Malware Analysis Report

2025-04-19 17:31

Sample ID 240523-1tnj5aac72
Target 9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe
SHA256 6847cd39c31cce14080c68914e893d4a8c33989bd5c86f9db1aa3e388a449a62
Tags
xmrig miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6847cd39c31cce14080c68914e893d4a8c33989bd5c86f9db1aa3e388a449a62

Threat Level: Known bad

The file 9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xmrig miner

xmrig

Xmrig family

XMRig Miner payload

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-23 21:56

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-23 21:56

Reported

2024-05-23 21:59

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\SuuyYUr.exe N/A
N/A N/A C:\Windows\System\uoxibZS.exe N/A
N/A N/A C:\Windows\System\GMNMlAZ.exe N/A
N/A N/A C:\Windows\System\qqWSvqF.exe N/A
N/A N/A C:\Windows\System\PqyZsbI.exe N/A
N/A N/A C:\Windows\System\DqaypEy.exe N/A
N/A N/A C:\Windows\System\IWhhnWV.exe N/A
N/A N/A C:\Windows\System\DaKmwxe.exe N/A
N/A N/A C:\Windows\System\lVVSuPR.exe N/A
N/A N/A C:\Windows\System\TuCtzWo.exe N/A
N/A N/A C:\Windows\System\ytgmjMc.exe N/A
N/A N/A C:\Windows\System\nQiSlsH.exe N/A
N/A N/A C:\Windows\System\kDjAmMm.exe N/A
N/A N/A C:\Windows\System\assDJTe.exe N/A
N/A N/A C:\Windows\System\owIacVe.exe N/A
N/A N/A C:\Windows\System\DrpYvsC.exe N/A
N/A N/A C:\Windows\System\SuPqqJZ.exe N/A
N/A N/A C:\Windows\System\tojSOzJ.exe N/A
N/A N/A C:\Windows\System\FaSajOx.exe N/A
N/A N/A C:\Windows\System\naSvvwn.exe N/A
N/A N/A C:\Windows\System\vBuGhIk.exe N/A
N/A N/A C:\Windows\System\tZGOqTo.exe N/A
N/A N/A C:\Windows\System\lRmtuxe.exe N/A
N/A N/A C:\Windows\System\GBdYwvW.exe N/A
N/A N/A C:\Windows\System\vlgERwq.exe N/A
N/A N/A C:\Windows\System\ONnaVjf.exe N/A
N/A N/A C:\Windows\System\FRxrHdM.exe N/A
N/A N/A C:\Windows\System\FloGiLg.exe N/A
N/A N/A C:\Windows\System\ZGDDKCH.exe N/A
N/A N/A C:\Windows\System\Xsivvmu.exe N/A
N/A N/A C:\Windows\System\YdRHQxo.exe N/A
N/A N/A C:\Windows\System\PtYalqi.exe N/A
N/A N/A C:\Windows\System\TpzuQDC.exe N/A
N/A N/A C:\Windows\System\bHevMXY.exe N/A
N/A N/A C:\Windows\System\iteIvhe.exe N/A
N/A N/A C:\Windows\System\JbHYlOV.exe N/A
N/A N/A C:\Windows\System\wbKgjRK.exe N/A
N/A N/A C:\Windows\System\PplZJae.exe N/A
N/A N/A C:\Windows\System\rrrQIVJ.exe N/A
N/A N/A C:\Windows\System\imTulEC.exe N/A
N/A N/A C:\Windows\System\eRiamvM.exe N/A
N/A N/A C:\Windows\System\FUPyaMC.exe N/A
N/A N/A C:\Windows\System\yMDWMmB.exe N/A
N/A N/A C:\Windows\System\GvMrjaX.exe N/A
N/A N/A C:\Windows\System\wzeoqfG.exe N/A
N/A N/A C:\Windows\System\mkIzwEI.exe N/A
N/A N/A C:\Windows\System\RKlOPTW.exe N/A
N/A N/A C:\Windows\System\XbwxvWn.exe N/A
N/A N/A C:\Windows\System\PAAvqxI.exe N/A
N/A N/A C:\Windows\System\mOtZzMa.exe N/A
N/A N/A C:\Windows\System\NNTKSus.exe N/A
N/A N/A C:\Windows\System\LDKBpBW.exe N/A
N/A N/A C:\Windows\System\cMgFXmK.exe N/A
N/A N/A C:\Windows\System\NWLYuKT.exe N/A
N/A N/A C:\Windows\System\BKRFLnZ.exe N/A
N/A N/A C:\Windows\System\lqZXYpG.exe N/A
N/A N/A C:\Windows\System\bjdHjUS.exe N/A
N/A N/A C:\Windows\System\AJJDuKU.exe N/A
N/A N/A C:\Windows\System\uUSupwQ.exe N/A
N/A N/A C:\Windows\System\rXyqapW.exe N/A
N/A N/A C:\Windows\System\pSJyVAX.exe N/A
N/A N/A C:\Windows\System\IERnaCX.exe N/A
N/A N/A C:\Windows\System\WeUmSef.exe N/A
N/A N/A C:\Windows\System\eWmzXse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\FaSajOx.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNogIaF.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWLYuKT.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKRFLnZ.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDRrqHz.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kMNaiGU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SuuyYUr.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpKXBcH.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEMwDHE.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XMlSNDE.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eiHZmUv.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EqooLla.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVfTHbZ.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uoxibZS.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQXIXJl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZVadawc.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jimXhUJ.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BpdNdQr.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASnwtRp.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PAncyPv.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBSbNaN.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqaypEy.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\naSvvwn.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eRiamvM.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WeUmSef.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqDlghT.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gkVTixt.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrpYvsC.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocIJvKn.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eEqBjSf.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RKMAbAr.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VyoHvVM.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lRmtuxe.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDKBpBW.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqZXYpG.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzxQQel.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOtZzMa.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCOmZPO.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vlgERwq.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xeqnZmR.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PqyZsbI.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqoZHIl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kqtXIfj.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\imTulEC.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRFdufk.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UDwLBwh.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUvAoiz.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WqVTsdD.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dDWSeRn.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YdRHQxo.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yPkiwcz.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDjAmMm.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PplZJae.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ibfEnKl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GJYCmzK.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DAaDXVm.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVBXCNH.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bHevMXY.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJJDuKU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSJyVAX.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUzFKXK.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UheGbdI.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZPLLfO.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iFZRFjU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2216 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\SuuyYUr.exe
PID 2216 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\SuuyYUr.exe
PID 2216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\uoxibZS.exe
PID 2216 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\uoxibZS.exe
PID 2216 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\GMNMlAZ.exe
PID 2216 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\GMNMlAZ.exe
PID 2216 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\qqWSvqF.exe
PID 2216 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\qqWSvqF.exe
PID 2216 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\PqyZsbI.exe
PID 2216 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\PqyZsbI.exe
PID 2216 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DqaypEy.exe
PID 2216 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DqaypEy.exe
PID 2216 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\IWhhnWV.exe
PID 2216 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\IWhhnWV.exe
PID 2216 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DaKmwxe.exe
PID 2216 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DaKmwxe.exe
PID 2216 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\lVVSuPR.exe
PID 2216 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\lVVSuPR.exe
PID 2216 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\TuCtzWo.exe
PID 2216 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\TuCtzWo.exe
PID 2216 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ytgmjMc.exe
PID 2216 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ytgmjMc.exe
PID 2216 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\nQiSlsH.exe
PID 2216 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\nQiSlsH.exe
PID 2216 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\kDjAmMm.exe
PID 2216 wrote to memory of 1056 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\kDjAmMm.exe
PID 2216 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\assDJTe.exe
PID 2216 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\assDJTe.exe
PID 2216 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\owIacVe.exe
PID 2216 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\owIacVe.exe
PID 2216 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DrpYvsC.exe
PID 2216 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\DrpYvsC.exe
PID 2216 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\SuPqqJZ.exe
PID 2216 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\SuPqqJZ.exe
PID 2216 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\tojSOzJ.exe
PID 2216 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\tojSOzJ.exe
PID 2216 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FaSajOx.exe
PID 2216 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FaSajOx.exe
PID 2216 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\naSvvwn.exe
PID 2216 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\naSvvwn.exe
PID 2216 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vBuGhIk.exe
PID 2216 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vBuGhIk.exe
PID 2216 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\tZGOqTo.exe
PID 2216 wrote to memory of 1236 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\tZGOqTo.exe
PID 2216 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\lRmtuxe.exe
PID 2216 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\lRmtuxe.exe
PID 2216 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\GBdYwvW.exe
PID 2216 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\GBdYwvW.exe
PID 2216 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vlgERwq.exe
PID 2216 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vlgERwq.exe
PID 2216 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ONnaVjf.exe
PID 2216 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ONnaVjf.exe
PID 2216 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FRxrHdM.exe
PID 2216 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FRxrHdM.exe
PID 2216 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FloGiLg.exe
PID 2216 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FloGiLg.exe
PID 2216 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ZGDDKCH.exe
PID 2216 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\ZGDDKCH.exe
PID 2216 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\Xsivvmu.exe
PID 2216 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\Xsivvmu.exe
PID 2216 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\YdRHQxo.exe
PID 2216 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\YdRHQxo.exe
PID 2216 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\PtYalqi.exe
PID 2216 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\PtYalqi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe"

