Malware Analysis Report

2024-10-10 09:07

Sample ID 240606-m64j8adc7t
Target 0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe
SHA256 c9471dffe067d9e51c3562a6ddff185597695f1b6ad9ac77a913d442a17868a8
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c9471dffe067d9e51c3562a6ddff185597695f1b6ad9ac77a913d442a17868a8

Threat Level: Known bad

The file 0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

Kpot family

KPOT Core Executable

xmrig

XMRig Miner payload

KPOT

Xmrig family

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 11:05

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 11:05

Reported

2024-06-06 11:08

Platform

win7-20240221-en

Max time kernel

140s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ZZxSVdj.exe N/A
N/A N/A C:\Windows\System\ypcInbc.exe N/A
N/A N/A C:\Windows\System\SGIyUEF.exe N/A
N/A N/A C:\Windows\System\GulVaTS.exe N/A
N/A N/A C:\Windows\System\ZwTYpnR.exe N/A
N/A N/A C:\Windows\System\sjawQNE.exe N/A
N/A N/A C:\Windows\System\FdVralV.exe N/A
N/A N/A C:\Windows\System\fDgaQiM.exe N/A
N/A N/A C:\Windows\System\nLZMNBJ.exe N/A
N/A N/A C:\Windows\System\sCBOYcb.exe N/A
N/A N/A C:\Windows\System\bFiqACH.exe N/A
N/A N/A C:\Windows\System\NpvbFWc.exe N/A
N/A N/A C:\Windows\System\NKOExSI.exe N/A
N/A N/A C:\Windows\System\NvjqBbF.exe N/A
N/A N/A C:\Windows\System\vJGwExv.exe N/A
N/A N/A C:\Windows\System\gtlAEre.exe N/A
N/A N/A C:\Windows\System\MhccSGN.exe N/A
N/A N/A C:\Windows\System\xPDGYwd.exe N/A
N/A N/A C:\Windows\System\aBIMkmx.exe N/A
N/A N/A C:\Windows\System\SREHGEG.exe N/A
N/A N/A C:\Windows\System\sntnMua.exe N/A
N/A N/A C:\Windows\System\HaRxIVM.exe N/A
N/A N/A C:\Windows\System\qRCvvUv.exe N/A
N/A N/A C:\Windows\System\ycdkIKJ.exe N/A
N/A N/A C:\Windows\System\MuiJuEZ.exe N/A
N/A N/A C:\Windows\System\qDYVYMw.exe N/A
N/A N/A C:\Windows\System\WkQlYkO.exe N/A
N/A N/A C:\Windows\System\PGczmRo.exe N/A
N/A N/A C:\Windows\System\HyqLOay.exe N/A
N/A N/A C:\Windows\System\wGuDPHd.exe N/A
N/A N/A C:\Windows\System\dThmWxl.exe N/A
N/A N/A C:\Windows\System\dZLOQtn.exe N/A
N/A N/A C:\Windows\System\NPCuuZB.exe N/A
N/A N/A C:\Windows\System\UKrWFID.exe N/A
N/A N/A C:\Windows\System\XrFjrdc.exe N/A
N/A N/A C:\Windows\System\eNyLNAt.exe N/A
N/A N/A C:\Windows\System\QVoLTXx.exe N/A
N/A N/A C:\Windows\System\yIhzlpj.exe N/A
N/A N/A C:\Windows\System\BrXQBUZ.exe N/A
N/A N/A C:\Windows\System\dzSODhV.exe N/A
N/A N/A C:\Windows\System\xboxoJo.exe N/A
N/A N/A C:\Windows\System\yMsRrsA.exe N/A
N/A N/A C:\Windows\System\OlHSWpa.exe N/A
N/A N/A C:\Windows\System\xXapfpH.exe N/A
N/A N/A C:\Windows\System\qraaJtc.exe N/A
N/A N/A C:\Windows\System\euNAwbU.exe N/A
N/A N/A C:\Windows\System\TqbJOKB.exe N/A
N/A N/A C:\Windows\System\LBKItSO.exe N/A
N/A N/A C:\Windows\System\MppSBaa.exe N/A
N/A N/A C:\Windows\System\xIPSdjD.exe N/A
N/A N/A C:\Windows\System\wcSFTdd.exe N/A
N/A N/A C:\Windows\System\WJdLHna.exe N/A
N/A N/A C:\Windows\System\pRJPwPI.exe N/A
N/A N/A C:\Windows\System\eujpyWX.exe N/A
N/A N/A C:\Windows\System\oTtlQtp.exe N/A
N/A N/A C:\Windows\System\OOeTyIT.exe N/A
N/A N/A C:\Windows\System\rZFhxjX.exe N/A
N/A N/A C:\Windows\System\UlTjhmP.exe N/A
N/A N/A C:\Windows\System\oMelmOC.exe N/A
N/A N/A C:\Windows\System\fNoNgje.exe N/A
N/A N/A C:\Windows\System\dHpvNkO.exe N/A
N/A N/A C:\Windows\System\pBwRgrD.exe N/A
N/A N/A C:\Windows\System\Cownaln.exe N/A
N/A N/A C:\Windows\System\GJrGheP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\HyqLOay.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsAeIqs.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dCXczLS.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\UhBrQsW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\khOJDUD.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BqiEebO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\SMnVPGZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLlVtMK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImSmAZZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlPRIKf.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvjqBbF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BvaQyns.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXiSsWm.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCBOYcb.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OOeTyIT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZLQRfZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\sjawQNE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FYUGnTj.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kwPZAHv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMNkGbT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\doRjveE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qXyShVD.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\DmyNzHr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HURDpiy.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\NPCuuZB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\oMelmOC.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\snSDonJ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dGznJlr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\Tebfrsk.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSgxLIu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwtKTZM.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTXfaUF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtQagKg.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFsIZPb.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pMwjjwR.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\WJdLHna.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFeQNRl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJZUKrh.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\eTAYIyH.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\fLlYnkO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNyLNAt.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLuRUZs.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOairtv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIhzlpj.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJrGheP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\YTtjYHN.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\UWYlmyq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TqbJOKB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BqAfrxu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\IeYPjOr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GpPDjMm.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\NgWoyQY.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSdYtav.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\VnnFgDB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\sTlbdYS.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBnabQl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\nyIApPg.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKwGedN.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgHCQBu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qKGgLtE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\DavEOqM.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\nLZMNBJ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\MppSBaa.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjrTdwc.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZZxSVdj.exe
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZZxSVdj.exe
PID 2456 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZZxSVdj.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ypcInbc.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ypcInbc.exe
PID 2456 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ypcInbc.exe
PID 2456 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\SGIyUEF.exe
PID 2456 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\SGIyUEF.exe
PID 2456 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\SGIyUEF.exe
PID 2456 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\GulVaTS.exe
PID 2456 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\GulVaTS.exe
PID 2456 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\GulVaTS.exe
PID 2456 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZwTYpnR.exe
PID 2456 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZwTYpnR.exe
PID 2456 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ZwTYpnR.exe
PID 2456 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sjawQNE.exe
PID 2456 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sjawQNE.exe
PID 2456 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sjawQNE.exe
PID 2456 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FdVralV.exe
PID 2456 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FdVralV.exe
PID 2456 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FdVralV.exe
PID 2456 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fDgaQiM.exe
PID 2456 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fDgaQiM.exe
PID 2456 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fDgaQiM.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\nLZMNBJ.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\nLZMNBJ.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\nLZMNBJ.exe
PID 2456 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NpvbFWc.exe
PID 2456 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NpvbFWc.exe
PID 2456 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NpvbFWc.exe
PID 2456 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sCBOYcb.exe
PID 2456 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sCBOYcb.exe
PID 2456 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sCBOYcb.exe
PID 2456 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NvjqBbF.exe
PID 2456 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NvjqBbF.exe
PID 2456 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NvjqBbF.exe
PID 2456 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\bFiqACH.exe
PID 2456 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\bFiqACH.exe
PID 2456 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\bFiqACH.exe
PID 2456 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\vJGwExv.exe
PID 2456 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\vJGwExv.exe
PID 2456 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\vJGwExv.exe
PID 2456 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NKOExSI.exe
PID 2456 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NKOExSI.exe
PID 2456 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NKOExSI.exe
PID 2456 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xPDGYwd.exe
PID 2456 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xPDGYwd.exe
PID 2456 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xPDGYwd.exe
PID 2456 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gtlAEre.exe
PID 2456 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gtlAEre.exe
PID 2456 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gtlAEre.exe
PID 2456 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sntnMua.exe
PID 2456 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sntnMua.exe
PID 2456 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sntnMua.exe
PID 2456 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MhccSGN.exe
PID 2456 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MhccSGN.exe
PID 2456 wrote to memory of 956 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MhccSGN.exe
PID 2456 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\HaRxIVM.exe
PID 2456 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\HaRxIVM.exe
PID 2456 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\HaRxIVM.exe
PID 2456 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\aBIMkmx.exe
PID 2456 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\aBIMkmx.exe
PID 2456 wrote to memory of 2176 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\aBIMkmx.exe
PID 2456 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\qRCvvUv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

