Malware Analysis Report

2025-04-19 15:34

Sample ID 240522-1f1brshg74
Target 41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe
SHA256 f58439d0e05593002d41b57d2bc9ac221fb6d37a0f7522d67a6d1436e6e9913c
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f58439d0e05593002d41b57d2bc9ac221fb6d37a0f7522d67a6d1436e6e9913c

Threat Level: Known bad

The file 41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-22 21:36

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 21:36

Reported

2024-05-22 21:38

Platform

win7-20240508-en

Max time kernel

136s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\twFYyAL.exe N/A
N/A N/A C:\Windows\System\HBvCdVt.exe N/A
N/A N/A C:\Windows\System\pfNwfhJ.exe N/A
N/A N/A C:\Windows\System\qzzWQDt.exe N/A
N/A N/A C:\Windows\System\inNMkRe.exe N/A
N/A N/A C:\Windows\System\zXXWirR.exe N/A
N/A N/A C:\Windows\System\uPsbgVm.exe N/A
N/A N/A C:\Windows\System\qsZbxVl.exe N/A
N/A N/A C:\Windows\System\oUjQGNv.exe N/A
N/A N/A C:\Windows\System\FypveMe.exe N/A
N/A N/A C:\Windows\System\DjQYWAu.exe N/A
N/A N/A C:\Windows\System\VukxPYt.exe N/A
N/A N/A C:\Windows\System\ixzweOo.exe N/A
N/A N/A C:\Windows\System\ZyIdEBz.exe N/A
N/A N/A C:\Windows\System\QPQXpov.exe N/A
N/A N/A C:\Windows\System\fFCYuEr.exe N/A
N/A N/A C:\Windows\System\ONTroEc.exe N/A
N/A N/A C:\Windows\System\ICLxHKF.exe N/A
N/A N/A C:\Windows\System\vjWeiMY.exe N/A
N/A N/A C:\Windows\System\vkjFYzM.exe N/A
N/A N/A C:\Windows\System\ehosVzF.exe N/A
N/A N/A C:\Windows\System\lkEFGSm.exe N/A
N/A N/A C:\Windows\System\sQtfqHt.exe N/A
N/A N/A C:\Windows\System\jMuPAPc.exe N/A
N/A N/A C:\Windows\System\YrLCtZf.exe N/A
N/A N/A C:\Windows\System\yOwQaIU.exe N/A
N/A N/A C:\Windows\System\eokWMif.exe N/A
N/A N/A C:\Windows\System\tAgools.exe N/A
N/A N/A C:\Windows\System\TXmnixE.exe N/A
N/A N/A C:\Windows\System\wloYBmU.exe N/A
N/A N/A C:\Windows\System\fGcYHPz.exe N/A
N/A N/A C:\Windows\System\hiksogb.exe N/A
N/A N/A C:\Windows\System\vjCqbim.exe N/A
N/A N/A C:\Windows\System\RYgPVBe.exe N/A
N/A N/A C:\Windows\System\JXfpLBU.exe N/A
N/A N/A C:\Windows\System\rIavUEM.exe N/A
N/A N/A C:\Windows\System\KZxMALf.exe N/A
N/A N/A C:\Windows\System\WFtDOhg.exe N/A
N/A N/A C:\Windows\System\osTobfq.exe N/A
N/A N/A C:\Windows\System\CpbRQHV.exe N/A
N/A N/A C:\Windows\System\gHmbjAM.exe N/A
N/A N/A C:\Windows\System\qhzeSHa.exe N/A
N/A N/A C:\Windows\System\lgEyRre.exe N/A
N/A N/A C:\Windows\System\miNROyu.exe N/A
N/A N/A C:\Windows\System\XXUqrjz.exe N/A
N/A N/A C:\Windows\System\hbARHZn.exe N/A
N/A N/A C:\Windows\System\xqrPCdv.exe N/A
N/A N/A C:\Windows\System\ansYJqR.exe N/A
N/A N/A C:\Windows\System\ZSpTndS.exe N/A
N/A N/A C:\Windows\System\oDzzaZt.exe N/A
N/A N/A C:\Windows\System\yjgMCEn.exe N/A
N/A N/A C:\Windows\System\FMkZoIk.exe N/A
N/A N/A C:\Windows\System\DfmSDOR.exe N/A
N/A N/A C:\Windows\System\FanIDjB.exe N/A
N/A N/A C:\Windows\System\LqJUjrd.exe N/A
N/A N/A C:\Windows\System\QrxBWAM.exe N/A
N/A N/A C:\Windows\System\qSRMyPe.exe N/A
N/A N/A C:\Windows\System\YhcVsvS.exe N/A
N/A N/A C:\Windows\System\dQXVksT.exe N/A
N/A N/A C:\Windows\System\FLhCbqo.exe N/A
N/A N/A C:\Windows\System\msqpblL.exe N/A
N/A N/A C:\Windows\System\JWdlukN.exe N/A
N/A N/A C:\Windows\System\YIMyufi.exe N/A
N/A N/A C:\Windows\System\BQdKeXE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fFCYuEr.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZSpTndS.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICLxHKF.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yGDMVoM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Qtxlgge.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FanIDjB.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uGEWdTS.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LjfglFU.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPsbgVm.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iNaQehH.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyIdEBz.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RZiNLtb.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tssqeEm.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPJxlEi.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXXWirR.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vjCqbim.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GRcIFBs.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGcYHPz.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXirTIK.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiksogb.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlAWvMG.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Fbvaknp.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\alYUXXX.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cEbkpyB.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KGViymt.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkjFYzM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gHmbjAM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NLQFKGe.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVUqvvx.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KetMUVd.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LTZKimb.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQTGWtD.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hAXAhbz.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\miNROyu.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xqrPCdv.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DfmSDOR.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kukfjuD.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iqKNMUG.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFNOkzM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HBvCdVt.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RcUeKwa.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XaiLEHn.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsLSLbM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wSOhvQs.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qnxJeoa.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oUjQGNv.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QPQXpov.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YrLCtZf.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XXUqrjz.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qSRMyPe.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HoTBiRk.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UpHcmXR.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVuSqLD.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lHaqgaN.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LziLNbi.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hKsBOcL.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBVLFTh.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pbYHnFG.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQtfqHt.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNMkBqq.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mBFsAXB.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmlmKuf.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uMbFGxq.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eokWMif.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2384 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\twFYyAL.exe
PID 2384 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\twFYyAL.exe
PID 2384 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\twFYyAL.exe
PID 2384 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\HBvCdVt.exe
PID 2384 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\HBvCdVt.exe
PID 2384 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\HBvCdVt.exe
PID 2384 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\pfNwfhJ.exe
PID 2384 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\pfNwfhJ.exe
PID 2384 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\pfNwfhJ.exe
PID 2384 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qzzWQDt.exe
PID 2384 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qzzWQDt.exe
PID 2384 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qzzWQDt.exe
PID 2384 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\inNMkRe.exe
PID 2384 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\inNMkRe.exe
PID 2384 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\inNMkRe.exe
PID 2384 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\zXXWirR.exe
PID 2384 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\zXXWirR.exe
PID 2384 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\zXXWirR.exe
PID 2384 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\uPsbgVm.exe
PID 2384 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\uPsbgVm.exe
PID 2384 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\uPsbgVm.exe
PID 2384 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qsZbxVl.exe
PID 2384 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qsZbxVl.exe
PID 2384 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qsZbxVl.exe
PID 2384 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\oUjQGNv.exe
PID 2384 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\oUjQGNv.exe
PID 2384 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\oUjQGNv.exe
PID 2384 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\FypveMe.exe
PID 2384 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\FypveMe.exe
PID 2384 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\FypveMe.exe
PID 2384 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DjQYWAu.exe
PID 2384 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DjQYWAu.exe
PID 2384 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DjQYWAu.exe
PID 2384 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\VukxPYt.exe
PID 2384 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\VukxPYt.exe
PID 2384 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\VukxPYt.exe
PID 2384 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ixzweOo.exe
PID 2384 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ixzweOo.exe
PID 2384 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ixzweOo.exe
PID 2384 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ZyIdEBz.exe
PID 2384 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ZyIdEBz.exe
PID 2384 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ZyIdEBz.exe
PID 2384 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QPQXpov.exe
PID 2384 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QPQXpov.exe
PID 2384 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QPQXpov.exe
PID 2384 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\fFCYuEr.exe
PID 2384 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\fFCYuEr.exe
PID 2384 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\fFCYuEr.exe
PID 2384 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ONTroEc.exe
PID 2384 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ONTroEc.exe
PID 2384 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ONTroEc.exe
PID 2384 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ICLxHKF.exe
PID 2384 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ICLxHKF.exe
PID 2384 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ICLxHKF.exe
PID 2384 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vjWeiMY.exe
PID 2384 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vjWeiMY.exe
PID 2384 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vjWeiMY.exe
PID 2384 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vkjFYzM.exe
PID 2384 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vkjFYzM.exe
PID 2384 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\vkjFYzM.exe
PID 2384 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ehosVzF.exe
PID 2384 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ehosVzF.exe
PID 2384 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ehosVzF.exe
PID 2384 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\lkEFGSm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe"

