Malware Analysis Report

2024-10-10 08:36

Sample ID 240608-fv4braad32
Target 8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe
SHA256 f7f738b7d81ca66c6fc809a62f33b03fa4ed7f0d0bf707132339eb0b347d73af
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f7f738b7d81ca66c6fc809a62f33b03fa4ed7f0d0bf707132339eb0b347d73af

Threat Level: Known bad

The file 8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

KPOT Core Executable

KPOT

XMRig Miner payload

Xmrig family

Kpot family

xmrig

XMRig Miner payload

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 05:13

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 05:12

Reported

2024-06-08 05:16

Platform

win7-20240220-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jShgTnM.exe N/A
N/A N/A C:\Windows\System\sSLGYzZ.exe N/A
N/A N/A C:\Windows\System\ibIgwzQ.exe N/A
N/A N/A C:\Windows\System\njXfHZE.exe N/A
N/A N/A C:\Windows\System\mhJejnv.exe N/A
N/A N/A C:\Windows\System\JooCtpg.exe N/A
N/A N/A C:\Windows\System\nYWtxkp.exe N/A
N/A N/A C:\Windows\System\KkQHyeY.exe N/A
N/A N/A C:\Windows\System\DvMrLQJ.exe N/A
N/A N/A C:\Windows\System\kwwugve.exe N/A
N/A N/A C:\Windows\System\gbNVVXg.exe N/A
N/A N/A C:\Windows\System\hfXKvVS.exe N/A
N/A N/A C:\Windows\System\SgqYXzV.exe N/A
N/A N/A C:\Windows\System\JRlTJEk.exe N/A
N/A N/A C:\Windows\System\moUJQWq.exe N/A
N/A N/A C:\Windows\System\CbKFlPD.exe N/A
N/A N/A C:\Windows\System\lLkqcaU.exe N/A
N/A N/A C:\Windows\System\NuTfBjd.exe N/A
N/A N/A C:\Windows\System\waMPePq.exe N/A
N/A N/A C:\Windows\System\QXktOBB.exe N/A
N/A N/A C:\Windows\System\RSnPIeQ.exe N/A
N/A N/A C:\Windows\System\SgYeGgg.exe N/A
N/A N/A C:\Windows\System\XAaWZbX.exe N/A
N/A N/A C:\Windows\System\QWZlOdy.exe N/A
N/A N/A C:\Windows\System\tKzWXHJ.exe N/A
N/A N/A C:\Windows\System\ExOHZPD.exe N/A
N/A N/A C:\Windows\System\inthiwu.exe N/A
N/A N/A C:\Windows\System\UMFGnOh.exe N/A
N/A N/A C:\Windows\System\pLOWvsk.exe N/A
N/A N/A C:\Windows\System\PdUAnlu.exe N/A
N/A N/A C:\Windows\System\vHjRwZp.exe N/A
N/A N/A C:\Windows\System\ghfuIVn.exe N/A
N/A N/A C:\Windows\System\XguWinX.exe N/A
N/A N/A C:\Windows\System\REZDwRS.exe N/A
N/A N/A C:\Windows\System\XVUUVVf.exe N/A
N/A N/A C:\Windows\System\kokabtO.exe N/A
N/A N/A C:\Windows\System\SSOSbbG.exe N/A
N/A N/A C:\Windows\System\vthVQjG.exe N/A
N/A N/A C:\Windows\System\XdfSyis.exe N/A
N/A N/A C:\Windows\System\JugZROH.exe N/A
N/A N/A C:\Windows\System\uuDSoMU.exe N/A
N/A N/A C:\Windows\System\jDIXHQk.exe N/A
N/A N/A C:\Windows\System\EwiNfEy.exe N/A
N/A N/A C:\Windows\System\lvxGCYq.exe N/A
N/A N/A C:\Windows\System\OhwtViH.exe N/A
N/A N/A C:\Windows\System\xovIOiv.exe N/A
N/A N/A C:\Windows\System\zPJFNLC.exe N/A
N/A N/A C:\Windows\System\BpBBeig.exe N/A
N/A N/A C:\Windows\System\hhItHIH.exe N/A
N/A N/A C:\Windows\System\jHAtBGD.exe N/A
N/A N/A C:\Windows\System\nFcHABF.exe N/A
N/A N/A C:\Windows\System\DtdUEDh.exe N/A
N/A N/A C:\Windows\System\oIAizYY.exe N/A
N/A N/A C:\Windows\System\FxfmZNK.exe N/A
N/A N/A C:\Windows\System\QsmOzyi.exe N/A
N/A N/A C:\Windows\System\QLgRhlS.exe N/A
N/A N/A C:\Windows\System\SaHcngF.exe N/A
N/A N/A C:\Windows\System\HAMmTUd.exe N/A
N/A N/A C:\Windows\System\hnELqvT.exe N/A
N/A N/A C:\Windows\System\QBQchJD.exe N/A
N/A N/A C:\Windows\System\NTvspgb.exe N/A
N/A N/A C:\Windows\System\sIdVsHe.exe N/A
N/A N/A C:\Windows\System\fEYFInX.exe N/A
N/A N/A C:\Windows\System\sHeqetx.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NVVHBVm.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAAqHVY.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AxQdVFy.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BodJVpB.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uwSBnTc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\njXfHZE.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sLoiPKk.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqiHgsX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OLICkhE.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzVXzTF.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwbOaNK.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYysedi.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EyUohYb.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArTAurB.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKqeUhL.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JugZROH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugZQlAh.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StTUTOp.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcuZkGY.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LffDuHw.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hnELqvT.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjVYcMs.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\omyYJsB.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMHhhPS.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vbKPrbf.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEYFInX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKLiXgO.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJtwAMg.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWjbtQc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\etrkuDs.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VUHzSKP.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oRgcVRi.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpdcNPH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vbseqKA.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pNAEllH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sHeqetx.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lXRxyUx.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eAlQwYl.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgcZpIl.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PowYUxQ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffhEDNE.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwiNfEy.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NArcBoc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiHuFbS.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kRyojSi.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XguWinX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrIUQfN.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpyEXok.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvMSYGv.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgqYXzV.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DtdUEDh.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFblMpp.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NjDuCuX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGzaGHk.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrAgNCs.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GZFVKtN.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqTdmLX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iTOAwsu.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jWWCRRp.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AWTmbpL.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GOPjLmw.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAWJDBV.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\urDCZDz.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QgBrOtY.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\jShgTnM.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\jShgTnM.exe
PID 2912 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\jShgTnM.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\sSLGYzZ.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\sSLGYzZ.exe
PID 2912 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\sSLGYzZ.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ibIgwzQ.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ibIgwzQ.exe
PID 2912 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ibIgwzQ.exe
PID 2912 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\njXfHZE.exe
PID 2912 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\njXfHZE.exe
PID 2912 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\njXfHZE.exe
PID 2912 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\mhJejnv.exe
PID 2912 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\mhJejnv.exe
PID 2912 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\mhJejnv.exe
PID 2912 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JooCtpg.exe
PID 2912 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JooCtpg.exe
PID 2912 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JooCtpg.exe
PID 2912 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\nYWtxkp.exe
PID 2912 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\nYWtxkp.exe
PID 2912 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\nYWtxkp.exe
PID 2912 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\KkQHyeY.exe
PID 2912 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\KkQHyeY.exe
PID 2912 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\KkQHyeY.exe
PID 2912 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\kwwugve.exe
PID 2912 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\kwwugve.exe
PID 2912 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\kwwugve.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\DvMrLQJ.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\DvMrLQJ.exe
PID 2912 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\DvMrLQJ.exe
PID 2912 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\gbNVVXg.exe
PID 2912 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\gbNVVXg.exe
PID 2912 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\gbNVVXg.exe
PID 2912 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\hfXKvVS.exe
PID 2912 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\hfXKvVS.exe
PID 2912 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\hfXKvVS.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgqYXzV.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgqYXzV.exe
PID 2912 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgqYXzV.exe
PID 2912 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JRlTJEk.exe
PID 2912 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JRlTJEk.exe
PID 2912 wrote to memory of 296 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JRlTJEk.exe
PID 2912 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\moUJQWq.exe
PID 2912 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\moUJQWq.exe
PID 2912 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\moUJQWq.exe
PID 2912 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\CbKFlPD.exe
PID 2912 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\CbKFlPD.exe
PID 2912 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\CbKFlPD.exe
PID 2912 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\lLkqcaU.exe
PID 2912 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\lLkqcaU.exe
PID 2912 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\lLkqcaU.exe
PID 2912 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\NuTfBjd.exe
PID 2912 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\NuTfBjd.exe
PID 2912 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\NuTfBjd.exe
PID 2912 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QXktOBB.exe
PID 2912 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QXktOBB.exe
PID 2912 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QXktOBB.exe
PID 2912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\waMPePq.exe
PID 2912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\waMPePq.exe
PID 2912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\waMPePq.exe
PID 2912 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\RSnPIeQ.exe
PID 2912 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\RSnPIeQ.exe
PID 2912 wrote to memory of 1252 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\RSnPIeQ.exe
PID 2912 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgYeGgg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe"