C:\Windows\System\SuuyYUr.exe

C:\Windows\System\SuuyYUr.exe

C:\Windows\System\uoxibZS.exe

C:\Windows\System\uoxibZS.exe

C:\Windows\System\GMNMlAZ.exe

C:\Windows\System\GMNMlAZ.exe

C:\Windows\System\qqWSvqF.exe

C:\Windows\System\qqWSvqF.exe

C:\Windows\System\PqyZsbI.exe

C:\Windows\System\PqyZsbI.exe

C:\Windows\System\DqaypEy.exe

C:\Windows\System\DqaypEy.exe

C:\Windows\System\IWhhnWV.exe

C:\Windows\System\IWhhnWV.exe

C:\Windows\System\DaKmwxe.exe

C:\Windows\System\DaKmwxe.exe

C:\Windows\System\lVVSuPR.exe

C:\Windows\System\lVVSuPR.exe

C:\Windows\System\TuCtzWo.exe

C:\Windows\System\TuCtzWo.exe

C:\Windows\System\ytgmjMc.exe

C:\Windows\System\ytgmjMc.exe

C:\Windows\System\nQiSlsH.exe

C:\Windows\System\nQiSlsH.exe

C:\Windows\System\kDjAmMm.exe

C:\Windows\System\kDjAmMm.exe

C:\Windows\System\assDJTe.exe

C:\Windows\System\assDJTe.exe

C:\Windows\System\owIacVe.exe

C:\Windows\System\owIacVe.exe

C:\Windows\System\DrpYvsC.exe

C:\Windows\System\DrpYvsC.exe

C:\Windows\System\SuPqqJZ.exe

C:\Windows\System\SuPqqJZ.exe

C:\Windows\System\tojSOzJ.exe

C:\Windows\System\tojSOzJ.exe

C:\Windows\System\FaSajOx.exe

C:\Windows\System\FaSajOx.exe

C:\Windows\System\naSvvwn.exe

C:\Windows\System\naSvvwn.exe

C:\Windows\System\vBuGhIk.exe

C:\Windows\System\vBuGhIk.exe

C:\Windows\System\tZGOqTo.exe

C:\Windows\System\tZGOqTo.exe

C:\Windows\System\lRmtuxe.exe

C:\Windows\System\lRmtuxe.exe

C:\Windows\System\GBdYwvW.exe

C:\Windows\System\GBdYwvW.exe

C:\Windows\System\vlgERwq.exe

C:\Windows\System\vlgERwq.exe

C:\Windows\System\ONnaVjf.exe

C:\Windows\System\ONnaVjf.exe

C:\Windows\System\FRxrHdM.exe

C:\Windows\System\FRxrHdM.exe

C:\Windows\System\FloGiLg.exe

C:\Windows\System\FloGiLg.exe

C:\Windows\System\ZGDDKCH.exe

C:\Windows\System\ZGDDKCH.exe

C:\Windows\System\Xsivvmu.exe

C:\Windows\System\Xsivvmu.exe

C:\Windows\System\YdRHQxo.exe

C:\Windows\System\YdRHQxo.exe

C:\Windows\System\PtYalqi.exe

C:\Windows\System\PtYalqi.exe

C:\Windows\System\bHevMXY.exe

C:\Windows\System\bHevMXY.exe

C:\Windows\System\TpzuQDC.exe

C:\Windows\System\TpzuQDC.exe

C:\Windows\System\iteIvhe.exe

C:\Windows\System\iteIvhe.exe

C:\Windows\System\JbHYlOV.exe

C:\Windows\System\JbHYlOV.exe

C:\Windows\System\wbKgjRK.exe

C:\Windows\System\wbKgjRK.exe

C:\Windows\System\PplZJae.exe

C:\Windows\System\PplZJae.exe

C:\Windows\System\rrrQIVJ.exe

C:\Windows\System\rrrQIVJ.exe

C:\Windows\System\imTulEC.exe

C:\Windows\System\imTulEC.exe

C:\Windows\System\eRiamvM.exe

C:\Windows\System\eRiamvM.exe

C:\Windows\System\FUPyaMC.exe

C:\Windows\System\FUPyaMC.exe

C:\Windows\System\yMDWMmB.exe

C:\Windows\System\yMDWMmB.exe

C:\Windows\System\GvMrjaX.exe

C:\Windows\System\GvMrjaX.exe

C:\Windows\System\wzeoqfG.exe

C:\Windows\System\wzeoqfG.exe

C:\Windows\System\mkIzwEI.exe

C:\Windows\System\mkIzwEI.exe

C:\Windows\System\RKlOPTW.exe

C:\Windows\System\RKlOPTW.exe

C:\Windows\System\XbwxvWn.exe

C:\Windows\System\XbwxvWn.exe

C:\Windows\System\PAAvqxI.exe

C:\Windows\System\PAAvqxI.exe

C:\Windows\System\mOtZzMa.exe

C:\Windows\System\mOtZzMa.exe

C:\Windows\System\NNTKSus.exe

C:\Windows\System\NNTKSus.exe

C:\Windows\System\LDKBpBW.exe

C:\Windows\System\LDKBpBW.exe

C:\Windows\System\cMgFXmK.exe

C:\Windows\System\cMgFXmK.exe

C:\Windows\System\NWLYuKT.exe

C:\Windows\System\NWLYuKT.exe

C:\Windows\System\BKRFLnZ.exe

C:\Windows\System\BKRFLnZ.exe

C:\Windows\System\lqZXYpG.exe

C:\Windows\System\lqZXYpG.exe

C:\Windows\System\bjdHjUS.exe

C:\Windows\System\bjdHjUS.exe

C:\Windows\System\uUSupwQ.exe

C:\Windows\System\uUSupwQ.exe

C:\Windows\System\AJJDuKU.exe

C:\Windows\System\AJJDuKU.exe

C:\Windows\System\rXyqapW.exe

C:\Windows\System\rXyqapW.exe

C:\Windows\System\pSJyVAX.exe

C:\Windows\System\pSJyVAX.exe

C:\Windows\System\IERnaCX.exe

C:\Windows\System\IERnaCX.exe

C:\Windows\System\WeUmSef.exe

C:\Windows\System\WeUmSef.exe

C:\Windows\System\eWmzXse.exe

C:\Windows\System\eWmzXse.exe

C:\Windows\System\CpKXBcH.exe

C:\Windows\System\CpKXBcH.exe

C:\Windows\System\edphZzl.exe

C:\Windows\System\edphZzl.exe

C:\Windows\System\rLKDRUC.exe

C:\Windows\System\rLKDRUC.exe

C:\Windows\System\WGCUoTz.exe

C:\Windows\System\WGCUoTz.exe

C:\Windows\System\JsrAJfs.exe

C:\Windows\System\JsrAJfs.exe

C:\Windows\System\VlhnGfJ.exe

C:\Windows\System\VlhnGfJ.exe

C:\Windows\System\PYkEQFT.exe

C:\Windows\System\PYkEQFT.exe

C:\Windows\System\gqRPWPJ.exe

C:\Windows\System\gqRPWPJ.exe

C:\Windows\System\mvymkNv.exe

C:\Windows\System\mvymkNv.exe

C:\Windows\System\EdwPZxO.exe

C:\Windows\System\EdwPZxO.exe

C:\Windows\System\bUvAoiz.exe

C:\Windows\System\bUvAoiz.exe

C:\Windows\System\zmuRCMi.exe

C:\Windows\System\zmuRCMi.exe

C:\Windows\System\EUwXhJQ.exe

C:\Windows\System\EUwXhJQ.exe

C:\Windows\System\lCOmZPO.exe

C:\Windows\System\lCOmZPO.exe

C:\Windows\System\yPkiwcz.exe

C:\Windows\System\yPkiwcz.exe

C:\Windows\System\eZPLLfO.exe

C:\Windows\System\eZPLLfO.exe

C:\Windows\System\pOoHBsB.exe

C:\Windows\System\pOoHBsB.exe

C:\Windows\System\HMsFkFj.exe

C:\Windows\System\HMsFkFj.exe

C:\Windows\System\hDRrqHz.exe

C:\Windows\System\hDRrqHz.exe

C:\Windows\System\YOhbrtL.exe

C:\Windows\System\YOhbrtL.exe

C:\Windows\System\OpGRmuC.exe

C:\Windows\System\OpGRmuC.exe

C:\Windows\System\WaXmpZH.exe

C:\Windows\System\WaXmpZH.exe

C:\Windows\System\Yenpuzk.exe

C:\Windows\System\Yenpuzk.exe

C:\Windows\System\ocIJvKn.exe

C:\Windows\System\ocIJvKn.exe

C:\Windows\System\ASnwtRp.exe

C:\Windows\System\ASnwtRp.exe

C:\Windows\System\qIXwESV.exe

C:\Windows\System\qIXwESV.exe

C:\Windows\System\xcdTZPX.exe

C:\Windows\System\xcdTZPX.exe

C:\Windows\System\NiSZlfI.exe

C:\Windows\System\NiSZlfI.exe

C:\Windows\System\wGNiGqX.exe

C:\Windows\System\wGNiGqX.exe

C:\Windows\System\aFbVyKn.exe

C:\Windows\System\aFbVyKn.exe

C:\Windows\System\ZjPXaOR.exe

C:\Windows\System\ZjPXaOR.exe

C:\Windows\System\eQJrPzr.exe

C:\Windows\System\eQJrPzr.exe

C:\Windows\System\IUzFKXK.exe

C:\Windows\System\IUzFKXK.exe

C:\Windows\System\xeqnZmR.exe

C:\Windows\System\xeqnZmR.exe

C:\Windows\System\gEKIPNK.exe

C:\Windows\System\gEKIPNK.exe

C:\Windows\System\VyoHvVM.exe

C:\Windows\System\VyoHvVM.exe

C:\Windows\System\pznfdzn.exe

C:\Windows\System\pznfdzn.exe

C:\Windows\System\WqVTsdD.exe

C:\Windows\System\WqVTsdD.exe

C:\Windows\System\hVQahNm.exe

C:\Windows\System\hVQahNm.exe

C:\Windows\System\EJYcpbv.exe

C:\Windows\System\EJYcpbv.exe

C:\Windows\System\eEqBjSf.exe

C:\Windows\System\eEqBjSf.exe

C:\Windows\System\BsCEghd.exe

C:\Windows\System\BsCEghd.exe

C:\Windows\System\TxJJRaq.exe

C:\Windows\System\TxJJRaq.exe

C:\Windows\System\ZVLMnPG.exe

C:\Windows\System\ZVLMnPG.exe

C:\Windows\System\OXllwVc.exe

C:\Windows\System\OXllwVc.exe

C:\Windows\System\zCWwgps.exe

C:\Windows\System\zCWwgps.exe

C:\Windows\System\wATPkol.exe

C:\Windows\System\wATPkol.exe

C:\Windows\System\layoPjP.exe

C:\Windows\System\layoPjP.exe

C:\Windows\System\PAncyPv.exe

C:\Windows\System\PAncyPv.exe

C:\Windows\System\ydomEuX.exe

C:\Windows\System\ydomEuX.exe

C:\Windows\System\UEMwDHE.exe

C:\Windows\System\UEMwDHE.exe

C:\Windows\System\UheGbdI.exe

C:\Windows\System\UheGbdI.exe

C:\Windows\System\xNogIaF.exe

C:\Windows\System\xNogIaF.exe

C:\Windows\System\vRFdufk.exe

C:\Windows\System\vRFdufk.exe

C:\Windows\System\qgBEPqD.exe

C:\Windows\System\qgBEPqD.exe

C:\Windows\System\AISptUO.exe

C:\Windows\System\AISptUO.exe

C:\Windows\System\HdgyTTR.exe

C:\Windows\System\HdgyTTR.exe

C:\Windows\System\FgOZtpL.exe

C:\Windows\System\FgOZtpL.exe

C:\Windows\System\oVcrkus.exe

C:\Windows\System\oVcrkus.exe

C:\Windows\System\WTkHlzy.exe

C:\Windows\System\WTkHlzy.exe

C:\Windows\System\llVfrNf.exe

C:\Windows\System\llVfrNf.exe

C:\Windows\System\iFZRFjU.exe

