPUuB.exe

C:\Windows\System\nBOmUBg.exe

C:\Windows\System\nBOmUBg.exe

C:\Windows\System\KhfXSzc.exe

C:\Windows\System\KhfXSzc.exe

C:\Windows\System\UalGUpH.exe

C:\Windows\System\UalGUpH.exe

C:\Windows\System\GqQOWZE.exe

C:\Windows\System\GqQOWZE.exe

C:\Windows\System\XquaXrZ.exe

C:\Windows\System\XquaXrZ.exe

C:\Windows\System\RawYPpM.exe

C:\Windows\System\RawYPpM.exe

C:\Windows\System\ozgQSKp.exe

C:\Windows\System\ozgQSKp.exe

C:\Windows\System\ukMLTQt.exe

C:\Windows\System\ukMLTQt.exe

C:\Windows\System\owmkdGx.exe

C:\Windows\System\owmkdGx.exe

C:\Windows\System\cOBmWUB.exe

C:\Windows\System\cOBmWUB.exe

C:\Windows\System\okvlVqO.exe

C:\Windows\System\okvlVqO.exe

C:\Windows\System\DZMcqmN.exe

C:\Windows\System\DZMcqmN.exe

C:\Windows\System\Cojdgbe.exe

C:\Windows\System\Cojdgbe.exe

C:\Windows\System\zpeiSzy.exe

C:\Windows\System\zpeiSzy.exe

C:\Windows\System\zwXgPef.exe

C:\Windows\System\zwXgPef.exe

C:\Windows\System\tbvWXRl.exe

C:\Windows\System\tbvWXRl.exe

C:\Windows\System\JHGQkuR.exe

C:\Windows\System\JHGQkuR.exe

C:\Windows\System\VIpOIwu.exe

C:\Windows\System\VIpOIwu.exe

C:\Windows\System\SaCaMKi.exe

C:\Windows\System\SaCaMKi.exe

C:\Windows\System\paljGWb.exe

C:\Windows\System\paljGWb.exe

C:\Windows\System\hlFUUxW.exe

C:\Windows\System\hlFUUxW.exe

C:\Windows\System\IBDaAUj.exe

C:\Windows\System\IBDaAUj.exe

C:\Windows\System\EwpUxXm.exe

C:\Windows\System\EwpUxXm.exe

C:\Windows\System\XjnhRME.exe

C:\Windows\System\XjnhRME.exe

C:\Windows\System\VtPqrKI.exe

C:\Windows\System\VtPqrKI.exe

C:\Windows\System\YELextq.exe

C:\Windows\System\YELextq.exe

C:\Windows\System\pVaRwZS.exe

C:\Windows\System\pVaRwZS.exe

C:\Windows\System\AJEzDxE.exe

C:\Windows\System\AJEzDxE.exe

C:\Windows\System\RYmMWRH.exe

C:\Windows\System\RYmMWRH.exe

C:\Windows\System\WvRNbPI.exe

C:\Windows\System\WvRNbPI.exe

C:\Windows\System\ObecHVL.exe

C:\Windows\System\ObecHVL.exe

C:\Windows\System\UvZeEly.exe

C:\Windows\System\UvZeEly.exe

C:\Windows\System\zedWYjI.exe

C:\Windows\System\zedWYjI.exe

C:\Windows\System\fABSszq.exe

C:\Windows\System\fABSszq.exe

C:\Windows\System\QVEFogc.exe

C:\Windows\System\QVEFogc.exe

C:\Windows\System\PlEytyb.exe

C:\Windows\System\PlEytyb.exe

C:\Windows\System\fyrfqOG.exe

C:\Windows\System\fyrfqOG.exe

C:\Windows\System\UaFmvBs.exe

C:\Windows\System\UaFmvBs.exe

C:\Windows\System\AZUhKoN.exe

C:\Windows\System\AZUhKoN.exe

C:\Windows\System\XdULnyV.exe

C:\Windows\System\XdULnyV.exe

C:\Windows\System\jqcanOo.exe

C:\Windows\System\jqcanOo.exe

C:\Windows\System\Syoyfcj.exe

C:\Windows\System\Syoyfcj.exe

C:\Windows\System\qFMqiqC.exe

C:\Windows\System\qFMqiqC.exe

C:\Windows\System\WuTAmHd.exe

C:\Windows\System\WuTAmHd.exe

C:\Windows\System\aVPKpCL.exe

C:\Windows\System\aVPKpCL.exe

C:\Windows\System\nVLJPgD.exe

C:\Windows\System\nVLJPgD.exe

C:\Windows\System\VZbcttz.exe

C:\Windows\System\VZbcttz.exe

C:\Windows\System\HAYZiXt.exe

C:\Windows\System\HAYZiXt.exe

C:\Windows\System\UmQaVki.exe

C:\Windows\System\UmQaVki.exe

C:\Windows\System\aCBaUBP.exe

C:\Windows\System\aCBaUBP.exe

C:\Windows\System\NLCndql.exe

C:\Windows\System\NLCndql.exe

C:\Windows\System\zvsXUEg.exe

C:\Windows\System\zvsXUEg.exe

C:\Windows\System\iEgNAFh.exe

C:\Windows\System\iEgNAFh.exe

C:\Windows\System\gxuNMLy.exe

C:\Windows\System\gxuNMLy.exe

C:\Windows\System\XQsIIKI.exe

C:\Windows\System\XQsIIKI.exe

C:\Windows\System\kYNMwBI.exe

C:\Windows\System\kYNMwBI.exe

C:\Windows\System\TrcdwZM.exe

C:\Windows\System\TrcdwZM.exe

C:\Windows\System\ahhsVVM.exe

C:\Windows\System\ahhsVVM.exe

C:\Windows\System\gNrHSXc.exe

C:\Windows\System\gNrHSXc.exe

C:\Windows\System\SKfgKXz.exe

C:\Windows\System\SKfgKXz.exe

C:\Windows\System\FbhyitS.exe

C:\Windows\System\FbhyitS.exe

C:\Windows\System\OUUGbPc.exe

C:\Windows\System\OUUGbPc.exe

C:\Windows\System\JrcalcD.exe

C:\Windows\System\JrcalcD.exe

C:\Windows\System\gMPITRQ.exe

C:\Windows\System\gMPITRQ.exe

C:\Windows\System\WfDrpmC.exe

