Malware Analysis Report

2024-10-10 08:38

Sample ID 240604-cvjqkaab6s
Target 21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe
SHA256 9166ebbf0334eb8764e8bf39f05feb5c46dda1c2ca6c28d4adaa8b2a92d859ad
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9166ebbf0334eb8764e8bf39f05feb5c46dda1c2ca6c28d4adaa8b2a92d859ad

Threat Level: Known bad

The file 21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

XMRig Miner payload

Kpot family

KPOT Core Executable

KPOT

xmrig

Xmrig family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 02:24

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 02:23

Reported

2024-06-04 02:27

Platform

win7-20240508-en

Max time kernel

139s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\RqzKldr.exe N/A
N/A N/A C:\Windows\System\THfaWmj.exe N/A
N/A N/A C:\Windows\System\wvCPOtT.exe N/A
N/A N/A C:\Windows\System\PGSaRUH.exe N/A
N/A N/A C:\Windows\System\JBkDrJm.exe N/A
N/A N/A C:\Windows\System\BrHATvV.exe N/A
N/A N/A C:\Windows\System\IZcccbR.exe N/A
N/A N/A C:\Windows\System\bVlRVsM.exe N/A
N/A N/A C:\Windows\System\rKDBwDI.exe N/A
N/A N/A C:\Windows\System\eaKTMmk.exe N/A
N/A N/A C:\Windows\System\jaGNaIf.exe N/A
N/A N/A C:\Windows\System\HkWahHL.exe N/A
N/A N/A C:\Windows\System\ETXJFOe.exe N/A
N/A N/A C:\Windows\System\NGQDAbA.exe N/A
N/A N/A C:\Windows\System\opdmSZm.exe N/A
N/A N/A C:\Windows\System\HcpgzAi.exe N/A
N/A N/A C:\Windows\System\kAjCROt.exe N/A
N/A N/A C:\Windows\System\bWHDScm.exe N/A
N/A N/A C:\Windows\System\wDmLsei.exe N/A
N/A N/A C:\Windows\System\GsJvCNV.exe N/A
N/A N/A C:\Windows\System\DwfgElN.exe N/A
N/A N/A C:\Windows\System\lQgifOF.exe N/A
N/A N/A C:\Windows\System\kjoxczS.exe N/A
N/A N/A C:\Windows\System\iKutOij.exe N/A
N/A N/A C:\Windows\System\PgnBoEk.exe N/A
N/A N/A C:\Windows\System\yBmnrqS.exe N/A
N/A N/A C:\Windows\System\NsDiALq.exe N/A
N/A N/A C:\Windows\System\GqykgiT.exe N/A
N/A N/A C:\Windows\System\qNjrsbg.exe N/A
N/A N/A C:\Windows\System\zCDesJe.exe N/A
N/A N/A C:\Windows\System\rhILHVy.exe N/A
N/A N/A C:\Windows\System\AXkycAx.exe N/A
N/A N/A C:\Windows\System\CAFlsok.exe N/A
N/A N/A C:\Windows\System\KZeHFER.exe N/A
N/A N/A C:\Windows\System\WjBQgnf.exe N/A
N/A N/A C:\Windows\System\afunQLx.exe N/A
N/A N/A C:\Windows\System\pzEziZg.exe N/A
N/A N/A C:\Windows\System\oRSmpQq.exe N/A
N/A N/A C:\Windows\System\ABvpPXo.exe N/A
N/A N/A C:\Windows\System\TNDaKXu.exe N/A
N/A N/A C:\Windows\System\VmxTVQy.exe N/A
N/A N/A C:\Windows\System\PODVoBp.exe N/A
N/A N/A C:\Windows\System\sXHEDGS.exe N/A
N/A N/A C:\Windows\System\EVJDLji.exe N/A
N/A N/A C:\Windows\System\IsCtoPe.exe N/A
N/A N/A C:\Windows\System\DtkQBVV.exe N/A
N/A N/A C:\Windows\System\rcXoJJZ.exe N/A
N/A N/A C:\Windows\System\EiTgcrH.exe N/A
N/A N/A C:\Windows\System\mLHorLj.exe N/A
N/A N/A C:\Windows\System\eaITqOL.exe N/A
N/A N/A C:\Windows\System\qnQrZIV.exe N/A
N/A N/A C:\Windows\System\jDwMIka.exe N/A
N/A N/A C:\Windows\System\kfypuIW.exe N/A
N/A N/A C:\Windows\System\nADhsKh.exe N/A
N/A N/A C:\Windows\System\jzAARtl.exe N/A
N/A N/A C:\Windows\System\uTJStFZ.exe N/A
N/A N/A C:\Windows\System\WxnpzeU.exe N/A
N/A N/A C:\Windows\System\KwehkpX.exe N/A
N/A N/A C:\Windows\System\TllelHm.exe N/A
N/A N/A C:\Windows\System\VqUyGrh.exe N/A
N/A N/A C:\Windows\System\iIseRwm.exe N/A
N/A N/A C:\Windows\System\byQkObr.exe N/A
N/A N/A C:\Windows\System\bdrjqEN.exe N/A
N/A N/A C:\Windows\System\zcZjmZN.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\eaITqOL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCuVxcb.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFhItTs.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HTJNQYG.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DcGFoyB.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NGQDAbA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VmxTVQy.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GYnOraN.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\bwnixDA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFqEmyg.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\yGfKwPQ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtXSqOz.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvSufns.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwZFJBL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrwdXND.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsJvCNV.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EiTgcrH.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcZjmZN.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wNwopPN.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGopImi.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTxVQxG.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FkFFMYZ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlJCLRc.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZtqZFP.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\StgWkEU.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWYiGBk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\pYLYVWO.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BrHATvV.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EVJDLji.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDMSaaT.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mQaEhaS.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGIRKuZ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwxOuvl.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SAvGhmZ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\eaKTMmk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwehkpX.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuzuQGk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSQIaWK.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGxOFAb.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcaTRAP.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\OeFANqB.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\AswIiLk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cqqDctG.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJFkIiZ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPtIgOq.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbfAAIx.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\QukYjts.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFXsdpL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\uJUObuS.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\uExWDmc.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\DwjetuD.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ObwqSXh.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBkDrJm.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLHorLj.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdyIdtg.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmbCXkR.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsDiALq.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpUbfso.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKVmBhV.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCGnPFh.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAPHACw.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGXSBBp.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\qLOOMni.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\erggNov.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\RqzKldr.exe
PID 2036 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\RqzKldr.exe
PID 2036 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\RqzKldr.exe
PID 2036 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\THfaWmj.exe
PID 2036 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\THfaWmj.exe
PID 2036 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\THfaWmj.exe
PID 2036 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wvCPOtT.exe
PID 2036 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wvCPOtT.exe
PID 2036 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wvCPOtT.exe
PID 2036 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\PGSaRUH.exe
PID 2036 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\PGSaRUH.exe
PID 2036 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\PGSaRUH.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\JBkDrJm.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\JBkDrJm.exe
PID 2036 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\JBkDrJm.exe
PID 2036 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\BrHATvV.exe
PID 2036 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\BrHATvV.exe
PID 2036 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\BrHATvV.exe
PID 2036 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\IZcccbR.exe
PID 2036 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\IZcccbR.exe
PID 2036 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\IZcccbR.exe
PID 2036 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bVlRVsM.exe
PID 2036 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bVlRVsM.exe
PID 2036 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bVlRVsM.exe
PID 2036 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\rKDBwDI.exe
PID 2036 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\rKDBwDI.exe
PID 2036 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\rKDBwDI.exe
PID 2036 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\eaKTMmk.exe
PID 2036 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\eaKTMmk.exe
PID 2036 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\eaKTMmk.exe
PID 2036 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\jaGNaIf.exe
PID 2036 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\jaGNaIf.exe
PID 2036 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\jaGNaIf.exe
PID 2036 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HkWahHL.exe
PID 2036 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HkWahHL.exe
PID 2036 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HkWahHL.exe
PID 2036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ETXJFOe.exe
PID 2036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ETXJFOe.exe
PID 2036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ETXJFOe.exe
PID 2036 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\NGQDAbA.exe
PID 2036 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\NGQDAbA.exe
PID 2036 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\NGQDAbA.exe
PID 2036 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\opdmSZm.exe
PID 2036 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\opdmSZm.exe
PID 2036 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\opdmSZm.exe
PID 2036 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HcpgzAi.exe
PID 2036 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HcpgzAi.exe
PID 2036 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HcpgzAi.exe
PID 2036 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\kAjCROt.exe
PID 2036 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\kAjCROt.exe
PID 2036 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\kAjCROt.exe
PID 2036 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bWHDScm.exe
PID 2036 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bWHDScm.exe
PID 2036 wrote to memory of 2768 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\bWHDScm.exe
PID 2036 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wDmLsei.exe
PID 2036 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wDmLsei.exe
PID 2036 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wDmLsei.exe
PID 2036 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\GsJvCNV.exe
PID 2036 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\GsJvCNV.exe
PID 2036 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\GsJvCNV.exe
PID 2036 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\DwfgElN.exe
PID 2036 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\DwfgElN.exe
PID 2036 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\DwfgElN.exe
PID 2036 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\lQgifOF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe"

