Malware Analysis Report

2024-10-10 08:57

Sample ID 240605-gfvxhaff5z
Target 414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
SHA256 4451ea9ddb042e7f3866f67213f9b6ab54d4e4a138a8760cac06f6ea20d9fd43
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4451ea9ddb042e7f3866f67213f9b6ab54d4e4a138a8760cac06f6ea20d9fd43

Threat Level: Known bad

The file 414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

XMRig Miner payload

Xmrig family

KPOT

KPOT Core Executable

xmrig

Kpot family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 05:45

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 05:45

Reported

2024-06-05 05:49

Platform

win7-20240220-en

Max time kernel

136s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wYoSeyV.exe N/A
N/A N/A C:\Windows\System\ZRQuOiN.exe N/A
N/A N/A C:\Windows\System\vXFIwEr.exe N/A
N/A N/A C:\Windows\System\AFbcEAU.exe N/A
N/A N/A C:\Windows\System\jVWQdEP.exe N/A
N/A N/A C:\Windows\System\ijweTFJ.exe N/A
N/A N/A C:\Windows\System\dlwIigQ.exe N/A
N/A N/A C:\Windows\System\NihbksL.exe N/A
N/A N/A C:\Windows\System\rNTKZHE.exe N/A
N/A N/A C:\Windows\System\EqFbLDE.exe N/A
N/A N/A C:\Windows\System\ElQVvWo.exe N/A
N/A N/A C:\Windows\System\QBLhQIO.exe N/A
N/A N/A C:\Windows\System\LmKDOdx.exe N/A
N/A N/A C:\Windows\System\EJIdTsw.exe N/A
N/A N/A C:\Windows\System\PSDHzxb.exe N/A
N/A N/A C:\Windows\System\DvleuJN.exe N/A
N/A N/A C:\Windows\System\AgrPEJx.exe N/A
N/A N/A C:\Windows\System\cPeyGaw.exe N/A
N/A N/A C:\Windows\System\aYcfwrB.exe N/A
N/A N/A C:\Windows\System\xPkhRCq.exe N/A
N/A N/A C:\Windows\System\YDoHanM.exe N/A
N/A N/A C:\Windows\System\SxfYwgY.exe N/A
N/A N/A C:\Windows\System\qtOESKH.exe N/A
N/A N/A C:\Windows\System\mkmLzil.exe N/A
N/A N/A C:\Windows\System\YzMzdkF.exe N/A
N/A N/A C:\Windows\System\HXBKFtf.exe N/A
N/A N/A C:\Windows\System\efBnCjg.exe N/A
N/A N/A C:\Windows\System\jaTwTdm.exe N/A
N/A N/A C:\Windows\System\nMqMSeE.exe N/A
N/A N/A C:\Windows\System\xCIpuOO.exe N/A
N/A N/A C:\Windows\System\uggIEIx.exe N/A
N/A N/A C:\Windows\System\taWlvSG.exe N/A
N/A N/A C:\Windows\System\DFsKEVi.exe N/A
N/A N/A C:\Windows\System\powdQgr.exe N/A
N/A N/A C:\Windows\System\kdAUapQ.exe N/A
N/A N/A C:\Windows\System\MvTaFmk.exe N/A
N/A N/A C:\Windows\System\MlDFaQo.exe N/A
N/A N/A C:\Windows\System\bYVvxaw.exe N/A
N/A N/A C:\Windows\System\NcCBLnv.exe N/A
N/A N/A C:\Windows\System\KeHlkqK.exe N/A
N/A N/A C:\Windows\System\qLqryUo.exe N/A
N/A N/A C:\Windows\System\BuyFusw.exe N/A
N/A N/A C:\Windows\System\VwNutcZ.exe N/A
N/A N/A C:\Windows\System\tWhymjt.exe N/A
N/A N/A C:\Windows\System\AjqlVyu.exe N/A
N/A N/A C:\Windows\System\mIYhpEO.exe N/A
N/A N/A C:\Windows\System\aGWRunQ.exe N/A
N/A N/A C:\Windows\System\ZGachDe.exe N/A
N/A N/A C:\Windows\System\KXnhbBB.exe N/A
N/A N/A C:\Windows\System\hfkjXRK.exe N/A
N/A N/A C:\Windows\System\qVdYBib.exe N/A
N/A N/A C:\Windows\System\vhOkDUg.exe N/A
N/A N/A C:\Windows\System\oOYREmK.exe N/A
N/A N/A C:\Windows\System\TGqTkRo.exe N/A
N/A N/A C:\Windows\System\eonkZgf.exe N/A
N/A N/A C:\Windows\System\PXMLJJB.exe N/A
N/A N/A C:\Windows\System\PFdNvWT.exe N/A
N/A N/A C:\Windows\System\ggNSUkM.exe N/A
N/A N/A C:\Windows\System\PJRsHHG.exe N/A
N/A N/A C:\Windows\System\aDFIszI.exe N/A
N/A N/A C:\Windows\System\QEmlPvn.exe N/A
N/A N/A C:\Windows\System\emwFZgP.exe N/A
N/A N/A C:\Windows\System\AVmutEE.exe N/A
N/A N/A C:\Windows\System\DGTACXF.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AjqlVyu.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ihDIFdY.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNFFnKS.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRgMiHD.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tysStAZ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufSIOVW.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YvpZOUU.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\anScdSd.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QPoqtHX.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDpFYkC.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlwIigQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ijweTFJ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NihbksL.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgqGgwb.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbDeBdO.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RkYLMFa.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPeVZOM.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFsKEVi.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZjfMXy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcVFqiT.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nuDutaP.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aDFIszI.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIapMFU.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLDWcBl.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PSDHzxb.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\clwZNaG.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRxogTG.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TWqwhuU.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ShuHQQy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuWphqy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrnMBCv.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\powdQgr.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QwDkYbi.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vCHCRrt.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zJHkceg.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dVzKBnV.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwCccsu.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIkGjRj.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pcORQVO.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OTleYMf.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKnkJuQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOuNcFF.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MTVJbDF.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuOqEPc.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yybXcMx.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rNTKZHE.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFdNvWT.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCHzbKD.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\anySqMC.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\THwmuUh.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwRnGcQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TSeIoez.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bxCNZZC.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GbBkjbZ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwFGNmQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kkaysSP.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FrQFHjP.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFXCbPD.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZCzSlha.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ggNSUkM.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKLKzYX.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yoYPdzu.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPbUjRA.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xCIpuOO.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1984 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\wYoSeyV.exe
PID 1984 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\wYoSeyV.exe
PID 1984 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\wYoSeyV.exe
PID 1984 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ZRQuOiN.exe
PID 1984 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ZRQuOiN.exe
PID 1984 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ZRQuOiN.exe
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vXFIwEr.exe
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vXFIwEr.exe
PID 1984 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vXFIwEr.exe
PID 1984 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\jVWQdEP.exe
PID 1984 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\jVWQdEP.exe
PID 1984 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\jVWQdEP.exe
PID 1984 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AFbcEAU.exe
PID 1984 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AFbcEAU.exe
PID 1984 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AFbcEAU.exe
PID 1984 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\dlwIigQ.exe
PID 1984 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\dlwIigQ.exe
PID 1984 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\dlwIigQ.exe
PID 1984 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ijweTFJ.exe
PID 1984 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ijweTFJ.exe
PID 1984 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ijweTFJ.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\NihbksL.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\NihbksL.exe
PID 1984 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\NihbksL.exe
PID 1984 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\rNTKZHE.exe
PID 1984 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\rNTKZHE.exe
PID 1984 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\rNTKZHE.exe
PID 1984 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EqFbLDE.exe
PID 1984 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EqFbLDE.exe
PID 1984 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EqFbLDE.exe
PID 1984 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ElQVvWo.exe
PID 1984 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ElQVvWo.exe
PID 1984 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ElQVvWo.exe
PID 1984 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\QBLhQIO.exe
PID 1984 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\QBLhQIO.exe
PID 1984 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\QBLhQIO.exe
PID 1984 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\LmKDOdx.exe
PID 1984 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\LmKDOdx.exe
PID 1984 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\LmKDOdx.exe
PID 1984 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EJIdTsw.exe
PID 1984 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EJIdTsw.exe
PID 1984 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\EJIdTsw.exe
PID 1984 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\PSDHzxb.exe
PID 1984 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\PSDHzxb.exe
PID 1984 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\PSDHzxb.exe
PID 1984 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\DvleuJN.exe
PID 1984 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\DvleuJN.exe
PID 1984 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\DvleuJN.exe
PID 1984 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AgrPEJx.exe
PID 1984 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AgrPEJx.exe
PID 1984 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AgrPEJx.exe
PID 1984 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\cPeyGaw.exe
PID 1984 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\cPeyGaw.exe
PID 1984 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\cPeyGaw.exe
PID 1984 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\aYcfwrB.exe
PID 1984 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\aYcfwrB.exe
PID 1984 wrote to memory of 288 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\aYcfwrB.exe
PID 1984 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\xPkhRCq.exe
PID 1984 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\xPkhRCq.exe
PID 1984 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\xPkhRCq.exe
PID 1984 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\YDoHanM.exe
PID 1984 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\YDoHanM.exe
PID 1984 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\YDoHanM.exe
PID 1984 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\qtOESKH.exe

Processes

C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"