C:\Windows\System\ZZxSVdj.exe

C:\Windows\System\ZZxSVdj.exe

C:\Windows\System\ypcInbc.exe

C:\Windows\System\ypcInbc.exe

C:\Windows\System\SGIyUEF.exe

C:\Windows\System\SGIyUEF.exe

C:\Windows\System\GulVaTS.exe

C:\Windows\System\GulVaTS.exe

C:\Windows\System\ZwTYpnR.exe

C:\Windows\System\ZwTYpnR.exe

C:\Windows\System\sjawQNE.exe

C:\Windows\System\sjawQNE.exe

C:\Windows\System\FdVralV.exe

C:\Windows\System\FdVralV.exe

C:\Windows\System\fDgaQiM.exe

C:\Windows\System\fDgaQiM.exe

C:\Windows\System\nLZMNBJ.exe

C:\Windows\System\nLZMNBJ.exe

C:\Windows\System\NpvbFWc.exe

C:\Windows\System\NpvbFWc.exe

C:\Windows\System\sCBOYcb.exe

C:\Windows\System\sCBOYcb.exe

C:\Windows\System\NvjqBbF.exe

C:\Windows\System\NvjqBbF.exe

C:\Windows\System\bFiqACH.exe

C:\Windows\System\bFiqACH.exe

C:\Windows\System\vJGwExv.exe

C:\Windows\System\vJGwExv.exe

C:\Windows\System\NKOExSI.exe

C:\Windows\System\NKOExSI.exe

C:\Windows\System\xPDGYwd.exe

C:\Windows\System\xPDGYwd.exe

C:\Windows\System\gtlAEre.exe

C:\Windows\System\gtlAEre.exe

C:\Windows\System\sntnMua.exe

C:\Windows\System\sntnMua.exe

C:\Windows\System\MhccSGN.exe

C:\Windows\System\MhccSGN.exe

C:\Windows\System\HaRxIVM.exe

C:\Windows\System\HaRxIVM.exe

C:\Windows\System\aBIMkmx.exe

C:\Windows\System\aBIMkmx.exe

C:\Windows\System\qRCvvUv.exe

C:\Windows\System\qRCvvUv.exe

C:\Windows\System\SREHGEG.exe

C:\Windows\System\SREHGEG.exe

C:\Windows\System\MuiJuEZ.exe

C:\Windows\System\MuiJuEZ.exe

C:\Windows\System\ycdkIKJ.exe

C:\Windows\System\ycdkIKJ.exe

C:\Windows\System\PGczmRo.exe

C:\Windows\System\PGczmRo.exe

C:\Windows\System\qDYVYMw.exe

C:\Windows\System\qDYVYMw.exe

C:\Windows\System\wGuDPHd.exe

C:\Windows\System\wGuDPHd.exe

C:\Windows\System\WkQlYkO.exe

C:\Windows\System\WkQlYkO.exe

C:\Windows\System\dThmWxl.exe

C:\Windows\System\dThmWxl.exe

C:\Windows\System\HyqLOay.exe

C:\Windows\System\HyqLOay.exe

C:\Windows\System\dZLOQtn.exe

C:\Windows\System\dZLOQtn.exe

C:\Windows\System\NPCuuZB.exe

C:\Windows\System\NPCuuZB.exe

C:\Windows\System\yIhzlpj.exe

C:\Windows\System\yIhzlpj.exe

C:\Windows\System\UKrWFID.exe

C:\Windows\System\UKrWFID.exe

C:\Windows\System\xboxoJo.exe

C:\Windows\System\xboxoJo.exe

C:\Windows\System\XrFjrdc.exe

C:\Windows\System\XrFjrdc.exe

C:\Windows\System\xXapfpH.exe

C:\Windows\System\xXapfpH.exe

C:\Windows\System\eNyLNAt.exe

C:\Windows\System\eNyLNAt.exe

C:\Windows\System\qraaJtc.exe

C:\Windows\System\qraaJtc.exe

C:\Windows\System\QVoLTXx.exe

C:\Windows\System\QVoLTXx.exe

C:\Windows\System\euNAwbU.exe

C:\Windows\System\euNAwbU.exe

C:\Windows\System\BrXQBUZ.exe

C:\Windows\System\BrXQBUZ.exe

C:\Windows\System\TqbJOKB.exe

C:\Windows\System\TqbJOKB.exe

C:\Windows\System\dzSODhV.exe

C:\Windows\System\dzSODhV.exe

C:\Windows\System\LBKItSO.exe

C:\Windows\System\LBKItSO.exe

C:\Windows\System\yMsRrsA.exe

C:\Windows\System\yMsRrsA.exe

C:\Windows\System\MppSBaa.exe

C:\Windows\System\MppSBaa.exe

C:\Windows\System\OlHSWpa.exe

C:\Windows\System\OlHSWpa.exe

C:\Windows\System\xIPSdjD.exe

C:\Windows\System\xIPSdjD.exe

C:\Windows\System\wcSFTdd.exe

C:\Windows\System\wcSFTdd.exe

C:\Windows\System\pRJPwPI.exe

C:\Windows\System\pRJPwPI.exe

C:\Windows\System\WJdLHna.exe

C:\Windows\System\WJdLHna.exe

C:\Windows\System\eujpyWX.exe

C:\Windows\System\eujpyWX.exe

C:\Windows\System\oTtlQtp.exe

C:\Windows\System\oTtlQtp.exe

C:\Windows\System\rZFhxjX.exe

C:\Windows\System\rZFhxjX.exe

C:\Windows\System\OOeTyIT.exe

C:\Windows\System\OOeTyIT.exe

C:\Windows\System\dHpvNkO.exe

C:\Windows\System\dHpvNkO.exe

C:\Windows\System\UlTjhmP.exe

C:\Windows\System\UlTjhmP.exe

C:\Windows\System\pBwRgrD.exe

C:\Windows\System\pBwRgrD.exe

C:\Windows\System\oMelmOC.exe

C:\Windows\System\oMelmOC.exe

C:\Windows\System\Cownaln.exe

C:\Windows\System\Cownaln.exe

C:\Windows\System\fNoNgje.exe

C:\Windows\System\fNoNgje.exe

C:\Windows\System\GJrGheP.exe

C:\Windows\System\GJrGheP.exe

C:\Windows\System\CVHLteS.exe

C:\Windows\System\CVHLteS.exe

C:\Windows\System\Ngektfv.exe

C:\Windows\System\Ngektfv.exe

C:\Windows\System\BvaQyns.exe

C:\Windows\System\BvaQyns.exe

C:\Windows\System\VgSoVGu.exe

C:\Windows\System\VgSoVGu.exe

C:\Windows\System\bGVHsPx.exe

C:\Windows\System\bGVHsPx.exe

C:\Windows\System\UHNaUJe.exe

C:\Windows\System\UHNaUJe.exe

C:\Windows\System\kTSiFDj.exe

C:\Windows\System\kTSiFDj.exe

C:\Windows\System\SquGaDL.exe

C:\Windows\System\SquGaDL.exe

C:\Windows\System\snSDonJ.exe

C:\Windows\System\snSDonJ.exe

C:\Windows\System\ixdskEo.exe

C:\Windows\System\ixdskEo.exe

C:\Windows\System\kouwgUN.exe

C:\Windows\System\kouwgUN.exe

C:\Windows\System\SESugqk.exe

C:\Windows\System\SESugqk.exe

C:\Windows\System\AWewMDA.exe

C:\Windows\System\AWewMDA.exe

C:\Windows\System\qIBrVlJ.exe

C:\Windows\System\qIBrVlJ.exe

C:\Windows\System\ueColjd.exe

C:\Windows\System\ueColjd.exe

C:\Windows\System\mVKseFF.exe

C:\Windows\System\mVKseFF.exe

C:\Windows\System\ExChnrO.exe

C:\Windows\System\ExChnrO.exe

C:\Windows\System\SMnVPGZ.exe

C:\Windows\System\SMnVPGZ.exe

C:\Windows\System\JDxCljH.exe

C:\Windows\System\JDxCljH.exe

C:\Windows\System\zerSsVS.exe

C:\Windows\System\zerSsVS.exe

C:\Windows\System\KUptqqI.exe

C:\Windows\System\KUptqqI.exe

C:\Windows\System\BAphqPZ.exe

C:\Windows\System\BAphqPZ.exe

C:\Windows\System\ZFeQNRl.exe

C:\Windows\System\ZFeQNRl.exe

C:\Windows\System\lFFboGZ.exe

C:\Windows\System\lFFboGZ.exe

C:\Windows\System\zlokaLT.exe

C:\Windows\System\zlokaLT.exe

C:\Windows\System\shAsyhS.exe

C:\Windows\System\shAsyhS.exe

C:\Windows\System\RJyrFSU.exe

C:\Windows\System\RJyrFSU.exe

C:\Windows\System\UgqIBuB.exe

C:\Windows\System\UgqIBuB.exe

C:\Windows\System\WsAeIqs.exe

C:\Windows\System\WsAeIqs.exe

C:\Windows\System\UeFeblQ.exe

C:\Windows\System\UeFeblQ.exe

C:\Windows\System\PSKDRlS.exe

C:\Windows\System\PSKDRlS.exe

C:\Windows\System\kdyvRlL.exe

C:\Windows\System\kdyvRlL.exe

C:\Windows\System\CmuGuhj.exe

C:\Windows\System\CmuGuhj.exe

C:\Windows\System\VWCGEFC.exe

C:\Windows\System\VWCGEFC.exe

C:\Windows\System\MiUbRWZ.exe

C:\Windows\System\MiUbRWZ.exe

C:\Windows\System\LHSSvMb.exe

C:\Windows\System\LHSSvMb.exe

C:\Windows\System\whXbCTl.exe

C:\Windows\System\whXbCTl.exe

C:\Windows\System\xZrivUQ.exe

C:\Windows\System\xZrivUQ.exe

C:\Windows\System\rQsrrOP.exe

C:\Windows\System\rQsrrOP.exe

C:\Windows\System\VNMakWQ.exe

C:\Windows\System\VNMakWQ.exe

C:\Windows\System\ftprjGu.exe

C:\Windows\System\ftprjGu.exe

C:\Windows\System\KjZXPvu.exe

C:\Windows\System\KjZXPvu.exe

C:\Windows\System\nyIApPg.exe

C:\Windows\System\nyIApPg.exe

C:\Windows\System\RPqJHDZ.exe

C:\Windows\System\RPqJHDZ.exe

C:\Windows\System\abtkItG.exe

C:\Windows\System\abtkItG.exe

C:\Windows\System\YTtjYHN.exe

C:\Windows\System\YTtjYHN.exe

C:\Windows\System\GKCjLYL.exe

C:\Windows\System\GKCjLYL.exe

C:\Windows\System\TwtKTZM.exe

C:\Windows\System\TwtKTZM.exe

C:\Windows\System\SXGGJIw.exe

C:\Windows\System\SXGGJIw.exe

C:\Windows\System\EMAMxAG.exe

C:\Windows\System\EMAMxAG.exe

C:\Windows\System\VhJjALK.exe

C:\Windows\System\VhJjALK.exe

C:\Windows\System\UXiSsWm.exe

C:\Windows\System\UXiSsWm.exe

C:\Windows\System\tljlsJf.exe

C:\Windows\System\tljlsJf.exe

C:\Windows\System\IHsalDo.exe

C:\Windows\System\IHsalDo.exe

C:\Windows\System\gTXfaUF.exe

C:\Windows\System\gTXfaUF.exe

C:\Windows\System\dGznJlr.exe

C:\Windows\System\dGznJlr.exe

C:\Windows\System\wXgovTG.exe

C:\Windows\System\wXgovTG.exe

C:\Windows\System\RblxpGl.exe

C:\Windows\System\RblxpGl.exe

C:\Windows\System\OrWipDV.exe

C:\Windows\System\OrWipDV.exe

C:\Windows\System\PjrTdwc.exe

C:\Windows\System\PjrTdwc.exe

C:\Windows\System\tboCzAA.exe

C:\Windows\System\tboCzAA.exe

C:\Windows\System\uXoAFhj.exe

C:\Windows\System\uXoAFhj.exe

C:\Windows\System\qrKfbNe.exe

C:\Windows\System\qrKfbNe.exe

C:\Windows\System\nlfAWkd.exe

C:\Windows\System\nlfAWkd.exe

C:\Windows\System\aOLlKFc.exe

C:\Windows\System\aOLlKFc.exe

C:\Windows\System\IpRqCDt.exe

C:\Windows\System\IpRqCDt.exe

C:\Windows\System\GHuBmRT.exe

C:\Windows\System\GHuBmRT.exe

C:\Windows\System\PZOrszU.exe

C:\Windows\System\PZOrszU.exe

C:\Windows\System\qZwJVnY.exe

C:\Windows\System\qZwJVnY.exe

C:\Windows\System\PKQdxHB.exe

C:\Windows\System\PKQdxHB.exe

C:\Windows\System\GbcTWnS.exe

C:\Windows\System\GbcTWnS.exe

C:\Windows\System\BcOtrHK.exe

C:\Windows\System\BcOtrHK.exe

C:\Windows\System\UTMfifg.exe

C:\Windows\System\UTMfifg.exe

C:\Windows\System\EvxUyCs.exe

C:\Windows\System\EvxUyCs.exe

C:\Windows\System\YsJtThK.exe

C:\Windows\System\YsJtThK.exe

C:\Windows\System\hhcbHEg.exe

C:\Windows\System\hhcbHEg.exe

C:\Windows\System\qFbaTXo.exe

C:\Windows\System\qFbaTXo.exe

C:\Windows\System\kCUjvnE.exe

C:\Windows\System\kCUjvnE.exe

C:\Windows\System\CLSABNH.exe

C:\Windows\System\CLSABNH.exe

C:\Windows\System\nubSbtR.exe

C:\Windows\System\nubSbtR.exe

C:\Windows\System\Tebfrsk.exe

C:\Windows\System\Tebfrsk.exe

C:\Windows\System\BcqGknx.exe

C:\Windows\System\BcqGknx.exe

C:\Windows\System\urbcMJo.exe

C:\Windows\System\urbcMJo.exe

C:\Windows\System\dSdYtav.exe

C:\Windows\System\dSdYtav.exe

C:\Windows\System\LFcouGv.exe

C:\Windows\System\LFcouGv.exe

C:\Windows\System\iwzcxfR.exe

C:\Windows\System\iwzcxfR.exe

C:\Windows\System\SlsqStV.exe

C:\Windows\System\SlsqStV.exe

C:\Windows\System\oVxNMMR.exe

C:\Windows\System\oVxNMMR.exe

C:\Windows\System\OrzFBPP.exe

C:\Windows\System\OrzFBPP.exe

C:\Windows\System\SWhnpdc.exe

C:\Windows\System\SWhnpdc.exe

C:\Windows\System\SwWskMz.exe

C:\Windows\System\SwWskMz.exe

C:\Windows\System\MaNeVEH.exe

C:\Windows\System\MaNeVEH.exe

C:\Windows\System\TRmCOPN.exe

C:\Windows\System\TRmCOPN.exe

C:\Windows\System\NCpsNOJ.exe

C:\Windows\System\NCpsNOJ.exe

C:\Windows\System\iDSrYPt.exe

C:\Windows\System\iDSrYPt.exe

C:\Windows\System\XriuEmK.exe

C:\Windows\System\XriuEmK.exe

C:\Windows\System\FYUGnTj.exe

C:\Windows\System\FYUGnTj.exe

C:\Windows\System\pSbgnRE.exe

C:\Windows\System\pSbgnRE.exe

C:\Windows\System\VZzYyJA.exe

C:\Windows\System\VZzYyJA.exe

C:\Windows\System\tHQMPIQ.exe

C:\Windows\System\tHQMPIQ.exe

C:\Windows\System\BqAfrxu.exe

C:\Windows\System\BqAfrxu.exe

C:\Windows\System\jTXrwNy.exe

C:\Windows\System\jTXrwNy.exe

C:\Windows\System\KvJphjL.exe

C:\Windows\System\KvJphjL.exe

C:\Windows\System\dCXczLS.exe

C:\Windows\System\dCXczLS.exe

C:\Windows\System\YJPzEXx.exe

C:\Windows\System\YJPzEXx.exe

C:\Windows\System\uOJsonn.exe

C:\Windows\System\uOJsonn.exe

C:\Windows\System\RDPjHVT.exe

C:\Windows\System\RDPjHVT.exe

C:\Windows\System\edkncSS.exe

C:\Windows\System\edkncSS.exe

C:\Windows\System\AZFlgWf.exe

C:\Windows\System\AZFlgWf.exe

C:\Windows\System\LhDPAuF.exe

C:\Windows\System\LhDPAuF.exe

C:\Windows\System\xtQagKg.exe

C:\Windows\System\xtQagKg.exe

C:\Windows\System\qGOVPbq.exe

C:\Windows\System\qGOVPbq.exe

C:\Windows\System\weFKhtt.exe

C:\Windows\System\weFKhtt.exe

C:\Windows\System\TTitjkB.exe

C:\Windows\System\TTitjkB.exe

C:\Windows\System\nMTUglk.exe

C:\Windows\System\nMTUglk.exe

C:\Windows\System\idlSpDF.exe

C:\Windows\System\idlSpDF.exe

C:\Windows\System\ZrnGoDs.exe

C:\Windows\System\ZrnGoDs.exe

C:\Windows\System\QFsIZPb.exe

C:\Windows\System\QFsIZPb.exe

C:\Windows\System\fLlVtMK.exe

C:\Windows\System\fLlVtMK.exe

C:\Windows\System\oZDcGbv.exe

C:\Windows\System\oZDcGbv.exe

C:\Windows\System\JUvVkYG.exe

C:\Windows\System\JUvVkYG.exe

C:\Windows\System\NSXeysF.exe

C:\Windows\System\NSXeysF.exe

C:\Windows\System\VErVDja.exe

C:\Windows\System\VErVDja.exe

C:\Windows\System\bZyBDua.exe

C:\Windows\System\bZyBDua.exe

C:\Windows\System\GnEJWRB.exe

C:\Windows\System\GnEJWRB.exe

C:\Windows\System\lzDqOst.exe

C:\Windows\System\lzDqOst.exe

C:\Windows\System\IeYPjOr.exe

C:\Windows\System\IeYPjOr.exe

C:\Windows\System\kwPZAHv.exe

C:\Windows\System\kwPZAHv.exe

C:\Windows\System\pyQQbGy.exe

C:\Windows\System\pyQQbGy.exe

C:\Windows\System\AMNkGbT.exe

C:\Windows\System\AMNkGbT.exe

C:\Windows\System\PwYEdYh.exe

C:\Windows\System\PwYEdYh.exe

C:\Windows\System\wbuzwKn.exe

C:\Windows\System\wbuzwKn.exe

C:\Windows\System\enWBafa.exe

C:\Windows\System\enWBafa.exe

C:\Windows\System\QeaNGUK.exe

C:\Windows\System\QeaNGUK.exe

C:\Windows\System\qKgtWoK.exe

C:\Windows\System\qKgtWoK.exe

C:\Windows\System\pMwjjwR.exe