C:\Windows\System\twFYyAL.exe

C:\Windows\System\twFYyAL.exe

C:\Windows\System\HBvCdVt.exe

C:\Windows\System\HBvCdVt.exe

C:\Windows\System\pfNwfhJ.exe

C:\Windows\System\pfNwfhJ.exe

C:\Windows\System\qzzWQDt.exe

C:\Windows\System\qzzWQDt.exe

C:\Windows\System\inNMkRe.exe

C:\Windows\System\inNMkRe.exe

C:\Windows\System\zXXWirR.exe

C:\Windows\System\zXXWirR.exe

C:\Windows\System\uPsbgVm.exe

C:\Windows\System\uPsbgVm.exe

C:\Windows\System\qsZbxVl.exe

C:\Windows\System\qsZbxVl.exe

C:\Windows\System\oUjQGNv.exe

C:\Windows\System\oUjQGNv.exe

C:\Windows\System\FypveMe.exe

C:\Windows\System\FypveMe.exe

C:\Windows\System\DjQYWAu.exe

C:\Windows\System\DjQYWAu.exe

C:\Windows\System\VukxPYt.exe

C:\Windows\System\VukxPYt.exe

C:\Windows\System\ixzweOo.exe

C:\Windows\System\ixzweOo.exe

C:\Windows\System\ZyIdEBz.exe

C:\Windows\System\ZyIdEBz.exe

C:\Windows\System\QPQXpov.exe

C:\Windows\System\QPQXpov.exe

C:\Windows\System\fFCYuEr.exe

C:\Windows\System\fFCYuEr.exe

C:\Windows\System\ONTroEc.exe

C:\Windows\System\ONTroEc.exe

C:\Windows\System\ICLxHKF.exe

C:\Windows\System\ICLxHKF.exe

C:\Windows\System\vjWeiMY.exe

C:\Windows\System\vjWeiMY.exe

C:\Windows\System\vkjFYzM.exe

C:\Windows\System\vkjFYzM.exe

C:\Windows\System\ehosVzF.exe

C:\Windows\System\ehosVzF.exe

C:\Windows\System\lkEFGSm.exe

C:\Windows\System\lkEFGSm.exe

C:\Windows\System\sQtfqHt.exe

C:\Windows\System\sQtfqHt.exe

C:\Windows\System\jMuPAPc.exe

C:\Windows\System\jMuPAPc.exe

C:\Windows\System\YrLCtZf.exe

C:\Windows\System\YrLCtZf.exe

C:\Windows\System\yOwQaIU.exe

C:\Windows\System\yOwQaIU.exe

C:\Windows\System\eokWMif.exe

C:\Windows\System\eokWMif.exe

C:\Windows\System\tAgools.exe

C:\Windows\System\tAgools.exe

C:\Windows\System\TXmnixE.exe

C:\Windows\System\TXmnixE.exe

C:\Windows\System\wloYBmU.exe

C:\Windows\System\wloYBmU.exe

C:\Windows\System\fGcYHPz.exe

C:\Windows\System\fGcYHPz.exe

C:\Windows\System\hiksogb.exe

C:\Windows\System\hiksogb.exe

C:\Windows\System\vjCqbim.exe

C:\Windows\System\vjCqbim.exe

C:\Windows\System\RYgPVBe.exe

C:\Windows\System\RYgPVBe.exe

C:\Windows\System\JXfpLBU.exe

C:\Windows\System\JXfpLBU.exe

C:\Windows\System\rIavUEM.exe

C:\Windows\System\rIavUEM.exe

C:\Windows\System\KZxMALf.exe

C:\Windows\System\KZxMALf.exe

C:\Windows\System\WFtDOhg.exe

C:\Windows\System\WFtDOhg.exe

C:\Windows\System\osTobfq.exe

C:\Windows\System\osTobfq.exe

C:\Windows\System\CpbRQHV.exe

C:\Windows\System\CpbRQHV.exe

C:\Windows\System\gHmbjAM.exe

C:\Windows\System\gHmbjAM.exe

C:\Windows\System\qhzeSHa.exe

C:\Windows\System\qhzeSHa.exe

C:\Windows\System\lgEyRre.exe

C:\Windows\System\lgEyRre.exe

C:\Windows\System\miNROyu.exe

C:\Windows\System\miNROyu.exe

C:\Windows\System\XXUqrjz.exe

C:\Windows\System\XXUqrjz.exe

C:\Windows\System\hbARHZn.exe

C:\Windows\System\hbARHZn.exe

C:\Windows\System\xqrPCdv.exe

C:\Windows\System\xqrPCdv.exe

C:\Windows\System\ansYJqR.exe

C:\Windows\System\ansYJqR.exe

C:\Windows\System\ZSpTndS.exe

C:\Windows\System\ZSpTndS.exe

C:\Windows\System\oDzzaZt.exe

C:\Windows\System\oDzzaZt.exe

C:\Windows\System\yjgMCEn.exe

C:\Windows\System\yjgMCEn.exe

C:\Windows\System\FMkZoIk.exe

C:\Windows\System\FMkZoIk.exe

C:\Windows\System\DfmSDOR.exe

C:\Windows\System\DfmSDOR.exe

C:\Windows\System\FanIDjB.exe

C:\Windows\System\FanIDjB.exe

C:\Windows\System\LqJUjrd.exe

C:\Windows\System\LqJUjrd.exe

C:\Windows\System\QrxBWAM.exe

C:\Windows\System\QrxBWAM.exe

C:\Windows\System\qSRMyPe.exe

C:\Windows\System\qSRMyPe.exe

C:\Windows\System\YhcVsvS.exe

C:\Windows\System\YhcVsvS.exe

C:\Windows\System\dQXVksT.exe

C:\Windows\System\dQXVksT.exe

C:\Windows\System\FLhCbqo.exe

C:\Windows\System\FLhCbqo.exe

C:\Windows\System\msqpblL.exe

C:\Windows\System\msqpblL.exe

C:\Windows\System\JWdlukN.exe

C:\Windows\System\JWdlukN.exe

C:\Windows\System\YIMyufi.exe

C:\Windows\System\YIMyufi.exe

C:\Windows\System\BQdKeXE.exe

C:\Windows\System\BQdKeXE.exe

C:\Windows\System\rzNNpyF.exe

C:\Windows\System\rzNNpyF.exe

C:\Windows\System\IGdykwz.exe

C:\Windows\System\IGdykwz.exe

C:\Windows\System\liZpODS.exe

C:\Windows\System\liZpODS.exe

C:\Windows\System\yGDMVoM.exe

C:\Windows\System\yGDMVoM.exe

C:\Windows\System\RcUeKwa.exe

C:\Windows\System\RcUeKwa.exe

C:\Windows\System\nWJCeyz.exe

C:\Windows\System\nWJCeyz.exe

C:\Windows\System\TSfMhud.exe

C:\Windows\System\TSfMhud.exe

C:\Windows\System\kukfjuD.exe

C:\Windows\System\kukfjuD.exe

C:\Windows\System\qNMkBqq.exe

C:\Windows\System\qNMkBqq.exe

C:\Windows\System\VBQlnSf.exe

C:\Windows\System\VBQlnSf.exe

C:\Windows\System\zuoMWzH.exe

C:\Windows\System\zuoMWzH.exe

C:\Windows\System\LcctQVU.exe

C:\Windows\System\LcctQVU.exe

C:\Windows\System\QEVtvYK.exe

C:\Windows\System\QEVtvYK.exe

C:\Windows\System\gbCYPFd.exe

C:\Windows\System\gbCYPFd.exe

C:\Windows\System\OmPehia.exe

C:\Windows\System\OmPehia.exe

C:\Windows\System\axkyMXc.exe

C:\Windows\System\axkyMXc.exe

C:\Windows\System\jzumtOw.exe

C:\Windows\System\jzumtOw.exe

C:\Windows\System\iNaQehH.exe

C:\Windows\System\iNaQehH.exe

C:\Windows\System\XndbDlc.exe

C:\Windows\System\XndbDlc.exe

C:\Windows\System\kXkPNCP.exe

C:\Windows\System\kXkPNCP.exe

C:\Windows\System\OQDAKZV.exe

C:\Windows\System\OQDAKZV.exe

C:\Windows\System\tXirTIK.exe

C:\Windows\System\tXirTIK.exe

C:\Windows\System\dDJDCdb.exe

C:\Windows\System\dDJDCdb.exe

C:\Windows\System\WtnGTED.exe

C:\Windows\System\WtnGTED.exe

C:\Windows\System\lxsarul.exe

C:\Windows\System\lxsarul.exe

C:\Windows\System\KiNykzn.exe

C:\Windows\System\KiNykzn.exe

C:\Windows\System\xDfKNdQ.exe

C:\Windows\System\xDfKNdQ.exe

C:\Windows\System\MSpeQjt.exe

C:\Windows\System\MSpeQjt.exe

C:\Windows\System\XaiLEHn.exe

C:\Windows\System\XaiLEHn.exe

C:\Windows\System\fFLySTx.exe

C:\Windows\System\fFLySTx.exe

C:\Windows\System\osuJxZT.exe

C:\Windows\System\osuJxZT.exe

C:\Windows\System\Jcmwhrj.exe

C:\Windows\System\Jcmwhrj.exe

C:\Windows\System\dJKxbhC.exe

C:\Windows\System\dJKxbhC.exe

C:\Windows\System\HxjbySL.exe

C:\Windows\System\HxjbySL.exe

C:\Windows\System\mTwlUJP.exe

C:\Windows\System\mTwlUJP.exe

C:\Windows\System\HSGbbaE.exe

C:\Windows\System\HSGbbaE.exe

C:\Windows\System\IsrQtOk.exe

C:\Windows\System\IsrQtOk.exe

C:\Windows\System\HoTBiRk.exe

C:\Windows\System\HoTBiRk.exe

C:\Windows\System\rZgdPLt.exe

C:\Windows\System\rZgdPLt.exe

C:\Windows\System\knkhsGH.exe

C:\Windows\System\knkhsGH.exe

C:\Windows\System\YuFAJva.exe

C:\Windows\System\YuFAJva.exe

C:\Windows\System\SvBuMxd.exe

C:\Windows\System\SvBuMxd.exe

C:\Windows\System\oKfPVNv.exe

C:\Windows\System\oKfPVNv.exe

C:\Windows\System\arxYSaZ.exe

C:\Windows\System\arxYSaZ.exe

C:\Windows\System\GsLSLbM.exe

C:\Windows\System\GsLSLbM.exe

C:\Windows\System\GRcIFBs.exe

C:\Windows\System\GRcIFBs.exe

C:\Windows\System\UBakrAz.exe

C:\Windows\System\UBakrAz.exe

C:\Windows\System\kOpDrBW.exe

C:\Windows\System\kOpDrBW.exe

C:\Windows\System\mAoQJfo.exe

C:\Windows\System\mAoQJfo.exe

C:\Windows\System\PEklcaO.exe

C:\Windows\System\PEklcaO.exe

C:\Windows\System\SIIltmp.exe

C:\Windows\System\SIIltmp.exe

C:\Windows\System\iHRhNYs.exe

C:\Windows\System\iHRhNYs.exe

C:\Windows\System\mBFsAXB.exe

C:\Windows\System\mBFsAXB.exe

C:\Windows\System\NLQFKGe.exe

C:\Windows\System\NLQFKGe.exe

C:\Windows\System\CLjRCAH.exe

C:\Windows\System\CLjRCAH.exe

C:\Windows\System\UpHcmXR.exe

C:\Windows\System\UpHcmXR.exe

C:\Windows\System\alYUXXX.exe

C:\Windows\System\alYUXXX.exe

C:\Windows\System\HYNMyKy.exe

C:\Windows\System\HYNMyKy.exe

C:\Windows\System\uGEWdTS.exe

C:\Windows\System\uGEWdTS.exe

C:\Windows\System\yrQFWTl.exe

C:\Windows\System\yrQFWTl.exe

C:\Windows\System\DgMsOpg.exe

C:\Windows\System\DgMsOpg.exe

C:\Windows\System\icuHWbF.exe

C:\Windows\System\icuHWbF.exe

C:\Windows\System\WOKBJtk.exe

C:\Windows\System\WOKBJtk.exe

C:\Windows\System\UBaqfFA.exe

C:\Windows\System\UBaqfFA.exe

C:\Windows\System\OmlmKuf.exe