C:\Windows\System\wYoSeyV.exe

C:\Windows\System\wYoSeyV.exe

C:\Windows\System\ZRQuOiN.exe

C:\Windows\System\ZRQuOiN.exe

C:\Windows\System\vXFIwEr.exe

C:\Windows\System\vXFIwEr.exe

C:\Windows\System\jVWQdEP.exe

C:\Windows\System\jVWQdEP.exe

C:\Windows\System\AFbcEAU.exe

C:\Windows\System\AFbcEAU.exe

C:\Windows\System\dlwIigQ.exe

C:\Windows\System\dlwIigQ.exe

C:\Windows\System\ijweTFJ.exe

C:\Windows\System\ijweTFJ.exe

C:\Windows\System\NihbksL.exe

C:\Windows\System\NihbksL.exe

C:\Windows\System\rNTKZHE.exe

C:\Windows\System\rNTKZHE.exe

C:\Windows\System\EqFbLDE.exe

C:\Windows\System\EqFbLDE.exe

C:\Windows\System\ElQVvWo.exe

C:\Windows\System\ElQVvWo.exe

C:\Windows\System\QBLhQIO.exe

C:\Windows\System\QBLhQIO.exe

C:\Windows\System\LmKDOdx.exe

C:\Windows\System\LmKDOdx.exe

C:\Windows\System\EJIdTsw.exe

C:\Windows\System\EJIdTsw.exe

C:\Windows\System\PSDHzxb.exe

C:\Windows\System\PSDHzxb.exe

C:\Windows\System\DvleuJN.exe

C:\Windows\System\DvleuJN.exe

C:\Windows\System\AgrPEJx.exe

C:\Windows\System\AgrPEJx.exe

C:\Windows\System\cPeyGaw.exe

C:\Windows\System\cPeyGaw.exe

C:\Windows\System\aYcfwrB.exe

C:\Windows\System\aYcfwrB.exe

C:\Windows\System\xPkhRCq.exe

C:\Windows\System\xPkhRCq.exe

C:\Windows\System\YDoHanM.exe

C:\Windows\System\YDoHanM.exe

C:\Windows\System\qtOESKH.exe

C:\Windows\System\qtOESKH.exe

C:\Windows\System\SxfYwgY.exe

C:\Windows\System\SxfYwgY.exe

C:\Windows\System\YzMzdkF.exe

C:\Windows\System\YzMzdkF.exe

C:\Windows\System\mkmLzil.exe

C:\Windows\System\mkmLzil.exe

C:\Windows\System\HXBKFtf.exe

C:\Windows\System\HXBKFtf.exe

C:\Windows\System\efBnCjg.exe

C:\Windows\System\efBnCjg.exe

C:\Windows\System\jaTwTdm.exe

C:\Windows\System\jaTwTdm.exe

C:\Windows\System\xCIpuOO.exe

C:\Windows\System\xCIpuOO.exe

C:\Windows\System\nMqMSeE.exe

C:\Windows\System\nMqMSeE.exe

C:\Windows\System\uggIEIx.exe

C:\Windows\System\uggIEIx.exe

C:\Windows\System\taWlvSG.exe

C:\Windows\System\taWlvSG.exe

C:\Windows\System\kdAUapQ.exe

C:\Windows\System\kdAUapQ.exe

C:\Windows\System\DFsKEVi.exe

C:\Windows\System\DFsKEVi.exe

C:\Windows\System\MvTaFmk.exe

C:\Windows\System\MvTaFmk.exe

C:\Windows\System\powdQgr.exe

C:\Windows\System\powdQgr.exe

C:\Windows\System\MlDFaQo.exe

C:\Windows\System\MlDFaQo.exe

C:\Windows\System\bYVvxaw.exe

C:\Windows\System\bYVvxaw.exe

C:\Windows\System\NcCBLnv.exe

C:\Windows\System\NcCBLnv.exe

C:\Windows\System\KeHlkqK.exe

C:\Windows\System\KeHlkqK.exe

C:\Windows\System\BuyFusw.exe

C:\Windows\System\BuyFusw.exe

C:\Windows\System\qLqryUo.exe

C:\Windows\System\qLqryUo.exe

C:\Windows\System\VwNutcZ.exe

C:\Windows\System\VwNutcZ.exe

C:\Windows\System\tWhymjt.exe

C:\Windows\System\tWhymjt.exe

C:\Windows\System\AjqlVyu.exe

C:\Windows\System\AjqlVyu.exe

C:\Windows\System\mIYhpEO.exe

C:\Windows\System\mIYhpEO.exe

C:\Windows\System\aGWRunQ.exe

C:\Windows\System\aGWRunQ.exe

C:\Windows\System\ZGachDe.exe

C:\Windows\System\ZGachDe.exe

C:\Windows\System\KXnhbBB.exe

C:\Windows\System\KXnhbBB.exe

C:\Windows\System\hfkjXRK.exe

C:\Windows\System\hfkjXRK.exe

C:\Windows\System\qVdYBib.exe

C:\Windows\System\qVdYBib.exe

C:\Windows\System\vhOkDUg.exe

C:\Windows\System\vhOkDUg.exe

C:\Windows\System\oOYREmK.exe

C:\Windows\System\oOYREmK.exe

C:\Windows\System\TGqTkRo.exe

C:\Windows\System\TGqTkRo.exe

C:\Windows\System\eonkZgf.exe

C:\Windows\System\eonkZgf.exe

C:\Windows\System\PXMLJJB.exe

C:\Windows\System\PXMLJJB.exe

C:\Windows\System\PFdNvWT.exe

C:\Windows\System\PFdNvWT.exe

C:\Windows\System\ggNSUkM.exe

C:\Windows\System\ggNSUkM.exe

C:\Windows\System\PJRsHHG.exe

C:\Windows\System\PJRsHHG.exe

C:\Windows\System\aDFIszI.exe

C:\Windows\System\aDFIszI.exe

C:\Windows\System\QEmlPvn.exe

C:\Windows\System\QEmlPvn.exe

C:\Windows\System\emwFZgP.exe

C:\Windows\System\emwFZgP.exe

C:\Windows\System\AVmutEE.exe

C:\Windows\System\AVmutEE.exe

C:\Windows\System\DGTACXF.exe

C:\Windows\System\DGTACXF.exe

C:\Windows\System\xypvJSI.exe

C:\Windows\System\xypvJSI.exe

C:\Windows\System\DiBaBRV.exe

C:\Windows\System\DiBaBRV.exe

C:\Windows\System\GxOJNiH.exe

C:\Windows\System\GxOJNiH.exe

C:\Windows\System\hgGBsPY.exe

C:\Windows\System\hgGBsPY.exe

C:\Windows\System\tysStAZ.exe

C:\Windows\System\tysStAZ.exe

C:\Windows\System\yTmUPTt.exe

C:\Windows\System\yTmUPTt.exe

C:\Windows\System\QwDkYbi.exe

C:\Windows\System\QwDkYbi.exe

C:\Windows\System\vCHCRrt.exe

C:\Windows\System\vCHCRrt.exe

C:\Windows\System\CBmvysq.exe

C:\Windows\System\CBmvysq.exe

C:\Windows\System\IQevYOT.exe

C:\Windows\System\IQevYOT.exe

C:\Windows\System\sgqGgwb.exe

C:\Windows\System\sgqGgwb.exe

C:\Windows\System\nuWRSoA.exe

C:\Windows\System\nuWRSoA.exe

C:\Windows\System\TSgkmbQ.exe

C:\Windows\System\TSgkmbQ.exe

C:\Windows\System\fwyveTj.exe

C:\Windows\System\fwyveTj.exe

C:\Windows\System\xvaqkCh.exe

C:\Windows\System\xvaqkCh.exe

C:\Windows\System\btKnama.exe

C:\Windows\System\btKnama.exe

C:\Windows\System\cTWLaMZ.exe

C:\Windows\System\cTWLaMZ.exe

C:\Windows\System\FDKnQzP.exe

C:\Windows\System\FDKnQzP.exe

C:\Windows\System\ufSIOVW.exe

C:\Windows\System\ufSIOVW.exe

C:\Windows\System\wZvLBbS.exe

C:\Windows\System\wZvLBbS.exe

C:\Windows\System\ztehJrO.exe

C:\Windows\System\ztehJrO.exe

C:\Windows\System\CUIvOUt.exe

C:\Windows\System\CUIvOUt.exe

C:\Windows\System\AwFGNmQ.exe

C:\Windows\System\AwFGNmQ.exe

C:\Windows\System\FyEjaYe.exe

C:\Windows\System\FyEjaYe.exe

C:\Windows\System\IZjfMXy.exe

C:\Windows\System\IZjfMXy.exe

C:\Windows\System\DidhPrC.exe

C:\Windows\System\DidhPrC.exe

C:\Windows\System\qKLKzYX.exe

C:\Windows\System\qKLKzYX.exe

C:\Windows\System\QdxvRlf.exe

C:\Windows\System\QdxvRlf.exe

C:\Windows\System\MiDshCr.exe

C:\Windows\System\MiDshCr.exe

C:\Windows\System\JyayxGy.exe

C:\Windows\System\JyayxGy.exe

C:\Windows\System\jyRiklt.exe

C:\Windows\System\jyRiklt.exe

C:\Windows\System\jbYuhsM.exe

C:\Windows\System\jbYuhsM.exe

C:\Windows\System\oKLtBZk.exe

C:\Windows\System\oKLtBZk.exe

C:\Windows\System\JHUGolC.exe

C:\Windows\System\JHUGolC.exe

C:\Windows\System\TpykTqM.exe

C:\Windows\System\TpykTqM.exe

C:\Windows\System\HfFqSIZ.exe

C:\Windows\System\HfFqSIZ.exe

C:\Windows\System\fYoCJHq.exe

C:\Windows\System\fYoCJHq.exe

C:\Windows\System\LCHzbKD.exe

C:\Windows\System\LCHzbKD.exe

C:\Windows\System\YvpZOUU.exe

C:\Windows\System\YvpZOUU.exe

C:\Windows\System\AKbprGw.exe

C:\Windows\System\AKbprGw.exe

C:\Windows\System\JkQTFsu.exe

C:\Windows\System\JkQTFsu.exe

C:\Windows\System\UNMiSbY.exe

C:\Windows\System\UNMiSbY.exe

C:\Windows\System\TlwZopm.exe

C:\Windows\System\TlwZopm.exe

C:\Windows\System\ssrEDSP.exe

C:\Windows\System\ssrEDSP.exe

C:\Windows\System\MUyIxiw.exe

C:\Windows\System\MUyIxiw.exe

C:\Windows\System\hmZFGmG.exe

C:\Windows\System\hmZFGmG.exe

C:\Windows\System\sCeQStZ.exe

C:\Windows\System\sCeQStZ.exe

C:\Windows\System\XUUDjzc.exe

C:\Windows\System\XUUDjzc.exe

C:\Windows\System\EVbJcYM.exe

C:\Windows\System\EVbJcYM.exe

C:\Windows\System\JQKdCwA.exe

C:\Windows\System\JQKdCwA.exe

C:\Windows\System\SldBYOg.exe

C:\Windows\System\SldBYOg.exe

C:\Windows\System\UzXuihr.exe

C:\Windows\System\UzXuihr.exe

C:\Windows\System\VUerZCV.exe

C:\Windows\System\VUerZCV.exe

C:\Windows\System\OhyGcwd.exe

C:\Windows\System\OhyGcwd.exe

C:\Windows\System\gFZYTZH.exe

C:\Windows\System\gFZYTZH.exe

C:\Windows\System\lPawTTJ.exe

C:\Windows\System\lPawTTJ.exe

C:\Windows\System\GwOXWKt.exe

C:\Windows\System\GwOXWKt.exe

C:\Windows\System\aNZnEyj.exe

C:\Windows\System\aNZnEyj.exe

C:\Windows\System\MvfOXrn.exe

C:\Windows\System\MvfOXrn.exe

C:\Windows\System\lzGKBKh.exe

C:\Windows\System\lzGKBKh.exe

C:\Windows\System\LwMlbhr.exe

C:\Windows\System\LwMlbhr.exe

C:\Windows\System\clwZNaG.exe

C:\Windows\System\clwZNaG.exe

C:\Windows\System\LqwIIhj.exe

C:\Windows\System\LqwIIhj.exe

C:\Windows\System\rNVozso.exe

C:\Windows\System\rNVozso.exe

C:\Windows\System\EzxRjLi.exe

C:\Windows\System\EzxRjLi.exe

C:\Windows\System\dZjLxDo.exe

C:\Windows\System\dZjLxDo.exe

C:\Windows\System\qYUnDLm.exe

C:\Windows\System\qYUnDLm.exe

C:\Windows\System\WWMiWrJ.exe

C:\Windows\System\WWMiWrJ.exe

C:\Windows\System\aXVKjKn.exe

C:\Windows\System\aXVKjKn.exe

C:\Windows\System\iRxogTG.exe

C:\Windows\System\iRxogTG.exe

C:\Windows\System\kkaysSP.exe

C:\Windows\System\kkaysSP.exe

C:\Windows\System\RzZmRca.exe

C:\Windows\System\RzZmRca.exe

C:\Windows\System\qIbXiTA.exe

C:\Windows\System\qIbXiTA.exe

C:\Windows\System\kIkGjRj.exe

C:\Windows\System\kIkGjRj.exe