C:\Windows\System\RqzKldr.exe

C:\Windows\System\RqzKldr.exe

C:\Windows\System\THfaWmj.exe

C:\Windows\System\THfaWmj.exe

C:\Windows\System\wvCPOtT.exe

C:\Windows\System\wvCPOtT.exe

C:\Windows\System\PGSaRUH.exe

C:\Windows\System\PGSaRUH.exe

C:\Windows\System\JBkDrJm.exe

C:\Windows\System\JBkDrJm.exe

C:\Windows\System\BrHATvV.exe

C:\Windows\System\BrHATvV.exe

C:\Windows\System\IZcccbR.exe

C:\Windows\System\IZcccbR.exe

C:\Windows\System\bVlRVsM.exe

C:\Windows\System\bVlRVsM.exe

C:\Windows\System\rKDBwDI.exe

C:\Windows\System\rKDBwDI.exe

C:\Windows\System\eaKTMmk.exe

C:\Windows\System\eaKTMmk.exe

C:\Windows\System\jaGNaIf.exe

C:\Windows\System\jaGNaIf.exe

C:\Windows\System\HkWahHL.exe

C:\Windows\System\HkWahHL.exe

C:\Windows\System\ETXJFOe.exe

C:\Windows\System\ETXJFOe.exe

C:\Windows\System\NGQDAbA.exe

C:\Windows\System\NGQDAbA.exe

C:\Windows\System\opdmSZm.exe

C:\Windows\System\opdmSZm.exe

C:\Windows\System\HcpgzAi.exe

C:\Windows\System\HcpgzAi.exe

C:\Windows\System\kAjCROt.exe

C:\Windows\System\kAjCROt.exe

C:\Windows\System\bWHDScm.exe

C:\Windows\System\bWHDScm.exe

C:\Windows\System\wDmLsei.exe

C:\Windows\System\wDmLsei.exe

C:\Windows\System\GsJvCNV.exe

C:\Windows\System\GsJvCNV.exe

C:\Windows\System\DwfgElN.exe

C:\Windows\System\DwfgElN.exe

C:\Windows\System\lQgifOF.exe

C:\Windows\System\lQgifOF.exe

C:\Windows\System\kjoxczS.exe

C:\Windows\System\kjoxczS.exe

C:\Windows\System\iKutOij.exe

C:\Windows\System\iKutOij.exe

C:\Windows\System\PgnBoEk.exe

C:\Windows\System\PgnBoEk.exe

C:\Windows\System\yBmnrqS.exe

C:\Windows\System\yBmnrqS.exe

C:\Windows\System\NsDiALq.exe

C:\Windows\System\NsDiALq.exe

C:\Windows\System\GqykgiT.exe

C:\Windows\System\GqykgiT.exe

C:\Windows\System\qNjrsbg.exe

C:\Windows\System\qNjrsbg.exe

C:\Windows\System\zCDesJe.exe

C:\Windows\System\zCDesJe.exe

C:\Windows\System\rhILHVy.exe

C:\Windows\System\rhILHVy.exe

C:\Windows\System\AXkycAx.exe

C:\Windows\System\AXkycAx.exe

C:\Windows\System\CAFlsok.exe

C:\Windows\System\CAFlsok.exe

C:\Windows\System\KZeHFER.exe

C:\Windows\System\KZeHFER.exe

C:\Windows\System\WjBQgnf.exe

C:\Windows\System\WjBQgnf.exe

C:\Windows\System\afunQLx.exe

C:\Windows\System\afunQLx.exe

C:\Windows\System\pzEziZg.exe

C:\Windows\System\pzEziZg.exe

C:\Windows\System\oRSmpQq.exe

C:\Windows\System\oRSmpQq.exe

C:\Windows\System\ABvpPXo.exe

C:\Windows\System\ABvpPXo.exe

C:\Windows\System\TNDaKXu.exe

C:\Windows\System\TNDaKXu.exe

C:\Windows\System\VmxTVQy.exe

C:\Windows\System\VmxTVQy.exe

C:\Windows\System\PODVoBp.exe

C:\Windows\System\PODVoBp.exe

C:\Windows\System\sXHEDGS.exe

C:\Windows\System\sXHEDGS.exe

C:\Windows\System\EVJDLji.exe

C:\Windows\System\EVJDLji.exe

C:\Windows\System\IsCtoPe.exe

C:\Windows\System\IsCtoPe.exe

C:\Windows\System\DtkQBVV.exe

C:\Windows\System\DtkQBVV.exe

C:\Windows\System\rcXoJJZ.exe

C:\Windows\System\rcXoJJZ.exe

C:\Windows\System\EiTgcrH.exe

C:\Windows\System\EiTgcrH.exe

C:\Windows\System\mLHorLj.exe

C:\Windows\System\mLHorLj.exe

C:\Windows\System\eaITqOL.exe

C:\Windows\System\eaITqOL.exe

C:\Windows\System\qnQrZIV.exe

C:\Windows\System\qnQrZIV.exe

C:\Windows\System\jDwMIka.exe

C:\Windows\System\jDwMIka.exe

C:\Windows\System\kfypuIW.exe

C:\Windows\System\kfypuIW.exe

C:\Windows\System\uTJStFZ.exe

C:\Windows\System\uTJStFZ.exe

C:\Windows\System\nADhsKh.exe

C:\Windows\System\nADhsKh.exe

C:\Windows\System\KwehkpX.exe

C:\Windows\System\KwehkpX.exe

C:\Windows\System\jzAARtl.exe

C:\Windows\System\jzAARtl.exe

C:\Windows\System\TllelHm.exe

C:\Windows\System\TllelHm.exe

C:\Windows\System\WxnpzeU.exe

C:\Windows\System\WxnpzeU.exe

C:\Windows\System\VqUyGrh.exe

C:\Windows\System\VqUyGrh.exe

C:\Windows\System\iIseRwm.exe

C:\Windows\System\iIseRwm.exe

C:\Windows\System\VuzuQGk.exe

C:\Windows\System\VuzuQGk.exe

C:\Windows\System\byQkObr.exe

C:\Windows\System\byQkObr.exe

C:\Windows\System\zPtIgOq.exe

C:\Windows\System\zPtIgOq.exe

C:\Windows\System\bdrjqEN.exe

C:\Windows\System\bdrjqEN.exe

C:\Windows\System\ZYFmIOp.exe

C:\Windows\System\ZYFmIOp.exe

C:\Windows\System\zcZjmZN.exe

C:\Windows\System\zcZjmZN.exe

C:\Windows\System\MHWDeTv.exe

C:\Windows\System\MHWDeTv.exe

C:\Windows\System\wNwopPN.exe

C:\Windows\System\wNwopPN.exe

C:\Windows\System\aupGPyF.exe

C:\Windows\System\aupGPyF.exe

C:\Windows\System\KHmAYva.exe

C:\Windows\System\KHmAYva.exe

C:\Windows\System\RAszxUb.exe

C:\Windows\System\RAszxUb.exe

C:\Windows\System\kNVxKSH.exe

C:\Windows\System\kNVxKSH.exe

C:\Windows\System\RQCKOYo.exe

C:\Windows\System\RQCKOYo.exe

C:\Windows\System\MTQzvid.exe

C:\Windows\System\MTQzvid.exe

C:\Windows\System\wkgVUCC.exe

C:\Windows\System\wkgVUCC.exe

C:\Windows\System\ciFjfpc.exe

C:\Windows\System\ciFjfpc.exe

C:\Windows\System\xLeQwWJ.exe

C:\Windows\System\xLeQwWJ.exe

C:\Windows\System\fcaTRAP.exe

C:\Windows\System\fcaTRAP.exe

C:\Windows\System\WOeKafe.exe

C:\Windows\System\WOeKafe.exe

C:\Windows\System\anhPCXI.exe

C:\Windows\System\anhPCXI.exe

C:\Windows\System\itcFFNK.exe

C:\Windows\System\itcFFNK.exe

C:\Windows\System\RpUbfso.exe

C:\Windows\System\RpUbfso.exe

C:\Windows\System\VKVmBhV.exe

C:\Windows\System\VKVmBhV.exe

C:\Windows\System\RFIpuby.exe

C:\Windows\System\RFIpuby.exe

C:\Windows\System\PaQQUrH.exe

C:\Windows\System\PaQQUrH.exe

C:\Windows\System\LJAhJHD.exe

C:\Windows\System\LJAhJHD.exe

C:\Windows\System\ZzjFPSw.exe

C:\Windows\System\ZzjFPSw.exe

C:\Windows\System\VEjOUPC.exe

C:\Windows\System\VEjOUPC.exe

C:\Windows\System\vapVrWV.exe

C:\Windows\System\vapVrWV.exe

C:\Windows\System\EosTXGr.exe

C:\Windows\System\EosTXGr.exe

C:\Windows\System\dWLQMZl.exe

C:\Windows\System\dWLQMZl.exe

C:\Windows\System\kBnfznI.exe

C:\Windows\System\kBnfznI.exe

C:\Windows\System\IHovevl.exe

C:\Windows\System\IHovevl.exe

C:\Windows\System\ecvgvaB.exe

C:\Windows\System\ecvgvaB.exe

C:\Windows\System\HulhrKL.exe

C:\Windows\System\HulhrKL.exe

C:\Windows\System\adGzrFT.exe

C:\Windows\System\adGzrFT.exe

C:\Windows\System\QUuNYfC.exe

C:\Windows\System\QUuNYfC.exe

C:\Windows\System\DfCypaA.exe

C:\Windows\System\DfCypaA.exe

C:\Windows\System\ShyhTYm.exe

C:\Windows\System\ShyhTYm.exe

C:\Windows\System\FCkEuID.exe

C:\Windows\System\FCkEuID.exe

C:\Windows\System\YdRRAZg.exe

C:\Windows\System\YdRRAZg.exe

C:\Windows\System\aiAksbd.exe

C:\Windows\System\aiAksbd.exe

C:\Windows\System\hDMSaaT.exe

C:\Windows\System\hDMSaaT.exe

C:\Windows\System\ykmbAPy.exe

C:\Windows\System\ykmbAPy.exe

C:\Windows\System\fbfAAIx.exe

C:\Windows\System\fbfAAIx.exe

C:\Windows\System\WMxSfxM.exe

C:\Windows\System\WMxSfxM.exe

C:\Windows\System\GYnOraN.exe

C:\Windows\System\GYnOraN.exe

C:\Windows\System\ohORutP.exe

C:\Windows\System\ohORutP.exe

C:\Windows\System\ndpIzEC.exe

C:\Windows\System\ndpIzEC.exe

C:\Windows\System\EcJyPKk.exe

C:\Windows\System\EcJyPKk.exe

C:\Windows\System\hgLzJEQ.exe

C:\Windows\System\hgLzJEQ.exe

C:\Windows\System\uExWDmc.exe

C:\Windows\System\uExWDmc.exe

C:\Windows\System\YDHzCxe.exe

C:\Windows\System\YDHzCxe.exe

C:\Windows\System\SGopImi.exe

C:\Windows\System\SGopImi.exe

C:\Windows\System\QukYjts.exe

C:\Windows\System\QukYjts.exe

C:\Windows\System\kYfHDLH.exe

C:\Windows\System\kYfHDLH.exe

C:\Windows\System\CStuZgg.exe

C:\Windows\System\CStuZgg.exe

C:\Windows\System\raSdzlG.exe

C:\Windows\System\raSdzlG.exe

C:\Windows\System\FYlrScH.exe

C:\Windows\System\FYlrScH.exe

C:\Windows\System\BCuVxcb.exe

C:\Windows\System\BCuVxcb.exe

C:\Windows\System\ZKIosbp.exe

C:\Windows\System\ZKIosbp.exe

C:\Windows\System\mWcbUWB.exe

C:\Windows\System\mWcbUWB.exe

C:\Windows\System\YBACLdb.exe

C:\Windows\System\YBACLdb.exe

C:\Windows\System\jKuccTN.exe

C:\Windows\System\jKuccTN.exe

C:\Windows\System\ByfbHQn.exe

C:\Windows\System\ByfbHQn.exe

C:\Windows\System\NdvXxmU.exe

C:\Windows\System\NdvXxmU.exe

C:\Windows\System\HdyIdtg.exe

C:\Windows\System\HdyIdtg.exe

C:\Windows\System\Bbxvpbi.exe

C:\Windows\System\Bbxvpbi.exe

C:\Windows\System\StgWkEU.exe

C:\Windows\System\StgWkEU.exe

C:\Windows\System\oesvXfp.exe

C:\Windows\System\oesvXfp.exe

C:\Windows\System\mKbeIOf.exe

C:\Windows\System\mKbeIOf.exe

C:\Windows\System\NkjJnEO.exe

C:\Windows\System\NkjJnEO.exe

C:\Windows\System\JTdTOxA.exe

C:\Windows\System\JTdTOxA.exe

C:\Windows\System\ReRGjzM.exe

C:\Windows\System\ReRGjzM.exe

C:\Windows\System\DwjetuD.exe

C:\Windows\System\DwjetuD.exe

C:\Windows\System\BSQIaWK.exe

C:\Windows\System\BSQIaWK.exe

C:\Windows\System\rFyBYMV.exe

C:\Windows\System\rFyBYMV.exe

C:\Windows\System\EdayNuA.exe

C:\Windows\System\EdayNuA.exe

C:\Windows\System\OeFANqB.exe

C:\Windows\System\OeFANqB.exe

C:\Windows\System\gFPxqmf.exe

C:\Windows\System\gFPxqmf.exe

C:\Windows\System\ZCGnPFh.exe

C:\Windows\System\ZCGnPFh.exe

C:\Windows\System\PpZTPnM.exe

C:\Windows\System\PpZTPnM.exe

C:\Windows\System\wUSGxlo.exe

C:\Windows\System\wUSGxlo.exe

C:\Windows\System\wAgiuoL.exe

C:\Windows\System\wAgiuoL.exe

C:\Windows\System\AswIiLk.exe

C:\Windows\System\AswIiLk.exe

C:\Windows\System\BOXDvNA.exe

C:\Windows\System\BOXDvNA.exe

C:\Windows\System\pXlvuUV.exe

C:\Windows\System\pXlvuUV.exe

C:\Windows\System\nFhItTs.exe

C:\Windows\System\nFhItTs.exe

C:\Windows\System\yWVkDAt.exe

C:\Windows\System\yWVkDAt.exe

C:\Windows\System\rGJVOGL.exe

C:\Windows\System\rGJVOGL.exe

C:\Windows\System\vZnToFL.exe

C:\Windows\System\vZnToFL.exe

C:\Windows\System\jBhORCk.exe

C:\Windows\System\jBhORCk.exe

C:\Windows\System\eeIwAEK.exe

C:\Windows\System\eeIwAEK.exe

C:\Windows\System\VJpNavG.exe

C:\Windows\System\VJpNavG.exe

C:\Windows\System\AkekvHD.exe

C:\Windows\System\AkekvHD.exe

C:\Windows\System\HibcLFx.exe

C:\Windows\System\HibcLFx.exe

C:\Windows\System\djeQbZZ.exe

C:\Windows\System\djeQbZZ.exe

C:\Windows\System\OZzcSXs.exe

C:\Windows\System\OZzcSXs.exe

C:\Windows\System\lJmyeva.exe

C:\Windows\System\lJmyeva.exe

C:\Windows\System\zksFemO.exe

C:\Windows\System\zksFemO.exe

C:\Windows\System\krSxXgI.exe

C:\Windows\System\krSxXgI.exe

C:\Windows\System\IWzFywj.exe

C:\Windows\System\IWzFywj.exe

C:\Windows\System\apoiFFM.exe

C:\Windows\System\apoiFFM.exe

C:\Windows\System\wenmDaZ.exe

C:\Windows\System\wenmDaZ.exe

C:\Windows\System\pntgCTO.exe

C:\Windows\System\pntgCTO.exe

C:\Windows\System\GRCOIre.exe

C:\Windows\System\GRCOIre.exe

C:\Windows\System\uIZkrPy.exe

C:\Windows\System\uIZkrPy.exe

C:\Windows\System\bwnixDA.exe

C:\Windows\System\bwnixDA.exe

C:\Windows\System\DFXsdpL.exe

C:\Windows\System\DFXsdpL.exe

C:\Windows\System\DCnOqeo.exe

C:\Windows\System\DCnOqeo.exe

C:\Windows\System\MFqEmyg.exe

C:\Windows\System\MFqEmyg.exe

C:\Windows\System\fquvBCw.exe

C:\Windows\System\fquvBCw.exe

C:\Windows\System\TjMbzfS.exe

C:\Windows\System\TjMbzfS.exe

C:\Windows\System\uCQwwQb.exe

C:\Windows\System\uCQwwQb.exe

C:\Windows\System\YSjvTem.exe

C:\Windows\System\YSjvTem.exe

C:\Windows\System\LWVrGBx.exe

C:\Windows\System\LWVrGBx.exe

C:\Windows\System\xQwtbPK.exe

C:\Windows\System\xQwtbPK.exe

C:\Windows\System\ZNxVkmJ.exe

C:\Windows\System\ZNxVkmJ.exe

C:\Windows\System\KsxXHqR.exe

C:\Windows\System\KsxXHqR.exe

C:\Windows\System\ehYekAG.exe

C:\Windows\System\ehYekAG.exe

C:\Windows\System\rTfknrI.exe

C:\Windows\System\rTfknrI.exe

C:\Windows\System\LZWwJli.exe

C:\Windows\System\LZWwJli.exe

C:\Windows\System\KLzHYtY.exe

C:\Windows\System\KLzHYtY.exe

C:\Windows\System\YLbdYvR.exe

C:\Windows\System\YLbdYvR.exe

C:\Windows\System\KHXgDSn.exe

C:\Windows\System\KHXgDSn.exe

C:\Windows\System\xWYiGBk.exe

C:\Windows\System\xWYiGBk.exe

C:\Windows\System\oHpNwUV.exe

C:\Windows\System\oHpNwUV.exe

C:\Windows\System\OBDcEch.exe

C:\Windows\System\OBDcEch.exe

C:\Windows\System\LZkfpGC.exe

C:\Windows\System\LZkfpGC.exe

C:\Windows\System\jrwoqNt.exe

C:\Windows\System\jrwoqNt.exe

C:\Windows\System\aQfxHXc.exe

C:\Windows\System\aQfxHXc.exe

