Malware Analysis Report

2025-04-19 18:03

Sample ID 240527-f1fgwahd7w
Target 204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe
SHA256 41bb0f4149fd819118ac8624dbf2f9b17d4e158fcf365aa604fc52f1385cfc4b
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

41bb0f4149fd819118ac8624dbf2f9b17d4e158fcf365aa604fc52f1385cfc4b

Threat Level: Known bad

The file 204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

Xmrig family

XMRig Miner payload

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 05:20

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 05:20

Reported

2024-05-27 05:22

Platform

win7-20240508-en

Max time kernel

136s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\jjTSVwn.exe N/A
N/A N/A C:\Windows\System\FptMRRz.exe N/A
N/A N/A C:\Windows\System\qEHekLQ.exe N/A
N/A N/A C:\Windows\System\WPqDzmw.exe N/A
N/A N/A C:\Windows\System\OOkpmDC.exe N/A
N/A N/A C:\Windows\System\wdnHtVB.exe N/A
N/A N/A C:\Windows\System\ACOtNFj.exe N/A
N/A N/A C:\Windows\System\rGfwOoh.exe N/A
N/A N/A C:\Windows\System\Gsqrwxv.exe N/A
N/A N/A C:\Windows\System\emhVZAH.exe N/A
N/A N/A C:\Windows\System\jSEBano.exe N/A
N/A N/A C:\Windows\System\FRRbVWZ.exe N/A
N/A N/A C:\Windows\System\hfsbanY.exe N/A
N/A N/A C:\Windows\System\sSnVdmD.exe N/A
N/A N/A C:\Windows\System\RcYPQia.exe N/A
N/A N/A C:\Windows\System\DrciWNi.exe N/A
N/A N/A C:\Windows\System\HyGiWZQ.exe N/A
N/A N/A C:\Windows\System\WTldYCv.exe N/A
N/A N/A C:\Windows\System\FosPbeR.exe N/A
N/A N/A C:\Windows\System\QsmMtXE.exe N/A
N/A N/A C:\Windows\System\JtHCanF.exe N/A
N/A N/A C:\Windows\System\TpQGoLN.exe N/A
N/A N/A C:\Windows\System\zngXNTA.exe N/A
N/A N/A C:\Windows\System\AYSlfTF.exe N/A
N/A N/A C:\Windows\System\fTfGkin.exe N/A
N/A N/A C:\Windows\System\RLCTJNK.exe N/A
N/A N/A C:\Windows\System\CPQgacs.exe N/A
N/A N/A C:\Windows\System\MGMrfwM.exe N/A
N/A N/A C:\Windows\System\CvAQwNc.exe N/A
N/A N/A C:\Windows\System\OOAlMXI.exe N/A
N/A N/A C:\Windows\System\jqnxggq.exe N/A
N/A N/A C:\Windows\System\mLCSBoa.exe N/A
N/A N/A C:\Windows\System\fbnbDWK.exe N/A
N/A N/A C:\Windows\System\YezCdgf.exe N/A
N/A N/A C:\Windows\System\PPryeKB.exe N/A
N/A N/A C:\Windows\System\AwNNEEe.exe N/A
N/A N/A C:\Windows\System\KHXCgnC.exe N/A
N/A N/A C:\Windows\System\yJBQIJe.exe N/A
N/A N/A C:\Windows\System\RuhcKnV.exe N/A
N/A N/A C:\Windows\System\LfwQLvm.exe N/A
N/A N/A C:\Windows\System\KqyhUtv.exe N/A
N/A N/A C:\Windows\System\PgDXAaR.exe N/A
N/A N/A C:\Windows\System\mOjFIzD.exe N/A
N/A N/A C:\Windows\System\iuuHZdl.exe N/A
N/A N/A C:\Windows\System\ZacUyns.exe N/A
N/A N/A C:\Windows\System\HnLSJsw.exe N/A
N/A N/A C:\Windows\System\ZBgWUyV.exe N/A
N/A N/A C:\Windows\System\azVfLqB.exe N/A
N/A N/A C:\Windows\System\tuDTfQy.exe N/A
N/A N/A C:\Windows\System\YYpNGma.exe N/A
N/A N/A C:\Windows\System\BXnFcnH.exe N/A
N/A N/A C:\Windows\System\HTulilh.exe N/A
N/A N/A C:\Windows\System\fnnuqKg.exe N/A
N/A N/A C:\Windows\System\VzyEXDA.exe N/A
N/A N/A C:\Windows\System\XHcDpTU.exe N/A
N/A N/A C:\Windows\System\zdhmKkN.exe N/A
N/A N/A C:\Windows\System\ZHauplA.exe N/A
N/A N/A C:\Windows\System\kFWVGIE.exe N/A
N/A N/A C:\Windows\System\tLdVAWq.exe N/A
N/A N/A C:\Windows\System\SZYXIXL.exe N/A
N/A N/A C:\Windows\System\zFWeymX.exe N/A
N/A N/A C:\Windows\System\uEbqYkt.exe N/A
N/A N/A C:\Windows\System\dOlhrMC.exe N/A
N/A N/A C:\Windows\System\pwhfumw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wTDHglz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sSnVdmD.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AYSlfTF.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIZHdjq.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\haXfVEU.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rnooLRZ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTEBGZO.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vxBRtEY.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dirCKnN.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTaGMUC.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RuhcKnV.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKcVFpk.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\shRDNYz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IPFMXTm.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPryeKB.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqnxggq.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDPJsIR.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rGfwOoh.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OIefXtR.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPVPdvu.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OOkpmDC.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KqyhUtv.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mOjFIzD.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YYpNGma.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwJCTNk.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbnbDWK.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\siVzSPO.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApNWqsQ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SZYXIXL.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\kmmBQEy.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\eLbTKMW.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sIwYyld.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dkiMiCJ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CjbpBnB.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\YUEIIDH.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fnnuqKg.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vyEOwHx.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DeXFPDw.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvgElRZ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JtHCanF.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OOAlMXI.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\zFWeymX.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKBhKEl.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ONfBMSp.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PqVCoRx.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RLCTJNK.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xUOwZyD.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\WFPmZmJ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\azVfLqB.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HnLSJsw.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlPNovI.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyjEAuf.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\eLogQYj.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SQLXHig.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MGMrfwM.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmmshZD.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvgvWIO.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcnHJuu.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UOwIxqg.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\XulOvYw.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ItVDJvB.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wxxMsxV.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sdJyhIQ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SYnJQJT.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jjTSVwn.exe
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jjTSVwn.exe
PID 2132 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jjTSVwn.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FptMRRz.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FptMRRz.exe
PID 2132 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FptMRRz.exe
PID 2132 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\qEHekLQ.exe
PID 2132 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\qEHekLQ.exe
PID 2132 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\qEHekLQ.exe
PID 2132 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WPqDzmw.exe
PID 2132 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WPqDzmw.exe
PID 2132 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WPqDzmw.exe
PID 2132 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\OOkpmDC.exe
PID 2132 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\OOkpmDC.exe
PID 2132 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\OOkpmDC.exe
PID 2132 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\wdnHtVB.exe
PID 2132 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\wdnHtVB.exe
PID 2132 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\wdnHtVB.exe
PID 2132 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ACOtNFj.exe
PID 2132 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ACOtNFj.exe
PID 2132 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ACOtNFj.exe
PID 2132 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\rGfwOoh.exe
PID 2132 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\rGfwOoh.exe
PID 2132 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\rGfwOoh.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\Gsqrwxv.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\Gsqrwxv.exe
PID 2132 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\Gsqrwxv.exe
PID 2132 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\emhVZAH.exe
PID 2132 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\emhVZAH.exe
PID 2132 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\emhVZAH.exe
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jSEBano.exe
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jSEBano.exe
PID 2132 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jSEBano.exe
PID 2132 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FRRbVWZ.exe
PID 2132 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FRRbVWZ.exe
PID 2132 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FRRbVWZ.exe
PID 2132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\hfsbanY.exe
PID 2132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\hfsbanY.exe
PID 2132 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\hfsbanY.exe
PID 2132 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\sSnVdmD.exe
PID 2132 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\sSnVdmD.exe
PID 2132 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\sSnVdmD.exe
PID 2132 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RcYPQia.exe
PID 2132 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RcYPQia.exe
PID 2132 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RcYPQia.exe
PID 2132 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\DrciWNi.exe
PID 2132 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\DrciWNi.exe
PID 2132 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\DrciWNi.exe
PID 2132 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\HyGiWZQ.exe
PID 2132 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\HyGiWZQ.exe
PID 2132 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\HyGiWZQ.exe
PID 2132 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WTldYCv.exe
PID 2132 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WTldYCv.exe
PID 2132 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WTldYCv.exe
PID 2132 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FosPbeR.exe
PID 2132 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FosPbeR.exe
PID 2132 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FosPbeR.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\QsmMtXE.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\QsmMtXE.exe
PID 2132 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\QsmMtXE.exe
PID 2132 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\JtHCanF.exe
PID 2132 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\JtHCanF.exe
PID 2132 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\JtHCanF.exe
PID 2132 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\TpQGoLN.exe