C:\Windows\System\mPyliyG.exe

C:\Windows\System\mPyliyG.exe

C:\Windows\System\yOXQcVq.exe

C:\Windows\System\yOXQcVq.exe

C:\Windows\System\mEdzXVt.exe

C:\Windows\System\mEdzXVt.exe

C:\Windows\System\rfOeokH.exe

C:\Windows\System\rfOeokH.exe

C:\Windows\System\FTgOxho.exe

C:\Windows\System\FTgOxho.exe

C:\Windows\System\rRHdPJs.exe

C:\Windows\System\rRHdPJs.exe

C:\Windows\System\ANjILxa.exe

C:\Windows\System\ANjILxa.exe

C:\Windows\System\WhieQLh.exe

C:\Windows\System\WhieQLh.exe

C:\Windows\System\OfUyGel.exe

C:\Windows\System\OfUyGel.exe

C:\Windows\System\VaZtYYX.exe

C:\Windows\System\VaZtYYX.exe

C:\Windows\System\mhJypCm.exe

C:\Windows\System\mhJypCm.exe

C:\Windows\System\kDqmyQE.exe

C:\Windows\System\kDqmyQE.exe

C:\Windows\System\TWqwhuU.exe

C:\Windows\System\TWqwhuU.exe

C:\Windows\System\eKxdtvW.exe

C:\Windows\System\eKxdtvW.exe

C:\Windows\System\ImbIZmI.exe

C:\Windows\System\ImbIZmI.exe

C:\Windows\System\zCSROZK.exe

C:\Windows\System\zCSROZK.exe

C:\Windows\System\MCZImAJ.exe

C:\Windows\System\MCZImAJ.exe

C:\Windows\System\HfQTXyZ.exe

C:\Windows\System\HfQTXyZ.exe

C:\Windows\System\CbbBZKr.exe

C:\Windows\System\CbbBZKr.exe

C:\Windows\System\MTVJbDF.exe

C:\Windows\System\MTVJbDF.exe

C:\Windows\System\FrQFHjP.exe

C:\Windows\System\FrQFHjP.exe

C:\Windows\System\NVidpgM.exe

C:\Windows\System\NVidpgM.exe

C:\Windows\System\FrsifPe.exe

C:\Windows\System\FrsifPe.exe

C:\Windows\System\aWgNxVg.exe

C:\Windows\System\aWgNxVg.exe

C:\Windows\System\KdfAelO.exe

C:\Windows\System\KdfAelO.exe

C:\Windows\System\SJgnIUh.exe

C:\Windows\System\SJgnIUh.exe

C:\Windows\System\mweBqtm.exe

C:\Windows\System\mweBqtm.exe

C:\Windows\System\pYgfwvq.exe

C:\Windows\System\pYgfwvq.exe

C:\Windows\System\pcORQVO.exe

C:\Windows\System\pcORQVO.exe

C:\Windows\System\KUTHXZY.exe

C:\Windows\System\KUTHXZY.exe

C:\Windows\System\yUESXhp.exe

C:\Windows\System\yUESXhp.exe

C:\Windows\System\mLGrUJu.exe

C:\Windows\System\mLGrUJu.exe

C:\Windows\System\rnnHRCa.exe

C:\Windows\System\rnnHRCa.exe

C:\Windows\System\FazCjFa.exe

C:\Windows\System\FazCjFa.exe

C:\Windows\System\zaeILNp.exe

C:\Windows\System\zaeILNp.exe

C:\Windows\System\qSNlqRm.exe

C:\Windows\System\qSNlqRm.exe

C:\Windows\System\iOlnrQr.exe

C:\Windows\System\iOlnrQr.exe

C:\Windows\System\FuBFTOg.exe

C:\Windows\System\FuBFTOg.exe

C:\Windows\System\omayOlT.exe

C:\Windows\System\omayOlT.exe

C:\Windows\System\mXYhDFB.exe

C:\Windows\System\mXYhDFB.exe

C:\Windows\System\qRqxZgD.exe

C:\Windows\System\qRqxZgD.exe

C:\Windows\System\kvKMFry.exe

C:\Windows\System\kvKMFry.exe

C:\Windows\System\eONbENK.exe

C:\Windows\System\eONbENK.exe

C:\Windows\System\OTleYMf.exe

C:\Windows\System\OTleYMf.exe

C:\Windows\System\pQtcZyQ.exe

C:\Windows\System\pQtcZyQ.exe

C:\Windows\System\SwRnGcQ.exe

C:\Windows\System\SwRnGcQ.exe

C:\Windows\System\PPxSooT.exe

C:\Windows\System\PPxSooT.exe

C:\Windows\System\EgHvubh.exe

C:\Windows\System\EgHvubh.exe

C:\Windows\System\YtOrJji.exe

C:\Windows\System\YtOrJji.exe

C:\Windows\System\FHJMNKH.exe

C:\Windows\System\FHJMNKH.exe

C:\Windows\System\NNSvsmP.exe

C:\Windows\System\NNSvsmP.exe

C:\Windows\System\VsuWJlN.exe

C:\Windows\System\VsuWJlN.exe

C:\Windows\System\JjNnMbL.exe

C:\Windows\System\JjNnMbL.exe

C:\Windows\System\rSsyhwy.exe

C:\Windows\System\rSsyhwy.exe

C:\Windows\System\kbDeBdO.exe

C:\Windows\System\kbDeBdO.exe

C:\Windows\System\ShuHQQy.exe

C:\Windows\System\ShuHQQy.exe

C:\Windows\System\RAaMEnM.exe

C:\Windows\System\RAaMEnM.exe

C:\Windows\System\oktrsUS.exe

C:\Windows\System\oktrsUS.exe

C:\Windows\System\SurwiAV.exe

C:\Windows\System\SurwiAV.exe

C:\Windows\System\uagcBxr.exe

C:\Windows\System\uagcBxr.exe

C:\Windows\System\anScdSd.exe

C:\Windows\System\anScdSd.exe

C:\Windows\System\HFwFeha.exe

C:\Windows\System\HFwFeha.exe

C:\Windows\System\hiPYPPE.exe

C:\Windows\System\hiPYPPE.exe

C:\Windows\System\zJiSgvb.exe

C:\Windows\System\zJiSgvb.exe

C:\Windows\System\RcVFqiT.exe

C:\Windows\System\RcVFqiT.exe

C:\Windows\System\QdDkynZ.exe

C:\Windows\System\QdDkynZ.exe

C:\Windows\System\qLUttWR.exe

C:\Windows\System\qLUttWR.exe

C:\Windows\System\ASxsOab.exe

C:\Windows\System\ASxsOab.exe

C:\Windows\System\DPYNZUE.exe

C:\Windows\System\DPYNZUE.exe

C:\Windows\System\anySqMC.exe

C:\Windows\System\anySqMC.exe

C:\Windows\System\zJHkceg.exe

C:\Windows\System\zJHkceg.exe

C:\Windows\System\eYyDuqx.exe

C:\Windows\System\eYyDuqx.exe

C:\Windows\System\iobiIeT.exe

C:\Windows\System\iobiIeT.exe

C:\Windows\System\jLKvbHt.exe

C:\Windows\System\jLKvbHt.exe

C:\Windows\System\ArEZLdp.exe

C:\Windows\System\ArEZLdp.exe

C:\Windows\System\nhCRCgQ.exe

C:\Windows\System\nhCRCgQ.exe

C:\Windows\System\wbuPxqd.exe

C:\Windows\System\wbuPxqd.exe

C:\Windows\System\rIamqVJ.exe

C:\Windows\System\rIamqVJ.exe

C:\Windows\System\SuWphqy.exe

C:\Windows\System\SuWphqy.exe

C:\Windows\System\urHcjdp.exe

C:\Windows\System\urHcjdp.exe

C:\Windows\System\vfkrvDC.exe

C:\Windows\System\vfkrvDC.exe

C:\Windows\System\gALjdJr.exe

C:\Windows\System\gALjdJr.exe

C:\Windows\System\klkYTIa.exe

C:\Windows\System\klkYTIa.exe

C:\Windows\System\ivbzBNF.exe

C:\Windows\System\ivbzBNF.exe

C:\Windows\System\BnibKql.exe

C:\Windows\System\BnibKql.exe

C:\Windows\System\GxufPQH.exe

C:\Windows\System\GxufPQH.exe

C:\Windows\System\wDzopCU.exe

C:\Windows\System\wDzopCU.exe

C:\Windows\System\nWBaUYV.exe

C:\Windows\System\nWBaUYV.exe

C:\Windows\System\NFXCbPD.exe

C:\Windows\System\NFXCbPD.exe

C:\Windows\System\nOSYCuh.exe

C:\Windows\System\nOSYCuh.exe

C:\Windows\System\QCcnAOM.exe

C:\Windows\System\QCcnAOM.exe

C:\Windows\System\RkYLMFa.exe

C:\Windows\System\RkYLMFa.exe

C:\Windows\System\nVSNOkA.exe

C:\Windows\System\nVSNOkA.exe

C:\Windows\System\QPoqtHX.exe

C:\Windows\System\QPoqtHX.exe

C:\Windows\System\hAgZRDN.exe

C:\Windows\System\hAgZRDN.exe

C:\Windows\System\bTZGPrL.exe

C:\Windows\System\bTZGPrL.exe

C:\Windows\System\wTUHoux.exe

C:\Windows\System\wTUHoux.exe

C:\Windows\System\rPaYCeJ.exe

C:\Windows\System\rPaYCeJ.exe

C:\Windows\System\uVTeeXg.exe

C:\Windows\System\uVTeeXg.exe

C:\Windows\System\ZCzSlha.exe

C:\Windows\System\ZCzSlha.exe

C:\Windows\System\vdbnvYB.exe

C:\Windows\System\vdbnvYB.exe

C:\Windows\System\SegRxsm.exe

C:\Windows\System\SegRxsm.exe

C:\Windows\System\ZPzuuEE.exe

C:\Windows\System\ZPzuuEE.exe

C:\Windows\System\GSTABKB.exe

C:\Windows\System\GSTABKB.exe

C:\Windows\System\iDreziU.exe

C:\Windows\System\iDreziU.exe

C:\Windows\System\ZvkiYSb.exe

C:\Windows\System\ZvkiYSb.exe

C:\Windows\System\GOZZtLv.exe

C:\Windows\System\GOZZtLv.exe

C:\Windows\System\oIapMFU.exe

C:\Windows\System\oIapMFU.exe

C:\Windows\System\vzQIfpV.exe

C:\Windows\System\vzQIfpV.exe

C:\Windows\System\GmotzcW.exe

C:\Windows\System\GmotzcW.exe

C:\Windows\System\lEvNuyq.exe

C:\Windows\System\lEvNuyq.exe

C:\Windows\System\BYAxOny.exe

C:\Windows\System\BYAxOny.exe

C:\Windows\System\dZhNMCh.exe

C:\Windows\System\dZhNMCh.exe

C:\Windows\System\mtrmcnZ.exe

C:\Windows\System\mtrmcnZ.exe

C:\Windows\System\DkVDDGN.exe

C:\Windows\System\DkVDDGN.exe

C:\Windows\System\HRLWFmN.exe

C:\Windows\System\HRLWFmN.exe

C:\Windows\System\DDMhTaP.exe

C:\Windows\System\DDMhTaP.exe

C:\Windows\System\yoYPdzu.exe

C:\Windows\System\yoYPdzu.exe

C:\Windows\System\eWoIvNW.exe

C:\Windows\System\eWoIvNW.exe

C:\Windows\System\vRhRLpC.exe

C:\Windows\System\vRhRLpC.exe

C:\Windows\System\jNCLNLE.exe

C:\Windows\System\jNCLNLE.exe

C:\Windows\System\zxMcubc.exe

C:\Windows\System\zxMcubc.exe

C:\Windows\System\TiOVXFF.exe

C:\Windows\System\TiOVXFF.exe

C:\Windows\System\RipFVHV.exe

C:\Windows\System\RipFVHV.exe

C:\Windows\System\VuOqEPc.exe

C:\Windows\System\VuOqEPc.exe

C:\Windows\System\tUEOYww.exe

C:\Windows\System\tUEOYww.exe

C:\Windows\System\ojShvLA.exe

C:\Windows\System\ojShvLA.exe

C:\Windows\System\yYFsqUt.exe

C:\Windows\System\yYFsqUt.exe

C:\Windows\System\TSeIoez.exe

C:\Windows\System\TSeIoez.exe

C:\Windows\System\fThQXLx.exe

C:\Windows\System\fThQXLx.exe

C:\Windows\System\pKnkJuQ.exe

C:\Windows\System\pKnkJuQ.exe

C:\Windows\System\UXvfQpc.exe

C:\Windows\System\UXvfQpc.exe

C:\Windows\System\ihDIFdY.exe

C:\Windows\System\ihDIFdY.exe

C:\Windows\System\VNFFnKS.exe

C:\Windows\System\VNFFnKS.exe

C:\Windows\System\bxCNZZC.exe

C:\Windows\System\bxCNZZC.exe

C:\Windows\System\esszxpo.exe

C:\Windows\System\esszxpo.exe

C:\Windows\System\qTyhztA.exe

C:\Windows\System\qTyhztA.exe

C:\Windows\System\zytBCWD.exe

C:\Windows\System\zytBCWD.exe