C:\Windows\System\gbcSzqn.exe

C:\Windows\System\gbcSzqn.exe

C:\Windows\System\hWOQrot.exe

C:\Windows\System\hWOQrot.exe

C:\Windows\System\HzehETS.exe

C:\Windows\System\HzehETS.exe

C:\Windows\System\ULutKaq.exe

C:\Windows\System\ULutKaq.exe

C:\Windows\System\NcbbLXE.exe

C:\Windows\System\NcbbLXE.exe

C:\Windows\System\kBqXPpU.exe

C:\Windows\System\kBqXPpU.exe

C:\Windows\System\csWMwYp.exe

C:\Windows\System\csWMwYp.exe

C:\Windows\System\vsimaVN.exe

C:\Windows\System\vsimaVN.exe

C:\Windows\System\CFkLhWF.exe

C:\Windows\System\CFkLhWF.exe

C:\Windows\System\vvSufns.exe

C:\Windows\System\vvSufns.exe

C:\Windows\System\CmbCXkR.exe

C:\Windows\System\CmbCXkR.exe

C:\Windows\System\EyCCpln.exe

C:\Windows\System\EyCCpln.exe

C:\Windows\System\FwZFJBL.exe

C:\Windows\System\FwZFJBL.exe

C:\Windows\System\WojGwsh.exe

C:\Windows\System\WojGwsh.exe

C:\Windows\System\LQqejfV.exe

C:\Windows\System\LQqejfV.exe

C:\Windows\System\xGxOFAb.exe

C:\Windows\System\xGxOFAb.exe

C:\Windows\System\TgwZgVK.exe

C:\Windows\System\TgwZgVK.exe

C:\Windows\System\AjUIrsX.exe

C:\Windows\System\AjUIrsX.exe

C:\Windows\System\HTJNQYG.exe

C:\Windows\System\HTJNQYG.exe

C:\Windows\System\VlUnajs.exe

C:\Windows\System\VlUnajs.exe

C:\Windows\System\qCxbIpj.exe

C:\Windows\System\qCxbIpj.exe

C:\Windows\System\pYLYVWO.exe

C:\Windows\System\pYLYVWO.exe

C:\Windows\System\UgFLxSL.exe

C:\Windows\System\UgFLxSL.exe

C:\Windows\System\IrwdXND.exe

C:\Windows\System\IrwdXND.exe

C:\Windows\System\ahIxilm.exe

C:\Windows\System\ahIxilm.exe

C:\Windows\System\tHWgtLM.exe

C:\Windows\System\tHWgtLM.exe

C:\Windows\System\xWRhnDq.exe

C:\Windows\System\xWRhnDq.exe

C:\Windows\System\UNuWViQ.exe

C:\Windows\System\UNuWViQ.exe

C:\Windows\System\mzvuLYo.exe

C:\Windows\System\mzvuLYo.exe

C:\Windows\System\HtGjubQ.exe

C:\Windows\System\HtGjubQ.exe

C:\Windows\System\LcJLzdn.exe

C:\Windows\System\LcJLzdn.exe

C:\Windows\System\RErYWOD.exe

C:\Windows\System\RErYWOD.exe

C:\Windows\System\cpcNXvd.exe

C:\Windows\System\cpcNXvd.exe

C:\Windows\System\qzWRnLI.exe

C:\Windows\System\qzWRnLI.exe

C:\Windows\System\fVDOPzr.exe

C:\Windows\System\fVDOPzr.exe

C:\Windows\System\ObwqSXh.exe

C:\Windows\System\ObwqSXh.exe

C:\Windows\System\ayupVeg.exe

C:\Windows\System\ayupVeg.exe

C:\Windows\System\yLPJDgr.exe

C:\Windows\System\yLPJDgr.exe

C:\Windows\System\FZOPjIf.exe

C:\Windows\System\FZOPjIf.exe

C:\Windows\System\xOVTQWX.exe

C:\Windows\System\xOVTQWX.exe

C:\Windows\System\OCnABnv.exe

C:\Windows\System\OCnABnv.exe

C:\Windows\System\YfqKGtr.exe

C:\Windows\System\YfqKGtr.exe

C:\Windows\System\DjgaXph.exe

C:\Windows\System\DjgaXph.exe

C:\Windows\System\vkKWHBW.exe

C:\Windows\System\vkKWHBW.exe

C:\Windows\System\EPJtIEc.exe

C:\Windows\System\EPJtIEc.exe

C:\Windows\System\oggxOPa.exe

C:\Windows\System\oggxOPa.exe

C:\Windows\System\BTxVQxG.exe

C:\Windows\System\BTxVQxG.exe

C:\Windows\System\mQaEhaS.exe

C:\Windows\System\mQaEhaS.exe

C:\Windows\System\cqqDctG.exe

C:\Windows\System\cqqDctG.exe

C:\Windows\System\kFGHUjk.exe

C:\Windows\System\kFGHUjk.exe

C:\Windows\System\PlVFhAG.exe

C:\Windows\System\PlVFhAG.exe

C:\Windows\System\JXgNjgu.exe

C:\Windows\System\JXgNjgu.exe

C:\Windows\System\vyUXlDm.exe

C:\Windows\System\vyUXlDm.exe

C:\Windows\System\sKWRhPf.exe

C:\Windows\System\sKWRhPf.exe

C:\Windows\System\cuxCNkG.exe

C:\Windows\System\cuxCNkG.exe

C:\Windows\System\CbpsGxL.exe

C:\Windows\System\CbpsGxL.exe

C:\Windows\System\XhIEKKC.exe

C:\Windows\System\XhIEKKC.exe

C:\Windows\System\ucVgOXu.exe

C:\Windows\System\ucVgOXu.exe

C:\Windows\System\WTUupRJ.exe

C:\Windows\System\WTUupRJ.exe

C:\Windows\System\gSlvqTm.exe

C:\Windows\System\gSlvqTm.exe

C:\Windows\System\gYJIRfD.exe

C:\Windows\System\gYJIRfD.exe

C:\Windows\System\ZGXSBBp.exe

C:\Windows\System\ZGXSBBp.exe

C:\Windows\System\qLSJvtd.exe

C:\Windows\System\qLSJvtd.exe

C:\Windows\System\bDvjdPq.exe

C:\Windows\System\bDvjdPq.exe

C:\Windows\System\LtxQziY.exe

C:\Windows\System\LtxQziY.exe

C:\Windows\System\fAPHACw.exe

C:\Windows\System\fAPHACw.exe

C:\Windows\System\GhwIaON.exe

C:\Windows\System\GhwIaON.exe

C:\Windows\System\bKizeFl.exe

C:\Windows\System\bKizeFl.exe

C:\Windows\System\kwOriwQ.exe

C:\Windows\System\kwOriwQ.exe

C:\Windows\System\rKxCbwP.exe

C:\Windows\System\rKxCbwP.exe

C:\Windows\System\FkFFMYZ.exe

C:\Windows\System\FkFFMYZ.exe

C:\Windows\System\pfsrMjw.exe

C:\Windows\System\pfsrMjw.exe

C:\Windows\System\RXvtKWf.exe

C:\Windows\System\RXvtKWf.exe

C:\Windows\System\WZhkPzg.exe

C:\Windows\System\WZhkPzg.exe

C:\Windows\System\HgUPGwj.exe

C:\Windows\System\HgUPGwj.exe

C:\Windows\System\wIiXEJx.exe

C:\Windows\System\wIiXEJx.exe

C:\Windows\System\qLOOMni.exe

C:\Windows\System\qLOOMni.exe

C:\Windows\System\nDLEoTN.exe

C:\Windows\System\nDLEoTN.exe

C:\Windows\System\EGIRKuZ.exe

C:\Windows\System\EGIRKuZ.exe

C:\Windows\System\ssNkyZo.exe

C:\Windows\System\ssNkyZo.exe

C:\Windows\System\jZmLCLp.exe

C:\Windows\System\jZmLCLp.exe

C:\Windows\System\yGfKwPQ.exe

C:\Windows\System\yGfKwPQ.exe

C:\Windows\System\cVLBJhp.exe

C:\Windows\System\cVLBJhp.exe

C:\Windows\System\OOIzBLX.exe

C:\Windows\System\OOIzBLX.exe

C:\Windows\System\ZHJsISk.exe

C:\Windows\System\ZHJsISk.exe

C:\Windows\System\gxLTaTv.exe

C:\Windows\System\gxLTaTv.exe

C:\Windows\System\hsKVGBq.exe

C:\Windows\System\hsKVGBq.exe

C:\Windows\System\rQANCEh.exe

C:\Windows\System\rQANCEh.exe

C:\Windows\System\erggNov.exe

C:\Windows\System\erggNov.exe

C:\Windows\System\hRQlHFQ.exe

C:\Windows\System\hRQlHFQ.exe

C:\Windows\System\DuJtIoj.exe

C:\Windows\System\DuJtIoj.exe

C:\Windows\System\cnMspRZ.exe

C:\Windows\System\cnMspRZ.exe

C:\Windows\System\DcGFoyB.exe

C:\Windows\System\DcGFoyB.exe

C:\Windows\System\uJUObuS.exe

C:\Windows\System\uJUObuS.exe

C:\Windows\System\olcmqmB.exe

C:\Windows\System\olcmqmB.exe

C:\Windows\System\AnnDTXN.exe

C:\Windows\System\AnnDTXN.exe

C:\Windows\System\WkCBfpn.exe

C:\Windows\System\WkCBfpn.exe

C:\Windows\System\QmhPwNV.exe

C:\Windows\System\QmhPwNV.exe

C:\Windows\System\YxjDKhQ.exe

C:\Windows\System\YxjDKhQ.exe

C:\Windows\System\vDdyVlW.exe

C:\Windows\System\vDdyVlW.exe

C:\Windows\System\yyZtvoE.exe

C:\Windows\System\yyZtvoE.exe

C:\Windows\System\AxLGGKb.exe

C:\Windows\System\AxLGGKb.exe

C:\Windows\System\KtXcYxA.exe

C:\Windows\System\KtXcYxA.exe

C:\Windows\System\TwxOuvl.exe

C:\Windows\System\TwxOuvl.exe

C:\Windows\System\wvoRYbh.exe

C:\Windows\System\wvoRYbh.exe

C:\Windows\System\tiFoUeM.exe

C:\Windows\System\tiFoUeM.exe

C:\Windows\System\NJFkIiZ.exe

C:\Windows\System\NJFkIiZ.exe

C:\Windows\System\WlJCLRc.exe

C:\Windows\System\WlJCLRc.exe

C:\Windows\System\wYwFkdV.exe

C:\Windows\System\wYwFkdV.exe

C:\Windows\System\WaeWHKh.exe

C:\Windows\System\WaeWHKh.exe

C:\Windows\System\kBspWWs.exe

C:\Windows\System\kBspWWs.exe

C:\Windows\System\aaFioNw.exe

C:\Windows\System\aaFioNw.exe

C:\Windows\System\WNtjRMS.exe

C:\Windows\System\WNtjRMS.exe

C:\Windows\System\qHrDaVg.exe

C:\Windows\System\qHrDaVg.exe

C:\Windows\System\bcsXDAc.exe

C:\Windows\System\bcsXDAc.exe

C:\Windows\System\AZtqZFP.exe

C:\Windows\System\AZtqZFP.exe

C:\Windows\System\zecwIFU.exe

C:\Windows\System\zecwIFU.exe

C:\Windows\System\SAvGhmZ.exe

C:\Windows\System\SAvGhmZ.exe

C:\Windows\System\eSgLUQZ.exe

C:\Windows\System\eSgLUQZ.exe

C:\Windows\System\ITjKyKY.exe

C:\Windows\System\ITjKyKY.exe

C:\Windows\System\nCkODGz.exe

C:\Windows\System\nCkODGz.exe

C:\Windows\System\wtXSqOz.exe

C:\Windows\System\wtXSqOz.exe

C:\Windows\System\mEUfsck.exe

C:\Windows\System\mEUfsck.exe

C:\Windows\System\gcNJQRb.exe

C:\Windows\System\gcNJQRb.exe

C:\Windows\System\MwCeKUi.exe

C:\Windows\System\MwCeKUi.exe

C:\Windows\System\AVAAMbv.exe

C:\Windows\System\AVAAMbv.exe

C:\Windows\System\FBDxiMp.exe

C:\Windows\System\FBDxiMp.exe

C:\Windows\System\nvLfYdx.exe

C:\Windows\System\nvLfYdx.exe

C:\Windows\System\bFHVCho.exe

C:\Windows\System\bFHVCho.exe

C:\Windows\System\odcwlXY.exe

C:\Windows\System\odcwlXY.exe

C:\Windows\System\jWSkdTJ.exe

C:\Windows\System\jWSkdTJ.exe

C:\Windows\System\bvlskRb.exe

C:\Windows\System\bvlskRb.exe

C:\Windows\System\WcMzDHJ.exe

C:\Windows\System\WcMzDHJ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

C:\Windows\system\RqzKldr.exe

MD5 348dd0941f47d33f7403d188a91fd8eb
SHA1 8edc78931c9f8fea49cfb7126edc78b634165bd2
SHA256 588214adf89446d068f4159db4a14eab8d18a0100ebf81e4bb22b54a47f10c74
SHA512 27d035c953aa1837b30c11f674ed51a874f936f712dd4ebbc4a34eaf1466aefb4578f1f9281a5aa670e84f98122506822ec80c072ca3434c80521f03c4b07c11

\Windows\system\THfaWmj.exe

MD5 1f0d08e6306e5cd9892c75dfd25f76ff
SHA1 d3fd247abc5cfeccbf9b9a9f2b720427821c01ad
SHA256 5563890d5b39aeb8324dbb99ae37c162448321ebdbc7cfa2e84a8e72a868dc1c
SHA512 4ab884e60e918dad2d0877452a59725eb9e577d6b3284add6234d77eec15b130743e70a16dcfff85180672e74486486706cbd48d31b8e52379ab5df3ad7a4ea3

memory/2036-0-0x00000000002F0000-0x0000000000300000-memory.dmp

C:\Windows\system\wvCPOtT.exe

MD5 bb70b5b22a1ce809e3128a7c8547a6e0
SHA1 7e0b2ca9f6e6bc35e2bf34bcfe4b43042e91df0b
SHA256 21ff6fff93340c188a3f4017331149fa3428203d1d19224e80d1e6841add91ea
SHA512 a2aca753def276a52f4a07c53c0553e4c5e4f2b202b4dcdf8eecdf9efef9b0ab6d8e50c45924aba601cc4140c2319faa5ef81b77310d6ccf5119de41a636c0f7

C:\Windows\system\PGSaRUH.exe

MD5 bc08c9d92a2ac7b044764b72ee07a1d5
SHA1 e0372226c21c2b22eae6a0b995d3e8d900e82c1d
SHA256 aed69feb294c97845c37f05c5cb3752718e319020db91100aaadbc4ca2e2c250
SHA512 c6a2e856e1bc54bab60d4e35a376ee25d8b441cb5735b3f0b14fe8b6bbcc545c00817264c52afc5467249862d316939f3bc599815e7adee4fb5f9166f59b40b5

C:\Windows\system\JBkDrJm.exe

MD5 218c2267119893699dc45e44afb8ae60
SHA1 a13e1a1b497fa42eebdc4d508bfb393731ed9873
SHA256 ce46be349c2823e91f60ceb77bcd1e0773ab7348f5e570a7dd5688ede99d0473
SHA512 a68fa265fd03878f448d2f5b4b5d6cc7626a8614990afbb54bf87df576a974131a308656cc62f70e258659e922d5d6d14ff94d4537f0349876e2fbc163a7e459

C:\Windows\system\BrHATvV.exe

MD5 692ba56cf6306333d14e826eb5893937
SHA1 f4a806f9584d63cf8278ebc043fe958182c29d27
SHA256 48bed1ff3b5adaeb46ffa2f3c93dc1aa55b8e133ee7c071e4fa19a7e2a44b499
SHA512 a146d0e16e9c9dc49d416f5968d92cc72a61c5e412f0480677fe48e912b16746d24c33e7dd02df0934ae0a63c71e5127d9d727e50d0776997f43e6bac9432205

C:\Windows\system\IZcccbR.exe

MD5 ba034a3fd3cf822c9d21e0e9899ce248
SHA1 b77b372161ad677b6de76f187fe1a9111e06ee55
SHA256 443c73311e5acf884dfd98c8276aa402a5dc3adc079bf17e303325a12d5de753
SHA512 052d971ef3deae3acef17d3146cb5d05e34a9a2feb5424354da8addba9f86998c4d72148a88136e5b4ba035f2829f4273e0caf1a7bd9a8c130fef32af71772c6

C:\Windows\system\rKDBwDI.exe

MD5 93d76b452f804d5346dc2daeee87ef1a
SHA1 8b4ef5daf502e48e19898be7a5a5080d26f64b0c
SHA256 989b04263b95c5cde01cbf4ccdf6943582f9d5f0f517f2e26b2fbbe38728c61c
SHA512 88b0b5efdc62906077574398f0d04d746312eacc34436e14e578502e1a90eeb6889ee95417404cd31dab3a9d5753a45e94739540f2295ab09a7c664e4ba76805

C:\Windows\system\ETXJFOe.exe

MD5 59e0157f598715835c329b1553296153
SHA1 895690a6f575e0b6b1c95b715d42c98fb7b05260
SHA256 8f4f8e9087e51df38b3b89388a2960b96e21ea2aed878c06b2f1006efc6e9adb
SHA512 1c4d7462bfe5689865b7868fd5ed96af57f1e21633f0965f84adfea701267cbe0cda96dec021ec330bf33ae02107c3f445bdc58205bba98097492c99c50d993b

C:\Windows\system\opdmSZm.exe

MD5 5157532c29837ff30ead176b9d562869
SHA1 2e230a71f8841879a5d869e4cd896762a5d0065f
SHA256 e11c29c0719ff2ae2f9f6f2e423c0b54df99c4e30d3c758e2139a9c23d780aa2
SHA512 44a22235f95ed7b49e0df46149d529264ea46ba78257b2c313e6d20793db6eb9d8c5ed07747ad2a822e84e615821ca4b34fa291031159393603628103c7b32ef

C:\Windows\system\bWHDScm.exe

MD5 d65b31564ae7269b4678e9207e35e43d
SHA1 8204281d2e60492a0f76585f73907aef7707acb2
SHA256 63ea645e23f68fe1fc17dda6a5a0c442bd3dd634d3727226923cb0684467ed07
SHA512 52412b96b3240178d82ebb9974756ec245006a0131305fb27d5dd25371301e51a5b629a0d1406b572d30960fac0d0d03c1a283419f6d60d6cc288450e5bdcf46