C:\Windows\System\jShgTnM.exe

C:\Windows\System\jShgTnM.exe

C:\Windows\System\sSLGYzZ.exe

C:\Windows\System\sSLGYzZ.exe

C:\Windows\System\ibIgwzQ.exe

C:\Windows\System\ibIgwzQ.exe

C:\Windows\System\njXfHZE.exe

C:\Windows\System\njXfHZE.exe

C:\Windows\System\mhJejnv.exe

C:\Windows\System\mhJejnv.exe

C:\Windows\System\JooCtpg.exe

C:\Windows\System\JooCtpg.exe

C:\Windows\System\nYWtxkp.exe

C:\Windows\System\nYWtxkp.exe

C:\Windows\System\KkQHyeY.exe

C:\Windows\System\KkQHyeY.exe

C:\Windows\System\kwwugve.exe

C:\Windows\System\kwwugve.exe

C:\Windows\System\DvMrLQJ.exe

C:\Windows\System\DvMrLQJ.exe

C:\Windows\System\gbNVVXg.exe

C:\Windows\System\gbNVVXg.exe

C:\Windows\System\hfXKvVS.exe

C:\Windows\System\hfXKvVS.exe

C:\Windows\System\SgqYXzV.exe

C:\Windows\System\SgqYXzV.exe

C:\Windows\System\JRlTJEk.exe

C:\Windows\System\JRlTJEk.exe

C:\Windows\System\moUJQWq.exe

C:\Windows\System\moUJQWq.exe

C:\Windows\System\CbKFlPD.exe

C:\Windows\System\CbKFlPD.exe

C:\Windows\System\lLkqcaU.exe

C:\Windows\System\lLkqcaU.exe

C:\Windows\System\NuTfBjd.exe

C:\Windows\System\NuTfBjd.exe

C:\Windows\System\QXktOBB.exe

C:\Windows\System\QXktOBB.exe

C:\Windows\System\waMPePq.exe

C:\Windows\System\waMPePq.exe

C:\Windows\System\RSnPIeQ.exe

C:\Windows\System\RSnPIeQ.exe

C:\Windows\System\SgYeGgg.exe

C:\Windows\System\SgYeGgg.exe

C:\Windows\System\XAaWZbX.exe

C:\Windows\System\XAaWZbX.exe

C:\Windows\System\QWZlOdy.exe

C:\Windows\System\QWZlOdy.exe

C:\Windows\System\tKzWXHJ.exe

C:\Windows\System\tKzWXHJ.exe

C:\Windows\System\ExOHZPD.exe

C:\Windows\System\ExOHZPD.exe

C:\Windows\System\inthiwu.exe

C:\Windows\System\inthiwu.exe

C:\Windows\System\UMFGnOh.exe

C:\Windows\System\UMFGnOh.exe

C:\Windows\System\pLOWvsk.exe

C:\Windows\System\pLOWvsk.exe

C:\Windows\System\PdUAnlu.exe

C:\Windows\System\PdUAnlu.exe

C:\Windows\System\vHjRwZp.exe

C:\Windows\System\vHjRwZp.exe

C:\Windows\System\ghfuIVn.exe

C:\Windows\System\ghfuIVn.exe

C:\Windows\System\XguWinX.exe

C:\Windows\System\XguWinX.exe

C:\Windows\System\REZDwRS.exe

C:\Windows\System\REZDwRS.exe

C:\Windows\System\XVUUVVf.exe

C:\Windows\System\XVUUVVf.exe

C:\Windows\System\kokabtO.exe

C:\Windows\System\kokabtO.exe

C:\Windows\System\SSOSbbG.exe

C:\Windows\System\SSOSbbG.exe

C:\Windows\System\vthVQjG.exe

C:\Windows\System\vthVQjG.exe

C:\Windows\System\XdfSyis.exe

C:\Windows\System\XdfSyis.exe

C:\Windows\System\JugZROH.exe

C:\Windows\System\JugZROH.exe

C:\Windows\System\uuDSoMU.exe

C:\Windows\System\uuDSoMU.exe

C:\Windows\System\jDIXHQk.exe

C:\Windows\System\jDIXHQk.exe

C:\Windows\System\EwiNfEy.exe

C:\Windows\System\EwiNfEy.exe

C:\Windows\System\lvxGCYq.exe

C:\Windows\System\lvxGCYq.exe

C:\Windows\System\OhwtViH.exe

C:\Windows\System\OhwtViH.exe

C:\Windows\System\xovIOiv.exe

C:\Windows\System\xovIOiv.exe

C:\Windows\System\zPJFNLC.exe

C:\Windows\System\zPJFNLC.exe

C:\Windows\System\BpBBeig.exe

C:\Windows\System\BpBBeig.exe

C:\Windows\System\hhItHIH.exe

C:\Windows\System\hhItHIH.exe

C:\Windows\System\jHAtBGD.exe

C:\Windows\System\jHAtBGD.exe

C:\Windows\System\nFcHABF.exe

C:\Windows\System\nFcHABF.exe

C:\Windows\System\DtdUEDh.exe

C:\Windows\System\DtdUEDh.exe

C:\Windows\System\oIAizYY.exe

C:\Windows\System\oIAizYY.exe

C:\Windows\System\FxfmZNK.exe

C:\Windows\System\FxfmZNK.exe

C:\Windows\System\QsmOzyi.exe

C:\Windows\System\QsmOzyi.exe

C:\Windows\System\QLgRhlS.exe

C:\Windows\System\QLgRhlS.exe

C:\Windows\System\SaHcngF.exe

C:\Windows\System\SaHcngF.exe

C:\Windows\System\HAMmTUd.exe

C:\Windows\System\HAMmTUd.exe

C:\Windows\System\hnELqvT.exe

C:\Windows\System\hnELqvT.exe

C:\Windows\System\QBQchJD.exe

C:\Windows\System\QBQchJD.exe

C:\Windows\System\NTvspgb.exe

C:\Windows\System\NTvspgb.exe

C:\Windows\System\sIdVsHe.exe

C:\Windows\System\sIdVsHe.exe

C:\Windows\System\sHeqetx.exe

C:\Windows\System\sHeqetx.exe

C:\Windows\System\fEYFInX.exe

C:\Windows\System\fEYFInX.exe

C:\Windows\System\ZXRAeZe.exe

C:\Windows\System\ZXRAeZe.exe

C:\Windows\System\chKTlrO.exe

C:\Windows\System\chKTlrO.exe

C:\Windows\System\etrkuDs.exe

C:\Windows\System\etrkuDs.exe

C:\Windows\System\NArcBoc.exe

C:\Windows\System\NArcBoc.exe

C:\Windows\System\GSbxaIf.exe

C:\Windows\System\GSbxaIf.exe

C:\Windows\System\QULycYn.exe

C:\Windows\System\QULycYn.exe

C:\Windows\System\VrUkMJP.exe

C:\Windows\System\VrUkMJP.exe

C:\Windows\System\Nguqrur.exe

C:\Windows\System\Nguqrur.exe

C:\Windows\System\wctuMRa.exe

C:\Windows\System\wctuMRa.exe

C:\Windows\System\VDVJUbi.exe

C:\Windows\System\VDVJUbi.exe

C:\Windows\System\FbKNHbW.exe

C:\Windows\System\FbKNHbW.exe

C:\Windows\System\skUpiZk.exe

C:\Windows\System\skUpiZk.exe

C:\Windows\System\RpitpEz.exe

C:\Windows\System\RpitpEz.exe

C:\Windows\System\tGknZHo.exe

C:\Windows\System\tGknZHo.exe

C:\Windows\System\VPhbLtU.exe

C:\Windows\System\VPhbLtU.exe

C:\Windows\System\DDoFsWH.exe

C:\Windows\System\DDoFsWH.exe

C:\Windows\System\PAiZZHD.exe

C:\Windows\System\PAiZZHD.exe

C:\Windows\System\lYHdzmJ.exe

C:\Windows\System\lYHdzmJ.exe

C:\Windows\System\FTCwEfe.exe

C:\Windows\System\FTCwEfe.exe

C:\Windows\System\gNVqJnm.exe

C:\Windows\System\gNVqJnm.exe

C:\Windows\System\yFmqkzL.exe

C:\Windows\System\yFmqkzL.exe

C:\Windows\System\NfZHIuF.exe

C:\Windows\System\NfZHIuF.exe

C:\Windows\System\SogrLpL.exe

C:\Windows\System\SogrLpL.exe

C:\Windows\System\WCMtEFF.exe

C:\Windows\System\WCMtEFF.exe

C:\Windows\System\SaYAbLE.exe

C:\Windows\System\SaYAbLE.exe

C:\Windows\System\OtlvsrE.exe

C:\Windows\System\OtlvsrE.exe

C:\Windows\System\PAAqHVY.exe

C:\Windows\System\PAAqHVY.exe

C:\Windows\System\oplaKzR.exe

C:\Windows\System\oplaKzR.exe

C:\Windows\System\WYysedi.exe

C:\Windows\System\WYysedi.exe

C:\Windows\System\QvyxyMB.exe

C:\Windows\System\QvyxyMB.exe

C:\Windows\System\FarfNMJ.exe

C:\Windows\System\FarfNMJ.exe

C:\Windows\System\PMhWTym.exe

C:\Windows\System\PMhWTym.exe

C:\Windows\System\nZZQUyZ.exe

C:\Windows\System\nZZQUyZ.exe

C:\Windows\System\iEQwxLY.exe

C:\Windows\System\iEQwxLY.exe

C:\Windows\System\PMPlMrL.exe

C:\Windows\System\PMPlMrL.exe

C:\Windows\System\AxQdVFy.exe

C:\Windows\System\AxQdVFy.exe

C:\Windows\System\mqnXFUW.exe

C:\Windows\System\mqnXFUW.exe

C:\Windows\System\QdTXfTh.exe

C:\Windows\System\QdTXfTh.exe

C:\Windows\System\OOuBLao.exe

C:\Windows\System\OOuBLao.exe

C:\Windows\System\wkSFuwY.exe

C:\Windows\System\wkSFuwY.exe

C:\Windows\System\KEJXCqC.exe

C:\Windows\System\KEJXCqC.exe

C:\Windows\System\GOPjLmw.exe

C:\Windows\System\GOPjLmw.exe

C:\Windows\System\LzNTXAT.exe

C:\Windows\System\LzNTXAT.exe

C:\Windows\System\pKLiXgO.exe

C:\Windows\System\pKLiXgO.exe

C:\Windows\System\hQjmwdi.exe

C:\Windows\System\hQjmwdi.exe

C:\Windows\System\lfzVTbi.exe

C:\Windows\System\lfzVTbi.exe

C:\Windows\System\YrVSvEE.exe

C:\Windows\System\YrVSvEE.exe

C:\Windows\System\sBYzbVz.exe

C:\Windows\System\sBYzbVz.exe

C:\Windows\System\WfxLYjC.exe

C:\Windows\System\WfxLYjC.exe

C:\Windows\System\jzIeIsA.exe

C:\Windows\System\jzIeIsA.exe

C:\Windows\System\rhSfyxf.exe

C:\Windows\System\rhSfyxf.exe

C:\Windows\System\WIVKLUg.exe

C:\Windows\System\WIVKLUg.exe

C:\Windows\System\KuRnJhC.exe

C:\Windows\System\KuRnJhC.exe

C:\Windows\System\LFzRnka.exe

C:\Windows\System\LFzRnka.exe

C:\Windows\System\RaVYHDM.exe

C:\Windows\System\RaVYHDM.exe

C:\Windows\System\ZsHdDgO.exe

C:\Windows\System\ZsHdDgO.exe

C:\Windows\System\MMhawLd.exe

C:\Windows\System\MMhawLd.exe

C:\Windows\System\ugZQlAh.exe

C:\Windows\System\ugZQlAh.exe

C:\Windows\System\nnNmhER.exe

C:\Windows\System\nnNmhER.exe

C:\Windows\System\BodJVpB.exe

C:\Windows\System\BodJVpB.exe

C:\Windows\System\XiHuFbS.exe

C:\Windows\System\XiHuFbS.exe

C:\Windows\System\CgpPhuG.exe

C:\Windows\System\CgpPhuG.exe

C:\Windows\System\SHpDyNQ.exe

C:\Windows\System\SHpDyNQ.exe

C:\Windows\System\YGsbZIt.exe

C:\Windows\System\YGsbZIt.exe

C:\Windows\System\YuXVsec.exe

C:\Windows\System\YuXVsec.exe

C:\Windows\System\wKJQKTx.exe

C:\Windows\System\wKJQKTx.exe

C:\Windows\System\qpfhKWl.exe

C:\Windows\System\qpfhKWl.exe

C:\Windows\System\XZGGKZE.exe

C:\Windows\System\XZGGKZE.exe

C:\Windows\System\kRyojSi.exe

C:\Windows\System\kRyojSi.exe

C:\Windows\System\cVFIHZm.exe

C:\Windows\System\cVFIHZm.exe

C:\Windows\System\lXRxyUx.exe

C:\Windows\System\lXRxyUx.exe

C:\Windows\System\nMsuEvB.exe

C:\Windows\System\nMsuEvB.exe

C:\Windows\System\sUgovnD.exe

C:\Windows\System\sUgovnD.exe

C:\Windows\System\upODWix.exe

C:\Windows\System\upODWix.exe

C:\Windows\System\dtrkHbS.exe

C:\Windows\System\dtrkHbS.exe

C:\Windows\System\MNnlcoC.exe

C:\Windows\System\MNnlcoC.exe

C:\Windows\System\LiVawdA.exe

C:\Windows\System\LiVawdA.exe

C:\Windows\System\eAlQwYl.exe

C:\Windows\System\eAlQwYl.exe

C:\Windows\System\owNHQLK.exe

C:\Windows\System\owNHQLK.exe

C:\Windows\System\MzyFjti.exe

C:\Windows\System\MzyFjti.exe

C:\Windows\System\OZjneEi.exe

C:\Windows\System\OZjneEi.exe

C:\Windows\System\UGzaGHk.exe

C:\Windows\System\UGzaGHk.exe

C:\Windows\System\NJcbvdM.exe

C:\Windows\System\NJcbvdM.exe

C:\Windows\System\xXMHgql.exe

C:\Windows\System\xXMHgql.exe

C:\Windows\System\CjVYcMs.exe

C:\Windows\System\CjVYcMs.exe

C:\Windows\System\yjRZSjJ.exe

C:\Windows\System\yjRZSjJ.exe

C:\Windows\System\TwYFaVH.exe

C:\Windows\System\TwYFaVH.exe

C:\Windows\System\KVPtDey.exe

C:\Windows\System\KVPtDey.exe

C:\Windows\System\YHCfGNu.exe

C:\Windows\System\YHCfGNu.exe

C:\Windows\System\zYdHsbv.exe

C:\Windows\System\zYdHsbv.exe

C:\Windows\System\HbjTYeZ.exe

C:\Windows\System\HbjTYeZ.exe

C:\Windows\System\CrIUQfN.exe

C:\Windows\System\CrIUQfN.exe

C:\Windows\System\HQDyqTq.exe

C:\Windows\System\HQDyqTq.exe

C:\Windows\System\zBXghxT.exe

C:\Windows\System\zBXghxT.exe

C:\Windows\System\hdFbxuU.exe

C:\Windows\System\hdFbxuU.exe

C:\Windows\System\mujWbpP.exe

C:\Windows\System\mujWbpP.exe

C:\Windows\System\IACAmgr.exe

C:\Windows\System\IACAmgr.exe

C:\Windows\System\dLzkAGB.exe

C:\Windows\System\dLzkAGB.exe

C:\Windows\System\WFblMpp.exe

C:\Windows\System\WFblMpp.exe

C:\Windows\System\CDFmSwy.exe

C:\Windows\System\CDFmSwy.exe

C:\Windows\System\aNocIfn.exe

C:\Windows\System\aNocIfn.exe

C:\Windows\System\HLDwduc.exe

C:\Windows\System\HLDwduc.exe

C:\Windows\System\uZYfnts.exe

C:\Windows\System\uZYfnts.exe

C:\Windows\System\OAUwFbO.exe

C:\Windows\System\OAUwFbO.exe

C:\Windows\System\jzNWWDg.exe

C:\Windows\System\jzNWWDg.exe

C:\Windows\System\xAWXTNJ.exe

C:\Windows\System\xAWXTNJ.exe

C:\Windows\System\cpFrpIC.exe

C:\Windows\System\cpFrpIC.exe

C:\Windows\System\lODPuHK.exe

C:\Windows\System\lODPuHK.exe

C:\Windows\System\imDOMNI.exe

C:\Windows\System\imDOMNI.exe

C:\Windows\System\zwmMPcU.exe

C:\Windows\System\zwmMPcU.exe

C:\Windows\System\GYENAEO.exe

C:\Windows\System\GYENAEO.exe

C:\Windows\System\HgcZpIl.exe

C:\Windows\System\HgcZpIl.exe

C:\Windows\System\vIUTQdl.exe

C:\Windows\System\vIUTQdl.exe

C:\Windows\System\RtssHWk.exe

C:\Windows\System\RtssHWk.exe

C:\Windows\System\XxZCRRK.exe

C:\Windows\System\XxZCRRK.exe

C:\Windows\System\trjlYsY.exe

C:\Windows\System\trjlYsY.exe

C:\Windows\System\IIRDcjK.exe

C:\Windows\System\IIRDcjK.exe

C:\Windows\System\KtyCUXm.exe

C:\Windows\System\KtyCUXm.exe

C:\Windows\System\WROfjLy.exe

C:\Windows\System\WROfjLy.exe

C:\Windows\System\uwSBnTc.exe

C:\Windows\System\uwSBnTc.exe

C:\Windows\System\CnkGZIm.exe

C:\Windows\System\CnkGZIm.exe

C:\Windows\System\JePxwIz.exe

C:\Windows\System\JePxwIz.exe

C:\Windows\System\pCTBdpV.exe

C:\Windows\System\pCTBdpV.exe

C:\Windows\System\PIpUlYP.exe

C:\Windows\System\PIpUlYP.exe

C:\Windows\System\bXYXiXj.exe

C:\Windows\System\bXYXiXj.exe

C:\Windows\System\JErbVHD.exe

C:\Windows\System\JErbVHD.exe

C:\Windows\System\UaXieNE.exe

C:\Windows\System\UaXieNE.exe

C:\Windows\System\kbgYoDx.exe

C:\Windows\System\kbgYoDx.exe

C:\Windows\System\Ycfzhtu.exe

C:\Windows\System\Ycfzhtu.exe

C:\Windows\System\EyUohYb.exe

C:\Windows\System\EyUohYb.exe

C:\Windows\System\UoGJzjs.exe

C:\Windows\System\UoGJzjs.exe

C:\Windows\System\bAWJDBV.exe

C:\Windows\System\bAWJDBV.exe

C:\Windows\System\BTAfExO.exe

C:\Windows\System\BTAfExO.exe

C:\Windows\System\amUPtup.exe

C:\Windows\System\amUPtup.exe

C:\Windows\System\ZrHXwqP.exe

C:\Windows\System\ZrHXwqP.exe

C:\Windows\System\cpyEXok.exe

C:\Windows\System\cpyEXok.exe

C:\Windows\System\qpBjdvX.exe

C:\Windows\System\qpBjdvX.exe

C:\Windows\System\iinQONm.exe

C:\Windows\System\iinQONm.exe

C:\Windows\System\wyBuLjI.exe

C:\Windows\System\wyBuLjI.exe

C:\Windows\System\hrAgNCs.exe

C:\Windows\System\hrAgNCs.exe

C:\Windows\System\UdQWUzm.exe

