Malware Analysis Report

2024-10-10 08:36

Sample ID 240609-csbxyacb2x
Target 0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe
SHA256 c9471dffe067d9e51c3562a6ddff185597695f1b6ad9ac77a913d442a17868a8
Tags
upx miner kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c9471dffe067d9e51c3562a6ddff185597695f1b6ad9ac77a913d442a17868a8

Threat Level: Known bad

The file 0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

upx miner kpot xmrig stealer trojan

Kpot family

KPOT

KPOT Core Executable

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 02:20

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 02:19

Reported

2024-06-09 02:22

Platform

win7-20240221-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\TBdfKSF.exe N/A
N/A N/A C:\Windows\System\tqSXTNT.exe N/A
N/A N/A C:\Windows\System\QlkXYsX.exe N/A
N/A N/A C:\Windows\System\mjXgNSA.exe N/A
N/A N/A C:\Windows\System\pOcOKbL.exe N/A
N/A N/A C:\Windows\System\guytDog.exe N/A
N/A N/A C:\Windows\System\XXyzBYe.exe N/A
N/A N/A C:\Windows\System\DQodrkz.exe N/A
N/A N/A C:\Windows\System\rQfUctd.exe N/A
N/A N/A C:\Windows\System\gMZVdsY.exe N/A
N/A N/A C:\Windows\System\xrTafOr.exe N/A
N/A N/A C:\Windows\System\uOGNfcq.exe N/A
N/A N/A C:\Windows\System\keFOwDk.exe N/A
N/A N/A C:\Windows\System\doGeNvY.exe N/A
N/A N/A C:\Windows\System\MbBROfc.exe N/A
N/A N/A C:\Windows\System\mGbJuZL.exe N/A
N/A N/A C:\Windows\System\huAJgaw.exe N/A
N/A N/A C:\Windows\System\tyTagSy.exe N/A
N/A N/A C:\Windows\System\Qsbfnvr.exe N/A
N/A N/A C:\Windows\System\AJFCvMB.exe N/A
N/A N/A C:\Windows\System\JZyRhrN.exe N/A
N/A N/A C:\Windows\System\dtncONk.exe N/A
N/A N/A C:\Windows\System\LYSPCMR.exe N/A
N/A N/A C:\Windows\System\OIyiUNR.exe N/A
N/A N/A C:\Windows\System\vwjwUUH.exe N/A
N/A N/A C:\Windows\System\ivcbRKi.exe N/A
N/A N/A C:\Windows\System\HvHJXVd.exe N/A
N/A N/A C:\Windows\System\AHZuLTq.exe N/A
N/A N/A C:\Windows\System\focyhnQ.exe N/A
N/A N/A C:\Windows\System\RWnSyUi.exe N/A
N/A N/A C:\Windows\System\jIMyFAB.exe N/A
N/A N/A C:\Windows\System\DAGYUrk.exe N/A
N/A N/A C:\Windows\System\jBHVhvy.exe N/A
N/A N/A C:\Windows\System\gORfjQh.exe N/A
N/A N/A C:\Windows\System\dropzLO.exe N/A
N/A N/A C:\Windows\System\JAChqCG.exe N/A
N/A N/A C:\Windows\System\RmAvbvr.exe N/A
N/A N/A C:\Windows\System\VtSVmSt.exe N/A
N/A N/A C:\Windows\System\gACrVFd.exe N/A
N/A N/A C:\Windows\System\VMQYgLA.exe N/A
N/A N/A C:\Windows\System\iMXLijl.exe N/A
N/A N/A C:\Windows\System\KpqgKDo.exe N/A
N/A N/A C:\Windows\System\aHlTbaW.exe N/A
N/A N/A C:\Windows\System\YcLmsCN.exe N/A
N/A N/A C:\Windows\System\dUiqEyT.exe N/A
N/A N/A C:\Windows\System\QDIANLP.exe N/A
N/A N/A C:\Windows\System\GRlrCTU.exe N/A
N/A N/A C:\Windows\System\kSurxya.exe N/A
N/A N/A C:\Windows\System\GIdlZMK.exe N/A
N/A N/A C:\Windows\System\uSOpwbq.exe N/A
N/A N/A C:\Windows\System\DClhsJl.exe N/A
N/A N/A C:\Windows\System\KxBifZc.exe N/A
N/A N/A C:\Windows\System\eJqOaUy.exe N/A
N/A N/A C:\Windows\System\btCGCba.exe N/A
N/A N/A C:\Windows\System\yBNbIkZ.exe N/A
N/A N/A C:\Windows\System\ZQDLtOc.exe N/A
N/A N/A C:\Windows\System\qiIlBzH.exe N/A
N/A N/A C:\Windows\System\ocRdgrb.exe N/A
N/A N/A C:\Windows\System\wXkRiQR.exe N/A
N/A N/A C:\Windows\System\DPXCQaJ.exe N/A
N/A N/A C:\Windows\System\maBFafA.exe N/A
N/A N/A C:\Windows\System\qZpcVOG.exe N/A
N/A N/A C:\Windows\System\WLfTHwd.exe N/A
N/A N/A C:\Windows\System\CcltSEo.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TBcrIEp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\oxmzCFj.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FyyrTcZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmOzKpV.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLEkudY.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\vBYXCDK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\yBNbIkZ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\EetHbvn.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\jhevboW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qsbfnvr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\CcltSEo.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\bimMQoo.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFoWSwJ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OpQbgjY.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXViiqY.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kQsrxXE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOGNfcq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFhhtkv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ueLAdhF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ajdLcYG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDfQJeh.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kaWgsTX.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QlkXYsX.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\aHlTbaW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TQqCoLe.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\tyTagSy.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\xJNcDOi.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OwneAoP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOERvcB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\SzAOWqx.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\EreUGlK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\QKjaeAX.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\eJqOaUy.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\CNUEOGh.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\maBFafA.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OZXPqwc.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\gmjmDEf.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\RmAvbvr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qqiUDoe.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\gbctAvI.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxcYIdT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugLrnAP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIyiUNR.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\dJLeQIa.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\wVBLXxq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\rotfqfQ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\YKcvyzS.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GIdlZMK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\SvKKpxI.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\EEsVarT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsiDpdT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBdfKSF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JZyRhrN.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\WLfTHwd.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZvfkik.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZgDoDJm.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMPpYux.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrTafOr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\keFOwDk.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\RzqEvof.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pOcOKbL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLfqdwb.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JzhdQYz.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\xePyTXa.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TBdfKSF.exe
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TBdfKSF.exe
PID 1132 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TBdfKSF.exe
PID 1132 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tqSXTNT.exe
PID 1132 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tqSXTNT.exe
PID 1132 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tqSXTNT.exe
PID 1132 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\QlkXYsX.exe
PID 1132 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\QlkXYsX.exe
PID 1132 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\QlkXYsX.exe
PID 1132 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mjXgNSA.exe
PID 1132 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mjXgNSA.exe
PID 1132 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mjXgNSA.exe
PID 1132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\pOcOKbL.exe
PID 1132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\pOcOKbL.exe
PID 1132 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\pOcOKbL.exe
PID 1132 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\guytDog.exe
PID 1132 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\guytDog.exe
PID 1132 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\guytDog.exe
PID 1132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\XXyzBYe.exe
PID 1132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\XXyzBYe.exe
PID 1132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\XXyzBYe.exe
PID 1132 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\DQodrkz.exe
PID 1132 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\DQodrkz.exe
PID 1132 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\DQodrkz.exe
PID 1132 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rQfUctd.exe
PID 1132 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rQfUctd.exe
PID 1132 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\rQfUctd.exe
PID 1132 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gMZVdsY.exe
PID 1132 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gMZVdsY.exe
PID 1132 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\gMZVdsY.exe
PID 1132 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xrTafOr.exe
PID 1132 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xrTafOr.exe
PID 1132 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xrTafOr.exe
PID 1132 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\uOGNfcq.exe
PID 1132 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\uOGNfcq.exe
PID 1132 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\uOGNfcq.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\keFOwDk.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\keFOwDk.exe
PID 1132 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\keFOwDk.exe
PID 1132 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\doGeNvY.exe
PID 1132 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\doGeNvY.exe
PID 1132 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\doGeNvY.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MbBROfc.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MbBROfc.exe
PID 1132 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\MbBROfc.exe
PID 1132 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mGbJuZL.exe
PID 1132 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mGbJuZL.exe
PID 1132 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mGbJuZL.exe
PID 1132 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\huAJgaw.exe
PID 1132 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\huAJgaw.exe
PID 1132 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\huAJgaw.exe
PID 1132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tyTagSy.exe
PID 1132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tyTagSy.exe
PID 1132 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\tyTagSy.exe
PID 1132 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\Qsbfnvr.exe
PID 1132 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\Qsbfnvr.exe
PID 1132 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\Qsbfnvr.exe
PID 1132 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\AJFCvMB.exe
PID 1132 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\AJFCvMB.exe
PID 1132 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\AJFCvMB.exe
PID 1132 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JZyRhrN.exe
PID 1132 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JZyRhrN.exe
PID 1132 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\JZyRhrN.exe
PID 1132 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\dtncONk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