C:\Windows\System\pMwjjwR.exe

C:\Windows\System\bgpEuBr.exe

C:\Windows\System\bgpEuBr.exe

C:\Windows\System\zXmvaIr.exe

C:\Windows\System\zXmvaIr.exe

C:\Windows\System\cuxpYRX.exe

C:\Windows\System\cuxpYRX.exe

C:\Windows\System\syOJfcO.exe

C:\Windows\System\syOJfcO.exe

C:\Windows\System\NDSyAwJ.exe

C:\Windows\System\NDSyAwJ.exe

C:\Windows\System\UsSMVzN.exe

C:\Windows\System\UsSMVzN.exe

C:\Windows\System\MQKCWaK.exe

C:\Windows\System\MQKCWaK.exe

C:\Windows\System\doRjveE.exe

C:\Windows\System\doRjveE.exe

C:\Windows\System\cjsTjsD.exe

C:\Windows\System\cjsTjsD.exe

C:\Windows\System\wBjPfMn.exe

C:\Windows\System\wBjPfMn.exe

C:\Windows\System\IZLQRfZ.exe

C:\Windows\System\IZLQRfZ.exe

C:\Windows\System\PyXyKyY.exe

C:\Windows\System\PyXyKyY.exe

C:\Windows\System\hQpvJyy.exe

C:\Windows\System\hQpvJyy.exe

C:\Windows\System\GPiNiiu.exe

C:\Windows\System\GPiNiiu.exe

C:\Windows\System\rJCZHaX.exe

C:\Windows\System\rJCZHaX.exe

C:\Windows\System\DbbOXyk.exe

C:\Windows\System\DbbOXyk.exe

C:\Windows\System\tYJwkFs.exe

C:\Windows\System\tYJwkFs.exe

C:\Windows\System\RKwGedN.exe

C:\Windows\System\RKwGedN.exe

C:\Windows\System\jKDIuPx.exe

C:\Windows\System\jKDIuPx.exe

C:\Windows\System\ZsUBxrm.exe

C:\Windows\System\ZsUBxrm.exe

C:\Windows\System\pxJxbdv.exe

C:\Windows\System\pxJxbdv.exe

C:\Windows\System\NtUCTmD.exe

C:\Windows\System\NtUCTmD.exe

C:\Windows\System\bQdZlyZ.exe

C:\Windows\System\bQdZlyZ.exe

C:\Windows\System\TGLQmTO.exe

C:\Windows\System\TGLQmTO.exe

C:\Windows\System\fnWcovx.exe

C:\Windows\System\fnWcovx.exe

C:\Windows\System\GgHCQBu.exe

C:\Windows\System\GgHCQBu.exe

C:\Windows\System\GpPDjMm.exe

C:\Windows\System\GpPDjMm.exe

C:\Windows\System\EDSbsGm.exe

C:\Windows\System\EDSbsGm.exe

C:\Windows\System\nRSBurC.exe

C:\Windows\System\nRSBurC.exe

C:\Windows\System\LEgqSQy.exe

C:\Windows\System\LEgqSQy.exe

C:\Windows\System\zOqDtiw.exe

C:\Windows\System\zOqDtiw.exe

C:\Windows\System\ppbusEJ.exe

C:\Windows\System\ppbusEJ.exe

C:\Windows\System\UWYlmyq.exe

C:\Windows\System\UWYlmyq.exe

C:\Windows\System\nrUFAfI.exe

C:\Windows\System\nrUFAfI.exe

C:\Windows\System\pSgxLIu.exe

C:\Windows\System\pSgxLIu.exe

C:\Windows\System\OSmdDnE.exe

C:\Windows\System\OSmdDnE.exe

C:\Windows\System\DmyNzHr.exe

C:\Windows\System\DmyNzHr.exe

C:\Windows\System\sctlFfW.exe

C:\Windows\System\sctlFfW.exe

C:\Windows\System\HURDpiy.exe

C:\Windows\System\HURDpiy.exe

C:\Windows\System\uVZfWmr.exe

C:\Windows\System\uVZfWmr.exe

C:\Windows\System\YJjQRvL.exe

C:\Windows\System\YJjQRvL.exe

C:\Windows\System\mLuRUZs.exe

C:\Windows\System\mLuRUZs.exe

C:\Windows\System\eJZUKrh.exe

C:\Windows\System\eJZUKrh.exe

C:\Windows\System\DvpkHiV.exe

C:\Windows\System\DvpkHiV.exe

C:\Windows\System\FksmyFE.exe

C:\Windows\System\FksmyFE.exe

C:\Windows\System\EvkLOMv.exe

C:\Windows\System\EvkLOMv.exe

C:\Windows\System\VnnFgDB.exe

C:\Windows\System\VnnFgDB.exe

C:\Windows\System\bbINvpS.exe

C:\Windows\System\bbINvpS.exe

C:\Windows\System\JWoEeWU.exe

C:\Windows\System\JWoEeWU.exe

C:\Windows\System\aSvLTac.exe

C:\Windows\System\aSvLTac.exe

C:\Windows\System\sTlbdYS.exe

C:\Windows\System\sTlbdYS.exe

C:\Windows\System\uPJZubG.exe

C:\Windows\System\uPJZubG.exe

C:\Windows\System\MaeoEjq.exe

C:\Windows\System\MaeoEjq.exe

C:\Windows\System\qKGgLtE.exe

C:\Windows\System\qKGgLtE.exe

C:\Windows\System\UhBrQsW.exe

C:\Windows\System\UhBrQsW.exe

C:\Windows\System\yRmJOiE.exe

C:\Windows\System\yRmJOiE.exe

C:\Windows\System\eTAYIyH.exe

C:\Windows\System\eTAYIyH.exe

C:\Windows\System\FhDlpnU.exe

C:\Windows\System\FhDlpnU.exe

C:\Windows\System\YYzvzTr.exe

C:\Windows\System\YYzvzTr.exe

C:\Windows\System\XJJlJQg.exe

C:\Windows\System\XJJlJQg.exe

C:\Windows\System\efodQzR.exe

C:\Windows\System\efodQzR.exe

C:\Windows\System\QCgmzaV.exe

C:\Windows\System\QCgmzaV.exe

C:\Windows\System\hhFwEFl.exe

C:\Windows\System\hhFwEFl.exe

C:\Windows\System\legMpFf.exe

C:\Windows\System\legMpFf.exe

C:\Windows\System\sgOWyKZ.exe

C:\Windows\System\sgOWyKZ.exe

C:\Windows\System\apVJNfy.exe

C:\Windows\System\apVJNfy.exe

C:\Windows\System\uTWFomA.exe

C:\Windows\System\uTWFomA.exe

C:\Windows\System\gcXgnaB.exe

C:\Windows\System\gcXgnaB.exe

C:\Windows\System\ImSmAZZ.exe

C:\Windows\System\ImSmAZZ.exe

C:\Windows\System\zjcOQKA.exe

C:\Windows\System\zjcOQKA.exe

C:\Windows\System\ipxpMuX.exe

C:\Windows\System\ipxpMuX.exe

C:\Windows\System\DRNqlTL.exe

C:\Windows\System\DRNqlTL.exe

C:\Windows\System\QfjfgiI.exe

C:\Windows\System\QfjfgiI.exe

C:\Windows\System\cBKbdRS.exe

C:\Windows\System\cBKbdRS.exe

C:\Windows\System\nBRMoFa.exe

C:\Windows\System\nBRMoFa.exe

C:\Windows\System\qyoyUwg.exe

C:\Windows\System\qyoyUwg.exe

C:\Windows\System\DavEOqM.exe

C:\Windows\System\DavEOqM.exe

C:\Windows\System\tDQaXHh.exe

C:\Windows\System\tDQaXHh.exe

C:\Windows\System\hlPRIKf.exe

C:\Windows\System\hlPRIKf.exe

C:\Windows\System\CIvphkg.exe

C:\Windows\System\CIvphkg.exe

C:\Windows\System\mSuzJFa.exe

C:\Windows\System\mSuzJFa.exe

C:\Windows\System\IMxoVFR.exe

C:\Windows\System\IMxoVFR.exe

C:\Windows\System\oabIXao.exe

C:\Windows\System\oabIXao.exe

C:\Windows\System\mmeBRNX.exe

C:\Windows\System\mmeBRNX.exe

C:\Windows\System\vHxTqHv.exe

C:\Windows\System\vHxTqHv.exe

C:\Windows\System\khOJDUD.exe

C:\Windows\System\khOJDUD.exe

C:\Windows\System\rdAJiou.exe

C:\Windows\System\rdAJiou.exe

C:\Windows\System\LBnabQl.exe

C:\Windows\System\LBnabQl.exe

C:\Windows\System\rKUreOQ.exe

C:\Windows\System\rKUreOQ.exe

C:\Windows\System\bYEmkBD.exe

C:\Windows\System\bYEmkBD.exe

C:\Windows\System\YcZduDX.exe

C:\Windows\System\YcZduDX.exe

C:\Windows\System\XPLrVrG.exe

C:\Windows\System\XPLrVrG.exe

C:\Windows\System\qmdusFC.exe

C:\Windows\System\qmdusFC.exe

C:\Windows\System\vaUmglL.exe

C:\Windows\System\vaUmglL.exe

C:\Windows\System\QKmrILD.exe

C:\Windows\System\QKmrILD.exe

C:\Windows\System\aOairtv.exe

C:\Windows\System\aOairtv.exe

C:\Windows\System\rPMANkA.exe

C:\Windows\System\rPMANkA.exe

C:\Windows\System\QiHEevZ.exe

C:\Windows\System\QiHEevZ.exe

C:\Windows\System\UIfiDDA.exe

C:\Windows\System\UIfiDDA.exe

C:\Windows\System\EbjtRSN.exe

C:\Windows\System\EbjtRSN.exe

C:\Windows\System\SoBAsrH.exe

C:\Windows\System\SoBAsrH.exe

C:\Windows\System\BqiEebO.exe

C:\Windows\System\BqiEebO.exe

C:\Windows\System\oPakngK.exe

C:\Windows\System\oPakngK.exe

C:\Windows\System\PvOIIBs.exe

C:\Windows\System\PvOIIBs.exe

C:\Windows\System\fLlYnkO.exe

C:\Windows\System\fLlYnkO.exe

C:\Windows\System\bOfMrKe.exe

C:\Windows\System\bOfMrKe.exe

C:\Windows\System\RpGLrNB.exe

C:\Windows\System\RpGLrNB.exe

C:\Windows\System\KlEuJvE.exe

C:\Windows\System\KlEuJvE.exe

C:\Windows\System\FObpPbo.exe

C:\Windows\System\FObpPbo.exe

C:\Windows\System\CxoDrYR.exe

C:\Windows\System\CxoDrYR.exe

C:\Windows\System\BoQCoTh.exe

C:\Windows\System\BoQCoTh.exe

C:\Windows\System\PiOkqfR.exe

C:\Windows\System\PiOkqfR.exe

C:\Windows\System\LXikcDH.exe

C:\Windows\System\LXikcDH.exe

C:\Windows\System\MVYCmkO.exe

C:\Windows\System\MVYCmkO.exe

C:\Windows\System\kgljlUS.exe

C:\Windows\System\kgljlUS.exe

C:\Windows\System\ESbSYBw.exe

C:\Windows\System\ESbSYBw.exe

C:\Windows\System\qXyShVD.exe

C:\Windows\System\qXyShVD.exe

C:\Windows\System\CSFIUwF.exe

C:\Windows\System\CSFIUwF.exe

C:\Windows\System\DFeNdJq.exe

C:\Windows\System\DFeNdJq.exe

C:\Windows\System\NgWoyQY.exe

C:\Windows\System\NgWoyQY.exe

C:\Windows\System\eEIhDPt.exe

C:\Windows\System\eEIhDPt.exe

C:\Windows\System\OsLpmbm.exe

C:\Windows\System\OsLpmbm.exe

C:\Windows\System\uaAVceY.exe

C:\Windows\System\uaAVceY.exe

C:\Windows\System\xkIEGLr.exe

C:\Windows\System\xkIEGLr.exe

C:\Windows\System\zlxEaTH.exe

C:\Windows\System\zlxEaTH.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2456-0-0x000000013FF20000-0x0000000140271000-memory.dmp

memory/2456-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\ZZxSVdj.exe

MD5 0b45200cd8187721a89739f51b97edb5
SHA1 afacc2ba0695d3bfda9813a42c0616e8a290e555
SHA256 aed959feef16012f70184eb466b4bb403e01cf646e6c0f4e70b052805436c0c8
SHA512 d80b6877141320652873d68723ec380fba55ad4eabe0bb2ed86796e17a77b09bdb13050ab3d4fcc15bd4d0143c0733ef5f69ae95da98bae62ebb2d998b260388

memory/2456-7-0x0000000001F60000-0x00000000022B1000-memory.dmp

memory/2124-9-0x000000013FCC0000-0x0000000140011000-memory.dmp

\Windows\system\ypcInbc.exe

MD5 43faba1407ba8a2c30d7a95f34b4abe6
SHA1 5c2f5803f41a17fdfb6b0903cc971749014a31ef
SHA256 566a42e374e35df3e67f9a1c6e3a54416505546229a73499d262f6e14d6f06b5
SHA512 d237c463d63696ae2cdf12a42b8e7e6b18d6ded36c3c373b6a0812ae2eb726ccf4265f95e0bb6e3f35b4dd3cd9aba0e3ead4b76b3e8c80cd928f90ada8da6df8

C:\Windows\system\SGIyUEF.exe

MD5 a9d327ee75945e8b640fb9e1bbac4b92
SHA1 4b2dfb76f7cda951a51252d73ecde576cd041a73
SHA256 2ea9e77b63d9f6c85eae4f5d7456138f46f5a8bafeeb2417d32627d65ea61b17
SHA512 dcf355fa41140d6348f4447e8d6e4a392d32b7afaa8a46b5513e6ed0177c8a42009254d49e17510197110fa8f5272b61bd19a0ed40614bc2f564df1f7e124695

memory/2628-23-0x000000013F480000-0x000000013F7D1000-memory.dmp

memory/2504-15-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2456-14-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2456-22-0x000000013F480000-0x000000013F7D1000-memory.dmp

C:\Windows\system\GulVaTS.exe

MD5 0e7e003ee5bae1c22943c01988df40ce
SHA1 056f5925305e3f3c5c5c3fa539c7bdd9aef78d75
SHA256 03b67d71696f09dcf81dc62f77b068f38e7ab4f023fced5de43de5346087a735
SHA512 a7cdf4bb693c287d9c6ae0df3c3bd54cc264e8ee58ef19a9030c63b7d8e0e8bb8e0b8c8ec39ffba37cf6009ae58ecb6897e0d169d38f3d4d7480ebe10a5109b5

memory/2748-29-0x000000013FFB0000-0x0000000140301000-memory.dmp

C:\Windows\system\sjawQNE.exe

MD5 890fe29aef4a2b8c34720ad03295f3e7
SHA1 fb779facefdd3c7eb73b6ed841069b3223bb94f1
SHA256 0ce23e2c7abb375b199f3af0acb9684827dcdbc5c636f79ecdd7b31a1f22e13f
SHA512 78829314cd881bb490255fb7b0d0866a8a012740ac0462172e2f3b6f6b527f7a2354e0ea253099a9ec9fb5f850b38e40657ca270f4349d9b2e3cd21165b8b474

memory/2456-80-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

C:\Windows\system\gtlAEre.exe

MD5 af548c42d65f42fe044e213d50e9eb5e
SHA1 5a5f52bb0b44fd5d70fcb2b93d9143a2f671a1fb
SHA256 20c6aa505fd3ed6742e436b4a6ce557b8d03b0cf20396bee886b4100e66adaa5
SHA512 277859f015a3c918379da8e4d9a8e05d6220b7c79d309f88a5a087a54568a944bb4f8aeffcdb24cab5c8685181ccd2e4a4129dbfb909593dca87ae2a51cc2d89

C:\Windows\system\sntnMua.exe

MD5 9b47c63a1498b9e41039449c9c0ad2a4
SHA1 bff00954b887a0afd958f0e6ca5e9a71fc7086a5
SHA256 2a4c1f5a12f4392fc8dae25ec2338e1f85613fd36adab7a22e955684a5c2963b
SHA512 ba871ac07d4027586159f001cef468a86bf289b32e2547116a2e535a692b26ea720079c7d414dd27d0a9b9df0e1598ae73afb17187f36853d85994666b388bac

C:\Windows\system\xPDGYwd.exe

MD5 b5335731749d6034485414162727cbc2
SHA1 532df278e323834bbe63bbcd910c10cf6d9b3650
SHA256 a2bd4f164e012b19783e7c76fee924f971503fbe3da8a1842ac754b92cb868ff
SHA512 0f1cef4697154ad1c48e3dcaf448192c268e3fc6834ea49533b6c3362b5d375caf65669551c17d5805f0737dd3497e886a13ebc77f1a7b3c3e3db3f82b950e8e

C:\Windows\system\qRCvvUv.exe

MD5 ead6e14453460938c159d45d5a4caadc
SHA1 6ca074a7734c636155a60bebb3f737ee13b9d8b9
SHA256 ad76aeed5b1c37b85b8d77f7a019424f26d90d8a923c6551458d52936248b362
SHA512 ed9fbf96446f87e737a423d1fd423513cde1ef40d41497c0d0af42f7b2ecd3829250cdfc4403e129a2251cd960b0e8a12402679ea1949cf7ff27504244bcedde

\Windows\system\dThmWxl.exe

MD5 4608265053325a58149dfdaf05dbe010
SHA1 f053b26cadb09820a572df18d73c2f554be2e3f9
SHA256 33ca4383142f2a29621b970845f8b595eee6c3a06f4ce46d023498cfdaf859da
SHA512 78e108e9887d5017e800c7cb4452ef11b80332778cb8815826f3010273aa2bd620e227e072a43c69db61b492f6995bc70f96884c15be45ab87bd9f6bf436456c

C:\Windows\system\dZLOQtn.exe

MD5 aa36653f94f3a1ad539fbccb08c92951
SHA1 8e94104a4d651a991dc0dc39671e1a69e2321c39
SHA256 a852c664e9927a8add137aade49491e7219103a9810f31acddd22f63c022b02c
SHA512 d60a00d1f874e101fc767bd930044493aa9e8d331072c4b9647f46dc96372be3afe671524bd00d855bef7a3e94e6fc5d310097ed2a767027dcf7cd0539dfb3a8

memory/2124-652-0x000000013FCC0000-0x0000000140011000-memory.dmp

\Windows\system\wGuDPHd.exe

MD5 8fd4a9ff437ef55b6b75047ffba22b81
SHA1 49cb428f389f7e786073793eb891705f1f68deea
SHA256 eca39fdbb24fe0edaf1d0ad73442ac3f7b1532c58e14c50ba7a3d5f8a37bfd22
SHA512 be5c277bbf237e039420a336b25934a98a0cef87ffe2a323084790712b59947d1030d9dc060bd016b2cd88923006da80bdc35e41861feda0b1316e7431ffbb9c