C:\Windows\System\OmlmKuf.exe

C:\Windows\System\yAuxsvm.exe

C:\Windows\System\yAuxsvm.exe

C:\Windows\System\LjfglFU.exe

C:\Windows\System\LjfglFU.exe

C:\Windows\System\SQITxvW.exe

C:\Windows\System\SQITxvW.exe

C:\Windows\System\DSenXiE.exe

C:\Windows\System\DSenXiE.exe

C:\Windows\System\cVUqvvx.exe

C:\Windows\System\cVUqvvx.exe

C:\Windows\System\oJrSRqA.exe

C:\Windows\System\oJrSRqA.exe

C:\Windows\System\bVuSqLD.exe

C:\Windows\System\bVuSqLD.exe

C:\Windows\System\wSOhvQs.exe

C:\Windows\System\wSOhvQs.exe

C:\Windows\System\Qtxlgge.exe

C:\Windows\System\Qtxlgge.exe

C:\Windows\System\hnmPaFh.exe

C:\Windows\System\hnmPaFh.exe

C:\Windows\System\iqKNMUG.exe

C:\Windows\System\iqKNMUG.exe

C:\Windows\System\geqhtJG.exe

C:\Windows\System\geqhtJG.exe

C:\Windows\System\LziLNbi.exe

C:\Windows\System\LziLNbi.exe

C:\Windows\System\ZFeNLOL.exe

C:\Windows\System\ZFeNLOL.exe

C:\Windows\System\MSUemfF.exe

C:\Windows\System\MSUemfF.exe

C:\Windows\System\RZiNLtb.exe

C:\Windows\System\RZiNLtb.exe

C:\Windows\System\qnxJeoa.exe

C:\Windows\System\qnxJeoa.exe

C:\Windows\System\QFXbElo.exe

C:\Windows\System\QFXbElo.exe

C:\Windows\System\xvOyQyI.exe

C:\Windows\System\xvOyQyI.exe

C:\Windows\System\Yluimyq.exe

C:\Windows\System\Yluimyq.exe

C:\Windows\System\tssqeEm.exe

C:\Windows\System\tssqeEm.exe

C:\Windows\System\KetMUVd.exe

C:\Windows\System\KetMUVd.exe

C:\Windows\System\HXzTVVX.exe

C:\Windows\System\HXzTVVX.exe

C:\Windows\System\HlGiLxV.exe

C:\Windows\System\HlGiLxV.exe

C:\Windows\System\LTZKimb.exe

C:\Windows\System\LTZKimb.exe

C:\Windows\System\JgIoilH.exe

C:\Windows\System\JgIoilH.exe

C:\Windows\System\CYDxWuO.exe

C:\Windows\System\CYDxWuO.exe

C:\Windows\System\hKsBOcL.exe

C:\Windows\System\hKsBOcL.exe

C:\Windows\System\uZaZSFV.exe

C:\Windows\System\uZaZSFV.exe

C:\Windows\System\KKRzlYG.exe

C:\Windows\System\KKRzlYG.exe

C:\Windows\System\rQTGWtD.exe

C:\Windows\System\rQTGWtD.exe

C:\Windows\System\cEbkpyB.exe

C:\Windows\System\cEbkpyB.exe

C:\Windows\System\SoWRUHI.exe

C:\Windows\System\SoWRUHI.exe

C:\Windows\System\lRgQZVw.exe

C:\Windows\System\lRgQZVw.exe

C:\Windows\System\vcosjyM.exe

C:\Windows\System\vcosjyM.exe

C:\Windows\System\dlAWvMG.exe

C:\Windows\System\dlAWvMG.exe

C:\Windows\System\wzTgtrz.exe

C:\Windows\System\wzTgtrz.exe

C:\Windows\System\SBrXSFb.exe

C:\Windows\System\SBrXSFb.exe

C:\Windows\System\lzoLBBt.exe

C:\Windows\System\lzoLBBt.exe

C:\Windows\System\wZSlegI.exe

C:\Windows\System\wZSlegI.exe

C:\Windows\System\sDnoJSo.exe

C:\Windows\System\sDnoJSo.exe

C:\Windows\System\ZBVLFTh.exe

C:\Windows\System\ZBVLFTh.exe

C:\Windows\System\LCFNNMf.exe

C:\Windows\System\LCFNNMf.exe

C:\Windows\System\vWelGST.exe

C:\Windows\System\vWelGST.exe

C:\Windows\System\XHKAhmB.exe

C:\Windows\System\XHKAhmB.exe

C:\Windows\System\uMbFGxq.exe

C:\Windows\System\uMbFGxq.exe

C:\Windows\System\BydFpAI.exe

C:\Windows\System\BydFpAI.exe

C:\Windows\System\ARUuUbp.exe

C:\Windows\System\ARUuUbp.exe

C:\Windows\System\QCxttic.exe

C:\Windows\System\QCxttic.exe

C:\Windows\System\xHEQAgU.exe

C:\Windows\System\xHEQAgU.exe

C:\Windows\System\TWgyBZP.exe

C:\Windows\System\TWgyBZP.exe

C:\Windows\System\rwYsMNS.exe

C:\Windows\System\rwYsMNS.exe

C:\Windows\System\JhDmqfD.exe

C:\Windows\System\JhDmqfD.exe

C:\Windows\System\lHaqgaN.exe

C:\Windows\System\lHaqgaN.exe

C:\Windows\System\yYQVfKI.exe

C:\Windows\System\yYQVfKI.exe

C:\Windows\System\WPdtCAL.exe

C:\Windows\System\WPdtCAL.exe

C:\Windows\System\XPJxlEi.exe

C:\Windows\System\XPJxlEi.exe

C:\Windows\System\KGViymt.exe

C:\Windows\System\KGViymt.exe

C:\Windows\System\yvNQPVu.exe

C:\Windows\System\yvNQPVu.exe

C:\Windows\System\qtYuKcr.exe

C:\Windows\System\qtYuKcr.exe

C:\Windows\System\LSMaNVl.exe

C:\Windows\System\LSMaNVl.exe

C:\Windows\System\gcqxmxh.exe

C:\Windows\System\gcqxmxh.exe

C:\Windows\System\Fbvaknp.exe

C:\Windows\System\Fbvaknp.exe

C:\Windows\System\hAXAhbz.exe

C:\Windows\System\hAXAhbz.exe

C:\Windows\System\vkWiHBK.exe

C:\Windows\System\vkWiHBK.exe

C:\Windows\System\TFNOkzM.exe

C:\Windows\System\TFNOkzM.exe

C:\Windows\System\yKCiCAr.exe

C:\Windows\System\yKCiCAr.exe

C:\Windows\System\eWzjFQu.exe

C:\Windows\System\eWzjFQu.exe

C:\Windows\System\pbYHnFG.exe

C:\Windows\System\pbYHnFG.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2384-0-0x0000000000080000-0x0000000000090000-memory.dmp

C:\Windows\system\twFYyAL.exe

MD5 2613470b495d7f640234d3ef7176719a
SHA1 c5d917630bf966c38aafd6e79347fcc34f1f85f7
SHA256 2b5434432b45344b986d18fa08b7fea8de6aa86327944cc1b42239ee3cb26c94
SHA512 682ba87d99a035dda1aa17a489157c8c30f18b70e4a1cf028ba38fa6e6dc871ee69b0a35a9381c0ce4544494cc3811df902df8e0d8feee4b29854ffd481c2afd

C:\Windows\system\pfNwfhJ.exe

MD5 10aa36778d5e2e551d3286760e1eee7b
SHA1 4bccf4cbe2a97365517ea1eb1a43fb99e581d961
SHA256 8ba6ea2d58f4eff902f2b3c3204876c97b8afb804d6f49b303e5a8a17a5ff755
SHA512 92a30b02741a34114677008e2f7de4c24a8e4b497da8bf59cd8c2d6fafac0b48115f3609f55f899162e3234d33cb007b30509471b9e1f6f2a6aebb2c2281d69f

C:\Windows\system\HBvCdVt.exe

MD5 c8f2e0a931cea6b4f33a13ef9f613dff
SHA1 036af3acdad93a988abcc482948c40008a68ca1f
SHA256 1fab9c9c7565907b8095ad02968af9258de0bf75a2e902df935293919295f253
SHA512 7e3c3bfc87a583dff6931006967a5b0b87c26a8c68cfa186f073e9be2f3363a0327c0be0671363e92a81b1cfa0f9f0f4c497b44e2036324bad567cbb0217f1f1

C:\Windows\system\qzzWQDt.exe

MD5 8a70881fdf13d93a2da242937038b06a
SHA1 fe9aaf49591f13a011dca90fcd9f70fd43ba0413
SHA256 8a49789df9d3d53bc3ba14563c5acf64d999a600b6e97b0b894f7e1ec93cdb72
SHA512 e26d2133909830256b071115c84d1c055ea98a7703c7c27503f9385ad3e877f60bb3d9f7302f7fce0ee7a113eb66a25e5a43fe54c9a27c7637c3efcbfcacbe77

C:\Windows\system\inNMkRe.exe

MD5 cd48af2319a1adb326b69739b9f9ce40
SHA1 a85d1da2602504d4b4d8891556af874be0ddfbe9
SHA256 5dad15b6bbb4fd97f55dd9ccf58272630ce84524b8b95e7f283ab839bf00b328
SHA512 d1c53685a6ccff7d6502d7d2fa952c16506ac1768a607cbb781a657818ee2296935666c4bfb82917dca60c414ba30732d34366e585c06a2e3f33c866dec2bd77

C:\Windows\system\uPsbgVm.exe

MD5 7d498d0dc54b93c7f3b7347b48d20107
SHA1 e0e2bb51a98caf8a1da163c170706f4b630d4d66
SHA256 66a6371ea165dd727d9ebbb361633333143edc191f080d47b08a664779107c29
SHA512 6516ad312acd3cf9ffa9f1e0151156abf6f7991b643b961fcacfd061fb3f5073d09be2e37d3ca63c3c6ebf602f4beda666b7a1bf2d53cd1214586e4d6bf20db7

C:\Windows\system\qsZbxVl.exe

MD5 bfb8c4b60a8a1182732514e8957bfcd5
SHA1 1f9949172e2535b73e2921220fc04b5e6845f8d5
SHA256 066e12def50a29c2f806715e407f1c36568e430ad3a0d9bb5360971e937ef672
SHA512 d7466b4dadf69ef8acea08414160a8b168e4209d60c88fc40c7eb760f7b172ec9a5e954ac9da569eaed08042b744f044ff9733d3ee90f7851b9a0ed4f98e3d56

C:\Windows\system\FypveMe.exe

MD5 0d555dbd8fb5ff721e435a4669b8299b
SHA1 a898a14d52c31281349d2f3a4a93732d6ce0a84a
SHA256 817c301e6932ac740f19401e3d7f2394d9b474e3b5feeadc812b97b9a331ed7e
SHA512 6aca5f633a93fad82d92230a1d02b629a343ebf1cbdc1967fed1f286643dac9d321b93fe03b62b07f226150eefa2d78ae6c06b8bd988566d3208b6d442dcf962

C:\Windows\system\DjQYWAu.exe

MD5 7d3765e4993508a0e332248d0abab646
SHA1 81b01d44fa3ca370ceaa27434838ba3657742675
SHA256 e33a2b408ff3bd15619e2f10eac019ca73036aa71df608fd766ab4fc55bfccf6
SHA512 500809cf5b8a56b5d9b8deb391f8ae64aad41465077834da25d9077e7dfcee5b740dd50c7af0626f7adf4a32b07e8d46423e1b567fe52e21db55f2babe0a8334

C:\Windows\system\fFCYuEr.exe

MD5 1b36f3b93e5b0058a18e5f645ef3cb01
SHA1 3c7cd7b0d0129992ef73d697008e924920a6db36
SHA256 1da37f2ccba04511bffd3c70793d19bf636338c656ef8a290f5f3c9211cf0384
SHA512 9fc3741f0982a2be9ce9f9b5619e7f6a3d44fdb65525bd850bfdf06677ade8c3591fd787744620013ceb1197262fca002e7040c97f1ca44f5aa87023dd3b763f

C:\Windows\system\ehosVzF.exe

MD5 198c787b4bf86e46be5d0a2359840199
SHA1 070121111476be8912924865a9734c1af191cf0e
SHA256 1919088580caec659bf9df1c0482629866e4d677329b10f742647fee78e8a581
SHA512 fcec577d61924b8d3fa84272f6d49ac03157aeb528e5b43fe2fad8e11db821e3e4b071e1d59ab49ef4e6793fc93d98c9decfe1cb632deaa710b0c08666efd5c0