C:\Windows\System\TBdfKSF.exe

C:\Windows\System\TBdfKSF.exe

C:\Windows\System\tqSXTNT.exe

C:\Windows\System\tqSXTNT.exe

C:\Windows\System\QlkXYsX.exe

C:\Windows\System\QlkXYsX.exe

C:\Windows\System\mjXgNSA.exe

C:\Windows\System\mjXgNSA.exe

C:\Windows\System\pOcOKbL.exe

C:\Windows\System\pOcOKbL.exe

C:\Windows\System\guytDog.exe

C:\Windows\System\guytDog.exe

C:\Windows\System\XXyzBYe.exe

C:\Windows\System\XXyzBYe.exe

C:\Windows\System\DQodrkz.exe

C:\Windows\System\DQodrkz.exe

C:\Windows\System\rQfUctd.exe

C:\Windows\System\rQfUctd.exe

C:\Windows\System\gMZVdsY.exe

C:\Windows\System\gMZVdsY.exe

C:\Windows\System\xrTafOr.exe

C:\Windows\System\xrTafOr.exe

C:\Windows\System\uOGNfcq.exe

C:\Windows\System\uOGNfcq.exe

C:\Windows\System\keFOwDk.exe

C:\Windows\System\keFOwDk.exe

C:\Windows\System\doGeNvY.exe

C:\Windows\System\doGeNvY.exe

C:\Windows\System\MbBROfc.exe

C:\Windows\System\MbBROfc.exe

C:\Windows\System\mGbJuZL.exe

C:\Windows\System\mGbJuZL.exe

C:\Windows\System\huAJgaw.exe

C:\Windows\System\huAJgaw.exe

C:\Windows\System\tyTagSy.exe

C:\Windows\System\tyTagSy.exe

C:\Windows\System\Qsbfnvr.exe

C:\Windows\System\Qsbfnvr.exe

C:\Windows\System\AJFCvMB.exe

C:\Windows\System\AJFCvMB.exe

C:\Windows\System\JZyRhrN.exe

C:\Windows\System\JZyRhrN.exe

C:\Windows\System\dtncONk.exe

C:\Windows\System\dtncONk.exe

C:\Windows\System\LYSPCMR.exe

C:\Windows\System\LYSPCMR.exe

C:\Windows\System\OIyiUNR.exe

C:\Windows\System\OIyiUNR.exe

C:\Windows\System\vwjwUUH.exe

C:\Windows\System\vwjwUUH.exe

C:\Windows\System\ivcbRKi.exe

C:\Windows\System\ivcbRKi.exe

C:\Windows\System\HvHJXVd.exe

C:\Windows\System\HvHJXVd.exe

C:\Windows\System\AHZuLTq.exe

C:\Windows\System\AHZuLTq.exe

C:\Windows\System\focyhnQ.exe

C:\Windows\System\focyhnQ.exe

C:\Windows\System\RWnSyUi.exe

C:\Windows\System\RWnSyUi.exe

C:\Windows\System\jIMyFAB.exe

C:\Windows\System\jIMyFAB.exe

C:\Windows\System\DAGYUrk.exe

C:\Windows\System\DAGYUrk.exe

C:\Windows\System\jBHVhvy.exe

C:\Windows\System\jBHVhvy.exe

C:\Windows\System\gORfjQh.exe

C:\Windows\System\gORfjQh.exe

C:\Windows\System\dropzLO.exe

C:\Windows\System\dropzLO.exe

C:\Windows\System\JAChqCG.exe

C:\Windows\System\JAChqCG.exe

C:\Windows\System\RmAvbvr.exe

C:\Windows\System\RmAvbvr.exe

C:\Windows\System\VtSVmSt.exe

C:\Windows\System\VtSVmSt.exe

C:\Windows\System\gACrVFd.exe

C:\Windows\System\gACrVFd.exe

C:\Windows\System\VMQYgLA.exe

C:\Windows\System\VMQYgLA.exe

C:\Windows\System\iMXLijl.exe

C:\Windows\System\iMXLijl.exe

C:\Windows\System\KpqgKDo.exe

C:\Windows\System\KpqgKDo.exe

C:\Windows\System\aHlTbaW.exe

C:\Windows\System\aHlTbaW.exe

C:\Windows\System\YcLmsCN.exe

C:\Windows\System\YcLmsCN.exe

C:\Windows\System\dUiqEyT.exe

C:\Windows\System\dUiqEyT.exe

C:\Windows\System\QDIANLP.exe

C:\Windows\System\QDIANLP.exe

C:\Windows\System\GRlrCTU.exe

C:\Windows\System\GRlrCTU.exe

C:\Windows\System\kSurxya.exe

C:\Windows\System\kSurxya.exe

C:\Windows\System\GIdlZMK.exe

C:\Windows\System\GIdlZMK.exe

C:\Windows\System\uSOpwbq.exe

C:\Windows\System\uSOpwbq.exe

C:\Windows\System\DClhsJl.exe

C:\Windows\System\DClhsJl.exe

C:\Windows\System\KxBifZc.exe

C:\Windows\System\KxBifZc.exe

C:\Windows\System\eJqOaUy.exe

C:\Windows\System\eJqOaUy.exe

C:\Windows\System\btCGCba.exe

C:\Windows\System\btCGCba.exe

C:\Windows\System\yBNbIkZ.exe

C:\Windows\System\yBNbIkZ.exe

C:\Windows\System\ZQDLtOc.exe

C:\Windows\System\ZQDLtOc.exe

C:\Windows\System\qiIlBzH.exe

C:\Windows\System\qiIlBzH.exe

C:\Windows\System\ocRdgrb.exe

C:\Windows\System\ocRdgrb.exe

C:\Windows\System\wXkRiQR.exe

C:\Windows\System\wXkRiQR.exe

C:\Windows\System\DPXCQaJ.exe

C:\Windows\System\DPXCQaJ.exe

C:\Windows\System\maBFafA.exe

C:\Windows\System\maBFafA.exe

C:\Windows\System\qZpcVOG.exe

C:\Windows\System\qZpcVOG.exe

C:\Windows\System\WLfTHwd.exe

C:\Windows\System\WLfTHwd.exe

C:\Windows\System\CcltSEo.exe

C:\Windows\System\CcltSEo.exe

C:\Windows\System\oiTsgGl.exe

C:\Windows\System\oiTsgGl.exe

C:\Windows\System\XfKGhoU.exe

C:\Windows\System\XfKGhoU.exe

C:\Windows\System\OgiJdnx.exe

C:\Windows\System\OgiJdnx.exe

C:\Windows\System\FBpzbWC.exe

C:\Windows\System\FBpzbWC.exe

C:\Windows\System\DFhhtkv.exe

C:\Windows\System\DFhhtkv.exe

C:\Windows\System\SvKKpxI.exe

C:\Windows\System\SvKKpxI.exe

C:\Windows\System\wLBGcjQ.exe

C:\Windows\System\wLBGcjQ.exe

C:\Windows\System\UoEaddM.exe

C:\Windows\System\UoEaddM.exe

C:\Windows\System\XZvfkik.exe

C:\Windows\System\XZvfkik.exe

C:\Windows\System\FXDehES.exe

C:\Windows\System\FXDehES.exe

C:\Windows\System\pewshGy.exe

C:\Windows\System\pewshGy.exe

C:\Windows\System\jhevboW.exe

C:\Windows\System\jhevboW.exe

C:\Windows\System\jXMMXdb.exe

C:\Windows\System\jXMMXdb.exe

C:\Windows\System\ZgDoDJm.exe

C:\Windows\System\ZgDoDJm.exe

C:\Windows\System\CkjYwOH.exe

C:\Windows\System\CkjYwOH.exe

C:\Windows\System\uXIHfmH.exe

C:\Windows\System\uXIHfmH.exe

C:\Windows\System\XIrwbIQ.exe

C:\Windows\System\XIrwbIQ.exe

C:\Windows\System\lJlMJjB.exe

C:\Windows\System\lJlMJjB.exe

C:\Windows\System\pvbrRam.exe

C:\Windows\System\pvbrRam.exe

C:\Windows\System\vyetwAT.exe

C:\Windows\System\vyetwAT.exe

C:\Windows\System\LYFyDup.exe

C:\Windows\System\LYFyDup.exe

C:\Windows\System\MIzLQQD.exe

C:\Windows\System\MIzLQQD.exe

C:\Windows\System\byttuuI.exe

C:\Windows\System\byttuuI.exe

C:\Windows\System\PRiBRgE.exe

C:\Windows\System\PRiBRgE.exe

C:\Windows\System\VHEvGhf.exe

C:\Windows\System\VHEvGhf.exe

C:\Windows\System\dsXshgC.exe

C:\Windows\System\dsXshgC.exe

C:\Windows\System\xYgvNBD.exe

C:\Windows\System\xYgvNBD.exe

C:\Windows\System\UkKQiWP.exe

C:\Windows\System\UkKQiWP.exe

C:\Windows\System\HbafHbQ.exe

C:\Windows\System\HbafHbQ.exe

C:\Windows\System\rfuHXwY.exe

C:\Windows\System\rfuHXwY.exe

C:\Windows\System\bimMQoo.exe

C:\Windows\System\bimMQoo.exe

C:\Windows\System\rNRkSEs.exe

C:\Windows\System\rNRkSEs.exe

C:\Windows\System\yKElPUz.exe

C:\Windows\System\yKElPUz.exe

C:\Windows\System\HZMqSqv.exe

C:\Windows\System\HZMqSqv.exe

C:\Windows\System\vHTzNIK.exe

C:\Windows\System\vHTzNIK.exe

C:\Windows\System\OmLCBws.exe

C:\Windows\System\OmLCBws.exe

C:\Windows\System\FbcUJJq.exe

C:\Windows\System\FbcUJJq.exe

C:\Windows\System\lqRUPRJ.exe

C:\Windows\System\lqRUPRJ.exe

C:\Windows\System\JluLNIl.exe

C:\Windows\System\JluLNIl.exe

C:\Windows\System\RdAMWSO.exe

C:\Windows\System\RdAMWSO.exe

C:\Windows\System\eKoWbQb.exe

C:\Windows\System\eKoWbQb.exe

C:\Windows\System\sHfLEqh.exe

C:\Windows\System\sHfLEqh.exe

C:\Windows\System\bYsPwDo.exe

C:\Windows\System\bYsPwDo.exe

C:\Windows\System\WpgdWVD.exe

C:\Windows\System\WpgdWVD.exe

C:\Windows\System\cytrMeT.exe

C:\Windows\System\cytrMeT.exe

C:\Windows\System\MxDmaoj.exe

C:\Windows\System\MxDmaoj.exe

C:\Windows\System\mmDVAXz.exe

C:\Windows\System\mmDVAXz.exe

C:\Windows\System\iyNzAzc.exe

C:\Windows\System\iyNzAzc.exe

C:\Windows\System\AaWDDmK.exe

C:\Windows\System\AaWDDmK.exe

C:\Windows\System\JqErWri.exe

C:\Windows\System\JqErWri.exe

C:\Windows\System\cCpszel.exe

C:\Windows\System\cCpszel.exe

C:\Windows\System\LSFEoWD.exe

C:\Windows\System\LSFEoWD.exe

C:\Windows\System\KQzJCnB.exe

C:\Windows\System\KQzJCnB.exe

C:\Windows\System\BEKUoQE.exe

C:\Windows\System\BEKUoQE.exe

C:\Windows\System\PwGSRJx.exe

C:\Windows\System\PwGSRJx.exe

C:\Windows\System\KPeunjU.exe

C:\Windows\System\KPeunjU.exe

C:\Windows\System\ZDfQJeh.exe

C:\Windows\System\ZDfQJeh.exe

C:\Windows\System\chKsWxy.exe

C:\Windows\System\chKsWxy.exe

C:\Windows\System\znwMPAm.exe

C:\Windows\System\znwMPAm.exe

C:\Windows\System\kaWgsTX.exe

C:\Windows\System\kaWgsTX.exe

C:\Windows\System\eejZcqK.exe

C:\Windows\System\eejZcqK.exe

C:\Windows\System\xlFKjyO.exe

C:\Windows\System\xlFKjyO.exe

C:\Windows\System\Fxhjtmk.exe

C:\Windows\System\Fxhjtmk.exe

C:\Windows\System\bxuLwVL.exe

C:\Windows\System\bxuLwVL.exe

C:\Windows\System\JvnTVIe.exe

C:\Windows\System\JvnTVIe.exe

C:\Windows\System\JzhdQYz.exe

C:\Windows\System\JzhdQYz.exe

C:\Windows\System\EetHbvn.exe

C:\Windows\System\EetHbvn.exe

C:\Windows\System\NPVDSSr.exe

C:\Windows\System\NPVDSSr.exe

C:\Windows\System\xynYZvs.exe

C:\Windows\System\xynYZvs.exe

C:\Windows\System\RVAIxxw.exe

C:\Windows\System\RVAIxxw.exe

C:\Windows\System\GfRHxRL.exe

C:\Windows\System\GfRHxRL.exe

C:\Windows\System\LKpuQmf.exe

C:\Windows\System\LKpuQmf.exe

C:\Windows\System\ztVgMnU.exe

C:\Windows\System\ztVgMnU.exe

C:\Windows\System\hAuPFHy.exe

C:\Windows\System\hAuPFHy.exe

C:\Windows\System\ETKCobD.exe

C:\Windows\System\ETKCobD.exe

C:\Windows\System\tAcjjqS.exe

C:\Windows\System\tAcjjqS.exe

C:\Windows\System\piXpvkv.exe

C:\Windows\System\piXpvkv.exe

C:\Windows\System\doPjNdY.exe

C:\Windows\System\doPjNdY.exe

C:\Windows\System\VVclSXr.exe

C:\Windows\System\VVclSXr.exe

C:\Windows\System\OPRtoiA.exe

C:\Windows\System\OPRtoiA.exe

C:\Windows\System\PHbdJEg.exe

C:\Windows\System\PHbdJEg.exe

C:\Windows\System\baASENO.exe

C:\Windows\System\baASENO.exe

C:\Windows\System\tpHeBSW.exe

C:\Windows\System\tpHeBSW.exe

C:\Windows\System\jANKFDO.exe

C:\Windows\System\jANKFDO.exe

C:\Windows\System\NWsDFNr.exe

C:\Windows\System\NWsDFNr.exe

C:\Windows\System\BOuwlWG.exe

C:\Windows\System\BOuwlWG.exe

C:\Windows\System\dgvCRDC.exe

C:\Windows\System\dgvCRDC.exe

C:\Windows\System\AhBgPft.exe

C:\Windows\System\AhBgPft.exe

C:\Windows\System\Nycyrzb.exe

C:\Windows\System\Nycyrzb.exe

C:\Windows\System\HJaNtXd.exe

C:\Windows\System\HJaNtXd.exe

C:\Windows\System\WQClFlq.exe

C:\Windows\System\WQClFlq.exe

C:\Windows\System\aJKDnDn.exe

C:\Windows\System\aJKDnDn.exe

C:\Windows\System\ycknmIm.exe

C:\Windows\System\ycknmIm.exe

C:\Windows\System\nKLCKrO.exe

C:\Windows\System\nKLCKrO.exe

C:\Windows\System\YBXErUW.exe

C:\Windows\System\YBXErUW.exe

C:\Windows\System\CNUEOGh.exe

C:\Windows\System\CNUEOGh.exe

C:\Windows\System\OwneAoP.exe

C:\Windows\System\OwneAoP.exe

C:\Windows\System\IKQNVUw.exe

C:\Windows\System\IKQNVUw.exe

C:\Windows\System\EWWJzOU.exe

C:\Windows\System\EWWJzOU.exe

C:\Windows\System\FlLxaMJ.exe

C:\Windows\System\FlLxaMJ.exe

C:\Windows\System\oEDkzcK.exe

C:\Windows\System\oEDkzcK.exe

C:\Windows\System\eEzlHqt.exe

C:\Windows\System\eEzlHqt.exe

C:\Windows\System\kMPpYux.exe

C:\Windows\System\kMPpYux.exe

C:\Windows\System\QNJIxJf.exe

C:\Windows\System\QNJIxJf.exe

C:\Windows\System\bunrcrF.exe

C:\Windows\System\bunrcrF.exe

C:\Windows\System\qckyLXQ.exe

C:\Windows\System\qckyLXQ.exe

C:\Windows\System\oVwOZUR.exe

C:\Windows\System\oVwOZUR.exe

C:\Windows\System\xePyTXa.exe

C:\Windows\System\xePyTXa.exe

C:\Windows\System\irgBYjI.exe

C:\Windows\System\irgBYjI.exe

C:\Windows\System\JLfqdwb.exe

C:\Windows\System\JLfqdwb.exe

C:\Windows\System\IfStFGD.exe

C:\Windows\System\IfStFGD.exe

C:\Windows\System\TBcrIEp.exe

C:\Windows\System\TBcrIEp.exe

C:\Windows\System\atantEe.exe

C:\Windows\System\atantEe.exe

C:\Windows\System\rRnwFXE.exe

C:\Windows\System\rRnwFXE.exe

C:\Windows\System\wVBLXxq.exe

C:\Windows\System\wVBLXxq.exe

C:\Windows\System\ecGzgnx.exe

C:\Windows\System\ecGzgnx.exe

C:\Windows\System\xJNcDOi.exe

C:\Windows\System\xJNcDOi.exe

C:\Windows\System\pnMwFCD.exe

C:\Windows\System\pnMwFCD.exe

C:\Windows\System\FVBYaNS.exe

C:\Windows\System\FVBYaNS.exe

C:\Windows\System\mkOhVBu.exe

C:\Windows\System\mkOhVBu.exe

C:\Windows\System\hQfpwcb.exe

C:\Windows\System\hQfpwcb.exe

C:\Windows\System\YojLqxD.exe

C:\Windows\System\YojLqxD.exe

C:\Windows\System\ueLAdhF.exe

C:\Windows\System\ueLAdhF.exe

C:\Windows\System\qqiUDoe.exe

C:\Windows\System\qqiUDoe.exe

C:\Windows\System\IwVWMRl.exe

C:\Windows\System\IwVWMRl.exe

C:\Windows\System\dJLeQIa.exe

C:\Windows\System\dJLeQIa.exe

C:\Windows\System\xoplryz.exe

C:\Windows\System\xoplryz.exe

C:\Windows\System\Mdvxajw.exe

C:\Windows\System\Mdvxajw.exe

C:\Windows\System\oxmzCFj.exe

C:\Windows\System\oxmzCFj.exe

C:\Windows\System\OahftVc.exe

C:\Windows\System\OahftVc.exe

C:\Windows\System\YXgFunK.exe

C:\Windows\System\YXgFunK.exe

C:\Windows\System\mOERvcB.exe

C:\Windows\System\mOERvcB.exe

C:\Windows\System\GFYGqZk.exe

C:\Windows\System\GFYGqZk.exe

C:\Windows\System\IDRcxcM.exe

C:\Windows\System\IDRcxcM.exe