Processes

C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe"

C:\Windows\System\jjTSVwn.exe

C:\Windows\System\jjTSVwn.exe

C:\Windows\System\FptMRRz.exe

C:\Windows\System\FptMRRz.exe

C:\Windows\System\qEHekLQ.exe

C:\Windows\System\qEHekLQ.exe

C:\Windows\System\WPqDzmw.exe

C:\Windows\System\WPqDzmw.exe

C:\Windows\System\OOkpmDC.exe

C:\Windows\System\OOkpmDC.exe

C:\Windows\System\wdnHtVB.exe

C:\Windows\System\wdnHtVB.exe

C:\Windows\System\ACOtNFj.exe

C:\Windows\System\ACOtNFj.exe

C:\Windows\System\rGfwOoh.exe

C:\Windows\System\rGfwOoh.exe

C:\Windows\System\Gsqrwxv.exe

C:\Windows\System\Gsqrwxv.exe

C:\Windows\System\emhVZAH.exe

C:\Windows\System\emhVZAH.exe

C:\Windows\System\jSEBano.exe

C:\Windows\System\jSEBano.exe

C:\Windows\System\FRRbVWZ.exe

C:\Windows\System\FRRbVWZ.exe

C:\Windows\System\hfsbanY.exe

C:\Windows\System\hfsbanY.exe

C:\Windows\System\sSnVdmD.exe

C:\Windows\System\sSnVdmD.exe

C:\Windows\System\RcYPQia.exe

C:\Windows\System\RcYPQia.exe

C:\Windows\System\DrciWNi.exe

C:\Windows\System\DrciWNi.exe

C:\Windows\System\HyGiWZQ.exe

C:\Windows\System\HyGiWZQ.exe

C:\Windows\System\WTldYCv.exe

C:\Windows\System\WTldYCv.exe

C:\Windows\System\FosPbeR.exe

C:\Windows\System\FosPbeR.exe

C:\Windows\System\QsmMtXE.exe

C:\Windows\System\QsmMtXE.exe

C:\Windows\System\JtHCanF.exe

C:\Windows\System\JtHCanF.exe

C:\Windows\System\TpQGoLN.exe

C:\Windows\System\TpQGoLN.exe

C:\Windows\System\zngXNTA.exe

C:\Windows\System\zngXNTA.exe

C:\Windows\System\AYSlfTF.exe

C:\Windows\System\AYSlfTF.exe

C:\Windows\System\fTfGkin.exe

C:\Windows\System\fTfGkin.exe

C:\Windows\System\CPQgacs.exe

C:\Windows\System\CPQgacs.exe

C:\Windows\System\RLCTJNK.exe

C:\Windows\System\RLCTJNK.exe

C:\Windows\System\jqnxggq.exe

C:\Windows\System\jqnxggq.exe

C:\Windows\System\MGMrfwM.exe

C:\Windows\System\MGMrfwM.exe

C:\Windows\System\mLCSBoa.exe

C:\Windows\System\mLCSBoa.exe

C:\Windows\System\CvAQwNc.exe

C:\Windows\System\CvAQwNc.exe

C:\Windows\System\fbnbDWK.exe

C:\Windows\System\fbnbDWK.exe

C:\Windows\System\OOAlMXI.exe

C:\Windows\System\OOAlMXI.exe

C:\Windows\System\YezCdgf.exe

C:\Windows\System\YezCdgf.exe

C:\Windows\System\PPryeKB.exe

C:\Windows\System\PPryeKB.exe

C:\Windows\System\AwNNEEe.exe

C:\Windows\System\AwNNEEe.exe

C:\Windows\System\KHXCgnC.exe

C:\Windows\System\KHXCgnC.exe

C:\Windows\System\yJBQIJe.exe

C:\Windows\System\yJBQIJe.exe

C:\Windows\System\RuhcKnV.exe

C:\Windows\System\RuhcKnV.exe

C:\Windows\System\LfwQLvm.exe

C:\Windows\System\LfwQLvm.exe

C:\Windows\System\KqyhUtv.exe

C:\Windows\System\KqyhUtv.exe

C:\Windows\System\PgDXAaR.exe

C:\Windows\System\PgDXAaR.exe

C:\Windows\System\mOjFIzD.exe

C:\Windows\System\mOjFIzD.exe

C:\Windows\System\iuuHZdl.exe

C:\Windows\System\iuuHZdl.exe

C:\Windows\System\ZacUyns.exe

C:\Windows\System\ZacUyns.exe

C:\Windows\System\HnLSJsw.exe

C:\Windows\System\HnLSJsw.exe

C:\Windows\System\ZBgWUyV.exe

C:\Windows\System\ZBgWUyV.exe

C:\Windows\System\azVfLqB.exe

C:\Windows\System\azVfLqB.exe

C:\Windows\System\tuDTfQy.exe

C:\Windows\System\tuDTfQy.exe

C:\Windows\System\YYpNGma.exe

C:\Windows\System\YYpNGma.exe

C:\Windows\System\BXnFcnH.exe

C:\Windows\System\BXnFcnH.exe

C:\Windows\System\HTulilh.exe

C:\Windows\System\HTulilh.exe

C:\Windows\System\fnnuqKg.exe

C:\Windows\System\fnnuqKg.exe

C:\Windows\System\VzyEXDA.exe

C:\Windows\System\VzyEXDA.exe

C:\Windows\System\XHcDpTU.exe

C:\Windows\System\XHcDpTU.exe

C:\Windows\System\zdhmKkN.exe

C:\Windows\System\zdhmKkN.exe

C:\Windows\System\ZHauplA.exe

C:\Windows\System\ZHauplA.exe

C:\Windows\System\kFWVGIE.exe

C:\Windows\System\kFWVGIE.exe

C:\Windows\System\tLdVAWq.exe

C:\Windows\System\tLdVAWq.exe

C:\Windows\System\SZYXIXL.exe