C:\Windows\system\MuiJuEZ.exe

MD5 0dd432e2b0c599e838a3d49a1f5352ef
SHA1 a80454a27926507a3cb327b52a2fee0fbd40e2ce
SHA256 dc2b50d4a0625f0a3539b76ce1e200efe4843ff47800905d460a5b7234e4590d
SHA512 e478291c981f8566398563e5f6b431afe1f707385e95c028d2d3e03338313b0eae84de6d083c2ae6682e7d28a7827ca5a77c7072be96aab6997e8dc61b9d43d3

\Windows\system\PGczmRo.exe

MD5 c479e9d74b45acc03817763f7f2ffa09
SHA1 4182267f40edde9513fa9a418ed35643df7408e4
SHA256 379bed29817382a52c4c3c614942fbbd97de5fa6009b822a6585a78984c00cc7
SHA512 9b6eb45cff5d0037123ae2a88d299078422a66183d8f88c5a8699cdf26a7fa307790c9352deab823b6bf8692885d254acb6271113b0859baafe9b2d945377800

C:\Windows\system\HyqLOay.exe

MD5 50c7080aa8c7d5cf359c644ac1d7c089
SHA1 bf55adb4b9f635b6b7ffd87f6905ed0fad32143a
SHA256 2fd65eaa5ab569d9a9873c9e511a27b9e664259ca8a2330d5c2b0dd2c2fb4f36
SHA512 e9ad25fbc356470d39d68f8f26be9b0653bda1b87970f08d291dcb721e392de17ddd2c0c9c213c1e56b48a6eca38a4df10a5ba12b0a40df2fe6b113aeb0575a8

C:\Windows\system\WkQlYkO.exe

MD5 c5f1f7ce1fe0c92121bb625dad3e0bf1
SHA1 1d2d880469efbd9bd906bc9908dca0407bf3d643
SHA256 383da7603a7a6d3df80921a1b653ff677277362b523bf5e09a9da006fd9a4294
SHA512 793df198f38e6fce1426ac8ae669256b8a75bf97bdba01a04731bd01e78681d41c225b45b61b8f06255d921242c5bc22b15095e70a1492492e707f3653265f06

C:\Windows\system\qDYVYMw.exe

MD5 dae515b57542367a3f97de017e633c17
SHA1 34cb9901a91c8045edfa5de8cbf8a05582e0a42d
SHA256 37f88d072cbed6a2e3f6ec37d8b0d323ae0db1ff2ca5fbb4aeea75681dddd57d
SHA512 7804dc37a02dbf79ced1b06685438ab9222967c551db93e227fd6f9d7fcabd344cef51e53a0f3d1702d8c28a8c71bcb9108a0d027800c0c34354d638d75665a6

\Windows\system\HaRxIVM.exe

MD5 7fe5cc562b1342194b2c06e9306bad5b
SHA1 e4fa4e92a0502f3c467eb3745191db6c10f3c90e
SHA256 a56e81036ab5a6faabf2263c2a458984cbf8cb2b21afc09c172c48a6eee34003
SHA512 a1e4dac3c7561d8d8d8663415f3cd3b05aae0387fbe6a9d24114adcdf216fc0c84ef1e1da025817603efa37e12204e590bb3cbf0e010bf90311d817ddb191d1e

C:\Windows\system\ycdkIKJ.exe

MD5 91ff2f1a050eff9f05a29e3b78538df9
SHA1 f508f2b1fe18903ac1ab92ce4cadffcebcde181b
SHA256 e046baee7b9e74a7c45e66ba8bbf07f7ce27959c83bc9dfd26dc7578bf2083aa
SHA512 c4b0e04636bfa7dc6ca16c365be5f8d2f9350e50c843d9e46a98840be5288e84a65e63b00d92a95c0811cd8f207353ed01e7cb9a85c175dcfaa7001d9cc78968

memory/2332-108-0x000000013F660000-0x000000013F9B1000-memory.dmp

memory/2456-107-0x000000013F660000-0x000000013F9B1000-memory.dmp

memory/3008-106-0x000000013F320000-0x000000013F671000-memory.dmp

memory/2456-105-0x000000013FF20000-0x0000000140271000-memory.dmp

C:\Windows\system\SREHGEG.exe

MD5 7728911cc9101bc28eeff19184a1ddc2
SHA1 4ef36ca320ca30537e09c647d2ec6a38fd51aada
SHA256 71e9f59c718843fc7be957b05e80bfdb002d662dd22c0ea4e345fbc95c2e1e2e
SHA512 aaf414dc6cffb3b404c0e3ba75c9d3897d2adeb3496d2b2f1a02943e690e64b9cabe3ab1b28b149871f64ca80057dafd45cf7c7fb3f39f6ad0bfe776222c177d

C:\Windows\system\aBIMkmx.exe

MD5 3729f6f7d9842a058b38e9b1c5492398
SHA1 4ef1937143a8550ba68d4229baaffc7def284106
SHA256 4a1b92261f44c92e4c5cacee0187b9523e2370e96212cb1d155e97cca561480a
SHA512 1ece08a47be6486e99a3a6fb0c1d2b269f25ade8961ce998c3d2e42006421161e310404d42424a079aaa46d786a06b4b3ab06b1a17b77e17be92ac0f29832fc5

C:\Windows\system\NpvbFWc.exe

MD5 8394eed6d1942fcbd5afd4580faa744d
SHA1 7257b89d00f3b8ec9c930b1bd73dbfdaabd25cc4
SHA256 744e971f7bef9d95825b59c59962bf232a4c82f26beab40722af1dfd188ef21f
SHA512 2aeed32df03f3ec1bba3b4977ffd89695cd238bc20d25eb3667496882c6aceb6a4a61ac82d80cb138f6a1facbaef2a10831376758008ebd962644712e53ffc68

memory/2456-88-0x000000013F440000-0x000000013F791000-memory.dmp

memory/2456-87-0x000000013F9D0000-0x000000013FD21000-memory.dmp

memory/2456-86-0x000000013FB70000-0x000000013FEC1000-memory.dmp

memory/2356-85-0x000000013F9D0000-0x000000013FD21000-memory.dmp

memory/2088-84-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

C:\Windows\system\bFiqACH.exe

MD5 4d5732f874c558212d3e10a07c6c8732
SHA1 856dea9a3550f005e42278c37497e4d02e57e5ac
SHA256 122e1d9f9e94db1230b7c3698571ec02309f521de99ccbc80b1d13850ad23007
SHA512 d37c22c52ec3a5e4447ef5389fb8c2f0b47f61bd777974afac78af313d37c693b3c11111e2d90996e75d9c27a037f28386aa3b0a80fb5c2e27eeb8df9eba7579

\Windows\system\vJGwExv.exe

MD5 f045e00aabc4a0ee5cc241bc45283669
SHA1 11b6082ca7810d8ba93b7a3d96ea7635fd95e439
SHA256 ca8c13af20c066a1ab3b1f9ad34225ca412cb8c7b3c0d8055114351129a9bfeb
SHA512 74634f062f63f0511b37b66d30c221ba041624d0afe0fdf2d0746643908ff56b845cdf350b22fffd648e9120eccd4a0960e4d83d498a427c8500d705a78ccd11

memory/2456-76-0x000000013F320000-0x000000013F671000-memory.dmp

memory/2496-75-0x000000013F910000-0x000000013FC61000-memory.dmp

\Windows\system\NvjqBbF.exe

MD5 621e400cb9e7a55334564839f648af43
SHA1 7c8e185caffef8cae146a1f5ffc89bbcae0c5eb4
SHA256 1881abd84307f42a586ca4275b73fd6124f2ad3a33a65b9d8a65576b5f25e73b
SHA512 0e103fc750917676468609f270e8975692edce0064eee088f1b67d6dd701f1d27250194d965bc17205cc02278e0835efea6e718b7f1d98eefbf357164adb92e6

C:\Windows\system\MhccSGN.exe

MD5 a30024eb6c7534e9b3a45a02de625fa7
SHA1 ecbfcf70a5c908e21625b0f3dacdffeab361f05d
SHA256 d4c57c93dd70044c687f9d1bda56144a92418bc05deaf3615db26886562120f7
SHA512 deabd987c9f5c3f54d81d2b5e6e58091967d10315491b5ab46014ed601c364aec07c46c563249730d7af4411be63c42ab83fce9df4a873e38f6897ee6ea87d36

memory/1652-112-0x000000013FB70000-0x000000013FEC1000-memory.dmp

C:\Windows\system\NKOExSI.exe

MD5 e9dcdba7e2d8c14e3fa7855266f99108
SHA1 135ade21a9e5a1f2c1ba479d1a8e1f8105939970
SHA256 d275ea0d3bafba5a38ceded8a31567d8ad3cdb63f51984ad15ed18eba3f51381
SHA512 935b269e48b43721050b6e62efbefd830d65e9fd9d6cfc94a92798a55e2fdcd49a26db9037a397a8e1b1ec13498608e624c4fa13138132accb2dcdf7d83e987d

C:\Windows\system\fDgaQiM.exe

MD5 36f5640dd38961f30e3a8a1de767415f
SHA1 e8fcdb80d3cfad70887136310f713e72b51040a1
SHA256 aa39c404a7ed3dcde375dd76740626bbe820c3ecaf0c127c817f0c054586aa27
SHA512 6afe4d45fec11f60d7510e1c0efbb268997d41882699812a1210401d1053744b5c0f89a0cd9ef46b3c748590b659b7a7bd52d086023d21d8ba1e9036e1484589

memory/2456-71-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/2404-70-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/2456-69-0x000000013F9E0000-0x000000013FD31000-memory.dmp

C:\Windows\system\sCBOYcb.exe

MD5 79da6847a7b5bba9862beafa61c0b1f3
SHA1 7a2fd6db76f291a1d94e655a5b57aa4206146c63
SHA256 219ae526d7e1035e7d4dd9adc2122a8ee84b666112de7e6b7a05b03c2620a8ea
SHA512 001f2cda9af6311d63231e99bc281577a476a51940065fe336b422ea0eadb3c75d2f13dc06a72ad7db04a5af2033f6b2779c0daaae2ed76aec164919cce51b0c

C:\Windows\system\nLZMNBJ.exe

MD5 3b8fc7c5091d7511796f5d76f044c879
SHA1 1b44552d9dff9c84b9997bab9ed53a9cd4bb4996
SHA256 2b56db6602503e47d9c057b3e3994181d70a3f0d029f062477f23834ff8c6868
SHA512 05d354467f3940a97ecfb007eee2de6db898d980be2527f8833023f375b586a3eb80caf21308e85a485ede6d40747041c8c6621a9dcc67dcc4d55424cd8ed8a9

memory/2428-49-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/2456-48-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/1972-46-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2456-44-0x000000013F7D0000-0x000000013FB21000-memory.dmp

\Windows\system\FdVralV.exe

MD5 a779c8564e3174fd7718f70b570b5eaa
SHA1 a76ff4ebea47b681f77750c0f05b1939eb9c2d8f
SHA256 e0f562275c4ad5fc8bbb797767e3c0e81f863692bac7aa57b1e646928e69f8e7
SHA512 39cbc968032189e65587c97c5085186e1692718a56a9d6f5efb9b6bb551fce49a4d8781ebcbcf0676bd168721e0a2707d07228dfb15e74ab0e64b1929c2da6ca

memory/2700-36-0x000000013F600000-0x000000013F951000-memory.dmp

memory/2456-35-0x000000013F600000-0x000000013F951000-memory.dmp

C:\Windows\system\ZwTYpnR.exe

MD5 317685c3a6d94933eddb737f0a8b4cda
SHA1 03f487498651002e1a72fa17d5bb08fb53d1db6e
SHA256 8b6555df6cf1f2abc85929b4192b8daa17850967ac884e175df0874387ec3f70
SHA512 0538febccc83558954d4ab8fc1bfd8883f44582ec3ae574e3fb7aeb2adb63a692c57d66d9d54f0811309ca0bd26dd7ff0b7eb9aca3a039c89e797d30e2c3fb4d

memory/2456-28-0x0000000001F60000-0x00000000022B1000-memory.dmp

memory/2504-1103-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2748-1137-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2456-1136-0x0000000001F60000-0x00000000022B1000-memory.dmp

memory/1972-1138-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2124-1174-0x000000013FCC0000-0x0000000140011000-memory.dmp

memory/2628-1178-0x000000013F480000-0x000000013F7D1000-memory.dmp

memory/2504-1177-0x000000013F460000-0x000000013F7B1000-memory.dmp

memory/2700-1180-0x000000013F600000-0x000000013F951000-memory.dmp

memory/2428-1182-0x000000013F3B0000-0x000000013F701000-memory.dmp

memory/2496-1184-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/2404-1187-0x000000013F9E0000-0x000000013FD31000-memory.dmp

memory/1972-1188-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2088-1190-0x000000013F5A0000-0x000000013F8F1000-memory.dmp

memory/2356-1192-0x000000013F9D0000-0x000000013FD21000-memory.dmp

memory/2332-1202-0x000000013F660000-0x000000013F9B1000-memory.dmp

memory/3008-1200-0x000000013F320000-0x000000013F671000-memory.dmp

memory/1652-1213-0x000000013FB70000-0x000000013FEC1000-memory.dmp

memory/2748-1350-0x000000013FFB0000-0x0000000140301000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 11:05