C:\Windows\System\SzAOWqx.exe

C:\Windows\System\SzAOWqx.exe

C:\Windows\System\KjxKbkN.exe

C:\Windows\System\KjxKbkN.exe

C:\Windows\System\JjVhell.exe

C:\Windows\System\JjVhell.exe

C:\Windows\System\oZlIXgI.exe

C:\Windows\System\oZlIXgI.exe

C:\Windows\System\burXQdC.exe

C:\Windows\System\burXQdC.exe

C:\Windows\System\EEsVarT.exe

C:\Windows\System\EEsVarT.exe

C:\Windows\System\TQqCoLe.exe

C:\Windows\System\TQqCoLe.exe

C:\Windows\System\zAEkWcW.exe

C:\Windows\System\zAEkWcW.exe

C:\Windows\System\RzqEvof.exe

C:\Windows\System\RzqEvof.exe

C:\Windows\System\QlTnnMT.exe

C:\Windows\System\QlTnnMT.exe

C:\Windows\System\kaKUrrY.exe

C:\Windows\System\kaKUrrY.exe

C:\Windows\System\FyyrTcZ.exe

C:\Windows\System\FyyrTcZ.exe

C:\Windows\System\IdvUhjd.exe

C:\Windows\System\IdvUhjd.exe

C:\Windows\System\YOmcpRd.exe

C:\Windows\System\YOmcpRd.exe

C:\Windows\System\OGcscqv.exe

C:\Windows\System\OGcscqv.exe

C:\Windows\System\XyDfmuh.exe

C:\Windows\System\XyDfmuh.exe

C:\Windows\System\HLwIIex.exe

C:\Windows\System\HLwIIex.exe

C:\Windows\System\rotfqfQ.exe

C:\Windows\System\rotfqfQ.exe

C:\Windows\System\CZxMfFP.exe

C:\Windows\System\CZxMfFP.exe

C:\Windows\System\frtafnd.exe

C:\Windows\System\frtafnd.exe

C:\Windows\System\yecyheY.exe

C:\Windows\System\yecyheY.exe

C:\Windows\System\UfbAYSI.exe

C:\Windows\System\UfbAYSI.exe

C:\Windows\System\EreUGlK.exe

C:\Windows\System\EreUGlK.exe

C:\Windows\System\wceKJBM.exe

C:\Windows\System\wceKJBM.exe

C:\Windows\System\rkzJAGp.exe

C:\Windows\System\rkzJAGp.exe

C:\Windows\System\BooHXRJ.exe

C:\Windows\System\BooHXRJ.exe

C:\Windows\System\gbctAvI.exe

C:\Windows\System\gbctAvI.exe

C:\Windows\System\YKcvyzS.exe

C:\Windows\System\YKcvyzS.exe

C:\Windows\System\copXjts.exe

C:\Windows\System\copXjts.exe

C:\Windows\System\kYIKnLn.exe

C:\Windows\System\kYIKnLn.exe

C:\Windows\System\nPGBbrZ.exe

C:\Windows\System\nPGBbrZ.exe

C:\Windows\System\wvmEmCV.exe

C:\Windows\System\wvmEmCV.exe

C:\Windows\System\QjHYSSi.exe

C:\Windows\System\QjHYSSi.exe

C:\Windows\System\KzusKKl.exe

C:\Windows\System\KzusKKl.exe

C:\Windows\System\pJYOJtD.exe

C:\Windows\System\pJYOJtD.exe

C:\Windows\System\vjpkPLd.exe

C:\Windows\System\vjpkPLd.exe

C:\Windows\System\UzoNcan.exe

C:\Windows\System\UzoNcan.exe

C:\Windows\System\EVsEIDt.exe

C:\Windows\System\EVsEIDt.exe

C:\Windows\System\jarWysU.exe

C:\Windows\System\jarWysU.exe

C:\Windows\System\jOewvLX.exe

C:\Windows\System\jOewvLX.exe

C:\Windows\System\iZcaioD.exe

C:\Windows\System\iZcaioD.exe

C:\Windows\System\TmAqJSD.exe

C:\Windows\System\TmAqJSD.exe

C:\Windows\System\exMYCIW.exe

C:\Windows\System\exMYCIW.exe

C:\Windows\System\ZLeWxAQ.exe

C:\Windows\System\ZLeWxAQ.exe

C:\Windows\System\HjBlkYS.exe

C:\Windows\System\HjBlkYS.exe

C:\Windows\System\dKfZINk.exe

C:\Windows\System\dKfZINk.exe

C:\Windows\System\LNqSZnt.exe

C:\Windows\System\LNqSZnt.exe

C:\Windows\System\ZHglZkG.exe

C:\Windows\System\ZHglZkG.exe

C:\Windows\System\QKjaeAX.exe

C:\Windows\System\QKjaeAX.exe

C:\Windows\System\JklEFvm.exe

C:\Windows\System\JklEFvm.exe

C:\Windows\System\TmOzKpV.exe

C:\Windows\System\TmOzKpV.exe

C:\Windows\System\SiwxGxX.exe

C:\Windows\System\SiwxGxX.exe

C:\Windows\System\fYfjcKF.exe

C:\Windows\System\fYfjcKF.exe

C:\Windows\System\VuNalDB.exe

C:\Windows\System\VuNalDB.exe

C:\Windows\System\qtLphNe.exe

C:\Windows\System\qtLphNe.exe

C:\Windows\System\XvnrMlr.exe

C:\Windows\System\XvnrMlr.exe

C:\Windows\System\ukcxJNp.exe

C:\Windows\System\ukcxJNp.exe

C:\Windows\System\IjtqmCr.exe

C:\Windows\System\IjtqmCr.exe

C:\Windows\System\EwSwxtM.exe

C:\Windows\System\EwSwxtM.exe

C:\Windows\System\izFBqKw.exe

C:\Windows\System\izFBqKw.exe

C:\Windows\System\gmjmDEf.exe

C:\Windows\System\gmjmDEf.exe

C:\Windows\System\wqAZXwr.exe

C:\Windows\System\wqAZXwr.exe

C:\Windows\System\CIqktxW.exe

C:\Windows\System\CIqktxW.exe

C:\Windows\System\FKXOzFg.exe

C:\Windows\System\FKXOzFg.exe

C:\Windows\System\GRYeVVY.exe

C:\Windows\System\GRYeVVY.exe

C:\Windows\System\gaiSInk.exe

C:\Windows\System\gaiSInk.exe

C:\Windows\System\oBQJMvx.exe

C:\Windows\System\oBQJMvx.exe

C:\Windows\System\GLEkudY.exe

C:\Windows\System\GLEkudY.exe

C:\Windows\System\sUlwxHr.exe

C:\Windows\System\sUlwxHr.exe

C:\Windows\System\JMeIIvb.exe

C:\Windows\System\JMeIIvb.exe

C:\Windows\System\gcybWHL.exe

C:\Windows\System\gcybWHL.exe

C:\Windows\System\qmkjSKE.exe

C:\Windows\System\qmkjSKE.exe

C:\Windows\System\ziXgqmj.exe

C:\Windows\System\ziXgqmj.exe

C:\Windows\System\GZMQDWx.exe

C:\Windows\System\GZMQDWx.exe

C:\Windows\System\LOPwzcI.exe

C:\Windows\System\LOPwzcI.exe

C:\Windows\System\WptskcS.exe

C:\Windows\System\WptskcS.exe

C:\Windows\System\XAbezsm.exe

C:\Windows\System\XAbezsm.exe

C:\Windows\System\OpdBoVQ.exe

C:\Windows\System\OpdBoVQ.exe

C:\Windows\System\CVXjhKB.exe

C:\Windows\System\CVXjhKB.exe

C:\Windows\System\KGDHBxM.exe

C:\Windows\System\KGDHBxM.exe

C:\Windows\System\fqaLdwH.exe

C:\Windows\System\fqaLdwH.exe

C:\Windows\System\iFoWSwJ.exe

C:\Windows\System\iFoWSwJ.exe

C:\Windows\System\wxRzLRD.exe

C:\Windows\System\wxRzLRD.exe

C:\Windows\System\XtMGWLU.exe

C:\Windows\System\XtMGWLU.exe

C:\Windows\System\JrWHzUE.exe

C:\Windows\System\JrWHzUE.exe

C:\Windows\System\AufCblk.exe

C:\Windows\System\AufCblk.exe

C:\Windows\System\OpQbgjY.exe

C:\Windows\System\OpQbgjY.exe

C:\Windows\System\KkDwuVC.exe

C:\Windows\System\KkDwuVC.exe

C:\Windows\System\iogvFKA.exe

C:\Windows\System\iogvFKA.exe

C:\Windows\System\OZXPqwc.exe

C:\Windows\System\OZXPqwc.exe

C:\Windows\System\qWDRjgp.exe

C:\Windows\System\qWDRjgp.exe

C:\Windows\System\kEUBYTv.exe

C:\Windows\System\kEUBYTv.exe

C:\Windows\System\ApQEAsv.exe

C:\Windows\System\ApQEAsv.exe

C:\Windows\System\wUcZXZN.exe

C:\Windows\System\wUcZXZN.exe

C:\Windows\System\cYiFwHy.exe

C:\Windows\System\cYiFwHy.exe

C:\Windows\System\zGwYdsV.exe

C:\Windows\System\zGwYdsV.exe

C:\Windows\System\RqJZsMX.exe

C:\Windows\System\RqJZsMX.exe

C:\Windows\System\AkCTnvG.exe

C:\Windows\System\AkCTnvG.exe

C:\Windows\System\daIGsKx.exe

C:\Windows\System\daIGsKx.exe

C:\Windows\System\qpWacZY.exe

C:\Windows\System\qpWacZY.exe

C:\Windows\System\nxcYIdT.exe

C:\Windows\System\nxcYIdT.exe

C:\Windows\System\xHTwDKv.exe

C:\Windows\System\xHTwDKv.exe

C:\Windows\System\QDOKZjq.exe

C:\Windows\System\QDOKZjq.exe

C:\Windows\System\uyWEhcY.exe

C:\Windows\System\uyWEhcY.exe

C:\Windows\System\mAUNNMH.exe

C:\Windows\System\mAUNNMH.exe

C:\Windows\System\GOjlEAg.exe

C:\Windows\System\GOjlEAg.exe

C:\Windows\System\vBYXCDK.exe

C:\Windows\System\vBYXCDK.exe

C:\Windows\System\pLlKLSu.exe

C:\Windows\System\pLlKLSu.exe

C:\Windows\System\RbtHyLU.exe

C:\Windows\System\RbtHyLU.exe

C:\Windows\System\CxNQKPb.exe

C:\Windows\System\CxNQKPb.exe

C:\Windows\System\BLocQAb.exe

C:\Windows\System\BLocQAb.exe

C:\Windows\System\zLOYsoR.exe

C:\Windows\System\zLOYsoR.exe

C:\Windows\System\YsiDpdT.exe

C:\Windows\System\YsiDpdT.exe

C:\Windows\System\jXViiqY.exe

C:\Windows\System\jXViiqY.exe

C:\Windows\System\ugLrnAP.exe

C:\Windows\System\ugLrnAP.exe

C:\Windows\System\YfxzsNZ.exe

C:\Windows\System\YfxzsNZ.exe

C:\Windows\System\MMHyAUw.exe

C:\Windows\System\MMHyAUw.exe

C:\Windows\System\pXJxeor.exe

C:\Windows\System\pXJxeor.exe

C:\Windows\System\vcmBXVB.exe

C:\Windows\System\vcmBXVB.exe

C:\Windows\System\pgdGXdf.exe

C:\Windows\System\pgdGXdf.exe

C:\Windows\System\kQsrxXE.exe

C:\Windows\System\kQsrxXE.exe

C:\Windows\System\DjyfqJA.exe

C:\Windows\System\DjyfqJA.exe

C:\Windows\System\NnQjYsN.exe

C:\Windows\System\NnQjYsN.exe

C:\Windows\System\ajdLcYG.exe

C:\Windows\System\ajdLcYG.exe

C:\Windows\System\vIWTIiO.exe

C:\Windows\System\vIWTIiO.exe

C:\Windows\System\LejOfnF.exe

C:\Windows\System\LejOfnF.exe

C:\Windows\System\pFvCENS.exe

C:\Windows\System\pFvCENS.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1132-0-0x000000013F1F0000-0x000000013F541000-memory.dmp

memory/1132-1-0x0000000000090000-0x00000000000A0000-memory.dmp

\Windows\system\TBdfKSF.exe

MD5 d48a7e1325b079aef21ae76e8463b632
SHA1 1f5b248c1ba30969137fd4f781440ea1bf18249f
SHA256 d0cb3305e77c3b77b53ead755d183ac47d2ae56d7b28cd649500d5c0ee74c75c
SHA512 0800d28c37352020b70dd4f4cd88d06a326ba409536a6f7eab920d6b3eb1bd4834e124a49f98b9a05b769b41b6f2603d1e708384c1163645e94d83ee6794aea1

C:\Windows\system\tqSXTNT.exe

MD5 6f2d9f6522f4c6217f0117fdd82b653d
SHA1 205e8253a5c1ddb0d10f9a34ebeb9c8c46be1056
SHA256 6498f8a8f5f74821c85d71493ceef3fdbae21b9ee01c5b9687b048ff6ef8e4da
SHA512 43d4890cb7f3e005ec626b778919291d0b121a5625f53fa3d6dce6fdf04e35e5218275b5d7a3a9ae64cdb3ae088ecfd1c9c335164a1aa32ca56b0f109e7cd46b

memory/2352-14-0x000000013F910000-0x000000013FC61000-memory.dmp

C:\Windows\system\QlkXYsX.exe

MD5 d33c86706960f1d9eb7a486bdd8b4b04
SHA1 a4e9666d29b3d5af73589842296d2617160a99aa
SHA256 5f353d70b6edf352b32172354bcd38dbbd77148d00bd12e7ac4ce12f0854b2e3
SHA512 a02bcab0891825408bfc00492d2378617bb5f254d65dc935b8fdd754f174c21981532e6988ff6b6972f8dc73612ab908c1bb6179c6219c5fa95a85bb0a4451e8

C:\Windows\system\mjXgNSA.exe

MD5 e197147892592cbb3c8e228df436ccc0
SHA1 80dffe0da5b3fae54f0340f8faba37100dc0bb9b
SHA256 2c63570aa0d1a70a98f3f6ffec8dfea6139e8f8c7dae5e84328902cc5ff017cd
SHA512 09509964dbb00ee32e2160cd40a97b4d7da4425420533844a3efa63b02960badb0e5eb4f75ec9aba1109e63d5fa3ea97fe84bfb0a67ff49299379cedd89a607f

C:\Windows\system\pOcOKbL.exe

MD5 b7d94b8b74f19223014eac472182345a
SHA1 0a5cad3b7baf01eb7d511fede56b4f40977ae52f
SHA256 5b4349c0fe637ac0e184583a6d49cc3f6067ea1cd364328508290bd33e4e5ac3
SHA512 8f6f963e5c498f7c3f2083c4e0dcf5ff5aea5f4fc114254ed1c09cc3455e0ace014490a0599662c1fa2c3bbee10e484f0fcd5b65dd3d0351acdde2d51470184a

memory/1132-35-0x0000000001D60000-0x00000000020B1000-memory.dmp

C:\Windows\system\guytDog.exe

MD5 365058832e0fce496cebc99095c3eb17
SHA1 9fa0b8b27372cbe9ad2d0ea13ace2bb167ff2cfb
SHA256 9bc71954b455f0e225a1454bec4d0804fef0f2bd5943618c79ba6048ca765166
SHA512 c8cda9a7bfe0aca03c5174c972648e202f08ed8e1cbfa1fa61f1265996ba406c06dc4bc588450bb93d95d1d45157267e78247c8a98031131aed92a5d8d05a900

memory/2760-41-0x000000013F800000-0x000000013FB51000-memory.dmp

C:\Windows\system\XXyzBYe.exe

MD5 25647acfa4fb09b385a14551fed45fea
SHA1 c3c50cd69d1a656dca7121a65f58110530b38210
SHA256 c17f1a4be1139a48a35a4f8458872dd5fd510075b888270c68a2558a7799b53d
SHA512 7d54284693b00ce40393a8d7f5e40c7314432058c72461acb0cded9cf3fa83e613c912334ef7be2343cea10427710dfeb0706cd33a5a2fe83a856ce05b60d600

memory/1132-48-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2632-49-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2468-55-0x000000013F620000-0x000000013F971000-memory.dmp

\Windows\system\gMZVdsY.exe

MD5 f8a1f2d2d7774eb30860d4942f0b92be
SHA1 a6995cd7b5552dff789363babd67f3fd89c2b165
SHA256 a54a96bd1bf7c77f70100bede62e31a7daf5ae28b9c954ed727a9db94573608a
SHA512 0aab44ad6a7a3f8e12c097b17fdedaa9046754c3173debccb8b8ad0e1b22e94a6fe8f6cc09fed59714f1970336a6e615d3359d76a8c87ef623684a58ca19917d

memory/2456-69-0x000000013FD80000-0x00000001400D1000-memory.dmp

C:\Windows\system\uOGNfcq.exe

MD5 9c5de2378ff40ee1fb1a2425a6c79587
SHA1 a6f66d873933f30a68ae090cafc939c0f998402f
SHA256 4541bf881a3e5b4e933cc4884d49434431d7cbc9aaecfb0501b964b748a28da6
SHA512 7117a576bbc232c88afdd6dcc4da73dc3ab1025c7af9dd9c7504004ebb55faa4065d76ce37a1363da23df32fa0d84ffb09ac19983cd667b979d9619d91274529

memory/1132-83-0x000000013F1F0000-0x000000013F541000-memory.dmp

memory/2720-91-0x000000013F540000-0x000000013F891000-memory.dmp

\Windows\system\doGeNvY.exe

MD5 ee3ac1f5fff95f175219266abf275891
SHA1 11bdccec27a957d577cf519b6d024b4c5cf7ad86
SHA256 86490d8c97eee7b7de020559603577e09fc54eb60eb983a53b889c661c2c7fed
SHA512 d241fabdc14b94a08bd08ece5783368102dbff0977731346ac0754b8a5c3cfc7f518a602bbfe912291ca6c071fd5eeeda2a37ffd2541bec10bceacf8aadcd7ce

memory/2656-98-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/1132-106-0x000000013F5B0000-0x000000013F901000-memory.dmp

C:\Windows\system\AJFCvMB.exe

MD5 f3aef3d64de7c85111a74be8cddd84fe
SHA1 e609ee922682d2c49c872b314b3541763c00d306
SHA256 3895e03031f066efa33899938835bc6c7134ab9b1576002ff2579a5e59bec3f2
SHA512 3466ca8aefe4ec434a7e178df12260e1b922902c5f2d568eeeb988b75fba50c289bb2273909f8c755945ddf29b56d1c9ce651be3413541db0577bd603df08e0e

