Malware Analysis Report

2024-10-10 08:52

Sample ID 240605-crnv4scb62
Target 2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe
SHA256 89a9f1a641111862413500b33cb42e99cb5c49140a4123a568fbd6225c64b238
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

89a9f1a641111862413500b33cb42e99cb5c49140a4123a568fbd6225c64b238

Threat Level: Known bad

The file 2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Kpot family

XMRig Miner payload

KPOT

KPOT Core Executable

Xmrig family

xmrig

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 02:18

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 02:18

Reported

2024-06-05 02:27

Platform

win7-20240215-en

Max time kernel

140s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ICBjFjE.exe N/A
N/A N/A C:\Windows\System\OVHePUa.exe N/A
N/A N/A C:\Windows\System\SylLtsn.exe N/A
N/A N/A C:\Windows\System\zWnJtyh.exe N/A
N/A N/A C:\Windows\System\aEheefC.exe N/A
N/A N/A C:\Windows\System\eLJfYVG.exe N/A
N/A N/A C:\Windows\System\nxjtHKx.exe N/A
N/A N/A C:\Windows\System\Yhmuqed.exe N/A
N/A N/A C:\Windows\System\SPNqBoC.exe N/A
N/A N/A C:\Windows\System\IJxQzfu.exe N/A
N/A N/A C:\Windows\System\rzvtQbY.exe N/A
N/A N/A C:\Windows\System\wbGrErM.exe N/A
N/A N/A C:\Windows\System\YcmhKgH.exe N/A
N/A N/A C:\Windows\System\WuQIXNN.exe N/A
N/A N/A C:\Windows\System\CZpYpWO.exe N/A
N/A N/A C:\Windows\System\zeRSAzj.exe N/A
N/A N/A C:\Windows\System\rlrDJkU.exe N/A
N/A N/A C:\Windows\System\JovfxYz.exe N/A
N/A N/A C:\Windows\System\FHiTpSx.exe N/A
N/A N/A C:\Windows\System\ihWbYCP.exe N/A
N/A N/A C:\Windows\System\ZExzcVM.exe N/A
N/A N/A C:\Windows\System\rrrsOEn.exe N/A
N/A N/A C:\Windows\System\BThIIre.exe N/A
N/A N/A C:\Windows\System\teDNFWt.exe N/A
N/A N/A C:\Windows\System\WnrAKTX.exe N/A
N/A N/A C:\Windows\System\fZDcXSO.exe N/A
N/A N/A C:\Windows\System\jThYKco.exe N/A
N/A N/A C:\Windows\System\mxqMtAE.exe N/A
N/A N/A C:\Windows\System\FpIlvnP.exe N/A
N/A N/A C:\Windows\System\HSwFqyH.exe N/A
N/A N/A C:\Windows\System\CzJNygL.exe N/A
N/A N/A C:\Windows\System\RFBovJE.exe N/A
N/A N/A C:\Windows\System\gXKGEGP.exe N/A
N/A N/A C:\Windows\System\WAWWhyS.exe N/A
N/A N/A C:\Windows\System\PcBOyVt.exe N/A
N/A N/A C:\Windows\System\fspZEmi.exe N/A
N/A N/A C:\Windows\System\jmdQYwV.exe N/A
N/A N/A C:\Windows\System\NdMSvuv.exe N/A
N/A N/A C:\Windows\System\dvddQKw.exe N/A
N/A N/A C:\Windows\System\ilhXpNT.exe N/A
N/A N/A C:\Windows\System\jLtmbMm.exe N/A
N/A N/A C:\Windows\System\LpQHCRZ.exe N/A
N/A N/A C:\Windows\System\kwCbviH.exe N/A
N/A N/A C:\Windows\System\mpoIOWX.exe N/A
N/A N/A C:\Windows\System\bzaACYT.exe N/A
N/A N/A C:\Windows\System\lNmKhpR.exe N/A
N/A N/A C:\Windows\System\jVhkrRP.exe N/A
N/A N/A C:\Windows\System\frQkypf.exe N/A
N/A N/A C:\Windows\System\YxhafwG.exe N/A
N/A N/A C:\Windows\System\IYQjVJC.exe N/A
N/A N/A C:\Windows\System\LoGAOAn.exe N/A
N/A N/A C:\Windows\System\JOwvWYi.exe N/A
N/A N/A C:\Windows\System\jvtcZIr.exe N/A
N/A N/A C:\Windows\System\usPbFWb.exe N/A
N/A N/A C:\Windows\System\sThfMkt.exe N/A
N/A N/A C:\Windows\System\PFRDDJj.exe N/A
N/A N/A C:\Windows\System\ZlaCVKE.exe N/A
N/A N/A C:\Windows\System\gZzcWOw.exe N/A
N/A N/A C:\Windows\System\AKXRKhQ.exe N/A
N/A N/A C:\Windows\System\aRXwbaH.exe N/A
N/A N/A C:\Windows\System\hnSIAXr.exe N/A
N/A N/A C:\Windows\System\ouADRTS.exe N/A
N/A N/A C:\Windows\System\LPSWYRj.exe N/A
N/A N/A C:\Windows\System\UyyYjkr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\rDffuYH.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CREcegS.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVVZiCk.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rlykLcP.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HXNgFxJ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gByZnrO.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XhYhSAN.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\woWaLGZ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LKsuyKh.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uAODWbl.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHzBZYM.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xZQEBqu.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RYAWniq.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AFdPgRZ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzfuOZh.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fErwrro.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZpYpWO.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xwiJHBU.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMMnTGS.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XuqUyKr.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLORZfg.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrevORi.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhtEnhN.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TacwtIy.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRyKKgy.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tcEEHMj.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HHwnwQV.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EEEetki.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzEyIfL.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBudnvB.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYwqiKT.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfasmMj.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQhcEMA.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWTkNzA.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wIhmucr.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdqfQyO.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAokwrf.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBhQtMO.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NEpOJQa.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DkATFiv.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FpIlvnP.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FJQMweR.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UxOpGVI.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uWcnXpx.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUUpcDw.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVJGmut.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DYcujOL.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHbdtwo.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHIWCPH.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZZzZkgP.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcsOVDi.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZQlNdo.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EaCjTDB.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHjfFNv.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AKXRKhQ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pvrxvCs.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEmMtHN.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rVXOVtD.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqBRmZe.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lBThIMi.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPNqBoC.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyyYjkr.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WAWWhyS.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bQqRgBZ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ICBjFjE.exe
PID 2016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ICBjFjE.exe
PID 2016 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ICBjFjE.exe
PID 2016 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\OVHePUa.exe
PID 2016 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\OVHePUa.exe
PID 2016 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\OVHePUa.exe
PID 2016 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SylLtsn.exe
PID 2016 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SylLtsn.exe
PID 2016 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SylLtsn.exe
PID 2016 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\aEheefC.exe
PID 2016 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\aEheefC.exe
PID 2016 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\aEheefC.exe
PID 2016 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zWnJtyh.exe
PID 2016 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zWnJtyh.exe
PID 2016 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zWnJtyh.exe
PID 2016 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\eLJfYVG.exe
PID 2016 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\eLJfYVG.exe
PID 2016 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\eLJfYVG.exe
PID 2016 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\nxjtHKx.exe
PID 2016 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\nxjtHKx.exe
PID 2016 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\nxjtHKx.exe
PID 2016 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\Yhmuqed.exe
PID 2016 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\Yhmuqed.exe
PID 2016 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\Yhmuqed.exe
PID 2016 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SPNqBoC.exe
PID 2016 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SPNqBoC.exe
PID 2016 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\SPNqBoC.exe
PID 2016 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\IJxQzfu.exe
PID 2016 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\IJxQzfu.exe
PID 2016 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\IJxQzfu.exe
PID 2016 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rzvtQbY.exe
PID 2016 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rzvtQbY.exe
PID 2016 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rzvtQbY.exe
PID 2016 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\wbGrErM.exe
PID 2016 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\wbGrErM.exe
PID 2016 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\wbGrErM.exe
PID 2016 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\YcmhKgH.exe
PID 2016 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\YcmhKgH.exe
PID 2016 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\YcmhKgH.exe
PID 2016 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\WuQIXNN.exe
PID 2016 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\WuQIXNN.exe
PID 2016 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\WuQIXNN.exe
PID 2016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\CZpYpWO.exe
PID 2016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\CZpYpWO.exe
PID 2016 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\CZpYpWO.exe
PID 2016 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zeRSAzj.exe
PID 2016 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zeRSAzj.exe
PID 2016 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zeRSAzj.exe
PID 2016 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rlrDJkU.exe
PID 2016 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rlrDJkU.exe
PID 2016 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rlrDJkU.exe
PID 2016 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\JovfxYz.exe
PID 2016 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\JovfxYz.exe
PID 2016 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\JovfxYz.exe
PID 2016 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\FHiTpSx.exe
PID 2016 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\FHiTpSx.exe
PID 2016 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\FHiTpSx.exe
PID 2016 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ihWbYCP.exe
PID 2016 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ihWbYCP.exe
PID 2016 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ihWbYCP.exe
PID 2016 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ZExzcVM.exe
PID 2016 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ZExzcVM.exe
PID 2016 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\ZExzcVM.exe
PID 2016 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rrrsOEn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe"