C:\Windows\System\DREWXun.exe

C:\Windows\System\DREWXun.exe

C:\Windows\System\kChNNGY.exe

C:\Windows\System\kChNNGY.exe

C:\Windows\System\jDUxlgf.exe

C:\Windows\System\jDUxlgf.exe

C:\Windows\System\fvrUwnW.exe

C:\Windows\System\fvrUwnW.exe

C:\Windows\System\dVzKBnV.exe

C:\Windows\System\dVzKBnV.exe

C:\Windows\System\RKmFWFT.exe

C:\Windows\System\RKmFWFT.exe

C:\Windows\System\lyExlOO.exe

C:\Windows\System\lyExlOO.exe

C:\Windows\System\HAIzSst.exe

C:\Windows\System\HAIzSst.exe

C:\Windows\System\yMlRPCf.exe

C:\Windows\System\yMlRPCf.exe

C:\Windows\System\MivSCsp.exe

C:\Windows\System\MivSCsp.exe

C:\Windows\System\nuDutaP.exe

C:\Windows\System\nuDutaP.exe

C:\Windows\System\fRqKhml.exe

C:\Windows\System\fRqKhml.exe

C:\Windows\System\lpSWLOe.exe

C:\Windows\System\lpSWLOe.exe

C:\Windows\System\cPeVZOM.exe

C:\Windows\System\cPeVZOM.exe

C:\Windows\System\HfhWCIP.exe

C:\Windows\System\HfhWCIP.exe

C:\Windows\System\JLDWcBl.exe

C:\Windows\System\JLDWcBl.exe

C:\Windows\System\SIfCUvu.exe

C:\Windows\System\SIfCUvu.exe

C:\Windows\System\KwCccsu.exe

C:\Windows\System\KwCccsu.exe

C:\Windows\System\EdBRgcP.exe

C:\Windows\System\EdBRgcP.exe

C:\Windows\System\dOuNcFF.exe

C:\Windows\System\dOuNcFF.exe

C:\Windows\System\GbBkjbZ.exe

C:\Windows\System\GbBkjbZ.exe

C:\Windows\System\wgAkEXm.exe

C:\Windows\System\wgAkEXm.exe

C:\Windows\System\wjMFxhO.exe

C:\Windows\System\wjMFxhO.exe

C:\Windows\System\THwmuUh.exe

C:\Windows\System\THwmuUh.exe

C:\Windows\System\ZOsnfZG.exe

C:\Windows\System\ZOsnfZG.exe

C:\Windows\System\tVcjVnw.exe

C:\Windows\System\tVcjVnw.exe

C:\Windows\System\hPXmbCb.exe

C:\Windows\System\hPXmbCb.exe

C:\Windows\System\fLbLklM.exe

C:\Windows\System\fLbLklM.exe

C:\Windows\System\ImfrLrA.exe

C:\Windows\System\ImfrLrA.exe

C:\Windows\System\hrnMBCv.exe

C:\Windows\System\hrnMBCv.exe

C:\Windows\System\xCICHbI.exe

C:\Windows\System\xCICHbI.exe

C:\Windows\System\sekJLzj.exe

C:\Windows\System\sekJLzj.exe

C:\Windows\System\CDpFYkC.exe

C:\Windows\System\CDpFYkC.exe

C:\Windows\System\IZGczfz.exe

C:\Windows\System\IZGczfz.exe

C:\Windows\System\WwNpJWj.exe

C:\Windows\System\WwNpJWj.exe

C:\Windows\System\GRgMiHD.exe

C:\Windows\System\GRgMiHD.exe

C:\Windows\System\JJLkwaF.exe

C:\Windows\System\JJLkwaF.exe

C:\Windows\System\yxrxLnJ.exe

C:\Windows\System\yxrxLnJ.exe

C:\Windows\System\gGJKZAB.exe

C:\Windows\System\gGJKZAB.exe

C:\Windows\System\ZPbUjRA.exe

C:\Windows\System\ZPbUjRA.exe

C:\Windows\System\NYwVnBp.exe

C:\Windows\System\NYwVnBp.exe

C:\Windows\System\yybXcMx.exe

C:\Windows\System\yybXcMx.exe

C:\Windows\System\ktKEtPw.exe

C:\Windows\System\ktKEtPw.exe

C:\Windows\System\hLkpzFZ.exe

C:\Windows\System\hLkpzFZ.exe

C:\Windows\System\tUAdAxL.exe

C:\Windows\System\tUAdAxL.exe

C:\Windows\System\HTVhpch.exe

C:\Windows\System\HTVhpch.exe

C:\Windows\System\FPBgtJf.exe

C:\Windows\System\FPBgtJf.exe

C:\Windows\System\RVSFrWP.exe

C:\Windows\System\RVSFrWP.exe

C:\Windows\System\mnNPGBY.exe

C:\Windows\System\mnNPGBY.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

\Windows\system\uggIEIx.exe

MD5 6f79929539cf65dcb1e405ed0a538ec1
SHA1 46963681601be609a978fb70a544460fdecbb830
SHA256 8292e8db4cea39d46d950b64cc55f87ab625ecdebcbe27f469743b8d918b78e8
SHA512 e991eb3fcf3d9e8bf2f4b7d6bc5ccb92f66bf173e56c3693b2cbd12083aeda0fcdb439b0c82e3da3f8abfa3d37b16394bcf458c3b338809e1ffa376eff9aa3d0

C:\Windows\system\uggIEIx.exe

MD5 460a560d9343614b4f5d3d4dba3f4ee8
SHA1 b7e4e11f7bd5df3f2363cf6c1fa4d5ae53e0122e
SHA256 fd744e6808c52535a94243828181a8d013638b8f8817cf398b9172e0ee7b110d
SHA512 1f115a8993e51d1f37533d08960597baad579468fd9fc33ed73870d8dbecffbacf74c482d28ec7d6893e63aba21811f0abf2dfee545d005b933bc73799ad2c80

\Windows\system\xCIpuOO.exe

MD5 0b4145c2cc110331e4da5e560102704d
SHA1 c566b9a6ceb44b7f1c214b316c08f6bec9d9b2b1
SHA256 45685ced1acb15c50a2e82577fa387cda30481d8f7a525239c32c5f5bf6e48b4
SHA512 abf913119d63f487a6aab21c7aef0828fd1abea0d0c9a3b66bf2a375882b42bf9f76fd9b59dbd74e92020f35616ebd4ca75dc1ea4b5b55a7e8ed17cc28d58dc6

C:\Windows\system\efBnCjg.exe

MD5 127f4866c00e3ecb45b1d23b1d0c741c
SHA1 bbd6a9cffc79a79bd90d816b9900c68bfca18543
SHA256 bcc97a96b21714501a1a73d093ecbf16bebdde5c4d96059fba2ad80c8b5330a5
SHA512 c7527a9f1edae2d067417b282065ad27153e8fbc1423f8998711e828f7b5c2f6434c8cd15eb1be193ec5e0e78c50d3413aca371edb5d76738fe331728ad68c91

memory/1984-143-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-149-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/1984-131-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-121-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2852-138-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/1984-137-0x000000013F560000-0x000000013F8B4000-memory.dmp

C:\Windows\system\SxfYwgY.exe

MD5 1979b0879876186bd0f5aa0f254c132a
SHA1 e892dbefcbe90935ad660042061e35b51203706e
SHA256 7da4f6f471002ec76d839ba97be537c656ab453f09a6bdb3e3d038b53e35c156
SHA512 1aae061748aa9b3f592b54687a21b721bcbaa1962fbcde211e2eb6b16e91b420fcff2582b6b47f09b0b5676c869963698eb54cb0695c46e63e130c4a2be1965d

memory/1984-126-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-116-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/2372-107-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2864-104-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2460-103-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2500-94-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2304-91-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2576-87-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2392-79-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/1984-78-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2664-77-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/1984-75-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-69-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2600-66-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2584-60-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/1984-55-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-1068-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-1067-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2532-41-0x000000013FA00000-0x000000013FD54000-memory.dmp

\Windows\system\ijweTFJ.exe

MD5 9b577ffff6c1f5ffff7f64441d883431
SHA1 10ba0bbbec3c90794664c7d383f12f8e5eb6c74b
SHA256 91f3e82906a538100a99ed926f9fc65724c6b25f34a3a65f82125b966c8582db
SHA512 f8bb3727a9f20749433ece4d83348bcfd5e5e28efa7ccba238d5a6d724481df6d5f37b94f4ffcea847376be6b1b47a9ca7c6e243f6823afe20547eef85d0ed8f

memory/1036-28-0x000000013FD00000-0x0000000140054000-memory.dmp

C:\Windows\system\jVWQdEP.exe

MD5 9f03c1e8a19f19c9c45da43a423e0a14
SHA1 d2a703fa74678641f486c752be544e84b61a98ce
SHA256 19e57cb695e9244fe767c678339f563de14070b43eb07b000264ced259475064
SHA512 a1c0cdac6a9ce360516c585d2a64c7c50034a342c0accadf24adb66c4908020d1d1abe105ce2e8bca3f50f328aa140b7cb1764d4a36d28c426f912a4bdf10e38

C:\Windows\system\AFbcEAU.exe

MD5 c82368624fc0cbc229c201ce1985bc94
SHA1 ee5f9762a48551b4aca0f410ce58ba6b3a31c5e7
SHA256 931c951679eb1fb702111027aabfe5c2dbae5ee0133b51e3a18f5413cb866a95
SHA512 a02b7bbdc00adbf81d06cac9c2ff95404ee7daaf391f997518b816e211a80c24bef9f62cfffbf4467be156c5ab3f90c9c19fabf63f6e25a559ab78ca4191369f

memory/1360-18-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/1984-12-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1984-1-0x0000000000080000-0x0000000000090000-memory.dmp

memory/1984-0-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/1984-1069-0x0000000002080000-0x00000000023D4000-memory.dmp

memory/1360-1070-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/1036-1071-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2460-1080-0x000000013F800000-0x000000013FB54000-memory.dmp

memory/2864-1082-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2372-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2852-1081-0x000000013F560000-0x000000013F8B4000-memory.dmp

memory/2500-1079-0x000000013F930000-0x000000013FC84000-memory.dmp

memory/2304-1078-0x000000013F050000-0x000000013F3A4000-memory.dmp

memory/2576-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2664-1076-0x000000013F360000-0x000000013F6B4000-memory.dmp

memory/2392-1075-0x000000013FA80000-0x000000013FDD4000-memory.dmp

memory/2600-1074-0x000000013F940000-0x000000013FC94000-memory.dmp

memory/2584-1073-0x000000013F860000-0x000000013FBB4000-memory.dmp

memory/2532-1072-0x000000013FA00000-0x000000013FD54000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 05:45