C:\Windows\system\YrLCtZf.exe

MD5 cd4060be875c4b646878f1346480311a
SHA1 de48113c2c880e7f3f7e4ebd77c67846b17acd44
SHA256 b116ef101f239e97e11f8faf194a8ab315b02bb39c9824fd1deef61242b05f00
SHA512 c1f8313d765896f335e0b9bb5fd4c892a85f0215254b62e8c2c98ec87ee5870e832276ab4f3d39672ebb92574fab0393a7747f20f27fdd277c403402b64cd997

C:\Windows\system\fGcYHPz.exe

MD5 5bf3b06d99f55dc062236b320c66984e
SHA1 1edc5b8b62a5d617845435b052a88751053d8931
SHA256 8824ceb52052545adcd37925ae42eb27765e1d48b6de18d954707e8d7e5a8cf7
SHA512 ce4c3b3ee34ac504572c04b3229c838e1b4962cdb52787c56845a78c9e7181833c08c9db5de55e1e4045d323d737a5e3caeb451db1696c556be6d60f88b3b0d0

C:\Windows\system\hiksogb.exe

MD5 c11eb7bb66b06aca443940491523126d
SHA1 3b144a04311d5cbcd830b6bce11eb66f0cebeb52
SHA256 4d224340677e85ff594dfd1372b5055f8b1353b350b4b44104c030e8a47be7ed
SHA512 5195002c95cd86506523c91efd2cddf6df9920958cd4b6f22713783654ff310529fb07f3445d2a5424e10086301a3e95172ddae7e7e47c0fa2b82c1fb6e3bd4a

C:\Windows\system\wloYBmU.exe

MD5 d47e67b236ab6f902dadbe35456b5da8
SHA1 15cea69cbbb50cc41e304d2f0fbdd252edafa2de
SHA256 49c1653163a08de7f4332814ec4709616277ce9f78594afa12ab76ddaca7c4d2
SHA512 fb4024d734b6cc14754a559a340039ad7b5eda158fbcbd5d1bc5ff4052205bf1b54ed3eff610cbb9f2e4e4a34399946629e5cac86920afb213181057ca16fd30

C:\Windows\system\TXmnixE.exe

MD5 1f191b1306cf2ff18f3937ab68586edf
SHA1 d42555b5b62538ea7ab6a23359e2c7f2927dacc4
SHA256 2d29c095c3b2fd6d4413cd1479ac879266ca4f7e21bb04f1969150a8e6b43bac
SHA512 70fb5a4fe5af9991be750aa29550f5e7676c82fb31552cb6b45f60c4a0abd3a8d73d8358ab848138cf86dd2dfc4fe8aeb189a5c60049790aee5bb6540b95cb3c

C:\Windows\system\tAgools.exe

MD5 4f53cf2638c07b801189ba839820682c
SHA1 27a33d566c3b8e585ede706604bd56070f3c43ac
SHA256 e4683ed8c8ea1ab4348e4d36f0b5b045aa32923002e7595de0bc17c6e02dbb25
SHA512 32d727263ea82aa7918ca7b77f23ab10a6ba6f90469a72b48a0ff20fee8f0fa0382eb1044e46169f1063aad97869c39092f2534fa440adaefe779adba2a89f36

C:\Windows\system\eokWMif.exe

MD5 8e1fcbf52eedc19a6348742dc54aae62
SHA1 c2bc3cb4cc05ced596fb422decd41dccb2327366
SHA256 59d3e61575de6a5451a5ef3887bd54a50b99c804ee7df22c094a2e6fbce16ed8
SHA512 8f31e62982fbc5f91bbfe35d5420a6a3e8d8d68edae057b4840760891106a675adab4335402868485a5722a61b24249c8ade3a6750de01a16cd87ec076471004

C:\Windows\system\yOwQaIU.exe

MD5 1801bc169620cff81034e378259620ca
SHA1 dbf770cab2caa3a47e062590ddad87977f8a826d
SHA256 bd37513277efd2d9fd34f5616a36bee2f240eb121fa3ea6cc7ffd15c84d5d7b1
SHA512 4d8ea5ae02b65c36a7fd3371e1146ed5fea0dc840d5e42d116c8f35889100e20486cb0cb26ab3d08bef21c42eb4a20e82ed5daa93619d3e41f066c63263693eb

C:\Windows\system\jMuPAPc.exe

MD5 53bc2fdf87018456fbfc66c17df9533d
SHA1 16e2d3186619f54ed2a2f588782e507b3cd73735
SHA256 d5bf62f87cbfc21a9ab8452f080fe2b9babf2c24a456845df6be1cfd99240c6f
SHA512 7e0e4ca86c98faadcf4d067e5d7bffaacf2d12fa0b07553e41f372d2686dfeef7a12acf76aed84399c681963dfe64c1de0870ff568e6de08791cf2eb05ef1d09

C:\Windows\system\sQtfqHt.exe

MD5 d0dd3891b3f2838b44b1381d78980d8e
SHA1 9bfc91d928c18159e80d93ded3e25fc895bb312e
SHA256 91a698d847aaac040c5661fd4b9d920281d2924c634490c11a71e384a0e0aef3
SHA512 9960de77954fc9ddf077bffa27977ba0319bf7dbe2725a0e6149fb3b1f210c8e7df03bcd4681385cc4a1a2c2dbfca1214b8d052ef6ad6b9aa6747c7029cbaf80

C:\Windows\system\lkEFGSm.exe

MD5 43756ccdeead76e22677ad8d9698c08f
SHA1 68aa40034d3b06c26f399c1f3ec4fcf956efdb9c
SHA256 56379c07e136b365b7c802b268d6572782c907dbb58ced9c7999431d0a77827d
SHA512 2093e31128d1d80c0e092a9d6e1906449beff55054dc192f7963a8a0c0589ff7388bc5022cc16be6efc0bbf8e0f5e8f55d7fb8082de07e4336c4f179f67a1f89

C:\Windows\system\vkjFYzM.exe

MD5 c911d8956e84e1795256b9592003626a
SHA1 1bcd40de8b8101bd44d881bd454dbcee63186cc8
SHA256 b4a7533e0aa83503c9e35d32a3bb392de85b12561240a3b5b8bec12730d786b7
SHA512 2ab8426a8e5a166bd3bdbe753cf2f17cb4415b499e36be1f4561cb308a47fcf5dc5a8797b27266b61d6622e62cd0fac82ebab71b795b30e3b2f5209210f9d158

C:\Windows\system\vjWeiMY.exe

MD5 4ed6c57e4245597a6aa925d043835097
SHA1 c52f4527767828043d01ade962db00e422c4e5d5
SHA256 0ec087adef90a5fad9e7333173949c244a4605f05b10c5a07966d86ecfa70e7e
SHA512 ff8e60b2ad4d8a1d5e6cc1f04493c70d0aa31e3f665a5da7c8f30fe5d1c0d757189d40a0d45f89da66ae41e834eb1f5dac5c2fd3a12f025d26b294fbaa760512

C:\Windows\system\ICLxHKF.exe

MD5 159f9897de2feaaf26741b86288964f7
SHA1 d95ce64c3d32f9c8f7338fe545a29647dbf46de2
SHA256 3b10aa2c0b7c7fedf830a98ff4480bee7a6ca178178a5a1f4bc9f7f75dc7a96c
SHA512 854e69dc18e9f5807a6cbec7448fd7b60ec7871a0b80508871b262b1aec3e9430d9dcbacc97bedef137e2290da241c08fb86f1d9af962e9a8314973fd0c36cba

C:\Windows\system\ONTroEc.exe

MD5 afea769ddeee5b4b50672623819b850d
SHA1 1dd0cb9d2b4dc9666c728d592aa4d21afcc0c22d
SHA256 4757909684427a27e2070c8d1793f1e2c02146b1c11882ad4eed86e1b98a8c53
SHA512 2993b6bab0ad49f20f8d1c0fb81cf815522e0af8c619ba2c0980f74a19375b6eee935eb8934a7c35d2d23716339beb354ac1fc9fa8654a792fe186cf5e149d7f

C:\Windows\system\QPQXpov.exe

MD5 1519ad69e596b51a576e2f688514541e
SHA1 ff1fd3520a51a1eece79874181ed6b8d642e90d5
SHA256 d5f12f5d2daa19afbd54a1aa2edcffe01792d9a2a17a9d320e21f30d01384208
SHA512 bbce69522ea6a96d76f3c2d98831cc81ce2d0fc25a8d8a933fdf877fa927a35f9930fe503f2144ccbf6b36f32639958b879807acb5bc59d094833224e0d04458

C:\Windows\system\ZyIdEBz.exe

MD5 8cb84faa55b19955aa0bf204abdf5997
SHA1 edd2fd079365e7ee75f81cedafa28c7a4ec3360a
SHA256 dea8aaf8618a8257e76c3a5f51287c048f55f23aae389ee37f60440f259e2bb1
SHA512 b70c30e65bcee89f5074cf1fa8a33ceedf72eae7dd3203a94cfcfc503243d278e3df358844e080faa6d916e268b40c83c5b2aeca38f56d52f21e68d1624889d0

C:\Windows\system\ixzweOo.exe

MD5 64fd403175b2260850b05a5571b4a929
SHA1 f3211ba565c7804310efeb5352065f1f303e1643
SHA256 629be31ea7630107c67be2639980b7bc0e48fe6f5e18952610649eb53d5cce36
SHA512 dfe66e9af68023fdcd507371a46fe80b63a7e94cc44b8b369d1d252da11a0d36c2cae062d75ebd9bdbde0649fa54a5247e01216e4550d428cf759f3744f31c88

C:\Windows\system\VukxPYt.exe

MD5 6e60e937006959a9d7dc9c3d3da5853a
SHA1 5f838a47ecbf91659a2874c29f5f4cbc6ea0147d
SHA256 f50360ce48dfc3b03ff3e443f80398427fc402c9466c926f525c193049cd7ce1
SHA512 c76df617c7b6947a18e23a207fd3b340de46d7a3fb1012e88644818f1e31b49eab18377f264c6ecce407ec8c2b7f445a1e3da282a9a345fcd7080404c6fc1286

C:\Windows\system\oUjQGNv.exe

MD5 f7979eed6b5a438d4fb7c785d56c5964
SHA1 b81d96b87bda1e1218b829a330cc4554420edc02
SHA256 278133d099de3147face303026743ac4490b830a73907cc072a9692940f19eea
SHA512 7ce44281b41d8f599c39cefe67ed012c1f01b15f896b392fb54f3da80eb68b18b5be9728c6baf79e747eca7f5433f498f1b86ef03f076b46cf2ea7e4476350f9

C:\Windows\system\zXXWirR.exe

MD5 f5ca7cab039c7a0b12397328be7235fb
SHA1 dad98d29e9e3206ac7587b73aa22dab0ed520a62
SHA256 d76eb3f0248ff3dbab28e92150821c0c5339c7b34d03cb87dadaf14ac438fb0f
SHA512 33174675b124eb8d5e166d3bcc6779e99ac33d0a3510dc016c84f412945327ba27eaf9e2ac40df6ba3d33644dddd4fe43147f8c74461aea69ed4b90f053fb5fe