C:\Windows\System\SZYXIXL.exe

C:\Windows\System\zFWeymX.exe

C:\Windows\System\zFWeymX.exe

C:\Windows\System\uEbqYkt.exe

C:\Windows\System\uEbqYkt.exe

C:\Windows\System\dOlhrMC.exe

C:\Windows\System\dOlhrMC.exe

C:\Windows\System\pwhfumw.exe

C:\Windows\System\pwhfumw.exe

C:\Windows\System\hcbpFyx.exe

C:\Windows\System\hcbpFyx.exe

C:\Windows\System\movtiTO.exe

C:\Windows\System\movtiTO.exe

C:\Windows\System\XBwTWAG.exe

C:\Windows\System\XBwTWAG.exe

C:\Windows\System\jAmgElJ.exe

C:\Windows\System\jAmgElJ.exe

C:\Windows\System\HHGSHRB.exe

C:\Windows\System\HHGSHRB.exe

C:\Windows\System\sJgRauo.exe

C:\Windows\System\sJgRauo.exe

C:\Windows\System\shRDNYz.exe

C:\Windows\System\shRDNYz.exe

C:\Windows\System\EOFPOAg.exe

C:\Windows\System\EOFPOAg.exe

C:\Windows\System\wxxMsxV.exe

C:\Windows\System\wxxMsxV.exe

C:\Windows\System\DurzlpM.exe

C:\Windows\System\DurzlpM.exe

C:\Windows\System\DCBBmpU.exe

C:\Windows\System\DCBBmpU.exe

C:\Windows\System\eeEDaGG.exe

C:\Windows\System\eeEDaGG.exe

C:\Windows\System\sdJyhIQ.exe

C:\Windows\System\sdJyhIQ.exe

C:\Windows\System\QxiYVDP.exe

C:\Windows\System\QxiYVDP.exe

C:\Windows\System\EAcAKEE.exe

C:\Windows\System\EAcAKEE.exe

C:\Windows\System\lcnJLYt.exe

C:\Windows\System\lcnJLYt.exe

C:\Windows\System\SjJmlkA.exe

C:\Windows\System\SjJmlkA.exe

C:\Windows\System\eLogQYj.exe

C:\Windows\System\eLogQYj.exe

C:\Windows\System\PIZHdjq.exe

C:\Windows\System\PIZHdjq.exe

C:\Windows\System\IDPJsIR.exe

C:\Windows\System\IDPJsIR.exe

C:\Windows\System\UmmshZD.exe

C:\Windows\System\UmmshZD.exe

C:\Windows\System\tORhipW.exe

C:\Windows\System\tORhipW.exe

C:\Windows\System\JvgvWIO.exe

C:\Windows\System\JvgvWIO.exe

C:\Windows\System\cKBhKEl.exe

C:\Windows\System\cKBhKEl.exe

C:\Windows\System\nlPNovI.exe

C:\Windows\System\nlPNovI.exe

C:\Windows\System\nxdFyXy.exe

C:\Windows\System\nxdFyXy.exe

C:\Windows\System\JEGKxJH.exe

C:\Windows\System\JEGKxJH.exe

C:\Windows\System\jcnHJuu.exe

C:\Windows\System\jcnHJuu.exe

C:\Windows\System\jxAwozE.exe

C:\Windows\System\jxAwozE.exe

C:\Windows\System\IXGTqfw.exe

C:\Windows\System\IXGTqfw.exe

C:\Windows\System\ljkSBLl.exe

C:\Windows\System\ljkSBLl.exe

C:\Windows\System\sIwYyld.exe

C:\Windows\System\sIwYyld.exe

C:\Windows\System\sKNJhlf.exe

C:\Windows\System\sKNJhlf.exe

C:\Windows\System\ONfBMSp.exe

C:\Windows\System\ONfBMSp.exe

C:\Windows\System\JDpZTXW.exe

C:\Windows\System\JDpZTXW.exe

C:\Windows\System\OIefXtR.exe

C:\Windows\System\OIefXtR.exe

C:\Windows\System\uBFDOre.exe

C:\Windows\System\uBFDOre.exe

C:\Windows\System\SQLXHig.exe

C:\Windows\System\SQLXHig.exe

C:\Windows\System\zmzQZPc.exe

C:\Windows\System\zmzQZPc.exe

C:\Windows\System\RnoweDc.exe

C:\Windows\System\RnoweDc.exe

C:\Windows\System\rnooLRZ.exe

C:\Windows\System\rnooLRZ.exe

C:\Windows\System\jFtlder.exe

C:\Windows\System\jFtlder.exe

C:\Windows\System\NMAxMnT.exe

C:\Windows\System\NMAxMnT.exe

C:\Windows\System\KwkaUfq.exe

C:\Windows\System\KwkaUfq.exe

C:\Windows\System\SYnJQJT.exe

C:\Windows\System\SYnJQJT.exe

C:\Windows\System\deVnVHM.exe

C:\Windows\System\deVnVHM.exe

C:\Windows\System\IPFMXTm.exe

C:\Windows\System\IPFMXTm.exe

C:\Windows\System\vyEOwHx.exe

C:\Windows\System\vyEOwHx.exe

C:\Windows\System\UOwIxqg.exe

C:\Windows\System\UOwIxqg.exe

C:\Windows\System\iUzSxNc.exe

C:\Windows\System\iUzSxNc.exe

C:\Windows\System\dqugBMm.exe

C:\Windows\System\dqugBMm.exe

C:\Windows\System\MwJCTNk.exe

C:\Windows\System\MwJCTNk.exe

C:\Windows\System\ahCXCmb.exe

C:\Windows\System\ahCXCmb.exe

C:\Windows\System\HKcVFpk.exe

C:\Windows\System\HKcVFpk.exe

C:\Windows\System\wQDZSFn.exe

C:\Windows\System\wQDZSFn.exe

C:\Windows\System\smqIbFw.exe

C:\Windows\System\smqIbFw.exe