Reported

2024-06-05 05:48

Platform

win10v2004-20240508-en

Max time kernel

2s

Max time network

150s

Command Line

C:\Users\Admin\AppData\Local\Temp\2731331116\zmstage.exe

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\QEOtYyB.exe N/A
N/A N/A C:\Windows\System\IPcPsRL.exe N/A
N/A N/A C:\Windows\System\iKMKFvv.exe N/A
N/A N/A C:\Windows\System\Cydqkfg.exe N/A
N/A N/A C:\Windows\System\nHVaHJy.exe N/A
N/A N/A C:\Windows\System\qGDaaQy.exe N/A
N/A N/A C:\Windows\System\vRgEDkB.exe N/A
N/A N/A C:\Windows\System\aiJAxiY.exe N/A
N/A N/A C:\Windows\System\nlbyyDI.exe N/A
N/A N/A C:\Windows\System\BTMWgNb.exe N/A
N/A N/A C:\Windows\System\ZqHOFIm.exe N/A
N/A N/A C:\Windows\System\hPCxctJ.exe N/A
N/A N/A C:\Windows\System\HOphxJK.exe N/A
N/A N/A C:\Windows\System\pbxqCIc.exe N/A
N/A N/A C:\Windows\System\ywPDHfM.exe N/A
N/A N/A C:\Windows\System\AechukS.exe N/A
N/A N/A C:\Windows\System\yBFwVoo.exe N/A
N/A N/A C:\Windows\System\orGcNCT.exe N/A
N/A N/A C:\Windows\System\ugrJzEN.exe N/A
N/A N/A C:\Windows\System\KrKvQeB.exe N/A
N/A N/A C:\Windows\System\OPWRZxc.exe N/A
N/A N/A C:\Windows\System\mHCopyL.exe N/A
N/A N/A C:\Windows\System\ybWKuNa.exe N/A
N/A N/A C:\Windows\System\ficYgop.exe N/A
N/A N/A C:\Windows\System\ogWFiuS.exe N/A
N/A N/A C:\Windows\System\vsVBewf.exe N/A
N/A N/A C:\Windows\System\ufwBkAU.exe N/A
N/A N/A C:\Windows\System\VOVJwMA.exe N/A
N/A N/A C:\Windows\System\JiPtgRz.exe N/A
N/A N/A C:\Windows\System\usXBokG.exe N/A
N/A N/A C:\Windows\System\eBlqDMw.exe N/A
N/A N/A C:\Windows\System\lJeKKIv.exe N/A
N/A N/A C:\Windows\System\fzOGVBh.exe N/A
N/A N/A C:\Windows\System\jeXSRbc.exe N/A
N/A N/A C:\Windows\System\xYyvQIq.exe N/A
N/A N/A C:\Windows\System\sgwrhwP.exe N/A
N/A N/A C:\Windows\System\lZFdBQW.exe N/A
N/A N/A C:\Windows\System\RInWerZ.exe N/A
N/A N/A C:\Windows\System\xWEuuyZ.exe N/A
N/A N/A C:\Windows\System\PPJOazu.exe N/A
N/A N/A C:\Windows\System\oMnliKj.exe N/A
N/A N/A C:\Windows\System\fuxcDRH.exe N/A
N/A N/A C:\Windows\System\RXEHTPA.exe N/A
N/A N/A C:\Windows\System\TcGYeur.exe N/A
N/A N/A C:\Windows\System\WxBnsth.exe N/A
N/A N/A C:\Windows\System\IMAkrEn.exe N/A
N/A N/A C:\Windows\System\UDWVLQB.exe N/A
N/A N/A C:\Windows\System\irgtXHn.exe N/A
N/A N/A C:\Windows\System\HOIhfeQ.exe N/A
N/A N/A C:\Windows\System\Xojisns.exe N/A
N/A N/A C:\Windows\System\rGYCNOp.exe N/A
N/A N/A C:\Windows\System\DENorrY.exe N/A
N/A N/A C:\Windows\System\GnDqjUo.exe N/A
N/A N/A C:\Windows\System\bPZspVF.exe N/A
N/A N/A C:\Windows\System\dmvBUPY.exe N/A
N/A N/A C:\Windows\System\saTCbxu.exe N/A
N/A N/A C:\Windows\System\kfCGmHB.exe N/A
N/A N/A C:\Windows\System\aMChEDP.exe N/A
N/A N/A C:\Windows\System\jxYntOu.exe N/A
N/A N/A C:\Windows\System\xLcDDGF.exe N/A
N/A N/A C:\Windows\System\BEmSpUB.exe N/A
N/A N/A C:\Windows\System\cbbbbKj.exe N/A
N/A N/A C:\Windows\System\SemznYk.exe N/A
N/A N/A C:\Windows\System\hcfkjzJ.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\QEOtYyB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hPCxctJ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOphxJK.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\saTCbxu.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxYntOu.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hcfkjzJ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTMWgNb.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\orGcNCT.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KrKvQeB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IMAkrEn.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PEmTkcA.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugrJzEN.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kfCGmHB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZqHOFIm.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogWFiuS.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vsVBewf.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xWEuuyZ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fuxcDRH.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbxqCIc.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lZFdBQW.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RXEHTPA.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DENorrY.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iKMKFvv.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPWRZxc.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SemznYk.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDWVLQB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMChEDP.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BEmSpUB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rReiOrh.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SKCcfNT.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNwoswy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHCopyL.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgwrhwP.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Xojisns.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGYCNOp.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dOKiVns.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPcPsRL.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHVaHJy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGDaaQy.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRgEDkB.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JiPtgRz.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GnDqjUo.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xLcDDGF.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnkPUfd.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IwvMAuw.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOVJwMA.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eBlqDMw.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJeKKIv.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oMnliKj.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TcGYeur.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WxBnsth.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\irgtXHn.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aiJAxiY.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybWKuNa.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ficYgop.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RInWerZ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbmVFgx.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xsXPFoQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AechukS.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ufwBkAU.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xYyvQIq.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOIhfeQ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dmvBUPY.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDEIslJ.exe C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4824 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\QEOtYyB.exe
PID 4824 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\QEOtYyB.exe
PID 4824 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\IPcPsRL.exe
PID 4824 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\IPcPsRL.exe
PID 4824 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\iKMKFvv.exe
PID 4824 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\iKMKFvv.exe
PID 4824 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\Cydqkfg.exe
PID 4824 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\Cydqkfg.exe
PID 4824 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\nHVaHJy.exe
PID 4824 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\nHVaHJy.exe
PID 4824 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\qGDaaQy.exe
PID 4824 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\qGDaaQy.exe
PID 4824 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vRgEDkB.exe
PID 4824 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vRgEDkB.exe
PID 4824 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\aiJAxiY.exe
PID 4824 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\aiJAxiY.exe
PID 4824 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\nlbyyDI.exe
PID 4824 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\nlbyyDI.exe
PID 4824 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\BTMWgNb.exe
PID 4824 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\BTMWgNb.exe
PID 4824 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ZqHOFIm.exe
PID 4824 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ZqHOFIm.exe
PID 4824 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\hPCxctJ.exe
PID 4824 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\hPCxctJ.exe
PID 4824 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\HOphxJK.exe
PID 4824 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\HOphxJK.exe
PID 4824 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\pbxqCIc.exe
PID 4824 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\pbxqCIc.exe
PID 4824 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ywPDHfM.exe
PID 4824 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ywPDHfM.exe
PID 4824 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AechukS.exe
PID 4824 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\AechukS.exe
PID 4824 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\yBFwVoo.exe
PID 4824 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\yBFwVoo.exe
PID 4824 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\orGcNCT.exe
PID 4824 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\orGcNCT.exe
PID 4824 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ugrJzEN.exe
PID 4824 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ugrJzEN.exe
PID 4824 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\KrKvQeB.exe
PID 4824 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\KrKvQeB.exe
PID 4824 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\OPWRZxc.exe
PID 4824 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\OPWRZxc.exe
PID 4824 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\mHCopyL.exe
PID 4824 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\mHCopyL.exe
PID 4824 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ybWKuNa.exe
PID 4824 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ybWKuNa.exe
PID 4824 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ficYgop.exe
PID 4824 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ficYgop.exe
PID 4824 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ogWFiuS.exe
PID 4824 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ogWFiuS.exe
PID 4824 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vsVBewf.exe
PID 4824 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\vsVBewf.exe
PID 4824 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ufwBkAU.exe
PID 4824 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\ufwBkAU.exe
PID 4824 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\VOVJwMA.exe
PID 4824 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\VOVJwMA.exe
PID 4824 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\JiPtgRz.exe
PID 4824 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\JiPtgRz.exe
PID 4824 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\usXBokG.exe
PID 4824 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\usXBokG.exe
PID 4824 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\eBlqDMw.exe
PID 4824 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\eBlqDMw.exe
PID 4824 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\lJeKKIv.exe
PID 4824 wrote to memory of 3464 N/A C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe C:\Windows\System\lJeKKIv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2731331116\zmstage.exe

C:\Users\Admin\AppData\Local\Temp\2731331116\zmstage.exe

C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"