C:\Windows\system\DwfgElN.exe

MD5 99f3ab1b1a958f9b27624845e5b29376
SHA1 3437aa6ec488511b7af147d4f616abd0bdbeb2b8
SHA256 28874b20d0767566983fb7951a1f3802c5bb287ac25904fb427db5468c636369
SHA512 56ed5b07ba07cc2daf8d7d5254af6f10de1641cefbe8a1333ca9d24ecf728676ed3de3a6b990f23206a5436590f83322fec2be1518b6f55ed454be58590cb74f

C:\Windows\system\iKutOij.exe

MD5 f1dedd08874840e5eb4b36505a5a5883
SHA1 e08e8733901d31285b15df6e4729233fb17bbf56
SHA256 52cc299e175660e80ebfdfd6b2e1c96703a7356e4f5bfa3f029688a97b33bd2c
SHA512 0b10369fd9e962255329999e252bc34e07edefbdb5d81ddcf3f78780bdad11326e4e39d25bc25ac3f9550a9cf61108fe8be7515b908cbf74c96203a275bee575

C:\Windows\system\PgnBoEk.exe

MD5 a7a35ac1d6f999bdabb5005d71db05a9
SHA1 2c5a1f9db8a227f2fe55266fde506d23c4eb4901
SHA256 116f729a1904dd46486a7a31e7ef771657d8c304ad1bbe26cace139ef5b2b6c8
SHA512 c6f2a3ce7b59619bc61bc31c3ebcfab316ae7b9b0ad0a4c1102bae1ce2cb6357f3c8c24051f1112468b523e009f36273cb692523333bec685d801c4456d474cb

memory/2036-406-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2036-627-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2708-630-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2036-633-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2036-639-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2760-638-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2036-641-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-647-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-646-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2544-645-0x000000013F220000-0x000000013F574000-memory.dmp

memory/2036-644-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2596-640-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/1912-643-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2036-637-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2984-636-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2036-635-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2624-634-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2724-632-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2036-631-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-629-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2364-628-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/3064-626-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2036-625-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2804-624-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2036-623-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2808-622-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2036-580-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/1924-567-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2036-566-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2884-565-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

C:\Windows\system\AXkycAx.exe

MD5 b551bfdae8d2502949ba4aa5c983b019
SHA1 75ec40b95c6cca4955a208b904fee42201f65634
SHA256 931f7a3712bce71c1317b8195c14d4fb907c896d1d83cf81869d4d3f01e12f58
SHA512 c563ebc3b58f83aaa96cd58db8038814eb6e533f3180c6c4f5fa79007d084a3fa098bb0c38f71e88d065fb97f50dc316eeb0a593332f48fe4f2761a7c0cfab0d

C:\Windows\system\rhILHVy.exe

MD5 aea3f35cca2fd89886aa38be273703d2
SHA1 377fa9c0c953edeb6f207e2cc451e27edd102b66
SHA256 746286b4ace71b9aa8cffdf48eef49722244bc68497c1968812ab7cfe8907d31
SHA512 56b03d79c4fc20c897e13c3d1b3dde917fa64241a21336f443efb62db32593cd8b52f24e415b3f6268d4ed9527afa9b66e8142052739d8af05e82ed0a8ece3ea

C:\Windows\system\zCDesJe.exe

MD5 60db6fe3f9a6b72da65cf03bdea7a54d
SHA1 4a5448f5faceae424c4fbb628cf02d7bd9cc01d7
SHA256 0198a3622a1b673ca6e1e0d48c6cf8dbf7901217d489b8228c23398b0a52a5ad
SHA512 2bff44642bac7396198a1a0cdeb18f4c367d5be9da37220f73f89722599dde58274e7d4bd0805e91aa79f11ff633d3ec4c7d227d25e5e27252e9941c505c6617

C:\Windows\system\qNjrsbg.exe

MD5 36c7b7fb17b3833a06049c0d6b57088d
SHA1 ebff86e632872c0e73f9995008780334499d3814
SHA256 ba386f725f1b8fd628bf1b3b4c3ee05b133118a0dd05f7efcb7381bb7c6231ab
SHA512 3fd9816b2b6c364e675c28851b50ad424670d94d4499da896ca02b7731bb62b8ca204502321aaf4d2ee66fc734fd1213259cf969e572e470b12460ca801115dd

C:\Windows\system\GqykgiT.exe

MD5 d5cab3db3ad4b3cdc0522a56236835e0
SHA1 4bb5d99aad3b7f347ae469e30ebe3f6b4ffcd290
SHA256 95f4083e9787b3861b89eaa0320543c2eb790cbcac22b5a288fc86db6d285daa
SHA512 bd28cffd9771b2647f0fabdaa79975fc782051f095525a7b8de16fb468c4e2efd19c8c0d0edb6074c678c3a49bb01e504848698532ed04907aaa51a276e36e0b

C:\Windows\system\NsDiALq.exe

MD5 188ef3c3bd1ce4d49ed2e1374423cdba
SHA1 5e72550a5b7be9b2f41023a2d8e2b7aa889ee9f1
SHA256 21d01652e37f8e1930bf36e6034305bc20ae445ffd8bf760e4641f437b3407e0
SHA512 3df9d7d79e56633eff5fa2281e2cfb9653219d5fed7451153d9cd24424a1c23d22cb17ca265964a2acf57bcf2a78be5c2767197ace4a45189b53603bc33d9ea3

C:\Windows\system\yBmnrqS.exe

MD5 fe649d0495d6ac2eb18eb5585324ce69
SHA1 d3d2112fcf485c2335405dfce585aabc8d2bfa51
SHA256 fae4a5ca3dfb2102a739f96ddb30c7cc62eedf85bf174a1975884b5585d98b51
SHA512 2272a05070271a633cd7046a785f21c1c456b63e7b58d631d662e16fe6bd72a3a7034788807ed846095778e505d3c80cde3a6d49c1d24810ba44548cbc3a831d

C:\Windows\system\kjoxczS.exe

MD5 2d296c10037288cc99ebe23f88fbe576
SHA1 c1895397f97f137b3f22afc1bfd008de7382422c
SHA256 2a7e377b33e571fd06882610d6eb17abc94307e08c97b81096a4807bf3bbfe59
SHA512 23b714571756afb3e4f4f8aa4c706f049d5c2bb5d3debac799db5b2e77790c75ee4f642121ed3bfcdf39ea0860adfecb31c7a44ad2b78fb214aa3486fcc8de13

C:\Windows\system\lQgifOF.exe

MD5 b83625c4e17dbab791150794c7a3264b
SHA1 51458ae23e676d8e75e6e2dc756af48deae81bec
SHA256 adbb0886260917eda0e67c952c8b89e9bafa0a3f311d56b64f53551a4dd54b76
SHA512 1832f20f4ed182db6a1f19d8fd1b61d537c4f04973cfa2b70d4e2c7a08f2403f463268cf55270c67332a6d4e2d1d96894a69024b2df11d5220815330141016f4

C:\Windows\system\GsJvCNV.exe

MD5 6fee007d7fd8b94fcd5df40868e00d4d
SHA1 01674ed58643daf0fd4b9071383e54734a2d12f8
SHA256 2fbedc0dde8d48718a9f817da1c76f781db759d96654b7ddde7449c0faeaf637
SHA512 68624ea77316a1140fd335a04dc025c7e8d56481f8e73951c4f71128a9f50fc58a5a14e59abff346da5ff6959af94e7d62f95d76684820515a4c7e9cc6ff344c

C:\Windows\system\wDmLsei.exe

MD5 ff29417fd735896c091c037d3d2690d4
SHA1 13a7937a0c3c65fa49e173802ebad85b0c967734
SHA256 957c3fb7b3c4020aeb56658c8a2973267eb2373e12fa541898295de937cba13e
SHA512 56fd9e1d121a946d3454f639ac5f50a41935b0711d98b366fe6a1af98737425601148c1475cb978a9b3ffb119f4b82338ba88a1856d1d5344af22029a8a91fdf

C:\Windows\system\kAjCROt.exe

MD5 1f6833404a25d550fa1fe9dbf5f73bac
SHA1 31b43c2abc095b8c4577e756dc487e9feb6d4a17
SHA256 003b1dd58601b6243a056355d98e338cbadd5513cfe1358c166337ecf9d076a5
SHA512 c467e07058810121d348437dcf28556ac819b9c7e3f0ae379b046ca619ff17ac8b9e2b86f76f603330ef0ba26ec60efd3662dce48c05950fe6419d2ef88badb1

C:\Windows\system\HcpgzAi.exe

MD5 838824cc91f9444bbb279b49550031bc
SHA1 a7a088aeb1f478dddb61e0d34a75366dd502f1d1
SHA256 0150b36c03336bb8f021a5746c1f1db2478ef188dec3046d2b461eb4d28a374d
SHA512 4dbbdd2ba4ff0275bbe90b9bf66ca4b5bc1e174ecbb12b567a077d6796ea0778ab6f1662d6557dee505301e1265e1889f95d668caefd5c59f43d11b1ec502cbf

C:\Windows\system\NGQDAbA.exe

MD5 eb70ed30ca2b1e248115c71b16091443
SHA1 6776400e27967d8f2c17874ece20020ebd684af2
SHA256 bae9f06b290a2b088fa4f3582e5a9852ea3404702855c9c4877d91ee4204762a
SHA512 a7f000a603f8c9a0fb3b9deb87abe4c5ecdb61bbc8287122e3a6b293110c694d3ce7074e55954007fcf2882ba613ddef4f41162b44106e0e09746024af165bf1

C:\Windows\system\HkWahHL.exe

MD5 bad855d6d4d7b0d78c8d80096dd0756c
SHA1 e131097369745a38a0ef1e5a718632f36dc7ad19
SHA256 bd848f2420032ad5c9bb983017c1e3ce9e774e1e32d8f24fc1d4cf14ea722db6
SHA512 194fdeba05b380a9276682018ccaf5b92e862a9912ff5d9db8d7be7bd675acb7a6e61b9ed245e7e7888f1e5ed14a20e32315a769fc3b7bfb0586ef2703c674ce

C:\Windows\system\jaGNaIf.exe

MD5 fa6273536d5ecd212f9c9f54997a2a08
SHA1 a3dae5a3d98d9220860776878ecc684e0d072380
SHA256 aab1f640467b11f8ab0a54da1e5483b0f5d6e0192473f86339f7e642b90017cd
SHA512 97df94998f76ca63943f71075ecaf7d85875a20317fda35dafdc5af279cabd2c6635293ef5b46f6fc56c5282ee58e87404fbc122776d0afa535ae30d43fe5ae1

C:\Windows\system\eaKTMmk.exe

MD5 a36567e80f07774a7ee79e14a0892a45
SHA1 2022b66ed086af292df7113dc3abe858bb05af52
SHA256 8b735f684a9ae8023c7d36cfa0a93ac494c3fc3125557064eebfca3b6611deca
SHA512 4c83201ddd5234f56671a6fe69e773ec24e2f77675d93f01109bb7eb04a31bcafa439aadfee859c8f444a48824b4f7c3a59baf7e1347130d7e6628bcdfb6ebb4

C:\Windows\system\bVlRVsM.exe

MD5 07b3419d6fec6a28d2a65b93ac6e8127
SHA1 a60288093d2347e8c99fc5416e3752287906e021
SHA256 c3c36dc1084bdcd06590975e471e1dd0feb3cb31ef48cdfea0ec046fe973a9d3
SHA512 61f2e0779b0e8cb4fa833c27963e42e738751d2d32752082a23cebe2fdcf1d0478f78da7a8ea2200f5324bb3cf47b37fd5f38a63e86a5f8f35fa5d9368586c7b

memory/2036-1070-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2036-1071-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2036-1072-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2036-1073-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2036-1074-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2036-1075-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2036-1076-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/2036-1078-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2036-1080-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2036-1082-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-1083-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-1084-0x000000013FBE0000-0x000000013FF34000-memory.dmp

memory/2036-1081-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2036-1079-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2036-1077-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2036-1085-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2884-1086-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/3064-1088-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/2804-1099-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2984-1098-0x000000013F9C0000-0x000000013FD14000-memory.dmp

memory/2544-1097-0x000000013F220000-0x000000013F574000-memory.dmp

memory/2596-1096-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/1924-1095-0x000000013F910000-0x000000013FC64000-memory.dmp

memory/2724-1094-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2364-1093-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2624-1092-0x000000013FF40000-0x0000000140294000-memory.dmp

memory/2808-1091-0x000000013FDA0000-0x00000001400F4000-memory.dmp

memory/2760-1089-0x000000013FBF0000-0x000000013FF44000-memory.dmp

memory/2708-1087-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

memory/1912-1090-0x000000013F2E0000-0x000000013F634000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 02:23