C:\Windows\System\iFZRFjU.exe

C:\Windows\System\sOjymfi.exe

C:\Windows\System\sOjymfi.exe

C:\Windows\System\RfTFajU.exe

C:\Windows\System\RfTFajU.exe

C:\Windows\System\XMlSNDE.exe

C:\Windows\System\XMlSNDE.exe

C:\Windows\System\xwuAIPW.exe

C:\Windows\System\xwuAIPW.exe

C:\Windows\System\LqoZHIl.exe

C:\Windows\System\LqoZHIl.exe

C:\Windows\System\ibfEnKl.exe

C:\Windows\System\ibfEnKl.exe

C:\Windows\System\RKMAbAr.exe

C:\Windows\System\RKMAbAr.exe

C:\Windows\System\ZVadawc.exe

C:\Windows\System\ZVadawc.exe

C:\Windows\System\LqkitiU.exe

C:\Windows\System\LqkitiU.exe

C:\Windows\System\zQUTSLx.exe

C:\Windows\System\zQUTSLx.exe

C:\Windows\System\BKBXZyC.exe

C:\Windows\System\BKBXZyC.exe

C:\Windows\System\gqDlghT.exe

C:\Windows\System\gqDlghT.exe

C:\Windows\System\jimXhUJ.exe

C:\Windows\System\jimXhUJ.exe

C:\Windows\System\IMIBhPl.exe

C:\Windows\System\IMIBhPl.exe

C:\Windows\System\kMNaiGU.exe

C:\Windows\System\kMNaiGU.exe

C:\Windows\System\oALhdSu.exe

C:\Windows\System\oALhdSu.exe

C:\Windows\System\qQXIXJl.exe

C:\Windows\System\qQXIXJl.exe

C:\Windows\System\HRmlrKv.exe

C:\Windows\System\HRmlrKv.exe

C:\Windows\System\BMdBipW.exe

C:\Windows\System\BMdBipW.exe

C:\Windows\System\kqtXIfj.exe

C:\Windows\System\kqtXIfj.exe

C:\Windows\System\dScjyoO.exe

C:\Windows\System\dScjyoO.exe

C:\Windows\System\tbadWxC.exe

C:\Windows\System\tbadWxC.exe

C:\Windows\System\DAaDXVm.exe

C:\Windows\System\DAaDXVm.exe

C:\Windows\System\VkxoWVu.exe

C:\Windows\System\VkxoWVu.exe

C:\Windows\System\IgCbdgL.exe

C:\Windows\System\IgCbdgL.exe

C:\Windows\System\eiHZmUv.exe

C:\Windows\System\eiHZmUv.exe

C:\Windows\System\vNRmFaU.exe

C:\Windows\System\vNRmFaU.exe

C:\Windows\System\JBSbNaN.exe

C:\Windows\System\JBSbNaN.exe

C:\Windows\System\QJsKwRk.exe

C:\Windows\System\QJsKwRk.exe

C:\Windows\System\vnbBHJJ.exe

C:\Windows\System\vnbBHJJ.exe

C:\Windows\System\pIKJKXS.exe

C:\Windows\System\pIKJKXS.exe

C:\Windows\System\iayWEkn.exe

C:\Windows\System\iayWEkn.exe

C:\Windows\System\EqooLla.exe

C:\Windows\System\EqooLla.exe

C:\Windows\System\pibQfYS.exe

C:\Windows\System\pibQfYS.exe

C:\Windows\System\FxLxchF.exe

C:\Windows\System\FxLxchF.exe

C:\Windows\System\qgJjHyl.exe

C:\Windows\System\qgJjHyl.exe

C:\Windows\System\OBxMnOk.exe

C:\Windows\System\OBxMnOk.exe

C:\Windows\System\BJTcoAU.exe

C:\Windows\System\BJTcoAU.exe

C:\Windows\System\ldEXrmj.exe

C:\Windows\System\ldEXrmj.exe

C:\Windows\System\GcLuZtU.exe

C:\Windows\System\GcLuZtU.exe

C:\Windows\System\zETfFXE.exe

C:\Windows\System\zETfFXE.exe

C:\Windows\System\FbtCzzb.exe

C:\Windows\System\FbtCzzb.exe

C:\Windows\System\zXQdPEh.exe

C:\Windows\System\zXQdPEh.exe

C:\Windows\System\wzQZkbL.exe

C:\Windows\System\wzQZkbL.exe

C:\Windows\System\TAwDXrc.exe

C:\Windows\System\TAwDXrc.exe

C:\Windows\System\tPUjrPR.exe

C:\Windows\System\tPUjrPR.exe

C:\Windows\System\TSVhTWD.exe

C:\Windows\System\TSVhTWD.exe

C:\Windows\System\JMtnzhs.exe

C:\Windows\System\JMtnzhs.exe

C:\Windows\System\QXGxtZR.exe

C:\Windows\System\QXGxtZR.exe

C:\Windows\System\XMVOExJ.exe

C:\Windows\System\XMVOExJ.exe

C:\Windows\System\UDwLBwh.exe

C:\Windows\System\UDwLBwh.exe

C:\Windows\System\pOvuadO.exe

C:\Windows\System\pOvuadO.exe

C:\Windows\System\dDWSeRn.exe

C:\Windows\System\dDWSeRn.exe

C:\Windows\System\WkhgYMu.exe

C:\Windows\System\WkhgYMu.exe

C:\Windows\System\GJYCmzK.exe

C:\Windows\System\GJYCmzK.exe

C:\Windows\System\KhMEVKp.exe

C:\Windows\System\KhMEVKp.exe

C:\Windows\System\ZKjBJsa.exe

C:\Windows\System\ZKjBJsa.exe

C:\Windows\System\LVfTHbZ.exe

C:\Windows\System\LVfTHbZ.exe

C:\Windows\System\gkVTixt.exe

C:\Windows\System\gkVTixt.exe

C:\Windows\System\MzBPLfU.exe

C:\Windows\System\MzBPLfU.exe

C:\Windows\System\GosqPzu.exe

C:\Windows\System\GosqPzu.exe

C:\Windows\System\mVPDLST.exe

C:\Windows\System\mVPDLST.exe

C:\Windows\System\oDgLOBh.exe

C:\Windows\System\oDgLOBh.exe

C:\Windows\System\MHbMHGp.exe

C:\Windows\System\MHbMHGp.exe

C:\Windows\System\bzxQQel.exe

C:\Windows\System\bzxQQel.exe

C:\Windows\System\HqNuDXU.exe

C:\Windows\System\HqNuDXU.exe

C:\Windows\System\CsOqIEI.exe

C:\Windows\System\CsOqIEI.exe

C:\Windows\System\UWfyRLC.exe

C:\Windows\System\UWfyRLC.exe

C:\Windows\System\yXZLiRS.exe

C:\Windows\System\yXZLiRS.exe

C:\Windows\System\XYvWeUb.exe

C:\Windows\System\XYvWeUb.exe

C:\Windows\System\RVBXCNH.exe

C:\Windows\System\RVBXCNH.exe

C:\Windows\System\BpdNdQr.exe

C:\Windows\System\BpdNdQr.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\Windows\System\uoxibZS.exe

MD5 6d1449137362116f100d90d2934c55fb
SHA1 594e527c088c0ecbad730c4d274ab341c128d1b4
SHA256 db1e36162cf5cff157f3a4e3ef7c4bd964727eebf4b0667163e2e2d74fe03f33
SHA512 727a049e2be376475aeaef52bf142cedef3f6ebc60c3f45bf83de3be9ddf4f283026bce5b5a948dafb7916208f166155d3760ffaa59249efc9fdba6f661e8a4a

C:\Windows\System\PqyZsbI.exe

MD5 d7e9b04df2e4e40272c92c6b79e223ef
SHA1 60b5dd70ec62e4d05dd0c5f7139a305d91c0efd5
SHA256 017efd8082f66fbb54d3ed74dc03e4f49f0f651cb3415b98913a7f9b2f33b594
SHA512 5e8c77e574bb5c059ef0b44d459d9872ee3f01f302ac835e3902a6a94e33e369418548e9fe81530d2072a0e4c261d8c8bd80c792547881e0c8f7fb35893c5760

C:\Windows\System\DaKmwxe.exe

MD5 efd6a8841670a5e68fefc233f4de503c
SHA1 8f140951f5d42d42e9aa70e60fab49f2402e378d
SHA256 6a3fd275f9f3443a8f41770f568131e6ee8b982059f8b134aabc89bc78db6c4f
SHA512 b4944ac4a3514b910a3e264c61653b15927b47e99650d50b1340e746f497c74aab45dc5f66f8d96863711b0bf1586b8ae187aaa140617621a9f5984d4900c4c9

C:\Windows\System\lVVSuPR.exe

MD5 57800e8867854e486ee54b2df27c2adf
SHA1 1d89e80d289fafca5473ca5f897ce57b6360616b
SHA256 821a5dec11c2e8d4a4d258602fc4aae1436d0075ab195b05a5a2d1f64564802f
SHA512 9ea78527b75af4760cc7b45c4e702316658a57b80b2c3b5bf2946b98c12d49251b4c7920fe5b24f6f02e052d5e04d26413992fad5c128f726fbde215da4b7ad6

C:\Windows\System\DrpYvsC.exe

MD5 f6fc3ca54fd9d68a4b166ac2fec1e519
SHA1 76e03cddc2768c8143102e0e5f5d2bc77a4ae46a
SHA256 3116c0a006ab32d0659b7067c98f666e1c51d391f4a492a975314b035c97dbd8
SHA512 acd8c6817e860658ac5a4eefce5f43d3bf112edb2fb9e7cf167c356c0b938a5a2816b4a68a8a8361ffe460d0cdf99118362d551ac9f06cac25e956b74f50724c

C:\Windows\System\vlgERwq.exe

MD5 81a44ef86630a779cb80d97a7d0fad7d
SHA1 60d7c3695da09d220d813cbdf6c3eef25b8b9874
SHA256 d81728808853766fb2afa08a335303bd845cebe2001b25d52469127541bfe0a5
SHA512 e4be07dc9c410c421a79400b302a4c8c0a679631da4ad2cdb71212a380f618a1017509b13b6141f731d6ad60fac3d7f1bdd0168d3986309d07fbe152f293333f

C:\Windows\System\ONnaVjf.exe

MD5 79040511f12dbcb7a757d7221b3b2b0f
SHA1 ca9cacf71c808915cc1827b0980937cff31987e8
SHA256 9859ddf5c6feb037a304545cffb445cc5486371673b17dd377fb8a6a38f6cebf
SHA512 6e05faf44fc1f084aea3c245a66e1ae4d57cfd0e32a6cc6ce2ef22225efc96b4e36d44248007b39e3c629dcb339920edea3ea08d52486e94c1d59dbc22e3bb54

C:\Windows\System\vBuGhIk.exe

MD5 825b767860e6418c658d7fa02ca944b8
SHA1 4b83173104ffb476369907d5d52fb6e359d0e43f
SHA256 7ea8b53c755175f4f1241d7685f1d8edac29278c956dd51db25c90b539d8d858
SHA512 4df58f06bd8287a060f1fa8b8b752bfd6c54c95aadb690b37a492684cdf024d92cf66d2fc5110ce6c821fcd8a78ccf0d6f0a3d70ab7822f28c7c74b054439a7a

C:\Windows\System\naSvvwn.exe

MD5 205abdc2e4b0c1e9d6467c5b412ddf84
SHA1 6da2b53dccdb4b22c20bbf9ba42f3894b5cff87b
SHA256 b6a6641a650dbc96b948c4a6249cb456966e396b531064dfb6f1a78f4dbf56cb
SHA512 fb9598e7a16fdba60277b70fb69e827dbf5e2e5d533f79b323adb3ce0edb37fff9896a324dba4432f8e9e374e8f62c1f001b0ff59b184a3f1641420b9fbf46cd

C:\Windows\System\FaSajOx.exe

MD5 9bdf5febb1bd809222ff239c7c6e4750
SHA1 3ef1b6c98898dc35e810acf2a9f802e50d6f8ad9
SHA256 fa5280a5321d34301e93b3d70e072d242b7a5d726919f01a1405c3a22ed72358
SHA512 65735060d9a4494bc606a30e3e7deb4b0f969189c4f56c04e48d7c7f0058c39c96d009be4b2e86ca8557e351800f3c737f326a87457b8fcaf66914c359773725