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 21:36

Reported

2024-05-22 21:38

Platform

win10v2004-20240508-en

Max time kernel

137s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\wYZMJbE.exe N/A
N/A N/A C:\Windows\System\ckpKfEi.exe N/A
N/A N/A C:\Windows\System\YXpbwsM.exe N/A
N/A N/A C:\Windows\System\QHdhlem.exe N/A
N/A N/A C:\Windows\System\yOKGGyh.exe N/A
N/A N/A C:\Windows\System\BgCJwZd.exe N/A
N/A N/A C:\Windows\System\DspLYDv.exe N/A
N/A N/A C:\Windows\System\JzKXuXG.exe N/A
N/A N/A C:\Windows\System\rEbfmfx.exe N/A
N/A N/A C:\Windows\System\QYGLfQG.exe N/A
N/A N/A C:\Windows\System\avwpJnp.exe N/A
N/A N/A C:\Windows\System\VUfovGb.exe N/A
N/A N/A C:\Windows\System\BEOIKgN.exe N/A
N/A N/A C:\Windows\System\oFPIyTh.exe N/A
N/A N/A C:\Windows\System\PnBMkDX.exe N/A
N/A N/A C:\Windows\System\olrcBnu.exe N/A
N/A N/A C:\Windows\System\eOZiKZH.exe N/A
N/A N/A C:\Windows\System\FyqxPjT.exe N/A
N/A N/A C:\Windows\System\gQWqgfp.exe N/A
N/A N/A C:\Windows\System\KURjVDR.exe N/A
N/A N/A C:\Windows\System\qbvPdKW.exe N/A
N/A N/A C:\Windows\System\bWUXQSe.exe N/A
N/A N/A C:\Windows\System\uBFpuIc.exe N/A
N/A N/A C:\Windows\System\HNTpkmI.exe N/A
N/A N/A C:\Windows\System\hCWxbPU.exe N/A
N/A N/A C:\Windows\System\NcmFzrD.exe N/A
N/A N/A C:\Windows\System\ZGGwXoG.exe N/A
N/A N/A C:\Windows\System\NPyjuke.exe N/A
N/A N/A C:\Windows\System\azrYWVR.exe N/A
N/A N/A C:\Windows\System\XlhJmDo.exe N/A
N/A N/A C:\Windows\System\DPQKENr.exe N/A
N/A N/A C:\Windows\System\SsgZiYL.exe N/A
N/A N/A C:\Windows\System\fsXMXBC.exe N/A
N/A N/A C:\Windows\System\GFCwqRn.exe N/A
N/A N/A C:\Windows\System\jGaViZZ.exe N/A
N/A N/A C:\Windows\System\aJWjngy.exe N/A
N/A N/A C:\Windows\System\fzwQBcw.exe N/A
N/A N/A C:\Windows\System\iEypvca.exe N/A
N/A N/A C:\Windows\System\bNVWiln.exe N/A
N/A N/A C:\Windows\System\pBnNNLd.exe N/A
N/A N/A C:\Windows\System\wObEGCq.exe N/A
N/A N/A C:\Windows\System\MGGKNzs.exe N/A
N/A N/A C:\Windows\System\bFopnxv.exe N/A
N/A N/A C:\Windows\System\KHeLQLp.exe N/A
N/A N/A C:\Windows\System\kQsRlYd.exe N/A
N/A N/A C:\Windows\System\yFqUggy.exe N/A
N/A N/A C:\Windows\System\PUdCtcU.exe N/A
N/A N/A C:\Windows\System\crvYiMq.exe N/A
N/A N/A C:\Windows\System\NElxCjQ.exe N/A
N/A N/A C:\Windows\System\FedhfMy.exe N/A
N/A N/A C:\Windows\System\WgunjqC.exe N/A
N/A N/A C:\Windows\System\IpYIGyU.exe N/A
N/A N/A C:\Windows\System\leVFBct.exe N/A
N/A N/A C:\Windows\System\gIOJNdq.exe N/A
N/A N/A C:\Windows\System\vdJSQCo.exe N/A
N/A N/A C:\Windows\System\FmikPTd.exe N/A
N/A N/A C:\Windows\System\SJgmtsT.exe N/A
N/A N/A C:\Windows\System\DvcYawg.exe N/A
N/A N/A C:\Windows\System\VKcPiFP.exe N/A
N/A N/A C:\Windows\System\eiHceHj.exe N/A
N/A N/A C:\Windows\System\ruLPZmT.exe N/A
N/A N/A C:\Windows\System\tdWMcOW.exe N/A
N/A N/A C:\Windows\System\CGSBfhZ.exe N/A
N/A N/A C:\Windows\System\ttPCMVT.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wYZMJbE.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgRULJk.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckpKfEi.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gQWqgfp.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hCWxbPU.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGGKNzs.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZmlFvIx.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OxZfUmz.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PnBMkDX.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\leVFBct.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BbUGWuU.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KURjVDR.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bWUXQSe.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wObEGCq.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEyJiZV.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mhOVSSs.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BgCJwZd.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFqUggy.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KJwLaEZ.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJgmtsT.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpojxPH.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftvfkBv.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAUIQZJ.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QfGSzPK.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yOKGGyh.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pLZovje.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cRYdeNx.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGGwXoG.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mpXmTql.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rntYVYW.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gIOJNdq.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wtcRvPU.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KKlJUlv.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jpifMSQ.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\erFeHxm.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oFPIyTh.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XlhJmDo.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\brUonyc.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmikPTd.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XIkSheC.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ryqLnTH.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niCmhKN.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtCHdTO.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZOnfJAF.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgGidFo.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lpsbidk.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPQKENr.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKNvqoj.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JmtMORA.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HcjoniE.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUdCtcU.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRhvnrF.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iLADBkR.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EhlSQTk.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BiERZnm.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PsPZHgu.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NcmFzrD.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kYTgpeP.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTIxSSN.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOGFjOX.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiHceHj.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\voiWVom.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwVLfAM.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UGXtzAL.exe C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5052 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\wYZMJbE.exe
PID 5052 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\wYZMJbE.exe
PID 5052 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ckpKfEi.exe
PID 5052 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ckpKfEi.exe
PID 5052 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\YXpbwsM.exe
PID 5052 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\YXpbwsM.exe
PID 5052 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QHdhlem.exe
PID 5052 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QHdhlem.exe
PID 5052 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\yOKGGyh.exe
PID 5052 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\yOKGGyh.exe
PID 5052 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\BgCJwZd.exe
PID 5052 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\BgCJwZd.exe
PID 5052 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DspLYDv.exe
PID 5052 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DspLYDv.exe
PID 5052 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\JzKXuXG.exe
PID 5052 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\JzKXuXG.exe
PID 5052 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\rEbfmfx.exe
PID 5052 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\rEbfmfx.exe
PID 5052 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QYGLfQG.exe
PID 5052 wrote to memory of 5024 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\QYGLfQG.exe
PID 5052 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\avwpJnp.exe
PID 5052 wrote to memory of 1904 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\avwpJnp.exe
PID 5052 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\VUfovGb.exe
PID 5052 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\VUfovGb.exe
PID 5052 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\oFPIyTh.exe
PID 5052 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\oFPIyTh.exe
PID 5052 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\BEOIKgN.exe
PID 5052 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\BEOIKgN.exe
PID 5052 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\PnBMkDX.exe
PID 5052 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\PnBMkDX.exe
PID 5052 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\olrcBnu.exe
PID 5052 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\olrcBnu.exe
PID 5052 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\eOZiKZH.exe
PID 5052 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\eOZiKZH.exe
PID 5052 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\FyqxPjT.exe
PID 5052 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\FyqxPjT.exe
PID 5052 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\gQWqgfp.exe
PID 5052 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\gQWqgfp.exe
PID 5052 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\KURjVDR.exe
PID 5052 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\KURjVDR.exe
PID 5052 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qbvPdKW.exe
PID 5052 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\qbvPdKW.exe
PID 5052 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\bWUXQSe.exe
PID 5052 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\bWUXQSe.exe
PID 5052 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\uBFpuIc.exe
PID 5052 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\uBFpuIc.exe
PID 5052 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\HNTpkmI.exe
PID 5052 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\HNTpkmI.exe
PID 5052 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\hCWxbPU.exe
PID 5052 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\hCWxbPU.exe
PID 5052 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\NcmFzrD.exe
PID 5052 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\NcmFzrD.exe
PID 5052 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ZGGwXoG.exe
PID 5052 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\ZGGwXoG.exe
PID 5052 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\NPyjuke.exe
PID 5052 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\NPyjuke.exe
PID 5052 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\azrYWVR.exe
PID 5052 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\azrYWVR.exe
PID 5052 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\XlhJmDo.exe
PID 5052 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\XlhJmDo.exe
PID 5052 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DPQKENr.exe
PID 5052 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\DPQKENr.exe
PID 5052 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\SsgZiYL.exe
PID 5052 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe C:\Windows\System\SsgZiYL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\41b0d97daf8421d536d3320c147ed9d0_NeikiAnalytics.exe"