C:\Windows\System\UdQWUzm.exe

C:\Windows\System\sDxPKXd.exe

C:\Windows\System\sDxPKXd.exe

C:\Windows\System\BULElcJ.exe

C:\Windows\System\BULElcJ.exe

C:\Windows\System\sgAlksT.exe

C:\Windows\System\sgAlksT.exe

C:\Windows\System\KnlCuDK.exe

C:\Windows\System\KnlCuDK.exe

C:\Windows\System\mlPrCDp.exe

C:\Windows\System\mlPrCDp.exe

C:\Windows\System\hlHCfDt.exe

C:\Windows\System\hlHCfDt.exe

C:\Windows\System\vDCpFzY.exe

C:\Windows\System\vDCpFzY.exe

C:\Windows\System\VUHzSKP.exe

C:\Windows\System\VUHzSKP.exe

C:\Windows\System\ArTAurB.exe

C:\Windows\System\ArTAurB.exe

C:\Windows\System\pJqVzYH.exe

C:\Windows\System\pJqVzYH.exe

C:\Windows\System\ueWZTnJ.exe

C:\Windows\System\ueWZTnJ.exe

C:\Windows\System\HQbcoJl.exe

C:\Windows\System\HQbcoJl.exe

C:\Windows\System\DJAiqnF.exe

C:\Windows\System\DJAiqnF.exe

C:\Windows\System\yAjYvcA.exe

C:\Windows\System\yAjYvcA.exe

C:\Windows\System\oRgcVRi.exe

C:\Windows\System\oRgcVRi.exe

C:\Windows\System\zDHLMxw.exe

C:\Windows\System\zDHLMxw.exe

C:\Windows\System\uwyBvyO.exe

C:\Windows\System\uwyBvyO.exe

C:\Windows\System\OyZJNSz.exe

C:\Windows\System\OyZJNSz.exe

C:\Windows\System\wKxagre.exe

C:\Windows\System\wKxagre.exe

C:\Windows\System\TbdBeht.exe

C:\Windows\System\TbdBeht.exe

C:\Windows\System\AAqsbJH.exe

C:\Windows\System\AAqsbJH.exe

C:\Windows\System\omyYJsB.exe

C:\Windows\System\omyYJsB.exe

C:\Windows\System\oORsOhf.exe

C:\Windows\System\oORsOhf.exe

C:\Windows\System\JqoUbqT.exe

C:\Windows\System\JqoUbqT.exe

C:\Windows\System\fkmGrsr.exe

C:\Windows\System\fkmGrsr.exe

C:\Windows\System\vbseqKA.exe

C:\Windows\System\vbseqKA.exe

C:\Windows\System\qvbDADD.exe

C:\Windows\System\qvbDADD.exe

C:\Windows\System\NjDuCuX.exe

C:\Windows\System\NjDuCuX.exe

C:\Windows\System\LopypBZ.exe

C:\Windows\System\LopypBZ.exe

C:\Windows\System\pNAEllH.exe

C:\Windows\System\pNAEllH.exe

C:\Windows\System\HuVOFou.exe

C:\Windows\System\HuVOFou.exe

C:\Windows\System\vKqeUhL.exe

C:\Windows\System\vKqeUhL.exe

C:\Windows\System\admYDHn.exe

C:\Windows\System\admYDHn.exe

C:\Windows\System\xJJhlut.exe

C:\Windows\System\xJJhlut.exe

C:\Windows\System\cNECAQE.exe

C:\Windows\System\cNECAQE.exe

C:\Windows\System\CPuZbqQ.exe

C:\Windows\System\CPuZbqQ.exe

C:\Windows\System\aqcpkOq.exe

C:\Windows\System\aqcpkOq.exe

C:\Windows\System\SXDJeKg.exe

C:\Windows\System\SXDJeKg.exe

C:\Windows\System\urDCZDz.exe

C:\Windows\System\urDCZDz.exe

C:\Windows\System\tvSjAdI.exe

C:\Windows\System\tvSjAdI.exe

C:\Windows\System\uafYAwy.exe

C:\Windows\System\uafYAwy.exe

C:\Windows\System\QgBrOtY.exe

C:\Windows\System\QgBrOtY.exe

C:\Windows\System\RXmRzzk.exe

C:\Windows\System\RXmRzzk.exe

C:\Windows\System\iTOAwsu.exe

C:\Windows\System\iTOAwsu.exe

C:\Windows\System\OLICkhE.exe

C:\Windows\System\OLICkhE.exe

C:\Windows\System\FHAgTvD.exe

C:\Windows\System\FHAgTvD.exe

C:\Windows\System\StTUTOp.exe

C:\Windows\System\StTUTOp.exe

C:\Windows\System\TzYkEgK.exe

C:\Windows\System\TzYkEgK.exe

C:\Windows\System\NRXphSj.exe

C:\Windows\System\NRXphSj.exe

C:\Windows\System\vHSndST.exe

C:\Windows\System\vHSndST.exe

C:\Windows\System\sLoiPKk.exe

C:\Windows\System\sLoiPKk.exe

C:\Windows\System\tIhzhLQ.exe

C:\Windows\System\tIhzhLQ.exe

C:\Windows\System\GVTslNe.exe

C:\Windows\System\GVTslNe.exe

C:\Windows\System\qmCkYQp.exe

C:\Windows\System\qmCkYQp.exe

C:\Windows\System\IzVXzTF.exe

C:\Windows\System\IzVXzTF.exe

C:\Windows\System\ennVeMJ.exe

C:\Windows\System\ennVeMJ.exe

C:\Windows\System\ksyYesd.exe

C:\Windows\System\ksyYesd.exe

C:\Windows\System\fdAfgXF.exe

C:\Windows\System\fdAfgXF.exe

C:\Windows\System\MCJrfKe.exe

C:\Windows\System\MCJrfKe.exe

C:\Windows\System\RvAJWNE.exe

C:\Windows\System\RvAJWNE.exe

C:\Windows\System\GZFVKtN.exe

C:\Windows\System\GZFVKtN.exe

C:\Windows\System\aCKgZpM.exe

C:\Windows\System\aCKgZpM.exe

C:\Windows\System\PqbfifP.exe

C:\Windows\System\PqbfifP.exe

C:\Windows\System\IeImpqn.exe

C:\Windows\System\IeImpqn.exe

C:\Windows\System\kWuEPiq.exe

C:\Windows\System\kWuEPiq.exe

C:\Windows\System\yqiHgsX.exe

C:\Windows\System\yqiHgsX.exe

C:\Windows\System\rFysyAV.exe

C:\Windows\System\rFysyAV.exe

C:\Windows\System\jWWCRRp.exe

C:\Windows\System\jWWCRRp.exe

C:\Windows\System\PowYUxQ.exe

C:\Windows\System\PowYUxQ.exe

C:\Windows\System\jcuZkGY.exe

C:\Windows\System\jcuZkGY.exe

C:\Windows\System\GrtkJPQ.exe

C:\Windows\System\GrtkJPQ.exe

C:\Windows\System\snKZwoI.exe

C:\Windows\System\snKZwoI.exe

C:\Windows\System\KwbOaNK.exe

C:\Windows\System\KwbOaNK.exe

C:\Windows\System\AWTmbpL.exe

C:\Windows\System\AWTmbpL.exe

C:\Windows\System\ODxZkJS.exe

C:\Windows\System\ODxZkJS.exe

C:\Windows\System\XeNKJdT.exe

C:\Windows\System\XeNKJdT.exe

C:\Windows\System\uBwlNFI.exe

C:\Windows\System\uBwlNFI.exe

C:\Windows\System\oReQfDd.exe

C:\Windows\System\oReQfDd.exe

C:\Windows\System\QMHhhPS.exe

C:\Windows\System\QMHhhPS.exe

C:\Windows\System\GsULaUw.exe

C:\Windows\System\GsULaUw.exe

C:\Windows\System\zcvzTdc.exe

C:\Windows\System\zcvzTdc.exe

C:\Windows\System\YSgQTRn.exe

C:\Windows\System\YSgQTRn.exe

C:\Windows\System\EqTdmLX.exe

C:\Windows\System\EqTdmLX.exe

C:\Windows\System\mnOYCMf.exe

C:\Windows\System\mnOYCMf.exe

C:\Windows\System\GJtwAMg.exe

C:\Windows\System\GJtwAMg.exe

C:\Windows\System\RoCkUjQ.exe

C:\Windows\System\RoCkUjQ.exe

C:\Windows\System\YixEMpw.exe

C:\Windows\System\YixEMpw.exe

C:\Windows\System\oWfaHgX.exe

C:\Windows\System\oWfaHgX.exe

C:\Windows\System\tvqbwel.exe

C:\Windows\System\tvqbwel.exe

C:\Windows\System\aBhtIPe.exe

C:\Windows\System\aBhtIPe.exe

C:\Windows\System\ljTgpod.exe

C:\Windows\System\ljTgpod.exe

C:\Windows\System\oOhVgqv.exe

C:\Windows\System\oOhVgqv.exe

C:\Windows\System\lwvkFLH.exe

C:\Windows\System\lwvkFLH.exe

C:\Windows\System\KTqbnPW.exe

C:\Windows\System\KTqbnPW.exe

C:\Windows\System\PNKBySp.exe

C:\Windows\System\PNKBySp.exe

C:\Windows\System\aqRBxcC.exe

C:\Windows\System\aqRBxcC.exe

C:\Windows\System\dvMSYGv.exe

C:\Windows\System\dvMSYGv.exe

C:\Windows\System\NVVHBVm.exe

C:\Windows\System\NVVHBVm.exe

C:\Windows\System\CReoGlg.exe

C:\Windows\System\CReoGlg.exe

C:\Windows\System\faJZWlq.exe

C:\Windows\System\faJZWlq.exe

C:\Windows\System\QfOvAcA.exe

C:\Windows\System\QfOvAcA.exe

C:\Windows\System\fDuoNMz.exe

C:\Windows\System\fDuoNMz.exe

C:\Windows\System\hWjbtQc.exe

C:\Windows\System\hWjbtQc.exe

C:\Windows\System\YTiEcbD.exe

C:\Windows\System\YTiEcbD.exe

C:\Windows\System\YPHBMVX.exe

C:\Windows\System\YPHBMVX.exe

C:\Windows\System\EpdcNPH.exe

C:\Windows\System\EpdcNPH.exe

C:\Windows\System\vbKPrbf.exe

C:\Windows\System\vbKPrbf.exe

C:\Windows\System\TaqvdXq.exe

C:\Windows\System\TaqvdXq.exe

C:\Windows\System\hmVytOf.exe

C:\Windows\System\hmVytOf.exe

C:\Windows\System\memGBfo.exe

C:\Windows\System\memGBfo.exe

C:\Windows\System\NCZAPFX.exe

C:\Windows\System\NCZAPFX.exe

C:\Windows\System\ffhEDNE.exe

C:\Windows\System\ffhEDNE.exe

C:\Windows\System\cUrJbXv.exe

C:\Windows\System\cUrJbXv.exe

C:\Windows\System\qCQLgWw.exe

C:\Windows\System\qCQLgWw.exe

C:\Windows\System\LUdBtEf.exe

C:\Windows\System\LUdBtEf.exe

C:\Windows\System\LffDuHw.exe

C:\Windows\System\LffDuHw.exe

C:\Windows\System\mySjnlN.exe

C:\Windows\System\mySjnlN.exe

C:\Windows\System\CKuiacu.exe

C:\Windows\System\CKuiacu.exe

C:\Windows\System\CDeiGgW.exe

C:\Windows\System\CDeiGgW.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2912-0-0x000000013F0E0000-0x000000013F431000-memory.dmp

memory/2912-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\jShgTnM.exe

MD5 cfd4acc920221585e7dcb82e6bcc9994
SHA1 1cb4973ccbff03f7ab406a25914a480ae3ba4c1d
SHA256 84aadfbcb948ddae88eb8a752df384b162cd6082812f178a3ce6922ff6f57745
SHA512 1f603adf6d4ac870d694c7c8d562ae8ca9464668bea4f9462f79692ab3f82b8926ee6d08302e83d56d9fcecdfbcb8d790601c01c3c665c32a4eefe394ce45714

memory/2912-7-0x000000013FDA0000-0x00000001400F1000-memory.dmp

C:\Windows\system\ibIgwzQ.exe

MD5 aefe3d943fe67bd80e1dc17d0317c564
SHA1 47a8e228315b64975ad373e26f1706b9da89f219
SHA256 ccab7376263baaf263911cda62991617970277e56289342714b5a2fefc065614
SHA512 e7f8022fb09de54b1dc10afeab8b24b82a58f30b303fccfff7879a9247627d2f0bcec0b9b7becfc0ae9724c05f6121120f78b4da403d22c9ac28e8f0a188cb2d

\Windows\system\njXfHZE.exe

MD5 271eb07f482854b27096f8905a4adf85
SHA1 f02e8522ea9abb80b7fa471b8aa9f699fd25d05f
SHA256 eeba354ef1160c03455d25ee3b7002af50aa5d0ca39a63e12359ba074aaea5df
SHA512 5576ac1fcb17a9158cf9fbd0c608327a80b8587105d9a17cc4da02551e67bf686e1ae956aadf2ab4568eaa76c646dd9008fc2e874e85424defe8c1e390f3953c

memory/2912-29-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/2544-30-0x000000013F670000-0x000000013F9C1000-memory.dmp

C:\Windows\system\JooCtpg.exe

MD5 244ad0e107734c00701bef2a33f3f427
SHA1 03f925f8e09b217fb47d50717132f7ccea50ec3f
SHA256 4f8e4d4b2869679707a26995baf1085fb81645604f6100cdcb15ecc6faed62bc
SHA512 b86d3d5991ef4ebe8f3d11f52003b03e0ac51b2e2a222fa4cc2ada06d4aa6a6edf40855e2252a88611306387d5b27eb5f45044faa2b938117fbf391c5f629f8e

C:\Windows\system\mhJejnv.exe

MD5 e98a51e8448794a5bc92e385718bc0fa
SHA1 15c26fac8dcc0fa32f20b39adf3522b3a1be2549
SHA256 1baada791b3721bd585a61c0a7fc739b4a6ec03e5271f5cd1fd3e6ec06a7a40c
SHA512 d714f3214bf20b32a0586149ff03ab685881aa7c48d113911d51eb0a671964f354e8cdbd897ab90459e90a816e0786073f7723cd0ac7be22292d4deff1567e96

memory/2480-27-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2912-26-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2916-24-0x000000013FF10000-0x0000000140261000-memory.dmp

memory/2912-23-0x000000013FF10000-0x0000000140261000-memory.dmp

memory/2912-40-0x000000013F960000-0x000000013FCB1000-memory.dmp

C:\Windows\system\nYWtxkp.exe

MD5 57aa18cf146e74fd2c405ba98c652fbe
SHA1 b3dbe3bfb421311f5b9e61e7846e1f706fceabc9
SHA256 763dea28566b4be06eeccd427732ef9059ea3930c826cca1910d46b3fbeaef84
SHA512 8d0a97df0fb31b37fec262a1aad674e9151228f377d64691258eca658663b755a1509679a8c1fd2e2fe1d802574f9a59b822611ccf4a9898394b31d1e7da2222

memory/1820-50-0x000000013F7D0000-0x000000013FB21000-memory.dmp

C:\Windows\system\kwwugve.exe

MD5 d5657f08fd8f38cab5ef48366ac58830
SHA1 4b17403fec893d194f19e840f161dbdec9cf3288
SHA256 c20c7f16520df5882220be37efa4ad75ac774422b2901524701a91fdbb7db7cc
SHA512 acfd65b106bfd42d45d3739a0236cda1e901a63cb2734a2aabe7d52095b8050acd2cb10f8f19e6cc282f8ec96cc09ee9d0ab16b9d8ef31afbbac860992db96f5

C:\Windows\system\DvMrLQJ.exe

MD5 2a6e6a6e7f0de4eb9bfab0b3a360fe61
SHA1 0553484ae2262697fdc3113a3bd5faa9156a2930
SHA256 d6d3c783b7c1891e144015ed78077127910b26765a964bdea3c4d439d1ffcff4
SHA512 e60e6167e94423d473fbd6793cd85268b9161c5be54bbbc3ef9144dd55bc43f4a7416536fcf0275e2324c82a0a60e390acb7fd9941d28cce05ee551c1d8ccdde

memory/2368-58-0x000000013FA50000-0x000000013FDA1000-memory.dmp

\Windows\system\KkQHyeY.exe

MD5 3a8cfe5f08f3917fd582c93d1c97d558
SHA1 f3d8b4889a0e5a2909c8ca63b1f5850f60a2b922
SHA256 54ca89f8de7e39de174d4023c25bbcbdbb754ebcd28d2420f9c4a77e2e42f4eb
SHA512 8c5eb62e934bf1261a34ed3cc85f1d0a8759f2525ec762b5e10a7d9c10e00cb5df3bf0101be20f13c3499d2403b0e55369949bf4ad1c0e32ce2470d9abf135ad

memory/2220-68-0x000000013FC50000-0x000000013FFA1000-memory.dmp

memory/2912-74-0x000000013F8B0000-0x000000013FC01000-memory.dmp

C:\Windows\system\hfXKvVS.exe

MD5 4660332edee17bd66b901fcd0973ba3e
SHA1 e14788413fe0a07cf9b322795dcb05a656e19a3e
SHA256 b36259c7e41f0f8c81ececdf02ee7663c9d472484a581e6df9e94b183998dd54
SHA512 ef139490f487c2dc3b66ea62c1856df5fbbf0e3d51b655dde21f4d4bb4d9d9290387fc4f4ef917dc31131d7f2b2d827d26611df75840e5b81fe05b82a300c3ac

C:\Windows\system\gbNVVXg.exe

MD5 f3acb322bce711430f0a0b9192db992a
SHA1 710b7d5baea44521e0b348e759e8e84b789312ed
SHA256 f8411da1b40f462ea417699fefb714a11cf69d4d567d9e59a24d46b89b7ecb4a
SHA512 e23b78283450eb1fa210593a45bfa8eb55a497ca9943b67f25a84c335115d27af1474b07460fe85288438df9e453e134a59874ae95a5f41f21a13dee6490a578

memory/2116-83-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2912-97-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/296-96-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/2340-100-0x000000013F8B0000-0x000000013FC01000-memory.dmp

memory/2912-103-0x000000013F820000-0x000000013FB71000-memory.dmp

memory/2912-105-0x000000013FEC0000-0x0000000140211000-memory.dmp

memory/2912-104-0x000000013FF80000-0x00000001402D1000-memory.dmp

C:\Windows\system\waMPePq.exe

MD5 a22c0efa9c3d9ff732672811477f617a
SHA1 74ba29f2052f4c99fe712b5d6c8de5f0da8de47a
SHA256 5ef3d3c651de7a0f3e095865fc8c17037f24ba3a89db13a344acb1dc502c4b76
SHA512 3254126aa2acfc40a16b0296ef9886ade100ff6542c1c5d8199eaa7d28abb7fc60f0326c498f3e739a1cc8ec6fdb028c78c9ead85952fd87825001015343d084