C:\Windows\System\WfDrpmC.exe

C:\Windows\System\AYREIlQ.exe

C:\Windows\System\AYREIlQ.exe

C:\Windows\System\kUBaBbs.exe

C:\Windows\System\kUBaBbs.exe

C:\Windows\System\HfcrGTy.exe

C:\Windows\System\HfcrGTy.exe

C:\Windows\System\nksCITo.exe

C:\Windows\System\nksCITo.exe

C:\Windows\System\NUoUUgY.exe

C:\Windows\System\NUoUUgY.exe

C:\Windows\System\NHrbuOH.exe

C:\Windows\System\NHrbuOH.exe

C:\Windows\System\wBUMQAY.exe

C:\Windows\System\wBUMQAY.exe

C:\Windows\System\IphWWHy.exe

C:\Windows\System\IphWWHy.exe

C:\Windows\System\xQnfPTT.exe

C:\Windows\System\xQnfPTT.exe

C:\Windows\System\VZReABR.exe

C:\Windows\System\VZReABR.exe

C:\Windows\System\bZGjwWO.exe

C:\Windows\System\bZGjwWO.exe

C:\Windows\System\DZnHBwX.exe

C:\Windows\System\DZnHBwX.exe

C:\Windows\System\bTodKdK.exe

C:\Windows\System\bTodKdK.exe

C:\Windows\System\MqJgGbd.exe

C:\Windows\System\MqJgGbd.exe

C:\Windows\System\MsiQscz.exe

C:\Windows\System\MsiQscz.exe

C:\Windows\System\SycrNZH.exe

C:\Windows\System\SycrNZH.exe

C:\Windows\System\UZtuFxT.exe

C:\Windows\System\UZtuFxT.exe

C:\Windows\System\IWSmJnd.exe

C:\Windows\System\IWSmJnd.exe

C:\Windows\System\WBfgDvd.exe

C:\Windows\System\WBfgDvd.exe

C:\Windows\System\XefoZVb.exe

C:\Windows\System\XefoZVb.exe

C:\Windows\System\JRhKYGI.exe

C:\Windows\System\JRhKYGI.exe

C:\Windows\System\lGmPYXR.exe

C:\Windows\System\lGmPYXR.exe

C:\Windows\System\KjPqmIN.exe

C:\Windows\System\KjPqmIN.exe

C:\Windows\System\JQfMzyh.exe

C:\Windows\System\JQfMzyh.exe

C:\Windows\System\jRUPmQG.exe

C:\Windows\System\jRUPmQG.exe

C:\Windows\System\PvHAzvK.exe

C:\Windows\System\PvHAzvK.exe

C:\Windows\System\qXWNBGY.exe

C:\Windows\System\qXWNBGY.exe

C:\Windows\System\IIfXsqd.exe

C:\Windows\System\IIfXsqd.exe

C:\Windows\System\oZLJjse.exe

C:\Windows\System\oZLJjse.exe

C:\Windows\System\DoebYAC.exe

C:\Windows\System\DoebYAC.exe

C:\Windows\System\TmHbMSK.exe

C:\Windows\System\TmHbMSK.exe

C:\Windows\System\twOWtlD.exe

C:\Windows\System\twOWtlD.exe

C:\Windows\System\VtaojUH.exe

C:\Windows\System\VtaojUH.exe

C:\Windows\System\qaHHjWj.exe

C:\Windows\System\qaHHjWj.exe

C:\Windows\System\BcOkaDu.exe

C:\Windows\System\BcOkaDu.exe

C:\Windows\System\BkvxpzP.exe

C:\Windows\System\BkvxpzP.exe

C:\Windows\System\WYoBfFA.exe

C:\Windows\System\WYoBfFA.exe

C:\Windows\System\PlpKldi.exe

C:\Windows\System\PlpKldi.exe

C:\Windows\System\OFemWCr.exe

C:\Windows\System\OFemWCr.exe

C:\Windows\System\wJrNDSv.exe

C:\Windows\System\wJrNDSv.exe

C:\Windows\System\RzEoSgo.exe

C:\Windows\System\RzEoSgo.exe

C:\Windows\System\yPmWPvW.exe

C:\Windows\System\yPmWPvW.exe

C:\Windows\System\UPoWUMe.exe

C:\Windows\System\UPoWUMe.exe

C:\Windows\System\ajrwKZW.exe

C:\Windows\System\ajrwKZW.exe

C:\Windows\System\QBfFFRe.exe

C:\Windows\System\QBfFFRe.exe

C:\Windows\System\zKadSBw.exe

C:\Windows\System\zKadSBw.exe

C:\Windows\System\azHHPdI.exe

C:\Windows\System\azHHPdI.exe

C:\Windows\System\kdekeoE.exe

C:\Windows\System\kdekeoE.exe

C:\Windows\System\QkeuqoC.exe

C:\Windows\System\QkeuqoC.exe

C:\Windows\System\MqtEgub.exe

C:\Windows\System\MqtEgub.exe

C:\Windows\System\IkuIXYo.exe

C:\Windows\System\IkuIXYo.exe

C:\Windows\System\mcEHYVh.exe

C:\Windows\System\mcEHYVh.exe

C:\Windows\System\TyzELKb.exe

C:\Windows\System\TyzELKb.exe

C:\Windows\System\jXhSeCS.exe

C:\Windows\System\jXhSeCS.exe

C:\Windows\System\FjgHbBE.exe

C:\Windows\System\FjgHbBE.exe

C:\Windows\System\DcdfdwX.exe

C:\Windows\System\DcdfdwX.exe

C:\Windows\System\fJVfxbv.exe

C:\Windows\System\fJVfxbv.exe

C:\Windows\System\hVMyazV.exe

C:\Windows\System\hVMyazV.exe

C:\Windows\System\vYVUsme.exe

C:\Windows\System\vYVUsme.exe

C:\Windows\System\osOiIUg.exe

C:\Windows\System\osOiIUg.exe

C:\Windows\System\AYPHMwA.exe

C:\Windows\System\AYPHMwA.exe

C:\Windows\System\yuMbkOT.exe

C:\Windows\System\yuMbkOT.exe

C:\Windows\System\eFVRAdp.exe

C:\Windows\System\eFVRAdp.exe

C:\Windows\System\JSvuUFh.exe

C:\Windows\System\JSvuUFh.exe

C:\Windows\System\BSOqzQW.exe