C:\Windows\System\ICBjFjE.exe

C:\Windows\System\ICBjFjE.exe

C:\Windows\System\OVHePUa.exe

C:\Windows\System\OVHePUa.exe

C:\Windows\System\SylLtsn.exe

C:\Windows\System\SylLtsn.exe

C:\Windows\System\aEheefC.exe

C:\Windows\System\aEheefC.exe

C:\Windows\System\zWnJtyh.exe

C:\Windows\System\zWnJtyh.exe

C:\Windows\System\eLJfYVG.exe

C:\Windows\System\eLJfYVG.exe

C:\Windows\System\nxjtHKx.exe

C:\Windows\System\nxjtHKx.exe

C:\Windows\System\Yhmuqed.exe

C:\Windows\System\Yhmuqed.exe

C:\Windows\System\SPNqBoC.exe

C:\Windows\System\SPNqBoC.exe

C:\Windows\System\IJxQzfu.exe

C:\Windows\System\IJxQzfu.exe

C:\Windows\System\rzvtQbY.exe

C:\Windows\System\rzvtQbY.exe

C:\Windows\System\wbGrErM.exe

C:\Windows\System\wbGrErM.exe

C:\Windows\System\YcmhKgH.exe

C:\Windows\System\YcmhKgH.exe

C:\Windows\System\WuQIXNN.exe

C:\Windows\System\WuQIXNN.exe

C:\Windows\System\CZpYpWO.exe

C:\Windows\System\CZpYpWO.exe

C:\Windows\System\zeRSAzj.exe

C:\Windows\System\zeRSAzj.exe

C:\Windows\System\rlrDJkU.exe

C:\Windows\System\rlrDJkU.exe

C:\Windows\System\JovfxYz.exe

C:\Windows\System\JovfxYz.exe

C:\Windows\System\FHiTpSx.exe

C:\Windows\System\FHiTpSx.exe

C:\Windows\System\ihWbYCP.exe

C:\Windows\System\ihWbYCP.exe

C:\Windows\System\ZExzcVM.exe

C:\Windows\System\ZExzcVM.exe

C:\Windows\System\rrrsOEn.exe

C:\Windows\System\rrrsOEn.exe

C:\Windows\System\BThIIre.exe

C:\Windows\System\BThIIre.exe

C:\Windows\System\teDNFWt.exe

C:\Windows\System\teDNFWt.exe

C:\Windows\System\mxqMtAE.exe

C:\Windows\System\mxqMtAE.exe

C:\Windows\System\WnrAKTX.exe

C:\Windows\System\WnrAKTX.exe

C:\Windows\System\fZDcXSO.exe

C:\Windows\System\fZDcXSO.exe

C:\Windows\System\jThYKco.exe

C:\Windows\System\jThYKco.exe

C:\Windows\System\HSwFqyH.exe

C:\Windows\System\HSwFqyH.exe

C:\Windows\System\FpIlvnP.exe

C:\Windows\System\FpIlvnP.exe

C:\Windows\System\CzJNygL.exe

C:\Windows\System\CzJNygL.exe

C:\Windows\System\RFBovJE.exe

C:\Windows\System\RFBovJE.exe

C:\Windows\System\gXKGEGP.exe

C:\Windows\System\gXKGEGP.exe

C:\Windows\System\WAWWhyS.exe

C:\Windows\System\WAWWhyS.exe

C:\Windows\System\PcBOyVt.exe

C:\Windows\System\PcBOyVt.exe

C:\Windows\System\fspZEmi.exe

C:\Windows\System\fspZEmi.exe

C:\Windows\System\jmdQYwV.exe

C:\Windows\System\jmdQYwV.exe

C:\Windows\System\NdMSvuv.exe

C:\Windows\System\NdMSvuv.exe

C:\Windows\System\dvddQKw.exe

C:\Windows\System\dvddQKw.exe

C:\Windows\System\ilhXpNT.exe

C:\Windows\System\ilhXpNT.exe

C:\Windows\System\jLtmbMm.exe

C:\Windows\System\jLtmbMm.exe

C:\Windows\System\LpQHCRZ.exe

C:\Windows\System\LpQHCRZ.exe

C:\Windows\System\kwCbviH.exe

C:\Windows\System\kwCbviH.exe

C:\Windows\System\mpoIOWX.exe

C:\Windows\System\mpoIOWX.exe

C:\Windows\System\bzaACYT.exe

C:\Windows\System\bzaACYT.exe

C:\Windows\System\lNmKhpR.exe

C:\Windows\System\lNmKhpR.exe

C:\Windows\System\jVhkrRP.exe

C:\Windows\System\jVhkrRP.exe

C:\Windows\System\frQkypf.exe

C:\Windows\System\frQkypf.exe

C:\Windows\System\YxhafwG.exe

C:\Windows\System\YxhafwG.exe

C:\Windows\System\IYQjVJC.exe

C:\Windows\System\IYQjVJC.exe

C:\Windows\System\LoGAOAn.exe

C:\Windows\System\LoGAOAn.exe

C:\Windows\System\JOwvWYi.exe

C:\Windows\System\JOwvWYi.exe

C:\Windows\System\jvtcZIr.exe

C:\Windows\System\jvtcZIr.exe

C:\Windows\System\usPbFWb.exe

C:\Windows\System\usPbFWb.exe

C:\Windows\System\sThfMkt.exe

C:\Windows\System\sThfMkt.exe

C:\Windows\System\PFRDDJj.exe

C:\Windows\System\PFRDDJj.exe

C:\Windows\System\ZlaCVKE.exe

C:\Windows\System\ZlaCVKE.exe

C:\Windows\System\gZzcWOw.exe

C:\Windows\System\gZzcWOw.exe

C:\Windows\System\aRXwbaH.exe

C:\Windows\System\aRXwbaH.exe

C:\Windows\System\AKXRKhQ.exe

C:\Windows\System\AKXRKhQ.exe

C:\Windows\System\hnSIAXr.exe

C:\Windows\System\hnSIAXr.exe

C:\Windows\System\ouADRTS.exe

C:\Windows\System\ouADRTS.exe

C:\Windows\System\LPSWYRj.exe

C:\Windows\System\LPSWYRj.exe

C:\Windows\System\UyyYjkr.exe

C:\Windows\System\UyyYjkr.exe

C:\Windows\System\fUaiXJI.exe

C:\Windows\System\fUaiXJI.exe

C:\Windows\System\KUyAdQb.exe

C:\Windows\System\KUyAdQb.exe

C:\Windows\System\kMfjOvP.exe

C:\Windows\System\kMfjOvP.exe

C:\Windows\System\epdeKCE.exe

C:\Windows\System\epdeKCE.exe

C:\Windows\System\FJQMweR.exe

C:\Windows\System\FJQMweR.exe

C:\Windows\System\VLTLmUa.exe

C:\Windows\System\VLTLmUa.exe

C:\Windows\System\woWaLGZ.exe

C:\Windows\System\woWaLGZ.exe

C:\Windows\System\TlApdmD.exe

C:\Windows\System\TlApdmD.exe

C:\Windows\System\iFmprJw.exe

C:\Windows\System\iFmprJw.exe

C:\Windows\System\sziuxEG.exe

C:\Windows\System\sziuxEG.exe

C:\Windows\System\UqyLIqK.exe

C:\Windows\System\UqyLIqK.exe

C:\Windows\System\prFVPEW.exe

C:\Windows\System\prFVPEW.exe

C:\Windows\System\pvrxvCs.exe

C:\Windows\System\pvrxvCs.exe

C:\Windows\System\qNFTMyV.exe

C:\Windows\System\qNFTMyV.exe

C:\Windows\System\uAODWbl.exe

C:\Windows\System\uAODWbl.exe

C:\Windows\System\ctetIJF.exe

C:\Windows\System\ctetIJF.exe

C:\Windows\System\AIBtLbf.exe

C:\Windows\System\AIBtLbf.exe

C:\Windows\System\VwdbORZ.exe

C:\Windows\System\VwdbORZ.exe

C:\Windows\System\GUhMTdE.exe

C:\Windows\System\GUhMTdE.exe

C:\Windows\System\miHDSFK.exe

C:\Windows\System\miHDSFK.exe

C:\Windows\System\jwMwqSR.exe

C:\Windows\System\jwMwqSR.exe

C:\Windows\System\wIhmucr.exe

C:\Windows\System\wIhmucr.exe

C:\Windows\System\eciFpSa.exe

C:\Windows\System\eciFpSa.exe

C:\Windows\System\AFdPgRZ.exe

C:\Windows\System\AFdPgRZ.exe

C:\Windows\System\FJhXwou.exe

C:\Windows\System\FJhXwou.exe

C:\Windows\System\cHgirkV.exe

C:\Windows\System\cHgirkV.exe

C:\Windows\System\aPGmPbG.exe

C:\Windows\System\aPGmPbG.exe

C:\Windows\System\LiZRvAq.exe

C:\Windows\System\LiZRvAq.exe

C:\Windows\System\JrwbGLS.exe

C:\Windows\System\JrwbGLS.exe

C:\Windows\System\YDDMuGn.exe

C:\Windows\System\YDDMuGn.exe

C:\Windows\System\gvjMNTF.exe

C:\Windows\System\gvjMNTF.exe

C:\Windows\System\JxohlnC.exe

C:\Windows\System\JxohlnC.exe

C:\Windows\System\WQikNAo.exe

C:\Windows\System\WQikNAo.exe

C:\Windows\System\KQhcEMA.exe

C:\Windows\System\KQhcEMA.exe

C:\Windows\System\cAztsqV.exe

C:\Windows\System\cAztsqV.exe

C:\Windows\System\mufcrjr.exe

C:\Windows\System\mufcrjr.exe

C:\Windows\System\PtwJalB.exe

C:\Windows\System\PtwJalB.exe

C:\Windows\System\HoRWVCn.exe

C:\Windows\System\HoRWVCn.exe

C:\Windows\System\LJVchWm.exe

C:\Windows\System\LJVchWm.exe

C:\Windows\System\JvPuFjW.exe

C:\Windows\System\JvPuFjW.exe

C:\Windows\System\jUXvHgS.exe

C:\Windows\System\jUXvHgS.exe

C:\Windows\System\pSXDCuP.exe

C:\Windows\System\pSXDCuP.exe

C:\Windows\System\jrXTWNQ.exe

C:\Windows\System\jrXTWNQ.exe

C:\Windows\System\DYcujOL.exe

C:\Windows\System\DYcujOL.exe

C:\Windows\System\zsvoYBq.exe

C:\Windows\System\zsvoYBq.exe

C:\Windows\System\BnEagZM.exe

C:\Windows\System\BnEagZM.exe

C:\Windows\System\lUxqwUj.exe

C:\Windows\System\lUxqwUj.exe

C:\Windows\System\JWTkNzA.exe

C:\Windows\System\JWTkNzA.exe

C:\Windows\System\YQmjRAR.exe

C:\Windows\System\YQmjRAR.exe

C:\Windows\System\IizcLZa.exe

C:\Windows\System\IizcLZa.exe

C:\Windows\System\jzBkdtX.exe

C:\Windows\System\jzBkdtX.exe

C:\Windows\System\HHwnwQV.exe

C:\Windows\System\HHwnwQV.exe

C:\Windows\System\PnuDOSv.exe

C:\Windows\System\PnuDOSv.exe

C:\Windows\System\qJFFskK.exe

C:\Windows\System\qJFFskK.exe

C:\Windows\System\dKrhDuG.exe

C:\Windows\System\dKrhDuG.exe

C:\Windows\System\aROFqWI.exe

C:\Windows\System\aROFqWI.exe

C:\Windows\System\BcuZOdI.exe

C:\Windows\System\BcuZOdI.exe

C:\Windows\System\bFSAWil.exe

C:\Windows\System\bFSAWil.exe

C:\Windows\System\imMHujq.exe

C:\Windows\System\imMHujq.exe

C:\Windows\System\QnwnVQM.exe

C:\Windows\System\QnwnVQM.exe

C:\Windows\System\uiivNqT.exe

C:\Windows\System\uiivNqT.exe

C:\Windows\System\LKsuyKh.exe

C:\Windows\System\LKsuyKh.exe

C:\Windows\System\HvvTuim.exe

C:\Windows\System\HvvTuim.exe

C:\Windows\System\KhHWgnx.exe

C:\Windows\System\KhHWgnx.exe

C:\Windows\System\btRLrFZ.exe

C:\Windows\System\btRLrFZ.exe

C:\Windows\System\VdLhQAy.exe

C:\Windows\System\VdLhQAy.exe

C:\Windows\System\ggyWozU.exe

C:\Windows\System\ggyWozU.exe

C:\Windows\System\TPGUYwp.exe

C:\Windows\System\TPGUYwp.exe

C:\Windows\System\LMFPVnM.exe

C:\Windows\System\LMFPVnM.exe

C:\Windows\System\amLlcZu.exe

C:\Windows\System\amLlcZu.exe

C:\Windows\System\KEzGVlV.exe

C:\Windows\System\KEzGVlV.exe

C:\Windows\System\FYPDpvf.exe

C:\Windows\System\FYPDpvf.exe

C:\Windows\System\XYJiAZu.exe

C:\Windows\System\XYJiAZu.exe

C:\Windows\System\rbwLrvf.exe

C:\Windows\System\rbwLrvf.exe

C:\Windows\System\oMpolsF.exe

C:\Windows\System\oMpolsF.exe

C:\Windows\System\yEmMtHN.exe

C:\Windows\System\yEmMtHN.exe

C:\Windows\System\ZKoAeJI.exe

C:\Windows\System\ZKoAeJI.exe

C:\Windows\System\qxsoZyR.exe

C:\Windows\System\qxsoZyR.exe

C:\Windows\System\wHVIvoI.exe

C:\Windows\System\wHVIvoI.exe

C:\Windows\System\YXrrFDl.exe

C:\Windows\System\YXrrFDl.exe

C:\Windows\System\nnRoVoP.exe

C:\Windows\System\nnRoVoP.exe

C:\Windows\System\hHRYgIR.exe

C:\Windows\System\hHRYgIR.exe

C:\Windows\System\FhtEnhN.exe

C:\Windows\System\FhtEnhN.exe

C:\Windows\System\wfvRoHw.exe

C:\Windows\System\wfvRoHw.exe

C:\Windows\System\sHbdtwo.exe

C:\Windows\System\sHbdtwo.exe

C:\Windows\System\fdqfQyO.exe

C:\Windows\System\fdqfQyO.exe

C:\Windows\System\TacwtIy.exe

C:\Windows\System\TacwtIy.exe

C:\Windows\System\rlykLcP.exe

C:\Windows\System\rlykLcP.exe

C:\Windows\System\qrFsbao.exe

C:\Windows\System\qrFsbao.exe

C:\Windows\System\xzNbORV.exe

C:\Windows\System\xzNbORV.exe

C:\Windows\System\ovNPZOI.exe

C:\Windows\System\ovNPZOI.exe

C:\Windows\System\gtwbDhx.exe

C:\Windows\System\gtwbDhx.exe

C:\Windows\System\tcguwkf.exe

C:\Windows\System\tcguwkf.exe

C:\Windows\System\HxLNIZQ.exe

C:\Windows\System\HxLNIZQ.exe

C:\Windows\System\IfinmZw.exe

C:\Windows\System\IfinmZw.exe

C:\Windows\System\tYrxMLb.exe

C:\Windows\System\tYrxMLb.exe

C:\Windows\System\hagoyat.exe

C:\Windows\System\hagoyat.exe

C:\Windows\System\UOqhnWM.exe

C:\Windows\System\UOqhnWM.exe

C:\Windows\System\YeGNros.exe

C:\Windows\System\YeGNros.exe

C:\Windows\System\VoolNOd.exe

C:\Windows\System\VoolNOd.exe

C:\Windows\System\hunVxlK.exe

C:\Windows\System\hunVxlK.exe

C:\Windows\System\uRcumxr.exe

C:\Windows\System\uRcumxr.exe

C:\Windows\System\WDnkJsU.exe

C:\Windows\System\WDnkJsU.exe

C:\Windows\System\zAeQKrH.exe

C:\Windows\System\zAeQKrH.exe

C:\Windows\System\xmbltrC.exe

C:\Windows\System\xmbltrC.exe

C:\Windows\System\dinWbNw.exe

C:\Windows\System\dinWbNw.exe

C:\Windows\System\EEEetki.exe

C:\Windows\System\EEEetki.exe

C:\Windows\System\lPqqmwr.exe

C:\Windows\System\lPqqmwr.exe

C:\Windows\System\LMMnTGS.exe

C:\Windows\System\LMMnTGS.exe

C:\Windows\System\CREcegS.exe

C:\Windows\System\CREcegS.exe

C:\Windows\System\tAPSguC.exe

C:\Windows\System\tAPSguC.exe

C:\Windows\System\DfeEgCg.exe

C:\Windows\System\DfeEgCg.exe

C:\Windows\System\FjxVefZ.exe

C:\Windows\System\FjxVefZ.exe

C:\Windows\System\XuqUyKr.exe

C:\Windows\System\XuqUyKr.exe

C:\Windows\System\pJAkhnZ.exe

C:\Windows\System\pJAkhnZ.exe

C:\Windows\System\nxLrVjA.exe

C:\Windows\System\nxLrVjA.exe

C:\Windows\System\ShwZHwG.exe

C:\Windows\System\ShwZHwG.exe

C:\Windows\System\ErkcOEh.exe

C:\Windows\System\ErkcOEh.exe

C:\Windows\System\nLORZfg.exe

C:\Windows\System\nLORZfg.exe

C:\Windows\System\QHIWCPH.exe

C:\Windows\System\QHIWCPH.exe

C:\Windows\System\uIMfHvk.exe

C:\Windows\System\uIMfHvk.exe

C:\Windows\System\tIxLrYI.exe