C:\Windows\System\wYZMJbE.exe

C:\Windows\System\wYZMJbE.exe

C:\Windows\System\ckpKfEi.exe

C:\Windows\System\ckpKfEi.exe

C:\Windows\System\YXpbwsM.exe

C:\Windows\System\YXpbwsM.exe

C:\Windows\System\QHdhlem.exe

C:\Windows\System\QHdhlem.exe

C:\Windows\System\yOKGGyh.exe

C:\Windows\System\yOKGGyh.exe

C:\Windows\System\BgCJwZd.exe

C:\Windows\System\BgCJwZd.exe

C:\Windows\System\DspLYDv.exe

C:\Windows\System\DspLYDv.exe

C:\Windows\System\JzKXuXG.exe

C:\Windows\System\JzKXuXG.exe

C:\Windows\System\rEbfmfx.exe

C:\Windows\System\rEbfmfx.exe

C:\Windows\System\QYGLfQG.exe

C:\Windows\System\QYGLfQG.exe

C:\Windows\System\avwpJnp.exe

C:\Windows\System\avwpJnp.exe

C:\Windows\System\VUfovGb.exe

C:\Windows\System\VUfovGb.exe

C:\Windows\System\oFPIyTh.exe

C:\Windows\System\oFPIyTh.exe

C:\Windows\System\BEOIKgN.exe

C:\Windows\System\BEOIKgN.exe

C:\Windows\System\PnBMkDX.exe

C:\Windows\System\PnBMkDX.exe

C:\Windows\System\olrcBnu.exe

C:\Windows\System\olrcBnu.exe

C:\Windows\System\eOZiKZH.exe

C:\Windows\System\eOZiKZH.exe

C:\Windows\System\FyqxPjT.exe

C:\Windows\System\FyqxPjT.exe

C:\Windows\System\gQWqgfp.exe

C:\Windows\System\gQWqgfp.exe

C:\Windows\System\KURjVDR.exe

C:\Windows\System\KURjVDR.exe

C:\Windows\System\qbvPdKW.exe

C:\Windows\System\qbvPdKW.exe

C:\Windows\System\bWUXQSe.exe

C:\Windows\System\bWUXQSe.exe

C:\Windows\System\uBFpuIc.exe

C:\Windows\System\uBFpuIc.exe

C:\Windows\System\HNTpkmI.exe

C:\Windows\System\HNTpkmI.exe

C:\Windows\System\hCWxbPU.exe

C:\Windows\System\hCWxbPU.exe

C:\Windows\System\NcmFzrD.exe

C:\Windows\System\NcmFzrD.exe

C:\Windows\System\ZGGwXoG.exe

C:\Windows\System\ZGGwXoG.exe

C:\Windows\System\NPyjuke.exe

C:\Windows\System\NPyjuke.exe

C:\Windows\System\azrYWVR.exe

C:\Windows\System\azrYWVR.exe

C:\Windows\System\XlhJmDo.exe

C:\Windows\System\XlhJmDo.exe

C:\Windows\System\DPQKENr.exe

C:\Windows\System\DPQKENr.exe

C:\Windows\System\SsgZiYL.exe

C:\Windows\System\SsgZiYL.exe

C:\Windows\System\fsXMXBC.exe

C:\Windows\System\fsXMXBC.exe

C:\Windows\System\GFCwqRn.exe

C:\Windows\System\GFCwqRn.exe

C:\Windows\System\jGaViZZ.exe

C:\Windows\System\jGaViZZ.exe

C:\Windows\System\aJWjngy.exe

C:\Windows\System\aJWjngy.exe

C:\Windows\System\fzwQBcw.exe

C:\Windows\System\fzwQBcw.exe

C:\Windows\System\iEypvca.exe

C:\Windows\System\iEypvca.exe

C:\Windows\System\bNVWiln.exe

C:\Windows\System\bNVWiln.exe

C:\Windows\System\pBnNNLd.exe

C:\Windows\System\pBnNNLd.exe

C:\Windows\System\wObEGCq.exe

C:\Windows\System\wObEGCq.exe

C:\Windows\System\MGGKNzs.exe

C:\Windows\System\MGGKNzs.exe

C:\Windows\System\bFopnxv.exe

C:\Windows\System\bFopnxv.exe

C:\Windows\System\KHeLQLp.exe

C:\Windows\System\KHeLQLp.exe

C:\Windows\System\kQsRlYd.exe

C:\Windows\System\kQsRlYd.exe

C:\Windows\System\yFqUggy.exe

C:\Windows\System\yFqUggy.exe

C:\Windows\System\PUdCtcU.exe

C:\Windows\System\PUdCtcU.exe

C:\Windows\System\crvYiMq.exe

C:\Windows\System\crvYiMq.exe

C:\Windows\System\NElxCjQ.exe

C:\Windows\System\NElxCjQ.exe

C:\Windows\System\FedhfMy.exe

C:\Windows\System\FedhfMy.exe

C:\Windows\System\WgunjqC.exe

C:\Windows\System\WgunjqC.exe

C:\Windows\System\IpYIGyU.exe

C:\Windows\System\IpYIGyU.exe

C:\Windows\System\leVFBct.exe

C:\Windows\System\leVFBct.exe

C:\Windows\System\gIOJNdq.exe

C:\Windows\System\gIOJNdq.exe

C:\Windows\System\vdJSQCo.exe

C:\Windows\System\vdJSQCo.exe

C:\Windows\System\FmikPTd.exe

C:\Windows\System\FmikPTd.exe

C:\Windows\System\SJgmtsT.exe

C:\Windows\System\SJgmtsT.exe

C:\Windows\System\DvcYawg.exe

C:\Windows\System\DvcYawg.exe

C:\Windows\System\VKcPiFP.exe

C:\Windows\System\VKcPiFP.exe

C:\Windows\System\eiHceHj.exe

C:\Windows\System\eiHceHj.exe

C:\Windows\System\ruLPZmT.exe

C:\Windows\System\ruLPZmT.exe

C:\Windows\System\tdWMcOW.exe

C:\Windows\System\tdWMcOW.exe

C:\Windows\System\CGSBfhZ.exe

C:\Windows\System\CGSBfhZ.exe

C:\Windows\System\ttPCMVT.exe

C:\Windows\System\ttPCMVT.exe

C:\Windows\System\WlRxCrK.exe

C:\Windows\System\WlRxCrK.exe

C:\Windows\System\EKNvqoj.exe

C:\Windows\System\EKNvqoj.exe

C:\Windows\System\qZpHpVx.exe

C:\Windows\System\qZpHpVx.exe

C:\Windows\System\OMrKyef.exe

C:\Windows\System\OMrKyef.exe

C:\Windows\System\qXnAbkz.exe

C:\Windows\System\qXnAbkz.exe

C:\Windows\System\fNoXeIB.exe

C:\Windows\System\fNoXeIB.exe

C:\Windows\System\mytlfmb.exe

C:\Windows\System\mytlfmb.exe

C:\Windows\System\DhHMrrH.exe

C:\Windows\System\DhHMrrH.exe

C:\Windows\System\Kuosvdq.exe

C:\Windows\System\Kuosvdq.exe

C:\Windows\System\wsAWUwB.exe

C:\Windows\System\wsAWUwB.exe

C:\Windows\System\BrkLNUm.exe

C:\Windows\System\BrkLNUm.exe

C:\Windows\System\KRJjJjo.exe

C:\Windows\System\KRJjJjo.exe

C:\Windows\System\kCfGpuP.exe

C:\Windows\System\kCfGpuP.exe

C:\Windows\System\fVonekm.exe

C:\Windows\System\fVonekm.exe

C:\Windows\System\IUwyBjP.exe

C:\Windows\System\IUwyBjP.exe

C:\Windows\System\ZmlFvIx.exe

C:\Windows\System\ZmlFvIx.exe

C:\Windows\System\adTStWQ.exe

C:\Windows\System\adTStWQ.exe

C:\Windows\System\XIkSheC.exe

C:\Windows\System\XIkSheC.exe

C:\Windows\System\SJualCH.exe

C:\Windows\System\SJualCH.exe

C:\Windows\System\PlPlFmS.exe

C:\Windows\System\PlPlFmS.exe

C:\Windows\System\abGIDlX.exe

C:\Windows\System\abGIDlX.exe

C:\Windows\System\mpXmTql.exe

C:\Windows\System\mpXmTql.exe

C:\Windows\System\tCbiMRX.exe

C:\Windows\System\tCbiMRX.exe

C:\Windows\System\KjyjDFM.exe

C:\Windows\System\KjyjDFM.exe

C:\Windows\System\ynCkOXn.exe

C:\Windows\System\ynCkOXn.exe

C:\Windows\System\XVTtDDe.exe

C:\Windows\System\XVTtDDe.exe

C:\Windows\System\eHooCxH.exe

C:\Windows\System\eHooCxH.exe

C:\Windows\System\fDyqzbi.exe

C:\Windows\System\fDyqzbi.exe

C:\Windows\System\zRhvnrF.exe

C:\Windows\System\zRhvnrF.exe

C:\Windows\System\TxvXYYE.exe

C:\Windows\System\TxvXYYE.exe

C:\Windows\System\dapGGFt.exe

C:\Windows\System\dapGGFt.exe

C:\Windows\System\vlDGhbc.exe

C:\Windows\System\vlDGhbc.exe

C:\Windows\System\VvMclcP.exe

C:\Windows\System\VvMclcP.exe

C:\Windows\System\LCgdzqQ.exe

C:\Windows\System\LCgdzqQ.exe

C:\Windows\System\qLNhZje.exe

C:\Windows\System\qLNhZje.exe

C:\Windows\System\jcVDFIC.exe

C:\Windows\System\jcVDFIC.exe

C:\Windows\System\NFOfxAc.exe

C:\Windows\System\NFOfxAc.exe

C:\Windows\System\orSBVjB.exe

C:\Windows\System\orSBVjB.exe

C:\Windows\System\brUonyc.exe

C:\Windows\System\brUonyc.exe

C:\Windows\System\fuKqEfB.exe

C:\Windows\System\fuKqEfB.exe

C:\Windows\System\VQsxVhv.exe

C:\Windows\System\VQsxVhv.exe

C:\Windows\System\iLADBkR.exe

C:\Windows\System\iLADBkR.exe

C:\Windows\System\lmYgicu.exe

C:\Windows\System\lmYgicu.exe

C:\Windows\System\kYTgpeP.exe

C:\Windows\System\kYTgpeP.exe

C:\Windows\System\QEOnSff.exe

C:\Windows\System\QEOnSff.exe

C:\Windows\System\JmtMORA.exe

C:\Windows\System\JmtMORA.exe

C:\Windows\System\fnnyCbq.exe

C:\Windows\System\fnnyCbq.exe

C:\Windows\System\ryqLnTH.exe

C:\Windows\System\ryqLnTH.exe

C:\Windows\System\IpojxPH.exe

C:\Windows\System\IpojxPH.exe

C:\Windows\System\voiWVom.exe

C:\Windows\System\voiWVom.exe

C:\Windows\System\MgGidFo.exe

C:\Windows\System\MgGidFo.exe

C:\Windows\System\wtcRvPU.exe

C:\Windows\System\wtcRvPU.exe

C:\Windows\System\MAMgGho.exe

C:\Windows\System\MAMgGho.exe

C:\Windows\System\ydULMIb.exe

C:\Windows\System\ydULMIb.exe

C:\Windows\System\ISnLolU.exe

C:\Windows\System\ISnLolU.exe

C:\Windows\System\AAMSAmk.exe

C:\Windows\System\AAMSAmk.exe

C:\Windows\System\lpsbidk.exe

C:\Windows\System\lpsbidk.exe

C:\Windows\System\niCmhKN.exe

C:\Windows\System\niCmhKN.exe

C:\Windows\System\FQfZgcp.exe

C:\Windows\System\FQfZgcp.exe

C:\Windows\System\RDvToPo.exe

C:\Windows\System\RDvToPo.exe

C:\Windows\System\UGXtzAL.exe

C:\Windows\System\UGXtzAL.exe

C:\Windows\System\ftvfkBv.exe

C:\Windows\System\ftvfkBv.exe

C:\Windows\System\rntYVYW.exe

C:\Windows\System\rntYVYW.exe

C:\Windows\System\gTIxSSN.exe

C:\Windows\System\gTIxSSN.exe

C:\Windows\System\YCcsgBS.exe

C:\Windows\System\YCcsgBS.exe

C:\Windows\System\VSGKNZn.exe

C:\Windows\System\VSGKNZn.exe

C:\Windows\System\NtCHdTO.exe

C:\Windows\System\NtCHdTO.exe