C:\Windows\System\tojSOzJ.exe

MD5 afcfd969ce1c1eeba91ddadb15b47927
SHA1 68348d1a75bdf6335cc1fe1a4234cd0d9ccedae6
SHA256 4f937e1eaa72af8f16ab8b934c5d9eafb95f8b5c625b098d9f5714c8ae708999
SHA512 98ea227123ebf3cd14bbe7e47406f7abf8eefbefe604dcda010ecc32337401313827fb3bbfd9a5887c9f0ad77278c6362fb3778c8e02fb423b01bdf435968545

C:\Windows\System\GBdYwvW.exe

MD5 4738eca794f6987e9e7c49ec10c8fc81
SHA1 31e7b303bb062e1cfbf9128a5bbd29182cdb2390
SHA256 8a7b8f106c66da0a2f5bb61b08bee79095bb5ca2d67f2be8c84a045966ce8b5f
SHA512 51a85a3f9b15279a09b3459f1b006c11e89f0bdb54b6c6080f8bf8af264e17b0f69595d1f14033b819c1e9567b5f8381c0ea5bb872400f7561b9a1f082d2b894

C:\Windows\System\lRmtuxe.exe

MD5 dddb7aed6605080b5822c6547d1dfee8
SHA1 0840c11ee730bab4c48fb418d1d48b2555bca7ba
SHA256 ebaaa81dc33a1dae95c0ad529a02c72fe52a4b3238c6c6f77b9c9d27861aed5a
SHA512 8b7b24c81cc47f04ebd11326bf89299c976de0e9595f47399f345236917b4b1f4ff5b076873cd23862c3b72f52d10ca1f33cdfb55ea6b64100c77c64995743d2

C:\Windows\System\tZGOqTo.exe

MD5 3f79bcfd51160919423fbd2b467ce47a
SHA1 c8db5e1f499d02d3a74e1c58854041ac003ab745
SHA256 9dec5921682099183130795e1ffd6290b61b44c0c3d0c99fd97a9fc384458eb9
SHA512 3633cd01208af5f7d03002ca2c04df037565c6219d8f7f2a8148668c87ccabcc630ff7296570f9b9fe8f9d2f8dd3b39f7b4902ffb893526e6b2b78e94c0d9ef4

C:\Windows\System\SuPqqJZ.exe

MD5 72745a68cdb4162001feda25e264a617
SHA1 42487e465384565df120091fdf01c9385d000072
SHA256 7fb174fa69a92dc2bedc0e52a706935b2f6104ee7a1d2832bf2d0fe2f2c019ad
SHA512 a532a5524f55b1d25efe6b43248c4cefc4a463f73de4b6819859d0feb56216239723172f45e64b5543e117c957db0976bf2f21b23f25c97e6c3ba91ee10a1ad7

C:\Windows\System\owIacVe.exe

MD5 dd81a70e9f4806dd1b4ca9ce7b8530aa
SHA1 18bc5119177d375be2dd3dbfebe0bfb503c9d526
SHA256 3c154e6cea8407c335551257cb4ca56d0a08b3d70308a0397f05888cfc302463
SHA512 f99ce572dcec38f62831f47f1d1647124ddc61c141ca7ea2a30877f0331f05fb1881b33abf8454f61d12c35005664adb33a1418351c4544d5934e1f7d29a6236

C:\Windows\System\assDJTe.exe

MD5 526ea9f6915afa2ef4b5bc10eeb32dd0
SHA1 c1eed7df02f9e38f35d40d832ad2aefd42400c62
SHA256 e93d48f08a683c1fe59f8b15c1c511567c1c2bf2ac543f5b1c494f6295610568
SHA512 6330ddbc1987d19ddc938e697635c3fa47e9ff5c142f4834017e74687ec858b02996a4f6180ad7c704fe0f5013347abcd44f3a97618d50f01efc830a197f7fda

C:\Windows\System\kDjAmMm.exe

MD5 26171a1b777c53c70e1b1a0d5d7c4b7b
SHA1 e40b44a246a2f7d66dda5366f03a5dafb9287cc8
SHA256 5b11224f81817efab6f92c0b07505926d0195b934ecd195baab86681f83b00a6
SHA512 4d0b13a4c6037fc34e7a9d7e55e76085645ff65967299bbb5d02608e975670e016066f04f24d0dd3c13205e0a48ceebae8661e68c15b7172089791abdc2b9893

C:\Windows\System\nQiSlsH.exe

MD5 ba68108312f1e0ff43151ee2af615e0e
SHA1 182ff50f01da232ec420831e022cb55b0926456c
SHA256 f64b7db29f2418e8192865ae4405fcfe6b06d2ac59007719a66ebe341463dfa9
SHA512 0def5260f244726c50c35467fc04e100d4695d107f9a38c1f3fb562aadec3f689b2c7f60e94a1fb4ac31bd0ec490bf71c1ee0790b28982a9e5ae01df9fc2c2a8

C:\Windows\System\ytgmjMc.exe

MD5 bd1b75d93e9114c0d1931901f76d2890
SHA1 d8ffdb78bb7de5b0447f87dfd094bcdfac3d6d76
SHA256 a0de520c202ea68ce5b468bfb843bde555e70692f45251f0f38d1b4b7064f667
SHA512 fe28a1191765c4fbec1aa67c203c40bf41998a2ca1746126904406c1a32133e8619aaffcd7b213caf71f8b88a8b6c0faafce5aae340e6b4cfcc594f6879ae207

C:\Windows\System\TuCtzWo.exe

MD5 a554d8669df3f707d55a68edf22192f7
SHA1 c62e350be7cc40256bbe0d9a79b174547ee39099
SHA256 c7ad64e6e8f23766e5b2bb7d5eb8181fd0dff4b0b9ce055f97a64ff72310028c
SHA512 6dc48f6b01605c46abfaca7695da3a93564c20b9a4e1089f564b6ede5e85bd8d02d66301b8e891ab9b874b7bd4e0adfaa09d2b70fa22f92274bd1daf0f163e98

C:\Windows\System\DqaypEy.exe

MD5 5b67281ed566f02cb65f8a5c7182f47f
SHA1 7fa968cf79ef0b891998bc5ef5a77bf771514291
SHA256 ef1882700ca9de36cd67c352c135a7b43f4c1bcf3f2478ca9437d3b6d7599188
SHA512 58422d263e694d4b541298807be5d70c7f691d5c732dad9b63fe894dd20713d7dd97651a2d53d169ae0662f391f3e5779bf192113d8e8ae5b39cd2d32af32978

C:\Windows\System\IWhhnWV.exe

MD5 728d087b35212db09d406b9962a848a8
SHA1 52fa50b861dd15d2af39fd4dccc0863110c7a0f5
SHA256 de43996910bd42e43d6b8f2cc7b3f886b61e554257b7de52b747edc27854f11a
SHA512 6be599ff6fa825ce1f0c3cf786e220164a37b313de382764695a225ce1c736d431cde2a58e45421fbd546bb4150d2064abbb234d76261056b6bd008b328cf194

C:\Windows\System\qqWSvqF.exe

MD5 0b37d5d6e3b95d001d061ff92026bdb6
SHA1 ff4bce5c064faea1ea5902fa278af8708337778f
SHA256 370dcfa56fff64b62ec4319a8b80fd091ce9b544096c105b7e1756fc6faed64c
SHA512 b82fbf53f9acf2be1d0b3b88b87edaf60a097c32d6bacf42146ce5400f9a28cadfbc6d55650768e526ed1a32c3e6d95c5fc8bcba03ebc4aec4ee8b43c52f338b

C:\Windows\System\GMNMlAZ.exe

MD5 cec73ec949625296308ee3c2f715cebd
SHA1 05ee0e1e958eebf26ec135868bfa78e4f62e6016
SHA256 b93e3f8981d285f8dbe697f57f37762655d4a9676be059d10a9a467fd2f175f5
SHA512 3179e8cd1ecffe039ffd34340285b5cc3f46b9dd594df598eacfe4b75fa48bec4490847b25f6fff14ac4e1e7ae3b39b7ee64919a0d554cda2016faedd3c2d958

C:\Windows\System\SuuyYUr.exe

MD5 1c706b9a8a59f14d06d095b6c5f63b4b
SHA1 9fb2d4e6d29e2cd65626b640a865ab20d6634635
SHA256 1364ca8bc69bf165571314f0b8d4653f6945f032c34dd1145b953df5d2c65b97
SHA512 937efd62f169c04b0cef93ad0a3f5c7a15a81ff05de2cf10e79d89f9ad5c21d3884468ebb804b44533e35d1d65d8e5d70ba8892556c8652f699892ee4876928a

memory/2216-0-0x000001EAA5430000-0x000001EAA5440000-memory.dmp

C:\Windows\System\FloGiLg.exe

MD5 673e020be84041a4d227d06ee15d5959
SHA1 5bb18b1724d35398828c800a9385b7b7d013fb0b
SHA256 13d1b03a320402f0f2a4d293a0d2ea5b5aa1aeb7d31238826c545031a68e44aa
SHA512 29b7de19fb8de3e22d89be0d3ffaf7a0e4bfd857ad356a3053442d7046ff7eedcaa62ef2edb24572324469abc1ed4fb32174c4e1326e01115d9811bcc79eb95d

C:\Windows\System\ZGDDKCH.exe

MD5 64529dc187e513d5eb78480a4debf6f9
SHA1 36efb3b1a893b2d414b29a919e41ad5fb19f1f32
SHA256 1a98f51360a8f39907c7265162679dd1f159c2773199a97226757e2b3c265f0b
SHA512 a40f2a605de120a87f699a8418ee6184efa351f831adf6c0485e45e99cbb17ec335fe087d9807061605ae4bf1dad5346ae93ae98f3b49a85dc625341247313d3

C:\Windows\System\PtYalqi.exe

MD5 16cb63f3b5901668202938ef7088f779
SHA1 b5789f183c5ee1c8d175237abf16565cfda184c8
SHA256 cbe1259997ce2b65231e0ea4e657b651d4d17721f8591c7836638738ad94528c
SHA512 57f252c0f36ca4181c71da84ef3151656c693a07546f431ae2df86bb6da4b39b58565bae0e16a602a07c54ecaea3e3b92dee2b7026f707170955b37e678e7466

C:\Windows\System\Xsivvmu.exe

MD5 be69892ae94e6021042f9acd9e5efb30
SHA1 59c3921d7bb1f512301b1d5129dda47e2500eff4
SHA256 92a4fdc65ad2d0139c8e804874e47288eaf2ef9cc598277c2ecf852e71004e93
SHA512 f83f876509239347dd5c6fdb59eea78cdaed4b8ac91ce13599ea78026cccc3b30ca24044df5b8f64169c2f92a59c4cb409213c740bc0e9046fcdf072569eac68

C:\Windows\System\YdRHQxo.exe

MD5 a7f02d761f583d4c843f0cfa6ebe9685
SHA1 6f9cd16f9fdeee9645bf908a5331ed44d225e381
SHA256 6a94f4dc552237514b762fe2df012be8e6c0aa6d9fd05d5daf06540c45eaf843
SHA512 9401292f3b4458d8af811bbbcab3fe42ed32bbadc1f3efdc79006791eaeb6a2df670bceb6a059f5fa594d280d24e14c56c5e8df44445275599fb5226c58b0dac