C:\Windows\System\tIxLrYI.exe

C:\Windows\System\SeKWuyI.exe

C:\Windows\System\SeKWuyI.exe

C:\Windows\System\WMEqCpY.exe

C:\Windows\System\WMEqCpY.exe

C:\Windows\System\bQqRgBZ.exe

C:\Windows\System\bQqRgBZ.exe

C:\Windows\System\QHBvKrT.exe

C:\Windows\System\QHBvKrT.exe

C:\Windows\System\xwiJHBU.exe

C:\Windows\System\xwiJHBU.exe

C:\Windows\System\PTFMunh.exe

C:\Windows\System\PTFMunh.exe

C:\Windows\System\oIbGPrK.exe

C:\Windows\System\oIbGPrK.exe

C:\Windows\System\rVXOVtD.exe

C:\Windows\System\rVXOVtD.exe

C:\Windows\System\wUUpcDw.exe

C:\Windows\System\wUUpcDw.exe

C:\Windows\System\luFTyEr.exe

C:\Windows\System\luFTyEr.exe

C:\Windows\System\XhTNqMU.exe

C:\Windows\System\XhTNqMU.exe

C:\Windows\System\vbVtktL.exe

C:\Windows\System\vbVtktL.exe

C:\Windows\System\llKbzbh.exe

C:\Windows\System\llKbzbh.exe

C:\Windows\System\yqBRmZe.exe

C:\Windows\System\yqBRmZe.exe

C:\Windows\System\NAeNIfs.exe

C:\Windows\System\NAeNIfs.exe

C:\Windows\System\JHhlbRO.exe

C:\Windows\System\JHhlbRO.exe

C:\Windows\System\jkdRXQr.exe

C:\Windows\System\jkdRXQr.exe

C:\Windows\System\pBJVWtP.exe

C:\Windows\System\pBJVWtP.exe

C:\Windows\System\YrevORi.exe

C:\Windows\System\YrevORi.exe

C:\Windows\System\MGJvNUm.exe

C:\Windows\System\MGJvNUm.exe

C:\Windows\System\aLrvbDI.exe

C:\Windows\System\aLrvbDI.exe

C:\Windows\System\OsggbeQ.exe

C:\Windows\System\OsggbeQ.exe

C:\Windows\System\POquFUL.exe

C:\Windows\System\POquFUL.exe

C:\Windows\System\PAokwrf.exe

C:\Windows\System\PAokwrf.exe

C:\Windows\System\gAYsXRo.exe

C:\Windows\System\gAYsXRo.exe

C:\Windows\System\alZFwrr.exe

C:\Windows\System\alZFwrr.exe

C:\Windows\System\gBvRNqR.exe

C:\Windows\System\gBvRNqR.exe

C:\Windows\System\PeUttcp.exe

C:\Windows\System\PeUttcp.exe

C:\Windows\System\SBhQtMO.exe

C:\Windows\System\SBhQtMO.exe

C:\Windows\System\ZZzZkgP.exe

C:\Windows\System\ZZzZkgP.exe

C:\Windows\System\PcsOVDi.exe

C:\Windows\System\PcsOVDi.exe

C:\Windows\System\UJPYmvH.exe

C:\Windows\System\UJPYmvH.exe

C:\Windows\System\NfFsjII.exe

C:\Windows\System\NfFsjII.exe

C:\Windows\System\WkQPmqL.exe

C:\Windows\System\WkQPmqL.exe

C:\Windows\System\tGUnLSe.exe

C:\Windows\System\tGUnLSe.exe

C:\Windows\System\AcGLmOs.exe

C:\Windows\System\AcGLmOs.exe

C:\Windows\System\YcIkLmS.exe

C:\Windows\System\YcIkLmS.exe

C:\Windows\System\DefMlLy.exe

C:\Windows\System\DefMlLy.exe

C:\Windows\System\FxQiNtK.exe

C:\Windows\System\FxQiNtK.exe

C:\Windows\System\hPWGYFW.exe

C:\Windows\System\hPWGYFW.exe

C:\Windows\System\cGErbHR.exe

C:\Windows\System\cGErbHR.exe

C:\Windows\System\azeLqQf.exe

C:\Windows\System\azeLqQf.exe

C:\Windows\System\YfTtZjS.exe

C:\Windows\System\YfTtZjS.exe

C:\Windows\System\uVVZiCk.exe

C:\Windows\System\uVVZiCk.exe

C:\Windows\System\FSkmgda.exe

C:\Windows\System\FSkmgda.exe

C:\Windows\System\zzEyIfL.exe

C:\Windows\System\zzEyIfL.exe

C:\Windows\System\wwOYDEe.exe

C:\Windows\System\wwOYDEe.exe

C:\Windows\System\VRyKKgy.exe

C:\Windows\System\VRyKKgy.exe

C:\Windows\System\dIGAeUL.exe

C:\Windows\System\dIGAeUL.exe

C:\Windows\System\NzaoNFw.exe

C:\Windows\System\NzaoNFw.exe

C:\Windows\System\taBKjgd.exe

C:\Windows\System\taBKjgd.exe

C:\Windows\System\MMGQwuF.exe

C:\Windows\System\MMGQwuF.exe

C:\Windows\System\qgIwQKF.exe

C:\Windows\System\qgIwQKF.exe

C:\Windows\System\HXNgFxJ.exe

C:\Windows\System\HXNgFxJ.exe

C:\Windows\System\fbthbUZ.exe

C:\Windows\System\fbthbUZ.exe

C:\Windows\System\JlZISTy.exe

C:\Windows\System\JlZISTy.exe

C:\Windows\System\sFsUGWK.exe

C:\Windows\System\sFsUGWK.exe

C:\Windows\System\hvwqtpC.exe

C:\Windows\System\hvwqtpC.exe

C:\Windows\System\AWhPqTK.exe

C:\Windows\System\AWhPqTK.exe

C:\Windows\System\yBudnvB.exe

C:\Windows\System\yBudnvB.exe

C:\Windows\System\uYwqiKT.exe

C:\Windows\System\uYwqiKT.exe

C:\Windows\System\SzhjTtc.exe

C:\Windows\System\SzhjTtc.exe

C:\Windows\System\Ionamvp.exe

C:\Windows\System\Ionamvp.exe

C:\Windows\System\SVJGmut.exe

C:\Windows\System\SVJGmut.exe

C:\Windows\System\BNDYLlf.exe

C:\Windows\System\BNDYLlf.exe

C:\Windows\System\oeNTTch.exe

C:\Windows\System\oeNTTch.exe

C:\Windows\System\mIDCvVi.exe

C:\Windows\System\mIDCvVi.exe

C:\Windows\System\NEpOJQa.exe

C:\Windows\System\NEpOJQa.exe

C:\Windows\System\gByZnrO.exe

C:\Windows\System\gByZnrO.exe

C:\Windows\System\vwGaJQj.exe

C:\Windows\System\vwGaJQj.exe

C:\Windows\System\DXaLPML.exe

C:\Windows\System\DXaLPML.exe

C:\Windows\System\MTPfSfa.exe

C:\Windows\System\MTPfSfa.exe

C:\Windows\System\DWHUwAS.exe

C:\Windows\System\DWHUwAS.exe

C:\Windows\System\RJboncl.exe

C:\Windows\System\RJboncl.exe

C:\Windows\System\DkATFiv.exe

C:\Windows\System\DkATFiv.exe

C:\Windows\System\ycRGcDf.exe

C:\Windows\System\ycRGcDf.exe

C:\Windows\System\qWwpwXR.exe

C:\Windows\System\qWwpwXR.exe

C:\Windows\System\LScrRfm.exe

C:\Windows\System\LScrRfm.exe

C:\Windows\System\lguiPEr.exe

C:\Windows\System\lguiPEr.exe

C:\Windows\System\aFDZcVI.exe

C:\Windows\System\aFDZcVI.exe

C:\Windows\System\SzMxTIf.exe

C:\Windows\System\SzMxTIf.exe

C:\Windows\System\tnqbnVO.exe

C:\Windows\System\tnqbnVO.exe

C:\Windows\System\uzfuOZh.exe

C:\Windows\System\uzfuOZh.exe

C:\Windows\System\CQMHTRj.exe

C:\Windows\System\CQMHTRj.exe

C:\Windows\System\BfasmMj.exe

C:\Windows\System\BfasmMj.exe

C:\Windows\System\QkaGCSg.exe

C:\Windows\System\QkaGCSg.exe

C:\Windows\System\zCSQxjD.exe

C:\Windows\System\zCSQxjD.exe

C:\Windows\System\VkrXgPM.exe

C:\Windows\System\VkrXgPM.exe

C:\Windows\System\xZQEBqu.exe

C:\Windows\System\xZQEBqu.exe

C:\Windows\System\iLtyDqq.exe

C:\Windows\System\iLtyDqq.exe

C:\Windows\System\UxOpGVI.exe

C:\Windows\System\UxOpGVI.exe

C:\Windows\System\QldJmIp.exe

C:\Windows\System\QldJmIp.exe

C:\Windows\System\RYAWniq.exe

C:\Windows\System\RYAWniq.exe

C:\Windows\System\DnhWtAZ.exe

C:\Windows\System\DnhWtAZ.exe

C:\Windows\System\OjlqaOs.exe

C:\Windows\System\OjlqaOs.exe

C:\Windows\System\bSchryP.exe

C:\Windows\System\bSchryP.exe

C:\Windows\System\tcEEHMj.exe

C:\Windows\System\tcEEHMj.exe

C:\Windows\System\lBThIMi.exe

C:\Windows\System\lBThIMi.exe

C:\Windows\System\IcJxTQT.exe

C:\Windows\System\IcJxTQT.exe

C:\Windows\System\Gkmiell.exe

C:\Windows\System\Gkmiell.exe

C:\Windows\System\uWcnXpx.exe

C:\Windows\System\uWcnXpx.exe

C:\Windows\System\FOOMeAj.exe

C:\Windows\System\FOOMeAj.exe

C:\Windows\System\KBvJEEz.exe

C:\Windows\System\KBvJEEz.exe

C:\Windows\System\OviaKpG.exe

C:\Windows\System\OviaKpG.exe

C:\Windows\System\uiDCwmY.exe

C:\Windows\System\uiDCwmY.exe

C:\Windows\System\sXrijIx.exe

C:\Windows\System\sXrijIx.exe

C:\Windows\System\RiWlTZU.exe

C:\Windows\System\RiWlTZU.exe

C:\Windows\System\fXsluRM.exe

C:\Windows\System\fXsluRM.exe

C:\Windows\System\HxKtqkw.exe

C:\Windows\System\HxKtqkw.exe

C:\Windows\System\fErwrro.exe

C:\Windows\System\fErwrro.exe

C:\Windows\System\YGSZswu.exe

C:\Windows\System\YGSZswu.exe

C:\Windows\System\caqAxnb.exe

C:\Windows\System\caqAxnb.exe

C:\Windows\System\pyrOEVW.exe

C:\Windows\System\pyrOEVW.exe

C:\Windows\System\djQrjNV.exe

C:\Windows\System\djQrjNV.exe

C:\Windows\System\zYrYoTq.exe

C:\Windows\System\zYrYoTq.exe

C:\Windows\System\LsGlgmw.exe

C:\Windows\System\LsGlgmw.exe

C:\Windows\System\MYCXGpV.exe

C:\Windows\System\MYCXGpV.exe

C:\Windows\System\PmlDvhR.exe

C:\Windows\System\PmlDvhR.exe

C:\Windows\System\LowDGVZ.exe

C:\Windows\System\LowDGVZ.exe

C:\Windows\System\DSBLHhI.exe

C:\Windows\System\DSBLHhI.exe

C:\Windows\System\xkEYABE.exe

C:\Windows\System\xkEYABE.exe

C:\Windows\System\XmfaotV.exe

C:\Windows\System\XmfaotV.exe

C:\Windows\System\tiDZCSQ.exe

C:\Windows\System\tiDZCSQ.exe

C:\Windows\System\GnxkbcQ.exe

C:\Windows\System\GnxkbcQ.exe

C:\Windows\System\XhYhSAN.exe

C:\Windows\System\XhYhSAN.exe

C:\Windows\System\rDffuYH.exe

C:\Windows\System\rDffuYH.exe

C:\Windows\System\gpZCllh.exe

C:\Windows\System\gpZCllh.exe

C:\Windows\System\TZQlNdo.exe

C:\Windows\System\TZQlNdo.exe

C:\Windows\System\SSoiytQ.exe

C:\Windows\System\SSoiytQ.exe

C:\Windows\System\ktxSXiy.exe

C:\Windows\System\ktxSXiy.exe

C:\Windows\System\luPQwyI.exe

C:\Windows\System\luPQwyI.exe

C:\Windows\System\EaCjTDB.exe

C:\Windows\System\EaCjTDB.exe

C:\Windows\System\ZfVDuoV.exe

C:\Windows\System\ZfVDuoV.exe

C:\Windows\System\mHjfFNv.exe

C:\Windows\System\mHjfFNv.exe

C:\Windows\System\mHzBZYM.exe

C:\Windows\System\mHzBZYM.exe

C:\Windows\System\QoPoMNr.exe

C:\Windows\System\QoPoMNr.exe

C:\Windows\System\liVCeZG.exe

C:\Windows\System\liVCeZG.exe

C:\Windows\System\BdieLKf.exe

C:\Windows\System\BdieLKf.exe

C:\Windows\System\RHqARVs.exe

C:\Windows\System\RHqARVs.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2016-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2016-1-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\ICBjFjE.exe

MD5 469aca0e2abc33bcc5100f89b3196890
SHA1 b77c2be76b0bcd5c1640c82143bf4ae8abf6ed35
SHA256 8e4d419e754f89fae1d30741df9483d06709f6d20541cbce976b97c6b74f264f
SHA512 bb8f27156094a7b200e5c1844466de9827240ad5c62598ca983899918fcfddc76480438ab7ff457f4059655d26f5dee65f9d3ba57dc850a7e0c1c267d7e2bdae

C:\Windows\system\OVHePUa.exe

MD5 0642442db4acbbfb6037e06789624264
SHA1 923aee440a6887c7a7a8a78085aa492b2cdcee65
SHA256 5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85
SHA512 7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

\Windows\system\aEheefC.exe

MD5 2b325ba998218e1724cf0adeb30ee980
SHA1 91c91f972b93ca21c02dbae5cc375d4e1212c0a0
SHA256 3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9
SHA512 d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

memory/2016-41-0x0000000002010000-0x0000000002364000-memory.dmp

C:\Windows\system\SPNqBoC.exe

MD5 07028623e1fbd44fe1a06d6eae474915
SHA1 b64944942aeb6472f2cf610c5f1671f2fd569669
SHA256 b88a5ed630629712cd7871eff08932028c2d24c880826ebef21c444a855561d3
SHA512 3b14dcf34f01f9f41f0d18e54781687f11e28a1ee55eead145c2ac76a93d8d17c5de9dbaba627b945272b95fc47842785b3f834f26f49f59ebce644e61b6ef3e

memory/2132-64-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2588-72-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2016-92-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2480-114-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2660-115-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2016-118-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2016-123-0x0000000002010000-0x0000000002364000-memory.dmp

C:\Windows\system\ZExzcVM.exe

MD5 6b5887af4274a78686a788865765637c
SHA1 5afc15e6fcbc11377bbabbda47ff43f6ebedd369
SHA256 ecdfed9bc02368fefbebe0d02090e93826b7e5cc1043e339dd245299c8b23006
SHA512 4f563e539f8ec68bbc27d4cc59c42ea4897bb131085e08433f745cc558ab7a030701a601ddb711cda19dfa6cd9086b458fb74762092be15aaa4190c05134d077

memory/2016-132-0x000000013F320000-0x000000013F674000-memory.dmp

C:\Windows\system\rrrsOEn.exe

MD5 4a486a2a371d8db348dc0ad03e9fd9f0
SHA1 edd912c5d606628022dc3216eaf2db7c93554ff7
SHA256 93ebf2ea35e05e71e9c9884bcb76799c1b9f2b81bf8decfe1ec83807b911916b
SHA512 deb1d7cb48c961fa18e748db8dfc9769c6fcedd4b7a26b044181e535fbdb31d7ead7b8ae69fab463473bcf0bbda0affdeecb9deffc51a89c74001f68a98bf60b

memory/2340-142-0x000000013FD80000-0x00000001400D4000-memory.dmp

C:\Windows\system\BThIIre.exe

MD5 6233713d34e02db34bf21bc182c04715
SHA1 3ed3c9763eb5cfe1d8e037fba64818f72bed51f2
SHA256 e52530402f6dd75f6cd45c5abf907f590086680e18c9d33bf0ed4be923f935d6
SHA512 4d616757c923a42da5904e4c5eb6163600173dbb639a8f391ab461881019c236fd44c985dcc2501aeae7de2c2fcc103ab705392b265bfdb2ddc7625ebc327695