C:\Windows\system\LYSPCMR.exe

MD5 7ec7db358941f3035db8beeb15e824e3
SHA1 8ad4d4f08e8db8f13cf0b5f7c496aac7f611ca15
SHA256 381a5e905d1d14ed41e22fa7be3bc0a07bad0237d82665a03a1161e389d4d300
SHA512 1f981ae404e9688366f16e6fd014f10ec00452273f795dd93a2dbe7173cdba5396864ee491223d89f8df2025019e8a485552787f219058447459a451ed893b32

C:\Windows\system\OIyiUNR.exe

MD5 272df74a390b35a09b5a0cbce5b763bb
SHA1 f0ed4d3995dd3f69fb4e95a000cda150b2b18d1b
SHA256 b39076ebb0e320d8392bb266bcfa9c62bb30609df9167193215ede4a5c9d7dcd
SHA512 1cfe304e5161738663539096b41e8eba48162ae7c0cd7100226a98fda4f0f9e910620606a93661b18dc0884bad4c60b0b0f0050e427aff87e49de3bdf3e4c408

C:\Windows\system\AHZuLTq.exe

MD5 cf9f9b144db9dfc47640996d1ef0c2c0
SHA1 a0584163d270238d486b5fe50143a7c7eaa5ced8
SHA256 817746255395a6873f4842625e4ec3112f689932d60b04f990e9523cb0b810ea
SHA512 39a8c01683ac3bdeb6f46ed082a9c842646eb0b77334af147e9036b9a2b0df2864fb5a0c5f22884a5c0d2fdf28c4ad960afac51cfd0261e0d2bcff07f4d968f1

memory/2468-1012-0x000000013F620000-0x000000013F971000-memory.dmp

memory/2456-1102-0x000000013FD80000-0x00000001400D1000-memory.dmp

C:\Windows\system\DAGYUrk.exe

MD5 867af86a948ca8a7545ba51d3fadb6ec
SHA1 fa515a3c3502481118ef2d47ef119c972a17acad
SHA256 1e58e7d36bd909eb8e0db130939ffb76402c927b999f09c5cb9763173cd605f1
SHA512 0da939a52370cdff00a7605c27769c115876d98fde97f4cc2743c9161bd1ea34f6714b05eefaa607f2266642aeb4c5f933dbb5f69b2305da969e27ea591892b5

C:\Windows\system\RWnSyUi.exe

MD5 1a3666ebecadb149dbfc109e365049c2
SHA1 5a5d3be96dc3f1a678707831d7c2a1cda2b2f055
SHA256 7ade2839014e90ec30231ef506f89af8d61a2d370459ebcd7275fef3abb347fc
SHA512 a1773d00ff7ff1ef58218000ae8f4f8f0ff3be8e645615162e9d99fd874ec3479bad18234e50042fea536380527d84b69ef5c201f34f1cb4ba4d4c457303e8de

C:\Windows\system\jIMyFAB.exe

MD5 f0b89e55829a0efd6ebb33067cd37c29
SHA1 5b16305b5ed2fd8aa426281b1fd5e0afbfe8d398
SHA256 385e84b6b250c88ec1fc0825a0e91a7e2a72823daf10bf44f22272e861f1797c
SHA512 a6fd58b0f27e5b9e57fe957109b4c3413bddd45986c710ec5aa8827b66d8cbff4c761a39c974d2db4d82ece49af57ce24eddf1b42d3315e6b0ea62504a309c84

C:\Windows\system\focyhnQ.exe

MD5 54cba1076cd6708fa2fd594b564f3a8d
SHA1 c638d67f4a3598af95f6532024841da8d416d654
SHA256 1820a11e66d6147fd74d5fc51e2385b7294087d1970a93b891c21865b45dd382
SHA512 202ac77a8279c91a75cee1c2b0d8a450a70106a793179234b369d3244b8ee9dd7f044ffc499d2697f94744b787da459e52872df01eed06ff5bee356eea693ec6

C:\Windows\system\HvHJXVd.exe

MD5 9aee6cc8becb006ac726ecba3e71a581
SHA1 9470ce5a9f8bbb57baf1a9be5a742aad6f363f6c
SHA256 3f913438e29a74715c3ba19e73291dec56515a1b66c6e85b2d1b73380aaedf3c
SHA512 a8e0707ffe2d56ceda4e74d475602eb756790067d121e03093f2e0305cfb96855cca18e3387985c4c68aa92e75e269fc206926df52a2fb15e3877daaae8a3f67

C:\Windows\system\ivcbRKi.exe

MD5 3607f01055dcc1853b509816d7339c25
SHA1 cdd96f1ecfbaf702217496f2e72d4e9d9b5a562b
SHA256 4384c341cde6b96d68cbe149b810279d79b3bd10c0482737ff1278207c1c452f
SHA512 66088f0fa6bdeacc7ac0a1f2461a6b278835cfc8975b708b61d09f91ccaf635e14691d22e5e8553f57bc174cdd659c3b770c611024e3b3b72f3e6d847cb850fa

C:\Windows\system\vwjwUUH.exe

MD5 4b53ed839b8f35702dd39cb0f83d7750
SHA1 6f87de30e758f888bd68ae334923d689ce31006d
SHA256 9a3c888c56ff4f112f5806c510f9c18dafb4966bc013f78f406fe181d328aa22
SHA512 6c46b825005cedf4c9aaf11e2e91d69aef79d9e8df024d03bd55f75a68bba136ac369ac29b6db80b28f08d17411d398a41962ec4c6adda2845693ffd0fd9f726

C:\Windows\system\dtncONk.exe

MD5 08cece74e892a761a31a31ecb39e427e
SHA1 8285a1bac4cebaac76da0341e6232fc653592257
SHA256 397f65527dfaa371f21a7bb92f728a4410366b672f22c4a7561ee0d5913e2338
SHA512 fc2c2edcd8cc8c79051fdea442ba37f2e7111428654c62d07933a714499ada19e7f504538026e05ed08990d7cacdc27d71cc78b21bb757b736399d92ba9eb392

C:\Windows\system\JZyRhrN.exe

MD5 f25d47318e5250620fd2540d18bd2ce5
SHA1 479eaf1a79c15cbc7c0ca64c0abf54d0c9873869
SHA256 945a8cbfd4117a3188e45ba60d9ba298560d71892b1fdef10f221834efcb55c3
SHA512 2c3a78cc006dd528c90153febfdd93814d4598c3b00876502d92b6929c6598919f1b608828651bd0402a9a0258c2b986c5f50ac9b081eacc4dc844532d0a723d

C:\Windows\system\tyTagSy.exe

MD5 e07b0221a0a6015954fa886b3e80f5a5
SHA1 deb69cdb7a71f031fd910cc5bb7970dd7a4d4955
SHA256 cbf4962d803ebef23c745667aabf0af7e8da91a552d4d61500273dc05b79f925
SHA512 607bb47c62bfd290fe1f6526ddcca319e316a15aaed4c4fa94301d9e84758030926a7c3e6776e5edffc699aae62c397c306b09c94315da494cf43935f5792a5d

C:\Windows\system\Qsbfnvr.exe

MD5 5982175659a9e7c80a4cf0d8dc95f81f
SHA1 6a22ba9dfeb2c61d7d7d1fa54c9da540d7c43cbd
SHA256 abaaadf677def9368687a90159e3614c639ff3902a12d790ea0c57673ad18373
SHA512 278fe0054a06ad06712a52e006164e4853d9ce129db7d7350269a50c5d9c23d714953e69e2c5c17e81c154a6f782b9f5c27e15203150449321d6c4de2cbff3ea

C:\Windows\system\huAJgaw.exe

MD5 c0f5b3461fb46a0b40247ecd6ae32866
SHA1 8cb8c7c716604bd0fda7e1d7e4e4c2a48a4ef8b2
SHA256 2fe1e11508808ea8f7e31c60d2f8fc9eb30e8789e960dd647f8ad75a38dd4f74
SHA512 3545160daadf20c860a6e57011956531f467cd9a113a5d21b17923b74874d6106dbf2c90b871ff105012a4c14c613737ba3bdc04429a5da1eff6b8b68d6f80de

C:\Windows\system\mGbJuZL.exe

MD5 03c5a81303b8f8da9d85781a08296111
SHA1 df7ff8d746e3b51d33a04b39d0ff59897a8803cd
SHA256 5282971f78c36327c9eeac9615e34d6a3b8bcb145c8e27c0b250c78097f9864f
SHA512 c9804f8d1b0ad2c73a2e6bdda6c3847be53b9e33ad505accfb4afb64706cbaf8cded4dc359291b43fa6e63d38307a634092aa96efb3a666adf7f36634a69b172

memory/2760-105-0x000000013F800000-0x000000013FB51000-memory.dmp

C:\Windows\system\MbBROfc.exe

MD5 86224de6a23f11214d03ee1ae4809c80
SHA1 c95f6d54f5cc65b2d2022b9ee550367a6d70cae3
SHA256 a2d37063aac48bd207d69f510bf627444e6f7e5d38d75b0e34d6a466133adada
SHA512 8e7e7bd424064876b374497a7de11b5d3dea6918535c5eaee37fff332013f9275f6db08ddaccb4aa8c1cb31f7092774710efe45eb58e954f0b408afc26375857

memory/2544-99-0x000000013FE50000-0x00000001401A1000-memory.dmp

memory/1132-93-0x000000013FE50000-0x00000001401A1000-memory.dmp

memory/1132-90-0x0000000001D60000-0x00000000020B1000-memory.dmp

memory/2216-84-0x000000013FCC0000-0x0000000140011000-memory.dmp

C:\Windows\system\keFOwDk.exe

MD5 c9b0359259f80aa7ad70ba62a132959a
SHA1 18afb53812f8cd7b6fccd4ea756eecceefb1cba5
SHA256 f0e150d11d45e894d7b22acc92f16adbb16318f0c218bdfa07f74f6f5e08f67c
SHA512 6e9156b3717c1bf872e316bd7ac80968a5bc865433f00aa4b59be9f87faa24f92f47c8fb5099eb4cd27ae2a73645f75cc42e98ff309c63de71dcea2ef82b5f78

memory/2916-77-0x000000013FB60000-0x000000013FEB1000-memory.dmp

memory/1132-76-0x000000013FB60000-0x000000013FEB1000-memory.dmp

C:\Windows\system\xrTafOr.exe

MD5 a3c27edf5fc4c0326b27a456dfeb24d6
SHA1 732979679f99c5faf521f51901fd71a60f471a7b
SHA256 ffccee4fd9ecd6ee91adf428f54ab3299357b4e8db071e8ad2555707a740e034
SHA512 14ec6f4ac31b5502532d3a54364b7afec7d81dc5042471a0e8091a6beb1c6ce82e761756fa3336c4054dfbf69bf3addef52cfa54dd446622c9d7c7d30fd19736

memory/1132-67-0x000000013FD80000-0x00000001400D1000-memory.dmp

memory/2240-66-0x000000013FBE0000-0x000000013FF31000-memory.dmp

memory/1132-65-0x000000013FBE0000-0x000000013FF31000-memory.dmp

C:\Windows\system\rQfUctd.exe

MD5 07828cf4d0bc1f9ef453a19ff0066946
SHA1 5ba8b7ddfc226dbbb711b01e4adcc24d11f69dfc
SHA256 e6d10824148d8ef174e34927c525e9e5634454ee739ca5b73f23b3ed9db69673
SHA512 e01520a6941a2a7b0da9739c059b2ab88fe134ec4a9353fc540bf7834fe8965fd3cb4cdf0924179b71de7b1c885c9bff34a3e8529c7705a1c55f76e6bd5c9902

memory/1132-54-0x000000013F620000-0x000000013F971000-memory.dmp

C:\Windows\system\DQodrkz.exe

MD5 e575e1f0637064244ebccb78fb02b18a
SHA1 1552ab164eee4bb2ecc73fa22d5a1a83a2f54519
SHA256 3a85ab4602eb33b35e659aa4eba35a4eb3a054149a4bfff1fc5c3b4a558b1e44
SHA512 52e203892affceb2ea176cc5ffd6988c473413fd92d235245903b19e917b26f0782bef28b67c74a26e7444de008be79dcd0e114d4198723edeecb2b2bce67a1e

memory/2684-36-0x000000013F390000-0x000000013F6E1000-memory.dmp

memory/2656-33-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/1132-32-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/2584-22-0x000000013F500000-0x000000013F851000-memory.dmp

memory/1132-21-0x0000000001D60000-0x00000000020B1000-memory.dmp

memory/2748-15-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/1132-13-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/1132-1103-0x0000000001D60000-0x00000000020B1000-memory.dmp

memory/1132-1136-0x000000013FE50000-0x00000001401A1000-memory.dmp

memory/1132-1137-0x000000013F5B0000-0x000000013F901000-memory.dmp

memory/2352-1185-0x000000013F910000-0x000000013FC61000-memory.dmp

memory/2748-1187-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/2584-1189-0x000000013F500000-0x000000013F851000-memory.dmp

memory/2656-1193-0x000000013F980000-0x000000013FCD1000-memory.dmp

memory/2684-1191-0x000000013F390000-0x000000013F6E1000-memory.dmp

memory/2632-1197-0x000000013FA50000-0x000000013FDA1000-memory.dmp

memory/2760-1195-0x000000013F800000-0x000000013FB51000-memory.dmp

memory/2468-1199-0x000000013F620000-0x000000013F971000-memory.dmp

memory/2240-1201-0x000000013FBE0000-0x000000013FF31000-memory.dmp

memory/2916-1205-0x000000013FB60000-0x000000013FEB1000-memory.dmp

memory/2456-1203-0x000000013FD80000-0x00000001400D1000-memory.dmp

memory/2216-1207-0x000000013FCC0000-0x0000000140011000-memory.dmp

memory/2720-1209-0x000000013F540000-0x000000013F891000-memory.dmp

memory/2544-1211-0x000000013FE50000-0x00000001401A1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 02:19