Reported

2024-06-04 02:27

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lkgydZy.exe N/A
N/A N/A C:\Windows\System\WRsqjZd.exe N/A
N/A N/A C:\Windows\System\iqaBxMm.exe N/A
N/A N/A C:\Windows\System\oOFtneo.exe N/A
N/A N/A C:\Windows\System\JfKZHmW.exe N/A
N/A N/A C:\Windows\System\fUjfHhq.exe N/A
N/A N/A C:\Windows\System\HPLdgBE.exe N/A
N/A N/A C:\Windows\System\rcJATdA.exe N/A
N/A N/A C:\Windows\System\vEVEyXL.exe N/A
N/A N/A C:\Windows\System\VuCiGLt.exe N/A
N/A N/A C:\Windows\System\VJyiQGB.exe N/A
N/A N/A C:\Windows\System\yVwEhoa.exe N/A
N/A N/A C:\Windows\System\qJgcmDO.exe N/A
N/A N/A C:\Windows\System\TCFgsyy.exe N/A
N/A N/A C:\Windows\System\ZuaPNtd.exe N/A
N/A N/A C:\Windows\System\RnINPwi.exe N/A
N/A N/A C:\Windows\System\YUiUAug.exe N/A
N/A N/A C:\Windows\System\TIcSXFl.exe N/A
N/A N/A C:\Windows\System\ThWjLup.exe N/A
N/A N/A C:\Windows\System\kSESRsr.exe N/A
N/A N/A C:\Windows\System\LKaxijS.exe N/A
N/A N/A C:\Windows\System\eyjIMuv.exe N/A
N/A N/A C:\Windows\System\wGEOLgh.exe N/A
N/A N/A C:\Windows\System\Zmslxhb.exe N/A
N/A N/A C:\Windows\System\ctcCjoE.exe N/A
N/A N/A C:\Windows\System\fevpExg.exe N/A
N/A N/A C:\Windows\System\AKbXQNX.exe N/A
N/A N/A C:\Windows\System\LmdZlMZ.exe N/A
N/A N/A C:\Windows\System\NeHENYw.exe N/A
N/A N/A C:\Windows\System\xvjzlFS.exe N/A
N/A N/A C:\Windows\System\XyuKBRm.exe N/A
N/A N/A C:\Windows\System\ytkxWsU.exe N/A
N/A N/A C:\Windows\System\BzTAMbN.exe N/A
N/A N/A C:\Windows\System\zIhQRfe.exe N/A
N/A N/A C:\Windows\System\fYPOCVw.exe N/A
N/A N/A C:\Windows\System\ihTUaBT.exe N/A
N/A N/A C:\Windows\System\tBCNVQk.exe N/A
N/A N/A C:\Windows\System\JuKxgLa.exe N/A
N/A N/A C:\Windows\System\dzAXMXW.exe N/A
N/A N/A C:\Windows\System\ilGPmbF.exe N/A
N/A N/A C:\Windows\System\OkRKcEJ.exe N/A
N/A N/A C:\Windows\System\cdGMGut.exe N/A
N/A N/A C:\Windows\System\kEVsIAo.exe N/A
N/A N/A C:\Windows\System\muVOKVF.exe N/A
N/A N/A C:\Windows\System\kzVmpGL.exe N/A
N/A N/A C:\Windows\System\JRnRhgv.exe N/A
N/A N/A C:\Windows\System\Qtirauf.exe N/A
N/A N/A C:\Windows\System\gyKcjmb.exe N/A
N/A N/A C:\Windows\System\KJKReZH.exe N/A
N/A N/A C:\Windows\System\WEmfoqd.exe N/A
N/A N/A C:\Windows\System\oNPLamA.exe N/A
N/A N/A C:\Windows\System\ZRhtHKK.exe N/A
N/A N/A C:\Windows\System\mtktgFj.exe N/A
N/A N/A C:\Windows\System\qTwkvGb.exe N/A
N/A N/A C:\Windows\System\yoZfUEN.exe N/A
N/A N/A C:\Windows\System\KMdQrnN.exe N/A
N/A N/A C:\Windows\System\FRCqYiB.exe N/A
N/A N/A C:\Windows\System\JJZZXzu.exe N/A
N/A N/A C:\Windows\System\fpSQHON.exe N/A
N/A N/A C:\Windows\System\NfNEdEE.exe N/A
N/A N/A C:\Windows\System\VJQrGkj.exe N/A
N/A N/A C:\Windows\System\gchcbRI.exe N/A
N/A N/A C:\Windows\System\vnAhbYw.exe N/A
N/A N/A C:\Windows\System\cKzITCd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\dDKEsYA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HIPeRnW.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICfUdWl.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucxtSjA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXRvzVV.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQUkAgC.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\tDPwfgH.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\lmkGkMF.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\byPLmmr.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThWjLup.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKbXQNX.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\czcbFEr.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqjXDHM.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\zvVWmCI.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KmghSbd.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHvBbQx.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kxqUBJe.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ruinecA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\KuHRrVr.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\XebsKWv.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\PMDIhje.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilGPmbF.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKzITCd.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNVKAlp.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrGQzsp.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cxGZwDg.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\oYAPSXM.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\kdFnCAX.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZiqFvhj.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\TKUyJWF.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jINlQdP.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYqgRrf.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CykYBqL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbVzKQd.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RybJoCk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufLDObz.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\LhhrRKA.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\SLGRpHS.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RiTTYUj.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\StdUQqq.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJoOBky.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucEVgNk.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\JJZZXzu.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\NSthkWe.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\CzxzrII.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FotDSvM.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPnBvWO.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpyYNsL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEbvjaR.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\WaunTTu.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvAfdmQ.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOFYlTU.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\HrIgZvY.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ELoOZAf.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\vnAhbYw.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfICCiY.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wIHJoMR.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wgVTFzW.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlNROBL.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxNaBfn.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\RDpgPNV.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzAXMXW.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\FRCqYiB.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
File created C:\Windows\System\gchcbRI.exe C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1260 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\lkgydZy.exe
PID 1260 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\lkgydZy.exe
PID 1260 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\WRsqjZd.exe
PID 1260 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\WRsqjZd.exe
PID 1260 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\iqaBxMm.exe
PID 1260 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\iqaBxMm.exe
PID 1260 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\oOFtneo.exe
PID 1260 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\oOFtneo.exe
PID 1260 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\JfKZHmW.exe
PID 1260 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\JfKZHmW.exe
PID 1260 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\fUjfHhq.exe
PID 1260 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\fUjfHhq.exe
PID 1260 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HPLdgBE.exe
PID 1260 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\HPLdgBE.exe
PID 1260 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\rcJATdA.exe
PID 1260 wrote to memory of 3924 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\rcJATdA.exe
PID 1260 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\vEVEyXL.exe
PID 1260 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\vEVEyXL.exe
PID 1260 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\VuCiGLt.exe
PID 1260 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\VuCiGLt.exe
PID 1260 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\VJyiQGB.exe
PID 1260 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\VJyiQGB.exe
PID 1260 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\yVwEhoa.exe
PID 1260 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\yVwEhoa.exe
PID 1260 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\qJgcmDO.exe
PID 1260 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\qJgcmDO.exe
PID 1260 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\TCFgsyy.exe
PID 1260 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\TCFgsyy.exe
PID 1260 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ZuaPNtd.exe
PID 1260 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ZuaPNtd.exe
PID 1260 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\RnINPwi.exe
PID 1260 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\RnINPwi.exe
PID 1260 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\YUiUAug.exe
PID 1260 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\YUiUAug.exe
PID 1260 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\TIcSXFl.exe
PID 1260 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\TIcSXFl.exe
PID 1260 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ThWjLup.exe
PID 1260 wrote to memory of 4320 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ThWjLup.exe
PID 1260 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\kSESRsr.exe
PID 1260 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\kSESRsr.exe
PID 1260 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\LKaxijS.exe
PID 1260 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\LKaxijS.exe
PID 1260 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\eyjIMuv.exe
PID 1260 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\eyjIMuv.exe
PID 1260 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wGEOLgh.exe
PID 1260 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\wGEOLgh.exe
PID 1260 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\Zmslxhb.exe
PID 1260 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\Zmslxhb.exe
PID 1260 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ctcCjoE.exe
PID 1260 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ctcCjoE.exe
PID 1260 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\fevpExg.exe
PID 1260 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\fevpExg.exe
PID 1260 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\AKbXQNX.exe
PID 1260 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\AKbXQNX.exe
PID 1260 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\LmdZlMZ.exe
PID 1260 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\LmdZlMZ.exe
PID 1260 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\NeHENYw.exe
PID 1260 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\NeHENYw.exe
PID 1260 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\xvjzlFS.exe
PID 1260 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\xvjzlFS.exe
PID 1260 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\XyuKBRm.exe
PID 1260 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\XyuKBRm.exe
PID 1260 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ytkxWsU.exe
PID 1260 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe C:\Windows\System\ytkxWsU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\21c97d1a62294860b3f4548482169b40_NeikiAnalytics.exe"