C:\Windows\system\mxqMtAE.exe

MD5 7f01870f5e3818afd4d88510f5e2150d
SHA1 0d0cae45f28d967a046f00dab4f3cd50325d7fdb
SHA256 91ce80ddb239f092eb614bd090fa71867cf3de1c3579608f1e7f83d4ccbb192e
SHA512 2574cbbb7a715e6e14d04b8aa4e7da6ed4cb83590400d336de215f4ba78838710797dcd9934b667c9531ac42bd00c80284c32372ba548c897ff7e06af758c8d8

C:\Windows\system\HSwFqyH.exe

MD5 27f1ae58c0e7ea96c463a8f0329d13e3
SHA1 a5352f33f2a7ec676e07aa36bd587f2a910b1502
SHA256 570ef729e78067f9e824a09ee84a0b44c24671dfe07947eaca970f453f235334
SHA512 51c2e61154a9cf7b8c51728bee23d084e40467a64fc74544ed07917de5c42cd2c4f093dc4dba57e475be140334b7f9d2f8c2784d353f9bec4fe5fc6098f5ad70

\Windows\system\RFBovJE.exe

MD5 cdcf7356647142d422479f05aad1001b
SHA1 2fda40d60a5615f87789846dc8219bea51def515
SHA256 2cbe7d6b79d031ef87e25b9df210f15a283114a83369809ccac96683171ab551
SHA512 30ff3785f4f2744e1b83fc3ae807e49c2e99d8ebda936a47f59bd97d0ed22a8fce2c2933fd2a4452a2399dd28d53bea5e5764a413a49014c1a4fa6622137e1e5

C:\Windows\system\RFBovJE.exe

MD5 7ce4ba1725e83a50f64ba525f8815dcf
SHA1 b1714a2d23cfc42c18c37e1546ac0908d8252c04
SHA256 9f7e171000696500dfb6a966f2c3ddf12dc1a77b8276ef660f14f7b7188d2908
SHA512 2dff777f276295d96892e5749316e2e8892ba50f8398f9972ecc2f6e5378213e3cdd31c7c6ab8360d3490d1ec9e77be4e73ac137e108b2eddff2feaaf600be19

\Windows\system\mxqMtAE.exe

MD5 180ec18cff675908ea09fb02b8edeae7
SHA1 908a0fde6e66598e819044f800d2fb12a2c2d5e4
SHA256 35e0571c2720559fc2e392ef1ac01a4890a7f5a52de790fe0560ba1ddb8b0978
SHA512 f4efca4f8c80307ac309f06271cca1b553bd93330b442aaa71749f3ce5f3d47dab778dbee66162c088762bb8f4726a65ed8e5313f9bd8da09d951b910b9f8e49

C:\Windows\system\jThYKco.exe

MD5 d8061570a3d685a09a8726d2e2043dcd
SHA1 5784ed9099dd4b61b63fc8ab2f585fc9e4456099
SHA256 2858747fe15b825bca2004f1fb5434e70a8f8952f994cb7850f53fc69e794e72
SHA512 491823d9b7c3d0e919d65b711645bd0839fa6e3b7a404dd101f61c497b50d40cc12658380d09032bb5d5d2ac84e5d2791f8235e5d4c6f54ca1090b042d3a4b7a

memory/3044-131-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2016-130-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2396-129-0x000000013FC90000-0x000000013FFE4000-memory.dmp

\Windows\system\ZExzcVM.exe

MD5 49267022380827e0001200568f1e81dc
SHA1 7f9fc45c59d6cbaf66635418a40015f99df01296
SHA256 75c54c7daa9ad9573d63de282facc4335e1b41fb499df3b67b282178259b9f86
SHA512 46ae3ac5bda2aba312ecbab0457192d01947c3d56700fe6de810036937b4a6dc5ed4ab1fdf684106550a3b40627cd5534f20654b4366a31b1dd598824bfd3b82

memory/2016-122-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2564-112-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2016-104-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2016-97-0x0000000002010000-0x0000000002364000-memory.dmp

memory/1456-88-0x000000013F320000-0x000000013F674000-memory.dmp

C:\Windows\system\CZpYpWO.exe

MD5 6207c08555e637186de329c9179e16d9
SHA1 09098b1d2cbfb2ab317439f6c4fc0121d5b8f70a
SHA256 90e60744ec9da51fba847be626db348bca6bdaf98ac91b116446f5b42433003b
SHA512 a17015ce5be9dbe107f45a5361c78d0722d3574d1684f1ab5a78044304a8f13b281179a8bde4be29c0529678da2d8332817db568d46fd1e81541274c1a2a6ea7

\Windows\system\CZpYpWO.exe

MD5 d21590ae8170aaccbcd19e7067ab6994
SHA1 10f350169749c21440531509a3e7295f89c18083
SHA256 46a31c66a5e2b5dc524bccbbcd87f163f058b2fedffe048e3850fee93fbd703a
SHA512 0a218e8b4f06e2867073755e2a8ca9407d373ed70a6cdd1433032aeda4491ab35054bde1767383405cb6459bec67b81063efb85a1f210d8040c877770e4e047f

memory/2524-78-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2016-68-0x000000013F490000-0x000000013F7E4000-memory.dmp

\Windows\system\rzvtQbY.exe

MD5 cee1d7c75ec08ec3a0aa1b8d4f177dfa
SHA1 1207597f2e309bc114f05644994b14dd66867494
SHA256 aa8ddc9425332a6bee37c4e0cdbeb60d28c71352fc9d454ff68cbf78457825d8
SHA512 83e5da81ccdb7e0e25cbade96c3e7093378153d455d369d7d4f6a3aea8f892a34b9bfa83bb0709e115260a1817b227b386a9401fd7ac3a3fca4238ed40b276eb

memory/2728-54-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2576-47-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2016-36-0x000000013F060000-0x000000013F3B4000-memory.dmp

C:\Windows\system\eLJfYVG.exe

MD5 f43a908e5b8897492146644492ce0a40
SHA1 7156551e964464b2ff51098850080ee3968d4425
SHA256 38e815d9a7eb7928a3051c9bdce5f68c2dd58a12604c1899303bea8b8584a34c
SHA512 8476c4cc7c63e60a519f4456b4f7e824ad8c79958d3098f187130d019566f1c3424d61ad659a4c4f7bcb7f416610397ebe72490cae24f099dad9e19a93069d4e

memory/2916-22-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2868-14-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2016-10-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2016-1067-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2016-1069-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2016-1070-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2016-1068-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2016-1071-0x000000013FE90000-0x00000001401E4000-memory.dmp

memory/2016-1072-0x0000000002010000-0x0000000002364000-memory.dmp

memory/2868-1073-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2916-1074-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2564-1075-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

memory/2660-1078-0x000000013F980000-0x000000013FCD4000-memory.dmp

memory/2588-1081-0x000000013F490000-0x000000013F7E4000-memory.dmp

memory/2396-1082-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/3044-1084-0x000000013FA00000-0x000000013FD54000-memory.dmp

memory/2524-1083-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/1456-1085-0x000000013F320000-0x000000013F674000-memory.dmp

memory/2340-1086-0x000000013FD80000-0x00000001400D4000-memory.dmp

memory/2132-1080-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2728-1079-0x000000013F0D0000-0x000000013F424000-memory.dmp

memory/2576-1077-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2480-1076-0x000000013F060000-0x000000013F3B4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 02:18

Reported

2024-06-05 02:27

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\yFdlJPa.exe N/A
N/A N/A C:\Windows\System\NUaWJbH.exe N/A
N/A N/A C:\Windows\System\aWrWCNW.exe N/A
N/A N/A C:\Windows\System\rwwqUzm.exe N/A
N/A N/A C:\Windows\System\vdEYpKp.exe N/A
N/A N/A C:\Windows\System\PTVPaZV.exe N/A
N/A N/A C:\Windows\System\JyAwnFd.exe N/A
N/A N/A C:\Windows\System\UDWyrPJ.exe N/A
N/A N/A C:\Windows\System\USeoAfE.exe N/A
N/A N/A C:\Windows\System\QZFqYSM.exe N/A
N/A N/A C:\Windows\System\cHvnvGn.exe N/A
N/A N/A C:\Windows\System\EITcEBE.exe N/A
N/A N/A C:\Windows\System\NCiquPp.exe N/A
N/A N/A C:\Windows\System\yWsUxfF.exe N/A
N/A N/A C:\Windows\System\GpjnnmS.exe N/A
N/A N/A C:\Windows\System\QDIGWFj.exe N/A
N/A N/A C:\Windows\System\tbSmnYW.exe N/A
N/A N/A C:\Windows\System\RzGfYJZ.exe N/A
N/A N/A C:\Windows\System\qSihJGp.exe N/A
N/A N/A C:\Windows\System\pUYpjNA.exe N/A
N/A N/A C:\Windows\System\zPhqNwF.exe N/A
N/A N/A C:\Windows\System\daqbcRa.exe N/A
N/A N/A C:\Windows\System\vDzduFW.exe N/A
N/A N/A C:\Windows\System\Xriwkxt.exe N/A
N/A N/A C:\Windows\System\KQauvnu.exe N/A
N/A N/A C:\Windows\System\GyMZdUU.exe N/A
N/A N/A C:\Windows\System\lQrEpzT.exe N/A
N/A N/A C:\Windows\System\lZodHol.exe N/A
N/A N/A C:\Windows\System\wsgycWd.exe N/A
N/A N/A C:\Windows\System\cWWfuxR.exe N/A
N/A N/A C:\Windows\System\qvvoger.exe N/A
N/A N/A C:\Windows\System\sUFlyiA.exe N/A
N/A N/A C:\Windows\System\LBzcPIa.exe N/A
N/A N/A C:\Windows\System\MFHSNlz.exe N/A
N/A N/A C:\Windows\System\wMHOYzT.exe N/A
N/A N/A C:\Windows\System\YvDJzVX.exe N/A
N/A N/A C:\Windows\System\coMrABL.exe N/A
N/A N/A C:\Windows\System\hKdFeFX.exe N/A
N/A N/A C:\Windows\System\OsfmvkF.exe N/A
N/A N/A C:\Windows\System\xzGdxlN.exe N/A
N/A N/A C:\Windows\System\mijvCOG.exe N/A
N/A N/A C:\Windows\System\jLhQTyX.exe N/A
N/A N/A C:\Windows\System\OfrLoPW.exe N/A
N/A N/A C:\Windows\System\RdqYPgl.exe N/A
N/A N/A C:\Windows\System\nVUebHZ.exe N/A
N/A N/A C:\Windows\System\mbPKnNb.exe N/A
N/A N/A C:\Windows\System\aNfmIdm.exe N/A
N/A N/A C:\Windows\System\RfQiUSR.exe N/A
N/A N/A C:\Windows\System\qYKpllq.exe N/A
N/A N/A C:\Windows\System\InXlAvP.exe N/A
N/A N/A C:\Windows\System\iFGQRpu.exe N/A
N/A N/A C:\Windows\System\KldBbLm.exe N/A
N/A N/A C:\Windows\System\epsAhKL.exe N/A
N/A N/A C:\Windows\System\SsWaWWA.exe N/A
N/A N/A C:\Windows\System\nzSlYRc.exe N/A
N/A N/A C:\Windows\System\oTJMWNk.exe N/A
N/A N/A C:\Windows\System\lcZDWMs.exe N/A
N/A N/A C:\Windows\System\trjiZSO.exe N/A
N/A N/A C:\Windows\System\vrHETek.exe N/A
N/A N/A C:\Windows\System\ftFsDae.exe N/A
N/A N/A C:\Windows\System\JrCbFdK.exe N/A
N/A N/A C:\Windows\System\jZGiLnc.exe N/A
N/A N/A C:\Windows\System\aMATRlL.exe N/A
N/A N/A C:\Windows\System\bAvCuqy.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kgMXKwC.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbNYEth.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyaMyGX.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQBJWrH.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPhqNwF.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nVUebHZ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTcORTD.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjFbqEQ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aWrWCNW.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHBUuqX.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gXqQxHh.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GSqlpdH.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\voNHoPf.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lQKMIGj.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGsNXem.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JKORyeW.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDHtcjD.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UtGtDHJ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MFHSNlz.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LlSjZCt.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KatpCik.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCVJkqg.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWqRfHh.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rwwqUzm.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\POFgGLu.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FyonWQd.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfscHhG.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ztwxrmo.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HdGvLkg.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrCbFdK.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMJnCaE.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\elXqAmM.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNDuhaT.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCsJbtw.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdQbVEw.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZwrsqJp.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EITcEBE.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XdVQnIx.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfjxlFp.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rybXtlJ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPRSvML.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StgAMBg.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VgaXAmp.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xaELtaQ.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVOhIGC.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCuaOpq.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZodHol.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\biiJPoI.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PezsvrP.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xepeSuk.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJUnBaw.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMPpbkC.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yWsUxfF.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\trjiZSO.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QXXAZXY.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YemKMDw.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EfCtSbT.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxSByGS.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdzJTxD.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yzwKybX.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fqjTxkf.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xzGdxlN.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aUXAWkx.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTGxVPB.exe C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3860 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\yFdlJPa.exe
PID 3860 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\yFdlJPa.exe
PID 3860 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\NUaWJbH.exe
PID 3860 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\NUaWJbH.exe
PID 3860 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\aWrWCNW.exe
PID 3860 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\aWrWCNW.exe
PID 3860 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rwwqUzm.exe
PID 3860 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\rwwqUzm.exe
PID 3860 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\vdEYpKp.exe
PID 3860 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\vdEYpKp.exe
PID 3860 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\PTVPaZV.exe
PID 3860 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\PTVPaZV.exe
PID 3860 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\JyAwnFd.exe
PID 3860 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\JyAwnFd.exe
PID 3860 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\UDWyrPJ.exe
PID 3860 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\UDWyrPJ.exe
PID 3860 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\USeoAfE.exe
PID 3860 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\USeoAfE.exe
PID 3860 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\QZFqYSM.exe
PID 3860 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\QZFqYSM.exe
PID 3860 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\cHvnvGn.exe
PID 3860 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\cHvnvGn.exe
PID 3860 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\EITcEBE.exe
PID 3860 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\EITcEBE.exe
PID 3860 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\NCiquPp.exe
PID 3860 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\NCiquPp.exe
PID 3860 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\yWsUxfF.exe
PID 3860 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\yWsUxfF.exe
PID 3860 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\GpjnnmS.exe
PID 3860 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\GpjnnmS.exe
PID 3860 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\QDIGWFj.exe
PID 3860 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\QDIGWFj.exe
PID 3860 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\tbSmnYW.exe
PID 3860 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\tbSmnYW.exe
PID 3860 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\RzGfYJZ.exe
PID 3860 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\RzGfYJZ.exe
PID 3860 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\qSihJGp.exe
PID 3860 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\qSihJGp.exe
PID 3860 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\pUYpjNA.exe
PID 3860 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\pUYpjNA.exe
PID 3860 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zPhqNwF.exe
PID 3860 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\zPhqNwF.exe
PID 3860 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\daqbcRa.exe
PID 3860 wrote to memory of 964 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\daqbcRa.exe
PID 3860 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\vDzduFW.exe
PID 3860 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\vDzduFW.exe
PID 3860 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\Xriwkxt.exe
PID 3860 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\Xriwkxt.exe
PID 3860 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\KQauvnu.exe
PID 3860 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\KQauvnu.exe
PID 3860 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\GyMZdUU.exe
PID 3860 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\GyMZdUU.exe
PID 3860 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\lQrEpzT.exe
PID 3860 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\lQrEpzT.exe
PID 3860 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\lZodHol.exe
PID 3860 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\lZodHol.exe
PID 3860 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\wsgycWd.exe
PID 3860 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\wsgycWd.exe
PID 3860 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\cWWfuxR.exe
PID 3860 wrote to memory of 3208 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\cWWfuxR.exe
PID 3860 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\qvvoger.exe
PID 3860 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\qvvoger.exe
PID 3860 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\sUFlyiA.exe
PID 3860 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe C:\Windows\System\sUFlyiA.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2b21c3b0ddabfedb9c00308312406ed0_NeikiAnalytics.exe"