C:\Windows\system\pLOWvsk.exe

MD5 266f2005e2e7385f8497690d1eb27488
SHA1 a7c02dda0f5094163b3523d7f389e87cca08c080
SHA256 08f7577c8c94c12b77a6462ba91f4a12edbe0de6077023b27c4fdd1bc1024d1b
SHA512 55c251a30aa1229e22f46512807776076a33a52451bc862b5372b05d580ce135d8121ce4a5fc402bf5869b3a3fcafb9c1398929f2f0804d0c4c03cf939fb91b9

memory/2912-1087-0x000000013F0E0000-0x000000013F431000-memory.dmp

C:\Windows\system\vHjRwZp.exe

MD5 179a4fb8b7d2599b34782237aed3c24c
SHA1 bbf205ffc573bfb7f998466db33224be7125fc72
SHA256 7cef4037068f4d669c26a6ec3c4cf12f9b7eff8c5f8f38ddb35ab5aeb04a4b26
SHA512 4413ff53ee0448db1bcb1da011f047e03d1d9616f835f8fbbb7eb496960c38904e34f319b2974050ca68f591d12dbc031fcc185fe34875f9276241e69cba0894

C:\Windows\system\ghfuIVn.exe

MD5 ae6aa214af5a12e9494a84546e3c88df
SHA1 463c741ab05e9daa9fa99005239182da31fc69e0
SHA256 be2f140361079bcad05b7b4fa1354762c8cf40d3d6dbef0fa31465e61ed32b81
SHA512 c6c2a92c9d99b6699bb79b5bd1a0b57ccf540906f5f5200468f870edbf8a92a66c31f3640b53a0e9f1abc29233e341cdfd4bf1e428f99d7c79d00af3c478af64

C:\Windows\system\PdUAnlu.exe

MD5 aa8fcf66b18efd1f21a65432ac80cf8e
SHA1 c35024de40dceb7a727732b5328f144d1c71371c
SHA256 04c34b1f53024e1476b961a2ea4c31e89ed2467ef68eb7fdb2208cc269a00094
SHA512 126966c3f8b2eb4560f95154bf4a4c62f27ec38e8f6b170c9f4a516c505a72228123113c1a3695e5d385224564ac2a3fa05564fd93ca5f6729a14573613b093c

C:\Windows\system\inthiwu.exe

MD5 4deb5784635afdc84b71899d727b6f27
SHA1 905e75f4cba5881e1034daa07108d764524f21de
SHA256 6b0b832d4fb1a6d66bae6371c9dae8c7fde5ca5ad51b5240c633b76692d3072b
SHA512 b28becd02586d9625b84b75d311145c62b8170ad2bab345f342f4ef3cfc6435b97cf8992ea2764400f0cfa681a8d0ca5294996825f196aab152129e1f1db080a

C:\Windows\system\UMFGnOh.exe

MD5 f178fc8f5ca350ba1adeeb8b508d6f92
SHA1 cc78729eef978134bcb502b446d5e52ca2ae53d5
SHA256 7951f7f72d58a1f6fa3f03708390ebd72e9eb854717cd511ea41c43a24db6726
SHA512 d851ba93506f028824dacd3cc9e1c3e2ec192a62d2e9568c79a78590978b0d4985137281fcd17e00e0293705dbd9a034276f7f1720bae6d77426d1f19eda0556

C:\Windows\system\tKzWXHJ.exe

MD5 228009f334c49e31a73a0311aa1adea4
SHA1 838d89fbfd3469ff12424e65a1f98c0d59097140
SHA256 1d2268e3a69f8dc1b9026fe07a5389b7a895d3da7d94fe98dc1fa92006c072e6
SHA512 e04b72cba86a08ab7e73029bbe83ebc7f9c5757e1fa4f6c6115e5a1c8a22248ebf87557c23c4554b54db666e69eabbad8be5f093780c7761698c047c79df132b

C:\Windows\system\XAaWZbX.exe

MD5 34dea1cefc28c3e5f778e24d82148d35
SHA1 474fd8895e1f66734757ba68e302b140fe33c704
SHA256 48655e18fdfa88ed350376d3bdb1ae9ed83140da041a4ac25180f82114c2a1cc
SHA512 3824137522078d45ee1b2a572617a4741b8dc3124b9f3231afdb000c38bb0600d1da4f73a77b4fde6294efe112f39dfcebd3a4b273b7b6cb3b2233181993b823

C:\Windows\system\ExOHZPD.exe

MD5 178cfcb79b036a30af81e961d1ac1a57
SHA1 86b356c28092bae8f19c9fd70e417b5494a8ed83
SHA256 aae5279545d5f20f88b730dacbdabb25b416481f09dbfccaddd106e15c1fbf4a
SHA512 fcb02bef06d34b172711ca4bbbcac6621643db2ff52d63787aac4a1f976485f82a449e331585244bcc01f8b61da5a1b711abbb1c1003cc70b4bb9e463b30e531

C:\Windows\system\QWZlOdy.exe

MD5 1bfd161df3ae8cfb6b98f66c9fa82baa
SHA1 9ff83c98f871336543f8a397d144a6de1649d2f9
SHA256 0900338fa5638d8ec90cf12eda6077d3b5b85e52d1825fe7c57f81e72e7ee851
SHA512 da58ba93b046e47bca98114fda2a3dd3c51a4bc7df3c8470c4b74df9cc0f1d959b024c591b7900aaf28e4e5a2172dc65308cfd646b3c04352d4a48c4f7e24064

C:\Windows\system\SgYeGgg.exe

MD5 4e40b1e65b5cece130fcaa5df7dc0bf9
SHA1 7227344e7ccd9ad7018b8ef0ded767f16a9a455d
SHA256 ebf90e79fa31669dc171582d2de877d03d63f05d3c2b571095b55c6e35bfd7ab
SHA512 fc9d904e6ade5044b8e1a9c6b5924109714b4c3e778eff920b6a1f76b7d9fd8af7fdffbcafd5e682c105f600cae20eef271a35a28f5ac54475033ea08cb630ce

C:\Windows\system\RSnPIeQ.exe

MD5 13e2dfb35963e5a55ccbe3070bc85135
SHA1 79a8ebaddc6041e1852fcf58d7fb134ab13aa723
SHA256 8eacffe07c98b4f9890c4f4945e1e4738088c22263c237ad1a374bfdf0d74234
SHA512 7e4d8ffa9f654d5f8b2938c67a0d17fe9c707573412c4bc00a5d13b949e8e1ef79c14c1654f0d102bea07b85c8909cb24938fdf7bcd8b73a2480c03d8d963eae

\Windows\system\QXktOBB.exe

MD5 4b3d571a68c75912782e48b0f61001b3
SHA1 d5483dc50bed9a0b316db89f84d4abc6973a3be9
SHA256 adc97fe9c651428b0719bde61463ab74fe7fa0828aed46c79e3d6c59bb60b582
SHA512 1ae2fa5adb2196a1302fcbcab82f6456c4443f78c7f0f738a3f8e68edd794225bfe1591fc0f92b2aaada2b4db88ff636c84bd700cfa51eae6f0a7f391dbc0de2

C:\Windows\system\lLkqcaU.exe

MD5 2b8cd5c090348e8ba171246ba485a316
SHA1 9ff233178d6ddd6d3b852e82aa09f3ff9f2cdb17
SHA256 9ece39960ea98d8e5a36b87716a78ccce53acbefcc9f59f9afde876a2c91c437
SHA512 e94b3dbf155c54b522c31c800e0ba672631dfff0912fb2f727e062a082ac28f01f3f77c8831826f795451a2e2bc532227a0cc06a99765fe67ae477a61b6b8762

C:\Windows\system\NuTfBjd.exe

MD5 beb092d0916a54c041c7043d5f67300d
SHA1 9adaf42f26c2f1122bdde807083e42291ca6ae1f
SHA256 06d406cd4a14ff24cdff893e3a7a9226fe7e5292c2ef84e0bbbb2b1874712aab
SHA512 9543bca13cd8abd144a68f37d427ba50b72b051a7614f0274f266b47131efca0e76889ee99c18ead9337277ec9a434d9c5af89ca0d7a5537e2b783dc4481530b

C:\Windows\system\CbKFlPD.exe

MD5 130fc39c4b83669a87e69e0d86fded19
SHA1 0e90cc4c2c6da2da3e111e4e51c56ecb697dabf6
SHA256 cacbd637a150cb4e3b7c410af3244a9733495f2f4470f82587f885bb7947d926
SHA512 77d48fa5b4993804fcb774f61e4e061d7966ce9cd04a0c9676c0a72281e075c395a4f25408d1d72ed69a1830443008f425770275f4e1094463ac8e2168d22326

memory/2912-102-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/1720-101-0x000000013FEC0000-0x0000000140211000-memory.dmp

memory/2912-99-0x000000013FEC0000-0x0000000140211000-memory.dmp

memory/2912-98-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2912-95-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/1580-93-0x000000013FF80000-0x00000001402D1000-memory.dmp

C:\Windows\system\moUJQWq.exe

MD5 a953dedbfd6c0c3cbd205a27fa7e0e18
SHA1 163eb8a2a43be3fb89c6b9f8297747fe12e3c304
SHA256 9c2d92384cc328819938a6fabc54f145b5ef30adfd2881c126785b62bf4a57c1
SHA512 07bc578a7e7de58ad158bf1af42648144434924dc5cc1b1156f1bc55b50da8dd877aea32c1b963b3e3486fb34c7bd7faa7855457ce1b126fe224b0960a0ecb51

memory/2632-91-0x000000013F820000-0x000000013FB71000-memory.dmp

\Windows\system\JRlTJEk.exe

MD5 e0556a63902d3cf3cd95888a7b91bf70
SHA1 c852464c2dbccc1cab73dd4535f83220e53d7433
SHA256 047cb3dbf5e49dbff17f16779562f3537ce82c8b50392383b873b468626dd15e
SHA512 56bce8ce5c067687a0c8db764f429db88961e0629cdb1dd9e8dd3100d99a310600d1daba0f203226af41f9a02fd852dd1102d8fee0ddc10cbe311b0bf88d691a

C:\Windows\system\SgqYXzV.exe

MD5 3540e11a8d86cfcb929e8ad3225c3978
SHA1 5064afe306599ce9a23a89bf78fdd56987e84104
SHA256 84210f7bb4a0f0d133d8ff7585994b35437e16e3c70a58ce56f655b332cea363
SHA512 e41bac61b7acb1e0d7c34b914ed0dd4fb3facc7a3904f62be7131ffe9d90950a0e8c5edca57a71b88e9cd1555473519cc6d9d0e8d84121022d0ac867602c6e12

memory/2652-41-0x000000013F960000-0x000000013FCB1000-memory.dmp

C:\Windows\system\sSLGYzZ.exe

MD5 cd0c3f5cb3274ff4d8947fccbd46cf0c
SHA1 8fd9598cea024af4eaedf2ff0605c694f16cf0bb
SHA256 7112235af41d106afb97ab8a13db058ef2d112fdf4e29332f9346000898dd862
SHA512 4b1eb5be78d6545f23e48a7ccf987229fd9115ee502f160a12353af2925b3e093a6868640264fa96a37296477b8728f9e6969a06d62cace43641b3531469bcf8

memory/3000-9-0x000000013FDA0000-0x00000001400F1000-memory.dmp

memory/2912-1100-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/2912-1099-0x000000013FF10000-0x0000000140261000-memory.dmp

memory/2368-1117-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2116-1119-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2220-1118-0x000000013FC50000-0x000000013FFA1000-memory.dmp

memory/3000-1176-0x000000013FDA0000-0x00000001400F1000-memory.dmp

memory/2480-1180-0x000000013FB00000-0x000000013FE51000-memory.dmp

memory/2916-1178-0x000000013FF10000-0x0000000140261000-memory.dmp

memory/2544-1182-0x000000013F670000-0x000000013F9C1000-memory.dmp

memory/2652-1184-0x000000013F960000-0x000000013FCB1000-memory.dmp

memory/1820-1186-0x000000013F7D0000-0x000000013FB21000-memory.dmp

memory/2368-1188-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2220-1194-0x000000013FC50000-0x000000013FFA1000-memory.dmp

memory/1720-1192-0x000000013FEC0000-0x0000000140211000-memory.dmp

memory/2340-1191-0x000000013F8B0000-0x000000013FC01000-memory.dmp

memory/2116-1198-0x000000013FFB0000-0x0000000140301000-memory.dmp

memory/2632-1197-0x000000013F820000-0x000000013FB71000-memory.dmp

memory/296-1202-0x000000013FB20000-0x000000013FE71000-memory.dmp

memory/1580-1200-0x000000013FF80000-0x00000001402D1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 05:12