C:\Windows\System\FRxrHdM.exe

MD5 733a241e44c1239c63c4785bb8bb06b2
SHA1 3502cf61da9bda50c76159e3d2e0fa37dca65f52
SHA256 f1269cedc3fe3b5b3e72864827998c4da04feac52305ccddaf3fd2f6a95ae1ce
SHA512 7c7079ffd48f106761c4488b61e74c6dcc30c863b4b9211c352929222b79f7ef8c69f98f5a12ff868a2c7299f2afdf501413dfd3f420f0a00a3e4734319f5bd6

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-23 21:56

Reported

2024-05-23 21:59

Platform

win7-20240508-en

Max time kernel

136s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\MhyfvbG.exe N/A
N/A N/A C:\Windows\System\NWJiWGo.exe N/A
N/A N/A C:\Windows\System\wcDCKfS.exe N/A
N/A N/A C:\Windows\System\iiGpFna.exe N/A
N/A N/A C:\Windows\System\jgEjBUS.exe N/A
N/A N/A C:\Windows\System\zPRONpa.exe N/A
N/A N/A C:\Windows\System\pInUDzL.exe N/A
N/A N/A C:\Windows\System\KLnmukf.exe N/A
N/A N/A C:\Windows\System\hAdgifN.exe N/A
N/A N/A C:\Windows\System\nsbcgOi.exe N/A
N/A N/A C:\Windows\System\FNUoJWm.exe N/A
N/A N/A C:\Windows\System\vQrlRbh.exe N/A
N/A N/A C:\Windows\System\XuDcytO.exe N/A
N/A N/A C:\Windows\System\WZhuwRt.exe N/A
N/A N/A C:\Windows\System\qrufesS.exe N/A
N/A N/A C:\Windows\System\loMIZaF.exe N/A
N/A N/A C:\Windows\System\kkvQyLO.exe N/A
N/A N/A C:\Windows\System\yvaKyBq.exe N/A
N/A N/A C:\Windows\System\aTRJuUP.exe N/A
N/A N/A C:\Windows\System\JyCoCDd.exe N/A
N/A N/A C:\Windows\System\hOeUSmv.exe N/A
N/A N/A C:\Windows\System\NucXOaL.exe N/A
N/A N/A C:\Windows\System\hvPQlDM.exe N/A
N/A N/A C:\Windows\System\BHYYLtK.exe N/A
N/A N/A C:\Windows\System\UPSPBQU.exe N/A
N/A N/A C:\Windows\System\VmGwOSE.exe N/A
N/A N/A C:\Windows\System\HhGslIB.exe N/A
N/A N/A C:\Windows\System\SHEHdVQ.exe N/A
N/A N/A C:\Windows\System\VAtijGi.exe N/A
N/A N/A C:\Windows\System\VipZgFH.exe N/A
N/A N/A C:\Windows\System\cSibmBE.exe N/A
N/A N/A C:\Windows\System\kRYLpHO.exe N/A
N/A N/A C:\Windows\System\qvooUtz.exe N/A
N/A N/A C:\Windows\System\yTHYRPs.exe N/A
N/A N/A C:\Windows\System\pTowBjL.exe N/A
N/A N/A C:\Windows\System\sYQwzRw.exe N/A
N/A N/A C:\Windows\System\PaKYqic.exe N/A
N/A N/A C:\Windows\System\rrikvcp.exe N/A
N/A N/A C:\Windows\System\QJmHuBP.exe N/A
N/A N/A C:\Windows\System\sMDDqgv.exe N/A
N/A N/A C:\Windows\System\xDFUkzE.exe N/A
N/A N/A C:\Windows\System\xXunldS.exe N/A
N/A N/A C:\Windows\System\SVbpcZa.exe N/A
N/A N/A C:\Windows\System\KzfCeqh.exe N/A
N/A N/A C:\Windows\System\VNxtKCy.exe N/A
N/A N/A C:\Windows\System\EcbBjjl.exe N/A
N/A N/A C:\Windows\System\anNvYVR.exe N/A
N/A N/A C:\Windows\System\TbrEqdx.exe N/A
N/A N/A C:\Windows\System\eVQfMsy.exe N/A
N/A N/A C:\Windows\System\MMmJilI.exe N/A
N/A N/A C:\Windows\System\RSiBCVO.exe N/A
N/A N/A C:\Windows\System\OwgqFdK.exe N/A
N/A N/A C:\Windows\System\MNOYcBG.exe N/A
N/A N/A C:\Windows\System\UFBXcMh.exe N/A
N/A N/A C:\Windows\System\glKBEXL.exe N/A
N/A N/A C:\Windows\System\zzLGkEY.exe N/A
N/A N/A C:\Windows\System\WRrzmHv.exe N/A
N/A N/A C:\Windows\System\esCEaBw.exe N/A
N/A N/A C:\Windows\System\PdyOrkl.exe N/A
N/A N/A C:\Windows\System\CVyqVAg.exe N/A
N/A N/A C:\Windows\System\XPVrZHz.exe N/A
N/A N/A C:\Windows\System\nqXtDBx.exe N/A
N/A N/A C:\Windows\System\PhInxRp.exe N/A
N/A N/A C:\Windows\System\mJVWPwA.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\VmGwOSE.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMmJilI.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkXoUzR.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MhyfvbG.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nsbcgOi.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pTowBjL.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PaKYqic.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yATDQlb.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\krJoYvU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZAIRSgb.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzLGkEY.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\khrEpJO.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVQfMsy.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NmYcPZD.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAPLixr.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eSBOkce.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yvaKyBq.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cSibmBE.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJlgZak.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VipZgFH.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SwOXLhB.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xlXAZcY.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EcbBjjl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdyOrkl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CVyqVAg.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oIwZpLr.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WZhuwRt.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSiBCVO.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LvNQSDm.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUJxTvE.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dotwjtl.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\STMNJLn.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYWPBAS.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPSPBQU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRrzmHv.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPVrZHz.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOyHvGn.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RpyJyar.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svFsISB.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vHabIrt.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gOfJXck.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\arJFJbW.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qrufesS.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Vsopeod.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rvpYBIJ.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAVkKkU.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zVuePYq.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lbYomBt.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqXtDBx.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXWGQFg.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCQfNCM.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwTetGt.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SRlONwH.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJVWPwA.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\meKSBjQ.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\loMIZaF.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KPSwWMK.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jgEjBUS.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQrlRbh.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VeikgLB.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YGhYXAC.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rfBYbft.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNUoJWm.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
File created C:\Windows\System\csNfzdG.exe C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1276 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\MhyfvbG.exe
PID 1276 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\MhyfvbG.exe
PID 1276 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\MhyfvbG.exe
PID 1276 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\NWJiWGo.exe
PID 1276 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\NWJiWGo.exe
PID 1276 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\NWJiWGo.exe
PID 1276 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\wcDCKfS.exe
PID 1276 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\wcDCKfS.exe
PID 1276 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\wcDCKfS.exe
PID 1276 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\iiGpFna.exe
PID 1276 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\iiGpFna.exe
PID 1276 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\iiGpFna.exe
PID 1276 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\jgEjBUS.exe
PID 1276 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\jgEjBUS.exe
PID 1276 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\jgEjBUS.exe
PID 1276 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\zPRONpa.exe
PID 1276 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\zPRONpa.exe
PID 1276 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\zPRONpa.exe
PID 1276 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\pInUDzL.exe
PID 1276 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\pInUDzL.exe
PID 1276 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\pInUDzL.exe
PID 1276 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\KLnmukf.exe
PID 1276 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\KLnmukf.exe
PID 1276 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\KLnmukf.exe
PID 1276 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hAdgifN.exe
PID 1276 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hAdgifN.exe
PID 1276 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hAdgifN.exe
PID 1276 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\nsbcgOi.exe
PID 1276 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\nsbcgOi.exe
PID 1276 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\nsbcgOi.exe
PID 1276 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FNUoJWm.exe
PID 1276 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FNUoJWm.exe
PID 1276 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\FNUoJWm.exe
PID 1276 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vQrlRbh.exe
PID 1276 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vQrlRbh.exe
PID 1276 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\vQrlRbh.exe
PID 1276 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\XuDcytO.exe
PID 1276 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\XuDcytO.exe
PID 1276 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\XuDcytO.exe
PID 1276 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\WZhuwRt.exe
PID 1276 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\WZhuwRt.exe
PID 1276 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\WZhuwRt.exe
PID 1276 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\qrufesS.exe
PID 1276 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\qrufesS.exe
PID 1276 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\qrufesS.exe
PID 1276 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\loMIZaF.exe
PID 1276 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\loMIZaF.exe
PID 1276 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\loMIZaF.exe
PID 1276 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\kkvQyLO.exe
PID 1276 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\kkvQyLO.exe
PID 1276 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\kkvQyLO.exe
PID 1276 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\yvaKyBq.exe
PID 1276 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\yvaKyBq.exe
PID 1276 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\yvaKyBq.exe
PID 1276 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\aTRJuUP.exe
PID 1276 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\aTRJuUP.exe
PID 1276 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\aTRJuUP.exe
PID 1276 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\JyCoCDd.exe
PID 1276 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\JyCoCDd.exe
PID 1276 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\JyCoCDd.exe
PID 1276 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hOeUSmv.exe
PID 1276 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hOeUSmv.exe
PID 1276 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\hOeUSmv.exe
PID 1276 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe C:\Windows\System\NucXOaL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9334ed4786090568206fb639612ed1d0_NeikiAnalytics.exe"