C:\Windows\System\yFdlJPa.exe

C:\Windows\System\yFdlJPa.exe

C:\Windows\System\NUaWJbH.exe

C:\Windows\System\NUaWJbH.exe

C:\Windows\System\aWrWCNW.exe

C:\Windows\System\aWrWCNW.exe

C:\Windows\System\rwwqUzm.exe

C:\Windows\System\rwwqUzm.exe

C:\Windows\System\vdEYpKp.exe

C:\Windows\System\vdEYpKp.exe

C:\Windows\System\PTVPaZV.exe

C:\Windows\System\PTVPaZV.exe

C:\Windows\System\JyAwnFd.exe

C:\Windows\System\JyAwnFd.exe

C:\Windows\System\UDWyrPJ.exe

C:\Windows\System\UDWyrPJ.exe

C:\Windows\System\USeoAfE.exe

C:\Windows\System\USeoAfE.exe

C:\Windows\System\QZFqYSM.exe

C:\Windows\System\QZFqYSM.exe

C:\Windows\System\cHvnvGn.exe

C:\Windows\System\cHvnvGn.exe

C:\Windows\System\EITcEBE.exe

C:\Windows\System\EITcEBE.exe

C:\Windows\System\NCiquPp.exe

C:\Windows\System\NCiquPp.exe

C:\Windows\System\yWsUxfF.exe

C:\Windows\System\yWsUxfF.exe

C:\Windows\System\GpjnnmS.exe

C:\Windows\System\GpjnnmS.exe

C:\Windows\System\QDIGWFj.exe

C:\Windows\System\QDIGWFj.exe

C:\Windows\System\tbSmnYW.exe

C:\Windows\System\tbSmnYW.exe

C:\Windows\System\RzGfYJZ.exe

C:\Windows\System\RzGfYJZ.exe

C:\Windows\System\qSihJGp.exe

C:\Windows\System\qSihJGp.exe

C:\Windows\System\pUYpjNA.exe

C:\Windows\System\pUYpjNA.exe

C:\Windows\System\zPhqNwF.exe

C:\Windows\System\zPhqNwF.exe

C:\Windows\System\daqbcRa.exe

C:\Windows\System\daqbcRa.exe

C:\Windows\System\vDzduFW.exe

C:\Windows\System\vDzduFW.exe

C:\Windows\System\Xriwkxt.exe

C:\Windows\System\Xriwkxt.exe

C:\Windows\System\KQauvnu.exe

C:\Windows\System\KQauvnu.exe

C:\Windows\System\GyMZdUU.exe

C:\Windows\System\GyMZdUU.exe

C:\Windows\System\lQrEpzT.exe

C:\Windows\System\lQrEpzT.exe

C:\Windows\System\lZodHol.exe

C:\Windows\System\lZodHol.exe

C:\Windows\System\wsgycWd.exe

C:\Windows\System\wsgycWd.exe

C:\Windows\System\cWWfuxR.exe

C:\Windows\System\cWWfuxR.exe

C:\Windows\System\qvvoger.exe

C:\Windows\System\qvvoger.exe

C:\Windows\System\sUFlyiA.exe

C:\Windows\System\sUFlyiA.exe

C:\Windows\System\LBzcPIa.exe

C:\Windows\System\LBzcPIa.exe

C:\Windows\System\MFHSNlz.exe

C:\Windows\System\MFHSNlz.exe

C:\Windows\System\wMHOYzT.exe

C:\Windows\System\wMHOYzT.exe

C:\Windows\System\YvDJzVX.exe

C:\Windows\System\YvDJzVX.exe

C:\Windows\System\hKdFeFX.exe

C:\Windows\System\hKdFeFX.exe

C:\Windows\System\coMrABL.exe

C:\Windows\System\coMrABL.exe

C:\Windows\System\OsfmvkF.exe

C:\Windows\System\OsfmvkF.exe

C:\Windows\System\xzGdxlN.exe

C:\Windows\System\xzGdxlN.exe

C:\Windows\System\mijvCOG.exe

C:\Windows\System\mijvCOG.exe

C:\Windows\System\jLhQTyX.exe

C:\Windows\System\jLhQTyX.exe

C:\Windows\System\OfrLoPW.exe

C:\Windows\System\OfrLoPW.exe

C:\Windows\System\RdqYPgl.exe

C:\Windows\System\RdqYPgl.exe

C:\Windows\System\nVUebHZ.exe

C:\Windows\System\nVUebHZ.exe

C:\Windows\System\mbPKnNb.exe

C:\Windows\System\mbPKnNb.exe

C:\Windows\System\aNfmIdm.exe

C:\Windows\System\aNfmIdm.exe

C:\Windows\System\RfQiUSR.exe

C:\Windows\System\RfQiUSR.exe

C:\Windows\System\qYKpllq.exe

C:\Windows\System\qYKpllq.exe

C:\Windows\System\InXlAvP.exe

C:\Windows\System\InXlAvP.exe

C:\Windows\System\iFGQRpu.exe

C:\Windows\System\iFGQRpu.exe

C:\Windows\System\KldBbLm.exe

C:\Windows\System\KldBbLm.exe

C:\Windows\System\epsAhKL.exe

C:\Windows\System\epsAhKL.exe

C:\Windows\System\SsWaWWA.exe

C:\Windows\System\SsWaWWA.exe

C:\Windows\System\nzSlYRc.exe

C:\Windows\System\nzSlYRc.exe

C:\Windows\System\oTJMWNk.exe

C:\Windows\System\oTJMWNk.exe

C:\Windows\System\lcZDWMs.exe

C:\Windows\System\lcZDWMs.exe

C:\Windows\System\trjiZSO.exe

C:\Windows\System\trjiZSO.exe

C:\Windows\System\vrHETek.exe

C:\Windows\System\vrHETek.exe

C:\Windows\System\ftFsDae.exe

C:\Windows\System\ftFsDae.exe

C:\Windows\System\JrCbFdK.exe

C:\Windows\System\JrCbFdK.exe

C:\Windows\System\jZGiLnc.exe

C:\Windows\System\jZGiLnc.exe

C:\Windows\System\aMATRlL.exe

C:\Windows\System\aMATRlL.exe

C:\Windows\System\bAvCuqy.exe

C:\Windows\System\bAvCuqy.exe

C:\Windows\System\hJVtrXu.exe

C:\Windows\System\hJVtrXu.exe

C:\Windows\System\UfwKaXg.exe

C:\Windows\System\UfwKaXg.exe

C:\Windows\System\cPkOslK.exe

C:\Windows\System\cPkOslK.exe

C:\Windows\System\oeNkknE.exe

C:\Windows\System\oeNkknE.exe

C:\Windows\System\jBSNoWt.exe

C:\Windows\System\jBSNoWt.exe

C:\Windows\System\KlOQvHV.exe

C:\Windows\System\KlOQvHV.exe

C:\Windows\System\zwhxKYY.exe

C:\Windows\System\zwhxKYY.exe

C:\Windows\System\VXctzMs.exe

C:\Windows\System\VXctzMs.exe

C:\Windows\System\aTFjRDq.exe

C:\Windows\System\aTFjRDq.exe

C:\Windows\System\XgduJTs.exe

C:\Windows\System\XgduJTs.exe

C:\Windows\System\QASOHfc.exe

C:\Windows\System\QASOHfc.exe

C:\Windows\System\uXEoVVO.exe

C:\Windows\System\uXEoVVO.exe

C:\Windows\System\JKORyeW.exe

C:\Windows\System\JKORyeW.exe

C:\Windows\System\zgLaUBd.exe

C:\Windows\System\zgLaUBd.exe

C:\Windows\System\NuRlQbJ.exe

C:\Windows\System\NuRlQbJ.exe

C:\Windows\System\YZiWxTB.exe

C:\Windows\System\YZiWxTB.exe

C:\Windows\System\WmvkCun.exe

C:\Windows\System\WmvkCun.exe

C:\Windows\System\ubKEIao.exe

C:\Windows\System\ubKEIao.exe

C:\Windows\System\NzhQkVN.exe

C:\Windows\System\NzhQkVN.exe

C:\Windows\System\psbjyBy.exe

C:\Windows\System\psbjyBy.exe

C:\Windows\System\kgMXKwC.exe

C:\Windows\System\kgMXKwC.exe

C:\Windows\System\RvTJmeX.exe

C:\Windows\System\RvTJmeX.exe

C:\Windows\System\YemKMDw.exe

C:\Windows\System\YemKMDw.exe

C:\Windows\System\SFxvaWz.exe

C:\Windows\System\SFxvaWz.exe

C:\Windows\System\LmDsgWt.exe

C:\Windows\System\LmDsgWt.exe

C:\Windows\System\gJOvOKv.exe

C:\Windows\System\gJOvOKv.exe

C:\Windows\System\UVdtolj.exe

C:\Windows\System\UVdtolj.exe

C:\Windows\System\VpioEfR.exe

C:\Windows\System\VpioEfR.exe

C:\Windows\System\eZyOWyX.exe

C:\Windows\System\eZyOWyX.exe

C:\Windows\System\ARHgAqD.exe

C:\Windows\System\ARHgAqD.exe

C:\Windows\System\royEDJf.exe

C:\Windows\System\royEDJf.exe

C:\Windows\System\FgEBCcf.exe

C:\Windows\System\FgEBCcf.exe

C:\Windows\System\DzafjOz.exe

C:\Windows\System\DzafjOz.exe

C:\Windows\System\FeyWJBV.exe

C:\Windows\System\FeyWJBV.exe

C:\Windows\System\ZXQpmzd.exe

C:\Windows\System\ZXQpmzd.exe

C:\Windows\System\FHuFxfO.exe

C:\Windows\System\FHuFxfO.exe

C:\Windows\System\JzWfPbH.exe

C:\Windows\System\JzWfPbH.exe

C:\Windows\System\MXFlCuX.exe

C:\Windows\System\MXFlCuX.exe

C:\Windows\System\POFgGLu.exe

C:\Windows\System\POFgGLu.exe

C:\Windows\System\YawLHxK.exe

C:\Windows\System\YawLHxK.exe

C:\Windows\System\kXwmfXW.exe

C:\Windows\System\kXwmfXW.exe

C:\Windows\System\RHzlpoz.exe

C:\Windows\System\RHzlpoz.exe

C:\Windows\System\tRkERVS.exe

C:\Windows\System\tRkERVS.exe

C:\Windows\System\SbNYEth.exe

C:\Windows\System\SbNYEth.exe

C:\Windows\System\FHBUuqX.exe

C:\Windows\System\FHBUuqX.exe

C:\Windows\System\aUXAWkx.exe

C:\Windows\System\aUXAWkx.exe

C:\Windows\System\fcVyXtB.exe

C:\Windows\System\fcVyXtB.exe

C:\Windows\System\pKBMYqL.exe

C:\Windows\System\pKBMYqL.exe

C:\Windows\System\vpeeHpD.exe

C:\Windows\System\vpeeHpD.exe

C:\Windows\System\PezsvrP.exe

C:\Windows\System\PezsvrP.exe

C:\Windows\System\mQKBmoj.exe

C:\Windows\System\mQKBmoj.exe

C:\Windows\System\CaXdBFw.exe

C:\Windows\System\CaXdBFw.exe

C:\Windows\System\jbhuLEc.exe

C:\Windows\System\jbhuLEc.exe

C:\Windows\System\bPvXudU.exe

C:\Windows\System\bPvXudU.exe

C:\Windows\System\SpmxuDU.exe

C:\Windows\System\SpmxuDU.exe

C:\Windows\System\pksznOu.exe

C:\Windows\System\pksznOu.exe

C:\Windows\System\cGnNqEG.exe

C:\Windows\System\cGnNqEG.exe

C:\Windows\System\aizZWik.exe

C:\Windows\System\aizZWik.exe

C:\Windows\System\uIryDKP.exe

C:\Windows\System\uIryDKP.exe

C:\Windows\System\JMJnCaE.exe

C:\Windows\System\JMJnCaE.exe

C:\Windows\System\uPkyXZG.exe

C:\Windows\System\uPkyXZG.exe

C:\Windows\System\GbwjBlU.exe

C:\Windows\System\GbwjBlU.exe

C:\Windows\System\EfCtSbT.exe

C:\Windows\System\EfCtSbT.exe

C:\Windows\System\YgMDjJQ.exe

C:\Windows\System\YgMDjJQ.exe

C:\Windows\System\pDHtcjD.exe

C:\Windows\System\pDHtcjD.exe

C:\Windows\System\DaTlFGv.exe

C:\Windows\System\DaTlFGv.exe

C:\Windows\System\StgAMBg.exe

C:\Windows\System\StgAMBg.exe

C:\Windows\System\uWsWPgf.exe

C:\Windows\System\uWsWPgf.exe

C:\Windows\System\bKlUiSV.exe

C:\Windows\System\bKlUiSV.exe

C:\Windows\System\nBmAXax.exe

C:\Windows\System\nBmAXax.exe

C:\Windows\System\nFViBDQ.exe

C:\Windows\System\nFViBDQ.exe

C:\Windows\System\SIGLoQv.exe

C:\Windows\System\SIGLoQv.exe

C:\Windows\System\WbXGeoU.exe

C:\Windows\System\WbXGeoU.exe

C:\Windows\System\lQKMIGj.exe

C:\Windows\System\lQKMIGj.exe

C:\Windows\System\DOikEmE.exe

C:\Windows\System\DOikEmE.exe

C:\Windows\System\dRsQqys.exe