C:\Windows\System\ItVDJvB.exe

C:\Windows\System\ItVDJvB.exe

C:\Windows\System\howqmFr.exe

C:\Windows\System\howqmFr.exe

C:\Windows\System\FCJgkxM.exe

C:\Windows\System\FCJgkxM.exe

C:\Windows\System\UUasdmH.exe

C:\Windows\System\UUasdmH.exe

C:\Windows\System\vTEBGZO.exe

C:\Windows\System\vTEBGZO.exe

C:\Windows\System\mIiCloE.exe

C:\Windows\System\mIiCloE.exe

C:\Windows\System\dkiMiCJ.exe

C:\Windows\System\dkiMiCJ.exe

C:\Windows\System\keeEJoM.exe

C:\Windows\System\keeEJoM.exe

C:\Windows\System\jeRdIba.exe

C:\Windows\System\jeRdIba.exe

C:\Windows\System\hCMZQpT.exe

C:\Windows\System\hCMZQpT.exe

C:\Windows\System\uJcHpWZ.exe

C:\Windows\System\uJcHpWZ.exe

C:\Windows\System\aSwaclW.exe

C:\Windows\System\aSwaclW.exe

C:\Windows\System\WOkPCYq.exe

C:\Windows\System\WOkPCYq.exe

C:\Windows\System\xLMFLOE.exe

C:\Windows\System\xLMFLOE.exe

C:\Windows\System\lRCeYhu.exe

C:\Windows\System\lRCeYhu.exe

C:\Windows\System\vuilkdy.exe

C:\Windows\System\vuilkdy.exe

C:\Windows\System\DeXFPDw.exe

C:\Windows\System\DeXFPDw.exe

C:\Windows\System\elFhPrG.exe

C:\Windows\System\elFhPrG.exe

C:\Windows\System\FUCJHoJ.exe

C:\Windows\System\FUCJHoJ.exe

C:\Windows\System\xUOwZyD.exe

C:\Windows\System\xUOwZyD.exe

C:\Windows\System\CjbpBnB.exe

C:\Windows\System\CjbpBnB.exe

C:\Windows\System\YUEIIDH.exe

C:\Windows\System\YUEIIDH.exe

C:\Windows\System\XofqGcT.exe

C:\Windows\System\XofqGcT.exe

C:\Windows\System\VszAtze.exe

C:\Windows\System\VszAtze.exe

C:\Windows\System\GyjEAuf.exe

C:\Windows\System\GyjEAuf.exe

C:\Windows\System\auUycUA.exe

C:\Windows\System\auUycUA.exe

C:\Windows\System\YalQEDc.exe

C:\Windows\System\YalQEDc.exe

C:\Windows\System\eLbTKMW.exe

C:\Windows\System\eLbTKMW.exe

C:\Windows\System\vxBRtEY.exe

C:\Windows\System\vxBRtEY.exe

C:\Windows\System\MnoiSio.exe

C:\Windows\System\MnoiSio.exe

C:\Windows\System\Qcddpft.exe

C:\Windows\System\Qcddpft.exe

C:\Windows\System\HeANSeX.exe

C:\Windows\System\HeANSeX.exe

C:\Windows\System\snRVYeK.exe

C:\Windows\System\snRVYeK.exe

C:\Windows\System\seayLWe.exe

C:\Windows\System\seayLWe.exe

C:\Windows\System\VQupJdV.exe

C:\Windows\System\VQupJdV.exe

C:\Windows\System\DPVPdvu.exe

C:\Windows\System\DPVPdvu.exe

C:\Windows\System\cbvNjSq.exe

C:\Windows\System\cbvNjSq.exe

C:\Windows\System\bTklGgD.exe

C:\Windows\System\bTklGgD.exe

C:\Windows\System\aIaeaVV.exe

C:\Windows\System\aIaeaVV.exe

C:\Windows\System\DvgElRZ.exe

C:\Windows\System\DvgElRZ.exe

C:\Windows\System\bWoueRv.exe

C:\Windows\System\bWoueRv.exe

C:\Windows\System\XCvPlwc.exe

C:\Windows\System\XCvPlwc.exe

C:\Windows\System\GnwrINl.exe

C:\Windows\System\GnwrINl.exe

C:\Windows\System\pYBaMVg.exe

C:\Windows\System\pYBaMVg.exe

C:\Windows\System\haXfVEU.exe

C:\Windows\System\haXfVEU.exe

C:\Windows\System\gczjltG.exe

C:\Windows\System\gczjltG.exe

C:\Windows\System\KOLmkCE.exe

C:\Windows\System\KOLmkCE.exe

C:\Windows\System\eSTQeER.exe

C:\Windows\System\eSTQeER.exe

C:\Windows\System\FEdVSFY.exe

C:\Windows\System\FEdVSFY.exe

C:\Windows\System\KygXfCy.exe

C:\Windows\System\KygXfCy.exe

C:\Windows\System\fvJRaod.exe

C:\Windows\System\fvJRaod.exe

C:\Windows\System\XulOvYw.exe

C:\Windows\System\XulOvYw.exe

C:\Windows\System\lVjFTYT.exe

C:\Windows\System\lVjFTYT.exe

C:\Windows\System\VOWyzwk.exe

C:\Windows\System\VOWyzwk.exe

C:\Windows\System\siVzSPO.exe

C:\Windows\System\siVzSPO.exe

C:\Windows\System\jDzRfBH.exe

C:\Windows\System\jDzRfBH.exe

C:\Windows\System\lLWWNHJ.exe

C:\Windows\System\lLWWNHJ.exe

C:\Windows\System\PqVCoRx.exe

C:\Windows\System\PqVCoRx.exe

C:\Windows\System\cAUePBj.exe

C:\Windows\System\cAUePBj.exe

C:\Windows\System\fGqVewL.exe

C:\Windows\System\fGqVewL.exe

C:\Windows\System\gKhpWjl.exe