C:\Windows\System\lkgydZy.exe

C:\Windows\System\lkgydZy.exe

C:\Windows\System\WRsqjZd.exe

C:\Windows\System\WRsqjZd.exe

C:\Windows\System\iqaBxMm.exe

C:\Windows\System\iqaBxMm.exe

C:\Windows\System\oOFtneo.exe

C:\Windows\System\oOFtneo.exe

C:\Windows\System\JfKZHmW.exe

C:\Windows\System\JfKZHmW.exe

C:\Windows\System\fUjfHhq.exe

C:\Windows\System\fUjfHhq.exe

C:\Windows\System\HPLdgBE.exe

C:\Windows\System\HPLdgBE.exe

C:\Windows\System\rcJATdA.exe

C:\Windows\System\rcJATdA.exe

C:\Windows\System\vEVEyXL.exe

C:\Windows\System\vEVEyXL.exe

C:\Windows\System\VuCiGLt.exe

C:\Windows\System\VuCiGLt.exe

C:\Windows\System\VJyiQGB.exe

C:\Windows\System\VJyiQGB.exe

C:\Windows\System\yVwEhoa.exe

C:\Windows\System\yVwEhoa.exe

C:\Windows\System\qJgcmDO.exe

C:\Windows\System\qJgcmDO.exe

C:\Windows\System\TCFgsyy.exe

C:\Windows\System\TCFgsyy.exe

C:\Windows\System\ZuaPNtd.exe

C:\Windows\System\ZuaPNtd.exe

C:\Windows\System\RnINPwi.exe

C:\Windows\System\RnINPwi.exe

C:\Windows\System\YUiUAug.exe

C:\Windows\System\YUiUAug.exe

C:\Windows\System\TIcSXFl.exe

C:\Windows\System\TIcSXFl.exe

C:\Windows\System\ThWjLup.exe

C:\Windows\System\ThWjLup.exe

C:\Windows\System\kSESRsr.exe

C:\Windows\System\kSESRsr.exe

C:\Windows\System\LKaxijS.exe

C:\Windows\System\LKaxijS.exe

C:\Windows\System\eyjIMuv.exe

C:\Windows\System\eyjIMuv.exe

C:\Windows\System\wGEOLgh.exe

C:\Windows\System\wGEOLgh.exe

C:\Windows\System\Zmslxhb.exe

C:\Windows\System\Zmslxhb.exe

C:\Windows\System\ctcCjoE.exe

C:\Windows\System\ctcCjoE.exe

C:\Windows\System\fevpExg.exe

C:\Windows\System\fevpExg.exe

C:\Windows\System\AKbXQNX.exe

C:\Windows\System\AKbXQNX.exe

C:\Windows\System\LmdZlMZ.exe

C:\Windows\System\LmdZlMZ.exe

C:\Windows\System\NeHENYw.exe

C:\Windows\System\NeHENYw.exe

C:\Windows\System\xvjzlFS.exe

C:\Windows\System\xvjzlFS.exe

C:\Windows\System\XyuKBRm.exe

C:\Windows\System\XyuKBRm.exe

C:\Windows\System\ytkxWsU.exe

C:\Windows\System\ytkxWsU.exe

C:\Windows\System\BzTAMbN.exe

C:\Windows\System\BzTAMbN.exe

C:\Windows\System\fYPOCVw.exe

C:\Windows\System\fYPOCVw.exe

C:\Windows\System\zIhQRfe.exe

C:\Windows\System\zIhQRfe.exe

C:\Windows\System\ihTUaBT.exe

C:\Windows\System\ihTUaBT.exe

C:\Windows\System\tBCNVQk.exe

C:\Windows\System\tBCNVQk.exe

C:\Windows\System\JuKxgLa.exe

C:\Windows\System\JuKxgLa.exe

C:\Windows\System\dzAXMXW.exe

C:\Windows\System\dzAXMXW.exe

C:\Windows\System\ilGPmbF.exe

C:\Windows\System\ilGPmbF.exe

C:\Windows\System\OkRKcEJ.exe

C:\Windows\System\OkRKcEJ.exe

C:\Windows\System\cdGMGut.exe

C:\Windows\System\cdGMGut.exe

C:\Windows\System\kEVsIAo.exe

C:\Windows\System\kEVsIAo.exe

C:\Windows\System\muVOKVF.exe

C:\Windows\System\muVOKVF.exe

C:\Windows\System\kzVmpGL.exe

C:\Windows\System\kzVmpGL.exe

C:\Windows\System\JRnRhgv.exe

C:\Windows\System\JRnRhgv.exe

C:\Windows\System\Qtirauf.exe

C:\Windows\System\Qtirauf.exe

C:\Windows\System\gyKcjmb.exe

C:\Windows\System\gyKcjmb.exe

C:\Windows\System\KJKReZH.exe

C:\Windows\System\KJKReZH.exe

C:\Windows\System\WEmfoqd.exe

C:\Windows\System\WEmfoqd.exe

C:\Windows\System\oNPLamA.exe

C:\Windows\System\oNPLamA.exe

C:\Windows\System\ZRhtHKK.exe

C:\Windows\System\ZRhtHKK.exe

C:\Windows\System\mtktgFj.exe

C:\Windows\System\mtktgFj.exe

C:\Windows\System\qTwkvGb.exe

C:\Windows\System\qTwkvGb.exe

C:\Windows\System\yoZfUEN.exe

C:\Windows\System\yoZfUEN.exe

C:\Windows\System\KMdQrnN.exe

C:\Windows\System\KMdQrnN.exe

C:\Windows\System\FRCqYiB.exe

C:\Windows\System\FRCqYiB.exe

C:\Windows\System\JJZZXzu.exe

C:\Windows\System\JJZZXzu.exe

C:\Windows\System\fpSQHON.exe

C:\Windows\System\fpSQHON.exe

C:\Windows\System\NfNEdEE.exe

C:\Windows\System\NfNEdEE.exe

C:\Windows\System\VJQrGkj.exe

C:\Windows\System\VJQrGkj.exe

C:\Windows\System\gchcbRI.exe

C:\Windows\System\gchcbRI.exe

C:\Windows\System\vnAhbYw.exe

C:\Windows\System\vnAhbYw.exe

C:\Windows\System\cKzITCd.exe

C:\Windows\System\cKzITCd.exe

C:\Windows\System\eruxBMh.exe

C:\Windows\System\eruxBMh.exe

C:\Windows\System\xKKJPIX.exe

C:\Windows\System\xKKJPIX.exe

C:\Windows\System\WGBQWIf.exe

C:\Windows\System\WGBQWIf.exe

C:\Windows\System\kmtqOFu.exe

C:\Windows\System\kmtqOFu.exe

C:\Windows\System\wOzlEnR.exe

C:\Windows\System\wOzlEnR.exe

C:\Windows\System\FuypHhP.exe

C:\Windows\System\FuypHhP.exe

C:\Windows\System\vrZGhNT.exe

C:\Windows\System\vrZGhNT.exe

C:\Windows\System\NkZpGNo.exe

C:\Windows\System\NkZpGNo.exe

C:\Windows\System\reiJIfc.exe

C:\Windows\System\reiJIfc.exe

C:\Windows\System\ORFJpwX.exe

C:\Windows\System\ORFJpwX.exe

C:\Windows\System\czcbFEr.exe

C:\Windows\System\czcbFEr.exe

C:\Windows\System\tQijANT.exe

C:\Windows\System\tQijANT.exe

C:\Windows\System\oNDmSkV.exe

C:\Windows\System\oNDmSkV.exe

C:\Windows\System\daKupzA.exe

C:\Windows\System\daKupzA.exe

C:\Windows\System\tnVwltM.exe

C:\Windows\System\tnVwltM.exe

C:\Windows\System\dSOCnKl.exe

C:\Windows\System\dSOCnKl.exe

C:\Windows\System\cWBYLdl.exe

C:\Windows\System\cWBYLdl.exe

C:\Windows\System\sqzQavY.exe

C:\Windows\System\sqzQavY.exe

C:\Windows\System\wgVTFzW.exe

C:\Windows\System\wgVTFzW.exe

C:\Windows\System\QrwSopk.exe

C:\Windows\System\QrwSopk.exe

C:\Windows\System\YcAEFaq.exe

C:\Windows\System\YcAEFaq.exe

C:\Windows\System\JzIWSne.exe

C:\Windows\System\JzIWSne.exe

C:\Windows\System\XxrhHeT.exe

C:\Windows\System\XxrhHeT.exe

C:\Windows\System\hHvBbQx.exe

C:\Windows\System\hHvBbQx.exe

C:\Windows\System\CykYBqL.exe

C:\Windows\System\CykYBqL.exe

C:\Windows\System\nXRvzVV.exe

C:\Windows\System\nXRvzVV.exe

C:\Windows\System\HVAxZul.exe

C:\Windows\System\HVAxZul.exe

C:\Windows\System\RPtNvOc.exe

C:\Windows\System\RPtNvOc.exe

C:\Windows\System\lmkGkMF.exe

C:\Windows\System\lmkGkMF.exe

C:\Windows\System\KefPRcH.exe

C:\Windows\System\KefPRcH.exe

C:\Windows\System\AySgHmu.exe

C:\Windows\System\AySgHmu.exe

C:\Windows\System\XdOtAhF.exe

C:\Windows\System\XdOtAhF.exe

C:\Windows\System\VNVKAlp.exe

C:\Windows\System\VNVKAlp.exe

C:\Windows\System\ZlNROBL.exe

C:\Windows\System\ZlNROBL.exe

C:\Windows\System\SbVzKQd.exe

C:\Windows\System\SbVzKQd.exe

C:\Windows\System\fQUkAgC.exe

C:\Windows\System\fQUkAgC.exe

C:\Windows\System\RiTTYUj.exe

C:\Windows\System\RiTTYUj.exe

C:\Windows\System\NDqtvqF.exe

C:\Windows\System\NDqtvqF.exe

C:\Windows\System\RIgUtFE.exe

C:\Windows\System\RIgUtFE.exe

C:\Windows\System\vtIkVrz.exe

C:\Windows\System\vtIkVrz.exe

C:\Windows\System\ymhsLTp.exe

C:\Windows\System\ymhsLTp.exe

C:\Windows\System\iqlcaUf.exe

C:\Windows\System\iqlcaUf.exe

C:\Windows\System\tDPwfgH.exe

C:\Windows\System\tDPwfgH.exe

C:\Windows\System\VaJytXN.exe

C:\Windows\System\VaJytXN.exe

C:\Windows\System\dDKEsYA.exe

C:\Windows\System\dDKEsYA.exe

C:\Windows\System\fODtbrg.exe

C:\Windows\System\fODtbrg.exe

C:\Windows\System\BVNrVFr.exe

C:\Windows\System\BVNrVFr.exe

C:\Windows\System\NDnwmWC.exe

C:\Windows\System\NDnwmWC.exe

C:\Windows\System\kFFYYIN.exe

C:\Windows\System\kFFYYIN.exe

C:\Windows\System\KuHRrVr.exe

C:\Windows\System\KuHRrVr.exe

C:\Windows\System\vYPzgpb.exe

C:\Windows\System\vYPzgpb.exe

C:\Windows\System\aAqsZPp.exe

C:\Windows\System\aAqsZPp.exe

C:\Windows\System\wxNaBfn.exe

C:\Windows\System\wxNaBfn.exe

C:\Windows\System\gyVCUuc.exe

C:\Windows\System\gyVCUuc.exe

C:\Windows\System\NZbHYTn.exe

C:\Windows\System\NZbHYTn.exe

C:\Windows\System\StdUQqq.exe

C:\Windows\System\StdUQqq.exe

C:\Windows\System\rfICCiY.exe

C:\Windows\System\rfICCiY.exe

C:\Windows\System\SMCyjlr.exe

C:\Windows\System\SMCyjlr.exe

C:\Windows\System\XebsKWv.exe

C:\Windows\System\XebsKWv.exe

C:\Windows\System\mKbBwIy.exe

C:\Windows\System\mKbBwIy.exe

C:\Windows\System\kxqUBJe.exe

C:\Windows\System\kxqUBJe.exe

C:\Windows\System\NQXxsOU.exe

C:\Windows\System\NQXxsOU.exe

C:\Windows\System\TJoOBky.exe

C:\Windows\System\TJoOBky.exe

C:\Windows\System\WXpuXBt.exe

C:\Windows\System\WXpuXBt.exe

C:\Windows\System\gzgfTKi.exe

C:\Windows\System\gzgfTKi.exe

C:\Windows\System\CrGQzsp.exe

C:\Windows\System\CrGQzsp.exe

C:\Windows\System\YEbvjaR.exe

C:\Windows\System\YEbvjaR.exe

C:\Windows\System\jvDRbuy.exe

C:\Windows\System\jvDRbuy.exe

C:\Windows\System\hofyFmE.exe

C:\Windows\System\hofyFmE.exe

C:\Windows\System\SpapgwD.exe

C:\Windows\System\SpapgwD.exe

C:\Windows\System\DVbJWPl.exe

C:\Windows\System\DVbJWPl.exe

C:\Windows\System\NTBOwFh.exe

C:\Windows\System\NTBOwFh.exe

C:\Windows\System\KVoURjL.exe

C:\Windows\System\KVoURjL.exe

C:\Windows\System\tUOHjpV.exe

C:\Windows\System\tUOHjpV.exe

C:\Windows\System\iPxxaOu.exe

C:\Windows\System\iPxxaOu.exe

C:\Windows\System\wMsbUAi.exe

C:\Windows\System\wMsbUAi.exe

C:\Windows\System\vkdYtiA.exe

C:\Windows\System\vkdYtiA.exe

C:\Windows\System\LrkknjV.exe

C:\Windows\System\LrkknjV.exe

C:\Windows\System\UJMnzgB.exe

C:\Windows\System\UJMnzgB.exe

C:\Windows\System\nNqAHyZ.exe

C:\Windows\System\nNqAHyZ.exe

C:\Windows\System\DUwCYIQ.exe

C:\Windows\System\DUwCYIQ.exe

C:\Windows\System\sjtmhOp.exe

C:\Windows\System\sjtmhOp.exe

C:\Windows\System\axHvrOE.exe

C:\Windows\System\axHvrOE.exe

C:\Windows\System\LhhrRKA.exe

C:\Windows\System\LhhrRKA.exe

C:\Windows\System\qSArILe.exe

C:\Windows\System\qSArILe.exe

C:\Windows\System\FotDSvM.exe

C:\Windows\System\FotDSvM.exe

C:\Windows\System\RybJoCk.exe

C:\Windows\System\RybJoCk.exe

C:\Windows\System\kDodAzc.exe

C:\Windows\System\kDodAzc.exe

C:\Windows\System\wIHJoMR.exe

C:\Windows\System\wIHJoMR.exe

C:\Windows\System\SLGRpHS.exe

C:\Windows\System\SLGRpHS.exe

C:\Windows\System\ArXPKBT.exe

C:\Windows\System\ArXPKBT.exe

C:\Windows\System\WaunTTu.exe

C:\Windows\System\WaunTTu.exe

C:\Windows\System\WuMDeST.exe

C:\Windows\System\WuMDeST.exe

C:\Windows\System\XqTyPWa.exe

C:\Windows\System\XqTyPWa.exe

C:\Windows\System\ayOLsKt.exe

C:\Windows\System\ayOLsKt.exe

C:\Windows\System\uUDUKWq.exe

C:\Windows\System\uUDUKWq.exe

C:\Windows\System\cvAfdmQ.exe

C:\Windows\System\cvAfdmQ.exe

C:\Windows\System\FRLpKBw.exe

C:\Windows\System\FRLpKBw.exe

C:\Windows\System\TKEyGqJ.exe

C:\Windows\System\TKEyGqJ.exe

C:\Windows\System\kMGejBk.exe

C:\Windows\System\kMGejBk.exe

C:\Windows\System\mmeiKxi.exe

C:\Windows\System\mmeiKxi.exe

C:\Windows\System\EVuBfJu.exe

C:\Windows\System\EVuBfJu.exe

C:\Windows\System\IuMsMtG.exe

C:\Windows\System\IuMsMtG.exe

C:\Windows\System\KcdlXAO.exe

C:\Windows\System\KcdlXAO.exe

C:\Windows\System\pWVRcsb.exe

C:\Windows\System\pWVRcsb.exe

C:\Windows\System\WGWNCIB.exe

C:\Windows\System\WGWNCIB.exe

C:\Windows\System\fyvkWZq.exe

C:\Windows\System\fyvkWZq.exe

C:\Windows\System\ruinecA.exe

C:\Windows\System\ruinecA.exe

C:\Windows\System\PxBvQnS.exe

C:\Windows\System\PxBvQnS.exe

C:\Windows\System\VvLnWBM.exe

C:\Windows\System\VvLnWBM.exe

C:\Windows\System\uCZYRIK.exe

C:\Windows\System\uCZYRIK.exe

C:\Windows\System\XcvkUEW.exe

C:\Windows\System\XcvkUEW.exe

C:\Windows\System\NSthkWe.exe

C:\Windows\System\NSthkWe.exe

C:\Windows\System\FruAygC.exe

C:\Windows\System\FruAygC.exe

C:\Windows\System\kdFnCAX.exe

C:\Windows\System\kdFnCAX.exe

C:\Windows\System\PMDIhje.exe

C:\Windows\System\PMDIhje.exe

C:\Windows\System\HhJKVyU.exe

C:\Windows\System\HhJKVyU.exe

C:\Windows\System\ZiqFvhj.exe

C:\Windows\System\ZiqFvhj.exe

C:\Windows\System\jiRUuWi.exe

C:\Windows\System\jiRUuWi.exe

C:\Windows\System\HAPkhjX.exe

C:\Windows\System\HAPkhjX.exe

C:\Windows\System\JSyQHlV.exe

C:\Windows\System\JSyQHlV.exe

C:\Windows\System\xmpOzdd.exe

C:\Windows\System\xmpOzdd.exe

C:\Windows\System\cKVQcPZ.exe

C:\Windows\System\cKVQcPZ.exe

C:\Windows\System\cxGZwDg.exe

C:\Windows\System\cxGZwDg.exe

C:\Windows\System\MIDuXzW.exe

C:\Windows\System\MIDuXzW.exe

C:\Windows\System\elapStH.exe

C:\Windows\System\elapStH.exe

C:\Windows\System\SlIksfC.exe

C:\Windows\System\SlIksfC.exe

C:\Windows\System\yfCoPhH.exe

C:\Windows\System\yfCoPhH.exe

C:\Windows\System\VxzaLyH.exe

C:\Windows\System\VxzaLyH.exe

C:\Windows\System\lCozLhc.exe

C:\Windows\System\lCozLhc.exe

C:\Windows\System\LeTTsgb.exe

C:\Windows\System\LeTTsgb.exe

C:\Windows\System\OCNGJXm.exe

C:\Windows\System\OCNGJXm.exe

C:\Windows\System\UymzBJE.exe

C:\Windows\System\UymzBJE.exe

C:\Windows\System\jaWHzaC.exe

C:\Windows\System\jaWHzaC.exe

C:\Windows\System\iPdCqBC.exe

C:\Windows\System\iPdCqBC.exe

C:\Windows\System\fKTUiOK.exe

C:\Windows\System\fKTUiOK.exe

C:\Windows\System\BNCKHCB.exe

C:\Windows\System\BNCKHCB.exe

C:\Windows\System\CSvGBfv.exe

C:\Windows\System\CSvGBfv.exe

C:\Windows\System\tTUzGOq.exe

C:\Windows\System\tTUzGOq.exe

C:\Windows\System\KAPSJmV.exe

C:\Windows\System\KAPSJmV.exe

C:\Windows\System\weqXkKA.exe

C:\Windows\System\weqXkKA.exe