Reported

2024-06-08 05:16

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jShgTnM.exe N/A
N/A N/A C:\Windows\System\ibIgwzQ.exe N/A
N/A N/A C:\Windows\System\njXfHZE.exe N/A
N/A N/A C:\Windows\System\sSLGYzZ.exe N/A
N/A N/A C:\Windows\System\mhJejnv.exe N/A
N/A N/A C:\Windows\System\JooCtpg.exe N/A
N/A N/A C:\Windows\System\nYWtxkp.exe N/A
N/A N/A C:\Windows\System\KkQHyeY.exe N/A
N/A N/A C:\Windows\System\kwwugve.exe N/A
N/A N/A C:\Windows\System\DvMrLQJ.exe N/A
N/A N/A C:\Windows\System\gbNVVXg.exe N/A
N/A N/A C:\Windows\System\hfXKvVS.exe N/A
N/A N/A C:\Windows\System\SgqYXzV.exe N/A
N/A N/A C:\Windows\System\JRlTJEk.exe N/A
N/A N/A C:\Windows\System\CbKFlPD.exe N/A
N/A N/A C:\Windows\System\lLkqcaU.exe N/A
N/A N/A C:\Windows\System\NuTfBjd.exe N/A
N/A N/A C:\Windows\System\QXktOBB.exe N/A
N/A N/A C:\Windows\System\waMPePq.exe N/A
N/A N/A C:\Windows\System\moUJQWq.exe N/A
N/A N/A C:\Windows\System\RSnPIeQ.exe N/A
N/A N/A C:\Windows\System\SgYeGgg.exe N/A
N/A N/A C:\Windows\System\XAaWZbX.exe N/A
N/A N/A C:\Windows\System\QWZlOdy.exe N/A
N/A N/A C:\Windows\System\tKzWXHJ.exe N/A
N/A N/A C:\Windows\System\ExOHZPD.exe N/A
N/A N/A C:\Windows\System\inthiwu.exe N/A
N/A N/A C:\Windows\System\UMFGnOh.exe N/A
N/A N/A C:\Windows\System\pLOWvsk.exe N/A
N/A N/A C:\Windows\System\PdUAnlu.exe N/A
N/A N/A C:\Windows\System\vHjRwZp.exe N/A
N/A N/A C:\Windows\System\ghfuIVn.exe N/A
N/A N/A C:\Windows\System\XguWinX.exe N/A
N/A N/A C:\Windows\System\REZDwRS.exe N/A
N/A N/A C:\Windows\System\XVUUVVf.exe N/A
N/A N/A C:\Windows\System\kokabtO.exe N/A
N/A N/A C:\Windows\System\SSOSbbG.exe N/A
N/A N/A C:\Windows\System\vthVQjG.exe N/A
N/A N/A C:\Windows\System\XdfSyis.exe N/A
N/A N/A C:\Windows\System\JugZROH.exe N/A
N/A N/A C:\Windows\System\uuDSoMU.exe N/A
N/A N/A C:\Windows\System\jDIXHQk.exe N/A
N/A N/A C:\Windows\System\EwiNfEy.exe N/A
N/A N/A C:\Windows\System\lvxGCYq.exe N/A
N/A N/A C:\Windows\System\OhwtViH.exe N/A
N/A N/A C:\Windows\System\xovIOiv.exe N/A
N/A N/A C:\Windows\System\zPJFNLC.exe N/A
N/A N/A C:\Windows\System\BpBBeig.exe N/A
N/A N/A C:\Windows\System\hhItHIH.exe N/A
N/A N/A C:\Windows\System\jHAtBGD.exe N/A
N/A N/A C:\Windows\System\nFcHABF.exe N/A
N/A N/A C:\Windows\System\DtdUEDh.exe N/A
N/A N/A C:\Windows\System\oIAizYY.exe N/A
N/A N/A C:\Windows\System\FxfmZNK.exe N/A
N/A N/A C:\Windows\System\QsmOzyi.exe N/A
N/A N/A C:\Windows\System\QLgRhlS.exe N/A
N/A N/A C:\Windows\System\SaHcngF.exe N/A
N/A N/A C:\Windows\System\HAMmTUd.exe N/A
N/A N/A C:\Windows\System\hnELqvT.exe N/A
N/A N/A C:\Windows\System\QBQchJD.exe N/A
N/A N/A C:\Windows\System\NTvspgb.exe N/A
N/A N/A C:\Windows\System\sIdVsHe.exe N/A
N/A N/A C:\Windows\System\sHeqetx.exe N/A
N/A N/A C:\Windows\System\fEYFInX.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\qCQLgWw.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRlTJEk.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEYFInX.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFmqkzL.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sBYzbVz.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wKJQKTx.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KtyCUXm.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KTqbnPW.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CbKFlPD.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIUTQdl.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPuZbqQ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVTslNe.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOhVgqv.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VrUkMJP.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugZQlAh.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAWXTNJ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OyZJNSz.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vKqeUhL.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsULaUw.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dvMSYGv.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDuoNMz.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYWtxkp.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QsmOzyi.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sIdVsHe.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\chKTlrO.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NfZHIuF.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvyxyMB.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mujWbpP.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffhEDNE.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlHCfDt.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSLGYzZ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSnPIeQ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhwtViH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnNmhER.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDFmSwy.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HgcZpIl.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\trjlYsY.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ksyYesd.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XeNKJdT.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SgYeGgg.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSOSbbG.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGsbZIt.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eAlQwYl.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lwvkFLH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TaqvdXq.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAiZZHD.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhSfyxf.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CgpPhuG.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLDwduc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TbdBeht.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FHAgTvD.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NArcBoc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TwYFaVH.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArTAurB.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcvzTdc.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aBhtIPe.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDeiGgW.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tKzWXHJ.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\inthiwu.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SogrLpL.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NJcbvdM.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fdAfgXF.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\snKZwoI.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xXMHgql.exe C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 796 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\jShgTnM.exe
PID 796 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\jShgTnM.exe
PID 796 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\sSLGYzZ.exe
PID 796 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\sSLGYzZ.exe
PID 796 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ibIgwzQ.exe
PID 796 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ibIgwzQ.exe
PID 796 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\njXfHZE.exe
PID 796 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\njXfHZE.exe
PID 796 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\mhJejnv.exe
PID 796 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\mhJejnv.exe
PID 796 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JooCtpg.exe
PID 796 wrote to memory of 4104 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JooCtpg.exe
PID 796 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\nYWtxkp.exe
PID 796 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\nYWtxkp.exe
PID 796 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\KkQHyeY.exe
PID 796 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\KkQHyeY.exe
PID 796 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\kwwugve.exe
PID 796 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\kwwugve.exe
PID 796 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\DvMrLQJ.exe
PID 796 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\DvMrLQJ.exe
PID 796 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\gbNVVXg.exe
PID 796 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\gbNVVXg.exe
PID 796 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\hfXKvVS.exe
PID 796 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\hfXKvVS.exe
PID 796 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgqYXzV.exe
PID 796 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgqYXzV.exe
PID 796 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JRlTJEk.exe
PID 796 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\JRlTJEk.exe
PID 796 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\moUJQWq.exe
PID 796 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\moUJQWq.exe
PID 796 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\CbKFlPD.exe
PID 796 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\CbKFlPD.exe
PID 796 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\lLkqcaU.exe
PID 796 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\lLkqcaU.exe
PID 796 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\NuTfBjd.exe
PID 796 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\NuTfBjd.exe
PID 796 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QXktOBB.exe
PID 796 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QXktOBB.exe
PID 796 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\waMPePq.exe
PID 796 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\waMPePq.exe
PID 796 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\RSnPIeQ.exe
PID 796 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\RSnPIeQ.exe
PID 796 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgYeGgg.exe
PID 796 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\SgYeGgg.exe
PID 796 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\XAaWZbX.exe
PID 796 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\XAaWZbX.exe
PID 796 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QWZlOdy.exe
PID 796 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\QWZlOdy.exe
PID 796 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\tKzWXHJ.exe
PID 796 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\tKzWXHJ.exe
PID 796 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ExOHZPD.exe
PID 796 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ExOHZPD.exe
PID 796 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\inthiwu.exe
PID 796 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\inthiwu.exe
PID 796 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\UMFGnOh.exe
PID 796 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\UMFGnOh.exe
PID 796 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\pLOWvsk.exe
PID 796 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\pLOWvsk.exe
PID 796 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\PdUAnlu.exe
PID 796 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\PdUAnlu.exe
PID 796 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\vHjRwZp.exe
PID 796 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\vHjRwZp.exe
PID 796 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ghfuIVn.exe
PID 796 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe C:\Windows\System\ghfuIVn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ef426384894df91cfdb062902a223c0_NeikiAnalytics.exe"