C:\Windows\System\BSOqzQW.exe

C:\Windows\System\wkmRSxK.exe

C:\Windows\System\wkmRSxK.exe

C:\Windows\System\WtmCtHr.exe

C:\Windows\System\WtmCtHr.exe

C:\Windows\System\HdOKyRF.exe

C:\Windows\System\HdOKyRF.exe

C:\Windows\System\rahZIlT.exe

C:\Windows\System\rahZIlT.exe

C:\Windows\System\rHLHRIM.exe

C:\Windows\System\rHLHRIM.exe

C:\Windows\System\MRwQRpl.exe

C:\Windows\System\MRwQRpl.exe

C:\Windows\System\GKuGTrP.exe

C:\Windows\System\GKuGTrP.exe

C:\Windows\System\KJwcZTD.exe

C:\Windows\System\KJwcZTD.exe

C:\Windows\System\lwrSxJh.exe

C:\Windows\System\lwrSxJh.exe

C:\Windows\System\hmrQtMC.exe

C:\Windows\System\hmrQtMC.exe

C:\Windows\System\jrjGrhT.exe

C:\Windows\System\jrjGrhT.exe

C:\Windows\System\IRgpCAK.exe

C:\Windows\System\IRgpCAK.exe

C:\Windows\System\zNpixiE.exe

C:\Windows\System\zNpixiE.exe

C:\Windows\System\ZhwWuAU.exe

C:\Windows\System\ZhwWuAU.exe

C:\Windows\System\gyVxmRh.exe

C:\Windows\System\gyVxmRh.exe

C:\Windows\System\yFmCUur.exe

C:\Windows\System\yFmCUur.exe

C:\Windows\System\RJzWzsC.exe

C:\Windows\System\RJzWzsC.exe

C:\Windows\System\IhiCQWy.exe

C:\Windows\System\IhiCQWy.exe

C:\Windows\System\YxujDVn.exe

C:\Windows\System\YxujDVn.exe

C:\Windows\System\qeRvrTt.exe

C:\Windows\System\qeRvrTt.exe

C:\Windows\System\EJhwNMA.exe

C:\Windows\System\EJhwNMA.exe

C:\Windows\System\oxTLksB.exe

C:\Windows\System\oxTLksB.exe

C:\Windows\System\WzxnFtH.exe

C:\Windows\System\WzxnFtH.exe

C:\Windows\System\FgmQdTg.exe

C:\Windows\System\FgmQdTg.exe

C:\Windows\System\fAEbLZh.exe

C:\Windows\System\fAEbLZh.exe

C:\Windows\System\ulHcXWX.exe

C:\Windows\System\ulHcXWX.exe

C:\Windows\System\fCoSLzU.exe

C:\Windows\System\fCoSLzU.exe

C:\Windows\System\KAbjCtM.exe

C:\Windows\System\KAbjCtM.exe

C:\Windows\System\klDpkCI.exe

C:\Windows\System\klDpkCI.exe

C:\Windows\System\igoAOIl.exe

C:\Windows\System\igoAOIl.exe

C:\Windows\System\HgRkomZ.exe

C:\Windows\System\HgRkomZ.exe

C:\Windows\System\hAANPCa.exe

C:\Windows\System\hAANPCa.exe

C:\Windows\System\jVWxHsN.exe

C:\Windows\System\jVWxHsN.exe

C:\Windows\System\sMJseHG.exe

C:\Windows\System\sMJseHG.exe

C:\Windows\System\pIwyJJn.exe

C:\Windows\System\pIwyJJn.exe

C:\Windows\System\auclnEb.exe

C:\Windows\System\auclnEb.exe

C:\Windows\System\EhRuAsI.exe

C:\Windows\System\EhRuAsI.exe

C:\Windows\System\lYkQWPf.exe

C:\Windows\System\lYkQWPf.exe

C:\Windows\System\mARSZJu.exe

C:\Windows\System\mARSZJu.exe

C:\Windows\System\zDwXvAD.exe

C:\Windows\System\zDwXvAD.exe

C:\Windows\System\hoElsqo.exe

C:\Windows\System\hoElsqo.exe

C:\Windows\System\xMbRUHX.exe

C:\Windows\System\xMbRUHX.exe

C:\Windows\System\drzXwBP.exe

C:\Windows\System\drzXwBP.exe

C:\Windows\System\xlgWNAw.exe

C:\Windows\System\xlgWNAw.exe

C:\Windows\System\bXPoqTY.exe

C:\Windows\System\bXPoqTY.exe

C:\Windows\System\fFdpivS.exe

C:\Windows\System\fFdpivS.exe

C:\Windows\System\EKRYWmG.exe

C:\Windows\System\EKRYWmG.exe

C:\Windows\System\GlOmuHD.exe

C:\Windows\System\GlOmuHD.exe

C:\Windows\System\bMQClAr.exe

C:\Windows\System\bMQClAr.exe

C:\Windows\System\iSjPiuT.exe

C:\Windows\System\iSjPiuT.exe

C:\Windows\System\EfsMUiI.exe

C:\Windows\System\EfsMUiI.exe

C:\Windows\System\jDiMeBo.exe

C:\Windows\System\jDiMeBo.exe

C:\Windows\System\EOfyfBx.exe

C:\Windows\System\EOfyfBx.exe

C:\Windows\System\pFCpAFD.exe

C:\Windows\System\pFCpAFD.exe

C:\Windows\System\dmAbhdj.exe

C:\Windows\System\dmAbhdj.exe

C:\Windows\System\OzcRuTR.exe

C:\Windows\System\OzcRuTR.exe

C:\Windows\System\tkyNCDx.exe

C:\Windows\System\tkyNCDx.exe

C:\Windows\System\WmNqKTi.exe

C:\Windows\System\WmNqKTi.exe

C:\Windows\System\awjdzMU.exe

C:\Windows\System\awjdzMU.exe

C:\Windows\System\nlotRME.exe

C:\Windows\System\nlotRME.exe

C:\Windows\System\ZJHhGwc.exe

C:\Windows\System\ZJHhGwc.exe

C:\Windows\System\FUWhmJZ.exe

C:\Windows\System\FUWhmJZ.exe

C:\Windows\System\uJJffvw.exe

C:\Windows\System\uJJffvw.exe

C:\Windows\System\JvsvUwT.exe

C:\Windows\System\JvsvUwT.exe