Reported

2024-06-09 02:22

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\WlGLcsp.exe N/A
N/A N/A C:\Windows\System\zdTCpKa.exe N/A
N/A N/A C:\Windows\System\FZMXVwI.exe N/A
N/A N/A C:\Windows\System\NrAqhtm.exe N/A
N/A N/A C:\Windows\System\FpZJgIO.exe N/A
N/A N/A C:\Windows\System\jEchZVt.exe N/A
N/A N/A C:\Windows\System\hIvjtFn.exe N/A
N/A N/A C:\Windows\System\WXZZouc.exe N/A
N/A N/A C:\Windows\System\ltfkITW.exe N/A
N/A N/A C:\Windows\System\AnqdfwB.exe N/A
N/A N/A C:\Windows\System\TLzzaJm.exe N/A
N/A N/A C:\Windows\System\uoCDLCY.exe N/A
N/A N/A C:\Windows\System\ineaQJe.exe N/A
N/A N/A C:\Windows\System\GCLJTau.exe N/A
N/A N/A C:\Windows\System\LHmHRlM.exe N/A
N/A N/A C:\Windows\System\vePVBBO.exe N/A
N/A N/A C:\Windows\System\xDOACvc.exe N/A
N/A N/A C:\Windows\System\qupaoqM.exe N/A
N/A N/A C:\Windows\System\BaTsdNI.exe N/A
N/A N/A C:\Windows\System\PungjIG.exe N/A
N/A N/A C:\Windows\System\USGohCd.exe N/A
N/A N/A C:\Windows\System\TnCuYGV.exe N/A
N/A N/A C:\Windows\System\NJdZHNA.exe N/A
N/A N/A C:\Windows\System\mBfIEkF.exe N/A
N/A N/A C:\Windows\System\EHmrCCw.exe N/A
N/A N/A C:\Windows\System\xIaQqsS.exe N/A
N/A N/A C:\Windows\System\CNciicN.exe N/A
N/A N/A C:\Windows\System\TWrpJSV.exe N/A
N/A N/A C:\Windows\System\dRhjULU.exe N/A
N/A N/A C:\Windows\System\sXfLkct.exe N/A
N/A N/A C:\Windows\System\HKHsuyt.exe N/A
N/A N/A C:\Windows\System\pJCFNiU.exe N/A
N/A N/A C:\Windows\System\TLczdGO.exe N/A
N/A N/A C:\Windows\System\VvnMEoq.exe N/A
N/A N/A C:\Windows\System\vhrVejU.exe N/A
N/A N/A C:\Windows\System\styVJWs.exe N/A
N/A N/A C:\Windows\System\lMAqUNI.exe N/A
N/A N/A C:\Windows\System\ZsPPTVo.exe N/A
N/A N/A C:\Windows\System\TNERcMa.exe N/A
N/A N/A C:\Windows\System\QZUTdPz.exe N/A
N/A N/A C:\Windows\System\yTMwNlP.exe N/A
N/A N/A C:\Windows\System\gVFMEuG.exe N/A
N/A N/A C:\Windows\System\QYVJpgo.exe N/A
N/A N/A C:\Windows\System\xAkYmYI.exe N/A
N/A N/A C:\Windows\System\rNyRyux.exe N/A
N/A N/A C:\Windows\System\hhzDuSb.exe N/A
N/A N/A C:\Windows\System\fCXeCSs.exe N/A
N/A N/A C:\Windows\System\mWxjVdz.exe N/A
N/A N/A C:\Windows\System\DCZPoKI.exe N/A
N/A N/A C:\Windows\System\LtrXBOE.exe N/A
N/A N/A C:\Windows\System\czAIZvA.exe N/A
N/A N/A C:\Windows\System\MaqJxOM.exe N/A
N/A N/A C:\Windows\System\MRZBYqa.exe N/A
N/A N/A C:\Windows\System\uclHLeX.exe N/A
N/A N/A C:\Windows\System\jnNZpwk.exe N/A
N/A N/A C:\Windows\System\VMolngu.exe N/A
N/A N/A C:\Windows\System\SRXMEbw.exe N/A
N/A N/A C:\Windows\System\SiRZOkh.exe N/A
N/A N/A C:\Windows\System\pJpLgdF.exe N/A
N/A N/A C:\Windows\System\cmxbTzE.exe N/A
N/A N/A C:\Windows\System\rcVeQgJ.exe N/A
N/A N/A C:\Windows\System\agqvDlX.exe N/A
N/A N/A C:\Windows\System\AKlWsyc.exe N/A
N/A N/A C:\Windows\System\CNXmsCD.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\TNERcMa.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGaYOoq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\xkErpgp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZsPPTVo.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\SiRZOkh.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPGyAxn.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\qnszocD.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ytwDDZG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\czAIZvA.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\PungjIG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKHsuyt.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\trATEDG.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TtJWDrW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\JiFIFIV.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnNIGlP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWTRNZP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltfkITW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\UbtCohv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\mKoVTit.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPPkLyq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkfTjrP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\byxqANL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmUVuYB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPTliuC.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLczdGO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZGzuSE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\CJqRWNP.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\rdSCldY.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\mZbsUnF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjwoABK.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\riTiYoH.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pJCFNiU.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\mWNaiSB.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\vECbNto.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykeXNOv.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnmpgss.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\styVJWs.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\XZiJRdO.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\bMfZsPR.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\UvdYNQs.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ebOhyvN.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFZxkqi.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOtTDoT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\YEqiZCQ.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\WHdxwNW.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxxmxZp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\cmxbTzE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSLqiFr.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANrTTFq.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTqVBxp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLzzaJm.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\pJpLgdF.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivmPLgw.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\BwzbMvi.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\tNbkDNX.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\iZFVXPL.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSyipsp.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBEwCDT.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FZMXVwI.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\LtrXBOE.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\IXWUteV.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\oNrRtDf.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\ineaQJe.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
File created C:\Windows\System\FihzQyV.exe C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4608 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\WlGLcsp.exe
PID 4608 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\WlGLcsp.exe
PID 4608 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FZMXVwI.exe
PID 4608 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FZMXVwI.exe
PID 4608 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zdTCpKa.exe
PID 4608 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\zdTCpKa.exe
PID 4608 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NrAqhtm.exe
PID 4608 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NrAqhtm.exe
PID 4608 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FpZJgIO.exe
PID 4608 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\FpZJgIO.exe
PID 4608 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\jEchZVt.exe
PID 4608 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\jEchZVt.exe
PID 4608 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\hIvjtFn.exe
PID 4608 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\hIvjtFn.exe
PID 4608 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\WXZZouc.exe
PID 4608 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\WXZZouc.exe
PID 4608 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ltfkITW.exe
PID 4608 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ltfkITW.exe
PID 4608 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\AnqdfwB.exe
PID 4608 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\AnqdfwB.exe
PID 4608 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TLzzaJm.exe
PID 4608 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TLzzaJm.exe
PID 4608 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\uoCDLCY.exe
PID 4608 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\uoCDLCY.exe
PID 4608 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ineaQJe.exe
PID 4608 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\ineaQJe.exe
PID 4608 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\GCLJTau.exe
PID 4608 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\GCLJTau.exe
PID 4608 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\LHmHRlM.exe
PID 4608 wrote to memory of 184 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\LHmHRlM.exe
PID 4608 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\vePVBBO.exe
PID 4608 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\vePVBBO.exe
PID 4608 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xDOACvc.exe
PID 4608 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xDOACvc.exe
PID 4608 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\qupaoqM.exe
PID 4608 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\qupaoqM.exe
PID 4608 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\BaTsdNI.exe
PID 4608 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\BaTsdNI.exe
PID 4608 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PungjIG.exe
PID 4608 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\PungjIG.exe
PID 4608 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\USGohCd.exe
PID 4608 wrote to memory of 3888 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\USGohCd.exe
PID 4608 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TnCuYGV.exe
PID 4608 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TnCuYGV.exe
PID 4608 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NJdZHNA.exe
PID 4608 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\NJdZHNA.exe
PID 4608 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mBfIEkF.exe
PID 4608 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\mBfIEkF.exe
PID 4608 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\EHmrCCw.exe
PID 4608 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\EHmrCCw.exe
PID 4608 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xIaQqsS.exe
PID 4608 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\xIaQqsS.exe
PID 4608 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\CNciicN.exe
PID 4608 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\CNciicN.exe
PID 4608 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TWrpJSV.exe
PID 4608 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\TWrpJSV.exe
PID 4608 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\dRhjULU.exe
PID 4608 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\dRhjULU.exe
PID 4608 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sXfLkct.exe
PID 4608 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\sXfLkct.exe
PID 4608 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\HKHsuyt.exe
PID 4608 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\HKHsuyt.exe
PID 4608 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\pJCFNiU.exe
PID 4608 wrote to memory of 4132 N/A C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe C:\Windows\System\pJCFNiU.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0b29d3e9ad88c807350e7f9041ed1260_NeikiAnalytics.exe"