C:\Windows\System\jShgTnM.exe

C:\Windows\System\jShgTnM.exe

C:\Windows\System\sSLGYzZ.exe

C:\Windows\System\sSLGYzZ.exe

C:\Windows\System\ibIgwzQ.exe

C:\Windows\System\ibIgwzQ.exe

C:\Windows\System\njXfHZE.exe

C:\Windows\System\njXfHZE.exe

C:\Windows\System\mhJejnv.exe

C:\Windows\System\mhJejnv.exe

C:\Windows\System\JooCtpg.exe

C:\Windows\System\JooCtpg.exe

C:\Windows\System\nYWtxkp.exe

C:\Windows\System\nYWtxkp.exe

C:\Windows\System\KkQHyeY.exe

C:\Windows\System\KkQHyeY.exe

C:\Windows\System\kwwugve.exe

C:\Windows\System\kwwugve.exe

C:\Windows\System\DvMrLQJ.exe

C:\Windows\System\DvMrLQJ.exe

C:\Windows\System\gbNVVXg.exe

C:\Windows\System\gbNVVXg.exe

C:\Windows\System\hfXKvVS.exe

C:\Windows\System\hfXKvVS.exe

C:\Windows\System\SgqYXzV.exe

C:\Windows\System\SgqYXzV.exe

C:\Windows\System\JRlTJEk.exe

C:\Windows\System\JRlTJEk.exe

C:\Windows\System\moUJQWq.exe

C:\Windows\System\moUJQWq.exe

C:\Windows\System\CbKFlPD.exe

C:\Windows\System\CbKFlPD.exe

C:\Windows\System\lLkqcaU.exe

C:\Windows\System\lLkqcaU.exe

C:\Windows\System\NuTfBjd.exe

C:\Windows\System\NuTfBjd.exe

C:\Windows\System\QXktOBB.exe

C:\Windows\System\QXktOBB.exe

C:\Windows\System\waMPePq.exe

C:\Windows\System\waMPePq.exe

C:\Windows\System\RSnPIeQ.exe

C:\Windows\System\RSnPIeQ.exe

C:\Windows\System\SgYeGgg.exe

C:\Windows\System\SgYeGgg.exe

C:\Windows\System\XAaWZbX.exe

C:\Windows\System\XAaWZbX.exe

C:\Windows\System\QWZlOdy.exe

C:\Windows\System\QWZlOdy.exe

C:\Windows\System\tKzWXHJ.exe

C:\Windows\System\tKzWXHJ.exe

C:\Windows\System\ExOHZPD.exe

C:\Windows\System\ExOHZPD.exe

C:\Windows\System\inthiwu.exe

C:\Windows\System\inthiwu.exe

C:\Windows\System\UMFGnOh.exe

C:\Windows\System\UMFGnOh.exe

C:\Windows\System\pLOWvsk.exe

C:\Windows\System\pLOWvsk.exe

C:\Windows\System\PdUAnlu.exe

C:\Windows\System\PdUAnlu.exe

C:\Windows\System\vHjRwZp.exe

C:\Windows\System\vHjRwZp.exe

C:\Windows\System\ghfuIVn.exe

C:\Windows\System\ghfuIVn.exe

C:\Windows\System\XguWinX.exe

C:\Windows\System\XguWinX.exe

C:\Windows\System\REZDwRS.exe

C:\Windows\System\REZDwRS.exe

C:\Windows\System\XVUUVVf.exe

C:\Windows\System\XVUUVVf.exe

C:\Windows\System\kokabtO.exe

C:\Windows\System\kokabtO.exe

C:\Windows\System\SSOSbbG.exe

C:\Windows\System\SSOSbbG.exe

C:\Windows\System\vthVQjG.exe

C:\Windows\System\vthVQjG.exe

C:\Windows\System\XdfSyis.exe

C:\Windows\System\XdfSyis.exe

C:\Windows\System\JugZROH.exe

C:\Windows\System\JugZROH.exe

C:\Windows\System\uuDSoMU.exe

C:\Windows\System\uuDSoMU.exe

C:\Windows\System\jDIXHQk.exe

C:\Windows\System\jDIXHQk.exe

C:\Windows\System\EwiNfEy.exe

C:\Windows\System\EwiNfEy.exe

C:\Windows\System\lvxGCYq.exe

C:\Windows\System\lvxGCYq.exe

C:\Windows\System\OhwtViH.exe

C:\Windows\System\OhwtViH.exe

C:\Windows\System\xovIOiv.exe

C:\Windows\System\xovIOiv.exe

C:\Windows\System\zPJFNLC.exe

C:\Windows\System\zPJFNLC.exe

C:\Windows\System\BpBBeig.exe

C:\Windows\System\BpBBeig.exe

C:\Windows\System\hhItHIH.exe

C:\Windows\System\hhItHIH.exe

C:\Windows\System\jHAtBGD.exe

C:\Windows\System\jHAtBGD.exe

C:\Windows\System\nFcHABF.exe

C:\Windows\System\nFcHABF.exe

C:\Windows\System\DtdUEDh.exe

C:\Windows\System\DtdUEDh.exe

C:\Windows\System\oIAizYY.exe

C:\Windows\System\oIAizYY.exe

C:\Windows\System\FxfmZNK.exe

C:\Windows\System\FxfmZNK.exe

C:\Windows\System\QsmOzyi.exe

C:\Windows\System\QsmOzyi.exe

C:\Windows\System\QLgRhlS.exe

C:\Windows\System\QLgRhlS.exe

C:\Windows\System\SaHcngF.exe

C:\Windows\System\SaHcngF.exe

C:\Windows\System\HAMmTUd.exe

C:\Windows\System\HAMmTUd.exe

C:\Windows\System\hnELqvT.exe

C:\Windows\System\hnELqvT.exe

C:\Windows\System\QBQchJD.exe

C:\Windows\System\QBQchJD.exe

C:\Windows\System\NTvspgb.exe

C:\Windows\System\NTvspgb.exe

C:\Windows\System\sIdVsHe.exe

C:\Windows\System\sIdVsHe.exe

C:\Windows\System\sHeqetx.exe

C:\Windows\System\sHeqetx.exe

C:\Windows\System\fEYFInX.exe

C:\Windows\System\fEYFInX.exe

C:\Windows\System\ZXRAeZe.exe

C:\Windows\System\ZXRAeZe.exe

C:\Windows\System\chKTlrO.exe

C:\Windows\System\chKTlrO.exe

C:\Windows\System\etrkuDs.exe

C:\Windows\System\etrkuDs.exe

C:\Windows\System\NArcBoc.exe

C:\Windows\System\NArcBoc.exe

C:\Windows\System\GSbxaIf.exe

C:\Windows\System\GSbxaIf.exe

C:\Windows\System\QULycYn.exe

C:\Windows\System\QULycYn.exe

C:\Windows\System\VrUkMJP.exe

C:\Windows\System\VrUkMJP.exe

C:\Windows\System\Nguqrur.exe

C:\Windows\System\Nguqrur.exe

C:\Windows\System\wctuMRa.exe

C:\Windows\System\wctuMRa.exe

C:\Windows\System\VDVJUbi.exe

C:\Windows\System\VDVJUbi.exe

C:\Windows\System\FbKNHbW.exe

C:\Windows\System\FbKNHbW.exe

C:\Windows\System\skUpiZk.exe

C:\Windows\System\skUpiZk.exe

C:\Windows\System\RpitpEz.exe

C:\Windows\System\RpitpEz.exe

C:\Windows\System\tGknZHo.exe

C:\Windows\System\tGknZHo.exe

C:\Windows\System\VPhbLtU.exe

C:\Windows\System\VPhbLtU.exe

C:\Windows\System\DDoFsWH.exe

C:\Windows\System\DDoFsWH.exe

C:\Windows\System\PAiZZHD.exe

C:\Windows\System\PAiZZHD.exe

C:\Windows\System\lYHdzmJ.exe

C:\Windows\System\lYHdzmJ.exe

C:\Windows\System\FTCwEfe.exe

C:\Windows\System\FTCwEfe.exe

C:\Windows\System\gNVqJnm.exe

C:\Windows\System\gNVqJnm.exe

C:\Windows\System\yFmqkzL.exe

C:\Windows\System\yFmqkzL.exe

C:\Windows\System\NfZHIuF.exe

C:\Windows\System\NfZHIuF.exe

C:\Windows\System\SogrLpL.exe

C:\Windows\System\SogrLpL.exe

C:\Windows\System\WCMtEFF.exe

C:\Windows\System\WCMtEFF.exe

C:\Windows\System\SaYAbLE.exe

C:\Windows\System\SaYAbLE.exe

C:\Windows\System\OtlvsrE.exe

C:\Windows\System\OtlvsrE.exe

C:\Windows\System\PAAqHVY.exe

C:\Windows\System\PAAqHVY.exe

C:\Windows\System\oplaKzR.exe

C:\Windows\System\oplaKzR.exe

C:\Windows\System\WYysedi.exe

C:\Windows\System\WYysedi.exe

C:\Windows\System\QvyxyMB.exe

C:\Windows\System\QvyxyMB.exe

C:\Windows\System\FarfNMJ.exe

C:\Windows\System\FarfNMJ.exe

C:\Windows\System\PMhWTym.exe

C:\Windows\System\PMhWTym.exe

C:\Windows\System\nZZQUyZ.exe

C:\Windows\System\nZZQUyZ.exe

C:\Windows\System\iEQwxLY.exe

C:\Windows\System\iEQwxLY.exe

C:\Windows\System\PMPlMrL.exe

C:\Windows\System\PMPlMrL.exe

C:\Windows\System\AxQdVFy.exe

C:\Windows\System\AxQdVFy.exe

C:\Windows\System\mqnXFUW.exe

C:\Windows\System\mqnXFUW.exe

C:\Windows\System\QdTXfTh.exe

C:\Windows\System\QdTXfTh.exe

C:\Windows\System\OOuBLao.exe

C:\Windows\System\OOuBLao.exe

C:\Windows\System\wkSFuwY.exe

C:\Windows\System\wkSFuwY.exe

C:\Windows\System\KEJXCqC.exe

C:\Windows\System\KEJXCqC.exe

C:\Windows\System\GOPjLmw.exe

C:\Windows\System\GOPjLmw.exe

C:\Windows\System\LzNTXAT.exe

C:\Windows\System\LzNTXAT.exe

C:\Windows\System\pKLiXgO.exe

C:\Windows\System\pKLiXgO.exe

C:\Windows\System\hQjmwdi.exe

C:\Windows\System\hQjmwdi.exe

C:\Windows\System\lfzVTbi.exe

C:\Windows\System\lfzVTbi.exe

C:\Windows\System\YrVSvEE.exe

C:\Windows\System\YrVSvEE.exe

C:\Windows\System\sBYzbVz.exe

C:\Windows\System\sBYzbVz.exe

C:\Windows\System\WfxLYjC.exe

C:\Windows\System\WfxLYjC.exe

C:\Windows\System\jzIeIsA.exe

C:\Windows\System\jzIeIsA.exe

C:\Windows\System\rhSfyxf.exe

C:\Windows\System\rhSfyxf.exe

C:\Windows\System\WIVKLUg.exe

C:\Windows\System\WIVKLUg.exe

C:\Windows\System\KuRnJhC.exe

C:\Windows\System\KuRnJhC.exe

C:\Windows\System\LFzRnka.exe

C:\Windows\System\LFzRnka.exe

C:\Windows\System\RaVYHDM.exe

C:\Windows\System\RaVYHDM.exe

C:\Windows\System\ZsHdDgO.exe

C:\Windows\System\ZsHdDgO.exe

C:\Windows\System\MMhawLd.exe

C:\Windows\System\MMhawLd.exe

C:\Windows\System\ugZQlAh.exe

C:\Windows\System\ugZQlAh.exe

C:\Windows\System\nnNmhER.exe

C:\Windows\System\nnNmhER.exe

C:\Windows\System\BodJVpB.exe

C:\Windows\System\BodJVpB.exe

C:\Windows\System\XiHuFbS.exe

C:\Windows\System\XiHuFbS.exe

C:\Windows\System\CgpPhuG.exe

C:\Windows\System\CgpPhuG.exe

C:\Windows\System\SHpDyNQ.exe

C:\Windows\System\SHpDyNQ.exe

C:\Windows\System\YGsbZIt.exe

C:\Windows\System\YGsbZIt.exe

C:\Windows\System\YuXVsec.exe

C:\Windows\System\YuXVsec.exe

C:\Windows\System\wKJQKTx.exe

C:\Windows\System\wKJQKTx.exe

C:\Windows\System\qpfhKWl.exe

C:\Windows\System\qpfhKWl.exe

C:\Windows\System\XZGGKZE.exe

C:\Windows\System\XZGGKZE.exe

C:\Windows\System\kRyojSi.exe

C:\Windows\System\kRyojSi.exe

C:\Windows\System\cVFIHZm.exe

C:\Windows\System\cVFIHZm.exe

C:\Windows\System\lXRxyUx.exe

C:\Windows\System\lXRxyUx.exe

C:\Windows\System\nMsuEvB.exe

C:\Windows\System\nMsuEvB.exe

C:\Windows\System\sUgovnD.exe

C:\Windows\System\sUgovnD.exe

C:\Windows\System\upODWix.exe

C:\Windows\System\upODWix.exe

C:\Windows\System\dtrkHbS.exe

C:\Windows\System\dtrkHbS.exe

C:\Windows\System\MNnlcoC.exe

C:\Windows\System\MNnlcoC.exe

C:\Windows\System\LiVawdA.exe

C:\Windows\System\LiVawdA.exe

C:\Windows\System\eAlQwYl.exe

C:\Windows\System\eAlQwYl.exe

C:\Windows\System\owNHQLK.exe

C:\Windows\System\owNHQLK.exe

C:\Windows\System\MzyFjti.exe

C:\Windows\System\MzyFjti.exe

C:\Windows\System\OZjneEi.exe

C:\Windows\System\OZjneEi.exe

C:\Windows\System\UGzaGHk.exe

C:\Windows\System\UGzaGHk.exe

C:\Windows\System\NJcbvdM.exe

C:\Windows\System\NJcbvdM.exe

C:\Windows\System\xXMHgql.exe

C:\Windows\System\xXMHgql.exe

C:\Windows\System\CjVYcMs.exe

C:\Windows\System\CjVYcMs.exe

C:\Windows\System\yjRZSjJ.exe

C:\Windows\System\yjRZSjJ.exe

C:\Windows\System\TwYFaVH.exe

C:\Windows\System\TwYFaVH.exe

C:\Windows\System\KVPtDey.exe

C:\Windows\System\KVPtDey.exe

C:\Windows\System\YHCfGNu.exe

C:\Windows\System\YHCfGNu.exe

C:\Windows\System\zYdHsbv.exe

C:\Windows\System\zYdHsbv.exe

C:\Windows\System\HbjTYeZ.exe

C:\Windows\System\HbjTYeZ.exe

C:\Windows\System\CrIUQfN.exe

C:\Windows\System\CrIUQfN.exe

C:\Windows\System\HQDyqTq.exe

C:\Windows\System\HQDyqTq.exe

C:\Windows\System\zBXghxT.exe

C:\Windows\System\zBXghxT.exe

C:\Windows\System\hdFbxuU.exe

C:\Windows\System\hdFbxuU.exe

C:\Windows\System\mujWbpP.exe

C:\Windows\System\mujWbpP.exe

C:\Windows\System\IACAmgr.exe

C:\Windows\System\IACAmgr.exe

C:\Windows\System\dLzkAGB.exe

C:\Windows\System\dLzkAGB.exe

C:\Windows\System\WFblMpp.exe

C:\Windows\System\WFblMpp.exe

C:\Windows\System\CDFmSwy.exe

C:\Windows\System\CDFmSwy.exe

C:\Windows\System\aNocIfn.exe

C:\Windows\System\aNocIfn.exe

C:\Windows\System\HLDwduc.exe

C:\Windows\System\HLDwduc.exe

C:\Windows\System\uZYfnts.exe

C:\Windows\System\uZYfnts.exe

C:\Windows\System\OAUwFbO.exe

C:\Windows\System\OAUwFbO.exe

C:\Windows\System\jzNWWDg.exe

C:\Windows\System\jzNWWDg.exe

C:\Windows\System\xAWXTNJ.exe

C:\Windows\System\xAWXTNJ.exe

C:\Windows\System\cpFrpIC.exe

C:\Windows\System\cpFrpIC.exe

C:\Windows\System\lODPuHK.exe

C:\Windows\System\lODPuHK.exe

C:\Windows\System\imDOMNI.exe

C:\Windows\System\imDOMNI.exe

C:\Windows\System\zwmMPcU.exe

C:\Windows\System\zwmMPcU.exe

C:\Windows\System\GYENAEO.exe

C:\Windows\System\GYENAEO.exe

C:\Windows\System\HgcZpIl.exe

C:\Windows\System\HgcZpIl.exe

C:\Windows\System\vIUTQdl.exe

C:\Windows\System\vIUTQdl.exe

C:\Windows\System\RtssHWk.exe

C:\Windows\System\RtssHWk.exe

C:\Windows\System\XxZCRRK.exe

C:\Windows\System\XxZCRRK.exe

C:\Windows\System\trjlYsY.exe

C:\Windows\System\trjlYsY.exe

C:\Windows\System\IIRDcjK.exe

C:\Windows\System\IIRDcjK.exe

C:\Windows\System\KtyCUXm.exe

C:\Windows\System\KtyCUXm.exe

C:\Windows\System\WROfjLy.exe

C:\Windows\System\WROfjLy.exe

C:\Windows\System\uwSBnTc.exe

C:\Windows\System\uwSBnTc.exe

C:\Windows\System\CnkGZIm.exe

C:\Windows\System\CnkGZIm.exe

C:\Windows\System\JePxwIz.exe

C:\Windows\System\JePxwIz.exe

C:\Windows\System\pCTBdpV.exe

C:\Windows\System\pCTBdpV.exe

C:\Windows\System\PIpUlYP.exe

C:\Windows\System\PIpUlYP.exe

C:\Windows\System\bXYXiXj.exe

C:\Windows\System\bXYXiXj.exe

C:\Windows\System\JErbVHD.exe

C:\Windows\System\JErbVHD.exe

C:\Windows\System\UaXieNE.exe

C:\Windows\System\UaXieNE.exe

C:\Windows\System\kbgYoDx.exe

C:\Windows\System\kbgYoDx.exe

C:\Windows\System\Ycfzhtu.exe

C:\Windows\System\Ycfzhtu.exe

C:\Windows\System\EyUohYb.exe

C:\Windows\System\EyUohYb.exe

C:\Windows\System\UoGJzjs.exe

C:\Windows\System\UoGJzjs.exe

C:\Windows\System\bAWJDBV.exe

C:\Windows\System\bAWJDBV.exe

C:\Windows\System\BTAfExO.exe

C:\Windows\System\BTAfExO.exe

C:\Windows\System\amUPtup.exe

C:\Windows\System\amUPtup.exe

C:\Windows\System\ZrHXwqP.exe

C:\Windows\System\ZrHXwqP.exe

C:\Windows\System\cpyEXok.exe

C:\Windows\System\cpyEXok.exe

C:\Windows\System\qpBjdvX.exe

C:\Windows\System\qpBjdvX.exe

C:\Windows\System\iinQONm.exe

C:\Windows\System\iinQONm.exe

C:\Windows\System\wyBuLjI.exe

C:\Windows\System\wyBuLjI.exe

C:\Windows\System\hrAgNCs.exe

C:\Windows\System\hrAgNCs.exe

C:\Windows\System\UdQWUzm.exe

C:\Windows\System\UdQWUzm.exe

C:\Windows\System\sDxPKXd.exe

C:\Windows\System\sDxPKXd.exe

C:\Windows\System\BULElcJ.exe

C:\Windows\System\BULElcJ.exe

C:\Windows\System\sgAlksT.exe

C:\Windows\System\sgAlksT.exe

C:\Windows\System\KnlCuDK.exe

C:\Windows\System\KnlCuDK.exe

C:\Windows\System\mlPrCDp.exe

C:\Windows\System\mlPrCDp.exe

C:\Windows\System\hlHCfDt.exe

C:\Windows\System\hlHCfDt.exe

C:\Windows\System\vDCpFzY.exe

C:\Windows\System\vDCpFzY.exe

C:\Windows\System\VUHzSKP.exe

C:\Windows\System\VUHzSKP.exe

C:\Windows\System\ArTAurB.exe

C:\Windows\System\ArTAurB.exe

C:\Windows\System\pJqVzYH.exe

C:\Windows\System\pJqVzYH.exe

C:\Windows\System\ueWZTnJ.exe

C:\Windows\System\ueWZTnJ.exe

C:\Windows\System\HQbcoJl.exe

C:\Windows\System\HQbcoJl.exe

C:\Windows\System\DJAiqnF.exe

C:\Windows\System\DJAiqnF.exe