Reported

2024-06-06 11:08

Platform

win10v2004-20240426-en

Max time kernel

140s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TEBzsjy.exe N/A
N/A N/A C:\Windows\System\JXpIiRy.exe N/A
N/A N/A C:\Windows\System\IWxolbz.exe N/A
N/A N/A C:\Windows\System\yuWskPn.exe N/A
N/A N/A C:\Windows\System\tmhiygc.exe N/A
N/A N/A C:\Windows\System\oIRUgGY.exe N/A
N/A N/A C:\Windows\System\lPiWqOD.exe N/A
N/A N/A C:\Windows\System\ugBiOVN.exe N/A
N/A N/A C:\Windows\System\ryhiBJF.exe N/A
N/A N/A C:\Windows\System\hgUCmOX.exe N/A
N/A N/A C:\Windows\System\zXpYqum.exe N/A
N/A N/A C:\Windows\System\NvsShKg.exe N/A
N/A N/A C:\Windows\System\PouTErb.exe N/A
N/A N/A C:\Windows\System\rrvnknL.exe N/A
N/A N/A C:\Windows\System\PFARyxx.exe N/A
N/A N/A C:\Windows\System\fUjqCef.exe N/A
N/A N/A C:\Windows\System\zrSaEBU.exe N/A
N/A N/A C:\Windows\System\ymsfwEG.exe N/A
N/A N/A C:\Windows\System\iRkCdUW.exe N/A
N/A N/A C:\Windows\System\lxBqXcC.exe N/A
N/A N/A C:\Windows\System\DOAadYP.exe N/A
N/A N/A C:\Windows\System\KtXESbS.exe N/A
N/A N/A C:\Windows\System\OvhewKp.exe N/A
N/A N/A C:\Windows\System\PIlRJCN.exe N/A
N/A N/A C:\Windows\System\VfoNfAV.exe N/A
N/A N/A C:\Windows\System\jCoRHQG.exe N/A
N/A N/A C:\Windows\System\UvGXkeO.exe N/A
N/A N/A C:\Windows\System\yGLAUSL.exe N/A
N/A N/A C:\Windows\System\kwUnCuc.exe N/A
N/A N/A C:\Windows\System\cupllBZ.exe N/A
N/A N/A C:\Windows\System\fGQEseg.exe N/A
N/A N/A C:\Windows\System\YYxNCNP.exe N/A
N/A N/A C:\Windows\System\qqFczDu.exe N/A
N/A N/A C:\Windows\System\rMhWBrl.exe N/A
N/A N/A C:\Windows\System\JbTEKRF.exe N/A
N/A N/A C:\Windows\System\ReGPxoo.exe N/A
N/A N/A C:\Windows\System\ZifIRqK.exe N/A
N/A N/A C:\Windows\System\DfCDzfz.exe N/A
N/A N/A C:\Windows\System\IRDjOdW.exe N/A
N/A N/A C:\Windows\System\kzKxRao.exe N/A
N/A N/A C:\Windows\System\fpshAsk.exe N/A
N/A N/A C:\Windows\System\COdLXEN.exe N/A
N/A N/A C:\Windows\System\dsVKfxr.exe N/A
N/A N/A C:\Windows\System\IpsYEZl.exe N/A
N/A N/A C:\Windows\System\dFYDrlP.exe N/A
N/A N/A C:\Windows\System\ckBCKKr.exe N/A
N/A N/A C:\Windows\System\PGICNId.exe N/A
N/A N/A C:\Windows\System\sipEExz.exe N/A
N/A N/A C:\Windows\System\sKgMLkw.exe N/A
N/A N/A C:\Windows\System\HCLeMDW.exe N/A
N/A N/A C:\Windows\System\TlmhJec.exe N/A
N/A N/A C:\Windows\System\OijQKyp.exe N/A
N/A N/A C:\Windows\System\MnhFypu.exe N/A
N/A N/A C:\Windows\System\iFIueMg.exe N/A
N/A N/A C:\Windows\System\AzwSbCN.exe N/A
N/A N/A C:\Windows\System\VADjRIx.exe N/A
N/A N/A C:\Windows\System\XumcRjL.exe N/A
N/A N/A C:\Windows\System\eJhexVl.exe N/A
N/A N/A C:\Windows\System\haClCkG.exe N/A
N/A N/A C:\Windows\System\YQcOKNx.exe N/A
N/A N/A C:\Windows\System\FobVahl.exe N/A
N/A N/A C:\Windows\System\kwGGbtJ.exe N/A
N/A N/A C:\Windows\System\HpUzAvv.exe N/A
N/A N/A C:\Windows\System\TnLrwej.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\JrINsxi.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIBjoBc.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\grPXQhd.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\zrSaEBU.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\YQcOKNx.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\zIlgITc.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\WELNkGR.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCLeMDW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPkUDZw.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoCmLpl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HFXKyqm.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\nDDhWeM.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpshAsk.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmoQjmK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\tarYUbC.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\hTuRxdp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\axOvtNB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZenNTKu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDdpQcL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QbEOXqX.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\XumcRjL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVcUPaF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\rKneTIL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\PBtlove.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\CnzDVnk.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\fnQGwqG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZuFSeIl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dwZFZup.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QveYfAM.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BWiPHGs.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\IWxolbz.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTlqPdZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHxPoSj.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCuuumO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZHNjkN.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFtmLgi.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\KijWvJx.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\PFARyxx.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HpUzAvv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HPnqyry.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\bfVNklk.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHzHGQe.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\vLfQkiO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\rBxGagT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OrTbVpd.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\szKQUnU.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FobVahl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\juhNepz.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\goXTWoo.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pGVpDBS.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\NliblqF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\fUjqCef.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFIueMg.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\haClCkG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\tYnscya.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHuvfaJ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJhexVl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HUYGYUI.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqFczDu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpsYEZl.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnhFypu.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\KaJHtla.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\yurtMml.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIKFRyh.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3800 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TEBzsjy.exe
PID 3800 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TEBzsjy.exe
PID 3800 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JXpIiRy.exe
PID 3800 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JXpIiRy.exe
PID 3800 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\IWxolbz.exe
PID 3800 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\IWxolbz.exe
PID 3800 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\yuWskPn.exe
PID 3800 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\yuWskPn.exe
PID 3800 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tmhiygc.exe
PID 3800 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tmhiygc.exe
PID 3800 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\oIRUgGY.exe
PID 3800 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\oIRUgGY.exe
PID 3800 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\lPiWqOD.exe
PID 3800 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\lPiWqOD.exe
PID 3800 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ugBiOVN.exe
PID 3800 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ugBiOVN.exe
PID 3800 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ryhiBJF.exe
PID 3800 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ryhiBJF.exe
PID 3800 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\hgUCmOX.exe
PID 3800 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\hgUCmOX.exe
PID 3800 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zXpYqum.exe
PID 3800 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zXpYqum.exe
PID 3800 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NvsShKg.exe
PID 3800 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NvsShKg.exe
PID 3800 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PouTErb.exe
PID 3800 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PouTErb.exe
PID 3800 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rrvnknL.exe
PID 3800 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rrvnknL.exe
PID 3800 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PFARyxx.exe
PID 3800 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PFARyxx.exe
PID 3800 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fUjqCef.exe
PID 3800 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fUjqCef.exe
PID 3800 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zrSaEBU.exe
PID 3800 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zrSaEBU.exe
PID 3800 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ymsfwEG.exe
PID 3800 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ymsfwEG.exe
PID 3800 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\iRkCdUW.exe
PID 3800 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\iRkCdUW.exe
PID 3800 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\lxBqXcC.exe
PID 3800 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\lxBqXcC.exe
PID 3800 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\DOAadYP.exe
PID 3800 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\DOAadYP.exe
PID 3800 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\KtXESbS.exe
PID 3800 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\KtXESbS.exe
PID 3800 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\OvhewKp.exe
PID 3800 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\OvhewKp.exe
PID 3800 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PIlRJCN.exe
PID 3800 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PIlRJCN.exe
PID 3800 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fGQEseg.exe
PID 3800 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\fGQEseg.exe
PID 3800 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\VfoNfAV.exe
PID 3800 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\VfoNfAV.exe
PID 3800 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rMhWBrl.exe
PID 3800 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rMhWBrl.exe
PID 3800 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JbTEKRF.exe
PID 3800 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JbTEKRF.exe
PID 3800 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ReGPxoo.exe
PID 3800 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ReGPxoo.exe
PID 3800 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\jCoRHQG.exe
PID 3800 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\jCoRHQG.exe
PID 3800 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\UvGXkeO.exe
PID 3800 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\UvGXkeO.exe
PID 3800 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\yGLAUSL.exe
PID 3800 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\yGLAUSL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