C:\Windows\System\gKhpWjl.exe

C:\Windows\System\mCADHwM.exe

C:\Windows\System\mCADHwM.exe

C:\Windows\System\WFPmZmJ.exe

C:\Windows\System\WFPmZmJ.exe

C:\Windows\System\dirCKnN.exe

C:\Windows\System\dirCKnN.exe

C:\Windows\System\gTaGMUC.exe

C:\Windows\System\gTaGMUC.exe

C:\Windows\System\sWJPHjk.exe

C:\Windows\System\sWJPHjk.exe

C:\Windows\System\szJPlHn.exe

C:\Windows\System\szJPlHn.exe

C:\Windows\System\wTDHglz.exe

C:\Windows\System\wTDHglz.exe

C:\Windows\System\mQxTzBw.exe

C:\Windows\System\mQxTzBw.exe

C:\Windows\System\YRQvQDL.exe

C:\Windows\System\YRQvQDL.exe

C:\Windows\System\TjRJYbj.exe

C:\Windows\System\TjRJYbj.exe

C:\Windows\System\LvSkhuV.exe

C:\Windows\System\LvSkhuV.exe

C:\Windows\System\TBpTKLk.exe

C:\Windows\System\TBpTKLk.exe

C:\Windows\System\kmmBQEy.exe

C:\Windows\System\kmmBQEy.exe

C:\Windows\System\ZEFvxIj.exe

C:\Windows\System\ZEFvxIj.exe

C:\Windows\System\tItKrFv.exe

C:\Windows\System\tItKrFv.exe

C:\Windows\System\NUuXqbN.exe

C:\Windows\System\NUuXqbN.exe

C:\Windows\System\ApNWqsQ.exe

C:\Windows\System\ApNWqsQ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2132-0-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\jjTSVwn.exe

MD5 bd408fa5846c435f98a96267da8437f0
SHA1 177c79a0d59510ac5dc73caffdb20517c2d1bb37
SHA256 5f89b569bf9c9a3c779d629fbe1d149105e099f23f50657cdaaff6dfb2eb741c
SHA512 f15bf04755b3ce04ce75b18c1b2381d9245fc978fe07e301e491dd2542e7d1c5883c520562fe075e85abbeb4fe70f91c1fa92a31f1d08d9cea8c92749f58652b

C:\Windows\system\FptMRRz.exe

MD5 dae63143fa30ce9f3f2be82acc0fc991
SHA1 e511d33d5d9a4d9f18fbb8db7e36c25830cbc40c
SHA256 e97a096c6473dc50ffc2376ecf61953c8dde8e388ee0d5f33aeda147a92daa1e
SHA512 e0013c4184b5f37ef68451227c8e5cc20500c623a768a95f73a05193bd3241dd72994c59d7e93d902d801b3858a37949c29c9b99f8a2a3ac385b00bcfa1e90a7

C:\Windows\system\qEHekLQ.exe

MD5 74f71a95184802290785e5d395289a7c
SHA1 03ceba0c2aeb6243f36834943982b1b85ee70cd1
SHA256 e70d84c8141d2f2c74877d67e9903e3ac1c2c8b26f230fc9172f6f173f84fb15
SHA512 aaf9efa6ecd9a28403cbebf01861293f718d76af5d9c50318235a2afafdde1330e68435fdad19dfdec345494e7680720911d3d7da9107d132513ce5ea23e7e30

C:\Windows\system\WPqDzmw.exe

MD5 c040395d5d335c0ec2e50b1b2b89d671
SHA1 132cda8b440a8f2a9a849a0eea224cb52329a976
SHA256 1b4c4e02d256f6b902b0a16784fa921a61d565b42f82c7135c8726f7371e405c
SHA512 19d7fe1a401760255e99f8931137e98e2bb8a577da95f0490cc7455b9cd583f4cb2e164ae2f11f90e5aa5e881d10f9080929572ec4f8d213306c9155f50d96b8

C:\Windows\system\OOkpmDC.exe

MD5 346c9365fb109ab5c156c59a83c168e7
SHA1 d83f54c4f73cde5f4dce448827cdd8fa761064d3
SHA256 91c8fecddd82094d21da3a936738ef2945fc046e89c937846ea5ba3b9c7abaa1
SHA512 4fde8ab27b48bd8a86414260144d82923849510e0a5ed40274ae665342f640f5c0a4b6ceb454a99cd2b539f40e95636c84b6a241f59739190893b49ac4171a0e

C:\Windows\system\wdnHtVB.exe

MD5 e405a204921e2a0775c2b78efaa61e7b
SHA1 be44ca34886bbfd333c010bab483f9d178c11f17
SHA256 8d8dbd5157f09cb144fe878f91e6e8440a2f2bb7041aad6fd340503bcdaf13c0
SHA512 d240ac806a8481c15bb580ee77b36155d764f1e27e2397e5595bfc7c1c77c65dfbc3f577c03e70172ab6c924834a6815d4e030a62b48294d787a43f5dc43ec04

C:\Windows\system\rGfwOoh.exe

MD5 634e3252f151dc22399257aabff77c2e
SHA1 bf7d0fba6fcc046e1f00bf667c2e793acffab59c
SHA256 0df344dc22633f16bbc4f9e7f8b55361444274f9a55adbf6d36e8f6baaaf09b5
SHA512 a45a811f866d4eaadfac6ed75e50050263238400200576fb3de02143a1b7dc0bbbeb7379324887b59e17d630cf63b6d08d82bf6b891fcad87990af2d6f56fb1b

C:\Windows\system\Gsqrwxv.exe

MD5 ca81dfc2c4b043feb6818d6d03a96eee
SHA1 ea4f23709215563de6e0cfdff819245ef429d2f7
SHA256 85a7dc74916c63b9c083bb747c3316166832e92e17acea45e0f5377816ac05ca
SHA512 4493a5a1ea3c1dee1a6716cbe31d5ded1935443f812e3e89d802df2460e9cbccf3c0333a195f39718a8809ab878fa52e2330fbd2e5957d0ee36d28f21d567946