C:\Windows\System\QEOtYyB.exe

C:\Windows\System\QEOtYyB.exe

C:\Windows\System\IPcPsRL.exe

C:\Windows\System\IPcPsRL.exe

C:\Windows\System\iKMKFvv.exe

C:\Windows\System\iKMKFvv.exe

C:\Windows\System\Cydqkfg.exe

C:\Windows\System\Cydqkfg.exe

C:\Windows\System\nHVaHJy.exe

C:\Windows\System\nHVaHJy.exe

C:\Windows\System\qGDaaQy.exe

C:\Windows\System\qGDaaQy.exe

C:\Windows\System\vRgEDkB.exe

C:\Windows\System\vRgEDkB.exe

C:\Windows\System\aiJAxiY.exe

C:\Windows\System\aiJAxiY.exe

C:\Windows\System\nlbyyDI.exe

C:\Windows\System\nlbyyDI.exe

C:\Windows\System\BTMWgNb.exe

C:\Windows\System\BTMWgNb.exe

C:\Windows\System\ZqHOFIm.exe

C:\Windows\System\ZqHOFIm.exe

C:\Windows\System\hPCxctJ.exe

C:\Windows\System\hPCxctJ.exe

C:\Windows\System\HOphxJK.exe

C:\Windows\System\HOphxJK.exe

C:\Windows\System\pbxqCIc.exe

C:\Windows\System\pbxqCIc.exe

C:\Windows\System\ywPDHfM.exe

C:\Windows\System\ywPDHfM.exe

C:\Windows\System\AechukS.exe

C:\Windows\System\AechukS.exe

C:\Windows\System\yBFwVoo.exe

C:\Windows\System\yBFwVoo.exe

C:\Windows\System\orGcNCT.exe

C:\Windows\System\orGcNCT.exe

C:\Windows\System\ugrJzEN.exe

C:\Windows\System\ugrJzEN.exe

C:\Windows\System\KrKvQeB.exe

C:\Windows\System\KrKvQeB.exe

C:\Windows\System\OPWRZxc.exe

C:\Windows\System\OPWRZxc.exe

C:\Windows\System\mHCopyL.exe

C:\Windows\System\mHCopyL.exe

C:\Windows\System\ybWKuNa.exe

C:\Windows\System\ybWKuNa.exe

C:\Windows\System\ficYgop.exe

C:\Windows\System\ficYgop.exe

C:\Windows\System\ogWFiuS.exe

C:\Windows\System\ogWFiuS.exe

C:\Windows\System\vsVBewf.exe

C:\Windows\System\vsVBewf.exe

C:\Windows\System\ufwBkAU.exe

C:\Windows\System\ufwBkAU.exe

C:\Windows\System\VOVJwMA.exe

C:\Windows\System\VOVJwMA.exe

C:\Windows\System\JiPtgRz.exe

C:\Windows\System\JiPtgRz.exe

C:\Windows\System\usXBokG.exe

C:\Windows\System\usXBokG.exe

C:\Windows\System\eBlqDMw.exe

C:\Windows\System\eBlqDMw.exe

C:\Windows\System\lJeKKIv.exe

C:\Windows\System\lJeKKIv.exe

C:\Windows\System\fzOGVBh.exe

C:\Windows\System\fzOGVBh.exe

C:\Windows\System\jeXSRbc.exe

C:\Windows\System\jeXSRbc.exe

C:\Windows\System\xYyvQIq.exe

C:\Windows\System\xYyvQIq.exe

C:\Windows\System\sgwrhwP.exe

C:\Windows\System\sgwrhwP.exe

C:\Windows\System\lZFdBQW.exe

C:\Windows\System\lZFdBQW.exe

C:\Windows\System\RInWerZ.exe

C:\Windows\System\RInWerZ.exe

C:\Windows\System\xWEuuyZ.exe

C:\Windows\System\xWEuuyZ.exe

C:\Windows\System\PPJOazu.exe

C:\Windows\System\PPJOazu.exe

C:\Windows\System\oMnliKj.exe

C:\Windows\System\oMnliKj.exe

C:\Windows\System\fuxcDRH.exe

C:\Windows\System\fuxcDRH.exe

C:\Windows\System\RXEHTPA.exe

C:\Windows\System\RXEHTPA.exe

C:\Windows\System\TcGYeur.exe

C:\Windows\System\TcGYeur.exe

C:\Windows\System\WxBnsth.exe

C:\Windows\System\WxBnsth.exe

C:\Windows\System\IMAkrEn.exe

C:\Windows\System\IMAkrEn.exe

C:\Windows\System\UDWVLQB.exe

C:\Windows\System\UDWVLQB.exe

C:\Windows\System\irgtXHn.exe

C:\Windows\System\irgtXHn.exe

C:\Windows\System\HOIhfeQ.exe

C:\Windows\System\HOIhfeQ.exe

C:\Windows\System\Xojisns.exe

C:\Windows\System\Xojisns.exe

C:\Windows\System\rGYCNOp.exe

C:\Windows\System\rGYCNOp.exe

C:\Windows\System\DENorrY.exe

C:\Windows\System\DENorrY.exe

C:\Windows\System\GnDqjUo.exe

C:\Windows\System\GnDqjUo.exe

C:\Windows\System\bPZspVF.exe

C:\Windows\System\bPZspVF.exe

C:\Windows\System\dmvBUPY.exe

C:\Windows\System\dmvBUPY.exe

C:\Windows\System\saTCbxu.exe

C:\Windows\System\saTCbxu.exe

C:\Windows\System\kfCGmHB.exe

C:\Windows\System\kfCGmHB.exe

C:\Windows\System\aMChEDP.exe

C:\Windows\System\aMChEDP.exe

C:\Windows\System\jxYntOu.exe

C:\Windows\System\jxYntOu.exe

C:\Windows\System\xLcDDGF.exe

C:\Windows\System\xLcDDGF.exe

C:\Windows\System\BEmSpUB.exe

C:\Windows\System\BEmSpUB.exe

C:\Windows\System\cbbbbKj.exe

C:\Windows\System\cbbbbKj.exe

C:\Windows\System\SemznYk.exe

C:\Windows\System\SemznYk.exe

C:\Windows\System\hcfkjzJ.exe

C:\Windows\System\hcfkjzJ.exe

C:\Windows\System\QnkPUfd.exe

C:\Windows\System\QnkPUfd.exe

C:\Windows\System\sDEIslJ.exe

C:\Windows\System\sDEIslJ.exe

C:\Windows\System\OhjgoPF.exe

C:\Windows\System\OhjgoPF.exe

C:\Windows\System\MbmVFgx.exe

C:\Windows\System\MbmVFgx.exe

C:\Windows\System\xsXPFoQ.exe

C:\Windows\System\xsXPFoQ.exe

C:\Windows\System\SKCcfNT.exe

C:\Windows\System\SKCcfNT.exe

C:\Windows\System\YfOkSbr.exe

C:\Windows\System\YfOkSbr.exe

C:\Windows\System\rReiOrh.exe

C:\Windows\System\rReiOrh.exe

C:\Windows\System\TRXVoCP.exe

C:\Windows\System\TRXVoCP.exe

C:\Windows\System\PEmTkcA.exe

C:\Windows\System\PEmTkcA.exe

C:\Windows\System\dOKiVns.exe

C:\Windows\System\dOKiVns.exe

C:\Windows\System\oNwoswy.exe

C:\Windows\System\oNwoswy.exe

C:\Windows\System\IwvMAuw.exe

C:\Windows\System\IwvMAuw.exe

C:\Windows\System\QGuQlPq.exe

C:\Windows\System\QGuQlPq.exe

C:\Windows\System\IwBaiSb.exe

C:\Windows\System\IwBaiSb.exe

C:\Windows\System\KgkZbpt.exe

C:\Windows\System\KgkZbpt.exe

C:\Windows\System\MuXMAZA.exe

C:\Windows\System\MuXMAZA.exe

C:\Windows\System\fGRmoke.exe

C:\Windows\System\fGRmoke.exe

C:\Windows\System\cxHUXpR.exe

C:\Windows\System\cxHUXpR.exe

C:\Windows\System\IoBhJdo.exe

C:\Windows\System\IoBhJdo.exe

C:\Windows\System\inkchRF.exe

C:\Windows\System\inkchRF.exe

C:\Windows\System\sIFAJAk.exe

C:\Windows\System\sIFAJAk.exe

C:\Windows\System\SbAZlUh.exe

C:\Windows\System\SbAZlUh.exe

C:\Windows\System\SJCrYnu.exe

C:\Windows\System\SJCrYnu.exe

C:\Windows\System\MaLnrSu.exe

C:\Windows\System\MaLnrSu.exe

C:\Windows\System\BGkYCPl.exe

C:\Windows\System\BGkYCPl.exe

C:\Windows\System\GgPTZiQ.exe

C:\Windows\System\GgPTZiQ.exe

C:\Windows\System\TFPTIkj.exe

C:\Windows\System\TFPTIkj.exe

C:\Windows\System\MfJUegh.exe

C:\Windows\System\MfJUegh.exe

C:\Windows\System\nqwZLDV.exe

C:\Windows\System\nqwZLDV.exe

C:\Windows\System\jnOWFbz.exe

C:\Windows\System\jnOWFbz.exe

C:\Windows\System\dSttFaC.exe

C:\Windows\System\dSttFaC.exe

C:\Windows\System\iXlxwMb.exe

C:\Windows\System\iXlxwMb.exe

C:\Windows\System\qzcuBiB.exe

C:\Windows\System\qzcuBiB.exe

C:\Windows\System\xZebfjj.exe

C:\Windows\System\xZebfjj.exe

C:\Windows\System\lrqwOPq.exe

C:\Windows\System\lrqwOPq.exe

C:\Windows\System\JmQmJIQ.exe

C:\Windows\System\JmQmJIQ.exe

C:\Windows\System\DAPnTLo.exe

C:\Windows\System\DAPnTLo.exe

C:\Windows\System\SPFZOlb.exe

C:\Windows\System\SPFZOlb.exe

C:\Windows\System\OsdofeJ.exe

C:\Windows\System\OsdofeJ.exe

C:\Windows\System\NHrfFtC.exe

C:\Windows\System\NHrfFtC.exe

C:\Windows\System\eXjnpVl.exe

C:\Windows\System\eXjnpVl.exe

C:\Windows\System\LzyIdzn.exe

C:\Windows\System\LzyIdzn.exe

C:\Windows\System\iFazrww.exe

C:\Windows\System\iFazrww.exe

C:\Windows\System\LtUgXoJ.exe

C:\Windows\System\LtUgXoJ.exe

C:\Windows\System\LOXqTuV.exe

C:\Windows\System\LOXqTuV.exe

C:\Windows\System\dglReFm.exe

C:\Windows\System\dglReFm.exe

C:\Windows\System\RJQiOxH.exe

C:\Windows\System\RJQiOxH.exe

C:\Windows\System\QESrJJm.exe

C:\Windows\System\QESrJJm.exe

C:\Windows\System\xmwrMlF.exe

C:\Windows\System\xmwrMlF.exe

C:\Windows\System\AwXMpuA.exe

C:\Windows\System\AwXMpuA.exe

C:\Windows\System\sahhHJB.exe

C:\Windows\System\sahhHJB.exe

C:\Windows\System\EjkrSJi.exe

C:\Windows\System\EjkrSJi.exe

C:\Windows\System\cxJKhYn.exe

C:\Windows\System\cxJKhYn.exe

C:\Windows\System\BVQHtOb.exe

C:\Windows\System\BVQHtOb.exe

C:\Windows\System\WvzXDju.exe

C:\Windows\System\WvzXDju.exe

C:\Windows\System\osaXZLx.exe

C:\Windows\System\osaXZLx.exe

C:\Windows\System\BfRdmnS.exe

C:\Windows\System\BfRdmnS.exe

C:\Windows\System\UHreoJv.exe

C:\Windows\System\UHreoJv.exe

C:\Windows\System\EGFwgBA.exe

C:\Windows\System\EGFwgBA.exe

C:\Windows\System\sYFDjGi.exe

C:\Windows\System\sYFDjGi.exe

C:\Windows\System\PUPUTeW.exe

C:\Windows\System\PUPUTeW.exe

C:\Windows\System\ZVVVIxJ.exe

C:\Windows\System\ZVVVIxJ.exe

C:\Windows\System\WBtcVug.exe

C:\Windows\System\WBtcVug.exe

C:\Windows\System\VUUATIZ.exe

C:\Windows\System\VUUATIZ.exe

C:\Windows\System\vGGPJjI.exe

C:\Windows\System\vGGPJjI.exe

C:\Windows\System\hIpqQFd.exe

C:\Windows\System\hIpqQFd.exe

C:\Windows\System\OnZjseq.exe

C:\Windows\System\OnZjseq.exe

C:\Windows\System\mimQDVL.exe

C:\Windows\System\mimQDVL.exe

C:\Windows\System\eoqmgrX.exe

C:\Windows\System\eoqmgrX.exe

C:\Windows\System\NDZnkGN.exe

C:\Windows\System\NDZnkGN.exe

C:\Windows\System\WromAND.exe

C:\Windows\System\WromAND.exe

C:\Windows\System\EOKrNst.exe

C:\Windows\System\EOKrNst.exe

C:\Windows\System\UiQulFa.exe

C:\Windows\System\UiQulFa.exe

C:\Windows\System\cGQMvsg.exe

C:\Windows\System\cGQMvsg.exe

C:\Windows\System\wYjSrvP.exe

C:\Windows\System\wYjSrvP.exe

C:\Windows\System\XhhEHwP.exe

C:\Windows\System\XhhEHwP.exe

C:\Windows\System\EbQJTxg.exe

C:\Windows\System\EbQJTxg.exe

C:\Windows\System\QDZvAkp.exe

C:\Windows\System\QDZvAkp.exe

C:\Windows\System\GGkGwot.exe

C:\Windows\System\GGkGwot.exe

C:\Windows\System\sMKgpGQ.exe

C:\Windows\System\sMKgpGQ.exe

C:\Windows\System\UyQJQVZ.exe

C:\Windows\System\UyQJQVZ.exe

C:\Windows\System\cBvNvnD.exe

C:\Windows\System\cBvNvnD.exe

C:\Windows\System\PTJLlVX.exe

C:\Windows\System\PTJLlVX.exe

C:\Windows\System\AYtpqEA.exe

C:\Windows\System\AYtpqEA.exe

C:\Windows\System\ncVHROs.exe

C:\Windows\System\ncVHROs.exe

C:\Windows\System\qlHybgo.exe

C:\Windows\System\qlHybgo.exe

C:\Windows\System\IczHJQJ.exe

C:\Windows\System\IczHJQJ.exe

C:\Windows\System\EKSsYOm.exe

C:\Windows\System\EKSsYOm.exe

C:\Windows\System\RZHwDnV.exe

C:\Windows\System\RZHwDnV.exe

C:\Windows\System\hRjOOXC.exe

C:\Windows\System\hRjOOXC.exe

C:\Windows\System\WvWoent.exe

C:\Windows\System\WvWoent.exe

C:\Windows\System\PZTokxQ.exe

C:\Windows\System\PZTokxQ.exe

C:\Windows\System\KqilsrI.exe

C:\Windows\System\KqilsrI.exe

C:\Windows\System\UrhNBiy.exe

C:\Windows\System\UrhNBiy.exe

C:\Windows\System\PfDetnG.exe

C:\Windows\System\PfDetnG.exe

C:\Windows\System\udqIyPd.exe

C:\Windows\System\udqIyPd.exe

C:\Windows\System\IVscOTD.exe

C:\Windows\System\IVscOTD.exe

C:\Windows\System\MlSgeBp.exe

C:\Windows\System\MlSgeBp.exe

C:\Windows\System\pXuAwrh.exe

C:\Windows\System\pXuAwrh.exe