C:\Windows\System\dRsQqys.exe

C:\Windows\System\RmLjYhx.exe

C:\Windows\System\RmLjYhx.exe

C:\Windows\System\XdVQnIx.exe

C:\Windows\System\XdVQnIx.exe

C:\Windows\System\TbCzhOo.exe

C:\Windows\System\TbCzhOo.exe

C:\Windows\System\cFBtWtO.exe

C:\Windows\System\cFBtWtO.exe

C:\Windows\System\khmeOFJ.exe

C:\Windows\System\khmeOFJ.exe

C:\Windows\System\LlSjZCt.exe

C:\Windows\System\LlSjZCt.exe

C:\Windows\System\XhBIkgD.exe

C:\Windows\System\XhBIkgD.exe

C:\Windows\System\KatpCik.exe

C:\Windows\System\KatpCik.exe

C:\Windows\System\QbnlhAy.exe

C:\Windows\System\QbnlhAy.exe

C:\Windows\System\cYEsMbE.exe

C:\Windows\System\cYEsMbE.exe

C:\Windows\System\GETCOGq.exe

C:\Windows\System\GETCOGq.exe

C:\Windows\System\xAUFFfK.exe

C:\Windows\System\xAUFFfK.exe

C:\Windows\System\JnOyMvy.exe

C:\Windows\System\JnOyMvy.exe

C:\Windows\System\dIouUYV.exe

C:\Windows\System\dIouUYV.exe

C:\Windows\System\yeaodPB.exe

C:\Windows\System\yeaodPB.exe

C:\Windows\System\zYsEjgx.exe

C:\Windows\System\zYsEjgx.exe

C:\Windows\System\IAwcjdU.exe

C:\Windows\System\IAwcjdU.exe

C:\Windows\System\GXreOwt.exe

C:\Windows\System\GXreOwt.exe

C:\Windows\System\GpbsdOr.exe

C:\Windows\System\GpbsdOr.exe

C:\Windows\System\OxfMwBt.exe

C:\Windows\System\OxfMwBt.exe

C:\Windows\System\ArkxCas.exe

C:\Windows\System\ArkxCas.exe

C:\Windows\System\JYtPqIW.exe

C:\Windows\System\JYtPqIW.exe

C:\Windows\System\xkdqQjF.exe

C:\Windows\System\xkdqQjF.exe

C:\Windows\System\QdFNyqR.exe

C:\Windows\System\QdFNyqR.exe

C:\Windows\System\MRwbtsG.exe

C:\Windows\System\MRwbtsG.exe

C:\Windows\System\eaXkUbb.exe

C:\Windows\System\eaXkUbb.exe

C:\Windows\System\qWqVhrc.exe

C:\Windows\System\qWqVhrc.exe

C:\Windows\System\ryGUUYa.exe

C:\Windows\System\ryGUUYa.exe

C:\Windows\System\vzHlItS.exe

C:\Windows\System\vzHlItS.exe

C:\Windows\System\XMRIpht.exe

C:\Windows\System\XMRIpht.exe

C:\Windows\System\VgaXAmp.exe

C:\Windows\System\VgaXAmp.exe

C:\Windows\System\AQucQDl.exe

C:\Windows\System\AQucQDl.exe

C:\Windows\System\biiJPoI.exe

C:\Windows\System\biiJPoI.exe

C:\Windows\System\xpeetDv.exe

C:\Windows\System\xpeetDv.exe

C:\Windows\System\xepeSuk.exe

C:\Windows\System\xepeSuk.exe

C:\Windows\System\dauoGxo.exe

C:\Windows\System\dauoGxo.exe

C:\Windows\System\ilkeUrN.exe

C:\Windows\System\ilkeUrN.exe

C:\Windows\System\tDrurbV.exe

C:\Windows\System\tDrurbV.exe

C:\Windows\System\KxSByGS.exe

C:\Windows\System\KxSByGS.exe

C:\Windows\System\lfFheRP.exe

C:\Windows\System\lfFheRP.exe

C:\Windows\System\EdzJTxD.exe

C:\Windows\System\EdzJTxD.exe

C:\Windows\System\qNWrOBq.exe

C:\Windows\System\qNWrOBq.exe

C:\Windows\System\fCVJkqg.exe

C:\Windows\System\fCVJkqg.exe

C:\Windows\System\SiAIBvH.exe

C:\Windows\System\SiAIBvH.exe

C:\Windows\System\xaELtaQ.exe

C:\Windows\System\xaELtaQ.exe

C:\Windows\System\vPkmtoN.exe

C:\Windows\System\vPkmtoN.exe

C:\Windows\System\cPPbNNN.exe

C:\Windows\System\cPPbNNN.exe

C:\Windows\System\yzwKybX.exe

C:\Windows\System\yzwKybX.exe

C:\Windows\System\xMuHaPA.exe

C:\Windows\System\xMuHaPA.exe

C:\Windows\System\CxcUvcV.exe

C:\Windows\System\CxcUvcV.exe

C:\Windows\System\gZTLCWL.exe

C:\Windows\System\gZTLCWL.exe

C:\Windows\System\hqprqIS.exe

C:\Windows\System\hqprqIS.exe

C:\Windows\System\UBpyNRE.exe

C:\Windows\System\UBpyNRE.exe

C:\Windows\System\pfjxlFp.exe

C:\Windows\System\pfjxlFp.exe

C:\Windows\System\cAaAmwS.exe

C:\Windows\System\cAaAmwS.exe

C:\Windows\System\OyaMyGX.exe

C:\Windows\System\OyaMyGX.exe

C:\Windows\System\usNFZtu.exe

C:\Windows\System\usNFZtu.exe

C:\Windows\System\WlMBOet.exe

C:\Windows\System\WlMBOet.exe

C:\Windows\System\FVHggII.exe

C:\Windows\System\FVHggII.exe

C:\Windows\System\KHMajDf.exe

C:\Windows\System\KHMajDf.exe

C:\Windows\System\gSvKrPC.exe

C:\Windows\System\gSvKrPC.exe

C:\Windows\System\baXBQRQ.exe

C:\Windows\System\baXBQRQ.exe

C:\Windows\System\SuCofxa.exe

C:\Windows\System\SuCofxa.exe

C:\Windows\System\qiCRmsq.exe

C:\Windows\System\qiCRmsq.exe

C:\Windows\System\hwVmEqn.exe

C:\Windows\System\hwVmEqn.exe

C:\Windows\System\cJJiJNa.exe

C:\Windows\System\cJJiJNa.exe

C:\Windows\System\GSqlpdH.exe

C:\Windows\System\GSqlpdH.exe

C:\Windows\System\gNMOchS.exe

C:\Windows\System\gNMOchS.exe

C:\Windows\System\zWIhVpf.exe

C:\Windows\System\zWIhVpf.exe

C:\Windows\System\DkPAsmk.exe

C:\Windows\System\DkPAsmk.exe

C:\Windows\System\kUxPXaE.exe

C:\Windows\System\kUxPXaE.exe

C:\Windows\System\moyzhAT.exe

C:\Windows\System\moyzhAT.exe

C:\Windows\System\ViHKWTp.exe

C:\Windows\System\ViHKWTp.exe

C:\Windows\System\MPPOSaO.exe

C:\Windows\System\MPPOSaO.exe

C:\Windows\System\elXqAmM.exe

C:\Windows\System\elXqAmM.exe

C:\Windows\System\jZoBPOx.exe

C:\Windows\System\jZoBPOx.exe

C:\Windows\System\pfscHhG.exe

C:\Windows\System\pfscHhG.exe

C:\Windows\System\OtHsPUF.exe

C:\Windows\System\OtHsPUF.exe

C:\Windows\System\MNdaQnC.exe

C:\Windows\System\MNdaQnC.exe

C:\Windows\System\WRULLly.exe

C:\Windows\System\WRULLly.exe

C:\Windows\System\JYzkNPk.exe

C:\Windows\System\JYzkNPk.exe

C:\Windows\System\OMJvwMQ.exe

C:\Windows\System\OMJvwMQ.exe

C:\Windows\System\iIvEjwc.exe

C:\Windows\System\iIvEjwc.exe

C:\Windows\System\TTiwgCG.exe

C:\Windows\System\TTiwgCG.exe

C:\Windows\System\bKpoFGR.exe

C:\Windows\System\bKpoFGR.exe

C:\Windows\System\hTxiZql.exe

C:\Windows\System\hTxiZql.exe

C:\Windows\System\UNDuhaT.exe

C:\Windows\System\UNDuhaT.exe

C:\Windows\System\BWqRfHh.exe

C:\Windows\System\BWqRfHh.exe

C:\Windows\System\MnWqdVf.exe

C:\Windows\System\MnWqdVf.exe

C:\Windows\System\xTdPCyU.exe

C:\Windows\System\xTdPCyU.exe

C:\Windows\System\qqOSvRD.exe

C:\Windows\System\qqOSvRD.exe

C:\Windows\System\lbFahfU.exe

C:\Windows\System\lbFahfU.exe

C:\Windows\System\vWpgQIT.exe

C:\Windows\System\vWpgQIT.exe

C:\Windows\System\hiNSmuK.exe

C:\Windows\System\hiNSmuK.exe

C:\Windows\System\voNHoPf.exe

C:\Windows\System\voNHoPf.exe

C:\Windows\System\IVOhIGC.exe

C:\Windows\System\IVOhIGC.exe

C:\Windows\System\EHwoKtv.exe

C:\Windows\System\EHwoKtv.exe

C:\Windows\System\UFcRHQj.exe

C:\Windows\System\UFcRHQj.exe

C:\Windows\System\dPwSUUI.exe

C:\Windows\System\dPwSUUI.exe

C:\Windows\System\hTcORTD.exe

C:\Windows\System\hTcORTD.exe

C:\Windows\System\fcqDwhQ.exe

C:\Windows\System\fcqDwhQ.exe

C:\Windows\System\HoBOMea.exe

C:\Windows\System\HoBOMea.exe

C:\Windows\System\qbzbXXc.exe

C:\Windows\System\qbzbXXc.exe

C:\Windows\System\dGsNXem.exe

C:\Windows\System\dGsNXem.exe

C:\Windows\System\cGdXYxF.exe

C:\Windows\System\cGdXYxF.exe

C:\Windows\System\TytYtmE.exe

C:\Windows\System\TytYtmE.exe

C:\Windows\System\KTGxVPB.exe

C:\Windows\System\KTGxVPB.exe

C:\Windows\System\etUrGqv.exe

C:\Windows\System\etUrGqv.exe

C:\Windows\System\MyPqdQb.exe

C:\Windows\System\MyPqdQb.exe

C:\Windows\System\wYORiKR.exe

C:\Windows\System\wYORiKR.exe

C:\Windows\System\aOgpBvJ.exe

C:\Windows\System\aOgpBvJ.exe

C:\Windows\System\sYtyVNy.exe

C:\Windows\System\sYtyVNy.exe

C:\Windows\System\Vfhfftp.exe

C:\Windows\System\Vfhfftp.exe

C:\Windows\System\VicykMu.exe

C:\Windows\System\VicykMu.exe

C:\Windows\System\ZCbBOrQ.exe

C:\Windows\System\ZCbBOrQ.exe

C:\Windows\System\FATgeaZ.exe

C:\Windows\System\FATgeaZ.exe

C:\Windows\System\kyxCmMi.exe

C:\Windows\System\kyxCmMi.exe

C:\Windows\System\jUnDnPS.exe

C:\Windows\System\jUnDnPS.exe

C:\Windows\System\iworGHp.exe

C:\Windows\System\iworGHp.exe

C:\Windows\System\UJeztRg.exe

C:\Windows\System\UJeztRg.exe

C:\Windows\System\VHOAirP.exe

C:\Windows\System\VHOAirP.exe

C:\Windows\System\SQBJWrH.exe

C:\Windows\System\SQBJWrH.exe

C:\Windows\System\QgEdSuZ.exe

C:\Windows\System\QgEdSuZ.exe

C:\Windows\System\iusYDVP.exe

C:\Windows\System\iusYDVP.exe

C:\Windows\System\UtGtDHJ.exe

C:\Windows\System\UtGtDHJ.exe

C:\Windows\System\lkgHKLc.exe

C:\Windows\System\lkgHKLc.exe

C:\Windows\System\hyfeIrz.exe

C:\Windows\System\hyfeIrz.exe

C:\Windows\System\webFSfq.exe

C:\Windows\System\webFSfq.exe

C:\Windows\System\QXXAZXY.exe

C:\Windows\System\QXXAZXY.exe

C:\Windows\System\ztwxrmo.exe

C:\Windows\System\ztwxrmo.exe

C:\Windows\System\WJUnBaw.exe

C:\Windows\System\WJUnBaw.exe

C:\Windows\System\vPciIVd.exe

C:\Windows\System\vPciIVd.exe

C:\Windows\System\kThIrSH.exe

C:\Windows\System\kThIrSH.exe

C:\Windows\System\zAsboAL.exe

C:\Windows\System\zAsboAL.exe

C:\Windows\System\ONbEnTU.exe

C:\Windows\System\ONbEnTU.exe

C:\Windows\System\PtFmovv.exe

C:\Windows\System\PtFmovv.exe

C:\Windows\System\hjUNUkq.exe

C:\Windows\System\hjUNUkq.exe

C:\Windows\System\hCsJbtw.exe

C:\Windows\System\hCsJbtw.exe

C:\Windows\System\zwGvJzX.exe

C:\Windows\System\zwGvJzX.exe