C:\Windows\System\MhyfvbG.exe

C:\Windows\System\MhyfvbG.exe

C:\Windows\System\NWJiWGo.exe

C:\Windows\System\NWJiWGo.exe

C:\Windows\System\wcDCKfS.exe

C:\Windows\System\wcDCKfS.exe

C:\Windows\System\iiGpFna.exe

C:\Windows\System\iiGpFna.exe

C:\Windows\System\jgEjBUS.exe

C:\Windows\System\jgEjBUS.exe

C:\Windows\System\zPRONpa.exe

C:\Windows\System\zPRONpa.exe

C:\Windows\System\pInUDzL.exe

C:\Windows\System\pInUDzL.exe

C:\Windows\System\KLnmukf.exe

C:\Windows\System\KLnmukf.exe

C:\Windows\System\hAdgifN.exe

C:\Windows\System\hAdgifN.exe

C:\Windows\System\nsbcgOi.exe

C:\Windows\System\nsbcgOi.exe

C:\Windows\System\FNUoJWm.exe

C:\Windows\System\FNUoJWm.exe

C:\Windows\System\vQrlRbh.exe

C:\Windows\System\vQrlRbh.exe

C:\Windows\System\XuDcytO.exe

C:\Windows\System\XuDcytO.exe

C:\Windows\System\WZhuwRt.exe

C:\Windows\System\WZhuwRt.exe

C:\Windows\System\qrufesS.exe

C:\Windows\System\qrufesS.exe

C:\Windows\System\loMIZaF.exe

C:\Windows\System\loMIZaF.exe

C:\Windows\System\kkvQyLO.exe

C:\Windows\System\kkvQyLO.exe

C:\Windows\System\yvaKyBq.exe

C:\Windows\System\yvaKyBq.exe

C:\Windows\System\aTRJuUP.exe

C:\Windows\System\aTRJuUP.exe

C:\Windows\System\JyCoCDd.exe

C:\Windows\System\JyCoCDd.exe

C:\Windows\System\hOeUSmv.exe

C:\Windows\System\hOeUSmv.exe

C:\Windows\System\NucXOaL.exe

C:\Windows\System\NucXOaL.exe

C:\Windows\System\hvPQlDM.exe

C:\Windows\System\hvPQlDM.exe

C:\Windows\System\BHYYLtK.exe

C:\Windows\System\BHYYLtK.exe

C:\Windows\System\UPSPBQU.exe

C:\Windows\System\UPSPBQU.exe

C:\Windows\System\VmGwOSE.exe

C:\Windows\System\VmGwOSE.exe

C:\Windows\System\HhGslIB.exe

C:\Windows\System\HhGslIB.exe

C:\Windows\System\SHEHdVQ.exe

C:\Windows\System\SHEHdVQ.exe

C:\Windows\System\VAtijGi.exe

C:\Windows\System\VAtijGi.exe

C:\Windows\System\VipZgFH.exe

C:\Windows\System\VipZgFH.exe

C:\Windows\System\cSibmBE.exe

C:\Windows\System\cSibmBE.exe

C:\Windows\System\kRYLpHO.exe

C:\Windows\System\kRYLpHO.exe

C:\Windows\System\qvooUtz.exe

C:\Windows\System\qvooUtz.exe

C:\Windows\System\yTHYRPs.exe

C:\Windows\System\yTHYRPs.exe

C:\Windows\System\pTowBjL.exe

C:\Windows\System\pTowBjL.exe

C:\Windows\System\sYQwzRw.exe

C:\Windows\System\sYQwzRw.exe

C:\Windows\System\PaKYqic.exe

C:\Windows\System\PaKYqic.exe

C:\Windows\System\rrikvcp.exe

C:\Windows\System\rrikvcp.exe

C:\Windows\System\QJmHuBP.exe

C:\Windows\System\QJmHuBP.exe

C:\Windows\System\sMDDqgv.exe

C:\Windows\System\sMDDqgv.exe

C:\Windows\System\xDFUkzE.exe

C:\Windows\System\xDFUkzE.exe

C:\Windows\System\xXunldS.exe

C:\Windows\System\xXunldS.exe

C:\Windows\System\SVbpcZa.exe

C:\Windows\System\SVbpcZa.exe

C:\Windows\System\KzfCeqh.exe

C:\Windows\System\KzfCeqh.exe

C:\Windows\System\VNxtKCy.exe

C:\Windows\System\VNxtKCy.exe

C:\Windows\System\EcbBjjl.exe

C:\Windows\System\EcbBjjl.exe

C:\Windows\System\anNvYVR.exe

C:\Windows\System\anNvYVR.exe

C:\Windows\System\TbrEqdx.exe

C:\Windows\System\TbrEqdx.exe

C:\Windows\System\eVQfMsy.exe

C:\Windows\System\eVQfMsy.exe

C:\Windows\System\MMmJilI.exe

C:\Windows\System\MMmJilI.exe

C:\Windows\System\RSiBCVO.exe

C:\Windows\System\RSiBCVO.exe

C:\Windows\System\OwgqFdK.exe

C:\Windows\System\OwgqFdK.exe

C:\Windows\System\MNOYcBG.exe

C:\Windows\System\MNOYcBG.exe

C:\Windows\System\UFBXcMh.exe

C:\Windows\System\UFBXcMh.exe

C:\Windows\System\glKBEXL.exe

C:\Windows\System\glKBEXL.exe

C:\Windows\System\zzLGkEY.exe

C:\Windows\System\zzLGkEY.exe

C:\Windows\System\WRrzmHv.exe

C:\Windows\System\WRrzmHv.exe

C:\Windows\System\esCEaBw.exe

C:\Windows\System\esCEaBw.exe

C:\Windows\System\PdyOrkl.exe

C:\Windows\System\PdyOrkl.exe

C:\Windows\System\CVyqVAg.exe

C:\Windows\System\CVyqVAg.exe

C:\Windows\System\XPVrZHz.exe

C:\Windows\System\XPVrZHz.exe

C:\Windows\System\nqXtDBx.exe

C:\Windows\System\nqXtDBx.exe

C:\Windows\System\PhInxRp.exe

C:\Windows\System\PhInxRp.exe

C:\Windows\System\mJVWPwA.exe

C:\Windows\System\mJVWPwA.exe

C:\Windows\System\kYJSiry.exe

C:\Windows\System\kYJSiry.exe

C:\Windows\System\lkXoUzR.exe

C:\Windows\System\lkXoUzR.exe

C:\Windows\System\gOfJXck.exe

C:\Windows\System\gOfJXck.exe

C:\Windows\System\wtaYqmT.exe

C:\Windows\System\wtaYqmT.exe

C:\Windows\System\LvNQSDm.exe

C:\Windows\System\LvNQSDm.exe

C:\Windows\System\uKPMGTF.exe

C:\Windows\System\uKPMGTF.exe

C:\Windows\System\mMIIWOY.exe

C:\Windows\System\mMIIWOY.exe

C:\Windows\System\BPXBzmB.exe

C:\Windows\System\BPXBzmB.exe

C:\Windows\System\yitfEuo.exe

C:\Windows\System\yitfEuo.exe

C:\Windows\System\KtcBSpX.exe

C:\Windows\System\KtcBSpX.exe

C:\Windows\System\YbLDOsx.exe

C:\Windows\System\YbLDOsx.exe

C:\Windows\System\vHabIrt.exe

C:\Windows\System\vHabIrt.exe

C:\Windows\System\BYlEmQz.exe

C:\Windows\System\BYlEmQz.exe

C:\Windows\System\uOyHvGn.exe

C:\Windows\System\uOyHvGn.exe

C:\Windows\System\LAVkKkU.exe

C:\Windows\System\LAVkKkU.exe

C:\Windows\System\ZuUEkSf.exe

C:\Windows\System\ZuUEkSf.exe

C:\Windows\System\APzmsbV.exe

C:\Windows\System\APzmsbV.exe

C:\Windows\System\VeikgLB.exe

C:\Windows\System\VeikgLB.exe

C:\Windows\System\jDithQn.exe

C:\Windows\System\jDithQn.exe

C:\Windows\System\NmYcPZD.exe

C:\Windows\System\NmYcPZD.exe

C:\Windows\System\acJAHlq.exe

C:\Windows\System\acJAHlq.exe

C:\Windows\System\khrEpJO.exe

C:\Windows\System\khrEpJO.exe

C:\Windows\System\rfBYbft.exe

C:\Windows\System\rfBYbft.exe

C:\Windows\System\DLnKZQW.exe

C:\Windows\System\DLnKZQW.exe

C:\Windows\System\SubbzUr.exe

C:\Windows\System\SubbzUr.exe

C:\Windows\System\HxLFCDn.exe

C:\Windows\System\HxLFCDn.exe

C:\Windows\System\ZlJMvkq.exe

C:\Windows\System\ZlJMvkq.exe

C:\Windows\System\jTsJcuf.exe

C:\Windows\System\jTsJcuf.exe

C:\Windows\System\tfONwOn.exe

C:\Windows\System\tfONwOn.exe

C:\Windows\System\rMQPCzJ.exe

C:\Windows\System\rMQPCzJ.exe

C:\Windows\System\pLZUYtQ.exe

C:\Windows\System\pLZUYtQ.exe

C:\Windows\System\FHjWgXF.exe

C:\Windows\System\FHjWgXF.exe

C:\Windows\System\YwunqYj.exe

C:\Windows\System\YwunqYj.exe

C:\Windows\System\pMEjfrz.exe

C:\Windows\System\pMEjfrz.exe

C:\Windows\System\ZbjAFEh.exe

C:\Windows\System\ZbjAFEh.exe

C:\Windows\System\QVKMnzZ.exe

C:\Windows\System\QVKMnzZ.exe

C:\Windows\System\gasJNbm.exe

C:\Windows\System\gasJNbm.exe

C:\Windows\System\IcHbLlM.exe

C:\Windows\System\IcHbLlM.exe

C:\Windows\System\Vsopeod.exe

C:\Windows\System\Vsopeod.exe

C:\Windows\System\OnXDLWO.exe

C:\Windows\System\OnXDLWO.exe

C:\Windows\System\bUJxTvE.exe

C:\Windows\System\bUJxTvE.exe

C:\Windows\System\lFUvJGJ.exe

C:\Windows\System\lFUvJGJ.exe

C:\Windows\System\aAPLixr.exe

C:\Windows\System\aAPLixr.exe

C:\Windows\System\xxSxfza.exe

C:\Windows\System\xxSxfza.exe

C:\Windows\System\mymmiNb.exe

C:\Windows\System\mymmiNb.exe

C:\Windows\System\kEFhXJk.exe

C:\Windows\System\kEFhXJk.exe

C:\Windows\System\RlulPnD.exe

C:\Windows\System\RlulPnD.exe

C:\Windows\System\YGhYXAC.exe

C:\Windows\System\YGhYXAC.exe

C:\Windows\System\QOnydoA.exe

C:\Windows\System\QOnydoA.exe

C:\Windows\System\lJlgZak.exe

C:\Windows\System\lJlgZak.exe

C:\Windows\System\ZtaKqVH.exe

C:\Windows\System\ZtaKqVH.exe

C:\Windows\System\lCQfNCM.exe

C:\Windows\System\lCQfNCM.exe

C:\Windows\System\zIaLLWg.exe

C:\Windows\System\zIaLLWg.exe

C:\Windows\System\RpyJyar.exe

C:\Windows\System\RpyJyar.exe

C:\Windows\System\eSBOkce.exe

C:\Windows\System\eSBOkce.exe

C:\Windows\System\EmBRKjU.exe

C:\Windows\System\EmBRKjU.exe

C:\Windows\System\tUtsxsk.exe

C:\Windows\System\tUtsxsk.exe

C:\Windows\System\tUkQcph.exe

C:\Windows\System\tUkQcph.exe

C:\Windows\System\KBilodx.exe

C:\Windows\System\KBilodx.exe

C:\Windows\System\jwTetGt.exe

C:\Windows\System\jwTetGt.exe

C:\Windows\System\CkqkmyF.exe

C:\Windows\System\CkqkmyF.exe

C:\Windows\System\ggedejp.exe

C:\Windows\System\ggedejp.exe

C:\Windows\System\KPSwWMK.exe

C:\Windows\System\KPSwWMK.exe

C:\Windows\System\svFsISB.exe

C:\Windows\System\svFsISB.exe

C:\Windows\System\wnKGUpd.exe