C:\Windows\System\IgKISOl.exe

C:\Windows\System\IgKISOl.exe

C:\Windows\System\qTgOvLq.exe

C:\Windows\System\qTgOvLq.exe

C:\Windows\System\ciLkqwh.exe

C:\Windows\System\ciLkqwh.exe

C:\Windows\System\tYwuJky.exe

C:\Windows\System\tYwuJky.exe

C:\Windows\System\aHsdDoF.exe

C:\Windows\System\aHsdDoF.exe

C:\Windows\System\oMwCUvs.exe

C:\Windows\System\oMwCUvs.exe

C:\Windows\System\PfoSlJw.exe

C:\Windows\System\PfoSlJw.exe

C:\Windows\System\HzMJIHt.exe

C:\Windows\System\HzMJIHt.exe

C:\Windows\System\OpsPmGT.exe

C:\Windows\System\OpsPmGT.exe

C:\Windows\System\zyMjyFz.exe

C:\Windows\System\zyMjyFz.exe

C:\Windows\System\ODZsXRW.exe

C:\Windows\System\ODZsXRW.exe

C:\Windows\System\nPjjyNo.exe

C:\Windows\System\nPjjyNo.exe

C:\Windows\System\qvWfdwD.exe

C:\Windows\System\qvWfdwD.exe

C:\Windows\System\SHlhUpP.exe

C:\Windows\System\SHlhUpP.exe

C:\Windows\System\vTkDScQ.exe

C:\Windows\System\vTkDScQ.exe

C:\Windows\System\RWmgHuu.exe

C:\Windows\System\RWmgHuu.exe

C:\Windows\System\AMlUJZy.exe

C:\Windows\System\AMlUJZy.exe

C:\Windows\System\xRJPsAl.exe

C:\Windows\System\xRJPsAl.exe

C:\Windows\System\mqCgXaB.exe

C:\Windows\System\mqCgXaB.exe

C:\Windows\System\zPyikDb.exe

C:\Windows\System\zPyikDb.exe

C:\Windows\System\kPTUrCA.exe

C:\Windows\System\kPTUrCA.exe

C:\Windows\System\KlXZesa.exe

C:\Windows\System\KlXZesa.exe

C:\Windows\System\EAymgLh.exe

C:\Windows\System\EAymgLh.exe

C:\Windows\System\nLHtEdS.exe

C:\Windows\System\nLHtEdS.exe

C:\Windows\System\VPNaKSA.exe

C:\Windows\System\VPNaKSA.exe

C:\Windows\System\KnMjdql.exe

C:\Windows\System\KnMjdql.exe

C:\Windows\System\RCsOMRN.exe

C:\Windows\System\RCsOMRN.exe

C:\Windows\System\tnLtLMh.exe

C:\Windows\System\tnLtLMh.exe

C:\Windows\System\rXihYhk.exe

C:\Windows\System\rXihYhk.exe

C:\Windows\System\giVwGUp.exe

C:\Windows\System\giVwGUp.exe

C:\Windows\System\PSrVUmG.exe

C:\Windows\System\PSrVUmG.exe

C:\Windows\System\SwCAGbf.exe

C:\Windows\System\SwCAGbf.exe

C:\Windows\System\mHAaKoh.exe

C:\Windows\System\mHAaKoh.exe

C:\Windows\System\vLtqTdD.exe

C:\Windows\System\vLtqTdD.exe

C:\Windows\System\TsiNEZe.exe

C:\Windows\System\TsiNEZe.exe

C:\Windows\System\faQjCyn.exe

C:\Windows\System\faQjCyn.exe

C:\Windows\System\SWFckrQ.exe

C:\Windows\System\SWFckrQ.exe

C:\Windows\System\jvpmqAe.exe

C:\Windows\System\jvpmqAe.exe

C:\Windows\System\KmevgHi.exe

C:\Windows\System\KmevgHi.exe

C:\Windows\System\xKLHReQ.exe

C:\Windows\System\xKLHReQ.exe

C:\Windows\System\SvOBfND.exe

C:\Windows\System\SvOBfND.exe

C:\Windows\System\MujOnsK.exe

C:\Windows\System\MujOnsK.exe

C:\Windows\System\ofuwFbz.exe

C:\Windows\System\ofuwFbz.exe

C:\Windows\System\yQPFTJo.exe

C:\Windows\System\yQPFTJo.exe

C:\Windows\System\wtLKVLT.exe

C:\Windows\System\wtLKVLT.exe

C:\Windows\System\UubFYEL.exe

C:\Windows\System\UubFYEL.exe

C:\Windows\System\eyLnhgz.exe

C:\Windows\System\eyLnhgz.exe

C:\Windows\System\yAbggFN.exe

C:\Windows\System\yAbggFN.exe

C:\Windows\System\KoiXjAN.exe

C:\Windows\System\KoiXjAN.exe

C:\Windows\System\SpSuSsI.exe

C:\Windows\System\SpSuSsI.exe

C:\Windows\System\oRZLTEe.exe

C:\Windows\System\oRZLTEe.exe

C:\Windows\System\AyXsSvR.exe

C:\Windows\System\AyXsSvR.exe

C:\Windows\System\pkWveJt.exe

C:\Windows\System\pkWveJt.exe

C:\Windows\System\wnpRdyq.exe

C:\Windows\System\wnpRdyq.exe

C:\Windows\System\mGZGUxV.exe

C:\Windows\System\mGZGUxV.exe

C:\Windows\System\OYjwoXC.exe

C:\Windows\System\OYjwoXC.exe

C:\Windows\System\nToVIgy.exe

C:\Windows\System\nToVIgy.exe

C:\Windows\System\BHjxsaL.exe

C:\Windows\System\BHjxsaL.exe

C:\Windows\System\TlGjVIM.exe

C:\Windows\System\TlGjVIM.exe

C:\Windows\System\MotXFtH.exe

C:\Windows\System\MotXFtH.exe

C:\Windows\System\qZkyLSX.exe

C:\Windows\System\qZkyLSX.exe

C:\Windows\System\hScfEqT.exe

C:\Windows\System\hScfEqT.exe

C:\Windows\System\NKymzAB.exe

C:\Windows\System\NKymzAB.exe

C:\Windows\System\XKcSJLD.exe

C:\Windows\System\XKcSJLD.exe

C:\Windows\System\NhYnQSr.exe

C:\Windows\System\NhYnQSr.exe

C:\Windows\System\isPAJrP.exe

C:\Windows\System\isPAJrP.exe

C:\Windows\System\DfqZHzu.exe

C:\Windows\System\DfqZHzu.exe

C:\Windows\System\VhCiILB.exe

C:\Windows\System\VhCiILB.exe

C:\Windows\System\kCieIWv.exe

C:\Windows\System\kCieIWv.exe

C:\Windows\System\VWFfofd.exe

C:\Windows\System\VWFfofd.exe

C:\Windows\System\ZzqKNhm.exe

C:\Windows\System\ZzqKNhm.exe

C:\Windows\System\UgUmaaK.exe

C:\Windows\System\UgUmaaK.exe

C:\Windows\System\rtrqrVL.exe

C:\Windows\System\rtrqrVL.exe

C:\Windows\System\DoyPvLY.exe

C:\Windows\System\DoyPvLY.exe

C:\Windows\System\ZVDKLKC.exe

C:\Windows\System\ZVDKLKC.exe

C:\Windows\System\DRuWmnT.exe

C:\Windows\System\DRuWmnT.exe

C:\Windows\System\gFEvgjg.exe

C:\Windows\System\gFEvgjg.exe

C:\Windows\System\ZhZwwWX.exe

C:\Windows\System\ZhZwwWX.exe

C:\Windows\System\BeijPIj.exe

C:\Windows\System\BeijPIj.exe

C:\Windows\System\aZNjdsu.exe

C:\Windows\System\aZNjdsu.exe

C:\Windows\System\OtuSozU.exe

C:\Windows\System\OtuSozU.exe

C:\Windows\System\vbcbBAn.exe

C:\Windows\System\vbcbBAn.exe

C:\Windows\System\wiCQxrg.exe

C:\Windows\System\wiCQxrg.exe

C:\Windows\System\fokKCBm.exe

C:\Windows\System\fokKCBm.exe

C:\Windows\System\JUefPmD.exe

C:\Windows\System\JUefPmD.exe

C:\Windows\System\rwtLmcE.exe

C:\Windows\System\rwtLmcE.exe

C:\Windows\System\mFtGoSx.exe

C:\Windows\System\mFtGoSx.exe

C:\Windows\System\vCzUGFH.exe

C:\Windows\System\vCzUGFH.exe

C:\Windows\System\ZjwupRE.exe

C:\Windows\System\ZjwupRE.exe

C:\Windows\System\tAjqrNv.exe

C:\Windows\System\tAjqrNv.exe

C:\Windows\System\dZKazyR.exe

C:\Windows\System\dZKazyR.exe

C:\Windows\System\HgVYJrM.exe

C:\Windows\System\HgVYJrM.exe

C:\Windows\System\OAhQnKk.exe

C:\Windows\System\OAhQnKk.exe

C:\Windows\System\UGTxcyQ.exe

C:\Windows\System\UGTxcyQ.exe

C:\Windows\System\gyoCUkJ.exe

C:\Windows\System\gyoCUkJ.exe

C:\Windows\System\WIgJrJn.exe

C:\Windows\System\WIgJrJn.exe

C:\Windows\System\splOKNU.exe

C:\Windows\System\splOKNU.exe

C:\Windows\System\xtgCJnL.exe

C:\Windows\System\xtgCJnL.exe

C:\Windows\System\Glkifkz.exe

C:\Windows\System\Glkifkz.exe

C:\Windows\System\bpJeJFM.exe

C:\Windows\System\bpJeJFM.exe

C:\Windows\System\EHrFGKa.exe

C:\Windows\System\EHrFGKa.exe

C:\Windows\System\VZyvAdU.exe

C:\Windows\System\VZyvAdU.exe

C:\Windows\System\OPrjPYF.exe

C:\Windows\System\OPrjPYF.exe

C:\Windows\System\qNWARZd.exe

C:\Windows\System\qNWARZd.exe

C:\Windows\System\zRzTAsC.exe

C:\Windows\System\zRzTAsC.exe

C:\Windows\System\sAFdevf.exe

C:\Windows\System\sAFdevf.exe

C:\Windows\System\VFRAYmt.exe

C:\Windows\System\VFRAYmt.exe

C:\Windows\System\byVIhMk.exe

C:\Windows\System\byVIhMk.exe

C:\Windows\System\IXBPTEe.exe

C:\Windows\System\IXBPTEe.exe

C:\Windows\System\SVBrlRy.exe

C:\Windows\System\SVBrlRy.exe

C:\Windows\System\TPepigM.exe

C:\Windows\System\TPepigM.exe

C:\Windows\System\KzPsVwc.exe

C:\Windows\System\KzPsVwc.exe

C:\Windows\System\qxuqxPr.exe

C:\Windows\System\qxuqxPr.exe

C:\Windows\System\SsCcjKL.exe

C:\Windows\System\SsCcjKL.exe

C:\Windows\System\msvDWZI.exe

C:\Windows\System\msvDWZI.exe

C:\Windows\System\DOQDsUL.exe

C:\Windows\System\DOQDsUL.exe

C:\Windows\System\eocSUFM.exe

C:\Windows\System\eocSUFM.exe

C:\Windows\System\yyaAfrl.exe

C:\Windows\System\yyaAfrl.exe

C:\Windows\System\VUkTHet.exe

C:\Windows\System\VUkTHet.exe

C:\Windows\System\umaLLDE.exe

C:\Windows\System\umaLLDE.exe

C:\Windows\System\TJQLvxo.exe

C:\Windows\System\TJQLvxo.exe

C:\Windows\System\tHMHyqt.exe

C:\Windows\System\tHMHyqt.exe

C:\Windows\System\xVklizR.exe

C:\Windows\System\xVklizR.exe

C:\Windows\System\btnKymv.exe

C:\Windows\System\btnKymv.exe

C:\Windows\System\zrofyRD.exe

C:\Windows\System\zrofyRD.exe

C:\Windows\System\IUUOOXk.exe

C:\Windows\System\IUUOOXk.exe

C:\Windows\System\hcdpsKj.exe

C:\Windows\System\hcdpsKj.exe

C:\Windows\System\xTTAJeJ.exe

C:\Windows\System\xTTAJeJ.exe

C:\Windows\System\wDNbKwr.exe

C:\Windows\System\wDNbKwr.exe

C:\Windows\System\efUOzXV.exe

C:\Windows\System\efUOzXV.exe

C:\Windows\System\aOzagqj.exe

C:\Windows\System\aOzagqj.exe

C:\Windows\System\dSITrVd.exe

C:\Windows\System\dSITrVd.exe

C:\Windows\System\qSjZbZM.exe

C:\Windows\System\qSjZbZM.exe

C:\Windows\System\UoKUImf.exe

C:\Windows\System\UoKUImf.exe

C:\Windows\System\PYXiana.exe

C:\Windows\System\PYXiana.exe

C:\Windows\System\xflqExG.exe

C:\Windows\System\xflqExG.exe

C:\Windows\System\bsxDsDc.exe

C:\Windows\System\bsxDsDc.exe

C:\Windows\System\AdOiIeJ.exe

C:\Windows\System\AdOiIeJ.exe

C:\Windows\System\klXcBjJ.exe

C:\Windows\System\klXcBjJ.exe

C:\Windows\System\qHErrjw.exe

C:\Windows\System\qHErrjw.exe

C:\Windows\System\nULOyKF.exe

C:\Windows\System\nULOyKF.exe

C:\Windows\System\DzpwJmh.exe

C:\Windows\System\DzpwJmh.exe

C:\Windows\System\hKPxOGX.exe

C:\Windows\System\hKPxOGX.exe

C:\Windows\System\NhGAJGO.exe

C:\Windows\System\NhGAJGO.exe

C:\Windows\System\EleRRib.exe

C:\Windows\System\EleRRib.exe

C:\Windows\System\pQczlUI.exe

C:\Windows\System\pQczlUI.exe

C:\Windows\System\CAoElfF.exe

C:\Windows\System\CAoElfF.exe

C:\Windows\System\VqKPZhv.exe

C:\Windows\System\VqKPZhv.exe

C:\Windows\System\rDPSuim.exe

C:\Windows\System\rDPSuim.exe

C:\Windows\System\aCqmKqY.exe

C:\Windows\System\aCqmKqY.exe

C:\Windows\System\jWrEREC.exe

C:\Windows\System\jWrEREC.exe

C:\Windows\System\EXsnfhw.exe

C:\Windows\System\EXsnfhw.exe

C:\Windows\System\kTaStNC.exe

C:\Windows\System\kTaStNC.exe

C:\Windows\System\FnXoHJp.exe

C:\Windows\System\FnXoHJp.exe

C:\Windows\System\HeRBsTx.exe

C:\Windows\System\HeRBsTx.exe

C:\Windows\System\ElOPUdY.exe

C:\Windows\System\ElOPUdY.exe

C:\Windows\System\djVLijy.exe

C:\Windows\System\djVLijy.exe

C:\Windows\System\KWVLGCk.exe

C:\Windows\System\KWVLGCk.exe

C:\Windows\System\XZNwlBl.exe

C:\Windows\System\XZNwlBl.exe

C:\Windows\System\WyccuHP.exe

C:\Windows\System\WyccuHP.exe

C:\Windows\System\pfXDqMI.exe

C:\Windows\System\pfXDqMI.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
BE 2.17.107.122:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4824-0-0x00007FF749BB0000-0x00007FF749F04000-memory.dmp