C:\Windows\System\xqjXDHM.exe

C:\Windows\System\xqjXDHM.exe

C:\Windows\System\zBkszWN.exe

C:\Windows\System\zBkszWN.exe

C:\Windows\System\GPmyLKW.exe

C:\Windows\System\GPmyLKW.exe

C:\Windows\System\OHcqChW.exe

C:\Windows\System\OHcqChW.exe

C:\Windows\System\ZARtHuO.exe

C:\Windows\System\ZARtHuO.exe

C:\Windows\System\yWLUZGi.exe

C:\Windows\System\yWLUZGi.exe

C:\Windows\System\yfWHERn.exe

C:\Windows\System\yfWHERn.exe

C:\Windows\System\GoYxitf.exe

C:\Windows\System\GoYxitf.exe

C:\Windows\System\oDWhYKg.exe

C:\Windows\System\oDWhYKg.exe

C:\Windows\System\vUQMTaH.exe

C:\Windows\System\vUQMTaH.exe

C:\Windows\System\EyUZVwD.exe

C:\Windows\System\EyUZVwD.exe

C:\Windows\System\acIcScp.exe

C:\Windows\System\acIcScp.exe

C:\Windows\System\OflcmxY.exe

C:\Windows\System\OflcmxY.exe

C:\Windows\System\yNVRSBK.exe

C:\Windows\System\yNVRSBK.exe

C:\Windows\System\LznXQrz.exe

C:\Windows\System\LznXQrz.exe

C:\Windows\System\OIuAIVV.exe

C:\Windows\System\OIuAIVV.exe

C:\Windows\System\oYAPSXM.exe

C:\Windows\System\oYAPSXM.exe

C:\Windows\System\HIjRtJT.exe

C:\Windows\System\HIjRtJT.exe

C:\Windows\System\eSTEohv.exe

C:\Windows\System\eSTEohv.exe

C:\Windows\System\jPnBvWO.exe

C:\Windows\System\jPnBvWO.exe

C:\Windows\System\isTElqV.exe

C:\Windows\System\isTElqV.exe

C:\Windows\System\BzGJDVm.exe

C:\Windows\System\BzGJDVm.exe

C:\Windows\System\NZQWwpc.exe

C:\Windows\System\NZQWwpc.exe

C:\Windows\System\hhopUHy.exe

C:\Windows\System\hhopUHy.exe

C:\Windows\System\HIPeRnW.exe

C:\Windows\System\HIPeRnW.exe

C:\Windows\System\bVFuEph.exe

C:\Windows\System\bVFuEph.exe

C:\Windows\System\TKUyJWF.exe

C:\Windows\System\TKUyJWF.exe

C:\Windows\System\PKlkrZQ.exe

C:\Windows\System\PKlkrZQ.exe

C:\Windows\System\IGVuCRU.exe

C:\Windows\System\IGVuCRU.exe

C:\Windows\System\bfaEwsK.exe

C:\Windows\System\bfaEwsK.exe

C:\Windows\System\xrrbRsB.exe

C:\Windows\System\xrrbRsB.exe

C:\Windows\System\aCbdOXI.exe

C:\Windows\System\aCbdOXI.exe

C:\Windows\System\HmovzeS.exe

C:\Windows\System\HmovzeS.exe

C:\Windows\System\jINlQdP.exe

C:\Windows\System\jINlQdP.exe

C:\Windows\System\vYqgRrf.exe

C:\Windows\System\vYqgRrf.exe

C:\Windows\System\mwyElTZ.exe

C:\Windows\System\mwyElTZ.exe

C:\Windows\System\wjvmgFh.exe

C:\Windows\System\wjvmgFh.exe

C:\Windows\System\LdHsHNc.exe

C:\Windows\System\LdHsHNc.exe

C:\Windows\System\IugTSCi.exe

C:\Windows\System\IugTSCi.exe

C:\Windows\System\bfUHVvx.exe

C:\Windows\System\bfUHVvx.exe

C:\Windows\System\tXQbDQZ.exe

C:\Windows\System\tXQbDQZ.exe

C:\Windows\System\hEUYubh.exe

C:\Windows\System\hEUYubh.exe

C:\Windows\System\efQcqwY.exe

C:\Windows\System\efQcqwY.exe

C:\Windows\System\HOFYlTU.exe

C:\Windows\System\HOFYlTU.exe

C:\Windows\System\ufLDObz.exe

C:\Windows\System\ufLDObz.exe

C:\Windows\System\XJPUSis.exe

C:\Windows\System\XJPUSis.exe

C:\Windows\System\ZWhueEE.exe

C:\Windows\System\ZWhueEE.exe

C:\Windows\System\GmPDxjn.exe

C:\Windows\System\GmPDxjn.exe

C:\Windows\System\CzxzrII.exe

C:\Windows\System\CzxzrII.exe

C:\Windows\System\MRWFkmZ.exe

C:\Windows\System\MRWFkmZ.exe

C:\Windows\System\zvVWmCI.exe

C:\Windows\System\zvVWmCI.exe

C:\Windows\System\qrDwFqV.exe

C:\Windows\System\qrDwFqV.exe

C:\Windows\System\lNSLCbL.exe

C:\Windows\System\lNSLCbL.exe

C:\Windows\System\MgqyAAK.exe

C:\Windows\System\MgqyAAK.exe

C:\Windows\System\VJcdZjn.exe

C:\Windows\System\VJcdZjn.exe

C:\Windows\System\ICfUdWl.exe

C:\Windows\System\ICfUdWl.exe

C:\Windows\System\EbrooMT.exe

C:\Windows\System\EbrooMT.exe

C:\Windows\System\xPodbXR.exe

C:\Windows\System\xPodbXR.exe

C:\Windows\System\ucEVgNk.exe

C:\Windows\System\ucEVgNk.exe

C:\Windows\System\jyVOaQt.exe

C:\Windows\System\jyVOaQt.exe

C:\Windows\System\AOaFyar.exe

C:\Windows\System\AOaFyar.exe

C:\Windows\System\dabCifu.exe

C:\Windows\System\dabCifu.exe

C:\Windows\System\gSTfBot.exe

C:\Windows\System\gSTfBot.exe

C:\Windows\System\GfdlziR.exe

C:\Windows\System\GfdlziR.exe

C:\Windows\System\npGYBdC.exe

C:\Windows\System\npGYBdC.exe

C:\Windows\System\OqUTgjs.exe

C:\Windows\System\OqUTgjs.exe

C:\Windows\System\jxzgubD.exe

C:\Windows\System\jxzgubD.exe

C:\Windows\System\FkJcWuq.exe

C:\Windows\System\FkJcWuq.exe

C:\Windows\System\rbkLhsb.exe

C:\Windows\System\rbkLhsb.exe

C:\Windows\System\DmpAujp.exe

C:\Windows\System\DmpAujp.exe

C:\Windows\System\JzARYAU.exe

C:\Windows\System\JzARYAU.exe

C:\Windows\System\zsqEYod.exe

C:\Windows\System\zsqEYod.exe

C:\Windows\System\yHoiDwX.exe

C:\Windows\System\yHoiDwX.exe

C:\Windows\System\RDpgPNV.exe

C:\Windows\System\RDpgPNV.exe

C:\Windows\System\uwipdGL.exe

C:\Windows\System\uwipdGL.exe

C:\Windows\System\XktShII.exe

C:\Windows\System\XktShII.exe

C:\Windows\System\DpmzzdO.exe

C:\Windows\System\DpmzzdO.exe

C:\Windows\System\mxqLqKZ.exe

C:\Windows\System\mxqLqKZ.exe

C:\Windows\System\EIhNKOu.exe

C:\Windows\System\EIhNKOu.exe

C:\Windows\System\bObWNJQ.exe

C:\Windows\System\bObWNJQ.exe

C:\Windows\System\cyxFHgY.exe

C:\Windows\System\cyxFHgY.exe

C:\Windows\System\HrIgZvY.exe

C:\Windows\System\HrIgZvY.exe

C:\Windows\System\dTWgxBe.exe

C:\Windows\System\dTWgxBe.exe

C:\Windows\System\NAnOQqO.exe

C:\Windows\System\NAnOQqO.exe

C:\Windows\System\pChsUZn.exe

C:\Windows\System\pChsUZn.exe

C:\Windows\System\NIbRLCL.exe

C:\Windows\System\NIbRLCL.exe

C:\Windows\System\yHTAThH.exe

C:\Windows\System\yHTAThH.exe

C:\Windows\System\uztYGWP.exe

C:\Windows\System\uztYGWP.exe

C:\Windows\System\NQABUoB.exe

C:\Windows\System\NQABUoB.exe

C:\Windows\System\OmyHuHE.exe

C:\Windows\System\OmyHuHE.exe

C:\Windows\System\VzGECNV.exe

C:\Windows\System\VzGECNV.exe

C:\Windows\System\dsCEfAU.exe

C:\Windows\System\dsCEfAU.exe

C:\Windows\System\TwkeJnI.exe

C:\Windows\System\TwkeJnI.exe

C:\Windows\System\QvjwKvr.exe

C:\Windows\System\QvjwKvr.exe

C:\Windows\System\bqtJhDN.exe

C:\Windows\System\bqtJhDN.exe

C:\Windows\System\wLoQpgf.exe

C:\Windows\System\wLoQpgf.exe

C:\Windows\System\sCCFKKv.exe

C:\Windows\System\sCCFKKv.exe

C:\Windows\System\snWbPaj.exe

C:\Windows\System\snWbPaj.exe

C:\Windows\System\RyfIuvd.exe

C:\Windows\System\RyfIuvd.exe

C:\Windows\System\ajHqDXi.exe

C:\Windows\System\ajHqDXi.exe

C:\Windows\System\KmghSbd.exe

C:\Windows\System\KmghSbd.exe

C:\Windows\System\vJXkEWW.exe

C:\Windows\System\vJXkEWW.exe

C:\Windows\System\hQTExot.exe

C:\Windows\System\hQTExot.exe

C:\Windows\System\dpBcFkv.exe

C:\Windows\System\dpBcFkv.exe

C:\Windows\System\mpbPJOp.exe

C:\Windows\System\mpbPJOp.exe

C:\Windows\System\LcwhTfK.exe

C:\Windows\System\LcwhTfK.exe

C:\Windows\System\rJYZqyf.exe

C:\Windows\System\rJYZqyf.exe

C:\Windows\System\ELoOZAf.exe

C:\Windows\System\ELoOZAf.exe

C:\Windows\System\RLgEFhC.exe

C:\Windows\System\RLgEFhC.exe

C:\Windows\System\YnTVAxE.exe

C:\Windows\System\YnTVAxE.exe

C:\Windows\System\BQpxxlX.exe

C:\Windows\System\BQpxxlX.exe

C:\Windows\System\ucxtSjA.exe

C:\Windows\System\ucxtSjA.exe

C:\Windows\System\iiJzsGk.exe

C:\Windows\System\iiJzsGk.exe

C:\Windows\System\zzsjvjr.exe

C:\Windows\System\zzsjvjr.exe

C:\Windows\System\WpyYNsL.exe

C:\Windows\System\WpyYNsL.exe

C:\Windows\System\uGDQERb.exe

C:\Windows\System\uGDQERb.exe

C:\Windows\System\vDiixSv.exe

C:\Windows\System\vDiixSv.exe

C:\Windows\System\rwwiQpS.exe

C:\Windows\System\rwwiQpS.exe

C:\Windows\System\byPLmmr.exe

C:\Windows\System\byPLmmr.exe

C:\Windows\System\peTxAcW.exe

C:\Windows\System\peTxAcW.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp

Files

memory/1260-0-0x00007FF63F030000-0x00007FF63F384000-memory.dmp

memory/1260-1-0x00000209DA0D0000-0x00000209DA0E0000-memory.dmp

C:\Windows\System\lkgydZy.exe

MD5 c68f1846343a0962e7e5aea5eaf26873
SHA1 eb3e55086573a08173f6b6c836b7a5d812c79b4a
SHA256 24caffa22ee21a7aa4a33819eb57b542585eab69f807ab7a5cb090be751d6c9d
SHA512 0903c1b6a5354f19f62a36b2fa1c79fc5441b6024238f61ed8ab7cd5864ff977f607a0ff7c97cbde0756cb9f9ba7aed0a54fb1baa56273bd9899202ec48f5e80

memory/2248-8-0x00007FF759AB0000-0x00007FF759E04000-memory.dmp

C:\Windows\System\WRsqjZd.exe

MD5 bc22320da40fc141bc63bc3554aed332
SHA1 2fdf0ccabe4b102ae8829e23f467062726e5f363
SHA256 46d81ec974625a4e2d6c325825d826431ac4aef742880d5d74ab26e147d25666
SHA512 54743f208b3794fe5d6ac97207b691542709258e94e576e3cabffa732c901c674bb73aa094bcbb018906a4fb298338fd6469dd59bdd3300d40b5565b86d88f90

C:\Windows\System\iqaBxMm.exe

MD5 c62e823bb0e819ec6676b6d9a3c1997c
SHA1 044d076fc00d0c8fa22dd9e7a86fa1e1d192bfb9
SHA256 f22a02ac53e4db57a6209aa4569748e3f26631c10bfa17c9271d17acadebcb4d
SHA512 7724f0e6d3beced325a9acb7b0b0a710970afb31142ea089f3dbfaaa0f290a1de16e5be6e94ecc58e4f09f4bdfc318c677ffe2b06bdeaa15f168c9fef8088335

memory/4196-14-0x00007FF69C800000-0x00007FF69CB54000-memory.dmp

C:\Windows\System\oOFtneo.exe

MD5 b416fd51ab574f237ffd97e477be0199
SHA1 6574932268914b3ec9aeb33ab8c5f9b2b98b8cf2
SHA256 8a422c676becbf7c22e054b7c6e54b60073b8b84a55cdfc0e67b3b352f2e3730
SHA512 75a239fb4a1469911e1bed4c771f870a0f16114e59401397d905ced63a78ad0d6056e0e930e285f96177999124a139018c5e65120ea575e6376889ea2bb8d2f6

memory/3628-26-0x00007FF6899D0000-0x00007FF689D24000-memory.dmp

memory/1404-25-0x00007FF6E5CD0000-0x00007FF6E6024000-memory.dmp

C:\Windows\System\JfKZHmW.exe

MD5 baeb1340e1bfdf5c93ada8531cc8c201
SHA1 767ee70fa52c22b307535b3aee02e3a81e7b2cab
SHA256 40d27bb10ee28509f9328530a43020ef022b25d6b36cb23c693e80094c78e197
SHA512 b17c1dce4fad49c55a9bdd041371484d87e1d894b483e3783648ae2be703c3bddaa02f9149f53ee375af4493fa0e26482655e3ce70d07b0142ba6170cffa8aac

memory/2224-40-0x00007FF65E610000-0x00007FF65E964000-memory.dmp

C:\Windows\System\HPLdgBE.exe

MD5 0894f8dee1827751c6e8448470222f73
SHA1 c3034e9c69c63ad1aa1360b16f9a5a126cbff882
SHA256 a2da633d13cc211f58a5faf6df05b018a716cb00684753cb4b49daf6158cdf25
SHA512 c45487ed9f64ea55b6e96f9ee4811ca74f3a87cbffbb6f2cd63adab89f5d93972f5facd0be4e3d9a42ff9214b4ccc014f0f7d8ec85538199449f1576e52fd805

memory/2104-51-0x00007FF636530000-0x00007FF636884000-memory.dmp

C:\Windows\System\VuCiGLt.exe

MD5 f91329543086772744c14d332c744992
SHA1 4b3ab666dd055108af85de8d320a9956e2aaa068
SHA256 256b32129356d7ecab2278c60bd45dd0b0f69ddb79923f1e00305f3cdd4a39b3
SHA512 314acd85c98d2813cbec5945a76d55859008fb00ae8711abc4479b520a6f327996e3448f873b6459a9636c6cd30173f7134237421e8eb87c47a315ff7ddf5744

memory/4892-62-0x00007FF663C00000-0x00007FF663F54000-memory.dmp

memory/4476-61-0x00007FF660F60000-0x00007FF6612B4000-memory.dmp

C:\Windows\System\vEVEyXL.exe

MD5 6ff9ad199ce0760ddc948f0e992a3d37
SHA1 908565ae952f74d6a88c42313b96280e5189c6e5
SHA256 9d9d683fa5e37cf777ad7f64a664b57f4c78b2c160873272bd9d0bb639342caf
SHA512 c180b8b55ab29b3ac72868285ed18e8889426aace316d7cacb555097cd08294095437fdc016c7f4dd241a9b04bea8655f38f9c3cd4538fcbd2bfcab5382c6510

memory/3924-56-0x00007FF67D4C0000-0x00007FF67D814000-memory.dmp

C:\Windows\System\rcJATdA.exe

MD5 2457ada81c408eb470d35c697a3eee10
SHA1 e4a42001997aa28a4142e4c75e684c97f296b521
SHA256 fd164ffef35c0f9c5b7ee6e95f62d42d238a17f178b68bc135889918a4b16cf1
SHA512 21cc65faf614d28e6bf6d364857989b771beb268115d4c37abb3291603b434c00642b1c221edd1be1e69ed75e8e1fe82d6cc3461952f89b216a2f5b6fd81887d

C:\Windows\System\VJyiQGB.exe

MD5 29b9de9a0f9abefd23fbcd67e2c0f88c
SHA1 6422f76fb2a438bf4162cecfb714fe782dc2a86c
SHA256 063be696f7367c8d782beb5ad5567e386db0c7b9570b6cf5fd165f06eba1ec87
SHA512 e9b4b1c174441b124ca81e45b6903ec46f8897b84167aaab38cbf98cb0de60ef6b3c567e583579a78b8e69a285cae14b0c00cc8ca009878353268ba2d959514a

C:\Windows\System\yVwEhoa.exe

MD5 edbb6a0e1881dd8f8303db40368458cb
SHA1 f98f9bfce9cc6a776609a02e4c1a33ca1b244051
SHA256 f2bdc78418c0faea728bf4865c31fea8b516cc6ef5c72c85bb759697d4fed136
SHA512 bbeb8dcf1d50ce025cd60120e263b8b592bf74d7408b42edb3f3abc56ee3f87128474040f751c354f029f325e83a0117af729557b7bfdaf1a0934b1d823690ba

C:\Windows\System\TCFgsyy.exe

MD5 844f445a61abc3fe461345086e9990d3
SHA1 fd1d51c24c8029c6d73199804fb8d088961cfe4d
SHA256 dba7ad4d25310b50a7e8a69cb31fbeb80684c4809e017c35508f998693f6f7d1
SHA512 2704c6cf80aac4616fd006bb859c8c3ddefe5dc44b42585e48746006ad76ddc4d9f6ae361d7a39deb0487ececf7ddd4abaf64bbe0b8c92d13478cb42262f4488

C:\Windows\System\YUiUAug.exe

MD5 2d40104805a62fb1e1b8552ba0d9f1db
SHA1 1964acf5320b5ffaae970d831652ad4e804af244
SHA256 50181217abf699037c5d76398a348203abc9ed7a9b26e56b159af0f0bd81a51b
SHA512 96a3554209247b0546dba5fa78a5354b9507f6e59c3616903daf9a05e9a6bc095e9ca0ea0e3374a5279c850ca08cf7815242e97d395b1b9963145bf7e69a2047

C:\Windows\System\kSESRsr.exe

MD5 3dc6b8169bf1c9700e0f8249cd375f81
SHA1 4112f4bfcefc4ceb16f1e1454bcf7a245beff8be
SHA256 7f943e1322cee4291035f863aceeb1367f33e9d9ea5e2144173d100b113d09bb
SHA512 789425e37458b00e4d1ee47245a5b490c1e010ad424565684f278147d2d158710d9584fff9f20de65608a025beb5817a5cd2a91b3fbec9c7b06feb85ebaff652