C:\Windows\system\emhVZAH.exe

MD5 7fe1850a61c63f266d91af3c887208ef
SHA1 b0ed5247078bf42fbe52c3fd09ff544f1baf1625
SHA256 59809a77a0f8e0e989b3711c3428364834d1a7f89aa88d19a56378ca2bf7d30e
SHA512 cad3669dd6d441baf0c9ab717fb6b5a0540e57bf74fdce7535f5fbfe7861e8350d1293e8cd562a472f082a180815d6473de2b21fd13e1c3996dc9fa9183f17a0

C:\Windows\system\hfsbanY.exe

MD5 795c3ad7656ec095e93355ac5ad86451
SHA1 c9ce72e896f222b13649fd2cfddb55f7ddcc40f2
SHA256 7f8f14eee9179e4e95b5d8e6a298ace75560b48d7b7dff17249b5db5cfc1c8ff
SHA512 e1fd56da652dd5ee90bb1fa2c74789c3d820d30b0b84b012d6563413a995d319cdfea9b1d6937bae564b31751fe73e1c76a99f4aa4d4e2ae46b552212dd6a017

C:\Windows\system\DrciWNi.exe

MD5 0b87fe07868ccc03f1f52e43e96faf60
SHA1 7ad4048cb1ccd6401a24ff5bfaff044dee2f2084
SHA256 21bd3e4ca5d76bb914d7f5a0c2eef7c89d8f0c503b47effaa91af784600a2e78
SHA512 e8811c8273124325cb0c8733673d734c5d3adbf688fe3c0d94eab21744a4050e938fa255f431e36de3b99429fed685e9fade30bbf3f34d50504572bc0b8e8c89

C:\Windows\system\HyGiWZQ.exe

MD5 c1a9087ecfac06813afc8290f1f06d8d
SHA1 610c72a5ac6f4b98ebb37f49f5d0acaec0f339f7
SHA256 c43b10cd1c8504d79bcf4c035f1628b56d4e86775d2ee2e3f69a7c32ec0d0035
SHA512 4362ff298069be1eedc0cf156ac681ef007dbc43091491427a534817168222d09c326347e947e62a76ac764d17bb69ee678dc573749da029b1548fbf27465cfb

C:\Windows\system\WTldYCv.exe

MD5 21a25b15829ec77c7fb9306bca68ddc1
SHA1 150ea1d874c16d20665217dded2eb277a0d947a1
SHA256 deda9ff87c9538664664e382ddb1e5c665e6b244fc86689425cc42ba6d0d0381
SHA512 702803e3b67329288e9312f7b4b5fbf2a1db6d019f60bb0fada7d0676040ef15391f0c61d2e38f42bbb0e88987080ae7d3e7c15c39e0c7b22acdce0ef819835c

C:\Windows\system\FosPbeR.exe

MD5 a385522f122a16eb20135dab9109e7e2
SHA1 dd07e71c860c71185350c670a88939a2cf58f947
SHA256 103a5b97f76c77023e4e1355d75b287ba49a7d9d1434da32549a1d10d7cc82f7
SHA512 50d6a0c680e951466fedf011b183b017072ac9aa0cde094bde0a33e6a263cc05d220116734f57fc7e5374c4f650688e6af9a559d8fb83a7b69d648f68c1846ac

\Windows\system\CPQgacs.exe

MD5 85e43ef3effe9e929bf7461ebb06381c
SHA1 8885bb5132f582c10d726d7945ed43becc35abc4
SHA256 1ff4ea3293d989a732d37c2c7283dab6139af0da08b72739698b9eee4d95bbc4
SHA512 4e60ae14b0cea789be23a90927cedfe977f97f875ca282e496b99b0e72f37b73e00d9c51fe22108dc912a33dacf90c09f21c2ee18febcdd3738c21dd3b493bd9

\Windows\system\YezCdgf.exe

MD5 0f0e70e53a76cfefda295f836dac85bb
SHA1 3b3ff7b9bd83c8e97a36f1ea4112e0c332c4c275
SHA256 a314db63b02f74f565aeed3dee7ca53608edf4e291a3af731aaa7a460cb8392b
SHA512 e64e5f318efe452709e874f2aab147fc89c743ff9b3562584d98dc9c35851645aa157cd3c6bdd98be80f21137e9e39c72f1276fc3e526ef26072e003e0fa5021

C:\Windows\system\CvAQwNc.exe

MD5 c5729d000ba0321f4f53804bb037c166
SHA1 08fd26b331275aca32e1521c886b0d3d087e5da1
SHA256 56c138548eab279119af4367cd2cd036dcedb406852e76efc89250b4c9efb06e
SHA512 c79b6807b88e47889c671bd8ac0c7ccadb0eebac1ad12728dd9ed047e968952c09b4eb5a7aae2109b7599bb810a4f88f877a72f0f16185a8fd41a702d503dc89

\Windows\system\fbnbDWK.exe

MD5 fc88bf031e6bb2b6be4fe23b00dd12fe
SHA1 1fac50714158d80365618a0475075d7323ca8d32
SHA256 6e3ce7590671c61a82585a609e826174e5f95abfde0b1830f591556a3b349279
SHA512 fe0f03a100c7de8ff6479a6fda02a0ad2560efae8b425cba58a0269c445fd8e58ef5027673135e1043f6ec383755d31d8374ff07cfa7bc03dc9a5a1fe905dac8

\Windows\system\mLCSBoa.exe

MD5 6b3c53788e15b5154cbcdaedfd878cf4
SHA1 38770104a39b55c0c18f9c8a5a47e8ecbb750ef5
SHA256 d8d80589a0a9eec646dca26d55c4d8116443f66e655ae43262f8692ed9b72c13
SHA512 6b551dc2fa30f81a7195da0453f979598a825c039d45c1ade964ff7a77ad522964dd09d65dd3e308c196ae682c48bf3f5c12a98fabaf58a0bb60e9aca9d94048

\Windows\system\jqnxggq.exe

MD5 e11c02c64a2ec303a44b89c37dda6fde
SHA1 05c770f2bf0aad26febf4bab9ed1bd1435309de8
SHA256 86b43ed9360916e126027d77cce5a53bebb499a11f0e78d4289cfcb85965bade
SHA512 3e2f991c742e2ddd2f71d9f961b1c90700a5fae69da0ca159fdb2d16a4d6bebc6f4405de78c062d27ba3db446482d8e77a87b90e4217b0f0be5ffa16d3fce9ab