C:\Windows\System\wnKGUpd.exe

C:\Windows\System\CMPZSHV.exe

C:\Windows\System\CMPZSHV.exe

C:\Windows\System\zVuePYq.exe

C:\Windows\System\zVuePYq.exe

C:\Windows\System\DfWVhTQ.exe

C:\Windows\System\DfWVhTQ.exe

C:\Windows\System\ZrwYQSu.exe

C:\Windows\System\ZrwYQSu.exe

C:\Windows\System\CNvnFLM.exe

C:\Windows\System\CNvnFLM.exe

C:\Windows\System\TzSDiOg.exe

C:\Windows\System\TzSDiOg.exe

C:\Windows\System\KVGplnF.exe

C:\Windows\System\KVGplnF.exe

C:\Windows\System\MPWnFrz.exe

C:\Windows\System\MPWnFrz.exe

C:\Windows\System\zojIIpk.exe

C:\Windows\System\zojIIpk.exe

C:\Windows\System\lbYomBt.exe

C:\Windows\System\lbYomBt.exe

C:\Windows\System\CmdpOdo.exe

C:\Windows\System\CmdpOdo.exe

C:\Windows\System\kQaTyWQ.exe

C:\Windows\System\kQaTyWQ.exe

C:\Windows\System\KSBZIwA.exe

C:\Windows\System\KSBZIwA.exe

C:\Windows\System\csNfzdG.exe

C:\Windows\System\csNfzdG.exe

C:\Windows\System\KiMTrGO.exe

C:\Windows\System\KiMTrGO.exe

C:\Windows\System\EZcxMeX.exe

C:\Windows\System\EZcxMeX.exe

C:\Windows\System\JqJcLQh.exe

C:\Windows\System\JqJcLQh.exe

C:\Windows\System\SUiURUh.exe

C:\Windows\System\SUiURUh.exe

C:\Windows\System\GHqSOMs.exe

C:\Windows\System\GHqSOMs.exe

C:\Windows\System\icCuJkr.exe

C:\Windows\System\icCuJkr.exe

C:\Windows\System\EbHirRc.exe

C:\Windows\System\EbHirRc.exe

C:\Windows\System\dotwjtl.exe

C:\Windows\System\dotwjtl.exe

C:\Windows\System\fJMbACa.exe

C:\Windows\System\fJMbACa.exe

C:\Windows\System\ZchTMWV.exe

C:\Windows\System\ZchTMWV.exe

C:\Windows\System\QhixuNX.exe

C:\Windows\System\QhixuNX.exe

C:\Windows\System\meKSBjQ.exe

C:\Windows\System\meKSBjQ.exe

C:\Windows\System\nqpjxNO.exe

C:\Windows\System\nqpjxNO.exe

C:\Windows\System\HnyMdBu.exe

C:\Windows\System\HnyMdBu.exe

C:\Windows\System\EpztLCq.exe

C:\Windows\System\EpztLCq.exe

C:\Windows\System\RHmNRWo.exe

C:\Windows\System\RHmNRWo.exe

C:\Windows\System\USYXXPs.exe

C:\Windows\System\USYXXPs.exe

C:\Windows\System\SwOXLhB.exe

C:\Windows\System\SwOXLhB.exe

C:\Windows\System\STMNJLn.exe

C:\Windows\System\STMNJLn.exe

C:\Windows\System\qZqDWBH.exe

C:\Windows\System\qZqDWBH.exe

C:\Windows\System\BBFgBng.exe

C:\Windows\System\BBFgBng.exe

C:\Windows\System\rvpYBIJ.exe

C:\Windows\System\rvpYBIJ.exe

C:\Windows\System\SRlONwH.exe

C:\Windows\System\SRlONwH.exe

C:\Windows\System\yATDQlb.exe

C:\Windows\System\yATDQlb.exe

C:\Windows\System\arJFJbW.exe

C:\Windows\System\arJFJbW.exe

C:\Windows\System\xlXAZcY.exe

C:\Windows\System\xlXAZcY.exe

C:\Windows\System\HElptEJ.exe

C:\Windows\System\HElptEJ.exe

C:\Windows\System\sYWPBAS.exe

C:\Windows\System\sYWPBAS.exe

C:\Windows\System\xwXahFL.exe

C:\Windows\System\xwXahFL.exe

C:\Windows\System\shjTOHh.exe

C:\Windows\System\shjTOHh.exe

C:\Windows\System\oIwZpLr.exe

C:\Windows\System\oIwZpLr.exe

C:\Windows\System\krJoYvU.exe

C:\Windows\System\krJoYvU.exe

C:\Windows\System\jXWGQFg.exe

C:\Windows\System\jXWGQFg.exe

C:\Windows\System\WKDxYpl.exe

C:\Windows\System\WKDxYpl.exe

C:\Windows\System\BUwpQDR.exe

C:\Windows\System\BUwpQDR.exe

C:\Windows\System\LdBbKtF.exe

C:\Windows\System\LdBbKtF.exe

C:\Windows\System\PMuFPgY.exe

C:\Windows\System\PMuFPgY.exe

C:\Windows\System\fMdpLjL.exe

C:\Windows\System\fMdpLjL.exe

C:\Windows\System\TOJLnig.exe

C:\Windows\System\TOJLnig.exe

C:\Windows\System\oKltFCX.exe

C:\Windows\System\oKltFCX.exe

C:\Windows\System\bHabBFZ.exe

C:\Windows\System\bHabBFZ.exe

C:\Windows\System\gOorWDL.exe

C:\Windows\System\gOorWDL.exe

C:\Windows\System\nUBDacL.exe

C:\Windows\System\nUBDacL.exe

C:\Windows\System\QHNeIuK.exe

C:\Windows\System\QHNeIuK.exe

C:\Windows\System\UsAzLpe.exe

C:\Windows\System\UsAzLpe.exe

C:\Windows\System\jDdoLiQ.exe

C:\Windows\System\jDdoLiQ.exe

C:\Windows\System\upfugcH.exe

C:\Windows\System\upfugcH.exe

C:\Windows\System\sBtFVMR.exe

C:\Windows\System\sBtFVMR.exe

C:\Windows\System\ZAIRSgb.exe

C:\Windows\System\ZAIRSgb.exe

C:\Windows\System\AxoWDkz.exe

C:\Windows\System\AxoWDkz.exe

C:\Windows\System\zJCkwft.exe

C:\Windows\System\zJCkwft.exe

C:\Windows\System\reYmktx.exe

C:\Windows\System\reYmktx.exe

C:\Windows\System\FdseKSf.exe

C:\Windows\System\FdseKSf.exe

C:\Windows\System\dJPylBn.exe

C:\Windows\System\dJPylBn.exe

C:\Windows\System\BPDfaVP.exe

C:\Windows\System\BPDfaVP.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1276-0-0x0000000000200000-0x0000000000210000-memory.dmp

\Windows\system\MhyfvbG.exe

MD5 c717c79842a49c5970740b42a7967321
SHA1 8e57e2bec908ab48e9c3193daccaa500ed21acb2
SHA256 ac4bf9c2d6dc1a4ef521e063164813f7f50e939c4d0ab2e3f6051b7640f8b24b
SHA512 b97ee4f0566b40e210fe92bcfa8ff1709e4e4b6935f64976bd6f7ab3a647fba8007fac8f737df35dc889bf40531c791809b1d3f6c3612e9984856b94cca90e7a

C:\Windows\system\NWJiWGo.exe

MD5 1d514e5f2a517df92f3db827cadebddb
SHA1 6909f891fdc16e745afd5380798e9e209daa9bde
SHA256 73d224922e57c76178641d2310259e0cfba18063c0a0725d4f23097393d35f7c
SHA512 0b2e23ae8409a6c1ed4a1144d6f836f54601ea6b69ec7ba9b8aad378d245781f4568bf413117283f9d2ba6e602bb932c3ceb94897c721f2240bc4ab0952daaae

C:\Windows\system\wcDCKfS.exe

MD5 4438cb58a7aa4b4d008c091360d7f8f8
SHA1 4407e9111f77ada6481b2cabc932909d14205822
SHA256 19a302154342178854463bdd98b4e3004abf45f48d897abe19f9e1ba8f2169de
SHA512 82576a7d325c7959359718dd6fce0154d2005490fc95277ac78dff7ee7292f2c2ad8fd01ea6eabd9958f558b18feb071d277adeaa2d1a1fd7ee0924bb4065f82

\Windows\system\iiGpFna.exe

MD5 72a4d2b7546b8a19cba3a9c6e6f495e2
SHA1 25bb2777f76a7056fa5a7a58ec4cff7d224ef409
SHA256 776f4546c655a45a5100ba50c24cc2bf086c560452fe53f26536e67f10082e47
SHA512 78465f99e55b06f16286c4abf23d0f2a58f25fa2de244377460c675fe54f3a0169c7fbee8afcd659614d59b53ab966ca26bb75ad6b363bd794d39b020a93dfc8

C:\Windows\system\jgEjBUS.exe

MD5 06d27cb5eb8152c5e9dace9369e2bfa8
SHA1 fc09d2d21c9b17639852b672439855134d882c7d
SHA256 3f09342755e7204eb4eea3cc9e1ee1bf144b44390333b49722e5cb4a3336e237
SHA512 c55851a804cce8436f0c9210f7ad81259d447afdcb9dce339358973d49afb690c537008398cc347babd36678df36b10edb6856477f59209bf0536f6c5fc8cd00

C:\Windows\system\zPRONpa.exe

MD5 eb96985f3ab31207b202ec253794a353
SHA1 2c9d155e2be9d21b40d0b110fe51b191a483c59a
SHA256 dcaa3160e43e981a001cb821629bd432fec4854de7b58000bf3df44bc748044d
SHA512 65832dacb31ee310890ad67a90ccbf1575c8e85f6fdbf09790c5416ac4df813604cd34c6460a3444e9b6477bcb5f03f3144857d5e6befcb0ac4745d209a632ee

C:\Windows\system\nsbcgOi.exe

MD5 ca21ef13b1de9831c0aafe8063e596e2
SHA1 71be87ef3e4dfaf74cdbbd297e19122497b3ad0c
SHA256 d084e0156ead571feb766c8d56f207a54f65ffaecf01ff058d00d43ac3bc1983
SHA512 a973d304982cf46da24a9e276b816c171b83e199b42ab854565dd4ca1578a9e4cfbb52d17ae1eb79f30391e8545e1c5a7ef28df17968766546bc32212b80e2e9

C:\Windows\system\FNUoJWm.exe

MD5 3b223caae1c7176f850a34381a035f90
SHA1 df3eedb6a9a63b8536177d91e457dd574103463a
SHA256 0823093bcfecdf2e07942942ff6e3b863f9cb2acb7da22c4187e8257ec341b1b
SHA512 b867c809b139cd240d3f524f84ee6efe65ef090bd72e172505242e6728e0c233daf4aaefc8e59ca86f7534bda9e0a67bac6805798411a45f70a605c884bb7ba2

C:\Windows\system\NucXOaL.exe

MD5 a5a2f129e7bb73717e106857ee11b3be
SHA1 14ebadaf0e19bd2162d4b691842452c26811f6d4
SHA256 a28a553764d085b0bbaabe1f9aceecd6cbfceda6723892cb520753d93da0d382
SHA512 93d84f83cac7fa1ddd59ce0980da373fdb4ff090a6f3c64fa3ae1ea023e53af78d8a96f05d2e2cf1c555e252dc60d22e78dd335fc535eb5ae083b25b3054b921

\Windows\system\UPSPBQU.exe

MD5 46b7363a68b7a9455fbc514c566fdb8b
SHA1 9dce4426ff57dba2d57c77556a0968c357918259
SHA256 4ead91de505c4e73df8234f16207538a9702cf7165c53323d8c4f4cc1e5df4a3
SHA512 2519eb2c89be857c96c345459d4218f4ae451acb971b6e952d68b8324e68202aa15be2170bc0bbcbef0ca0bb56c806b66abcab852b55ed8e0533b9d4cb316864

C:\Windows\system\SHEHdVQ.exe

MD5 11fe7060896d37c63147198abd8810ae
SHA1 567d476b8fc8ec6fbfa2d20c4d787c17f6c0bfd8
SHA256 b483b95b4911d92a5aae84d21cb077d255c0f40458e4bfc4db79ae49ef34fc81
SHA512 ca2ed09f11cd9877efd1926736ca8a821fa73f0dbc03bb3f000f67e6c6b8b4254304fc111cc3029dc1b48be7a289064cc966c5f04306f64d9b1b1fc1d42d7b83