C:\Windows\System\GeHZFjv.exe

C:\Windows\System\GeHZFjv.exe

C:\Windows\System\SzirjzR.exe

C:\Windows\System\SzirjzR.exe

C:\Windows\System\towtdrA.exe

C:\Windows\System\towtdrA.exe

C:\Windows\System\ZwpUbtj.exe

C:\Windows\System\ZwpUbtj.exe

C:\Windows\System\iTaqqBy.exe

C:\Windows\System\iTaqqBy.exe

C:\Windows\System\kLBZkOQ.exe

C:\Windows\System\kLBZkOQ.exe

C:\Windows\System\lkhszds.exe

C:\Windows\System\lkhszds.exe

C:\Windows\System\RwmcEQQ.exe

C:\Windows\System\RwmcEQQ.exe

C:\Windows\System\UaVpLNp.exe

C:\Windows\System\UaVpLNp.exe

C:\Windows\System\TUVGdhf.exe

C:\Windows\System\TUVGdhf.exe

C:\Windows\System\SJnrpQR.exe

C:\Windows\System\SJnrpQR.exe

C:\Windows\System\DILHQHu.exe

C:\Windows\System\DILHQHu.exe

C:\Windows\System\PYTyKQC.exe

C:\Windows\System\PYTyKQC.exe

C:\Windows\System\evfQRwL.exe

C:\Windows\System\evfQRwL.exe

C:\Windows\System\InrnRpL.exe

C:\Windows\System\InrnRpL.exe

C:\Windows\System\XTmaAwN.exe

C:\Windows\System\XTmaAwN.exe

C:\Windows\System\iqVZeuh.exe

C:\Windows\System\iqVZeuh.exe

C:\Windows\System\jlQukUE.exe

C:\Windows\System\jlQukUE.exe

C:\Windows\System\wLoSXCA.exe

C:\Windows\System\wLoSXCA.exe

C:\Windows\System\lgXSJjy.exe

C:\Windows\System\lgXSJjy.exe

C:\Windows\System\vNOjaRL.exe

C:\Windows\System\vNOjaRL.exe

C:\Windows\System\OaMzLQj.exe

C:\Windows\System\OaMzLQj.exe

C:\Windows\System\gHagrKU.exe

C:\Windows\System\gHagrKU.exe

C:\Windows\System\SOQkcPk.exe

C:\Windows\System\SOQkcPk.exe

C:\Windows\System\rMBxwrV.exe

C:\Windows\System\rMBxwrV.exe

C:\Windows\System\rQClkAn.exe

C:\Windows\System\rQClkAn.exe

C:\Windows\System\tjZlXGq.exe

C:\Windows\System\tjZlXGq.exe

C:\Windows\System\hXlCcYH.exe

C:\Windows\System\hXlCcYH.exe

C:\Windows\System\HefsszL.exe

C:\Windows\System\HefsszL.exe

C:\Windows\System\HpWhYnB.exe

C:\Windows\System\HpWhYnB.exe

C:\Windows\System\HPqDqhM.exe

C:\Windows\System\HPqDqhM.exe

C:\Windows\System\ZqpGMAE.exe

C:\Windows\System\ZqpGMAE.exe

C:\Windows\System\gTZOcrc.exe

C:\Windows\System\gTZOcrc.exe

C:\Windows\System\kBiFWyp.exe

C:\Windows\System\kBiFWyp.exe

C:\Windows\System\pDYHrLp.exe

C:\Windows\System\pDYHrLp.exe

C:\Windows\System\PpDKKVH.exe

C:\Windows\System\PpDKKVH.exe

C:\Windows\System\SmLnhTm.exe

C:\Windows\System\SmLnhTm.exe

C:\Windows\System\mWXSLlt.exe

C:\Windows\System\mWXSLlt.exe

C:\Windows\System\WsNwXDh.exe

C:\Windows\System\WsNwXDh.exe

C:\Windows\System\cqYRUxj.exe

C:\Windows\System\cqYRUxj.exe

C:\Windows\System\wfnZLsQ.exe

C:\Windows\System\wfnZLsQ.exe

C:\Windows\System\SiBWcJM.exe

C:\Windows\System\SiBWcJM.exe

C:\Windows\System\EtLkXVS.exe

C:\Windows\System\EtLkXVS.exe

C:\Windows\System\AjMohhm.exe

C:\Windows\System\AjMohhm.exe

C:\Windows\System\TZOEtRp.exe

C:\Windows\System\TZOEtRp.exe

C:\Windows\System\HxcWRBW.exe

C:\Windows\System\HxcWRBW.exe

C:\Windows\System\aznOmfU.exe

C:\Windows\System\aznOmfU.exe

C:\Windows\System\yNPiukO.exe

C:\Windows\System\yNPiukO.exe

C:\Windows\System\tdUnqWp.exe

C:\Windows\System\tdUnqWp.exe

C:\Windows\System\ChKIzMn.exe

C:\Windows\System\ChKIzMn.exe

C:\Windows\System\eoZJujU.exe

C:\Windows\System\eoZJujU.exe

C:\Windows\System\ABQurlt.exe

C:\Windows\System\ABQurlt.exe

C:\Windows\System\yCfjzfM.exe

C:\Windows\System\yCfjzfM.exe

C:\Windows\System\IJhDFSA.exe

C:\Windows\System\IJhDFSA.exe

C:\Windows\System\QYGpMaS.exe

C:\Windows\System\QYGpMaS.exe

C:\Windows\System\JwcTXvQ.exe

C:\Windows\System\JwcTXvQ.exe

C:\Windows\System\IxfvYkG.exe

C:\Windows\System\IxfvYkG.exe

C:\Windows\System\xajuGDa.exe

C:\Windows\System\xajuGDa.exe

C:\Windows\System\XbVjEpb.exe

C:\Windows\System\XbVjEpb.exe

C:\Windows\System\fafZoOA.exe

C:\Windows\System\fafZoOA.exe

C:\Windows\System\MVwpazl.exe

C:\Windows\System\MVwpazl.exe

C:\Windows\System\qmcKlNW.exe

C:\Windows\System\qmcKlNW.exe

C:\Windows\System\BOFpxXP.exe

C:\Windows\System\BOFpxXP.exe

C:\Windows\System\JOZTKAp.exe

C:\Windows\System\JOZTKAp.exe

C:\Windows\System\QrREVnl.exe

C:\Windows\System\QrREVnl.exe