C:\Windows\system\OOAlMXI.exe

MD5 a5d1f38a336ffed96f9b02208a0755f5
SHA1 19614afbf99bc476f0e8684d95fd060d6603612a
SHA256 04502b03973bf03d63e4beda6035210e9e829d1d51920d921f0b31188e9297ce
SHA512 0a092cb520009f36a5b174fc1bab52f1c2c279465086444eee9d9acf0a9dff9f923254d69660cfe76e3fc6bdaa0ef6e59d11224bd98da6f74d222aa4e550f5c6

C:\Windows\system\AYSlfTF.exe

MD5 2236a0c3e6c0048b6f5a62c4a7605ba8
SHA1 c64ed1708d6353746d8a1207f3af2f852018be9e
SHA256 be8c03e04094754b19d13106a580cc8afc7f1ce7c9ae7f0fbfa58ee9e493773f
SHA512 1ff5af249ef91d0c24c2c28ec863ce144d3c267c7955fe3a9983418b2944a1458846a4a7e39e4cb07f0862b89dc4377b82c906c4ee455c7b2f4db68033813ecc

C:\Windows\system\MGMrfwM.exe

MD5 3f5a53597f281ddfbc256a4b234d2652
SHA1 13b4f222fab53f7b563192a63d1e24685f719bd5
SHA256 06c58fdfa71bc32073f6f91cde02d045518e87e2441cee6394381bd4eb7852dd
SHA512 9767b699362c5b9d255f2541d5c5567ffa120ca2eb0d99917510c4015b0075678eb9a5cb8233631db0f6ccd9a47897e5551e5c2ed9e220e4c9f71415664268ba

C:\Windows\system\RLCTJNK.exe

MD5 bfeba68c270c741943e7afc0db9462fb
SHA1 4fc2aeb1e61ce87092047ab9c42f890d489a5b9b
SHA256 8d8f4930645522f81d8a7e4c734883a4f9a1ff8dcd03f9f0137914ec0f4abf2b
SHA512 550c8f5cfb5f57c5dc3615eab53d914cf7d8421c271b5d47efd8fb34ff7310efde554b515cbaafb827d587e8c6d7acc7d9c2fd7e59c002acc8eac9d6ec963313

C:\Windows\system\fTfGkin.exe

MD5 77e4d7a557d70151760df1e9ea513895
SHA1 2c4d8b1b58489c85de8548a47d2a40cfb721d20d
SHA256 b52352871e307541065b273e13c7e87f881dfd9a775c8615c476cc42f3112538
SHA512 b140f53c7a86118aa95f1e78fc68ed4a4583e1e90247801ce3b18e51b6da26e721b13f076b07b1fd8396867d2efad3141bf540c3e425dff643110f350f46832e

C:\Windows\system\zngXNTA.exe

MD5 74954b3374b49343a540e68dab7d278e
SHA1 937ac6458333a6fddee7ba856d63d4fcdeb60488
SHA256 e02b503859518aa1b403c14e4f5b835fb21fdf09b340b5568b21789ef4caef39
SHA512 74139cbb5c7d272f8889a1e9945d960a946582c8424e6db33ffbcac4f80c02d8242b005cc284d56a105b713ea83aa74467e38957891ccf5f29c4abfae4f9f61a

C:\Windows\system\TpQGoLN.exe

MD5 4bbdb42e33546a78ae4c17bd186ea811
SHA1 84c08119f35c6837125a3b5f8e0dde049b40313f
SHA256 f915426fcae60b729ff5fa26e7022fe912786db1f61ac638eded994b6849b9f0
SHA512 cac4bb298e1174650f9d94f93ade1753ee07865202b48e37b72aa9b8d4bbaeeec800251718b8c6c0bbcab679f6432ba409cd1b5363ab4ab788a877f607b40ef1

C:\Windows\system\JtHCanF.exe

MD5 65e06a8be457dfe180980592e6444f50
SHA1 808e7faf482514b60655ed8ae56764ddf05274ff
SHA256 b5f573128e0d493b33f399768195630a8d8d689508c155c034b5244610444502
SHA512 e36a36b81de59573b45aacedab9fb411649ee93cfb913235403f434aeb921ed6c1463016caed273b8902c2412c097864e0570d745a94736c92fece73f51ce768

C:\Windows\system\QsmMtXE.exe

MD5 54a5c69ab07d1f4c0573e306a995e8cf
SHA1 27470047acfe7b3cd29b7c8c18c6317b0f9637b2
SHA256 f4c6f21ca1729dd1d0514e8e804f986fbda4b2d2d13e760a2896883859de78b6
SHA512 b11a3fd0f7a389a2454e223687340520bf3027d002e3f52fb1808dfccc067703b49484cbbbbe0f398b2414be26e3f9f63f37f99dd993f144d1069dde1b87cc37

C:\Windows\system\RcYPQia.exe

MD5 9523f78feb2205bf37a972288f47366b
SHA1 5f5fcac2a1034012445b845d0007e9d88c125fb3
SHA256 4bb880ba1f4be03a2489c790245ed9ac3af3269b499e9f92e6c0331f64101b92
SHA512 598246192cfd0608fde0df4b3af0f4be74b9016d587d2f6a746257c15241c7b7bf6f0575b2a6a3e81c4f7d8375f40185b3d71a42735030d2b31d65111473d676

C:\Windows\system\sSnVdmD.exe

MD5 788e1f48cc285d21db5ad943cb2adf19
SHA1 673d1ef5ce005541adabb8695e1e456b258438e3
SHA256 a4e2476076ec305c68178724941f2359e72d9693c3ec31b1cc37b54ef42017b1
SHA512 7245024bee6347de678476045abb5e7877e8112b30dfa84878a47952a7902e768a4883131b07018c1a398e05ef5b9df52acc9ee8bf693107a5bb5a924a97b6cb

C:\Windows\system\FRRbVWZ.exe

MD5 1df1b61103a8c52021168c763b147d97
SHA1 0844d8ab07acb56a66755c69f07ff681b5bc7232
SHA256 608f0254ff40585cacc5ff7ec61a225fb12567c10cdb8021219fbc0ab27c3770
SHA512 158db8d31c902b49c1f62f379257cf08a7605c4395326c397a19dfe8d717a05f1ac6bfe7e7e4f9669f7027d8b51f62da5d935db0981c1db298cb6addff8c336c