C:\Windows\System\BTMMGZG.exe

C:\Windows\System\BTMMGZG.exe

C:\Windows\System\zjFbqEQ.exe

C:\Windows\System\zjFbqEQ.exe

C:\Windows\System\yfvEZUM.exe

C:\Windows\System\yfvEZUM.exe

C:\Windows\System\CBkRMfK.exe

C:\Windows\System\CBkRMfK.exe

C:\Windows\System\fqjTxkf.exe

C:\Windows\System\fqjTxkf.exe

C:\Windows\System\bJyLlhm.exe

C:\Windows\System\bJyLlhm.exe

C:\Windows\System\TxxItoI.exe

C:\Windows\System\TxxItoI.exe

C:\Windows\System\gXqQxHh.exe

C:\Windows\System\gXqQxHh.exe

C:\Windows\System\rybXtlJ.exe

C:\Windows\System\rybXtlJ.exe

C:\Windows\System\owYyLHP.exe

C:\Windows\System\owYyLHP.exe

C:\Windows\System\BnmIyfP.exe

C:\Windows\System\BnmIyfP.exe

C:\Windows\System\AYhzrbw.exe

C:\Windows\System\AYhzrbw.exe

C:\Windows\System\rrahgoi.exe

C:\Windows\System\rrahgoi.exe

C:\Windows\System\PPRSvML.exe

C:\Windows\System\PPRSvML.exe

C:\Windows\System\GrxNrGa.exe

C:\Windows\System\GrxNrGa.exe

C:\Windows\System\wxwMFfu.exe

C:\Windows\System\wxwMFfu.exe

C:\Windows\System\fdQbVEw.exe

C:\Windows\System\fdQbVEw.exe

C:\Windows\System\hIpcooF.exe

C:\Windows\System\hIpcooF.exe

C:\Windows\System\PpFFgJV.exe

C:\Windows\System\PpFFgJV.exe

C:\Windows\System\OFgidOn.exe

C:\Windows\System\OFgidOn.exe

C:\Windows\System\JhcJgyY.exe

C:\Windows\System\JhcJgyY.exe

C:\Windows\System\ZwrsqJp.exe

C:\Windows\System\ZwrsqJp.exe

C:\Windows\System\WAUXJiT.exe

C:\Windows\System\WAUXJiT.exe

C:\Windows\System\ecJeKnd.exe

C:\Windows\System\ecJeKnd.exe

C:\Windows\System\QdyuOQx.exe

C:\Windows\System\QdyuOQx.exe

C:\Windows\System\NGmvNpv.exe

C:\Windows\System\NGmvNpv.exe

C:\Windows\System\xDKwLAO.exe

C:\Windows\System\xDKwLAO.exe

C:\Windows\System\FyonWQd.exe

C:\Windows\System\FyonWQd.exe

C:\Windows\System\LMPpbkC.exe

C:\Windows\System\LMPpbkC.exe

C:\Windows\System\zLQnHgh.exe

C:\Windows\System\zLQnHgh.exe

C:\Windows\System\aWhFQoj.exe

C:\Windows\System\aWhFQoj.exe

C:\Windows\System\GCuaOpq.exe

C:\Windows\System\GCuaOpq.exe

C:\Windows\System\edkYfEe.exe

C:\Windows\System\edkYfEe.exe

C:\Windows\System\xltYsov.exe

C:\Windows\System\xltYsov.exe

C:\Windows\System\JmIScYj.exe

C:\Windows\System\JmIScYj.exe

C:\Windows\System\zetJuMk.exe

C:\Windows\System\zetJuMk.exe

C:\Windows\System\HVNxcVW.exe

C:\Windows\System\HVNxcVW.exe

C:\Windows\System\ceRIOqh.exe

C:\Windows\System\ceRIOqh.exe

C:\Windows\System\ECCfdNh.exe

C:\Windows\System\ECCfdNh.exe

C:\Windows\System\YCBgOcq.exe

C:\Windows\System\YCBgOcq.exe

C:\Windows\System\VoqEpfs.exe

C:\Windows\System\VoqEpfs.exe

C:\Windows\System\VGbDycp.exe

C:\Windows\System\VGbDycp.exe

C:\Windows\System\MbIUGPJ.exe

C:\Windows\System\MbIUGPJ.exe

C:\Windows\System\HdGvLkg.exe

C:\Windows\System\HdGvLkg.exe

C:\Windows\System\TUpVsZt.exe

C:\Windows\System\TUpVsZt.exe

C:\Windows\System\IcnCtkm.exe

C:\Windows\System\IcnCtkm.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/3860-0-0x00007FF7AD870000-0x00007FF7ADBC4000-memory.dmp

memory/3860-1-0x0000023FA7450000-0x0000023FA7460000-memory.dmp

C:\Windows\System\yFdlJPa.exe

MD5 cc61c616107476c641c1656b2d0a94fe
SHA1 7b983b0127f30f3df89c2121ed5c81cff294d547
SHA256 2b699a4ed5f7cd2019ca449aaf2a29baf9ed2c7d9fa86778fd22b10e23d796ef
SHA512 6fa372eff2318905e4005290b904c81bb63d4055114b3f6f717345b892521aff76fd96c21989bb079b1f744fa8082f89f23a18662f6e53cf8a1198663b9d0867

memory/2260-6-0x00007FF6FEC60000-0x00007FF6FEFB4000-memory.dmp

C:\Windows\System\NUaWJbH.exe

MD5 5f56f366672eac20c558ca6ad7e92f22
SHA1 4c1a0bcef88e57177a3d8c1af8be78edd990930c
SHA256 e76a0e55caf9f7839e916fb8379d014b1cfaf43afc4f4f0c3aec42270bed54e4
SHA512 481a8701db5d3a185086c00ff393fbe1657c5214222041b8e84dce00e33fcc73848f1af0d972baaf912e41f24f8ab547a545853bdc54a63865f8cf117b3e4966

C:\Windows\System\aWrWCNW.exe

MD5 dfa8aa921b782658e3f30edb8d821535
SHA1 94bb7e156a34c87f56dce7b55f83ef978f82a809
SHA256 4c992a25e67e6582c1964e37134566b1f82b1509ab3299c94c85231fa97108e9
SHA512 49151bb422f2d3018f043ffc643da33bfc1218f37960671dcb26bfe7f6527f69a03afd59324bbefef072e2ad55dae24b3fdc8504412431e803e71555e080d7d0

memory/3540-27-0x00007FF72E520000-0x00007FF72E874000-memory.dmp

memory/4504-31-0x00007FF6601B0000-0x00007FF660504000-memory.dmp

C:\Windows\System\PTVPaZV.exe

MD5 e030b291c444fd356413b507eef74c29
SHA1 fb5efa59d0db5873b1b83f929f983c882d92fe66
SHA256 0a89daefa359d9e13f166964c5005f87d166bc1a9bb9b11fa01c454829092074
SHA512 82299e658d0d6128c894d6225e9d5f87d1dd780216d982e3a170141929d3caef50e7b39dece71bc61c5d25a13d06c17355e29e78ddfbaa5d82645d024826b336

C:\Windows\System\JyAwnFd.exe

MD5 3ca0bb46b2f02d248de30fba2f6dab31
SHA1 2add9e4e1fe0f463da1ff150272679f22f41a73f
SHA256 06fb10f3ed57dc69d60eb0cd7879cefb7c10891a7b1cf4f936555aefed1cfcf1
SHA512 3ead1b5551d3bdfa2ec742779612791581eca9d840ec1817e9ef54b4ad1b81861fad7c7cbe26cc170ee5d4d3d2d9c1d4736283d4d044e0ea9cc152c4a788790d

C:\Windows\System\UDWyrPJ.exe

MD5 bd0a4cef39bf95f670fccad7c04e5d35
SHA1 595696734415711777b4e7b4d4d1f7fda4ac2c1f
SHA256 0ae982e75561fb1849b35831fd812787ce3bacb20d55b5a07b6658898bc3e412
SHA512 cb25c0f5f174809f00067ffab6177e0c4ac3a301339bdb28dac045550750c969d4eac78bc967e29d50588dbafe88e7499707b4a1f17d6abb4916d9a79b7b15b9

C:\Windows\System\EITcEBE.exe

MD5 9a033b99ed55540de9d87c1fa6742bee
SHA1 156c4789390907f82d5225f0baba47235a8cf8ec
SHA256 9d5a06ad9d02fb4ad157abaf16718274623e792e351f5858dd04383705a7cc94
SHA512 a4c7045afcf7283c2b365c693d0eb98125a7c997932bcc28907f330ad880186b411cbd382ffb4a1bddee9a5bce537369bb2bfaca78b9b51ced975cec4a5d879c

C:\Windows\System\NCiquPp.exe

MD5 8f2f2bfba1b25730c6b881fea974b964
SHA1 7a0e21b094397731ff7eb272c7a066bdb3c0a752
SHA256 d80c4187b1dc25060395030278edcaa6aa0b6cc14fd2bf2663487be47954d652
SHA512 128fdbd7b97656d42c776b2f4c5bbe78128363dddb6353f99a3061428366c2a119dc5c8d80d273a2f38a763d7606a1d87398911fa667fc0baedd215380b49737

C:\Windows\System\QDIGWFj.exe

MD5 aacab6e736bafb6b1c13f9a630c7d799
SHA1 206a2dec0ccb66f31d2d9e3c437662e5db53f907
SHA256 6e29fca95ac7423e1c6f92c0237e6f41d71acc73a7755a504e99147346305a4c
SHA512 67b2b89878948431a9630d2b74162eb1e63e052882529668c9c8f08ee6c1d1309124dc46d5a3cc873c07114b805894a04de0c3fc7bceff04a9f24a5173c11f1b

C:\Windows\System\tbSmnYW.exe

MD5 f10d0ddf68615db78dc510e0ac1da065
SHA1 7c5ad04d8053d2036f08ed8f0735a738ef4b52af
SHA256 4d221d39e68e172b02f518519e23cc2ad9e3a3d85120058a0c83085dfbaaba4c
SHA512 e9b7463f389979dd26608c0a5786d8ff69341936abe338dc6449b2005fabd38e7bf23d8d6d83930930e467c337a8ac593fc5b62f87fa5f46ebff60048590e266

memory/2264-95-0x00007FF758B50000-0x00007FF758EA4000-memory.dmp

C:\Windows\System\qSihJGp.exe

MD5 7d9be13804a4ff90082531ef8b4d0741
SHA1 1c588b10c8d58e1ae9f3c8042bd55cd8f4f81f44
SHA256 ce5ad9d06c96b5b07fa79d3b7a49f7e2d8011a7f80ef61fbb0fce07a1191e072
SHA512 983969134631108f4729e7487666d2b3e67539f63a2215623a1c00913cb90d0c75d655cbd1f488507408e97c647d8ac1a96759fc8b3552423f0a8a4d2eaec0ab

memory/4596-107-0x00007FF7ADD20000-0x00007FF7AE074000-memory.dmp

memory/184-108-0x00007FF674C00000-0x00007FF674F54000-memory.dmp

memory/2988-110-0x00007FF74D0B0000-0x00007FF74D404000-memory.dmp

memory/3036-113-0x00007FF70A0E0000-0x00007FF70A434000-memory.dmp

memory/3220-115-0x00007FF628D20000-0x00007FF629074000-memory.dmp

memory/5028-114-0x00007FF6F35B0000-0x00007FF6F3904000-memory.dmp

memory/2408-112-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp

memory/644-111-0x00007FF6D5BE0000-0x00007FF6D5F34000-memory.dmp

memory/2420-109-0x00007FF7E2F60000-0x00007FF7E32B4000-memory.dmp

memory/3168-106-0x00007FF7C0680000-0x00007FF7C09D4000-memory.dmp

memory/4624-103-0x00007FF7F47E0000-0x00007FF7F4B34000-memory.dmp

C:\Windows\System\RzGfYJZ.exe

MD5 49c35cdcae958cb2f024d2a2cab82fd2
SHA1 c72cbd39aab76a28670f32d7cd0533901b5bb58b
SHA256 22c569fdf0697ca8622a29a79a6a6368546ca08a8936ee18f074a08a69385f7c
SHA512 1cb2977488fa4f23deb20724ec8f4aa8d52491fcb2a33aad005334dd13d2193ac6aeec0ca7d926101a0fc292046d7834523eb6e48fe5356378678b2bec288ffe

memory/1220-100-0x00007FF6601D0000-0x00007FF660524000-memory.dmp

memory/804-97-0x00007FF6B0DF0000-0x00007FF6B1144000-memory.dmp

C:\Windows\System\GpjnnmS.exe

MD5 ad1fe7ce62be5b0f4218551797c302bc
SHA1 61a0928cdb41ed8de3971e8bab869927b88499ba
SHA256 a10889bd86e30608a58eefb379827fd1a93274875dcde3c5828b938b84322231
SHA512 d9f517608bede0a45d7842c7e760f9ea28905f241a63107f823b3f606d4aa733d8fc084af978d51ff464e9675d622eacb7598df35fa105cebf82b2ff6dff4949

C:\Windows\System\yWsUxfF.exe

MD5 a2d4ae13eda51b14a7dfeaa794db054f
SHA1 89c2585bab45c72802640dd31ffea0f4eb1bd464
SHA256 9f1c3556db9dbd4d44cd2ba1c569f3ff5bbbaaea1e7ae20179af092cc279cf74
SHA512 35249b3046e1ee42e78d7bd889a2b1c5325f872b56a58bd85a0567afdc5d3af122d7dbbbd4fa48a5966846bdd7f6eb233c151d958d6dfd1771ebaf0e9fce5e2a