C:\Windows\System\LKVFAlT.exe

C:\Windows\System\LKVFAlT.exe

C:\Windows\System\yirUtJt.exe

C:\Windows\System\yirUtJt.exe

C:\Windows\System\ggeMyrD.exe

C:\Windows\System\ggeMyrD.exe

C:\Windows\System\HMzKfdY.exe

C:\Windows\System\HMzKfdY.exe

C:\Windows\System\rgVJYkm.exe

C:\Windows\System\rgVJYkm.exe

C:\Windows\System\JqKHzft.exe

C:\Windows\System\JqKHzft.exe

C:\Windows\System\gmQEglw.exe

C:\Windows\System\gmQEglw.exe

C:\Windows\System\VnAMGju.exe

C:\Windows\System\VnAMGju.exe

C:\Windows\System\jyWOBgY.exe

C:\Windows\System\jyWOBgY.exe

C:\Windows\System\MdLxFGN.exe

C:\Windows\System\MdLxFGN.exe

C:\Windows\System\GsgCeAH.exe

C:\Windows\System\GsgCeAH.exe

C:\Windows\System\PEQrnxV.exe

C:\Windows\System\PEQrnxV.exe

C:\Windows\System\OluBNBs.exe

C:\Windows\System\OluBNBs.exe

C:\Windows\System\ggkEcDV.exe

C:\Windows\System\ggkEcDV.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2872-0-0x00007FF79B6E0000-0x00007FF79BA34000-memory.dmp

memory/2872-1-0x0000024A68AC0000-0x0000024A68AD0000-memory.dmp

C:\Windows\System\sXTaRza.exe

MD5 eb9cf611e053fcee6fb4905a1b48bdbe
SHA1 f33f8d8d7145e5eea1598b42898072eda9028624
SHA256 d541d69e5614c1701ddc2eee451722dd191cf32e48c3189760f8efb3664abcc2
SHA512 a918ab62ef1af196e7d74f3b849ac37922de1c79f0ea38cbb6091fa90a0a4789dd4a4a14ed0d32e87c3bb9086b0a75da981338d34c16616bfd93c1e6fa2bceb1

C:\Windows\System\aaHhDUA.exe

MD5 6ec26d831370d3b5f89deeaa9266e722
SHA1 238676b4b772c405326f543dbe8ed2d6219e9d49
SHA256 58f1f8afbf4c63ff011ad2081839ff5737015ba4bdf9b79d32d3cb6063affdbb
SHA512 2cdb991a14cfefdcb0e89f990b61bf30dbfd9f368f6f8d1cf0871d98059b929e28f7c62d08d7c556cd100fd647ea0dff0b570f7c3eb128245acf1932c2544da4

C:\Windows\System\FIdSdNm.exe

MD5 4df89b05c7a1aff2f9fa9a4d16fbd6a5
SHA1 f178f359b5cd757bfd0ffb3c8778016958e5ea45
SHA256 6a81ed2f1e67efd48b1078e200da99651b5a226a8b3296a8af431c98431a13d6
SHA512 d5c282cd1ea109a49ff47bdad41b1c3fd46d651c0c1f77b1e98315ff4ef62efd0cc391aed0b35770228aea8c9bcf1d13ca4cd78df85b9c681c2268b3a1166b06

memory/2284-12-0x00007FF66C0C0000-0x00007FF66C414000-memory.dmp

memory/3048-6-0x00007FF61B750000-0x00007FF61BAA4000-memory.dmp

memory/4000-30-0x00007FF7F02B0000-0x00007FF7F0604000-memory.dmp

C:\Windows\System\dEWZlrk.exe

MD5 47c2f5846aecc15787c4987eb3ab0db5
SHA1 5eae720db5e465623f72342e2bf06bcd3de1dc6e
SHA256 6931347838b1167969384716d4f082f0c062b769131586359c6e51fb1f67dfba
SHA512 6b58d58398c64c1d39843d313f748181239af54ed2da75caabaebd328b5461fad37b0750d1fd8a9a6462b5f7bae7c12212c58f32ee3ce7ee6bf3918791bcedf9

memory/4376-38-0x00007FF7D3030000-0x00007FF7D3384000-memory.dmp

C:\Windows\System\SrForQe.exe

MD5 496b1885c309519475ad5e2082d617a0
SHA1 fd23715295638d4511ea24fb21127601eadf762e
SHA256 c133701322f1b6c6d86f2100c30d89ebd665f0a660b9411758533d7a742fbc8d
SHA512 31b010e9f0e5136360f8016f9280fe72ea01c5f53e987cf68f4eeca68747a35ad4a9190d274bbd79fc2621f46525fb24b9bdf374eb79d01468b1a8d178380d5c

C:\Windows\System\SXjUJGv.exe

MD5 7b9b06f4359f19d8f98b6542062a97f4
SHA1 66853856b28c43f3951218438966ca50136e3263
SHA256 dc83eccd715d0a2792519019bc55cd57920ca545c15af31f0670087858e04d3d
SHA512 4197522a11c7a6aab23eb0d18b22e055f804101399928ceb4f7da227d903be764aff83a460f101495014083129806644cdd26707db1ba615814ee5e9297f045b

memory/464-60-0x00007FF6BE930000-0x00007FF6BEC84000-memory.dmp

memory/4704-66-0x00007FF6E0FD0000-0x00007FF6E1324000-memory.dmp

C:\Windows\System\MyKmejU.exe

MD5 1272375ce01ce553add05187ef950461
SHA1 8156dbdde115959a8080776ea9dac4b20d4ea0d2
SHA256 e0e2cea9ac48f64185ad987630761d406398ca0af276a2959b0662ddd2ab093b
SHA512 e24efdc2d24e082815d091986ca9f93567b7a755275714669909e90d223db685e002979539e9c41f403920b9ad77a91bafe9411d5e2f3d0e6c4023d3bc0ce425

C:\Windows\System\izdurZE.exe

MD5 5ec1c39b3db25f728cdeb3d50eb5973c
SHA1 aab594a1d7082143e430ddb3a9cdf0c89a48d9cf
SHA256 0945880b02cfe7755326c24631bd715b8ee52fdb120873c0dc79d85fa2ace85d
SHA512 4c1cf7de659db4869dfe17eaf825fe57b794f3a4412ab75f34e5ef730bc6929dd857554dd13273faa272ef664e8a2c48307f412dafd56ffbc9b61aecda9a93da