C:\Windows\System\WlGLcsp.exe

C:\Windows\System\WlGLcsp.exe

C:\Windows\System\FZMXVwI.exe

C:\Windows\System\FZMXVwI.exe

C:\Windows\System\zdTCpKa.exe

C:\Windows\System\zdTCpKa.exe

C:\Windows\System\NrAqhtm.exe

C:\Windows\System\NrAqhtm.exe

C:\Windows\System\FpZJgIO.exe

C:\Windows\System\FpZJgIO.exe

C:\Windows\System\jEchZVt.exe

C:\Windows\System\jEchZVt.exe

C:\Windows\System\hIvjtFn.exe

C:\Windows\System\hIvjtFn.exe

C:\Windows\System\WXZZouc.exe

C:\Windows\System\WXZZouc.exe

C:\Windows\System\ltfkITW.exe

C:\Windows\System\ltfkITW.exe

C:\Windows\System\AnqdfwB.exe

C:\Windows\System\AnqdfwB.exe

C:\Windows\System\TLzzaJm.exe

C:\Windows\System\TLzzaJm.exe

C:\Windows\System\uoCDLCY.exe

C:\Windows\System\uoCDLCY.exe

C:\Windows\System\ineaQJe.exe

C:\Windows\System\ineaQJe.exe

C:\Windows\System\GCLJTau.exe

C:\Windows\System\GCLJTau.exe

C:\Windows\System\LHmHRlM.exe

C:\Windows\System\LHmHRlM.exe

C:\Windows\System\vePVBBO.exe

C:\Windows\System\vePVBBO.exe

C:\Windows\System\xDOACvc.exe

C:\Windows\System\xDOACvc.exe

C:\Windows\System\qupaoqM.exe

C:\Windows\System\qupaoqM.exe

C:\Windows\System\BaTsdNI.exe

C:\Windows\System\BaTsdNI.exe

C:\Windows\System\PungjIG.exe

C:\Windows\System\PungjIG.exe

C:\Windows\System\USGohCd.exe

C:\Windows\System\USGohCd.exe

C:\Windows\System\TnCuYGV.exe

C:\Windows\System\TnCuYGV.exe

C:\Windows\System\NJdZHNA.exe

C:\Windows\System\NJdZHNA.exe

C:\Windows\System\mBfIEkF.exe

C:\Windows\System\mBfIEkF.exe

C:\Windows\System\EHmrCCw.exe

C:\Windows\System\EHmrCCw.exe

C:\Windows\System\xIaQqsS.exe

C:\Windows\System\xIaQqsS.exe

C:\Windows\System\CNciicN.exe

C:\Windows\System\CNciicN.exe

C:\Windows\System\TWrpJSV.exe

C:\Windows\System\TWrpJSV.exe

C:\Windows\System\dRhjULU.exe

C:\Windows\System\dRhjULU.exe

C:\Windows\System\sXfLkct.exe

C:\Windows\System\sXfLkct.exe

C:\Windows\System\HKHsuyt.exe

C:\Windows\System\HKHsuyt.exe

C:\Windows\System\pJCFNiU.exe

C:\Windows\System\pJCFNiU.exe

C:\Windows\System\TLczdGO.exe

C:\Windows\System\TLczdGO.exe

C:\Windows\System\VvnMEoq.exe

C:\Windows\System\VvnMEoq.exe

C:\Windows\System\vhrVejU.exe

C:\Windows\System\vhrVejU.exe

C:\Windows\System\styVJWs.exe

C:\Windows\System\styVJWs.exe

C:\Windows\System\lMAqUNI.exe

C:\Windows\System\lMAqUNI.exe

C:\Windows\System\ZsPPTVo.exe

C:\Windows\System\ZsPPTVo.exe

C:\Windows\System\TNERcMa.exe

C:\Windows\System\TNERcMa.exe

C:\Windows\System\QZUTdPz.exe

C:\Windows\System\QZUTdPz.exe

C:\Windows\System\yTMwNlP.exe

C:\Windows\System\yTMwNlP.exe

C:\Windows\System\gVFMEuG.exe

C:\Windows\System\gVFMEuG.exe

C:\Windows\System\QYVJpgo.exe

C:\Windows\System\QYVJpgo.exe

C:\Windows\System\xAkYmYI.exe

C:\Windows\System\xAkYmYI.exe

C:\Windows\System\rNyRyux.exe

C:\Windows\System\rNyRyux.exe

C:\Windows\System\hhzDuSb.exe

C:\Windows\System\hhzDuSb.exe

C:\Windows\System\fCXeCSs.exe

C:\Windows\System\fCXeCSs.exe

C:\Windows\System\mWxjVdz.exe

C:\Windows\System\mWxjVdz.exe

C:\Windows\System\DCZPoKI.exe

C:\Windows\System\DCZPoKI.exe

C:\Windows\System\LtrXBOE.exe

C:\Windows\System\LtrXBOE.exe

C:\Windows\System\czAIZvA.exe

C:\Windows\System\czAIZvA.exe

C:\Windows\System\MaqJxOM.exe

C:\Windows\System\MaqJxOM.exe

C:\Windows\System\MRZBYqa.exe

C:\Windows\System\MRZBYqa.exe

C:\Windows\System\uclHLeX.exe

C:\Windows\System\uclHLeX.exe

C:\Windows\System\jnNZpwk.exe

C:\Windows\System\jnNZpwk.exe

C:\Windows\System\VMolngu.exe

C:\Windows\System\VMolngu.exe

C:\Windows\System\SRXMEbw.exe

C:\Windows\System\SRXMEbw.exe

C:\Windows\System\SiRZOkh.exe

C:\Windows\System\SiRZOkh.exe

C:\Windows\System\pJpLgdF.exe

C:\Windows\System\pJpLgdF.exe

C:\Windows\System\cmxbTzE.exe

C:\Windows\System\cmxbTzE.exe

C:\Windows\System\rcVeQgJ.exe

C:\Windows\System\rcVeQgJ.exe

C:\Windows\System\agqvDlX.exe

C:\Windows\System\agqvDlX.exe

C:\Windows\System\AKlWsyc.exe

C:\Windows\System\AKlWsyc.exe

C:\Windows\System\CNXmsCD.exe

C:\Windows\System\CNXmsCD.exe

C:\Windows\System\bUYVlyq.exe

C:\Windows\System\bUYVlyq.exe

C:\Windows\System\UbtCohv.exe

C:\Windows\System\UbtCohv.exe

C:\Windows\System\TfykENl.exe

C:\Windows\System\TfykENl.exe

C:\Windows\System\WHdxwNW.exe

C:\Windows\System\WHdxwNW.exe

C:\Windows\System\cItvSQU.exe

C:\Windows\System\cItvSQU.exe

C:\Windows\System\KnxfozK.exe

C:\Windows\System\KnxfozK.exe

C:\Windows\System\PzOnhbO.exe

C:\Windows\System\PzOnhbO.exe

C:\Windows\System\nbbHsRI.exe

C:\Windows\System\nbbHsRI.exe

C:\Windows\System\jxXeeOk.exe

C:\Windows\System\jxXeeOk.exe

C:\Windows\System\gOoHGho.exe

C:\Windows\System\gOoHGho.exe

C:\Windows\System\qasrYbV.exe

C:\Windows\System\qasrYbV.exe

C:\Windows\System\hOKmcCq.exe

C:\Windows\System\hOKmcCq.exe

C:\Windows\System\LVWRZAf.exe

C:\Windows\System\LVWRZAf.exe

C:\Windows\System\YZhDSoD.exe

C:\Windows\System\YZhDSoD.exe

C:\Windows\System\wSZtQOx.exe

C:\Windows\System\wSZtQOx.exe

C:\Windows\System\tUJPOOc.exe

C:\Windows\System\tUJPOOc.exe

C:\Windows\System\OePdjQc.exe

C:\Windows\System\OePdjQc.exe

C:\Windows\System\ivmPLgw.exe

C:\Windows\System\ivmPLgw.exe

C:\Windows\System\sRsprrR.exe

C:\Windows\System\sRsprrR.exe

C:\Windows\System\aMJOgkX.exe

C:\Windows\System\aMJOgkX.exe

C:\Windows\System\faAHwzz.exe

C:\Windows\System\faAHwzz.exe

C:\Windows\System\FihzQyV.exe

C:\Windows\System\FihzQyV.exe

C:\Windows\System\ApMgEiD.exe

C:\Windows\System\ApMgEiD.exe

C:\Windows\System\MAsfBYN.exe

C:\Windows\System\MAsfBYN.exe

C:\Windows\System\ixOFdBi.exe

C:\Windows\System\ixOFdBi.exe

C:\Windows\System\yYVoIru.exe

C:\Windows\System\yYVoIru.exe

C:\Windows\System\fUqZCUt.exe

C:\Windows\System\fUqZCUt.exe

C:\Windows\System\oVTUQOD.exe

C:\Windows\System\oVTUQOD.exe

C:\Windows\System\iKZPpLi.exe

C:\Windows\System\iKZPpLi.exe

C:\Windows\System\fgdocCf.exe

C:\Windows\System\fgdocCf.exe

C:\Windows\System\XZiJRdO.exe

C:\Windows\System\XZiJRdO.exe

C:\Windows\System\eWavKod.exe

C:\Windows\System\eWavKod.exe

C:\Windows\System\qwGQZQE.exe

C:\Windows\System\qwGQZQE.exe

C:\Windows\System\LlCsTFI.exe

C:\Windows\System\LlCsTFI.exe

C:\Windows\System\zzcvRqR.exe

C:\Windows\System\zzcvRqR.exe

C:\Windows\System\rwaeflq.exe

C:\Windows\System\rwaeflq.exe

C:\Windows\System\BwzbMvi.exe

C:\Windows\System\BwzbMvi.exe

C:\Windows\System\RtYUBqi.exe

C:\Windows\System\RtYUBqi.exe

C:\Windows\System\lEaeluM.exe

C:\Windows\System\lEaeluM.exe

C:\Windows\System\EkbVhzB.exe

C:\Windows\System\EkbVhzB.exe

C:\Windows\System\bgacnCw.exe

C:\Windows\System\bgacnCw.exe

C:\Windows\System\IXWUteV.exe

C:\Windows\System\IXWUteV.exe

C:\Windows\System\YBloJRo.exe

C:\Windows\System\YBloJRo.exe

C:\Windows\System\oXCkAZt.exe

C:\Windows\System\oXCkAZt.exe

C:\Windows\System\mKoVTit.exe

C:\Windows\System\mKoVTit.exe

C:\Windows\System\XSLqiFr.exe

C:\Windows\System\XSLqiFr.exe

C:\Windows\System\yPPkLyq.exe

C:\Windows\System\yPPkLyq.exe

C:\Windows\System\oiOHwZN.exe

C:\Windows\System\oiOHwZN.exe

C:\Windows\System\dPWWsWl.exe

C:\Windows\System\dPWWsWl.exe

C:\Windows\System\qaCUIxy.exe

C:\Windows\System\qaCUIxy.exe

C:\Windows\System\Vimhbyk.exe

C:\Windows\System\Vimhbyk.exe

C:\Windows\System\ZLInVGf.exe

C:\Windows\System\ZLInVGf.exe

C:\Windows\System\jPGyAxn.exe

C:\Windows\System\jPGyAxn.exe

C:\Windows\System\mWNaiSB.exe

C:\Windows\System\mWNaiSB.exe

C:\Windows\System\VMCNDuK.exe

C:\Windows\System\VMCNDuK.exe

C:\Windows\System\iijcIFn.exe

C:\Windows\System\iijcIFn.exe

C:\Windows\System\kHyXUkB.exe

C:\Windows\System\kHyXUkB.exe

C:\Windows\System\QryTFyN.exe

C:\Windows\System\QryTFyN.exe

C:\Windows\System\SxXPSJR.exe

C:\Windows\System\SxXPSJR.exe

C:\Windows\System\DlADSQa.exe

C:\Windows\System\DlADSQa.exe

C:\Windows\System\vECbNto.exe

C:\Windows\System\vECbNto.exe

C:\Windows\System\uuyaEXw.exe

C:\Windows\System\uuyaEXw.exe

C:\Windows\System\aXQOGZW.exe

C:\Windows\System\aXQOGZW.exe

C:\Windows\System\oPbSbiY.exe

C:\Windows\System\oPbSbiY.exe

C:\Windows\System\bMfZsPR.exe

C:\Windows\System\bMfZsPR.exe

C:\Windows\System\hRBymKA.exe

C:\Windows\System\hRBymKA.exe

C:\Windows\System\GpQiTIg.exe

C:\Windows\System\GpQiTIg.exe

C:\Windows\System\GNaRVrg.exe

C:\Windows\System\GNaRVrg.exe

C:\Windows\System\xhzqBiv.exe

C:\Windows\System\xhzqBiv.exe

C:\Windows\System\gzmDhLe.exe

C:\Windows\System\gzmDhLe.exe

C:\Windows\System\dfeBGfb.exe

C:\Windows\System\dfeBGfb.exe

C:\Windows\System\CesJkug.exe

C:\Windows\System\CesJkug.exe

C:\Windows\System\UvdYNQs.exe

C:\Windows\System\UvdYNQs.exe

C:\Windows\System\xBEdRET.exe

C:\Windows\System\xBEdRET.exe

C:\Windows\System\zAUXhPo.exe

C:\Windows\System\zAUXhPo.exe

C:\Windows\System\ANrTTFq.exe

C:\Windows\System\ANrTTFq.exe

C:\Windows\System\pKVsRct.exe

C:\Windows\System\pKVsRct.exe

C:\Windows\System\SiUjXwq.exe

C:\Windows\System\SiUjXwq.exe

C:\Windows\System\kddaIJg.exe

C:\Windows\System\kddaIJg.exe

C:\Windows\System\MGaYOoq.exe

C:\Windows\System\MGaYOoq.exe

C:\Windows\System\OiFjucf.exe

C:\Windows\System\OiFjucf.exe

C:\Windows\System\PEOTyDl.exe

C:\Windows\System\PEOTyDl.exe

C:\Windows\System\RrELNyr.exe

C:\Windows\System\RrELNyr.exe

C:\Windows\System\hkfTjrP.exe

C:\Windows\System\hkfTjrP.exe

C:\Windows\System\cmAmmYk.exe

C:\Windows\System\cmAmmYk.exe

C:\Windows\System\oTqVBxp.exe

C:\Windows\System\oTqVBxp.exe

C:\Windows\System\SKwJTal.exe

C:\Windows\System\SKwJTal.exe

C:\Windows\System\vucOiKd.exe

C:\Windows\System\vucOiKd.exe

C:\Windows\System\gQUiOba.exe

C:\Windows\System\gQUiOba.exe

C:\Windows\System\hXWgdEu.exe

C:\Windows\System\hXWgdEu.exe

C:\Windows\System\hKPLGKe.exe

C:\Windows\System\hKPLGKe.exe

C:\Windows\System\zicQwBs.exe

C:\Windows\System\zicQwBs.exe

C:\Windows\System\tiQIKtY.exe

C:\Windows\System\tiQIKtY.exe

C:\Windows\System\KGoQLmn.exe

C:\Windows\System\KGoQLmn.exe

C:\Windows\System\osdROXp.exe

C:\Windows\System\osdROXp.exe

C:\Windows\System\MZeEWHq.exe

C:\Windows\System\MZeEWHq.exe

C:\Windows\System\IXlvmoV.exe

C:\Windows\System\IXlvmoV.exe

C:\Windows\System\unPQUov.exe

C:\Windows\System\unPQUov.exe

C:\Windows\System\QozOIre.exe

C:\Windows\System\QozOIre.exe

C:\Windows\System\BowRCPh.exe

C:\Windows\System\BowRCPh.exe

C:\Windows\System\PzogUrx.exe

C:\Windows\System\PzogUrx.exe

C:\Windows\System\ykeXNOv.exe

C:\Windows\System\ykeXNOv.exe

C:\Windows\System\OoLcTQM.exe

C:\Windows\System\OoLcTQM.exe

C:\Windows\System\BfxHxEH.exe

C:\Windows\System\BfxHxEH.exe

C:\Windows\System\cuOGYFf.exe

C:\Windows\System\cuOGYFf.exe

C:\Windows\System\PDiUGeR.exe

C:\Windows\System\PDiUGeR.exe

C:\Windows\System\xIJioTA.exe

C:\Windows\System\xIJioTA.exe

C:\Windows\System\uKNCgyh.exe

C:\Windows\System\uKNCgyh.exe

C:\Windows\System\sjYIfmx.exe

C:\Windows\System\sjYIfmx.exe

C:\Windows\System\trATEDG.exe

C:\Windows\System\trATEDG.exe

C:\Windows\System\YVvYqVX.exe

C:\Windows\System\YVvYqVX.exe

C:\Windows\System\MZGzuSE.exe

C:\Windows\System\MZGzuSE.exe

C:\Windows\System\zqtYilu.exe

C:\Windows\System\zqtYilu.exe

C:\Windows\System\pOnZKod.exe

C:\Windows\System\pOnZKod.exe

C:\Windows\System\JIPDlNI.exe

C:\Windows\System\JIPDlNI.exe

C:\Windows\System\hOajPZE.exe

C:\Windows\System\hOajPZE.exe

C:\Windows\System\kIGfRxm.exe

C:\Windows\System\kIGfRxm.exe

C:\Windows\System\KxWwWVm.exe

C:\Windows\System\KxWwWVm.exe

C:\Windows\System\cVEYCMP.exe

C:\Windows\System\cVEYCMP.exe

C:\Windows\System\AnRDYIu.exe

C:\Windows\System\AnRDYIu.exe

C:\Windows\System\ebOhyvN.exe

C:\Windows\System\ebOhyvN.exe

C:\Windows\System\oDnREVi.exe

C:\Windows\System\oDnREVi.exe

C:\Windows\System\tNbkDNX.exe

C:\Windows\System\tNbkDNX.exe

C:\Windows\System\viMwzYy.exe

C:\Windows\System\viMwzYy.exe

C:\Windows\System\hsOHWbt.exe

C:\Windows\System\hsOHWbt.exe

C:\Windows\System\QtfnDtr.exe

C:\Windows\System\QtfnDtr.exe

C:\Windows\System\oNrRtDf.exe

C:\Windows\System\oNrRtDf.exe

C:\Windows\System\LYyqtXS.exe

C:\Windows\System\LYyqtXS.exe

C:\Windows\System\PRynILf.exe

C:\Windows\System\PRynILf.exe

C:\Windows\System\vKrqHlh.exe

C:\Windows\System\vKrqHlh.exe

C:\Windows\System\CpZVtVU.exe

C:\Windows\System\CpZVtVU.exe

C:\Windows\System\rPgnjgh.exe

C:\Windows\System\rPgnjgh.exe

C:\Windows\System\Eirpzgq.exe

C:\Windows\System\Eirpzgq.exe

C:\Windows\System\iMztQvA.exe

C:\Windows\System\iMztQvA.exe

C:\Windows\System\uHSsZfL.exe

C:\Windows\System\uHSsZfL.exe

C:\Windows\System\GMLHrEM.exe

C:\Windows\System\GMLHrEM.exe

C:\Windows\System\AOmjSFf.exe

C:\Windows\System\AOmjSFf.exe

C:\Windows\System\QkjAYbn.exe

C:\Windows\System\QkjAYbn.exe

C:\Windows\System\SGPQzPF.exe

C:\Windows\System\SGPQzPF.exe

C:\Windows\System\TtJWDrW.exe

C:\Windows\System\TtJWDrW.exe

C:\Windows\System\BuXUQlI.exe

C:\Windows\System\BuXUQlI.exe

C:\Windows\System\cRTmlww.exe

C:\Windows\System\cRTmlww.exe

C:\Windows\System\YOZFWIz.exe

C:\Windows\System\YOZFWIz.exe