C:\Windows\System\TEBzsjy.exe

C:\Windows\System\TEBzsjy.exe

C:\Windows\System\JXpIiRy.exe

C:\Windows\System\JXpIiRy.exe

C:\Windows\System\IWxolbz.exe

C:\Windows\System\IWxolbz.exe

C:\Windows\System\yuWskPn.exe

C:\Windows\System\yuWskPn.exe

C:\Windows\System\tmhiygc.exe

C:\Windows\System\tmhiygc.exe

C:\Windows\System\oIRUgGY.exe

C:\Windows\System\oIRUgGY.exe

C:\Windows\System\lPiWqOD.exe

C:\Windows\System\lPiWqOD.exe

C:\Windows\System\ugBiOVN.exe

C:\Windows\System\ugBiOVN.exe

C:\Windows\System\ryhiBJF.exe

C:\Windows\System\ryhiBJF.exe

C:\Windows\System\hgUCmOX.exe

C:\Windows\System\hgUCmOX.exe

C:\Windows\System\zXpYqum.exe

C:\Windows\System\zXpYqum.exe

C:\Windows\System\NvsShKg.exe

C:\Windows\System\NvsShKg.exe

C:\Windows\System\PouTErb.exe

C:\Windows\System\PouTErb.exe

C:\Windows\System\rrvnknL.exe

C:\Windows\System\rrvnknL.exe

C:\Windows\System\PFARyxx.exe

C:\Windows\System\PFARyxx.exe

C:\Windows\System\fUjqCef.exe

C:\Windows\System\fUjqCef.exe

C:\Windows\System\zrSaEBU.exe

C:\Windows\System\zrSaEBU.exe

C:\Windows\System\ymsfwEG.exe

C:\Windows\System\ymsfwEG.exe

C:\Windows\System\iRkCdUW.exe

C:\Windows\System\iRkCdUW.exe

C:\Windows\System\lxBqXcC.exe

C:\Windows\System\lxBqXcC.exe

C:\Windows\System\DOAadYP.exe

C:\Windows\System\DOAadYP.exe

C:\Windows\System\KtXESbS.exe

C:\Windows\System\KtXESbS.exe

C:\Windows\System\OvhewKp.exe

C:\Windows\System\OvhewKp.exe

C:\Windows\System\PIlRJCN.exe

C:\Windows\System\PIlRJCN.exe

C:\Windows\System\fGQEseg.exe

C:\Windows\System\fGQEseg.exe

C:\Windows\System\VfoNfAV.exe

C:\Windows\System\VfoNfAV.exe

C:\Windows\System\rMhWBrl.exe

C:\Windows\System\rMhWBrl.exe

C:\Windows\System\JbTEKRF.exe

C:\Windows\System\JbTEKRF.exe

C:\Windows\System\ReGPxoo.exe

C:\Windows\System\ReGPxoo.exe

C:\Windows\System\jCoRHQG.exe

C:\Windows\System\jCoRHQG.exe

C:\Windows\System\UvGXkeO.exe

C:\Windows\System\UvGXkeO.exe

C:\Windows\System\yGLAUSL.exe

C:\Windows\System\yGLAUSL.exe

C:\Windows\System\kwUnCuc.exe

C:\Windows\System\kwUnCuc.exe

C:\Windows\System\cupllBZ.exe

C:\Windows\System\cupllBZ.exe

C:\Windows\System\ckBCKKr.exe

C:\Windows\System\ckBCKKr.exe

C:\Windows\System\YYxNCNP.exe

C:\Windows\System\YYxNCNP.exe

C:\Windows\System\qqFczDu.exe

C:\Windows\System\qqFczDu.exe

C:\Windows\System\ZifIRqK.exe

C:\Windows\System\ZifIRqK.exe

C:\Windows\System\DfCDzfz.exe

C:\Windows\System\DfCDzfz.exe

C:\Windows\System\IRDjOdW.exe

C:\Windows\System\IRDjOdW.exe

C:\Windows\System\kzKxRao.exe

C:\Windows\System\kzKxRao.exe

C:\Windows\System\fpshAsk.exe

C:\Windows\System\fpshAsk.exe

C:\Windows\System\VADjRIx.exe

C:\Windows\System\VADjRIx.exe

C:\Windows\System\XumcRjL.exe

C:\Windows\System\XumcRjL.exe

C:\Windows\System\COdLXEN.exe

C:\Windows\System\COdLXEN.exe

C:\Windows\System\dsVKfxr.exe

C:\Windows\System\dsVKfxr.exe

C:\Windows\System\HpUzAvv.exe

C:\Windows\System\HpUzAvv.exe

C:\Windows\System\IpsYEZl.exe

C:\Windows\System\IpsYEZl.exe

C:\Windows\System\dFYDrlP.exe

C:\Windows\System\dFYDrlP.exe

C:\Windows\System\PGICNId.exe

C:\Windows\System\PGICNId.exe

C:\Windows\System\sipEExz.exe

C:\Windows\System\sipEExz.exe

C:\Windows\System\sKgMLkw.exe

C:\Windows\System\sKgMLkw.exe

C:\Windows\System\HCLeMDW.exe

C:\Windows\System\HCLeMDW.exe

C:\Windows\System\cdYpgYl.exe

C:\Windows\System\cdYpgYl.exe

C:\Windows\System\TlmhJec.exe

C:\Windows\System\TlmhJec.exe

C:\Windows\System\OijQKyp.exe

C:\Windows\System\OijQKyp.exe

C:\Windows\System\JoACtvw.exe

C:\Windows\System\JoACtvw.exe

C:\Windows\System\MnhFypu.exe

C:\Windows\System\MnhFypu.exe

C:\Windows\System\iFIueMg.exe

C:\Windows\System\iFIueMg.exe

C:\Windows\System\AzwSbCN.exe

C:\Windows\System\AzwSbCN.exe

C:\Windows\System\eJhexVl.exe

C:\Windows\System\eJhexVl.exe

C:\Windows\System\haClCkG.exe

C:\Windows\System\haClCkG.exe

C:\Windows\System\YQcOKNx.exe

C:\Windows\System\YQcOKNx.exe

C:\Windows\System\FobVahl.exe

C:\Windows\System\FobVahl.exe

C:\Windows\System\kwGGbtJ.exe

C:\Windows\System\kwGGbtJ.exe

C:\Windows\System\TnLrwej.exe

C:\Windows\System\TnLrwej.exe

C:\Windows\System\rFCWDvS.exe

C:\Windows\System\rFCWDvS.exe

C:\Windows\System\wTqsXZO.exe

C:\Windows\System\wTqsXZO.exe

C:\Windows\System\dIieBvq.exe

C:\Windows\System\dIieBvq.exe

C:\Windows\System\tYnscya.exe

C:\Windows\System\tYnscya.exe

C:\Windows\System\GHjdDLg.exe

C:\Windows\System\GHjdDLg.exe

C:\Windows\System\nQBsDZE.exe

C:\Windows\System\nQBsDZE.exe

C:\Windows\System\FhOwIUC.exe

C:\Windows\System\FhOwIUC.exe

C:\Windows\System\gOIeVwp.exe

C:\Windows\System\gOIeVwp.exe

C:\Windows\System\hvCGGeD.exe

C:\Windows\System\hvCGGeD.exe

C:\Windows\System\WZxEnWv.exe

C:\Windows\System\WZxEnWv.exe

C:\Windows\System\xaLeRKi.exe

C:\Windows\System\xaLeRKi.exe

C:\Windows\System\zUtNrbj.exe

C:\Windows\System\zUtNrbj.exe

C:\Windows\System\HPnqyry.exe

C:\Windows\System\HPnqyry.exe

C:\Windows\System\prQeLsO.exe

C:\Windows\System\prQeLsO.exe

C:\Windows\System\PGNNnaq.exe

C:\Windows\System\PGNNnaq.exe

C:\Windows\System\gflADMj.exe

C:\Windows\System\gflADMj.exe

C:\Windows\System\LDOFdtv.exe

C:\Windows\System\LDOFdtv.exe

C:\Windows\System\gCiTIAL.exe

C:\Windows\System\gCiTIAL.exe

C:\Windows\System\XPkUDZw.exe

C:\Windows\System\XPkUDZw.exe

C:\Windows\System\PHJrqGg.exe

C:\Windows\System\PHJrqGg.exe

C:\Windows\System\sOtzCqC.exe

C:\Windows\System\sOtzCqC.exe

C:\Windows\System\AnjdSEH.exe

C:\Windows\System\AnjdSEH.exe

C:\Windows\System\ZEUPgWW.exe

C:\Windows\System\ZEUPgWW.exe

C:\Windows\System\JWoAwTk.exe

C:\Windows\System\JWoAwTk.exe

C:\Windows\System\BKecbnn.exe

C:\Windows\System\BKecbnn.exe

C:\Windows\System\qJQrkKQ.exe

C:\Windows\System\qJQrkKQ.exe

C:\Windows\System\bJBJqVH.exe

C:\Windows\System\bJBJqVH.exe

C:\Windows\System\kumYfam.exe

C:\Windows\System\kumYfam.exe

C:\Windows\System\fuUIHIS.exe

C:\Windows\System\fuUIHIS.exe

C:\Windows\System\KUXahKZ.exe

C:\Windows\System\KUXahKZ.exe

C:\Windows\System\aGooaqI.exe

C:\Windows\System\aGooaqI.exe

C:\Windows\System\VwPKKKk.exe

C:\Windows\System\VwPKKKk.exe

C:\Windows\System\NyuTHOw.exe

C:\Windows\System\NyuTHOw.exe

C:\Windows\System\HewWnpn.exe

C:\Windows\System\HewWnpn.exe

C:\Windows\System\nAVxnvs.exe

C:\Windows\System\nAVxnvs.exe

C:\Windows\System\jTlqPdZ.exe

C:\Windows\System\jTlqPdZ.exe

C:\Windows\System\fnQGwqG.exe

C:\Windows\System\fnQGwqG.exe

C:\Windows\System\nzSIGQi.exe

C:\Windows\System\nzSIGQi.exe

C:\Windows\System\lCAgUiU.exe

C:\Windows\System\lCAgUiU.exe

C:\Windows\System\uvjNrcR.exe

C:\Windows\System\uvjNrcR.exe

C:\Windows\System\uBWKOmi.exe

C:\Windows\System\uBWKOmi.exe

C:\Windows\System\qsxvGnt.exe

C:\Windows\System\qsxvGnt.exe

C:\Windows\System\qCuuumO.exe

C:\Windows\System\qCuuumO.exe

C:\Windows\System\JVcUPaF.exe

C:\Windows\System\JVcUPaF.exe

C:\Windows\System\bwmGpfd.exe

C:\Windows\System\bwmGpfd.exe

C:\Windows\System\Gcjtbhz.exe

C:\Windows\System\Gcjtbhz.exe

C:\Windows\System\SlGbnpB.exe

C:\Windows\System\SlGbnpB.exe

C:\Windows\System\rBxGagT.exe

C:\Windows\System\rBxGagT.exe

C:\Windows\System\jWXxvhN.exe

C:\Windows\System\jWXxvhN.exe

C:\Windows\System\dkMseup.exe

C:\Windows\System\dkMseup.exe

C:\Windows\System\ufdQvxy.exe

C:\Windows\System\ufdQvxy.exe

C:\Windows\System\mflGiyv.exe

C:\Windows\System\mflGiyv.exe

C:\Windows\System\cEXhDGf.exe

C:\Windows\System\cEXhDGf.exe

C:\Windows\System\ZkiHasx.exe

C:\Windows\System\ZkiHasx.exe

C:\Windows\System\iNtaZAY.exe

C:\Windows\System\iNtaZAY.exe

C:\Windows\System\EPIxXFH.exe

C:\Windows\System\EPIxXFH.exe

C:\Windows\System\kXUVslZ.exe

C:\Windows\System\kXUVslZ.exe

C:\Windows\System\bUiplDX.exe

C:\Windows\System\bUiplDX.exe

C:\Windows\System\KaJHtla.exe

C:\Windows\System\KaJHtla.exe

C:\Windows\System\txtMeiE.exe

C:\Windows\System\txtMeiE.exe

C:\Windows\System\AttdDuF.exe

C:\Windows\System\AttdDuF.exe

C:\Windows\System\OCQnETK.exe

C:\Windows\System\OCQnETK.exe

C:\Windows\System\zolZRzt.exe

C:\Windows\System\zolZRzt.exe

C:\Windows\System\NEtHMvj.exe

C:\Windows\System\NEtHMvj.exe

C:\Windows\System\umAyuig.exe

C:\Windows\System\umAyuig.exe

C:\Windows\System\keFPmIy.exe

C:\Windows\System\keFPmIy.exe

C:\Windows\System\GHggSNb.exe

C:\Windows\System\GHggSNb.exe

C:\Windows\System\sDlncXm.exe

C:\Windows\System\sDlncXm.exe

C:\Windows\System\FbKpLSd.exe

C:\Windows\System\FbKpLSd.exe

C:\Windows\System\MoJPKkR.exe

C:\Windows\System\MoJPKkR.exe

C:\Windows\System\gYpvXYd.exe

C:\Windows\System\gYpvXYd.exe

C:\Windows\System\PlVjaKR.exe

C:\Windows\System\PlVjaKR.exe

C:\Windows\System\ilELgOv.exe

C:\Windows\System\ilELgOv.exe

C:\Windows\System\cHxPoSj.exe

C:\Windows\System\cHxPoSj.exe

C:\Windows\System\qKoTjnc.exe

C:\Windows\System\qKoTjnc.exe

C:\Windows\System\GUCTSJL.exe

C:\Windows\System\GUCTSJL.exe

C:\Windows\System\onIfVpc.exe

C:\Windows\System\onIfVpc.exe

C:\Windows\System\qKCITpk.exe

C:\Windows\System\qKCITpk.exe

C:\Windows\System\OrTbVpd.exe

C:\Windows\System\OrTbVpd.exe

C:\Windows\System\acGLnXv.exe

C:\Windows\System\acGLnXv.exe

C:\Windows\System\juhNepz.exe

C:\Windows\System\juhNepz.exe

C:\Windows\System\qxtNlyk.exe

C:\Windows\System\qxtNlyk.exe

C:\Windows\System\qhFfYcz.exe

C:\Windows\System\qhFfYcz.exe

C:\Windows\System\JnJWKkq.exe

C:\Windows\System\JnJWKkq.exe

C:\Windows\System\vlkLgOw.exe

C:\Windows\System\vlkLgOw.exe

C:\Windows\System\xouHatx.exe

C:\Windows\System\xouHatx.exe

C:\Windows\System\tGHnIMY.exe

C:\Windows\System\tGHnIMY.exe

C:\Windows\System\ZuFSeIl.exe

C:\Windows\System\ZuFSeIl.exe

C:\Windows\System\nZosqeg.exe

C:\Windows\System\nZosqeg.exe

C:\Windows\System\EdULKAM.exe

C:\Windows\System\EdULKAM.exe

C:\Windows\System\dwZFZup.exe

C:\Windows\System\dwZFZup.exe

C:\Windows\System\bRyPLhD.exe

C:\Windows\System\bRyPLhD.exe

C:\Windows\System\vMHJezH.exe

C:\Windows\System\vMHJezH.exe

C:\Windows\System\DbfBwdl.exe

C:\Windows\System\DbfBwdl.exe

C:\Windows\System\SXPgWTg.exe

C:\Windows\System\SXPgWTg.exe

C:\Windows\System\RMeSpWF.exe

C:\Windows\System\RMeSpWF.exe

C:\Windows\System\xxAGhof.exe

C:\Windows\System\xxAGhof.exe

C:\Windows\System\szKQUnU.exe

C:\Windows\System\szKQUnU.exe

C:\Windows\System\zIlgITc.exe

C:\Windows\System\zIlgITc.exe

C:\Windows\System\vzGTsYt.exe

C:\Windows\System\vzGTsYt.exe

C:\Windows\System\JrINsxi.exe

C:\Windows\System\JrINsxi.exe

C:\Windows\System\ySnWIfN.exe

C:\Windows\System\ySnWIfN.exe

C:\Windows\System\XYVWOvo.exe

C:\Windows\System\XYVWOvo.exe

C:\Windows\System\FLWIxPl.exe

C:\Windows\System\FLWIxPl.exe

C:\Windows\System\rTqvcXB.exe

C:\Windows\System\rTqvcXB.exe

C:\Windows\System\rKneTIL.exe

C:\Windows\System\rKneTIL.exe

C:\Windows\System\aoTWbHJ.exe

C:\Windows\System\aoTWbHJ.exe

C:\Windows\System\qdyuqYM.exe

C:\Windows\System\qdyuqYM.exe

C:\Windows\System\JOKRCZj.exe

C:\Windows\System\JOKRCZj.exe

C:\Windows\System\LZHNjkN.exe

C:\Windows\System\LZHNjkN.exe

C:\Windows\System\ycTwDmw.exe

C:\Windows\System\ycTwDmw.exe

C:\Windows\System\nZjwhTE.exe

C:\Windows\System\nZjwhTE.exe

C:\Windows\System\VvykLMu.exe

C:\Windows\System\VvykLMu.exe

C:\Windows\System\bFyrhWj.exe

C:\Windows\System\bFyrhWj.exe

C:\Windows\System\yurtMml.exe

C:\Windows\System\yurtMml.exe

C:\Windows\System\ZmoQjmK.exe

C:\Windows\System\ZmoQjmK.exe

C:\Windows\System\uLnNgWH.exe

C:\Windows\System\uLnNgWH.exe

C:\Windows\System\EMFkANv.exe

C:\Windows\System\EMFkANv.exe

C:\Windows\System\RGNmYeZ.exe

C:\Windows\System\RGNmYeZ.exe

C:\Windows\System\goXTWoo.exe

C:\Windows\System\goXTWoo.exe

C:\Windows\System\efLJEex.exe

C:\Windows\System\efLJEex.exe

C:\Windows\System\IwcxDRt.exe

C:\Windows\System\IwcxDRt.exe

C:\Windows\System\JoCmLpl.exe

C:\Windows\System\JoCmLpl.exe

C:\Windows\System\LYHXmOD.exe

C:\Windows\System\LYHXmOD.exe

C:\Windows\System\ZhUwooX.exe

C:\Windows\System\ZhUwooX.exe

C:\Windows\System\uGCoPQC.exe

C:\Windows\System\uGCoPQC.exe

C:\Windows\System\vDrvOmp.exe

C:\Windows\System\vDrvOmp.exe

C:\Windows\System\nHsWdCK.exe

C:\Windows\System\nHsWdCK.exe

C:\Windows\System\QveYfAM.exe

C:\Windows\System\QveYfAM.exe

C:\Windows\System\ehiHdIr.exe

C:\Windows\System\ehiHdIr.exe

C:\Windows\System\qbjcRSG.exe

C:\Windows\System\qbjcRSG.exe

C:\Windows\System\QFtmLgi.exe

C:\Windows\System\QFtmLgi.exe

C:\Windows\System\mCncHLr.exe

C:\Windows\System\mCncHLr.exe

C:\Windows\System\pGVpDBS.exe

C:\Windows\System\pGVpDBS.exe

C:\Windows\System\tdXKRNv.exe

C:\Windows\System\tdXKRNv.exe

C:\Windows\System\uBaLQLY.exe

C:\Windows\System\uBaLQLY.exe

C:\Windows\System\uQuFHsR.exe

C:\Windows\System\uQuFHsR.exe

C:\Windows\System\HUYGYUI.exe

C:\Windows\System\HUYGYUI.exe

C:\Windows\System\wuxHDos.exe

C:\Windows\System\wuxHDos.exe

C:\Windows\System\OMhBpMU.exe

C:\Windows\System\OMhBpMU.exe

C:\Windows\System\znsAMVe.exe

C:\Windows\System\znsAMVe.exe

C:\Windows\System\XzQcIdV.exe

C:\Windows\System\XzQcIdV.exe

C:\Windows\System\ywjKyok.exe

C:\Windows\System\ywjKyok.exe

C:\Windows\System\IywAcul.exe

C:\Windows\System\IywAcul.exe

C:\Windows\System\gJIziTh.exe

C:\Windows\System\gJIziTh.exe

C:\Windows\System\tTHbxsG.exe

C:\Windows\System\tTHbxsG.exe

C:\Windows\System\lMRFmLi.exe

C:\Windows\System\lMRFmLi.exe

C:\Windows\System\VjwKVeZ.exe

C:\Windows\System\VjwKVeZ.exe

C:\Windows\System\wqBUdLW.exe

C:\Windows\System\wqBUdLW.exe

C:\Windows\System\BWiPHGs.exe

C:\Windows\System\BWiPHGs.exe

C:\Windows\System\euJPbKr.exe

C:\Windows\System\euJPbKr.exe

C:\Windows\System\hTuRxdp.exe