C:\Windows\System\LONhAVK.exe

C:\Windows\System\LONhAVK.exe

C:\Windows\System\vBqxzdy.exe

C:\Windows\System\vBqxzdy.exe

C:\Windows\System\kyFlgRn.exe

C:\Windows\System\kyFlgRn.exe

C:\Windows\System\KJwLaEZ.exe

C:\Windows\System\KJwLaEZ.exe

C:\Windows\System\ZpxhLbE.exe

C:\Windows\System\ZpxhLbE.exe

C:\Windows\System\QUVZwuY.exe

C:\Windows\System\QUVZwuY.exe

C:\Windows\System\puPIkcs.exe

C:\Windows\System\puPIkcs.exe

C:\Windows\System\cUpkTlT.exe

C:\Windows\System\cUpkTlT.exe

C:\Windows\System\pLZovje.exe

C:\Windows\System\pLZovje.exe

C:\Windows\System\gyokHBE.exe

C:\Windows\System\gyokHBE.exe

C:\Windows\System\AunTXmB.exe

C:\Windows\System\AunTXmB.exe

C:\Windows\System\oVguBIB.exe

C:\Windows\System\oVguBIB.exe

C:\Windows\System\KKlJUlv.exe

C:\Windows\System\KKlJUlv.exe

C:\Windows\System\XsMTwRa.exe

C:\Windows\System\XsMTwRa.exe

C:\Windows\System\dJTLhWF.exe

C:\Windows\System\dJTLhWF.exe

C:\Windows\System\wAUIQZJ.exe

C:\Windows\System\wAUIQZJ.exe

C:\Windows\System\ufgIuvK.exe

C:\Windows\System\ufgIuvK.exe

C:\Windows\System\fBCRTJr.exe

C:\Windows\System\fBCRTJr.exe

C:\Windows\System\XxnXugV.exe

C:\Windows\System\XxnXugV.exe

C:\Windows\System\AAubNsM.exe

C:\Windows\System\AAubNsM.exe

C:\Windows\System\CjbspJP.exe

C:\Windows\System\CjbspJP.exe

C:\Windows\System\SEyJiZV.exe

C:\Windows\System\SEyJiZV.exe

C:\Windows\System\mhOVSSs.exe

C:\Windows\System\mhOVSSs.exe

C:\Windows\System\UaVPjCn.exe

C:\Windows\System\UaVPjCn.exe

C:\Windows\System\cwVLfAM.exe

C:\Windows\System\cwVLfAM.exe

C:\Windows\System\cRYdeNx.exe

C:\Windows\System\cRYdeNx.exe

C:\Windows\System\JNEnTAu.exe

C:\Windows\System\JNEnTAu.exe

C:\Windows\System\ZBWMIbR.exe

C:\Windows\System\ZBWMIbR.exe

C:\Windows\System\BbUGWuU.exe

C:\Windows\System\BbUGWuU.exe

C:\Windows\System\WeZtbyy.exe

C:\Windows\System\WeZtbyy.exe

C:\Windows\System\EZVUTaI.exe

C:\Windows\System\EZVUTaI.exe

C:\Windows\System\xjJVhxH.exe

C:\Windows\System\xjJVhxH.exe

C:\Windows\System\zgRULJk.exe

C:\Windows\System\zgRULJk.exe

C:\Windows\System\EhlSQTk.exe

C:\Windows\System\EhlSQTk.exe

C:\Windows\System\QfGSzPK.exe

C:\Windows\System\QfGSzPK.exe

C:\Windows\System\xmwKNcq.exe

C:\Windows\System\xmwKNcq.exe

C:\Windows\System\WRkKtvW.exe

C:\Windows\System\WRkKtvW.exe

C:\Windows\System\wSlAZuq.exe

C:\Windows\System\wSlAZuq.exe

C:\Windows\System\RekKFip.exe

C:\Windows\System\RekKFip.exe

C:\Windows\System\jpifMSQ.exe

C:\Windows\System\jpifMSQ.exe

C:\Windows\System\BiERZnm.exe

C:\Windows\System\BiERZnm.exe

C:\Windows\System\FOWsNWI.exe

C:\Windows\System\FOWsNWI.exe

C:\Windows\System\HnnlJsg.exe

C:\Windows\System\HnnlJsg.exe

C:\Windows\System\KCEkrLL.exe

C:\Windows\System\KCEkrLL.exe

C:\Windows\System\vOGFjOX.exe

C:\Windows\System\vOGFjOX.exe

C:\Windows\System\ZOnfJAF.exe

C:\Windows\System\ZOnfJAF.exe

C:\Windows\System\GAwWzzB.exe

C:\Windows\System\GAwWzzB.exe

C:\Windows\System\CtSIOwl.exe

C:\Windows\System\CtSIOwl.exe

C:\Windows\System\XIAqcTe.exe

C:\Windows\System\XIAqcTe.exe

C:\Windows\System\fvZCavW.exe

C:\Windows\System\fvZCavW.exe

C:\Windows\System\erFeHxm.exe

C:\Windows\System\erFeHxm.exe

C:\Windows\System\IIWqQZK.exe

C:\Windows\System\IIWqQZK.exe

C:\Windows\System\MbTriRI.exe

C:\Windows\System\MbTriRI.exe

C:\Windows\System\SaMcETy.exe

C:\Windows\System\SaMcETy.exe

C:\Windows\System\ofODzkN.exe

C:\Windows\System\ofODzkN.exe

C:\Windows\System\JxlRgLM.exe

C:\Windows\System\JxlRgLM.exe

C:\Windows\System\EfysTOG.exe

C:\Windows\System\EfysTOG.exe

C:\Windows\System\OxZfUmz.exe

C:\Windows\System\OxZfUmz.exe

C:\Windows\System\qCgjBOC.exe

C:\Windows\System\qCgjBOC.exe

C:\Windows\System\XAsknKN.exe

C:\Windows\System\XAsknKN.exe

C:\Windows\System\EXySCjL.exe

C:\Windows\System\EXySCjL.exe

C:\Windows\System\HcjoniE.exe

C:\Windows\System\HcjoniE.exe

C:\Windows\System\bMplWRW.exe

C:\Windows\System\bMplWRW.exe

C:\Windows\System\wgFejpW.exe

C:\Windows\System\wgFejpW.exe

C:\Windows\System\DLeFqxP.exe

C:\Windows\System\DLeFqxP.exe

C:\Windows\System\UySZNWA.exe

C:\Windows\System\UySZNWA.exe

C:\Windows\System\PsPZHgu.exe

C:\Windows\System\PsPZHgu.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/5052-0-0x0000029D958C0000-0x0000029D958D0000-memory.dmp

C:\Windows\System\wYZMJbE.exe

MD5 46c6611aebf44fdd320f82ee268b3d6d
SHA1 ba129a61b3a1171fe7eb24a8623c1dcafd3c8dec
SHA256 8aa82f176048afd48b67e70f385d42f7134f387dbb2198599d54181c3a89b90c
SHA512 9598eb048fc424a154aaaebdcc1ba1fa2c768a7b6eabad2a5ee6fd2262912b18411c32c9d179a7e3ffda5ec7117921bd03a668cc024e4dd7276c6fe532d40e90

C:\Windows\System\ckpKfEi.exe

MD5 31931bafe6bb1f12403782d28d1d9982
SHA1 30274bb6d8459cc833fa1d39a104ef411f0c0403
SHA256 f1368f51ba48e3b393ea8e72a5a9557aa910e4ddcaa510ef104479e37a5faa90
SHA512 b05195de0792a00e33972f0ae64aaf9d94a234a2e0d6a061f60eec2332ea13e3459a399a2d9a2809266bedf6b0c674a204e3ae599e9f80b8662a4e79f381e2cf

C:\Windows\System\YXpbwsM.exe

MD5 4e25278bee566ee1d49544f9d9b5a0c7
SHA1 3672fc9e639746d4bff9db2ce9c84669369b359c
SHA256 f4678db5342be247f6024c445edc5cb24b2fec86912048847abb7aeef97d7c07
SHA512 1156cd6aff9bb4b5278d222978616c7b6f570f74ab5df4a451c725974a2575c5f358710b215cec4d9185dd65a7364398391c3432184280bd17c9392685202fd5

C:\Windows\System\QHdhlem.exe

MD5 22c20f92d805574f08beed67d7808cfe
SHA1 e03119c9c670f9f74fef7a2b843651483c74d1c4
SHA256 9a79ff1daf216ad9016a6cd59943a2fb8d828e8b7c8d06e75719e84bf6c9aa33
SHA512 f781c56023f29b30396f52c1e2f0c6ab9cf1f78d1f02829e2ee9392b7ba95c5a865971134ff2e62b230d67ac34a88f676822a6a57e061b9ae1e53e4722af04e3

C:\Windows\System\yOKGGyh.exe

MD5 8e36985813e8e36158479135f0813252
SHA1 3dc6160a533408b9f6bdd90dbdda1d6a908533ad
SHA256 635bf303cfd65860127c8a2713c5e252496f8099f79b3ef5c40702606cb6ec78
SHA512 735efc8cd9755a9eb9172b89f147982a23d29b824fec5d857d22c1a8db8fc9c9ebd1c6ac26d47b12e03176fa3be8ba0a77f58ee0b4da5b58ee083260a6a7432a

C:\Windows\System\BgCJwZd.exe

MD5 ff91f4ff7c994d11b531063d48cff81a
SHA1 7153cefaa691ad8dd207ff6c8efdd1552efa85de
SHA256 2808ab1c25e4b29b18abafd0c971816f5e893a54b6f1978dcae7e79e86762ff4
SHA512 c582a5baa0d4021bce4240419cef657a4e4529732cc80dec6ffec728e5a4b03070c96e90cf441ddcde8d59947299a149dd157d7f3fa9275169ec150e638a28a2

C:\Windows\System\DspLYDv.exe

MD5 5f351c05b064774ef2321aa748b0977b
SHA1 dc7ab55efd4c82d9c6ac1619f4175cb154737bfb
SHA256 242e1187ee46fe934094a35e0ac9eb6ddea724d5f0510a96b4318146617ef46b
SHA512 34dde538a697aa83784345abfc616fde9f3be2884c90f7f15445ab2c0c5a260afdc9884914d1beb326449477b3d10018ab564a107458e9ea7baa4dfd2e313de5

C:\Windows\System\rEbfmfx.exe

MD5 998d92079c11b680fd9e0937159f3f7c
SHA1 d589c5b0ef36dfe1070b5e4869cccfac1b847edf
SHA256 aab3af4df11542c325a08e88fc477dd5069d557f6e1f4197583bb31b6a3328e3
SHA512 6ed9d3e0bf64a5aece8f6a50f3ae0b1004a6eb84c01252787a26eaef481e04b4f1eb64269f1b7f64873cce7908cbee9e4d4a5b41cd4f04c76ba169966d4f20f2

C:\Windows\System\QYGLfQG.exe

MD5 33fb65cb39a4621d25daef6ee4bda8c6
SHA1 19717211ef6c722338bb1e9257b951c2310913b2
SHA256 a7068567b8c6fa18d506efbf323283c317149a22f67de843b58bf19472c4a414
SHA512 af14921908d5c27611fdc962aa2725f2147bdc013b13f26a734df54da2bd75e91d36f1b392ee45f74c2fab1e2fe173099d2620aed21df252e2f115d0338580f4

C:\Windows\System\JzKXuXG.exe

MD5 417ff72d98a33f44bef32efe4d8d13db
SHA1 3b0dd5a721a3ba733155907da3dfa6ff9c15d67c
SHA256 0256ff23c2501b8c999f799b72e86e962b01878c19070bde4beb73c66b0541cb
SHA512 639d1d3c27975c26218ca8f222ccbfd89b8a0d327f004e732ade87194b79ecca2cf1db3d410f275244f8a78e67c3cfa9817f19742ba6e9d0b401ab852306f409

C:\Windows\System\avwpJnp.exe

MD5 0065dba8238fdc3a053dd61b377588b2
SHA1 02dea8f0f9bfb74bdd77b6aa75e6469754f751f5
SHA256 476b1293a8ac641243e69f21f4daf3bc04bb81f9fafa49723d0f02908db7bd7c
SHA512 f6977f7f3584c46364a92423bee8bfd1c491aa220b41024d03ae7f99ba8353b1fd2b7b742751812f7b05747e76117db9a94b54cd967c22eb77ebb76441265985

C:\Windows\System\VUfovGb.exe

MD5 7af5140b1fcf247a334ac0cd50a1aa6d
SHA1 f535ec232adfd6abf700ae2abc66af7dd9324aba
SHA256 2012830559836f5c6a44a34df843ec6bffdfc723f40c2d482516abd7704af825
SHA512 db2e96d3daef17dba8e22fa6c67e0ab1db8f3f70636a2a3c35373b7afba0cd542d24ee4429fea1acb8c7f4e9799c06ed9e45b60582faed03b044f717aa0a5930