C:\Windows\System\tjlyGQp.exe

C:\Windows\System\tjlyGQp.exe

C:\Windows\System\eXsYrTl.exe

C:\Windows\System\eXsYrTl.exe

C:\Windows\System\VwsUVHa.exe

C:\Windows\System\VwsUVHa.exe

C:\Windows\System\bsSZzOd.exe

C:\Windows\System\bsSZzOd.exe

C:\Windows\System\jhqSrui.exe

C:\Windows\System\jhqSrui.exe

C:\Windows\System\mMsJojH.exe

C:\Windows\System\mMsJojH.exe

C:\Windows\System\qoXGAsv.exe

C:\Windows\System\qoXGAsv.exe

C:\Windows\System\BQElXpx.exe

C:\Windows\System\BQElXpx.exe

C:\Windows\System\wrTFuFq.exe

C:\Windows\System\wrTFuFq.exe

C:\Windows\System\NsxYkgq.exe

C:\Windows\System\NsxYkgq.exe

C:\Windows\System\CJqRWNP.exe

C:\Windows\System\CJqRWNP.exe

C:\Windows\System\NnOpZRX.exe

C:\Windows\System\NnOpZRX.exe

C:\Windows\System\vvGzyjs.exe

C:\Windows\System\vvGzyjs.exe

C:\Windows\System\iZFVXPL.exe

C:\Windows\System\iZFVXPL.exe

C:\Windows\System\ROXSDih.exe

C:\Windows\System\ROXSDih.exe

C:\Windows\System\nloOERr.exe

C:\Windows\System\nloOERr.exe

C:\Windows\System\NYYKKCY.exe

C:\Windows\System\NYYKKCY.exe

C:\Windows\System\JiFIFIV.exe

C:\Windows\System\JiFIFIV.exe

C:\Windows\System\nfngKne.exe

C:\Windows\System\nfngKne.exe

C:\Windows\System\zUJsfEJ.exe

C:\Windows\System\zUJsfEJ.exe

C:\Windows\System\buirrUY.exe

C:\Windows\System\buirrUY.exe

C:\Windows\System\XRUFIop.exe

C:\Windows\System\XRUFIop.exe

C:\Windows\System\SwEtuGr.exe

C:\Windows\System\SwEtuGr.exe

C:\Windows\System\XBONSKH.exe

C:\Windows\System\XBONSKH.exe

C:\Windows\System\NFZxkqi.exe

C:\Windows\System\NFZxkqi.exe

C:\Windows\System\kSyipsp.exe

C:\Windows\System\kSyipsp.exe

C:\Windows\System\eHkkXEt.exe

C:\Windows\System\eHkkXEt.exe

C:\Windows\System\cLXoofg.exe

C:\Windows\System\cLXoofg.exe

C:\Windows\System\VTNmdSc.exe

C:\Windows\System\VTNmdSc.exe

C:\Windows\System\ivvMGgi.exe

C:\Windows\System\ivvMGgi.exe

C:\Windows\System\DOtTDoT.exe

C:\Windows\System\DOtTDoT.exe

C:\Windows\System\KkgKPfn.exe

C:\Windows\System\KkgKPfn.exe

C:\Windows\System\qnszocD.exe

C:\Windows\System\qnszocD.exe

C:\Windows\System\VCwAdQZ.exe

C:\Windows\System\VCwAdQZ.exe

C:\Windows\System\rdSCldY.exe

C:\Windows\System\rdSCldY.exe

C:\Windows\System\qtfAKus.exe

C:\Windows\System\qtfAKus.exe

C:\Windows\System\ZVxxyOE.exe

C:\Windows\System\ZVxxyOE.exe

C:\Windows\System\zkJwcmM.exe

C:\Windows\System\zkJwcmM.exe

C:\Windows\System\mZbsUnF.exe

C:\Windows\System\mZbsUnF.exe

C:\Windows\System\aMrEUVL.exe

C:\Windows\System\aMrEUVL.exe

C:\Windows\System\UYtSMTd.exe

C:\Windows\System\UYtSMTd.exe

C:\Windows\System\PAKcNWc.exe

C:\Windows\System\PAKcNWc.exe

C:\Windows\System\FTaXWVj.exe

C:\Windows\System\FTaXWVj.exe

C:\Windows\System\mDKgMns.exe

C:\Windows\System\mDKgMns.exe

C:\Windows\System\WcfQOcS.exe

C:\Windows\System\WcfQOcS.exe

C:\Windows\System\cCBgyWK.exe

C:\Windows\System\cCBgyWK.exe

C:\Windows\System\XFViUzB.exe

C:\Windows\System\XFViUzB.exe

C:\Windows\System\iBDlWwm.exe

C:\Windows\System\iBDlWwm.exe

C:\Windows\System\lwrmLhx.exe

C:\Windows\System\lwrmLhx.exe

C:\Windows\System\fnqzefQ.exe

C:\Windows\System\fnqzefQ.exe

C:\Windows\System\byxqANL.exe

C:\Windows\System\byxqANL.exe

C:\Windows\System\HdscgHJ.exe

C:\Windows\System\HdscgHJ.exe

C:\Windows\System\bniQmRZ.exe

C:\Windows\System\bniQmRZ.exe

C:\Windows\System\ISOohfy.exe

C:\Windows\System\ISOohfy.exe

C:\Windows\System\QOOqkGF.exe

C:\Windows\System\QOOqkGF.exe

C:\Windows\System\DNTuuhJ.exe

C:\Windows\System\DNTuuhJ.exe

C:\Windows\System\YlpVyqK.exe

C:\Windows\System\YlpVyqK.exe

C:\Windows\System\wOdUhGU.exe

C:\Windows\System\wOdUhGU.exe

C:\Windows\System\RBxKijz.exe

C:\Windows\System\RBxKijz.exe

C:\Windows\System\qecIjNC.exe

C:\Windows\System\qecIjNC.exe

C:\Windows\System\ZyjDxdj.exe

C:\Windows\System\ZyjDxdj.exe

C:\Windows\System\baPUEUn.exe

C:\Windows\System\baPUEUn.exe

C:\Windows\System\OIOGyPR.exe

C:\Windows\System\OIOGyPR.exe

C:\Windows\System\YEqiZCQ.exe

C:\Windows\System\YEqiZCQ.exe

C:\Windows\System\wPLsSVV.exe

C:\Windows\System\wPLsSVV.exe

C:\Windows\System\BmHTVFp.exe

C:\Windows\System\BmHTVFp.exe

C:\Windows\System\KzhuTAE.exe

C:\Windows\System\KzhuTAE.exe

C:\Windows\System\rhreQfs.exe

C:\Windows\System\rhreQfs.exe

C:\Windows\System\pjZnaTz.exe

C:\Windows\System\pjZnaTz.exe

C:\Windows\System\JaVcOre.exe

C:\Windows\System\JaVcOre.exe

C:\Windows\System\TXMdtCE.exe

C:\Windows\System\TXMdtCE.exe

C:\Windows\System\izhSFIo.exe

C:\Windows\System\izhSFIo.exe

C:\Windows\System\PnNIGlP.exe

C:\Windows\System\PnNIGlP.exe

C:\Windows\System\mmwhoUQ.exe

C:\Windows\System\mmwhoUQ.exe

C:\Windows\System\kmUVuYB.exe

C:\Windows\System\kmUVuYB.exe

C:\Windows\System\GjwoABK.exe

C:\Windows\System\GjwoABK.exe

C:\Windows\System\WdIHCsD.exe

C:\Windows\System\WdIHCsD.exe

C:\Windows\System\wvFlrnS.exe

C:\Windows\System\wvFlrnS.exe

C:\Windows\System\riTiYoH.exe

C:\Windows\System\riTiYoH.exe

C:\Windows\System\zHhmIBc.exe

C:\Windows\System\zHhmIBc.exe

C:\Windows\System\TBEwCDT.exe

C:\Windows\System\TBEwCDT.exe

C:\Windows\System\PrZjSfz.exe

C:\Windows\System\PrZjSfz.exe

C:\Windows\System\abhErnG.exe

C:\Windows\System\abhErnG.exe

C:\Windows\System\bYGbFSE.exe

C:\Windows\System\bYGbFSE.exe

C:\Windows\System\xkErpgp.exe

C:\Windows\System\xkErpgp.exe

C:\Windows\System\sTSaYCh.exe

C:\Windows\System\sTSaYCh.exe

C:\Windows\System\tRuMyQi.exe

C:\Windows\System\tRuMyQi.exe

C:\Windows\System\ocNEsip.exe

C:\Windows\System\ocNEsip.exe

C:\Windows\System\ytwDDZG.exe

C:\Windows\System\ytwDDZG.exe

C:\Windows\System\Ufrohei.exe

C:\Windows\System\Ufrohei.exe

C:\Windows\System\gixFTPm.exe

C:\Windows\System\gixFTPm.exe

C:\Windows\System\hVTDCTO.exe

C:\Windows\System\hVTDCTO.exe

C:\Windows\System\ncxEMgp.exe

C:\Windows\System\ncxEMgp.exe

C:\Windows\System\vSJEBjI.exe

C:\Windows\System\vSJEBjI.exe

C:\Windows\System\cejIcpT.exe

C:\Windows\System\cejIcpT.exe

C:\Windows\System\DxxmxZp.exe

C:\Windows\System\DxxmxZp.exe

C:\Windows\System\FltXJLn.exe

C:\Windows\System\FltXJLn.exe

C:\Windows\System\OPTliuC.exe

C:\Windows\System\OPTliuC.exe

C:\Windows\System\uQEjHmZ.exe

C:\Windows\System\uQEjHmZ.exe

C:\Windows\System\dltWLYd.exe

C:\Windows\System\dltWLYd.exe

C:\Windows\System\pmBZbPz.exe

C:\Windows\System\pmBZbPz.exe

C:\Windows\System\cnmpgss.exe

C:\Windows\System\cnmpgss.exe

C:\Windows\System\JWFObkL.exe

C:\Windows\System\JWFObkL.exe

C:\Windows\System\vzGDLtp.exe

C:\Windows\System\vzGDLtp.exe

C:\Windows\System\RrHCkAF.exe

C:\Windows\System\RrHCkAF.exe

C:\Windows\System\UinmiAh.exe

C:\Windows\System\UinmiAh.exe

C:\Windows\System\gVoGsmJ.exe

C:\Windows\System\gVoGsmJ.exe

C:\Windows\System\EZXhENn.exe

C:\Windows\System\EZXhENn.exe

C:\Windows\System\NLYVOqP.exe

C:\Windows\System\NLYVOqP.exe

C:\Windows\System\hkOhiuw.exe

C:\Windows\System\hkOhiuw.exe

C:\Windows\System\BGPvXLm.exe

C:\Windows\System\BGPvXLm.exe

C:\Windows\System\TNccFsY.exe

C:\Windows\System\TNccFsY.exe

C:\Windows\System\XvfmQhk.exe

C:\Windows\System\XvfmQhk.exe

C:\Windows\System\CWTRNZP.exe

C:\Windows\System\CWTRNZP.exe

C:\Windows\System\MKIjtGF.exe

C:\Windows\System\MKIjtGF.exe

C:\Windows\System\qMKHRea.exe

C:\Windows\System\qMKHRea.exe

C:\Windows\System\WwBPHxv.exe

C:\Windows\System\WwBPHxv.exe

C:\Windows\System\KgcTyoW.exe

C:\Windows\System\KgcTyoW.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4608-0-0x00007FF673E70000-0x00007FF6741C1000-memory.dmp

memory/4608-1-0x000002ABBBC10000-0x000002ABBBC20000-memory.dmp

C:\Windows\System\WlGLcsp.exe

MD5 4111af6fbabff56e7578ae603b4fbb1b
SHA1 c8a1b18e42a0adf7370ff8cc468f73afcce2685e
SHA256 d52f350bbcc4a2007481d729dd145fc3514b435323ca06d581792be46f0e4593
SHA512 d46600591ddd22701e7bfd5b69911424c6eefbca005b45de6d48de8bea090c650059edb39f6c415c49f75a97ec0dd50a79270c101949b3cceb36768fca84238b

C:\Windows\System\FZMXVwI.exe

MD5 e09b9cc77dc9a7eb2449c00fdf9dad45
SHA1 0fedac0ec2fb267d82fa203afb9204fe18fc1cbe
SHA256 e1367b134edfb43575501761913e9f8ee8e4e3f1723f741f660e82789e29391a
SHA512 591fe4a7d71cca22c790daa7daf2d216abd6577b2a75939e5dc2c19dfb5e05f55c4de140ef84dfdee18b8be56c21c9be990da730859158cefa7f9f13be67455e

C:\Windows\System\FpZJgIO.exe

MD5 03efd1d12beb24fc256c9970f3e352a9
SHA1 3bb47ce02c93a82a688a8db9f61098cc419d7594
SHA256 1b01dd1cfe63739d97f362ec3b9f4e08e0c950825fdced2599fedf695eef5cef
SHA512 fa84fb1d3c1a4162c8cda6153f982b25d11d289e5b973f105988fff5885e53cf86fc50a4e5d1e19b18114bd3c1c235bbdb09a107bbf5a4252b153d5682c742f1

C:\Windows\System\hIvjtFn.exe

MD5 e7531ab54d650dfe25e543253117ccbf
SHA1 77398c030edc7dd0c8c916031bd8ca09a0872e08
SHA256 933b55693ddcd88b4ef077aa7449a1d80d9577f7ab1cdcc83284d563bf14e04f
SHA512 02cbf76fca1720ffc28173dc5da621673b1d9c9e1df9962b1067b3bfc5519fda4c69f6fc0b8f31723b72495a9af99e0684bc7842853ae2721853da701852d1fe

memory/1084-45-0x00007FF647600000-0x00007FF647951000-memory.dmp

C:\Windows\System\ltfkITW.exe

MD5 b2ab88008429897214238c36a56680d0
SHA1 e7ae46f650294206aaadf67adef97da1063d40a5
SHA256 31ea4ee48d56a3e6bb584cbc88767be10fdce88ec524aed89606bb896c200215
SHA512 c0402190cff566c0cfa796dc696115fa1d2464c5f888095ce61eac238051fdede3c3b6a4d5081a7db9be4fc3049b3adfac7f876124d96deb72e71170b03353e7

C:\Windows\System\ineaQJe.exe

MD5 aa99e42c0db78ed20bfd5cf84fc832ab
SHA1 c623a716c26b5af0b08146536540a384bcfba395
SHA256 b0a8739a026a78a2a35ea28c34c87e2a84bf2fbee6cd1c9507552cfbf936f6de
SHA512 b077075015ab4996d14fcea46b1ca6e6de61943d1f83ffd4bc37341d4fc568a3d7f5b2f47c63f8aac25780d5444e227ac899c9fb5677134e8ad0d2216f3152f6

C:\Windows\System\LHmHRlM.exe

MD5 58fb08b19a2f95821a40ffac4c3b6c8c
SHA1 2df9a3b3c37735d7e3cc876da2df449bdaceec2f
SHA256 e7d27984df85f697b51d6fb5cb08b32747e3580e965dfc4f94478467d4bda2ce
SHA512 18269d1e6812b4ac2e86af1494b25e8ba64808fbc046865250e09976d061ec861d4dda5277e5303486a2781310478290b67993890ac1a3d8b69681a5da24d1c5

C:\Windows\System\PungjIG.exe

MD5 80edc1476af0a6b1e5e2f77b7d0d55ef
SHA1 dd3775469c489fe12d948ba35c2c8385be13be7b
SHA256 9923198e65faeccb19d959a563791c33df074bfc76ee4987c6df9e328bccbb6c
SHA512 2994ba27d284525f21dc7230af231acaad710b7eb68815595570f7e84a42968a7bf71952065593f7a74e40439620dbc5f1e91fc1568e926d59d5d6d207d3db67

C:\Windows\System\CNciicN.exe

MD5 7cea857c53b6ce66c9515a1cfdddc71c
SHA1 f020e40dd2d69547e0418072478b5c1375eb333c
SHA256 ca3530f9f50793797e1a1b19bd6ee22d724370c4b434a45a3fae7fffe1fe43fe
SHA512 ad947f32e81d31bb6c534ab8d1ada2aea8b7619112ad9dcb1732ca99301b4914277ac827ad56290f8df49cf0a53918fde8a873fa069168a47d9b26d451e0970b

C:\Windows\System\dRhjULU.exe

MD5 1eebff35b2966b7898a498236e938226
SHA1 8ef0538d1b3aa0f7a219ecf3625160abdf80ca55
SHA256 e20444513a3f4cc49cd8733cf86e194b4891f53b2571a7cef0377ab062a4872c
SHA512 cfe93e98b62be73147daf0300a7d4abb5d9584e4df101f36506d98567bf50175c30cd19482fc220241ffdacde10e80d824d01eb7ffe654e08b4a07f6924f1628

memory/1312-432-0x00007FF62A360000-0x00007FF62A6B1000-memory.dmp

memory/2088-433-0x00007FF6CF630000-0x00007FF6CF981000-memory.dmp

memory/2260-434-0x00007FF6AE830000-0x00007FF6AEB81000-memory.dmp

memory/4376-441-0x00007FF7D0C70000-0x00007FF7D0FC1000-memory.dmp

memory/184-454-0x00007FF6CA6E0000-0x00007FF6CAA31000-memory.dmp

memory/1080-467-0x00007FF60EB70000-0x00007FF60EEC1000-memory.dmp

memory/2400-474-0x00007FF731EA0000-0x00007FF7321F1000-memory.dmp

memory/3996-486-0x00007FF7C6D70000-0x00007FF7C70C1000-memory.dmp

memory/3888-494-0x00007FF63F9B0000-0x00007FF63FD01000-memory.dmp

memory/2544-498-0x00007FF74D4B0000-0x00007FF74D801000-memory.dmp

memory/1380-510-0x00007FF7A1F10000-0x00007FF7A2261000-memory.dmp

memory/864-531-0x00007FF786410000-0x00007FF786761000-memory.dmp

memory/4908-552-0x00007FF6AE270000-0x00007FF6AE5C1000-memory.dmp

memory/1900-556-0x00007FF69C150000-0x00007FF69C4A1000-memory.dmp

memory/4312-540-0x00007FF735540000-0x00007FF735891000-memory.dmp

memory/468-537-0x00007FF7B6CC0000-0x00007FF7B7011000-memory.dmp

memory/2552-528-0x00007FF7CC6F0000-0x00007FF7CCA41000-memory.dmp

memory/2072-517-0x00007FF6BB190000-0x00007FF6BB4E1000-memory.dmp

memory/1064-490-0x00007FF77B2B0000-0x00007FF77B601000-memory.dmp

memory/1672-468-0x00007FF71DBA0000-0x00007FF71DEF1000-memory.dmp

memory/4824-435-0x00007FF645390000-0x00007FF6456E1000-memory.dmp

C:\Windows\System\TLczdGO.exe

MD5 c11c16bd69a63de5900c87c8709c4ca6
SHA1 d5b11b302c7c5ed8a9e8c3c53767511db748065d
SHA256 6a2754d49c501190c8045109423aa73a6a6ab724106b57ec269fb332faa3310c
SHA512 1cf3564d5af3e72e851d10e421de14ada8b0dde93c9ee51f89196ba42897d1d1f82fe92e6185ea907b943d8736711d9296fbc31b66dca229750f6659eeb187c2

C:\Windows\System\HKHsuyt.exe

MD5 5a482309b34875b317849eeca766b498
SHA1 04cdb090888e1ef93cda4de836721a8755ef41fd
SHA256 0ea12b2c35488d3d05430914bae535e68b0e3bdaa885a7191209908a0ba63b7e
SHA512 f67b143920dffbc9a103a77b26571118a7074d643824076e26dd88a0e8d5d9fa82e936a5a87d95b6b3c34ed9aed8cbd1b1ac6a3d6106f8403dc97cfcbcc5e7b4