C:\Windows\System\hTuRxdp.exe

C:\Windows\System\FtWiThr.exe

C:\Windows\System\FtWiThr.exe

C:\Windows\System\IxCDEDJ.exe

C:\Windows\System\IxCDEDJ.exe

C:\Windows\System\axOvtNB.exe

C:\Windows\System\axOvtNB.exe

C:\Windows\System\oPYufRE.exe

C:\Windows\System\oPYufRE.exe

C:\Windows\System\ayGGVUd.exe

C:\Windows\System\ayGGVUd.exe

C:\Windows\System\CnzDVnk.exe

C:\Windows\System\CnzDVnk.exe

C:\Windows\System\XQYxmVR.exe

C:\Windows\System\XQYxmVR.exe

C:\Windows\System\UxtYlZd.exe

C:\Windows\System\UxtYlZd.exe

C:\Windows\System\NliblqF.exe

C:\Windows\System\NliblqF.exe

C:\Windows\System\WELNkGR.exe

C:\Windows\System\WELNkGR.exe

C:\Windows\System\TUqBYhX.exe

C:\Windows\System\TUqBYhX.exe

C:\Windows\System\cDxNtQF.exe

C:\Windows\System\cDxNtQF.exe

C:\Windows\System\sVbZAGy.exe

C:\Windows\System\sVbZAGy.exe

C:\Windows\System\lWIbzkP.exe

C:\Windows\System\lWIbzkP.exe

C:\Windows\System\PFYNYBR.exe

C:\Windows\System\PFYNYBR.exe

C:\Windows\System\bfVNklk.exe

C:\Windows\System\bfVNklk.exe

C:\Windows\System\PCWngHH.exe

C:\Windows\System\PCWngHH.exe

C:\Windows\System\ZenNTKu.exe

C:\Windows\System\ZenNTKu.exe

C:\Windows\System\NvppiPP.exe

C:\Windows\System\NvppiPP.exe

C:\Windows\System\VUWAhYo.exe

C:\Windows\System\VUWAhYo.exe

C:\Windows\System\NPJATre.exe

C:\Windows\System\NPJATre.exe

C:\Windows\System\rSgWNSs.exe

C:\Windows\System\rSgWNSs.exe

C:\Windows\System\GHPNOYE.exe

C:\Windows\System\GHPNOYE.exe

C:\Windows\System\CiRMBNc.exe

C:\Windows\System\CiRMBNc.exe

C:\Windows\System\LxSqBGZ.exe

C:\Windows\System\LxSqBGZ.exe

C:\Windows\System\DRLnbgZ.exe

C:\Windows\System\DRLnbgZ.exe

C:\Windows\System\dqHXjzS.exe

C:\Windows\System\dqHXjzS.exe

C:\Windows\System\mLmNYPx.exe

C:\Windows\System\mLmNYPx.exe

C:\Windows\System\ukOyBUY.exe

C:\Windows\System\ukOyBUY.exe

C:\Windows\System\yIBjoBc.exe

C:\Windows\System\yIBjoBc.exe

C:\Windows\System\RuExYRO.exe

C:\Windows\System\RuExYRO.exe

C:\Windows\System\rGeDfWD.exe

C:\Windows\System\rGeDfWD.exe

C:\Windows\System\fHsgCKk.exe

C:\Windows\System\fHsgCKk.exe

C:\Windows\System\zzHtgdo.exe

C:\Windows\System\zzHtgdo.exe

C:\Windows\System\gHzHGQe.exe

C:\Windows\System\gHzHGQe.exe

C:\Windows\System\yyjHuKb.exe

C:\Windows\System\yyjHuKb.exe

C:\Windows\System\trxIFjV.exe

C:\Windows\System\trxIFjV.exe

C:\Windows\System\tjxKIXA.exe

C:\Windows\System\tjxKIXA.exe

C:\Windows\System\mlvLEjq.exe

C:\Windows\System\mlvLEjq.exe

C:\Windows\System\UiczUZj.exe

C:\Windows\System\UiczUZj.exe

C:\Windows\System\eqhQlVs.exe

C:\Windows\System\eqhQlVs.exe

C:\Windows\System\FHuvfaJ.exe

C:\Windows\System\FHuvfaJ.exe

C:\Windows\System\CMjOpqE.exe

C:\Windows\System\CMjOpqE.exe

C:\Windows\System\vtzaeXW.exe

C:\Windows\System\vtzaeXW.exe

C:\Windows\System\EoQAzoW.exe

C:\Windows\System\EoQAzoW.exe

C:\Windows\System\BIKFRyh.exe

C:\Windows\System\BIKFRyh.exe

C:\Windows\System\kGosHgW.exe

C:\Windows\System\kGosHgW.exe

C:\Windows\System\EKkZkbu.exe

C:\Windows\System\EKkZkbu.exe

C:\Windows\System\GsgpQaf.exe

C:\Windows\System\GsgpQaf.exe

C:\Windows\System\AEOxISl.exe

C:\Windows\System\AEOxISl.exe

C:\Windows\System\Zzkslsc.exe

C:\Windows\System\Zzkslsc.exe

C:\Windows\System\TqaUMsS.exe

C:\Windows\System\TqaUMsS.exe

C:\Windows\System\cxKmDPR.exe

C:\Windows\System\cxKmDPR.exe

C:\Windows\System\XmPuGNX.exe

C:\Windows\System\XmPuGNX.exe

C:\Windows\System\rczlots.exe

C:\Windows\System\rczlots.exe

C:\Windows\System\tarYUbC.exe

C:\Windows\System\tarYUbC.exe

C:\Windows\System\PmsMqVG.exe

C:\Windows\System\PmsMqVG.exe

C:\Windows\System\pRvYxAN.exe

C:\Windows\System\pRvYxAN.exe

C:\Windows\System\gIzMJdO.exe

C:\Windows\System\gIzMJdO.exe

C:\Windows\System\bdphwxp.exe

C:\Windows\System\bdphwxp.exe

C:\Windows\System\bLtwFmJ.exe

C:\Windows\System\bLtwFmJ.exe

C:\Windows\System\qlzRxxT.exe

C:\Windows\System\qlzRxxT.exe

C:\Windows\System\FxlSCyC.exe

C:\Windows\System\FxlSCyC.exe

C:\Windows\System\kSYSbgD.exe

C:\Windows\System\kSYSbgD.exe

C:\Windows\System\uqhCdSV.exe

C:\Windows\System\uqhCdSV.exe

C:\Windows\System\uUXrZrm.exe

C:\Windows\System\uUXrZrm.exe

C:\Windows\System\nuUrTkI.exe

C:\Windows\System\nuUrTkI.exe

C:\Windows\System\Wkidnqm.exe

C:\Windows\System\Wkidnqm.exe

C:\Windows\System\CqHcTFz.exe

C:\Windows\System\CqHcTFz.exe

C:\Windows\System\CFZLvIu.exe

C:\Windows\System\CFZLvIu.exe

C:\Windows\System\uTcHVQq.exe

C:\Windows\System\uTcHVQq.exe

C:\Windows\System\DfVYrLg.exe

C:\Windows\System\DfVYrLg.exe

C:\Windows\System\FCByuSN.exe

C:\Windows\System\FCByuSN.exe

C:\Windows\System\WzOHkVL.exe

C:\Windows\System\WzOHkVL.exe

C:\Windows\System\DGIwxfk.exe

C:\Windows\System\DGIwxfk.exe

C:\Windows\System\HFXKyqm.exe

C:\Windows\System\HFXKyqm.exe

C:\Windows\System\dDdpQcL.exe

C:\Windows\System\dDdpQcL.exe

C:\Windows\System\XwlGUkv.exe

C:\Windows\System\XwlGUkv.exe

C:\Windows\System\ANKkyvn.exe

C:\Windows\System\ANKkyvn.exe

C:\Windows\System\tpxwxHp.exe

C:\Windows\System\tpxwxHp.exe

C:\Windows\System\nDDhWeM.exe

C:\Windows\System\nDDhWeM.exe

C:\Windows\System\RmRcPZS.exe

C:\Windows\System\RmRcPZS.exe

C:\Windows\System\QbEOXqX.exe

C:\Windows\System\QbEOXqX.exe

C:\Windows\System\teJnvsg.exe

C:\Windows\System\teJnvsg.exe

C:\Windows\System\PPTYbzB.exe

C:\Windows\System\PPTYbzB.exe

C:\Windows\System\PBtlove.exe

C:\Windows\System\PBtlove.exe

C:\Windows\System\tsenaDd.exe

C:\Windows\System\tsenaDd.exe

C:\Windows\System\REAPrGW.exe

C:\Windows\System\REAPrGW.exe

C:\Windows\System\tEypZoj.exe

C:\Windows\System\tEypZoj.exe

C:\Windows\System\kIbTVmQ.exe

C:\Windows\System\kIbTVmQ.exe

C:\Windows\System\vLfQkiO.exe

C:\Windows\System\vLfQkiO.exe

C:\Windows\System\grPXQhd.exe

C:\Windows\System\grPXQhd.exe

C:\Windows\System\HYLvFgh.exe

C:\Windows\System\HYLvFgh.exe

C:\Windows\System\kmypWMM.exe

C:\Windows\System\kmypWMM.exe

C:\Windows\System\LdeBmFn.exe

C:\Windows\System\LdeBmFn.exe

C:\Windows\System\Khzqtvt.exe

C:\Windows\System\Khzqtvt.exe

C:\Windows\System\IFxClhd.exe

C:\Windows\System\IFxClhd.exe

C:\Windows\System\AiyWNxA.exe

C:\Windows\System\AiyWNxA.exe

C:\Windows\System\LHdyKeO.exe

C:\Windows\System\LHdyKeO.exe

C:\Windows\System\XLpmVor.exe

C:\Windows\System\XLpmVor.exe

C:\Windows\System\lRCjNTv.exe

C:\Windows\System\lRCjNTv.exe

C:\Windows\System\QRJbzGF.exe

C:\Windows\System\QRJbzGF.exe

C:\Windows\System\JmmSRAg.exe

C:\Windows\System\JmmSRAg.exe

C:\Windows\System\pGkuxLv.exe

C:\Windows\System\pGkuxLv.exe

C:\Windows\System\LZYCKlB.exe

C:\Windows\System\LZYCKlB.exe

C:\Windows\System\aAgvIkD.exe

C:\Windows\System\aAgvIkD.exe

C:\Windows\System\KijWvJx.exe

C:\Windows\System\KijWvJx.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp

Files

memory/3800-0-0x00007FF7532D0000-0x00007FF753621000-memory.dmp

memory/3800-1-0x00000218D0F80000-0x00000218D0F90000-memory.dmp

C:\Windows\System\JXpIiRy.exe

MD5 981ff41ce3377c75234632edd6d9666a
SHA1 a570fbcfe64adb296488f68db7e2b16dab123753
SHA256 e3d61cccdc27f1803d52f244d0dd6ef55fe14aa3c03f169fcd05f18af7cd775f
SHA512 017a22dffca3ebc11839a3b32fb94a15e28b67fbf37639559fa59b338d880c6612875cf20a0966b3512e6564a32f400d1dd91b601df875dc77c050c6410c9505

C:\Windows\System\tmhiygc.exe

MD5 a40dab7a37c779249aa6036396e81a7d
SHA1 9318d9e75563cc25af2dc152a1d4b73267261992
SHA256 851ec6880050b04d01d4d3fe8260588b9fbd7a853cc23387774cf4713d69bb1d
SHA512 56a50d6a301d5d73d764545e336b959ace2d1b03a30542ce97f75e0807803ae0d55e4458b18a0a233d11a98f27b56f032196abc0aeacc73f72a4dcc701cfdede

C:\Windows\System\lPiWqOD.exe

MD5 cbf7e87d2d17b58c177e7368403bcf05
SHA1 ab72f3663a313810b7fdacb17d8e7d4e69190077
SHA256 fb8583948c42181c8c2d91af4fced1c9cd9307b87ddf2544c525e9552d4e04d5
SHA512 adb302d374318fc4142dd2f9cd42aa6bdfa19fd9e6bf30cadd6e158c8cb4088a40ea91b4cc8ccadbc8fce6beae805809b301db3118d93f69921c00d64549ac49

C:\Windows\System\PouTErb.exe

MD5 0c58e60e6bd43ec531da2fe6419e8170
SHA1 71d23c92fe5bde97891ccb86f6c0ce25ba15bdcb
SHA256 bfca4f1d7371e6fda61983eb6750075c352a3d257ae086488883d979e898e0b4
SHA512 abf84b1e68414a8ecbbd7a0b84e30b3d364b30b8edb816e7bcc894562ea1fa25cce26b6af82b1fee3b62c7e0cddc42932d25e2c61064e8a5d3e449fa5881640e

C:\Windows\System\KtXESbS.exe

MD5 658331aa05708b126b45deb0c5f05b65
SHA1 83e266151de009a7421b56202535356481695429
SHA256 705ec98ca5208c3fb8aee6ae6404305d27e87da7ed897f0c4817eb55235a0e83
SHA512 cd3b1186b74b78cc96ae9572e19b0326232054230ddf61ea7ee63829b651f7b2d7d64f601a1534d9e69f2104ab9bf228a56a2c5a6cfbcaa6c9b1319ad71c1f32

memory/3640-296-0x00007FF6B2470000-0x00007FF6B27C1000-memory.dmp

memory/5000-494-0x00007FF6D11B0000-0x00007FF6D1501000-memory.dmp

memory/3752-574-0x00007FF7A8D70000-0x00007FF7A90C1000-memory.dmp

memory/4032-673-0x00007FF6472F0000-0x00007FF647641000-memory.dmp

memory/412-757-0x00007FF6BD420000-0x00007FF6BD771000-memory.dmp

memory/1432-768-0x00007FF7104C0000-0x00007FF710811000-memory.dmp

memory/1620-769-0x00007FF780DB0000-0x00007FF781101000-memory.dmp

memory/1460-767-0x00007FF6FF7D0000-0x00007FF6FFB21000-memory.dmp

memory/4904-766-0x00007FF7A2120000-0x00007FF7A2471000-memory.dmp

memory/1376-765-0x00007FF731010000-0x00007FF731361000-memory.dmp

memory/4868-764-0x00007FF70BB10000-0x00007FF70BE61000-memory.dmp

memory/2824-763-0x00007FF6937D0000-0x00007FF693B21000-memory.dmp

memory/1600-762-0x00007FF6CB740000-0x00007FF6CBA91000-memory.dmp

memory/2396-756-0x00007FF748000000-0x00007FF748351000-memory.dmp

memory/1912-672-0x00007FF75B530000-0x00007FF75B881000-memory.dmp

memory/4044-490-0x00007FF6BFA10000-0x00007FF6BFD61000-memory.dmp

memory/732-439-0x00007FF724680000-0x00007FF7249D1000-memory.dmp

memory/3460-437-0x00007FF700840000-0x00007FF700B91000-memory.dmp

memory/3500-363-0x00007FF704140000-0x00007FF704491000-memory.dmp

memory/2184-289-0x00007FF719820000-0x00007FF719B71000-memory.dmp

C:\Windows\System\rrvnknL.exe

MD5 ccfe5a34686273121cf1501b38781ff5
SHA1 0c81c4551e37c8bc20ad174a0284886fa40e5a0b
SHA256 f6fdb62c8926004ccef8026d666734ce7ee9276b2bba5f9a34219dfe1a4f3aea
SHA512 1474964b8e359f763437ff9d06f60184740e3809032c3820bc7128d502dc5dd4e2b4c5215d91b40e48f4a7d74c0956c52179cf026741bb042d4c7e050e84fb29

C:\Windows\System\DfCDzfz.exe

MD5 a68f8687326f998cb67eb88ae93fa672
SHA1 3264f09f0280f9495d6eda6d94d522e8934acf9e
SHA256 1df241f3bb7b235e80bc03d0858a7a619ff73b628e4db067e5a0cec55e5b36ed
SHA512 8b86e98a10f1fd871ceb29dab4e37760edbd22576e3ece3619e494168572187140f68cda2e5cae170205dee3877bef992ebe1ca2d5a38e997174741eff280a7f

C:\Windows\System\ReGPxoo.exe

MD5 ed56b8745f1bd24c063423bf08405a29
SHA1 2650ba273e197c8fef7c5ef4395ef9cf6e47b33b
SHA256 78b4b49e2fc10f02ad71a51d395f9678d4df8dc2f34d0f44a3ff356c84246216
SHA512 32ad88ada0b8b18f6c5af754356f5e69a63ee472a616b3856888780a7daac4954479646fa5dfef795b12c1954603a6cd881e902dc4c4e17422fe038acd8d70a5

C:\Windows\System\JbTEKRF.exe

MD5 cce815cd015db40bf6ab4a86f0958ce6
SHA1 6abc174829bb62ef8bf0b67aca08860db2273bdc
SHA256 5016efca33fd04dfe04655959d008f0d9b0875e4a9c7c74bb7407a81fe3b3d60
SHA512 4f9d37d593e07229056a689979673740a71d68f5282cd38a555bdbca744527ea3218589159bded3537ae156b95ab89426ed38831ea13eed8b438a5363d8c0065

C:\Windows\System\DOAadYP.exe

MD5 70a5c13593fa10bdaaa07f9ee7c260c1
SHA1 2307ebbb7b2ddbca296c583073b82dc6af5cefa9
SHA256 3cb9c0d1a6a67bfdf876715fddc69fb3afaee43dcc1f8c9d7d2b56e6eeac85f4
SHA512 09748bbc0b3cd93064e61d80601a8839b8ce7c6adda2588f8ebbef71fea05643d75fa1f4c426d09d90baad140fe801ba200734091de542101f1a2f3554447e49

C:\Windows\System\ZifIRqK.exe

MD5 6c71112cc2154e77972fa7969b60d49e
SHA1 363d81e6521963b04d873614f59b785e2a2659ed
SHA256 6de3536988b128f6cef24facdd54a68d2beaff2fc942db01c2c714b2c733d6d8
SHA512 12682eb2625cbe45ac6660ea924187b45f34b98a5275f788231e42690d5db8adc64827f6a1aac2f4e99940ce1a735b5a922d6bc5c6ca68ef9eb7860257891911

memory/5096-249-0x00007FF7C9020000-0x00007FF7C9371000-memory.dmp

memory/3252-192-0x00007FF685280000-0x00007FF6855D1000-memory.dmp

C:\Windows\System\rMhWBrl.exe

MD5 ad65e0473e0befeb3aef7bc7add3ed45
SHA1 824b5de712a1c986a7ec3da5ce2433b63476596f
SHA256 d3658ad9582b85ded4e170a0d5374dacea54b74b0b33c5271e92ce2f3b3546b8
SHA512 ff06bf64c57446afb3a580d404669f969e07135b3f765f3528a42d66b2ec1e397deb844a196283cff6f5218923e39376eaabf8429fdd2c6032bbae6f8cb80e56

C:\Windows\System\qqFczDu.exe

MD5 6b8c38630c537c05d207176a48e05a85
SHA1 0af34db52711419b9ab7333c2262c5624c688689
SHA256 a48ac194401c5c18f4f8f492350d6f98d7a5c170c66d876b3e015e304cb1f126
SHA512 43f3055591646048b84c5cabfff52bd120c869e6e0d7dfd973c0ec12caa463cbcfb35a53c6d9483d40a8910fe930aa514558e48aafa6c03f9d30cc55d862f02c

C:\Windows\System\YYxNCNP.exe

MD5 acbbd6a9ac963da7dab74a0ca80add88
SHA1 b14b6afa92522f53cf02f813619b96928209e06b
SHA256 f217779d38986cdc24e202531b2871032d6eeef712e64c1d6bfcaeb267d139e9
SHA512 56a615041445d2f3067ac17210e530ecbf6e1c019314bdd055e7cda233f2f6ceaf9ea790de044d0f2cd35877383a27cdc88d82c5ee9d96ee6faafe3014fc5cfc

C:\Windows\System\ymsfwEG.exe

MD5 aa741853e44290d261518a0619facca1
SHA1 457f24c83f6caccf31a04e7f31fc3ea9db2b6e7a
SHA256 231171f2e39963419d9f213370e04af97f795d98da79c64332b6d2b5e44d2bc1
SHA512 18d9cf720536253f32dd504fcae5b1b3809ca97a0a28fbbd4b97990141e45aad97ef50d46a055bc6a10362bf8fb71192d65fd2f285e18e648e7d067574068de0

C:\Windows\System\cupllBZ.exe

MD5 49fe209bdf45514d6129c4344e81c234
SHA1 45a3940fd6fb12736b233dd964654b740c2de7de
SHA256 2fbc27443be9622f4b58904e91bca644d17d9f5a34d7346d2acc3ca6112dca2e
SHA512 3e7323311f2d7da08687affdc46b1d7f4093d4d2e52b48d8fea3d0636aafaba3f91f51758cffa813704b1b8c0c40ee4a2c7ee8fabf182c40f95eeae6c0e1fd79