C:\Windows\system\kRYLpHO.exe

MD5 9bd02d7e10d1ac19d7a438bd2a38efea
SHA1 1ea96963d6a4751036222e4e3507b2b4db67a7f4
SHA256 bd1dd55dd16ff0b70a4d83f18a6f1ae914eb9aa4bfc3959413e9992abde2562a
SHA512 58007fa83a01c0463a364ddf0cd5f242ea74dd61ed8e3b9a9b11b758eba20176974775eb0af67d0a2760895c1ce7f6e604c80b1eb6469c0c10d605f5f80b9c46

C:\Windows\system\cSibmBE.exe

MD5 5b7511f4f8d7145278ee002a2110a5af
SHA1 32e12709c0cdfa224070c36bca6e7a5b28b75072
SHA256 7415e953d7c1b5d3ca2389743327d7fbb056f46b9fd5fa2f19dd4c1a35efb596
SHA512 2060a2afefa614c481b33f7a97733168b0f5b47cd99a98c0dfe5cb4a2993c5e3beba9c3806422b11ab90a96f2afa64a06710a619a76e12c69bfd9c043280d444

C:\Windows\system\VipZgFH.exe

MD5 3e1e1590109ea1f3ea19898f39ef99d7
SHA1 019867e9909a305b1d4076f59bb6d4a403a449e7
SHA256 25660e837481c80359227e208b56f10f29fac33486d2ff8630f0e9da9ab162ab
SHA512 93a4f59a20b275af28207e7e3bbfa8a62179214a875c7a0352f26ac33c618a6d024ff2ccffc73892be6ffa60807341257f9c541aa953f88e9ad37bd7b910176a

C:\Windows\system\VAtijGi.exe

MD5 9c0c6caf5a34e152209cf435a65eec8c
SHA1 c24f127cd08df4ab3cdd38959f8188b8a313c1db
SHA256 c6cbe183ddc033e7914069cbb11a7956eeb36e6db5bfe20f2eaf8cfc2f0e83c4
SHA512 c65daf4f111fdde0201ce284c4d1e099835ce9cb4e2a5b51b51c36eb78393f01f6101b4c0def8a2cdab4341e1ab6b1562950816c6d2382af78fda2c48e8537d7

C:\Windows\system\HhGslIB.exe

MD5 0bfecd69d61227d14996ebf734c2fffa
SHA1 abc3b774ffc4bc6e9a1712e62a0371d2c0c45f33
SHA256 61c8a87feb76dc12c9f0334c54fe75a70f7cb915b1ea9b0443f24088f30a0f07
SHA512 7af46ad635f67f449ef11cc272d1bf1744df6bf3750878eebbc9cdab7c050132ab5088ec7687e0d33b967a5a897ec79750b641c09558385020f5e0f8d770cf19

C:\Windows\system\VmGwOSE.exe

MD5 c830d8c10b72072d58b7ac6318340ba2
SHA1 2cf1dd2c612a6fa8c02dfe1cd8f11cd2a4e17ca4
SHA256 d860c43671d048b93a2e0fc5b4465d547513d0104c5666ab0f103ae5757811be
SHA512 a2b82eeeb851a2538e66af9c5221f4c45ee4bd66d0b5300d4be84e858772b399f5d767d0557318148c38db4f9a29f6f2bd4fbc7caab5b7195d9dbc58c9c849fb

C:\Windows\system\BHYYLtK.exe

MD5 8cc7ac1c7097eda1605456f471235125
SHA1 ee9655d941e117558296029534aeb28cf29628ea
SHA256 59ba8bb33c48b770fa75db2bd2f09f4a3d5128abccbf14ce55b264438f3ae379
SHA512 16a4fc43fef0f93b77ba9a5f980efd779078b715ad2d59b41120b8ca9f0bad9559576037a829f003db3da948d76a8f29371bd8714ffad1741e29eb67bb9030c3

C:\Windows\system\hvPQlDM.exe

MD5 f1cf89f412a348d3fb4d6a87ee15767c
SHA1 92a9e2c6096926a3c9424f13c75281074f6f3357
SHA256 8e76d04c1fcb02bf79636451299cb23e5a93dd610e6c30c2254450a5933b5d45
SHA512 aacb77470fa706f2653f9c4f5b476ccd42e178ef23705c2ef3d18046d5d931f7f818d77e8859efd3e25a92f19ec59a3a85bb2b891f64a495689facc3c0f1cd3a

C:\Windows\system\hOeUSmv.exe

MD5 fe43d71262f94e8ddc10fecb05026705
SHA1 6e13a132705b744ee9555363508f3b5d208ee674
SHA256 ef79c7a0307a18e5bfc67d45d93c8a8dd88ccc86e69d5bee853877667ac920c1
SHA512 c470a86eef58a27efa36542ee8d6d74594f3ac7dd924baea9eb330a69168d0ab5c8ec4ba7448b4ae8ed9a54cb71e1f610efb6e9fdede5e4b4e0f20896af24152

C:\Windows\system\JyCoCDd.exe

MD5 8c781f169f8a732056829d1bcc58b5f4
SHA1 7e37818acf07acd6b1d534984e23aef9942be4c7
SHA256 4867f70393b0ecac5f4cf8f75e58bc957fdb64355b8a9a90981192ee96c85919
SHA512 fc54719aa0f59225a729f4f06d64d940feb71395449881a9d1b828924ffbba79977882bd223ab144cf90df70f213821bb2267a7ca9f75fc65b45bb26fd67d129

C:\Windows\system\aTRJuUP.exe

MD5 5ed7e49d501d3e5376a83547f45e60e3
SHA1 34bc61642035929be298fccf66d25e69e11da6e0
SHA256 e8ea509983cd5ebe3c75b5d05ead0d1ef827fd993e225c55b7e0b3ebe3d78745
SHA512 83bb44e5b5e37e9a169851ec7f411f99666676a3f64449df88bc1cc738689a04e38ed0a739e25f3bbe055ec67c6afb4ad80ccd3c4f42ee8c9c84da3c98facee4

C:\Windows\system\yvaKyBq.exe

MD5 d17464df855213ee46cf993a59f83e05
SHA1 e24aabc28b3728a9fe8140bfd4fe8997411beef9
SHA256 f703d06e5cd21955abcb49f99da2c54fce1d331005544f6cc18e4ed251bba49f
SHA512 58ba731d0da042c6b4812946a2121fa2950cb80fe7eddb069e5796e12c943c8bed14f724072a9c6c5cecdbd0172fd5cc157489a1f86292e95b5a85a46959002f

C:\Windows\system\kkvQyLO.exe

MD5 66f8ac3dbbeaecf15622d194c45e1582
SHA1 5e3793deacffe98649113bb710f5f9d674ecf6bf
SHA256 5082ff2e5af6b77dd49e186c660085243debf6a3c2914c9eacd4e193fd86a706
SHA512 d19a9e3fbf885251708f8cbf5d0dc5b7370094cbd37de90dfcf7a90eb69aa4c3e10924670d53b53a63774784d82b394e366b0a07cd033ec48c7ee74ffd62ab62

C:\Windows\system\loMIZaF.exe

MD5 d647750b86a762d3f1060fa3001c56f4
SHA1 2a814398ec9c13dbecd454e8a757248c653f10ab
SHA256 d1d59d1bcac2f86009a10d6bdbf917afbc4705fb51eb8c3bd9c7269fbda0a08e
SHA512 1f8f7b18081eb7774e975c08444cda45f524e861c1b4e9f3dd65c1a22d278a094608460c97e69be06365e03b196dd46cea11548141c3cf847d7c01c85d77a901

C:\Windows\system\qrufesS.exe

MD5 ebe5dc2e07b3bfb4cadc2351394f782a
SHA1 f3a015ae366011501b1db0ff5e835409887e1a50
SHA256 2c637db03ef1760f3f7374125c6982799015cbc32ab4b57568da6d404b6b66de
SHA512 e271a6186badcafed062f204ae7b712d8d90dc3e4913b8af5152fd4f9940733663490e612570f699761271e351dd8293374070ef3b6fbce1da550a729bb9eaa7

C:\Windows\system\WZhuwRt.exe

MD5 b316ebb846e42e1c0cb96029718a539a
SHA1 d4fa69c748e5491562717a825ca30d261d1f6104
SHA256 61ea9ccfe69b12c31d703c1ac867f3f157446631c1510bf11da1408f8411cbcf
SHA512 4095b5d3a90f5921e5874eb427eb1caeada61616eb8875cc009310ff315a138a25f81ded663e046496230320310583c2e24908db6dff42c841881fc1c4baca02

C:\Windows\system\XuDcytO.exe

MD5 5ea561bf755e999de2b62e0b79f1b2d7
SHA1 574581ec04548c4a31e3bbeb2c52246f0c849087
SHA256 16fb577815edec4cebb7c181d8b71322485ae21f025cb44bca3c0af8e6e58522
SHA512 ca99192101e5ae7f6f294a6018fd486adaa0637647f290b4f62e63fb079aeea7ca7068f3fb53d770c4cce4e449edf266656b88ea649ebca5df0cf5c10f6ec7e9

C:\Windows\system\vQrlRbh.exe

MD5 89802cae8d171a36b1440e08c169adb9
SHA1 bf7b0c22a8d1e62a1618996d7f929e39e58fb1b6
SHA256 37d5e47e9b0894ad2a5d135c8e06ab92df34bddc0c388d1917bf54d5acbca30f
SHA512 43fbca73b83b4f65921d81d153f1994d39fc8230d04819b836c7651d66ceee9578eb5cdef5bd2c10a118bb8cfce976bc0a5cb6aa2ad3b6f8ec11ed6c60755e81

C:\Windows\system\hAdgifN.exe

MD5 3a1d5c9753e74b5f06a8dbc99e7c3235
SHA1 1f5a4e7b8da87339eb99ab496b93c118f3cd5add
SHA256 625b44aa2621d1442436b8d0ba43bfabc38bd584d34eb0b9ee39292facfe24ec
SHA512 8bef8de1c794a17f22326724306c14efb064f0ec9b3a802395d831ab2b064bdf9b92e546368b1b4e87295fc88d675ad775e8ac27d39f9af5fad06b2e51977d1a

C:\Windows\system\KLnmukf.exe

MD5 26bbb013fbc0f41dcf621e737e370e94
SHA1 050a9179e9dd8f263e3d9a53f1c77e64b5e68670
SHA256 6bd844613bc5cae74c00d6fe9fb35dac46d4fd5072996de9419f5146b7496c1f
SHA512 66806e711c1822c6e8715de3d42e0d136f5b35aad577163d162bd66bf9c0010043a7a9bff0d840750e3d86de791ca0dff1b9f4533de49231d2c254ce1f9b0fe0

C:\Windows\system\pInUDzL.exe

MD5 b672bee2ec28952bf4c77f616924597a
SHA1 3201b57338684ba08e0fee234f3558654f41cdfe
SHA256 4bea60abf26d57624d4af29d2452af494451714938675f77b852427fc8d87a57
SHA512 3d6045cc54a0bc1d1f83f10383eb022a58a980268749a244f2bc64673fcc102f65826e0bd59a4aa262889f0860d98e3a9eec68c8c54d6e20cf1561654a44b58a