C:\Windows\System\pJCFNiU.exe

MD5 d5affde9c469e9c81b8508ebb50883ef
SHA1 47aa3c38f3aad42f25dff118c556b1f56c483b77
SHA256 c53ddf87b42593a53fa459b5befd33349b4ecc3b355aa5d7df2202e18b05c0c3
SHA512 97d0faec6e737e2cc8165b0c0c1f437e7a46a41ca930e38cee6180bbbf63a9c6a8e41d7a3d3e3597afad991a34b51de1aeff7dc09f9c95c72dbb9607fbf18572

C:\Windows\System\sXfLkct.exe

MD5 6561e5e62eb262e300210f47afef8c62
SHA1 67fd77ed41dd2d49dad4f4cf89880592bfd3b260
SHA256 216e5b711aa9dd1b2436c79c0b99ff84251caacb1c12ff64b3c5b43a14a8ff5e
SHA512 286f8c83335534cd0d8bb22e659a8e29b0d89551dbb0f014c714025fd1a5d3bf830cb61a539f9e3cc9a64e6e7335f42cb6ab68e6091fb06bdc85854e7af6385f

C:\Windows\System\TWrpJSV.exe

MD5 019a3f35e0ccd4dbbd0b180cafd9ca5d
SHA1 74bb46a543bdc32edb5d6ab1a10dcab86ba511cd
SHA256 00a5fe2e595f32cdee3bb73fa21300479c01ae38cfde2fbdead2e1a1c8b2e759
SHA512 68b08d462279fa2494df0d5fbb25ab2227aa803c3c76adabb49839c15b60c0e736cc1612de84de3a6e46b57cd9388ed13b6f2e69f214762a1faa9113f82b454d

C:\Windows\System\xIaQqsS.exe

MD5 8d05fc49a34b810f155b3474f43a18da
SHA1 c9a503ec9c0e2ad5b4444a9194c31ed1de6b0f8d
SHA256 20b09828f5cdf9be4e076ed874ef0753df1d12d5aafe8d911441772cadf8de23
SHA512 0d4b8aeb2661bc62ee453fd31bb139a87c6d87ec4dbea8ef51b148c1edff3114def415d51052bd4eeeb731e1c37fd60bdf04754973880202aa2d084bc585881f

C:\Windows\System\EHmrCCw.exe

MD5 ee1416eb330bb5c13357c2eef376b89f
SHA1 86dfc4b1b61541d96892c3886046500410bd7f93
SHA256 4ce5644c6f260b09fa963df8cdb28ed7be83922acd53c5d9678041a53d238086
SHA512 9a648d34f6ef4cdc9de714d36b9b210f08552cf9c8bfcd18704af1b49842a80c8a3b72efd0e788d75afb65ed8dc029bec5e9aef82d15761362317c9ae456ed10

C:\Windows\System\mBfIEkF.exe

MD5 db87a8c46f2910d10845e0c15b04cfae
SHA1 cf7c6efcccb44c0dac23957400628690d46da1c1
SHA256 74a8a9659e52ab0e4e05c619ab3b788eeed6747416b68a4ecc6a80689cbbf315
SHA512 0a9b7b5f51f6a5771d236e0dce65758f2e77ffa638e4d3ccb55bd8152651247be49209a7dd3e473647011b471323015ea705269c95c9d067c5c7694b8dbbd880

C:\Windows\System\NJdZHNA.exe

MD5 47c916a05d0ac7c026aca23e340fe9dc
SHA1 dff682bdd7a93dc180f998db7972cc593071850b
SHA256 98795dcf13d9e6f74d2b0d51e04769ec3b6c704cf32f7c6bc3efbb9b3b890c25
SHA512 1c25c705b33146bd713a9251c4909cca4e9d57320771b3119951f8fcd38d619920f4acf79ed4f77a0c6651d36b52629ef19092a64840bec81bb2d6f3a43f4185

C:\Windows\System\TnCuYGV.exe

MD5 c1207e4c84e1c50927053489451c210a
SHA1 bdbcd56392af8c069d5cba2d275bdffad0ffe911
SHA256 de9a753dae127aed417aba90d6db605d3aa9bf61d70bac989499a4db5d0321aa
SHA512 14106f4974a6329eed5146262df6d453fe878d7d979ab5336cd0bb7ac09a59c9001703255331cbec7d9b43ab0e3b26a56150ae59af2b8b7499e1b1ba86ef9a8a

C:\Windows\System\USGohCd.exe

MD5 adbcc479211187ae1d72cd797fb1c904
SHA1 0411133144b519914193341b1b623cb311ef3eab
SHA256 b301a66f5464af610aed3ab998bae872d6bc08e785232a9ef3594a074263564e
SHA512 74f075ee665f10481f3e779ceb1254fa485ddb3c715403d74299d4ae4a62e2a12de938afb71230a91ea943037d4ffb49e9b221959986aa3df2ee81bf3bdd985f

C:\Windows\System\BaTsdNI.exe

MD5 cac875bcac74e7556531db699d15db15
SHA1 be802a3fc3accef073d67738f3cfb9728c91d7f3
SHA256 2c4e1ab80334f52c9c0fd7d17534d2d27c8cf0a5f6a12d4c7e9bf4a3a2f84aaa
SHA512 5bb9c4770db3c930f31c312ae25d93989778ffd95838a58f2bc1e15cdd8347a71223b70f21b0dccfa99022535720530e519bf16bc1a10fd280c7fd9276a03f09

C:\Windows\System\qupaoqM.exe

MD5 d2829d0b615cbfd04844286c694f7992
SHA1 285d409b9648d48735b9a1f3f41cb3931095344a
SHA256 65378dc25033a61a3af7920271315808bef4222645c550b9090cfff52dacdb92
SHA512 3f4a9e24caaae18873a90db06ac82be752c8c768af2e719ca2e151eb0fc2395ee0c3b03b8577d2b687d82a3091474ed1c0a28efbe02a4b3348cfbae7c81fb7b5

C:\Windows\System\xDOACvc.exe

MD5 07649e437ad9a942701d98716f7b0199
SHA1 c3560c14cdefbfcaf59746c754863a8f4d9ef164
SHA256 a6a9160361b6b666d7eb586502241c2692f8fc007a987ff74eea936003718bbe
SHA512 d3f41a240a29334ff77d9064545330d7d80a36641ef92708db71c8657345130d9151ec1386d74ad021c776f247a7e4f205e65b75231ac8b256bfd6203f61d053

C:\Windows\System\vePVBBO.exe

MD5 eb70a4f45b278ab8a1204d12bebe900c
SHA1 ecd4312e323b857ae39009558bb7d7ffdd57eef2
SHA256 fe0d675ac5e0d78f8337122dd5c4653ca77048b4ae3bf491af66d2d0ea1d3033
SHA512 f9d2c100d657c9c8d1a318939d6b0e4725793e560d84ef5f803f9db4c5e4c920545df61790597839107f7254c1f35cc888ccdbe26fa208fb6be595616b351be8

C:\Windows\System\GCLJTau.exe

MD5 3b94955d885f435b6666b6cceb88806e
SHA1 4f12a0b414743097c2015ffb0a4135f1014eb639
SHA256 690aba39003cabde408379b483437508fc87fba844f1d86e30e55e0b650d7968
SHA512 b7de51ac0c8e28f572864313d961a609ad6592a3ed443c247d547d9f5febeff1050a112868917d3da1a4da15e5e3993f512f0c4fb08a1a7a7b81a6d226003e78

C:\Windows\System\uoCDLCY.exe

MD5 77f9b42fa16b02daa00fc6ce487019df
SHA1 5bce3414d266680f108ebeb3d7f0e4b09b7496f8
SHA256 4932b5f26062e54b8d6a6899648faa7e1f1d3ce174afd0c11dc4486fc89b9540
SHA512 39844e2c2596ff9d7342fcdb3faa9237bbe247face26002baf10640140f7b018e670151704f28da4537fe0b304a92638f231aabe40690bcacfab2aa5541137f2

C:\Windows\System\TLzzaJm.exe

MD5 fde5d65038a3a2538b1379e9b1a8a7d0
SHA1 7403208bf67592b02539cb79cf918d0fff7d6393
SHA256 2120db431148a57af43d601a5c18d3cb3eb30c0e8ff05f6bb61e4b7aed9bd4d8
SHA512 de65b5e10dfc07bfabb9d14fc3c82a8f3caa695b0a26a89ec8982fce79f5a8abcc26795b82df84020c5de11b48de0fd50a16c1468509e31780619612f665d96c

C:\Windows\System\AnqdfwB.exe

MD5 01d9d9cf7ff303cc199431e912f48752
SHA1 8098a61b70130004a1e2535688e30e297e697328
SHA256 8eb1fdcee5e1917391add10a9cc21adfe1dd55373f6d040ef84a0a49b41561d8
SHA512 f011454aad5382afd7c0d7f3e77edc8d1e8208f0187dd11799c3a6aac1a47f7ed89b83adc0daad3d2715e85b0887a8bf50063cd509c674a91b704d1741001c50

memory/1028-55-0x00007FF6ABC60000-0x00007FF6ABFB1000-memory.dmp

memory/452-50-0x00007FF74BB80000-0x00007FF74BED1000-memory.dmp

C:\Windows\System\WXZZouc.exe

MD5 58bf075363de71b84c11fdaab2142d05
SHA1 3decb1645b8c7d4250bb5fb90fbe45b8bb4e07f8
SHA256 93c8ce2b29ede800c4cd63c7291b5c6a4b26734fc4f1bfe2b637d7f24a36c634
SHA512 e00a1210b26ca6f4626f904398a515d5617890d51bc6a684dbdacb29f02b29a6c1795091f1ae2cdcd4aacd4e897ec29a9352fa17072eaa9d3a4a862d8dc5616f

C:\Windows\System\jEchZVt.exe

MD5 9dff7094f160b99cc051743879a0a0c8
SHA1 b0a8cd012428eac469c5d11656b8753b4cc7dc28
SHA256 d94ea41ef14d6130fb6f2c96b6ca1df1567a92b97e8d59c0c6a42eb6cc31e0a3
SHA512 45db8fb69587cc919a2c700eec605642957407b6ce74d92f9bd48bb02c1c14dde9e160ba491291e9652b4ec36a348ce557a149f86c09362d31c8e57510f86a0b

memory/4364-35-0x00007FF79C600000-0x00007FF79C951000-memory.dmp

memory/1704-29-0x00007FF73E340000-0x00007FF73E691000-memory.dmp

memory/4984-25-0x00007FF6AC0B0000-0x00007FF6AC401000-memory.dmp

memory/3248-21-0x00007FF67FF90000-0x00007FF6802E1000-memory.dmp

C:\Windows\System\NrAqhtm.exe

MD5 d1c9ff47b8dca38cfad52811231e6f0b
SHA1 dbdc6809d20519e405dcf2cfa031717dc29c341b
SHA256 20fec036906508ddc4208ae63cc03eb831e72b10325651d888a275b990117abd
SHA512 d45726e6a0e08498bef3ffe562683ef02d75ea77f08b113c596e41484c0ba742e9857e1591ccb0d14266c6d7caf9926d25ceaa146068a12e47b2414b03bfad29

C:\Windows\System\zdTCpKa.exe

MD5 3d8bb1b477172f96d13cd40001458c3e
SHA1 699e27e918c03151b8aad38767e55ba20980bf9e
SHA256 074970d25ebbbfaa007ba1de4629a1f69fa5b0777209edb267019f03d984cb8b
SHA512 0ef4dceda6d509a36dc910b4cd97b066546964fda7af88b46092fbd164f6fc6e827ae2cec3e9c2ffe08b45ca4d2cbe25126bb4a040bdf2c9c6577688dabfc233

memory/4600-12-0x00007FF7A70E0000-0x00007FF7A7431000-memory.dmp

memory/4608-1102-0x00007FF673E70000-0x00007FF6741C1000-memory.dmp

memory/4600-1103-0x00007FF7A70E0000-0x00007FF7A7431000-memory.dmp

memory/3248-1104-0x00007FF67FF90000-0x00007FF6802E1000-memory.dmp

memory/4984-1137-0x00007FF6AC0B0000-0x00007FF6AC401000-memory.dmp

memory/1704-1138-0x00007FF73E340000-0x00007FF73E691000-memory.dmp

memory/1084-1139-0x00007FF647600000-0x00007FF647951000-memory.dmp

memory/4364-1140-0x00007FF79C600000-0x00007FF79C951000-memory.dmp

memory/452-1141-0x00007FF74BB80000-0x00007FF74BED1000-memory.dmp

memory/4600-1202-0x00007FF7A70E0000-0x00007FF7A7431000-memory.dmp

memory/3248-1204-0x00007FF67FF90000-0x00007FF6802E1000-memory.dmp

memory/4984-1206-0x00007FF6AC0B0000-0x00007FF6AC401000-memory.dmp

memory/1704-1208-0x00007FF73E340000-0x00007FF73E691000-memory.dmp

memory/4364-1212-0x00007FF79C600000-0x00007FF79C951000-memory.dmp

memory/452-1214-0x00007FF74BB80000-0x00007FF74BED1000-memory.dmp

memory/1084-1216-0x00007FF647600000-0x00007FF647951000-memory.dmp

memory/1312-1218-0x00007FF62A360000-0x00007FF62A6B1000-memory.dmp

memory/1900-1220-0x00007FF69C150000-0x00007FF69C4A1000-memory.dmp

memory/2088-1222-0x00007FF6CF630000-0x00007FF6CF981000-memory.dmp

memory/2260-1224-0x00007FF6AE830000-0x00007FF6AEB81000-memory.dmp

memory/4376-1228-0x00007FF7D0C70000-0x00007FF7D0FC1000-memory.dmp

memory/4824-1226-0x00007FF645390000-0x00007FF6456E1000-memory.dmp

memory/1028-1210-0x00007FF6ABC60000-0x00007FF6ABFB1000-memory.dmp

memory/184-1231-0x00007FF6CA6E0000-0x00007FF6CAA31000-memory.dmp

memory/1064-1240-0x00007FF77B2B0000-0x00007FF77B601000-memory.dmp

memory/1380-1248-0x00007FF7A1F10000-0x00007FF7A2261000-memory.dmp

memory/2072-1247-0x00007FF6BB190000-0x00007FF6BB4E1000-memory.dmp

memory/2544-1244-0x00007FF74D4B0000-0x00007FF74D801000-memory.dmp

memory/1080-1242-0x00007FF60EB70000-0x00007FF60EEC1000-memory.dmp

memory/4908-1252-0x00007FF6AE270000-0x00007FF6AE5C1000-memory.dmp

memory/864-1258-0x00007FF786410000-0x00007FF786761000-memory.dmp

memory/4312-1255-0x00007FF735540000-0x00007FF735891000-memory.dmp

memory/468-1254-0x00007FF7B6CC0000-0x00007FF7B7011000-memory.dmp

memory/2552-1260-0x00007FF7CC6F0000-0x00007FF7CCA41000-memory.dmp

memory/3888-1239-0x00007FF63F9B0000-0x00007FF63FD01000-memory.dmp

memory/1672-1237-0x00007FF71DBA0000-0x00007FF71DEF1000-memory.dmp

memory/2400-1234-0x00007FF731EA0000-0x00007FF7321F1000-memory.dmp

memory/3996-1233-0x00007FF7C6D70000-0x00007FF7C70C1000-memory.dmp