C:\Windows\System\zrSaEBU.exe

MD5 827a35073cbe6f97c516b6d1f13faeab
SHA1 5da4efdf7004a53db100fb0ec02cfb4fdab6997a
SHA256 6330b76509e0bf7b564189aa0239c479facb79ae460c83b0dd2f5370c3c2b871
SHA512 5f1a0e6a75fa6f3a6904ead0c6526c3b2cef7de41d17fc4364cb4bc872bbe08e41cee18f8aca4d460d006584299a468e3745f953422ccfc7b1baebe2662ebe95

C:\Windows\System\kwUnCuc.exe

MD5 dee765682767f7d455b157693fd5350c
SHA1 6d215fbcb76916dbf634db403be790ae6cc84a31
SHA256 a4d736aa24657759ba80b68f6606b71e24510b89bcc9bedc279e8a23223aa311
SHA512 5b68bb8415f7f1856c47ed8c5ed1356861e42269815dddbd1a3fb33ab9535eb5708263e6c12c59a4a61e8c3b26b7c09ff61d3051ee6e1f7f90c3f296f5c075b4

C:\Windows\System\yGLAUSL.exe

MD5 4a65e74c76253abebdea8c518c487254
SHA1 96024ecc1aec753e9cb978a347803d9df3f10fd6
SHA256 87bb47799793423f0acc5782dbc1301e6a839300fb56b621d78e3b010c296975
SHA512 04a11b80516cb57e8409117879af668a3082547995c91e7c3bc5b43675c9abc629895a42ea59f77a3c186498523a70418be2e5e8c6a9c2f738384c36c77ac99b

C:\Windows\System\UvGXkeO.exe

MD5 75569d90be45e5d6bc55f517e5b61c89
SHA1 b19caa6cb276b5b7e778e33ee938cf62e8ff727f
SHA256 23a1215976b3fb085904764b340b816dd2ed7f7ff81478b360e7ed03e213099e
SHA512 b0225c1c698dd1175cd480aabed469ea9504b1f572469be88e9f87b5d430f787b466497592eac2a83f51c8e33bbac5438d0835ccba24c15d39d755275195f395

C:\Windows\System\fUjqCef.exe

MD5 c1b0e750ec86ffe188bf45b8e143873f
SHA1 8989901b04c40fa357e8df03d63c84e993b4ce58
SHA256 d56d419228a671f06ae5597c30619d5379dec40d07eda3a1cb096e04b72d0c3a
SHA512 ccf21ae719745f46b2a62e650bd9f301f171271bc7ec3745d204e14d068e2c6cb51d8339d2d09b0afe811ad3581da3885e9337fa18bef8122b0d781210739cbf

C:\Windows\System\PFARyxx.exe

MD5 e2305b74323a3e746ae6c1e11c2b5398
SHA1 7dcb6f962426501c5fd715783e406e6f7e4df1bf
SHA256 99dfbeb735753f6a6244bef529586b909a3f0355fd60f0ce7d57baa71db69229
SHA512 1c00180b29addeab0e0b090b75c906450bba641b86ed4ded9d98b561baade20cba5f7998dc26df9e023d01cd9dfb66f64d0865f29635617540cdfb2fd4e4c9ba

C:\Windows\System\NvsShKg.exe

MD5 6bd4fa45e34eeae1fba5603725ac104f
SHA1 19b14c3c05e46037f06936337eba4ea79f77c361
SHA256 dff4c9a1506f44d9d8b9c92e01869ba0789988265a9e72468fc9147f9ffca219
SHA512 6a197bfd39105aeddd746ace231610737c1f22b9eeb46779e475794bb3e94e3396ce62cf4e2d6ed5589563eae17e70f22071eac5afdd5d5812b13bbeb203c6f7

C:\Windows\System\zXpYqum.exe

MD5 737d88cf03a60358314d322ed26cf34d
SHA1 f6048ab4c3b49b13dca480165fe38a25cb62e9bc
SHA256 4a54334ceba66da06e2e6068ecdf479e582a52e01b89694d8ed0c0fed4d1b48e
SHA512 2ffcfa595619d3c99c8e08d9a1867c8e4aac9c333d54db2112846789033d47e145b61fae7ea0750e67d4ef8a577347310fe466f6a1ae2bb1a0f80092dfa5ebdf

memory/4952-189-0x00007FF63D2E0000-0x00007FF63D631000-memory.dmp

C:\Windows\System\VfoNfAV.exe

MD5 5c7ddec80face8ea9c8cd0e81bd87904
SHA1 583c53dd42aa7a1223cf1cb147c38bd355df6d93
SHA256 39aee359d03c21ecb5c4d338493f4b29f190e2b14994e2754c920c8bba53f05c
SHA512 d493eb8fadfd7f4df087ee44113a91639df761075cbbfd9f6a2497972521e92ceb6ca20312b1a0013f1da1a393f6d1272ba6bc8833d0b83174f8382a35646779

C:\Windows\System\fGQEseg.exe

MD5 056b3e8817652e9acb036f0c75efe5d4
SHA1 f2dbb27ff78f42e18d238c90645195ddac1f9f33
SHA256 0fd8423e99f72429bdac1278e677860c0cc677dfb4ddc33da22a2d65215abc05
SHA512 1bbb5890fbc41c7ba909b912a42d28bab9d82818031ffa34da5b276aeb321362bca77247e532ca7d28605addb7efe7f32dea48d06b7d4d09c25cbc30ef339f87

C:\Windows\System\PIlRJCN.exe

MD5 032713f33432ea153bbe7d93052041f6
SHA1 061321bab827ce5b81c62224f2710715e191fe3b
SHA256 b15e3715effa17db304634a1c7c3d35cb7f99bad3dce33485059af729f54632f
SHA512 764b20b1d044f183927a358a4cc622fbfa982f43c8323f677a132f0d57bd61b6e552e64fb7c0b66a3ae94aaf4614d3f339bcd124f569fe351be2e1e92eb831fb

C:\Windows\System\OvhewKp.exe

MD5 dfcba33dea7c770c242ad4c7624cf479
SHA1 96f6f7a82e6396e7be5e2f50cd3bddceb8902239
SHA256 16da57bcb6d2afcd95844054fe27e2223cf2ab3104ba491653c7cfee92201afe
SHA512 9adc85eb2e46afa699be4aea634d8ec86783a380bdbbf761294e671b98512ff9eb04f8fc3b8b68cd129d95f26c7a93110bd1be0bf1daa404d4be7eb436a5a079

C:\Windows\System\jCoRHQG.exe

MD5 f19027f3bf27470688a4747990863072
SHA1 821c2fbc55824af6560780af4a9a6fcc009e0a80
SHA256 bc5f6d4679a50f91c90fd674fbda50f45166c7151086f50b43b82ef33505b699
SHA512 a167826dae183e36870044d5b150a28d075def6869293a05dfb90fbec3c330fb3f093f5bbf38fdf9416b29e1f18426513bb8577367e188945fcb5516f0e3122d

C:\Windows\System\ugBiOVN.exe

MD5 ce6d373c9084a5453bd042e2adbc1617
SHA1 9569fb97624a725d96b111e9030bdaff889e6ca0
SHA256 410557629803549d43a9f292aa783a5b1631443a03bddbfd222b2a2d59ce1dc0
SHA512 b68f9550de95f2f6e2df78df13b26aa400d6487d9d8740b8219dea7a980ac36d8e600166ea128cce0db015e897428ca2a72d8dd696a94ffff755593423308f8e

C:\Windows\System\lxBqXcC.exe

MD5 e7446005be188a7d2cf25bf50675bcf3
SHA1 54597cef45c7c727b0929301aaf4cf6955eba05c
SHA256 3892ff1d747cd816225a86dab4185c9d9f60a94dc106f0d07b08c591a2d0975f
SHA512 f0d91622defb131a4533d9690afe4839168b381fb14e6266331c8df0e4cb358c11fa65e0a69508e932fa35d9075c0a1dab8b2eb56f872ce627ce4d21fa1228e3

memory/3220-126-0x00007FF794F40000-0x00007FF795291000-memory.dmp

C:\Windows\System\iRkCdUW.exe

MD5 287f41ae38d2e183f51d545fc6ba3414
SHA1 3c8db4900c07154725b0a727470b03c19179a5fa
SHA256 430ed3e91deb728a257a3606bcda7340f9a7c29a270822e18b0e965cdfd4cf87
SHA512 7e989dcfa3ee17de7bddf30bfa8ecadcd5c223af852e00faeeb1b3693f9511c7f096a238ee6e8d354c0a2a8e4dad35df557a7cf6b21966c9991b37368ea13f2f

memory/4624-122-0x00007FF693380000-0x00007FF6936D1000-memory.dmp

memory/3556-82-0x00007FF63E7C0000-0x00007FF63EB11000-memory.dmp

C:\Windows\System\hgUCmOX.exe

MD5 8e6c9ccf59ff65b029a4e146112142f2
SHA1 cf8d8b8b84386cf22b285048c1aae688735670ef
SHA256 459c65792e62b749fab60150cd75d2da5659536af8987058458acad997021c1c
SHA512 e131cbe9e56d9387696addcb131d4cb94f9596868d5b67feb5d97236ca37f064f00378fe1029861d9e83e4f436da7a0e7638ba051d1231722e6e179828918e87

C:\Windows\System\ryhiBJF.exe

MD5 b9e7e8c5d0bfc72dfe37f75b8c315af1
SHA1 b2e7273d2cbd692a091feb424c00e2f575a73f0d
SHA256 85b0ccea8392e76e9a4f02b7ee407332dddbbfd2c18513f8b8e032e5ce3cdd92
SHA512 9046ca51acd39ccf45a9d1ffcfbb3070341b38c2257750560e78f189a5813619454975607ba36360a49355cdcee173e908314564c4b176b0835570e2526d3db0

C:\Windows\System\yuWskPn.exe

MD5 6e3d8e620960a9285eac6ae75af02f4f
SHA1 ab787cee4294e9a29b48ee88f9d8712d4c008d43
SHA256 f1be65146090e58a4808fc55277c76313d42b0d58b043c86607830288e3b9cc3
SHA512 f85438ff155d5c17e381d9c1962c50cae3a1422f0686831d71e74edcd67e46176916cbe7a97cefb3e4b57d36b37a7c73dce491fd92af872a33b7ecffd9647c03

C:\Windows\System\IWxolbz.exe

MD5 25f6238cba51361e4ad728e478386820
SHA1 70bb27a9032f3e4c53dcd156f7c3fb4d1d74f8b0
SHA256 ad15f56d4bd4a7b95f416dc43eb74136bdc8a1ae0d46c26f48bb0664230e9322
SHA512 286355ac29e83ede05e1a861944e473be8279cb5c1f7419d63fe5f4d0359a59df4e8fd7c2f25becd037b96f833172b3c0bdee96bebc7a35e445bc4bdca4cea50

C:\Windows\System\oIRUgGY.exe

MD5 d71f9013ed9b7c99aab42d4981232b95
SHA1 d865b83bcecd7327da0c8782616092d24f0a83db
SHA256 4a3c320c8489ff933aaa4357b97ee9d50823f627f40893ca84530131121c3055
SHA512 6d97d4b9bf7cd1140f1f7e789a35b2cf99291602e1f4c769d99e1b71030cdd12a705b90cf8cc985c7a63a341b224b8aa40a43ce976b8f2dff88c8a92e0b23d4b

memory/1224-46-0x00007FF7B3170000-0x00007FF7B34C1000-memory.dmp

memory/3608-32-0x00007FF795930000-0x00007FF795C81000-memory.dmp

C:\Windows\System\TEBzsjy.exe

MD5 2ad0a7bb71c5ae14e11e5842220d7a0d
SHA1 257f2e65c21ce03b822173b7977d4243ddfaf125
SHA256 fc7c88da6c2c5cf3f68902ddabd8df70e596048765baa948e3af2b3a8a880597
SHA512 4c8cc1df8b3ec72e92290514bb7d4d3bbb68665baa47a8dd9e45b3017fe2b26c780b2a5104a369bf6fe28a854ca611f29e3cb0e569ee82ebc0767e29ad43eab3

memory/2332-11-0x00007FF6561D0000-0x00007FF656521000-memory.dmp

memory/3800-1135-0x00007FF7532D0000-0x00007FF753621000-memory.dmp

memory/3608-1137-0x00007FF795930000-0x00007FF795C81000-memory.dmp

memory/1224-1139-0x00007FF7B3170000-0x00007FF7B34C1000-memory.dmp

memory/3556-1141-0x00007FF63E7C0000-0x00007FF63EB11000-memory.dmp

memory/4624-1142-0x00007FF693380000-0x00007FF6936D1000-memory.dmp

memory/5096-1172-0x00007FF7C9020000-0x00007FF7C9371000-memory.dmp

memory/2332-1171-0x00007FF6561D0000-0x00007FF656521000-memory.dmp

memory/2184-1173-0x00007FF719820000-0x00007FF719B71000-memory.dmp

memory/2332-1175-0x00007FF6561D0000-0x00007FF656521000-memory.dmp

memory/3608-1177-0x00007FF795930000-0x00007FF795C81000-memory.dmp

memory/4868-1179-0x00007FF70BB10000-0x00007FF70BE61000-memory.dmp

memory/3220-1181-0x00007FF794F40000-0x00007FF795291000-memory.dmp

memory/4624-1183-0x00007FF693380000-0x00007FF6936D1000-memory.dmp

memory/1224-1187-0x00007FF7B3170000-0x00007FF7B34C1000-memory.dmp

memory/5000-1186-0x00007FF6D11B0000-0x00007FF6D1501000-memory.dmp

memory/1376-1189-0x00007FF731010000-0x00007FF731361000-memory.dmp

memory/4952-1191-0x00007FF63D2E0000-0x00007FF63D631000-memory.dmp

memory/3556-1193-0x00007FF63E7C0000-0x00007FF63EB11000-memory.dmp

memory/4904-1195-0x00007FF7A2120000-0x00007FF7A2471000-memory.dmp

memory/1912-1198-0x00007FF75B530000-0x00007FF75B881000-memory.dmp

memory/3500-1205-0x00007FF704140000-0x00007FF704491000-memory.dmp

memory/3460-1203-0x00007FF700840000-0x00007FF700B91000-memory.dmp

memory/4044-1201-0x00007FF6BFA10000-0x00007FF6BFD61000-memory.dmp

memory/412-1207-0x00007FF6BD420000-0x00007FF6BD771000-memory.dmp

memory/1460-1209-0x00007FF6FF7D0000-0x00007FF6FFB21000-memory.dmp

memory/3252-1200-0x00007FF685280000-0x00007FF6855D1000-memory.dmp

memory/3752-1213-0x00007FF7A8D70000-0x00007FF7A90C1000-memory.dmp

memory/4032-1215-0x00007FF6472F0000-0x00007FF647641000-memory.dmp

memory/2824-1217-0x00007FF6937D0000-0x00007FF693B21000-memory.dmp

memory/2396-1223-0x00007FF748000000-0x00007FF748351000-memory.dmp

memory/732-1221-0x00007FF724680000-0x00007FF7249D1000-memory.dmp

memory/1432-1227-0x00007FF7104C0000-0x00007FF710811000-memory.dmp

memory/1600-1219-0x00007FF6CB740000-0x00007FF6CBA91000-memory.dmp

memory/2184-1241-0x00007FF719820000-0x00007FF719B71000-memory.dmp

memory/3640-1235-0x00007FF6B2470000-0x00007FF6B27C1000-memory.dmp

memory/1620-1245-0x00007FF780DB0000-0x00007FF781101000-memory.dmp

memory/5096-1309-0x00007FF7C9020000-0x00007FF7C9371000-memory.dmp