C:\Windows\System\yAjYvcA.exe

C:\Windows\System\yAjYvcA.exe

C:\Windows\System\oRgcVRi.exe

C:\Windows\System\oRgcVRi.exe

C:\Windows\System\zDHLMxw.exe

C:\Windows\System\zDHLMxw.exe

C:\Windows\System\uwyBvyO.exe

C:\Windows\System\uwyBvyO.exe

C:\Windows\System\OyZJNSz.exe

C:\Windows\System\OyZJNSz.exe

C:\Windows\System\wKxagre.exe

C:\Windows\System\wKxagre.exe

C:\Windows\System\TbdBeht.exe

C:\Windows\System\TbdBeht.exe

C:\Windows\System\AAqsbJH.exe

C:\Windows\System\AAqsbJH.exe

C:\Windows\System\omyYJsB.exe

C:\Windows\System\omyYJsB.exe

C:\Windows\System\oORsOhf.exe

C:\Windows\System\oORsOhf.exe

C:\Windows\System\JqoUbqT.exe

C:\Windows\System\JqoUbqT.exe

C:\Windows\System\fkmGrsr.exe

C:\Windows\System\fkmGrsr.exe

C:\Windows\System\vbseqKA.exe

C:\Windows\System\vbseqKA.exe

C:\Windows\System\qvbDADD.exe

C:\Windows\System\qvbDADD.exe

C:\Windows\System\NjDuCuX.exe

C:\Windows\System\NjDuCuX.exe

C:\Windows\System\LopypBZ.exe

C:\Windows\System\LopypBZ.exe

C:\Windows\System\pNAEllH.exe

C:\Windows\System\pNAEllH.exe

C:\Windows\System\HuVOFou.exe

C:\Windows\System\HuVOFou.exe

C:\Windows\System\vKqeUhL.exe

C:\Windows\System\vKqeUhL.exe

C:\Windows\System\admYDHn.exe

C:\Windows\System\admYDHn.exe

C:\Windows\System\xJJhlut.exe

C:\Windows\System\xJJhlut.exe

C:\Windows\System\cNECAQE.exe

C:\Windows\System\cNECAQE.exe

C:\Windows\System\CPuZbqQ.exe

C:\Windows\System\CPuZbqQ.exe

C:\Windows\System\aqcpkOq.exe

C:\Windows\System\aqcpkOq.exe

C:\Windows\System\SXDJeKg.exe

C:\Windows\System\SXDJeKg.exe

C:\Windows\System\urDCZDz.exe

C:\Windows\System\urDCZDz.exe

C:\Windows\System\tvSjAdI.exe

C:\Windows\System\tvSjAdI.exe

C:\Windows\System\uafYAwy.exe

C:\Windows\System\uafYAwy.exe

C:\Windows\System\QgBrOtY.exe

C:\Windows\System\QgBrOtY.exe

C:\Windows\System\RXmRzzk.exe

C:\Windows\System\RXmRzzk.exe

C:\Windows\System\iTOAwsu.exe

C:\Windows\System\iTOAwsu.exe

C:\Windows\System\OLICkhE.exe

C:\Windows\System\OLICkhE.exe

C:\Windows\System\FHAgTvD.exe

C:\Windows\System\FHAgTvD.exe

C:\Windows\System\StTUTOp.exe

C:\Windows\System\StTUTOp.exe

C:\Windows\System\TzYkEgK.exe

C:\Windows\System\TzYkEgK.exe

C:\Windows\System\NRXphSj.exe

C:\Windows\System\NRXphSj.exe

C:\Windows\System\vHSndST.exe

C:\Windows\System\vHSndST.exe

C:\Windows\System\sLoiPKk.exe

C:\Windows\System\sLoiPKk.exe

C:\Windows\System\tIhzhLQ.exe

C:\Windows\System\tIhzhLQ.exe

C:\Windows\System\GVTslNe.exe

C:\Windows\System\GVTslNe.exe

C:\Windows\System\qmCkYQp.exe

C:\Windows\System\qmCkYQp.exe

C:\Windows\System\IzVXzTF.exe

C:\Windows\System\IzVXzTF.exe

C:\Windows\System\ennVeMJ.exe

C:\Windows\System\ennVeMJ.exe

C:\Windows\System\ksyYesd.exe

C:\Windows\System\ksyYesd.exe

C:\Windows\System\fdAfgXF.exe

C:\Windows\System\fdAfgXF.exe

C:\Windows\System\MCJrfKe.exe

C:\Windows\System\MCJrfKe.exe

C:\Windows\System\RvAJWNE.exe

C:\Windows\System\RvAJWNE.exe

C:\Windows\System\GZFVKtN.exe

C:\Windows\System\GZFVKtN.exe

C:\Windows\System\aCKgZpM.exe

C:\Windows\System\aCKgZpM.exe

C:\Windows\System\PqbfifP.exe

C:\Windows\System\PqbfifP.exe

C:\Windows\System\IeImpqn.exe

C:\Windows\System\IeImpqn.exe

C:\Windows\System\kWuEPiq.exe

C:\Windows\System\kWuEPiq.exe

C:\Windows\System\yqiHgsX.exe

C:\Windows\System\yqiHgsX.exe

C:\Windows\System\rFysyAV.exe

C:\Windows\System\rFysyAV.exe

C:\Windows\System\jWWCRRp.exe

C:\Windows\System\jWWCRRp.exe

C:\Windows\System\PowYUxQ.exe

C:\Windows\System\PowYUxQ.exe

C:\Windows\System\jcuZkGY.exe

C:\Windows\System\jcuZkGY.exe

C:\Windows\System\GrtkJPQ.exe

C:\Windows\System\GrtkJPQ.exe

C:\Windows\System\snKZwoI.exe

C:\Windows\System\snKZwoI.exe

C:\Windows\System\KwbOaNK.exe

C:\Windows\System\KwbOaNK.exe

C:\Windows\System\AWTmbpL.exe

C:\Windows\System\AWTmbpL.exe

C:\Windows\System\ODxZkJS.exe

C:\Windows\System\ODxZkJS.exe

C:\Windows\System\XeNKJdT.exe

C:\Windows\System\XeNKJdT.exe

C:\Windows\System\uBwlNFI.exe

C:\Windows\System\uBwlNFI.exe

C:\Windows\System\oReQfDd.exe

C:\Windows\System\oReQfDd.exe

C:\Windows\System\QMHhhPS.exe

C:\Windows\System\QMHhhPS.exe

C:\Windows\System\GsULaUw.exe

C:\Windows\System\GsULaUw.exe

C:\Windows\System\zcvzTdc.exe

C:\Windows\System\zcvzTdc.exe

C:\Windows\System\YSgQTRn.exe

C:\Windows\System\YSgQTRn.exe

C:\Windows\System\EqTdmLX.exe

C:\Windows\System\EqTdmLX.exe

C:\Windows\System\mnOYCMf.exe

C:\Windows\System\mnOYCMf.exe

C:\Windows\System\GJtwAMg.exe

C:\Windows\System\GJtwAMg.exe

C:\Windows\System\RoCkUjQ.exe

C:\Windows\System\RoCkUjQ.exe

C:\Windows\System\vZPIBQn.exe

C:\Windows\System\vZPIBQn.exe

C:\Windows\System\YixEMpw.exe

C:\Windows\System\YixEMpw.exe

C:\Windows\System\oWfaHgX.exe

C:\Windows\System\oWfaHgX.exe

C:\Windows\System\tvqbwel.exe

C:\Windows\System\tvqbwel.exe

C:\Windows\System\aBhtIPe.exe

C:\Windows\System\aBhtIPe.exe

C:\Windows\System\ljTgpod.exe

C:\Windows\System\ljTgpod.exe

C:\Windows\System\oOhVgqv.exe

C:\Windows\System\oOhVgqv.exe

C:\Windows\System\lwvkFLH.exe

C:\Windows\System\lwvkFLH.exe

C:\Windows\System\KTqbnPW.exe

C:\Windows\System\KTqbnPW.exe

C:\Windows\System\PNKBySp.exe

C:\Windows\System\PNKBySp.exe

C:\Windows\System\aqRBxcC.exe

C:\Windows\System\aqRBxcC.exe

C:\Windows\System\dvMSYGv.exe

C:\Windows\System\dvMSYGv.exe

C:\Windows\System\NVVHBVm.exe

C:\Windows\System\NVVHBVm.exe

C:\Windows\System\CReoGlg.exe

C:\Windows\System\CReoGlg.exe

C:\Windows\System\faJZWlq.exe

C:\Windows\System\faJZWlq.exe

C:\Windows\System\QfOvAcA.exe

C:\Windows\System\QfOvAcA.exe

C:\Windows\System\fDuoNMz.exe

C:\Windows\System\fDuoNMz.exe

C:\Windows\System\hWjbtQc.exe

C:\Windows\System\hWjbtQc.exe

C:\Windows\System\YTiEcbD.exe

C:\Windows\System\YTiEcbD.exe

C:\Windows\System\YPHBMVX.exe

C:\Windows\System\YPHBMVX.exe

C:\Windows\System\EpdcNPH.exe

C:\Windows\System\EpdcNPH.exe

C:\Windows\System\vbKPrbf.exe

C:\Windows\System\vbKPrbf.exe

C:\Windows\System\TaqvdXq.exe

C:\Windows\System\TaqvdXq.exe

C:\Windows\System\hmVytOf.exe

C:\Windows\System\hmVytOf.exe

C:\Windows\System\memGBfo.exe

C:\Windows\System\memGBfo.exe

C:\Windows\System\NCZAPFX.exe

C:\Windows\System\NCZAPFX.exe

C:\Windows\System\ffhEDNE.exe

C:\Windows\System\ffhEDNE.exe

C:\Windows\System\cUrJbXv.exe

C:\Windows\System\cUrJbXv.exe

C:\Windows\System\qCQLgWw.exe

C:\Windows\System\qCQLgWw.exe

C:\Windows\System\LUdBtEf.exe

C:\Windows\System\LUdBtEf.exe

C:\Windows\System\LffDuHw.exe

C:\Windows\System\LffDuHw.exe

C:\Windows\System\mySjnlN.exe

C:\Windows\System\mySjnlN.exe

C:\Windows\System\CKuiacu.exe

C:\Windows\System\CKuiacu.exe

C:\Windows\System\CDeiGgW.exe

C:\Windows\System\CDeiGgW.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/796-0-0x00007FF76D8E0000-0x00007FF76DC31000-memory.dmp

memory/796-1-0x000001E528E60000-0x000001E528E70000-memory.dmp

C:\Windows\System\jShgTnM.exe

MD5 cfd4acc920221585e7dcb82e6bcc9994
SHA1 1cb4973ccbff03f7ab406a25914a480ae3ba4c1d
SHA256 84aadfbcb948ddae88eb8a752df384b162cd6082812f178a3ce6922ff6f57745
SHA512 1f603adf6d4ac870d694c7c8d562ae8ca9464668bea4f9462f79692ab3f82b8926ee6d08302e83d56d9fcecdfbcb8d790601c01c3c665c32a4eefe394ce45714

C:\Windows\System\sSLGYzZ.exe

MD5 cd0c3f5cb3274ff4d8947fccbd46cf0c
SHA1 8fd9598cea024af4eaedf2ff0605c694f16cf0bb
SHA256 7112235af41d106afb97ab8a13db058ef2d112fdf4e29332f9346000898dd862
SHA512 4b1eb5be78d6545f23e48a7ccf987229fd9115ee502f160a12353af2925b3e093a6868640264fa96a37296477b8728f9e6969a06d62cace43641b3531469bcf8

C:\Windows\System\gbNVVXg.exe

MD5 f3acb322bce711430f0a0b9192db992a
SHA1 710b7d5baea44521e0b348e759e8e84b789312ed
SHA256 f8411da1b40f462ea417699fefb714a11cf69d4d567d9e59a24d46b89b7ecb4a
SHA512 e23b78283450eb1fa210593a45bfa8eb55a497ca9943b67f25a84c335115d27af1474b07460fe85288438df9e453e134a59874ae95a5f41f21a13dee6490a578

C:\Windows\System\NuTfBjd.exe

MD5 beb092d0916a54c041c7043d5f67300d
SHA1 9adaf42f26c2f1122bdde807083e42291ca6ae1f
SHA256 06d406cd4a14ff24cdff893e3a7a9226fe7e5292c2ef84e0bbbb2b1874712aab
SHA512 9543bca13cd8abd144a68f37d427ba50b72b051a7614f0274f266b47131efca0e76889ee99c18ead9337277ec9a434d9c5af89ca0d7a5537e2b783dc4481530b

memory/2776-239-0x00007FF7077E0000-0x00007FF707B31000-memory.dmp

memory/3164-296-0x00007FF6290B0000-0x00007FF629401000-memory.dmp

memory/2796-378-0x00007FF70F3A0000-0x00007FF70F6F1000-memory.dmp

C:\Windows\System\XdfSyis.exe

MD5 22b9a6bd6de9599f8dcb6cd89e4b2cc5
SHA1 9551392b2f350037a8a913467e74aef327da0dbc
SHA256 fddd42191afbfc3a18a117a10019157d53c78d1daae6688cf85a545c188faa2b
SHA512 d8197f37ba223396bc4bfa69ba858ab4024f200d8845edf5fbbe2272569c2d9bf362ed95267854adf0df4add5afb3b8f34adb5066cd9c4e746aac0afa7c536cb

C:\Windows\System\lLkqcaU.exe

MD5 2b8cd5c090348e8ba171246ba485a316
SHA1 9ff233178d6ddd6d3b852e82aa09f3ff9f2cdb17
SHA256 9ece39960ea98d8e5a36b87716a78ccce53acbefcc9f59f9afde876a2c91c437
SHA512 e94b3dbf155c54b522c31c800e0ba672631dfff0912fb2f727e062a082ac28f01f3f77c8831826f795451a2e2bc532227a0cc06a99765fe67ae477a61b6b8762

memory/3992-242-0x00007FF653610000-0x00007FF653961000-memory.dmp

C:\Windows\System\vthVQjG.exe

MD5 d06adca061ddb73835017c9331c11493
SHA1 852771684df6f2eaaf71ca99085d12d39ee915d2
SHA256 44a1b5aa2fed2c20d2a8a5b646570c409b49b72c2babd7150eb60164a54aca5a
SHA512 dfe39a70ae286b62518abbc467fa95cdf856bc8dbc77f6952f98c245951421d06a4b2e6f7dbb7f4c0a7321e2521b1a99b8e438da1a7db310fe7a2f57ae89a489

C:\Windows\System\SSOSbbG.exe

MD5 a4d672d67a397b32fda2c630d23c1b13
SHA1 8b8323dab6f86fca094cd5b8656b592b1a50884b
SHA256 c15ac861cfc3ffc8885ec8c8093ac5408381eddc97313ad60bac974f854fbb5b
SHA512 4cf9d61125259905ba681aa93eb3c4d50763127e3c7b75a30e1b09b7605d83e7c55ff0bec0d56b107a85523526cdd76df9d54d67ec661425bb7b096cffd923a4

C:\Windows\System\XVUUVVf.exe

MD5 0848678eb8e107cd1ffb7ad033d6616a
SHA1 2c022878f34b7b5aa0f02d739cff2982fbd2e05b
SHA256 962e5138cff4792741404b942ad959e4d1f264d8c971459e5330452e9e5be07c
SHA512 191b0a38bcb0aa3345779e0e65bbc50eae9eb28568af29060f575305b5168d3a526a5ca7b93946a5c4788d256d4604ceb627c6badfb0de0e948704ea1a95f545

C:\Windows\System\QWZlOdy.exe

MD5 1bfd161df3ae8cfb6b98f66c9fa82baa
SHA1 9ff83c98f871336543f8a397d144a6de1649d2f9
SHA256 0900338fa5638d8ec90cf12eda6077d3b5b85e52d1825fe7c57f81e72e7ee851
SHA512 da58ba93b046e47bca98114fda2a3dd3c51a4bc7df3c8470c4b74df9cc0f1d959b024c591b7900aaf28e4e5a2172dc65308cfd646b3c04352d4a48c4f7e24064

C:\Windows\System\RSnPIeQ.exe

MD5 13e2dfb35963e5a55ccbe3070bc85135
SHA1 79a8ebaddc6041e1852fcf58d7fb134ab13aa723
SHA256 8eacffe07c98b4f9890c4f4945e1e4738088c22263c237ad1a374bfdf0d74234
SHA512 7e4d8ffa9f654d5f8b2938c67a0d17fe9c707573412c4bc00a5d13b949e8e1ef79c14c1654f0d102bea07b85c8909cb24938fdf7bcd8b73a2480c03d8d963eae

C:\Windows\System\REZDwRS.exe

MD5 dacce2d5c59910964b8a5b870a9c931d
SHA1 6ded09913aa926ce59c051b4992a0826fae3a613
SHA256 9c9b1e4ced29c03df0947eb92ab1f02bd269bc859cf46cb77763f41738f7f016
SHA512 c0ab772869b3be8db85fec368f3e97ef4f61b356417f7b218aae6b8006fe0d9d5f965e6bc95fd3cb799f86f9c1208e42d9841031a1a59ef5d0a80772aea7b411

C:\Windows\System\XguWinX.exe

MD5 03a35baebfdad97fb97d19d608c27d94
SHA1 477d65ac132df12e83adff79b25b392323dc5589
SHA256 0d5f0fbf0b5284882e4d59456ec9646aab0b003f32981daddef906a0227febb1
SHA512 c383d864ec2b3662e1bc2234f50b3c4ef39b114f06da712832e0c920c99ac24aa48af540d4e40fe940a1f642b24078bd1a2bb5e72b6d6e6de5768d51fe3074f5

C:\Windows\System\JRlTJEk.exe

MD5 e0556a63902d3cf3cd95888a7b91bf70
SHA1 c852464c2dbccc1cab73dd4535f83220e53d7433
SHA256 047cb3dbf5e49dbff17f16779562f3537ce82c8b50392383b873b468626dd15e
SHA512 56bce8ce5c067687a0c8db764f429db88961e0629cdb1dd9e8dd3100d99a310600d1daba0f203226af41f9a02fd852dd1102d8fee0ddc10cbe311b0bf88d691a

C:\Windows\System\ghfuIVn.exe

MD5 ae6aa214af5a12e9494a84546e3c88df
SHA1 463c741ab05e9daa9fa99005239182da31fc69e0
SHA256 be2f140361079bcad05b7b4fa1354762c8cf40d3d6dbef0fa31465e61ed32b81
SHA512 c6c2a92c9d99b6699bb79b5bd1a0b57ccf540906f5f5200468f870edbf8a92a66c31f3640b53a0e9f1abc29233e341cdfd4bf1e428f99d7c79d00af3c478af64

C:\Windows\System\vHjRwZp.exe

MD5 179a4fb8b7d2599b34782237aed3c24c
SHA1 bbf205ffc573bfb7f998466db33224be7125fc72
SHA256 7cef4037068f4d669c26a6ec3c4cf12f9b7eff8c5f8f38ddb35ab5aeb04a4b26
SHA512 4413ff53ee0448db1bcb1da011f047e03d1d9616f835f8fbbb7eb496960c38904e34f319b2974050ca68f591d12dbc031fcc185fe34875f9276241e69cba0894

C:\Windows\System\PdUAnlu.exe

MD5 aa8fcf66b18efd1f21a65432ac80cf8e
SHA1 c35024de40dceb7a727732b5328f144d1c71371c
SHA256 04c34b1f53024e1476b961a2ea4c31e89ed2467ef68eb7fdb2208cc269a00094
SHA512 126966c3f8b2eb4560f95154bf4a4c62f27ec38e8f6b170c9f4a516c505a72228123113c1a3695e5d385224564ac2a3fa05564fd93ca5f6729a14573613b093c

C:\Windows\System\QXktOBB.exe

MD5 4b3d571a68c75912782e48b0f61001b3
SHA1 d5483dc50bed9a0b316db89f84d4abc6973a3be9
SHA256 adc97fe9c651428b0719bde61463ab74fe7fa0828aed46c79e3d6c59bb60b582
SHA512 1ae2fa5adb2196a1302fcbcab82f6456c4443f78c7f0f738a3f8e68edd794225bfe1591fc0f92b2aaada2b4db88ff636c84bd700cfa51eae6f0a7f391dbc0de2

C:\Windows\System\hfXKvVS.exe

MD5 4660332edee17bd66b901fcd0973ba3e
SHA1 e14788413fe0a07cf9b322795dcb05a656e19a3e
SHA256 b36259c7e41f0f8c81ececdf02ee7663c9d472484a581e6df9e94b183998dd54
SHA512 ef139490f487c2dc3b66ea62c1856df5fbbf0e3d51b655dde21f4d4bb4d9d9290387fc4f4ef917dc31131d7f2b2d827d26611df75840e5b81fe05b82a300c3ac

C:\Windows\System\pLOWvsk.exe

MD5 266f2005e2e7385f8497690d1eb27488
SHA1 a7c02dda0f5094163b3523d7f389e87cca08c080
SHA256 08f7577c8c94c12b77a6462ba91f4a12edbe0de6077023b27c4fdd1bc1024d1b
SHA512 55c251a30aa1229e22f46512807776076a33a52451bc862b5372b05d580ce135d8121ce4a5fc402bf5869b3a3fcafb9c1398929f2f0804d0c4c03cf939fb91b9