C:\Windows\System\zttFutr.exe

MD5 24923a071e5d6f7ddcfcd484e7e5c3b4
SHA1 435a54068a9d808b9c5c4f14e9cfa648b46ecfc6
SHA256 b82ba210cc0f6e21604ea49d9bfa7f937c2bbde872e5a92147e6f01490df2bfa
SHA512 a15d3d96fed98c23c6c5488b0f1497bc6d92c8e67a2644d1cb7bb762e81bcc3eca5bbc970d4dd138b9ad2ef8d336f9691b46077d98b5f3c039ceda61a1a8f21c

C:\Windows\System\MmJstgg.exe

MD5 a49cc13eb4399331b2106262dde2c29f
SHA1 3277370026de8c5a1d2abf174952de3d3504c409
SHA256 1abc4bee7fbc800a316e69e193f3d0784bbcfcee4d08a330ac4913448337075f
SHA512 3de5cea204a2f9aa33a69ee99cabb84bef876de6a44a6d5c7e75e34c19c94f232e958df04135c6e34c78d39bd4c652473a8710212d24a9aaa7c1d684c3791fcf

C:\Windows\System\HkizvkR.exe

MD5 605d65f3dc3baa53d179132f6313fbac
SHA1 f97554862f75ed01b3f66c9da14b7ef603cec5f3
SHA256 b090a7f2751d85bcf67c2baacd66ab2d1af9cba37e70a9451494a5bd266ca5ba
SHA512 c76e208eae62bd687a3e82631e562ee5624d6c06bc776d173cf8e8ec28aeb988c81472bfec358d8d87cc70e16a31bb27f0ec062aaff6cb366493586e4d66c4a9

C:\Windows\System\ieJyGrD.exe

MD5 970d31dfacee900135368ae31c98fe2e
SHA1 2553d64373fc48e86d35ccf1d47310f10f77d48f
SHA256 f2d5f446900f361b8ccef0f107d35147b463dfe84afbf24c3dfe9807e1bcb3c9
SHA512 87534bd92ff37820ed6935a310fea57f3d3e629dfe3df5a2c88f65efc8fef2ef839a69a8c7ea7b4c73a8dd0c66148f1ed886b1eeb4b8d48d380c04a51533cbbd

C:\Windows\System\YigTowh.exe

MD5 13d084843e08219f08ee44592b67b00c
SHA1 a37f005b2b0ce38e55a060da15be491a18d590cc
SHA256 081f29c5a65922df6eb98aa40eab1952e9b7cc5d6a13068340199d3315221fd3
SHA512 6588720236cd686d3acbd4c6de1a1a3e5cde71bcfdabcaaa2be0e9be2dbe30f14a4afe4d5a5de6be9d7078efff7f611469324cacf885958b05528e311f011eba

memory/2872-746-0x00007FF79B6E0000-0x00007FF79BA34000-memory.dmp

memory/1772-747-0x00007FF770A30000-0x00007FF770D84000-memory.dmp

memory/3408-795-0x00007FF640D10000-0x00007FF641064000-memory.dmp

memory/1788-807-0x00007FF78F2A0000-0x00007FF78F5F4000-memory.dmp

memory/2704-778-0x00007FF6C0C10000-0x00007FF6C0F64000-memory.dmp

memory/4848-763-0x00007FF6334D0000-0x00007FF633824000-memory.dmp

memory/2612-823-0x00007FF606450000-0x00007FF6067A4000-memory.dmp

memory/3212-828-0x00007FF7F82E0000-0x00007FF7F8634000-memory.dmp

memory/2236-818-0x00007FF7789D0000-0x00007FF778D24000-memory.dmp

memory/648-843-0x00007FF64B580000-0x00007FF64B8D4000-memory.dmp

memory/1044-850-0x00007FF6103A0000-0x00007FF6106F4000-memory.dmp

memory/1980-853-0x00007FF6DDDC0000-0x00007FF6DE114000-memory.dmp

memory/2556-858-0x00007FF6F2480000-0x00007FF6F27D4000-memory.dmp

memory/2124-860-0x00007FF62F880000-0x00007FF62FBD4000-memory.dmp

memory/4272-857-0x00007FF668D50000-0x00007FF6690A4000-memory.dmp

memory/3292-847-0x00007FF692EC0000-0x00007FF693214000-memory.dmp

memory/4544-842-0x00007FF7B1940000-0x00007FF7B1C94000-memory.dmp

memory/1716-839-0x00007FF7FAA20000-0x00007FF7FAD74000-memory.dmp

memory/1528-836-0x00007FF725B40000-0x00007FF725E94000-memory.dmp

C:\Windows\System\sqTvNLC.exe

MD5 36ece44982688ee80b6d40125d9ad24c
SHA1 d0dbf749802060d2338bfbf1480a38c24b7e8daa
SHA256 5c36f40aa8cdc123bcc689158dc0af53ef5888859eee044a603ca748156d5aac
SHA512 279322ce56ac7af6b4fa22f7c274f7408e09cab41bb3a24381065858985cff5903da1947b932f772c2edc627ffabd5a0cacb99e909e69b031378e0b4c16f78ba

C:\Windows\System\tuaFzVM.exe

MD5 0ff2f4baf371bb56ca33045c85b2338e
SHA1 d4eab60d778e3fbb6a515dec0f4cab9bc2c46b5d
SHA256 02ad4ffe8f0092dd1721571ba16001a8c9fa43f005f61862465ea66e08d3a462
SHA512 0191f5131873028d3c07886367f93dab3aeb79fa308fc04c9509028e08a9e240bb72a7bdd2441468d2c7c72a64249318f6d60ffe95c04e23dc8ed3320bc0264b

C:\Windows\System\XPNeZRR.exe

MD5 ce4a16359807c9825a772498840de68f
SHA1 d9840d12990ddc3716627be2255c1ecee5d63c8b
SHA256 3344f7d8b9d45a31f26d86f05ecaa3c40a478b5e8cd96fea8cdc53b79f709926
SHA512 a95be8d54e79ebfdd52ccc949299d1be727421c17f01552159a81de72365ec061aef9116a2c9cb08b5dbc8cc327e116fa734bf141d3043eff42a65f374e32e9c