C:\Windows\System\IPcPsRL.exe

MD5 d25c1fdeb22cc98157fde0aa46096600
SHA1 c2a0b0b2db64a7038d39c7f82f9bb5f396508c50
SHA256 7511aa59c4e02f472bc3d1c90613df12ace1da195fe4e4fe3e606ef30c5cfc1b
SHA512 c5b07e576611c900a1045082c72693ee7834d636439b4c11ad26ce83d1b5455a5af406e559e4b9349a4334111ff760a9a61fc21d4a0a18d7d83c80cf35198cc7

memory/3992-19-0x00007FF63F290000-0x00007FF63F5E4000-memory.dmp

memory/4552-46-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

C:\Windows\System\nlbyyDI.exe

MD5 460a560d9343614b4f5d3d4dba3f4ee8
SHA1 b7e4e11f7bd5df3f2363cf6c1fa4d5ae53e0122e
SHA256 fd744e6808c52535a94243828181a8d013638b8f8817cf398b9172e0ee7b110d
SHA512 1f115a8993e51d1f37533d08960597baad579468fd9fc33ed73870d8dbecffbacf74c482d28ec7d6893e63aba21811f0abf2dfee545d005b933bc73799ad2c80

memory/456-77-0x00007FF6E3B50000-0x00007FF6E3EA4000-memory.dmp

memory/3132-85-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp

memory/5048-97-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp

C:\Windows\System\orGcNCT.exe

MD5 9b577ffff6c1f5ffff7f64441d883431
SHA1 10ba0bbbec3c90794664c7d383f12f8e5eb6c74b
SHA256 91f3e82906a538100a99ed926f9fc65724c6b25f34a3a65f82125b966c8582db
SHA512 f8bb3727a9f20749433ece4d83348bcfd5e5e28efa7ccba238d5a6d724481df6d5f37b94f4ffcea847376be6b1b47a9ca7c6e243f6823afe20547eef85d0ed8f

C:\Windows\System\vsVBewf.exe

MD5 6f79929539cf65dcb1e405ed0a538ec1
SHA1 46963681601be609a978fb70a544460fdecbb830
SHA256 8292e8db4cea39d46d950b64cc55f87ab625ecdebcbe27f469743b8d918b78e8
SHA512 e991eb3fcf3d9e8bf2f4b7d6bc5ccb92f66bf173e56c3693b2cbd12083aeda0fcdb439b0c82e3da3f8abfa3d37b16394bcf458c3b338809e1ffa376eff9aa3d0

memory/792-191-0x00007FF75E660000-0x00007FF75E9B4000-memory.dmp

memory/4220-206-0x00007FF6E6E70000-0x00007FF6E71C4000-memory.dmp

memory/3232-227-0x00007FF6AF810000-0x00007FF6AFB64000-memory.dmp

memory/688-578-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp

memory/4388-1071-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp

memory/2812-1072-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp

memory/3688-1073-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp

memory/3136-220-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp

memory/3240-213-0x00007FF62E5B0000-0x00007FF62E904000-memory.dmp

memory/2252-202-0x00007FF750A60000-0x00007FF750DB4000-memory.dmp

memory/2880-198-0x00007FF791CC0000-0x00007FF792014000-memory.dmp

memory/4824-195-0x00007FF749BB0000-0x00007FF749F04000-memory.dmp

memory/1028-188-0x00007FF650160000-0x00007FF6504B4000-memory.dmp

memory/3668-185-0x00007FF74F310000-0x00007FF74F664000-memory.dmp

C:\Windows\System\lJeKKIv.exe

MD5 4ff5b749dcb83e2cb01f6db9f7440c56
SHA1 877ee49f9ba958b4b9c9a1f2e660fd769a67b1e2
SHA256 d15f74280c2223c9002f6dbd0f13390358f9e751ffa3c503b2eb304f37a79c57
SHA512 9ce57c51b1284cd1676e822e8701444f6fe06e3cbbc14099a86fb28b301361158704a7d239ddb44dbf0aedc2abb4de4e9230828b6208301d96d55079b34f5262

memory/2868-176-0x00007FF768270000-0x00007FF7685C4000-memory.dmp

C:\Windows\System\JiPtgRz.exe

MD5 76dc0affb33ac92c01948ae46a4d501a
SHA1 ac76b45db2585c8da1761ce47d363420195313dc
SHA256 877f61a82b79c1157396cf2f663cd74f01ec1d7056926024c0874be45d6064a8
SHA512 72d24cb1b6abdb538b8c0b16218924f686977ecd275027bdc9858e2b1a3e150546507b56c6673f46388d14f08c0bdb4879699afdc4912321fb46f4cbd5a9faaa

memory/3132-1074-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp

C:\Windows\System\ybWKuNa.exe

MD5 ce178bd72ed852cee68a120a1b1fdee8
SHA1 450b4db3f97e0fa9cf2857aacb158ac3998799fc
SHA256 09942dda717225533b45ca8503ef26ec7ce53502b28a59820843418dd9c55e48
SHA512 ac11f5d8bd6a4cdcaadc561628f8aa1e827b567dbb06f407fecd65c0ccc957413ba3aabab14edce8306016a228274a4e07c6e80f331f04c7c924977540fcd45f

memory/1132-148-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp

memory/3788-138-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp

memory/5092-122-0x00007FF660570000-0x00007FF6608C4000-memory.dmp

memory/1484-112-0x00007FF715920000-0x00007FF715C74000-memory.dmp

memory/4580-105-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp

C:\Windows\System\HOphxJK.exe

MD5 c86db0d47b23f7ee816e49bff9f2efcf
SHA1 fa9bcb0060a4d1ab5506eb9c59f9fd9b9063c3b4
SHA256 42dd2fd272eb778e8c9019e50fc289bb0cfc02a2e794fde8e21e1c6f66d1c4f4
SHA512 e5681099d8ecb2c4abfd74c3239c26e8f6043329549d4ecaf465cbd64f0a615ff70642600b43efe6400bc58ca540fc396e8c6e277ea5d600ccfdb420c1f88d17

C:\Windows\System\orGcNCT.exe

MD5 127f4866c00e3ecb45b1d23b1d0c741c
SHA1 bbd6a9cffc79a79bd90d816b9900c68bfca18543
SHA256 bcc97a96b21714501a1a73d093ecbf16bebdde5c4d96059fba2ad80c8b5330a5
SHA512 c7527a9f1edae2d067417b282065ad27153e8fbc1423f8998711e828f7b5c2f6434c8cd15eb1be193ec5e0e78c50d3413aca371edb5d76738fe331728ad68c91

memory/1824-96-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp

C:\Windows\System\AechukS.exe

MD5 363f3cb003d18317a2d8d77f54ccec03
SHA1 2803668981d5da562348828d08e7c5d754e12f42
SHA256 0387960456f46091de51d2deb0c577f8dccc9ca940f7c88b4cc37670f95ee371
SHA512 601e4ca76fa093d875b7b19f4ad108c764c0af9f6e730c516b37383d030f46d3129c06ddee945b1fed7b9283a6237e7a7dcdd249fa6bd72b6442799a809aba4e

C:\Windows\System\AechukS.exe

MD5 0b4145c2cc110331e4da5e560102704d
SHA1 c566b9a6ceb44b7f1c214b316c08f6bec9d9b2b1
SHA256 45685ced1acb15c50a2e82577fa387cda30481d8f7a525239c32c5f5bf6e48b4
SHA512 abf913119d63f487a6aab21c7aef0828fd1abea0d0c9a3b66bf2a375882b42bf9f76fd9b59dbd74e92020f35616ebd4ca75dc1ea4b5b55a7e8ed17cc28d58dc6

memory/4504-70-0x00007FF78F480000-0x00007FF78F7D4000-memory.dmp

memory/3612-64-0x00007FF7BB960000-0x00007FF7BBCB4000-memory.dmp

memory/2872-59-0x00007FF60CE80000-0x00007FF60D1D4000-memory.dmp

C:\Windows\System\BTMWgNb.exe

MD5 731b07d8bfa7d47f297c769e97a9a178
SHA1 ff684b7f64d9d88713c655ec0ba4806923378aec
SHA256 b31b94b23cd69c936c0381cbce2375631dc5023f342415c04c2b2281f811fae4
SHA512 31119fc677557846582cf15b90f46970f7de1bdfde2f8781987475ca25034d09371d9f7e51ae7418fa9ca5a1212ab1b05378b9f42d0c3fd8e616946564b5e68f

memory/3688-54-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp

memory/2812-37-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp

memory/4388-27-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp

C:\Windows\System\qGDaaQy.exe

MD5 c82368624fc0cbc229c201ce1985bc94
SHA1 ee5f9762a48551b4aca0f410ce58ba6b3a31c5e7
SHA256 931c951679eb1fb702111027aabfe5c2dbae5ee0133b51e3a18f5413cb866a95
SHA512 a02b7bbdc00adbf81d06cac9c2ff95404ee7daaf391f997518b816e211a80c24bef9f62cfffbf4467be156c5ab3f90c9c19fabf63f6e25a559ab78ca4191369f

memory/1516-23-0x00007FF62DB50000-0x00007FF62DEA4000-memory.dmp

C:\Windows\System\iKMKFvv.exe

MD5 f1ec221f343a387bacb1541254cfea14
SHA1 73563c39c5a25df3323788017c73f0f0aa6e4b2b
SHA256 ec84a2b8b70fd7d90b72243eaedd064614567672f8091fcab4a99dc062196ee3
SHA512 3a3443e10f99493614467d376f8921b08e04718d92dc155baabf57f2c1c1fdb925108795c3876c863666d9d8edbc34c288726dde8db357e262c70065ce31aab5

memory/688-9-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp

memory/4824-1-0x00000276407A0000-0x00000276407B0000-memory.dmp

memory/4580-1076-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp

memory/1132-1078-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp

memory/3788-1077-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp

memory/1824-1075-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp

memory/1516-1081-0x00007FF62DB50000-0x00007FF62DEA4000-memory.dmp

memory/3992-1080-0x00007FF63F290000-0x00007FF63F5E4000-memory.dmp

memory/688-1079-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp

memory/4388-1083-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp

memory/2812-1084-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp

memory/4552-1082-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp

memory/3688-1087-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp

memory/4504-1088-0x00007FF78F480000-0x00007FF78F7D4000-memory.dmp

memory/456-1089-0x00007FF6E3B50000-0x00007FF6E3EA4000-memory.dmp

memory/3612-1086-0x00007FF7BB960000-0x00007FF7BBCB4000-memory.dmp

memory/5048-1090-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp

memory/2872-1085-0x00007FF60CE80000-0x00007FF60D1D4000-memory.dmp

memory/4580-1094-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp

memory/1824-1095-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp

memory/2880-1096-0x00007FF791CC0000-0x00007FF792014000-memory.dmp

memory/3132-1093-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp

memory/1484-1092-0x00007FF715920000-0x00007FF715C74000-memory.dmp

memory/5092-1091-0x00007FF660570000-0x00007FF6608C4000-memory.dmp

memory/2868-1099-0x00007FF768270000-0x00007FF7685C4000-memory.dmp

memory/2252-1098-0x00007FF750A60000-0x00007FF750DB4000-memory.dmp

memory/1028-1102-0x00007FF650160000-0x00007FF6504B4000-memory.dmp

memory/3136-1107-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp

memory/3788-1106-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp

memory/3240-1105-0x00007FF62E5B0000-0x00007FF62E904000-memory.dmp

memory/1132-1104-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp

memory/4220-1103-0x00007FF6E6E70000-0x00007FF6E71C4000-memory.dmp

memory/792-1101-0x00007FF75E660000-0x00007FF75E9B4000-memory.dmp

memory/3668-1100-0x00007FF74F310000-0x00007FF74F664000-memory.dmp

memory/3232-1097-0x00007FF6AF810000-0x00007FF6AFB64000-memory.dmp