C:\Windows\System\cHvnvGn.exe

MD5 903667d54e6f55835eeb7a0a8fe3a806
SHA1 ce64489feadace276eb0c5b05c2d5501da9cd2e5
SHA256 acff41e2cb82bf4f58a002762f796bb0b32566d9fa16c57037b71834ff46af1b
SHA512 3213a5a30ad5b4359ee55c6d9113d9e9dc69ef9479b5999cdef1ff488ff9bf2e2beeff3117e92af1a63dd49b03af2db1294aa426012902f6c02a126d0262a7ce

C:\Windows\System\QZFqYSM.exe

MD5 996eef94e632b356cf7d7155d191405c
SHA1 a3fefc30661a78bc7a58de0dcb995d945ec61171
SHA256 4f57bd843e4618500cfeea83a55ccb996e926855d224e6f1a51bdd82f8c7dd2e
SHA512 720e21d4a846f931ad53bd9e891b9205e851cb2cf091eb6e1fd8cfd2b7370a4a600ff715401d021cab1c0fe7846a56ee6014652b7b9cd160337deb53beee82b5

C:\Windows\System\USeoAfE.exe

MD5 b35519955497670d56e3d88db8102e5b
SHA1 97de90394c00c1bde3bc6942b5de61319b397bb0
SHA256 5685f4854569f78ca4ea47ff8ef1b2b0fa5114b221e1409ffb8705aa5395eab1
SHA512 1466b92ac16005bfa2d3b0ff01dc950c650623c4314531fba210d358ef27ab02f6361d67707c8ed1af6ef0cc63edea1cdd8bd146285d40c5a4b5593fe58674c1

C:\Windows\System\vdEYpKp.exe

MD5 feaed59254fce7a9a24b8f07ad21230b
SHA1 c040dcfbc293a91ad7d1866dc6974450535387b5
SHA256 a034c57f3ed55b3a95f0c1975a520e72b90a92babaab47fcab01a6e135831b3e
SHA512 cac365e8cac46e2a5e7416781690ac969107b6f44c85c1bbf6534569632df23fad3616b55371d737e0d15b5de0803aa9caaaf2a37c8d7bb9ac4c6f81adc36989

memory/1656-35-0x00007FF7B5C50000-0x00007FF7B5FA4000-memory.dmp

C:\Windows\System\rwwqUzm.exe

MD5 067891d2a1b13e5b656dc42b0f45aceb
SHA1 c1e132b7c7991028979115d6ceab4a3b16e47c40
SHA256 216685d6e52d81fbd377724c81422891931844991bd4276ef58d61be070ddab3
SHA512 49d854829654fc111a74e0f2f6b59dae2d847685bdb43adea41680fb833c27f17ab4cef1476079fff2e440ff021d7a0eeb62600f0ce95976f0a447ebf1477cba

memory/1732-19-0x00007FF70AD80000-0x00007FF70B0D4000-memory.dmp

C:\Windows\System\daqbcRa.exe

MD5 906821ea273e9ac802185ce629004d9e
SHA1 1c321268f639ce8606d8dae5244e7469342f91ea
SHA256 08df502ac88c0174d4475d28af6015f35e045fef94bd868cf9019d7471b14e35
SHA512 d6685088a9c93628142a3c8c0f04a262a89cc8711e7617f4fba951b4dbf662de429ec5531fa4ec4bb11018830d66ba1ba53077bbe7d6e68f205382179522d38f

C:\Windows\System\lZodHol.exe

MD5 5992576731ae9cc5c541a75a70c3e78d
SHA1 1af6cc60ca35cb1de605682b6e929287abee1fee
SHA256 08f95d913b9116ec594df3b1bc3d286dfae37a57de1d637243d0dc550f0c2407
SHA512 8911a0388c2e5f066ecdb543523bde4bfa878f27d27eb179c90eef24fce97dcd81f57cc14cd9f43fd0cd61f9a84220f8ad85cfba96f30f665cacb90ed69e06dd

C:\Windows\System\cWWfuxR.exe

MD5 b26ce7ec085907beaed2ceaa31dc962f
SHA1 d894ad1c7486528c2a1a881631ccd50f84965b61
SHA256 0a18f9b1f56508bc9b4cd341ae1f818d138bdeb97920a5b0464fd290e6b49c5c
SHA512 059edfea472bd55a405d91a9271fd6fcf255fcbefaf84aaede37677d929362ca838a71da13a641a92065599a55fab0cd0dc45ca0e0d6945aec360e4ea5b5cc05

memory/60-197-0x00007FF623DB0000-0x00007FF624104000-memory.dmp

memory/4752-203-0x00007FF6C3550000-0x00007FF6C38A4000-memory.dmp

memory/4412-212-0x00007FF6BC8B0000-0x00007FF6BCC04000-memory.dmp

memory/1268-211-0x00007FF65AC70000-0x00007FF65AFC4000-memory.dmp

memory/2276-208-0x00007FF6FBFE0000-0x00007FF6FC334000-memory.dmp

C:\Windows\System\LBzcPIa.exe

MD5 b20c48d03ca3dfad2880cb300f7e4c37
SHA1 e973d0bfa0942c565cbf859578c630e73489373d
SHA256 2dd2f6938cccffb4aaaf93c61dce86e583e403e291088b575a9a0f37b8eed00b
SHA512 08e284dd82d87071c40b137c36543ae77bcf8ec4362e7d966df587a7c2edf81285fce5e081a9107061fe88569f6d70b226be80ff6d362fd73612648de0847306

C:\Windows\System\lQrEpzT.exe

MD5 2cf219cf2bcf6af562fe1b352b928b7c
SHA1 8ff6b68db1e06768d96460da13970fde760a7b2a
SHA256 9df9e7db6f356270ffaa1657809db83efdd2e0459e6fbb1e391d78cc3a9262af
SHA512 4f19c9095daef53c44c854896c45429eda23bd5de41678b1c75e050cb1de84e8911ebfc4743351df46aebf27f52968d67b8795ce5906e787253be3e787790bb0

C:\Windows\System\qvvoger.exe

MD5 99390a7b23d1ed7df37ec91eb7578217
SHA1 23a90cd4ced00b098030bebf942f0dc6e18aa100
SHA256 15333a2bd4de6653bd49262cb25e07353ad6e40d328f34a3394437951e137e1b
SHA512 43afe51bf465eead9519ff31f077b658ac5c48947973a7f49a9e1c8a93efc33ed8d41defa7d1b7f35ad3fcc28a3a9dbad950561d87d587ed911da617ddd2ea25

memory/960-182-0x00007FF7F4900000-0x00007FF7F4C54000-memory.dmp

C:\Windows\System\sUFlyiA.exe

MD5 16b195219345d098cbf31c22bc0d7378
SHA1 13fc68303c68dd19678d10ce982643d165985c16
SHA256 b2d825d19c03f15ed1467869d2a62e7dffef5143d2431b2e0e8560372f2eec39
SHA512 7ce93e692a7dd1b041eafce5aefbc33136aa00360169ebcad239286a13d888ff08fa6a6b7a51a3af3cf98335f78fcfb03d3c8fc7ea9b616c597bc5c48779fc1a

memory/2404-174-0x00007FF61A930000-0x00007FF61AC84000-memory.dmp

C:\Windows\System\wsgycWd.exe

MD5 fa2d8367db128940a8b1a2ac0281981d
SHA1 b4a7672470e569015863692dce7bddfa47338212
SHA256 d22dedac557d4dcf23b4fcede049dcc5a6b36b960bf281643488e5f3de317ae0
SHA512 249b95c7ec9ebb6656b3b86242f927b9f7bde4523bdf31831c46d51e05228665a43e16b0c2a11a682c53b0e0c8bb4fdb5b6dcd8ec5d25148a96cd7f37cd13cae

memory/3860-710-0x00007FF7AD870000-0x00007FF7ADBC4000-memory.dmp

memory/2260-980-0x00007FF6FEC60000-0x00007FF6FEFB4000-memory.dmp

C:\Windows\System\GyMZdUU.exe

MD5 9b9e608152a26f2615de29a63e8e0fa3
SHA1 267743fa1830dbd5406874b01a5225a3ff72ba31
SHA256 de789ac864cd4151993ee26fdc11dadd33c3022d6976e0141269fcf12f97ddb1
SHA512 4a412381bd11f2cbdf2855a0d100ada8e0f61606d9033389771a9f7eb322e253e4e41eb4fe11167a516714e199f920b8c0f386d08c915f658b6db9cc6efba942

C:\Windows\System\KQauvnu.exe

MD5 c4606f98191685a2324409a3aa8e3532
SHA1 93becf25809d366985f53ee1ae533fff7e636d05
SHA256 01b2dfba2edbab63df5bbc0a9ae74b294477873c9fe2885fb94399b516641b1c
SHA512 085e87db1894b55d06b9d4b25bcfd95cc4b1e554a2dcdcf678149b0010c07367cdda47c3f387d5bf0b21b58a9e482205de4b04009e724f3cb34e213b89bf0f43

C:\Windows\System\Xriwkxt.exe

MD5 cb2c63ce13625488a47c431dd38bd2c1
SHA1 158556b075e3ec343fc8f3705ca7a864ec1155f8
SHA256 00759d120f471e0880397f8c0611fc380450ee376c0ef6d4b4054a6b328b1563
SHA512 074a68f971becdbb3ac5f3a39bef3d6e547c5e64a9c53522ca86963fe1383c3d7f4c817792fda8b0add36312e31e2ba3517f14fb8908b5a5c3b8ad56e972a0d0

memory/216-158-0x00007FF6BAFC0000-0x00007FF6BB314000-memory.dmp

C:\Windows\System\vDzduFW.exe

MD5 c045e3124046c44ed047a19cc2296062
SHA1 f2f7c4493d1b825363869b55986ae2c913179864
SHA256 e35ee968c68387dfe5fd5fa99acb2f781745610c45b49839dfc36ff14c8ec66d
SHA512 d00d30a123e128fd8287f9a24cbaee0a7c19ee2c5ece57a9bd228250ee1687ff351ed3865ad22a52c579766cbde35373ed1fa189b3b322a38cb221555a8f5524

C:\Windows\System\zPhqNwF.exe

MD5 803467dfa43d46927b25ca40cfdcb62b
SHA1 5a181046f958aad2344b23ae13f708db6039f36a
SHA256 ec96c3aff3c57f90ea525f1e92a7e5645f03ff640605a8853719bd5c38673276
SHA512 2ca13cfa3ead36803e122e4ca55bef3aeeeb72016063a3de14641a9f4bf25f69542ffebce508f91ce7f941b46c2c3c20217b9caaaa2ed1c9c8c9bb96f1e2e4d8

memory/964-137-0x00007FF7A24C0000-0x00007FF7A2814000-memory.dmp

memory/4340-130-0x00007FF768000000-0x00007FF768354000-memory.dmp

C:\Windows\System\pUYpjNA.exe

MD5 8d46fb595e91351a62de3f6980f59627
SHA1 71505796f7ee58680a0f9bfff5c7633484081dfa
SHA256 72d2d781c5e87e74d23aaed4d2ca5bf14e41a2310e359c2bbe7f95c00f8aadd4
SHA512 b78b5e815d746125a66df0bf2bf5bcdfb4e5dee96a00a534c90b657d5c8126ed0f67f19d0b1700a55deb70c4b21b0773bdc22d756ac3e6fd86e0c0b955c16fc4

memory/1656-1072-0x00007FF7B5C50000-0x00007FF7B5FA4000-memory.dmp

memory/964-1073-0x00007FF7A24C0000-0x00007FF7A2814000-memory.dmp

memory/960-1074-0x00007FF7F4900000-0x00007FF7F4C54000-memory.dmp

memory/1732-1076-0x00007FF70AD80000-0x00007FF70B0D4000-memory.dmp

memory/3540-1077-0x00007FF72E520000-0x00007FF72E874000-memory.dmp

memory/4504-1078-0x00007FF6601B0000-0x00007FF660504000-memory.dmp

memory/2260-1075-0x00007FF6FEC60000-0x00007FF6FEFB4000-memory.dmp

memory/644-1080-0x00007FF6D5BE0000-0x00007FF6D5F34000-memory.dmp

memory/2264-1082-0x00007FF758B50000-0x00007FF758EA4000-memory.dmp

memory/184-1088-0x00007FF674C00000-0x00007FF674F54000-memory.dmp

memory/2420-1089-0x00007FF7E2F60000-0x00007FF7E32B4000-memory.dmp

memory/3036-1090-0x00007FF70A0E0000-0x00007FF70A434000-memory.dmp

memory/2988-1091-0x00007FF74D0B0000-0x00007FF74D404000-memory.dmp

memory/5028-1092-0x00007FF6F35B0000-0x00007FF6F3904000-memory.dmp

memory/3220-1093-0x00007FF628D20000-0x00007FF629074000-memory.dmp

memory/4596-1087-0x00007FF7ADD20000-0x00007FF7AE074000-memory.dmp

memory/3168-1086-0x00007FF7C0680000-0x00007FF7C09D4000-memory.dmp

memory/4624-1085-0x00007FF7F47E0000-0x00007FF7F4B34000-memory.dmp

memory/1220-1084-0x00007FF6601D0000-0x00007FF660524000-memory.dmp

memory/804-1083-0x00007FF6B0DF0000-0x00007FF6B1144000-memory.dmp

memory/2408-1081-0x00007FF671A60000-0x00007FF671DB4000-memory.dmp

memory/1656-1079-0x00007FF7B5C50000-0x00007FF7B5FA4000-memory.dmp

memory/4340-1094-0x00007FF768000000-0x00007FF768354000-memory.dmp

memory/216-1096-0x00007FF6BAFC0000-0x00007FF6BB314000-memory.dmp

memory/964-1095-0x00007FF7A24C0000-0x00007FF7A2814000-memory.dmp

memory/2404-1097-0x00007FF61A930000-0x00007FF61AC84000-memory.dmp

memory/60-1098-0x00007FF623DB0000-0x00007FF624104000-memory.dmp

memory/960-1100-0x00007FF7F4900000-0x00007FF7F4C54000-memory.dmp

memory/4752-1099-0x00007FF6C3550000-0x00007FF6C38A4000-memory.dmp

memory/1268-1102-0x00007FF65AC70000-0x00007FF65AFC4000-memory.dmp

memory/2276-1103-0x00007FF6FBFE0000-0x00007FF6FC334000-memory.dmp

memory/4412-1101-0x00007FF6BC8B0000-0x00007FF6BCC04000-memory.dmp