C:\Windows\System\vgCxXAF.exe

MD5 caecdf1452cabb2e8247ac0bd235364f
SHA1 d51b8e0b41cc0185955088214bc66f2ed5cbe21d
SHA256 a6116fa084ba1ec79fb75e84f6a892fe832f6e04c7dbdd23aaceb3c237e5668e
SHA512 153dd9ee9435e22c8a298cf14b535474fd6eb0c43c42df0a5f8ec88f83647e054926a26b093cd798fe3874f56b363e1575a990f55bf762b73ff75c42cd2e8bff

C:\Windows\System\cTZwdKN.exe

MD5 151670f1e9c175705ae38d0a4dfc3ce1
SHA1 d6afdb9de056bb74d29ef1d078a1212f26160256
SHA256 5153731e9305f3ec0bacf939b40407ced24bdaf630d594eecd95d29563ccedca
SHA512 df28f3f7e05f7558ecc23d97d330aaf89c8f54d932223ae4c8f14b2ac4618936fa882516223ea8b05ef7b2ff95d1d2083117f57a6d4581a6b6eddc6dc1c1355f

C:\Windows\System\BioBKCL.exe

MD5 246700e098905b86cee6c8ce46c74039
SHA1 87f56974f3d3f87563a97a4a1175d5469f67d7b4
SHA256 6300b5e70c5c60164c974c14eac3801a8076c4981e18f78d9f50e07d4f8b783b
SHA512 332ed336359a777b667498f0d4915b3e5d8ff45c6c900638dabedd33f3ae62da39dfbc63432416fa6a5df268fdc575ce4b37a34472340ea9a88aec6a4296958d

C:\Windows\System\eJJOJgA.exe

MD5 4c86c5fbffaa1c43c908fff48b5462de
SHA1 a660e60d3c3d87ffa98f31436c88b0b97b30b58d
SHA256 79aaf5f55fab428fcafbd795e36c4865cf252ed069aa0f520786268840b72c26
SHA512 f98fd3e0b66175435f3ad38f8baef64fa5a21a9490c50fde96bf7705b8a163d76e5d034e307d8f74511451ce515a8ac6f5d757f2ac1fa15413a731de73481455

C:\Windows\System\MQHlYei.exe

MD5 d966a5cf78325e443a7efb7cdc28d3d0
SHA1 b09ce6e16aeaacac6b0e4c02b70a4d0b05021667
SHA256 cce26a6acd4ca556ef56c5e62863566c999fe5779afdf1e95a7af46a64fb448a
SHA512 4b6917f39d22caf3d02fb547c981b88a53aef7a309fdeaf70782bafbec569fc6cf87a986c2a846ab87dc7a85346def834ac5bbc53e15b1d75192fe902c39e270

C:\Windows\System\FbqfOrf.exe

MD5 bae4bc6e14eb85c3430e9c5feb6e3ee6
SHA1 cba2642b22c4def96fdb5da810bac660f2c272b9
SHA256 f1eead5518be27b41639826528f8fb8962f702bc0cef7ba44db5f8d4f4a91b06
SHA512 e212c202489886ae5959ef3f5c120b1f69158ba79c8bf9fb955e558ac321c925c04eb6ee672687e4cc2ab39df91fd97258fbc52ea20e11406eafc3dbd813bfd7

C:\Windows\System\VqMBmDD.exe

MD5 35e25211421d9a98f05feb50e1cc9fa7
SHA1 3c32049db0591423de392bc09c95e3c8fe15cc1a
SHA256 93c29deac48145ad528497204214a271e90314a4189161c93bcbfb0706b00071
SHA512 bce862b58ee9ab6cdcb2439fafcb3c1b6dad8c517c547698946eb7e426cadfcb4d5ab4d694a14f3bf04060bb995e0b65167c20f43bb028eafe3231d4666ad8b4

C:\Windows\System\fCExRhU.exe

MD5 b5eedbd1c4c59b2fa58a6967126717b0
SHA1 70354b259bdc64eeffc1620a2166086c56b8dae5
SHA256 25a9bae6442f14e736df21a94a8841efffba8144afefade49abf8962335ef576
SHA512 760ed5b364599f45560d27fdde7031ba6b7b5669bfde6bf354de14326dc5046b91cc1fd77293370850a4af7e3b4c615029cfcdaab9b18046dc354e47854b1146

C:\Windows\System\GYtRNwN.exe

MD5 d99b557358889c75b0e09c06df21081a
SHA1 37e0657da890de26782310dcdc1d1f8da660d8b3
SHA256 483ed3d2f951e6e10b3878430867362747551511fcf1471e5ca9578352383922
SHA512 8ed19b797b905420a238383ed619f5386d7720627d04c45397f6a237c7eab2ac8af5d46c9346361cf4ea1a08551e0eda485d4ef3890bf598f967a344933b56e1

C:\Windows\System\qWmTSPz.exe

MD5 0c4e629d10039bc9849981adc65e9728
SHA1 440be0c80f79559e5f185e9e7140ecaaacef40cf
SHA256 0a2aa22ac3c685186d833ec4df0ad16f73cb83113dce33f1f0ddef875ef4b3a2
SHA512 ca464c2d879a188135784cdaaa86bf4ec9af7b647831d81f9a7c036fd228ca8560670084bd13ce2ab237ed3d38c01b72cd93e75fc049b3883c8645dd558e28cd

C:\Windows\System\WYDoLOI.exe

MD5 5eed3ff886cb1d6407fd1bd23b434c7a
SHA1 64727ae24152e1eb5f01d4b2bd6f1f0e595965db
SHA256 babddaadd658fab6301d7274cd6c55a63212b0584240b1734f1472bc9351deda
SHA512 0bcf8aa41d434e76bc9656cb4944897f82e0a55cb0b90c9d8f8c1f15c2e424ddde21c574e54f2e4dd04f9393da8e4abc8e8a60cf642e95bd2a151c08ac7456ea

C:\Windows\System\YSppiQs.exe

MD5 5220db7f79793a95ad12edeab9179e9f
SHA1 3e38f86496df6575e7da98a58ebaaae8c4838f43
SHA256 0f7024f17dd0becde01ab81feca73665ae19d0ca51cc84d48e1722b9de22f4b0
SHA512 d3a1a256c5038238735aa7db052564120247d7e5788cd11a29d4414f9e6e020302e222056f889eb20e0757516f928f67f14018800a775d0930e5be992ff9100d