C:\Windows\System\TIcSXFl.exe

MD5 166e1b51366d1be4a6e556118bc324c5
SHA1 73f1a16340ccad8019ad50ed752b7562978939bc
SHA256 d010c8e3f184c8057dbb1a15bc6551bd7dd2281cfbedadb16107e34e768bbcd9
SHA512 12149af3621edf248c4cff21450ada06fcaf8d66f77b55762aa392e63c9771440c1a3cb1a6a1aa40821e579f265d6fac6cb2ef0afbb0508f32fcd0279c1b6447

memory/3984-122-0x00007FF77A250000-0x00007FF77A5A4000-memory.dmp

memory/644-125-0x00007FF767340000-0x00007FF767694000-memory.dmp

memory/4196-124-0x00007FF69C800000-0x00007FF69CB54000-memory.dmp

memory/1708-123-0x00007FF64D360000-0x00007FF64D6B4000-memory.dmp

memory/4320-121-0x00007FF6D0A60000-0x00007FF6D0DB4000-memory.dmp

memory/1940-120-0x00007FF7E9360000-0x00007FF7E96B4000-memory.dmp

C:\Windows\System\ThWjLup.exe

MD5 bf0a7179569599eddf93d5d0e2c4d6dd
SHA1 6ff1e0249c6d3e5b6fa84dc91e15af2036a7ba77
SHA256 a0e1dcf38436939b3a6cc23f5c3a037b85aba5da396c331709c0e36c35b4fd28
SHA512 a11b6f593cae656099d6e62e72435bc16b7bed5afa6ad814856e799a9b897404039dcc920a763256b6194664acefcb47373fc79d4d4fa029076cf30c5ff654b5

memory/4492-113-0x00007FF65A000000-0x00007FF65A354000-memory.dmp

memory/1712-112-0x00007FF67A080000-0x00007FF67A3D4000-memory.dmp

C:\Windows\System\RnINPwi.exe

MD5 ccc7ef7d6f7b6adb6b24e8ad2acc7894
SHA1 ecb3ba13f8661ddd2e1d9b58df0117d1e0a8b718
SHA256 7785916c3897b195a13ff2d7a51f9120e69976aff2619ff530a2850331755803
SHA512 8a1b135a6a78558c3ee95b472a30377f0795e44eb2cf295d2b1dd06bd019dc658f7dbce544acb5c02cd849f5a8c97c4215819ce33413b7b4a217dc53cbb653ba

memory/2248-102-0x00007FF759AB0000-0x00007FF759E04000-memory.dmp

C:\Windows\System\ZuaPNtd.exe

MD5 8caaf908963094b587c641154d6b049d
SHA1 77aba92f371e289fd22f7a2230dfe4d5b1e49488
SHA256 b958d7886ec3bcd36d011ff5822c85af53560b7019a63ac1e86b35be6267cc98
SHA512 35211b5bdd8a1fe975aa544293d40d32178ec18e239f288c3631aea14200129e66b9872b03972d608c46528eccbd7fda880fc0d1a1354d7229c858e79c831e1f

memory/2004-84-0x00007FF6C4490000-0x00007FF6C47E4000-memory.dmp

C:\Windows\System\qJgcmDO.exe

MD5 5cfb273101a4b516c845801376caa675
SHA1 c9999a977e09d028446032a6783fb8c370d1c9c4
SHA256 de462f772af5ecec3faa85892cb777bf188214787761d0a43dbfa3b8427f4045
SHA512 476f474fded71f43981babc8a44cc78b6322c3fb2a492a6ae0b5403b629b05ab3dd56a815d03249cc01cc445db8c9cd130b01961c8d0f3c6ed8516b3156c4baa

memory/4124-79-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

memory/1260-75-0x00007FF63F030000-0x00007FF63F384000-memory.dmp

memory/4964-70-0x00007FF71E550000-0x00007FF71E8A4000-memory.dmp

C:\Windows\System\fUjfHhq.exe

MD5 a261ea1e21a3abcd30491b07db18f540
SHA1 c91cb967b5a390141be351764885e99d5e110db1
SHA256 cda3ce2a43a2a3a2f2ba7c3ec52fa0becd60c6cd0da22e5702d5f45d1f483238
SHA512 b37f7cd73ee84cf8dd2ae3e68d0192a5a5bba6ce3992d35b94dbf70b701393668a20c71f980d84ca04e25e4a4fafed21b464193a94ccf6711dd9f05a97bf4be0

memory/1108-31-0x00007FF72D850000-0x00007FF72DBA4000-memory.dmp

C:\Windows\System\LKaxijS.exe

MD5 80e88298dd67790b9d114c080b07b323
SHA1 91ad83960161535cfcec4ecd23e9999671546981
SHA256 cafb5a5d36250e0d59ddc91c43dd1fee1aac6955ad6161283588fd93367da64d
SHA512 527d375b714032d396ebf50fba8afb7d8d5d2e08708246c250bbe1efd4ef70c3437994bfd9feb1473b22431529468f61cd06d5b248d9543df5e3cb8cb810bdcd

memory/3140-131-0x00007FF639DF0000-0x00007FF63A144000-memory.dmp

memory/2104-145-0x00007FF636530000-0x00007FF636884000-memory.dmp

memory/4940-154-0x00007FF7EA7E0000-0x00007FF7EAB34000-memory.dmp

C:\Windows\System\xvjzlFS.exe

MD5 3f545301f217bcd946c6a4f15a8cb984
SHA1 1a2fe77683c11e71d26540c2dae51c2aba142d60
SHA256 b9f6354ae1d70570260dc60108c0ceb1187721fc8adbbb80110f2d816e120ddd
SHA512 eef80e45a7a431dee62e859c31969ae5346aae5124e3fa61fe05632d94f785a947fd44088c0871c59223a2988a6e7cffc6c0bee7b56bd9412f4eba57fb3f653f

memory/1328-201-0x00007FF7BFAD0000-0x00007FF7BFE24000-memory.dmp

memory/3396-209-0x00007FF6C0DA0000-0x00007FF6C10F4000-memory.dmp

memory/4760-196-0x00007FF723060000-0x00007FF7233B4000-memory.dmp

C:\Windows\System\BzTAMbN.exe

MD5 4953643d30ecf86ac48679e41f9a7cd9
SHA1 e019e3efa48b7be41c47a1fe80207e8620fd754f
SHA256 da9f18788899893c521543fe691cccccc9bfb99f44ced0dea6e7f6859d7ada4a
SHA512 359b343f8475d207cfeb61dacf9b33d1f9495a077c51e1cc60ab549dafa9777913ee427cd44a0bb5970d65cbff4119ba56afe5222ff9baeb8be494a52823cddd

C:\Windows\System\ytkxWsU.exe

MD5 d2534c3c3e2db9aaa61d2832a9c31d8a
SHA1 a94b98328da83cd18222e04b8339391c02087bc6
SHA256 74161b67340e46c9949fe339d548433354b5f009dd837c48e388dd4cb763096e
SHA512 7bb6bf6f8d98978c495ec2bd5a9e6c6679c9d906a7bbbf19dff191f70031f489773857aced782a9593f31046838be093a1e384e1445f8bd7f38ec852b8fe19c3

C:\Windows\System\XyuKBRm.exe

MD5 5998d1070983cb319a0dc6f5b081ba41
SHA1 7aced0ee9ff9f4a72def59aeedbf6409b47ac3df
SHA256 3d369c1feb1538dce0bddbec0f31b935c1230e0a2591cff616236bd20982394a
SHA512 c48a709e0dad6b1bb67d3678d841a2ddad9fbbda2e3072905f6e7f5371ae1bc6f8f19ad2846071e97164b843d8b65f5ee0146b14b34911859a112f9cca8f2c81

C:\Windows\System\AKbXQNX.exe

MD5 afc0d30401d9ab60d1ca23987cfc9726
SHA1 5fda22cc6fd4a5c60068fb0236ec00fffffea1b7
SHA256 f824c23c748edd6e4a17254d1c5a2f02bfdea0c47d0a2fa412b3478a779d641a
SHA512 6bf3db24437bbe95feda402de821a146f01283879d23d700bab0b0897a8def91a6b794e3c34a9f56ccb965e58ac4cf617e24634b125cd4bc6c313e7926b842b7

memory/1100-241-0x00007FF60CF30000-0x00007FF60D284000-memory.dmp

memory/908-244-0x00007FF7939E0000-0x00007FF793D34000-memory.dmp

C:\Windows\System\NeHENYw.exe

MD5 d99985ce26d28e5b88517b91a5437a48
SHA1 65096cd704d13c939a653eda89219d366f744689
SHA256 df6533149424fcf0bdd85c1f7d2baa3480d6c3ace0f373fd83ff3ccf432f3226
SHA512 475d8741d32f30bda2fa02c0ab81e8ebbfd0f16323cbf1e42df37e8fe00f36637147f88ee6bd50fd71f867acf54f4d20c68f47527e4c1fd7008d233acef82c68

C:\Windows\System\LmdZlMZ.exe

MD5 19fca6660a07f19a8709ffbf172fbadf
SHA1 a113962c46b0879a467e81bcbcd75f89bef8352d
SHA256 ff146afcbd829364c00a7b5a011c5b3cb72a6965966eac177de63c246d8e29f2
SHA512 04aa34498316f4fc2c2c304c272d5a04099c4275e2a5788d812da25b55c8b914385b6a969662267416563f85e5642fbaf9ebffd0bced6ea632e249d8d30d4392

C:\Windows\System\ctcCjoE.exe

MD5 ad2b51634a0094517d6078281d1f6c68
SHA1 692758a19973a5a06a76cf71b299461cbefa9abe
SHA256 ad724952c21d9979d17086ff992e8c29d92836a6314cfbb07dbb61babfd12e4b
SHA512 f8461f6ab1c07f70f22b9e3cbe77bd453dc6cf762869d26f6f57430f5cffaa11b7a25ad01e8afeaa3a06b1854f4ee83e701f23e2f4f63384a966853410f8bb8c

memory/864-171-0x00007FF60F7C0000-0x00007FF60FB14000-memory.dmp

memory/448-166-0x00007FF6D8600000-0x00007FF6D8954000-memory.dmp

C:\Windows\System\fevpExg.exe

MD5 992070a19fbc30dba6ef2ad41355a424
SHA1 b307b6a0216f812076b9e8dff288248d96e8cb0f
SHA256 e0434c482aa5cab04488fb3a00e25f2c4b3422f20304480b61379b4cdedd0196
SHA512 bdd8ed6add3ed1be752cc97720bf7f8bf3b69b66341c43d1abf0eca5162cbd7f10e93f093a351a78618eb3cc361c84de89dcf009fa380e429c8acdf4712614f5

C:\Windows\System\Zmslxhb.exe

MD5 598980b2ceb934585e37c9702608bc7d
SHA1 66474fc53b7ac7694f5e069ba1d998ebb29b050f
SHA256 d44fe943af1a4a7408139040c1da6037626305eb3c3cae0dfc6e852f1bec4e3a
SHA512 afef4f2f31c6a2efa7fa625fdbce51e827e0a44cb05e4668606809d50b4844f9f45cf1701acf52d252c6e2ec8ba2a10a3a15d8713264d09ac05546e87ef93fb8

C:\Windows\System\wGEOLgh.exe

MD5 faaceb598220d5936f8651e82a1135d0
SHA1 96d17fbf884a704fc4855364e68098bc5347d4dc
SHA256 991b8d53596026e80d9962bba75b48a929a9965bdade7f4f9bf52eb833f3cc2b
SHA512 ffe51776131256fc9487f7291d7763afcc0f63b06fd806332cb81110fbc70546c688dd4ecf20bfdfd6966dbec633d7baf8ee19245dbf54efe5951bb0472fbecb

memory/2224-143-0x00007FF65E610000-0x00007FF65E964000-memory.dmp

memory/1108-140-0x00007FF72D850000-0x00007FF72DBA4000-memory.dmp

memory/4476-529-0x00007FF660F60000-0x00007FF6612B4000-memory.dmp

memory/4964-872-0x00007FF71E550000-0x00007FF71E8A4000-memory.dmp

C:\Windows\System\eyjIMuv.exe

MD5 43cbbb3459aa2328e0d0faf2305c5195
SHA1 4cb4dc65a3bfa27fc134231d7d13e0187e812bf7
SHA256 8b399ae096626f815dc55e8ee6c710f484a7efea7ecb7c6311afbfacb8ce308b
SHA512 b49f46bc63b84fb1593ab1093f7f39acbc66c824204c5af9ceeda18af1743d9195ae525e4cc683abe80d271732abb3466134dd30f034e7018fd438cdd2ef584a

memory/4124-1078-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

memory/2248-1079-0x00007FF759AB0000-0x00007FF759E04000-memory.dmp

memory/4196-1080-0x00007FF69C800000-0x00007FF69CB54000-memory.dmp

memory/3628-1082-0x00007FF6899D0000-0x00007FF689D24000-memory.dmp

memory/1404-1081-0x00007FF6E5CD0000-0x00007FF6E6024000-memory.dmp

memory/1108-1083-0x00007FF72D850000-0x00007FF72DBA4000-memory.dmp

memory/3924-1086-0x00007FF67D4C0000-0x00007FF67D814000-memory.dmp

memory/4892-1088-0x00007FF663C00000-0x00007FF663F54000-memory.dmp

memory/4476-1087-0x00007FF660F60000-0x00007FF6612B4000-memory.dmp

memory/2104-1085-0x00007FF636530000-0x00007FF636884000-memory.dmp

memory/2224-1084-0x00007FF65E610000-0x00007FF65E964000-memory.dmp

memory/4964-1089-0x00007FF71E550000-0x00007FF71E8A4000-memory.dmp

memory/2004-1090-0x00007FF6C4490000-0x00007FF6C47E4000-memory.dmp

memory/1708-1092-0x00007FF64D360000-0x00007FF64D6B4000-memory.dmp

memory/1940-1095-0x00007FF7E9360000-0x00007FF7E96B4000-memory.dmp

memory/4492-1094-0x00007FF65A000000-0x00007FF65A354000-memory.dmp

memory/4124-1093-0x00007FF76BC30000-0x00007FF76BF84000-memory.dmp

memory/644-1097-0x00007FF767340000-0x00007FF767694000-memory.dmp

memory/4320-1096-0x00007FF6D0A60000-0x00007FF6D0DB4000-memory.dmp

memory/1712-1091-0x00007FF67A080000-0x00007FF67A3D4000-memory.dmp

memory/3984-1098-0x00007FF77A250000-0x00007FF77A5A4000-memory.dmp

memory/4760-1099-0x00007FF723060000-0x00007FF7233B4000-memory.dmp

memory/3140-1100-0x00007FF639DF0000-0x00007FF63A144000-memory.dmp

memory/4940-1101-0x00007FF7EA7E0000-0x00007FF7EAB34000-memory.dmp

memory/448-1102-0x00007FF6D8600000-0x00007FF6D8954000-memory.dmp

memory/1100-1103-0x00007FF60CF30000-0x00007FF60D284000-memory.dmp

memory/864-1104-0x00007FF60F7C0000-0x00007FF60FB14000-memory.dmp

memory/1328-1107-0x00007FF7BFAD0000-0x00007FF7BFE24000-memory.dmp

memory/4760-1106-0x00007FF723060000-0x00007FF7233B4000-memory.dmp

memory/908-1108-0x00007FF7939E0000-0x00007FF793D34000-memory.dmp

memory/3396-1105-0x00007FF6C0DA0000-0x00007FF6C10F4000-memory.dmp