C:\Windows\System\UMFGnOh.exe

MD5 f178fc8f5ca350ba1adeeb8b508d6f92
SHA1 cc78729eef978134bcb502b446d5e52ca2ae53d5
SHA256 7951f7f72d58a1f6fa3f03708390ebd72e9eb854717cd511ea41c43a24db6726
SHA512 d851ba93506f028824dacd3cc9e1c3e2ec192a62d2e9568c79a78590978b0d4985137281fcd17e00e0293705dbd9a034276f7f1720bae6d77426d1f19eda0556

C:\Windows\System\inthiwu.exe

MD5 4deb5784635afdc84b71899d727b6f27
SHA1 905e75f4cba5881e1034daa07108d764524f21de
SHA256 6b0b832d4fb1a6d66bae6371c9dae8c7fde5ca5ad51b5240c633b76692d3072b
SHA512 b28becd02586d9625b84b75d311145c62b8170ad2bab345f342f4ef3cfc6435b97cf8992ea2764400f0cfa681a8d0ca5294996825f196aab152129e1f1db080a

C:\Windows\System\ExOHZPD.exe

MD5 178cfcb79b036a30af81e961d1ac1a57
SHA1 86b356c28092bae8f19c9fd70e417b5494a8ed83
SHA256 aae5279545d5f20f88b730dacbdabb25b416481f09dbfccaddd106e15c1fbf4a
SHA512 fcb02bef06d34b172711ca4bbbcac6621643db2ff52d63787aac4a1f976485f82a449e331585244bcc01f8b61da5a1b711abbb1c1003cc70b4bb9e463b30e531

C:\Windows\System\CbKFlPD.exe

MD5 130fc39c4b83669a87e69e0d86fded19
SHA1 0e90cc4c2c6da2da3e111e4e51c56ecb697dabf6
SHA256 cacbd637a150cb4e3b7c410af3244a9733495f2f4470f82587f885bb7947d926
SHA512 77d48fa5b4993804fcb774f61e4e061d7966ce9cd04a0c9676c0a72281e075c395a4f25408d1d72ed69a1830443008f425770275f4e1094463ac8e2168d22326

memory/2444-191-0x00007FF6FB7D0000-0x00007FF6FBB21000-memory.dmp

memory/4496-510-0x00007FF7C7DF0000-0x00007FF7C8141000-memory.dmp

memory/2344-648-0x00007FF68FBB0000-0x00007FF68FF01000-memory.dmp

memory/2772-686-0x00007FF7B6F40000-0x00007FF7B7291000-memory.dmp

memory/2528-690-0x00007FF6538D0000-0x00007FF653C21000-memory.dmp

memory/2128-692-0x00007FF76F9A0000-0x00007FF76FCF1000-memory.dmp

memory/3784-691-0x00007FF756EA0000-0x00007FF7571F1000-memory.dmp

memory/4432-689-0x00007FF632940000-0x00007FF632C91000-memory.dmp

memory/4132-688-0x00007FF7A4A30000-0x00007FF7A4D81000-memory.dmp

memory/5004-687-0x00007FF68C8E0000-0x00007FF68CC31000-memory.dmp

memory/1788-685-0x00007FF615E20000-0x00007FF616171000-memory.dmp

memory/2204-684-0x00007FF63E830000-0x00007FF63EB81000-memory.dmp

memory/3232-683-0x00007FF7E6BD0000-0x00007FF7E6F21000-memory.dmp

memory/2144-682-0x00007FF7EF430000-0x00007FF7EF781000-memory.dmp

memory/704-681-0x00007FF6F4B50000-0x00007FF6F4EA1000-memory.dmp

memory/1824-647-0x00007FF7FBA00000-0x00007FF7FBD51000-memory.dmp

memory/1436-447-0x00007FF6A8AA0000-0x00007FF6A8DF1000-memory.dmp

memory/3056-446-0x00007FF61CC50000-0x00007FF61CFA1000-memory.dmp

C:\Windows\System\kokabtO.exe

MD5 a6808059e421a7a9f354c207ffcf7a91
SHA1 b0d8c9fe42aca54c998f33845140f8060fc82adb
SHA256 8c8bb1caa7497d617a308c1fc123719dc34619310ad4b4e389ef27cb8c9719b1
SHA512 5accff42fa38ba84b5e6d002f3a39918ce2639592fbb01b0d5ebe1d3134b148f978514b500ddf28b6f80facd9cc757401f465a64a921d77bf389acf02bee9f37

C:\Windows\System\tKzWXHJ.exe

MD5 228009f334c49e31a73a0311aa1adea4
SHA1 838d89fbfd3469ff12424e65a1f98c0d59097140
SHA256 1d2268e3a69f8dc1b9026fe07a5389b7a895d3da7d94fe98dc1fa92006c072e6
SHA512 e04b72cba86a08ab7e73029bbe83ebc7f9c5757e1fa4f6c6115e5a1c8a22248ebf87557c23c4554b54db666e69eabbad8be5f093780c7761698c047c79df132b

C:\Windows\System\XAaWZbX.exe

MD5 34dea1cefc28c3e5f778e24d82148d35
SHA1 474fd8895e1f66734757ba68e302b140fe33c704
SHA256 48655e18fdfa88ed350376d3bdb1ae9ed83140da041a4ac25180f82114c2a1cc
SHA512 3824137522078d45ee1b2a572617a4741b8dc3124b9f3231afdb000c38bb0600d1da4f73a77b4fde6294efe112f39dfcebd3a4b273b7b6cb3b2233181993b823

C:\Windows\System\SgYeGgg.exe

MD5 4e40b1e65b5cece130fcaa5df7dc0bf9
SHA1 7227344e7ccd9ad7018b8ef0ded767f16a9a455d
SHA256 ebf90e79fa31669dc171582d2de877d03d63f05d3c2b571095b55c6e35bfd7ab
SHA512 fc9d904e6ade5044b8e1a9c6b5924109714b4c3e778eff920b6a1f76b7d9fd8af7fdffbcafd5e682c105f600cae20eef271a35a28f5ac54475033ea08cb630ce

C:\Windows\System\waMPePq.exe

MD5 a22c0efa9c3d9ff732672811477f617a
SHA1 74ba29f2052f4c99fe712b5d6c8de5f0da8de47a
SHA256 5ef3d3c651de7a0f3e095865fc8c17037f24ba3a89db13a344acb1dc502c4b76
SHA512 3254126aa2acfc40a16b0296ef9886ade100ff6542c1c5d8199eaa7d28abb7fc60f0326c498f3e739a1cc8ec6fdb028c78c9ead85952fd87825001015343d084

C:\Windows\System\moUJQWq.exe

MD5 a953dedbfd6c0c3cbd205a27fa7e0e18
SHA1 163eb8a2a43be3fb89c6b9f8297747fe12e3c304
SHA256 9c2d92384cc328819938a6fabc54f145b5ef30adfd2881c126785b62bf4a57c1
SHA512 07bc578a7e7de58ad158bf1af42648144434924dc5cc1b1156f1bc55b50da8dd877aea32c1b963b3e3486fb34c7bd7faa7855457ce1b126fe224b0960a0ecb51

C:\Windows\System\SgqYXzV.exe

MD5 3540e11a8d86cfcb929e8ad3225c3978
SHA1 5064afe306599ce9a23a89bf78fdd56987e84104
SHA256 84210f7bb4a0f0d133d8ff7585994b35437e16e3c70a58ce56f655b332cea363
SHA512 e41bac61b7acb1e0d7c34b914ed0dd4fb3facc7a3904f62be7131ffe9d90950a0e8c5edca57a71b88e9cd1555473519cc6d9d0e8d84121022d0ac867602c6e12

C:\Windows\System\JooCtpg.exe

MD5 244ad0e107734c00701bef2a33f3f427
SHA1 03f925f8e09b217fb47d50717132f7ccea50ec3f
SHA256 4f8e4d4b2869679707a26995baf1085fb81645604f6100cdcb15ecc6faed62bc
SHA512 b86d3d5991ef4ebe8f3d11f52003b03e0ac51b2e2a222fa4cc2ada06d4aa6a6edf40855e2252a88611306387d5b27eb5f45044faa2b938117fbf391c5f629f8e

C:\Windows\System\DvMrLQJ.exe

MD5 2a6e6a6e7f0de4eb9bfab0b3a360fe61
SHA1 0553484ae2262697fdc3113a3bd5faa9156a2930
SHA256 d6d3c783b7c1891e144015ed78077127910b26765a964bdea3c4d439d1ffcff4
SHA512 e60e6167e94423d473fbd6793cd85268b9161c5be54bbbc3ef9144dd55bc43f4a7416536fcf0275e2324c82a0a60e390acb7fd9941d28cce05ee551c1d8ccdde

memory/4156-131-0x00007FF7E90B0000-0x00007FF7E9401000-memory.dmp

memory/2544-84-0x00007FF717690000-0x00007FF7179E1000-memory.dmp

memory/1896-81-0x00007FF74F700000-0x00007FF74FA51000-memory.dmp

C:\Windows\System\mhJejnv.exe

MD5 e98a51e8448794a5bc92e385718bc0fa
SHA1 15c26fac8dcc0fa32f20b39adf3522b3a1be2549
SHA256 1baada791b3721bd585a61c0a7fc739b4a6ec03e5271f5cd1fd3e6ec06a7a40c
SHA512 d714f3214bf20b32a0586149ff03ab685881aa7c48d113911d51eb0a671964f354e8cdbd897ab90459e90a816e0786073f7723cd0ac7be22292d4deff1567e96

C:\Windows\System\njXfHZE.exe

MD5 271eb07f482854b27096f8905a4adf85
SHA1 f02e8522ea9abb80b7fa471b8aa9f699fd25d05f
SHA256 eeba354ef1160c03455d25ee3b7002af50aa5d0ca39a63e12359ba074aaea5df
SHA512 5576ac1fcb17a9158cf9fbd0c608327a80b8587105d9a17cc4da02551e67bf686e1ae956aadf2ab4568eaa76c646dd9008fc2e874e85424defe8c1e390f3953c

memory/3492-43-0x00007FF742D50000-0x00007FF7430A1000-memory.dmp

C:\Windows\System\kwwugve.exe

MD5 d5657f08fd8f38cab5ef48366ac58830
SHA1 4b17403fec893d194f19e840f161dbdec9cf3288
SHA256 c20c7f16520df5882220be37efa4ad75ac774422b2901524701a91fdbb7db7cc
SHA512 acfd65b106bfd42d45d3739a0236cda1e901a63cb2734a2aabe7d52095b8050acd2cb10f8f19e6cc282f8ec96cc09ee9d0ab16b9d8ef31afbbac860992db96f5

C:\Windows\System\nYWtxkp.exe

MD5 57aa18cf146e74fd2c405ba98c652fbe
SHA1 b3dbe3bfb421311f5b9e61e7846e1f706fceabc9
SHA256 763dea28566b4be06eeccd427732ef9059ea3930c826cca1910d46b3fbeaef84
SHA512 8d0a97df0fb31b37fec262a1aad674e9151228f377d64691258eca658663b755a1509679a8c1fd2e2fe1d802574f9a59b822611ccf4a9898394b31d1e7da2222

C:\Windows\System\KkQHyeY.exe

MD5 3a8cfe5f08f3917fd582c93d1c97d558
SHA1 f3d8b4889a0e5a2909c8ca63b1f5850f60a2b922
SHA256 54ca89f8de7e39de174d4023c25bbcbdbb754ebcd28d2420f9c4a77e2e42f4eb
SHA512 8c5eb62e934bf1261a34ed3cc85f1d0a8759f2525ec762b5e10a7d9c10e00cb5df3bf0101be20f13c3499d2403b0e55369949bf4ad1c0e32ce2470d9abf135ad

C:\Windows\System\ibIgwzQ.exe

MD5 aefe3d943fe67bd80e1dc17d0317c564
SHA1 47a8e228315b64975ad373e26f1706b9da89f219
SHA256 ccab7376263baaf263911cda62991617970277e56289342714b5a2fefc065614
SHA512 e7f8022fb09de54b1dc10afeab8b24b82a58f30b303fccfff7879a9247627d2f0bcec0b9b7becfc0ae9724c05f6121120f78b4da403d22c9ac28e8f0a188cb2d

memory/4104-49-0x00007FF601360000-0x00007FF6016B1000-memory.dmp

memory/4736-21-0x00007FF69E110000-0x00007FF69E461000-memory.dmp

memory/1488-18-0x00007FF7D7110000-0x00007FF7D7461000-memory.dmp

memory/3492-1136-0x00007FF742D50000-0x00007FF7430A1000-memory.dmp

memory/2444-1138-0x00007FF6FB7D0000-0x00007FF6FBB21000-memory.dmp

memory/1896-1137-0x00007FF74F700000-0x00007FF74FA51000-memory.dmp

memory/1488-1135-0x00007FF7D7110000-0x00007FF7D7461000-memory.dmp

memory/796-1134-0x00007FF76D8E0000-0x00007FF76DC31000-memory.dmp

memory/4104-1172-0x00007FF601360000-0x00007FF6016B1000-memory.dmp

memory/4736-1171-0x00007FF69E110000-0x00007FF69E461000-memory.dmp

memory/1488-1174-0x00007FF7D7110000-0x00007FF7D7461000-memory.dmp

memory/4156-1176-0x00007FF7E90B0000-0x00007FF7E9401000-memory.dmp

memory/1896-1183-0x00007FF74F700000-0x00007FF74FA51000-memory.dmp

memory/2544-1184-0x00007FF717690000-0x00007FF7179E1000-memory.dmp

memory/4432-1186-0x00007FF632940000-0x00007FF632C91000-memory.dmp

memory/4132-1180-0x00007FF7A4A30000-0x00007FF7A4D81000-memory.dmp

memory/4736-1178-0x00007FF69E110000-0x00007FF69E461000-memory.dmp

memory/2528-1188-0x00007FF6538D0000-0x00007FF653C21000-memory.dmp

memory/4496-1190-0x00007FF7C7DF0000-0x00007FF7C8141000-memory.dmp

memory/2204-1192-0x00007FF63E830000-0x00007FF63EB81000-memory.dmp

memory/2444-1196-0x00007FF6FB7D0000-0x00007FF6FBB21000-memory.dmp

memory/2776-1195-0x00007FF7077E0000-0x00007FF707B31000-memory.dmp

memory/1436-1199-0x00007FF6A8AA0000-0x00007FF6A8DF1000-memory.dmp

memory/2144-1223-0x00007FF7EF430000-0x00007FF7EF781000-memory.dmp

memory/1788-1228-0x00007FF615E20000-0x00007FF616171000-memory.dmp

memory/5004-1231-0x00007FF68C8E0000-0x00007FF68CC31000-memory.dmp

memory/2796-1226-0x00007FF70F3A0000-0x00007FF70F6F1000-memory.dmp

memory/3784-1220-0x00007FF756EA0000-0x00007FF7571F1000-memory.dmp

memory/2128-1216-0x00007FF76F9A0000-0x00007FF76FCF1000-memory.dmp

memory/3056-1213-0x00007FF61CC50000-0x00007FF61CFA1000-memory.dmp

memory/3992-1208-0x00007FF653610000-0x00007FF653961000-memory.dmp

memory/704-1207-0x00007FF6F4B50000-0x00007FF6F4EA1000-memory.dmp

memory/2344-1204-0x00007FF68FBB0000-0x00007FF68FF01000-memory.dmp

memory/3164-1203-0x00007FF6290B0000-0x00007FF629401000-memory.dmp

memory/1824-1244-0x00007FF7FBA00000-0x00007FF7FBD51000-memory.dmp

memory/2772-1251-0x00007FF7B6F40000-0x00007FF7B7291000-memory.dmp

memory/3232-1222-0x00007FF7E6BD0000-0x00007FF7E6F21000-memory.dmp

memory/3492-1218-0x00007FF742D50000-0x00007FF7430A1000-memory.dmp

memory/4104-1211-0x00007FF601360000-0x00007FF6016B1000-memory.dmp