C:\Windows\System\HqzEJmE.exe

MD5 20c119e8a35a788251c122c8b436b2c2
SHA1 67815cb49887c15e197bfdcf7ac7cdab99d66fa1
SHA256 757fdb0c40249c1deac6a18e3a65428414115fbf3ef4203a9bd17878b1658a4c
SHA512 17b4ad4395b17106a07e411e7c9c0a207b919e9c18a2894e7853366c1f0bdbf8ea0181be9397cf26eeadd2d70e23efb49a990a2d66773705f572219f3b81fc00

memory/3988-70-0x00007FF6557E0000-0x00007FF655B34000-memory.dmp

C:\Windows\System\lJMDDom.exe

MD5 d8ddf8341cb230955801c58f46763584
SHA1 db9a3fd3a4e0351222f8a8f60af924faae4c2293
SHA256 b76af5e38a5371156925cd20001119acc17da2e01085471a173444c7d53d2dd1
SHA512 63ce67481666d1f2645b6a75ef3023b4cb870ebb7040bc877b6678c981374f1898b9ef874f6f6f8086f44ddb73f793cb6a83eb1f2c649c7f82d360016dc4b342

memory/1004-55-0x00007FF7E63B0000-0x00007FF7E6704000-memory.dmp

C:\Windows\System\zxFileK.exe

MD5 12d0cc4c0ca2226f25b832a91deb01ea
SHA1 22f0b2a6696e0ee39f4e4ed9996eb81756cdd8d3
SHA256 447a6a9f2b63397f241d5a473d3f94dd9fbc6df45a95ade20261d52584f57244
SHA512 1be59ea4fefc8ec1ca4687234fade26809d32f0510fc3c72da459f516adab62db9b6ff1048a94a2713e3cba5427029f4f712c33d50be85dd765629405b99b337

C:\Windows\System\SSxMroC.exe

MD5 282d6b6246448e3decacdc1a475ad595
SHA1 79537c6f12fa930671675777b7d6b923af5c77ba
SHA256 a5f65505a154f4adab1b3205f8577162104a1356be5818a15624cf200028285e
SHA512 8f39c90335a72176c7d7de9df3b04c52c9202d9b5e44d02ad090221d1236dab466bba0ccb9bb76203b5c1a10f67b5649c84f67398bf35556721dee959ce6ce5d

memory/3836-42-0x00007FF762560000-0x00007FF7628B4000-memory.dmp

memory/4768-35-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

memory/3628-26-0x00007FF64F490000-0x00007FF64F7E4000-memory.dmp

C:\Windows\System\SjJPYXA.exe

MD5 8ca2109e47720c7920b7171b1560a8ec
SHA1 2e82942ff45c332c217d12cb8d3115b265d43905
SHA256 a68851ff3291415d8e3e111ad788859b36b26ec872bbd47b6d085a5a04988368
SHA512 182170d3d7baee4165228747bd203e8afd93f08c7a599b94ea60a1869a08665432dc89512398a9494a6608daf6cdadd817bffa338ac8866fa43955d77361414d

memory/3048-1070-0x00007FF61B750000-0x00007FF61BAA4000-memory.dmp

memory/2284-1071-0x00007FF66C0C0000-0x00007FF66C414000-memory.dmp

memory/4768-1072-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

memory/3836-1073-0x00007FF762560000-0x00007FF7628B4000-memory.dmp

memory/1004-1074-0x00007FF7E63B0000-0x00007FF7E6704000-memory.dmp

memory/464-1075-0x00007FF6BE930000-0x00007FF6BEC84000-memory.dmp

memory/4704-1076-0x00007FF6E0FD0000-0x00007FF6E1324000-memory.dmp

memory/3988-1077-0x00007FF6557E0000-0x00007FF655B34000-memory.dmp

memory/3048-1078-0x00007FF61B750000-0x00007FF61BAA4000-memory.dmp

memory/2284-1079-0x00007FF66C0C0000-0x00007FF66C414000-memory.dmp

memory/3628-1080-0x00007FF64F490000-0x00007FF64F7E4000-memory.dmp

memory/4000-1081-0x00007FF7F02B0000-0x00007FF7F0604000-memory.dmp

memory/4376-1082-0x00007FF7D3030000-0x00007FF7D3384000-memory.dmp

memory/4768-1083-0x00007FF7E2B50000-0x00007FF7E2EA4000-memory.dmp

memory/3836-1084-0x00007FF762560000-0x00007FF7628B4000-memory.dmp

memory/1004-1085-0x00007FF7E63B0000-0x00007FF7E6704000-memory.dmp

memory/4704-1089-0x00007FF6E0FD0000-0x00007FF6E1324000-memory.dmp

memory/464-1090-0x00007FF6BE930000-0x00007FF6BEC84000-memory.dmp

memory/3408-1092-0x00007FF640D10000-0x00007FF641064000-memory.dmp

memory/2704-1091-0x00007FF6C0C10000-0x00007FF6C0F64000-memory.dmp

memory/3988-1088-0x00007FF6557E0000-0x00007FF655B34000-memory.dmp

memory/1772-1087-0x00007FF770A30000-0x00007FF770D84000-memory.dmp

memory/4848-1086-0x00007FF6334D0000-0x00007FF633824000-memory.dmp

memory/1980-1096-0x00007FF6DDDC0000-0x00007FF6DE114000-memory.dmp

memory/648-1106-0x00007FF64B580000-0x00007FF64B8D4000-memory.dmp

memory/3292-1105-0x00007FF692EC0000-0x00007FF693214000-memory.dmp

memory/2612-1104-0x00007FF606450000-0x00007FF6067A4000-memory.dmp

memory/1716-1103-0x00007FF7FAA20000-0x00007FF7FAD74000-memory.dmp

memory/1788-1102-0x00007FF78F2A0000-0x00007FF78F5F4000-memory.dmp

memory/3212-1100-0x00007FF7F82E0000-0x00007FF7F8634000-memory.dmp

memory/1528-1099-0x00007FF725B40000-0x00007FF725E94000-memory.dmp

memory/2236-1098-0x00007FF7789D0000-0x00007FF778D24000-memory.dmp

memory/4544-1101-0x00007FF7B1940000-0x00007FF7B1C94000-memory.dmp

memory/2124-1094-0x00007FF62F880000-0x00007FF62FBD4000-memory.dmp

memory/2556-1093-0x00007FF6F2480000-0x00007FF6F27D4000-memory.dmp

memory/4272-1095-0x00007FF668D50000-0x00007FF6690A4000-memory.dmp

memory/1044-1097-0x00007FF6103A0000-0x00007FF6106F4000-memory.dmp