C:\Windows\System\BEOIKgN.exe

MD5 b95632344b0cbfb5b96c3ea2281940f1
SHA1 cafb43f54aeae96083257e74b9bd920d16b83300
SHA256 26e1f40376def4945d88d35fff85b89ae1db0478db71a47d120f048a9b0643b1
SHA512 432afa0f7f57dcdb5712c5bf9cd552f926a3f0b740a66d23557639ee2901fcd733cae43d4e7ff1ff53cc9ad4ae2656858d46e0517b377e96653032ce9d841eba

C:\Windows\System\PnBMkDX.exe

MD5 8ef7a400ca7a9c1911a2a3048ec70c25
SHA1 aa1bd6d61159365999b9b5e9d7fdf02f8928f0b6
SHA256 f1b0cf5180bb2acb88703739fc899e4da5f145dfa8c3a1468e1eeef2dd906434
SHA512 a98ec3b735c4a80f6b499bca0140d3b6b3f9d9d96ae53baff3632e8322b1f979d35dca628fa7bb9143b6e6fe93879cbba20138d71b0f955cf85120e8b3643a3b

C:\Windows\System\bWUXQSe.exe

MD5 9ef1a846b0f6cd10bf5bd6470453ac15
SHA1 9df18b32a0c8c3a0489dd5afedce2b455c3bf4f7
SHA256 7b78a8ad1a9c8df852631a17e4b39de8d95861a19d468501a8d5d482b2a75fc2
SHA512 901482272cb10a38a394283cb849bad9bbe65b3d7f500da01d3460a5db07db607d3b0d39e6954318f515ae81ea70407c8e30ce12573c0f61398e86f83c43e30a

C:\Windows\System\XlhJmDo.exe

MD5 652a87f98cc7e9c8b60783ebd3658889
SHA1 e597d45af6b61e2d9b9c8f56e1e89360d62e3dc0
SHA256 1ef29c87fe3941e5d88235cd96201ab7fa34497f04f5977ca0c17fcea5e72478
SHA512 f297637e02032bc769430ea0170d21522ce3d07e2ae4a113888d6ab7887641fc7ba7f7384b33ff786b94bb265764e0f3f69193b27b1125cf83723834c9a7f63e

C:\Windows\System\fsXMXBC.exe

MD5 49c5de0cd20beef1d723df366d5f923d
SHA1 3b760a6979bd9b1b5925c13c70580c28621e4438
SHA256 6b547390f3412635a95b55098bae23e3af70bd4101ead04fbe453c6638641ccf
SHA512 b45f64cc085b56767304ed012083af997ebbd01af9965aaa70806a871b1c64518ab61d0ce1e0353bf83a7432bc074b3446f80b8e22d0e92b7415a16c1f9e7219

C:\Windows\System\DPQKENr.exe

MD5 e8fe922c9a3c5ec8e1c7b53cf7a7fcfb
SHA1 b73113e7be51bc77caa3139b64d3bd92f11ae227
SHA256 ce21afce51b536326de141629ba39d602058f30e9585379a4d9ea9ed7c0d977a
SHA512 f7ea2c6d513e0593190e229168cb77acee97066a6ef157c57956dcc3eb9666914a569452ed4aca19a7bf3351ac1e54db81cfd9ce4f28ba40a5b509c7b077157c

C:\Windows\System\SsgZiYL.exe

MD5 168c361933e4aabd1ea8ed5130718f7c
SHA1 96be3f6748125b01599d772383353072719b0c80
SHA256 f726a3f8eac85c3067f409f883cc6fd521560111fa89ef14fbe13aaa5e4cf8d9
SHA512 4cd652c7ef3ce7ec55122dbc2af0aa8d8c342581fd321c3d40161071f179d0e2413ca545df9481a748529ab8342db56475095eac5b582de6d2f1a3c5af84358b

C:\Windows\System\azrYWVR.exe

MD5 40b57a4e1e7b6d860af0ec0e5ecf7fe6
SHA1 1528195fe2476701ee2e93269d0ea8452b101bb7
SHA256 3292d413b7762caebfb32d525032886e2759ac147605d4e73934799b35dd47f6
SHA512 65f26083a90993151076779e2d49e16a5de49d0af1cfaab4dd714fb9f12ebd4bff69edafa1b57308b23f7f7c6e1f79acb4735291d8e0383d13433120d48e2eab

C:\Windows\System\NPyjuke.exe

MD5 9cce0b7f326e35a24da2e462595b5d70
SHA1 2d138679dddf107a325364449f655dc5cba09183
SHA256 e4db973626a43c989733875be201201243aed92ba83040d66e6acc3229061b2b
SHA512 f015856b32ea188f7119561f61b912cc68886ae42d6308250d322ed06d1c351da5f80d1fcbbe071ecd901244c0354966f438fa57fb2f974577b51bf09baba0c6

C:\Windows\System\ZGGwXoG.exe

MD5 5b611e493e3ee2faea2f732a32ad6038
SHA1 e995b29ca0bd7073b20ff1f9963983c67a476c86
SHA256 d5fe07dc3c823175705b4f4ec9cc45a978268f2e68f624d653d6ded37e4b2707
SHA512 25e6174953b2dc662693e029c7e5009103994f88c848afab1b41d174f405158455381ad7d4b2a84189eafb88db7de3c31bf110e2acf33b8c26967b32743c4af1

C:\Windows\System\NcmFzrD.exe

MD5 4ce44b0bddde126d0a0b563887398a3b
SHA1 238a10b3b0e50b5c67adc1984ed128c82f7568a7
SHA256 ed40885c2e53350dd54fc91245ce1b072fcdd11239cc1406da1ce07290ad0f3e
SHA512 fdb6c3f4b7ad0f4e4afdbbc49b9f506e646898ab1f1e9c796a8ebd47455958225f6151acd46bd18904631ae8588dec5bba9fa81e0cfd1ef188c52cf5ee0d4d4a

C:\Windows\System\hCWxbPU.exe

MD5 cef2f6911320abfbf8b80c5263290f9c
SHA1 32999c5c6d36002ee8a48ea1d011a33e6336f674
SHA256 8370835beef8a1c22230dbe232ff3cb6b7e305b27c840c28fd83e538c376ce69
SHA512 0cd963811570550afe3c22ebd2ae82d83f0b95f5a34233f8ae5a287ef1d7eadfe7147fe814956f81c839f4ea0eb4489652763af16a5285f1858b30b7c7fb50e1

C:\Windows\System\HNTpkmI.exe

MD5 6a3b7d565075560c0db6676d300d75a1
SHA1 5b9cb835ad5443eb111f062f279aa5dea87f6aec
SHA256 8bf786eebef9050259a09be7fda4143e836ff668b41a9548fcae6de4f00715b5
SHA512 eda646d50904ce4da92c6e81b8f07626f6c0f2101054f8917f1237e1377c5d12003b00776843c9724ace3e3ef17c513aac554ad005df034a6022d5f34277cf31

C:\Windows\System\uBFpuIc.exe

MD5 9057ecdf4bb91275b75aad93a3919e45
SHA1 4104f3dcea53e5b49530f98dbd98de52702539e4
SHA256 ff096eed20a5ab1a49336aa7a29de5421297cf3190e5903fffea616a8bff5594
SHA512 e07996ef0825f92585bfd839766334c26cb5738a42802e5f5485947db04a8a32e1673103bae9d32a133625d948bedcdf1470e1c530837f00b93b6998427a39e9

C:\Windows\System\qbvPdKW.exe

MD5 f898cc3a8fad3ff32460751eddffc18b
SHA1 3fcb9ac1ac86927621fc3f6432d4825750c477fe
SHA256 c2ccac21c65a4bc6868e7ea2afd73f9753cda751c1547278dc7fb86f68e57b71
SHA512 4ee453305c4086aa2fba8c964882c3069be6f8ecb0419e5b3edd8abe9f02a114f95ff3d94dbbc26662c674b9d83088ba09ee03ad960e1ed14f67e48451bae20b

C:\Windows\System\KURjVDR.exe

MD5 4646982073b4fdec2ca5fd17dabf312e
SHA1 91e70f14f7d6617020dbced635922c5a16c95ac8
SHA256 23be94dfec77f5c500a81a4125d639f43d191bd3c3862d0d6119f9d3b1b0bac3
SHA512 86235d5a65106b74272fb7e43ff7c6ec3f247ec27c46be71f3779cb18dba2bffc0d1c2f10c64dbac401663bdc205ec29e20ae35562526e162c5616d20d6bc854

C:\Windows\System\gQWqgfp.exe

MD5 311f7399cfee7ae16a4e19cb02df23eb
SHA1 b77f78766b5934a2f76cf8257aeebea1cf427cf3
SHA256 f44cf2f30abd430d116eab42cdf9232b73d811cc000241d3ce853bd9f179131e
SHA512 ed2d4f146447b2a9db43d4bc6f30228069dc2b330f5f3a61dc24ca6433bfd0e266aceb26dcdfbeb7e86eb250e52806dec2fef17db06ef92689cbeef9f67b39e5

C:\Windows\System\FyqxPjT.exe

MD5 3b67e13aa58b8d74479088a10b71fc60
SHA1 1c1ab5a12a5c6c1d3b73ead417c9c56ebdbddd2b
SHA256 bae1b87fcf4519f484a247f98c3dfb4d6b83cc7bcac17234679796cdb6a95b7b
SHA512 6547933ac1156e6491d17a15c9a2e7541123960120dbd3b85875644132d3580f1b5115d358c4fed04ad0d29c34a83733ade22501395ee20888574ef589a8aa7e

C:\Windows\System\eOZiKZH.exe

MD5 85e859323b0d5f9d8a94d507f2cd36c4
SHA1 bbbd2a6acdad15b3b16fa1471d25d5daee98eb25
SHA256 393543715b83d161f490faa0e9ff71d340e9b3fe5779ad5f88220a015b5875e2
SHA512 2444f339f24b95b6a6b0a4212a84c54e77eb2f1b2f4350fb907f370ee2bd5a0e6970ef1b3290ac5c7813ea75a5ba15dc8ad7dde3f190efacf701650cfc0dc59a

C:\Windows\System\olrcBnu.exe

MD5 d4140e29e471b93e3cb56f5a1e3c5b01
SHA1 608e2e520a1605b6e42d794664197557dc8270e2
SHA256 4a2bb3fd2c7edd5913663c2d5640dcf24963772d2c543464b47c63ed2ce1133e
SHA512 a7bdffa51d7b4e51da2fc48ec0d1eb763dfa5415b0ab604e0111adfb7d5454fffe7b219b5c5bb679a6f3211d75f3552f0b7db5236b5759d8e11af6f5376fd1e7

C:\Windows\System\oFPIyTh.exe

MD5 d3d12cd694ddd386803078b854563d7c
SHA1 8379e3a5096398c57109a1bc1c16535bbc3f0673
SHA256 6fba0294e0c93e75a2abdffc29c5216f60f819f6c44294b32a7be150c20c1e27
SHA512 76ca7b3a7710a7e2740d9e41d3e70f33dd757570ce59b9de13bbad82c711edc0a4d8d9bf0343998f665e75bd71cb39f3201cd85aa79eff2e972df170184d92a2