C:\Windows\system\jSEBano.exe

MD5 708e61731543d73cb5aa41d4b83b3158
SHA1 5446dec60bd1dccecea5a5c8ea616aafbd1359f9
SHA256 8419d695e161b1e283f7e3725978ee85c56f499711229a48d49c23e3bb62375d
SHA512 d64fb29129903aa0497004098a12457b1d1e32094e5330e31309b4fe6efbce21f79750c6d46e55dad3fbee24ce71fbc3a25b57ec7bf77f5bedc0d044f658a218

C:\Windows\system\ACOtNFj.exe

MD5 cd5be711f55e0fb4147655b4a658d8e6
SHA1 ebc5a57574904a53b31298fdf4505643c9875143
SHA256 cf55b675a5d1793afc0d355b4bc6073cc62e6ea952a66cf14f0c864c7d042f1c
SHA512 51dba521dd5877e0606457f6fb3296f2d31f29e31f3eba43a2554b2980e2e53f5053d638b6a1be0059f545ab48e2469b9c0841e7f48fc665d1dfcc06757624fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 05:20

Reported

2024-05-27 05:22

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\ZmDcZUK.exe N/A
N/A N/A C:\Windows\System\DgMEKXg.exe N/A
N/A N/A C:\Windows\System\ylVptYz.exe N/A
N/A N/A C:\Windows\System\nIxPwHg.exe N/A
N/A N/A C:\Windows\System\SVBEZPK.exe N/A
N/A N/A C:\Windows\System\hkAjvYQ.exe N/A
N/A N/A C:\Windows\System\XLewlAX.exe N/A
N/A N/A C:\Windows\System\ncYBPSF.exe N/A
N/A N/A C:\Windows\System\AvPqDfx.exe N/A
N/A N/A C:\Windows\System\fCpvGog.exe N/A
N/A N/A C:\Windows\System\MaMnFSE.exe N/A
N/A N/A C:\Windows\System\FqeMVfR.exe N/A
N/A N/A C:\Windows\System\WGorJWH.exe N/A
N/A N/A C:\Windows\System\TuWhDwE.exe N/A
N/A N/A C:\Windows\System\dzZWWye.exe N/A
N/A N/A C:\Windows\System\UQTNsTi.exe N/A
N/A N/A C:\Windows\System\RogZAGS.exe N/A
N/A N/A C:\Windows\System\WewesnW.exe N/A
N/A N/A C:\Windows\System\pzscvaK.exe N/A
N/A N/A C:\Windows\System\efobEiq.exe N/A
N/A N/A C:\Windows\System\jFjtLGy.exe N/A
N/A N/A C:\Windows\System\xYPpuZz.exe N/A
N/A N/A C:\Windows\System\tgylrhA.exe N/A
N/A N/A C:\Windows\System\XdxTJuN.exe N/A
N/A N/A C:\Windows\System\CnPgnUd.exe N/A
N/A N/A C:\Windows\System\mblFuUh.exe N/A
N/A N/A C:\Windows\System\XCqvTmQ.exe N/A
N/A N/A C:\Windows\System\lwuCVrn.exe N/A
N/A N/A C:\Windows\System\BYFkZTa.exe N/A
N/A N/A C:\Windows\System\RtIDJqk.exe N/A
N/A N/A C:\Windows\System\qrlqdTI.exe N/A
N/A N/A C:\Windows\System\HqjgGEz.exe N/A
N/A N/A C:\Windows\System\stxIXiT.exe N/A
N/A N/A C:\Windows\System\NjlzITU.exe N/A
N/A N/A C:\Windows\System\wyxyMoc.exe N/A
N/A N/A C:\Windows\System\tzawzeT.exe N/A
N/A N/A C:\Windows\System\IgYrnnE.exe N/A
N/A N/A C:\Windows\System\NVIoNQm.exe N/A
N/A N/A C:\Windows\System\CrilpNe.exe N/A
N/A N/A C:\Windows\System\itVWSTg.exe N/A
N/A N/A C:\Windows\System\OVopuCQ.exe N/A
N/A N/A C:\Windows\System\mubgRIP.exe N/A
N/A N/A C:\Windows\System\QxYpJfK.exe N/A
N/A N/A C:\Windows\System\NiwfZfA.exe N/A
N/A N/A C:\Windows\System\txXxYOy.exe N/A
N/A N/A C:\Windows\System\IBfZPRO.exe N/A
N/A N/A C:\Windows\System\RtWRuBk.exe N/A
N/A N/A C:\Windows\System\MvVlhTn.exe N/A
N/A N/A C:\Windows\System\LVfalFq.exe N/A
N/A N/A C:\Windows\System\gnwHmQn.exe N/A
N/A N/A C:\Windows\System\YfvVYcO.exe N/A
N/A N/A C:\Windows\System\QibznYt.exe N/A
N/A N/A C:\Windows\System\hhvSxLz.exe N/A
N/A N/A C:\Windows\System\tzxwnDY.exe N/A
N/A N/A C:\Windows\System\SnNICAE.exe N/A
N/A N/A C:\Windows\System\QrhvcoO.exe N/A
N/A N/A C:\Windows\System\sqRDqno.exe N/A
N/A N/A C:\Windows\System\pPHbJMV.exe N/A
N/A N/A C:\Windows\System\PtVmsaT.exe N/A
N/A N/A C:\Windows\System\xAFyAQa.exe N/A
N/A N/A C:\Windows\System\kIOxDsr.exe N/A
N/A N/A C:\Windows\System\ojgVTED.exe N/A
N/A N/A C:\Windows\System\lTTmsgW.exe N/A
N/A N/A C:\Windows\System\wyeJxsL.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\uVhOzYH.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uIMhkKy.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wYWKhqc.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BMLLbwj.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RtWRuBk.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\emgLujz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OuJjRtC.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZYmKzBc.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqdAKhy.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\XntpnyA.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qrlqdTI.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYFkZTa.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKMegfp.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\HqjgGEz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyeJxsL.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\oKQyTqP.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\aTmAyEq.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\uTyfDKr.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZlvZbYp.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tgylrhA.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyDbcXq.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPrUCoM.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CrilpNe.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RsFDDry.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MgOJdOU.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCpvGog.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OEOWkxB.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\KyXAFwP.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\cwrKvWa.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\qMVNlem.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\mMIUPLz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAFyAQa.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUtHcpn.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NtfsKxz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\TuWhDwE.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tGZqgvK.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\llLnoOE.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSMOgZQ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThvTGOz.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\QepsOMN.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\rmLnzAa.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzxwnDY.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnwHmQn.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQSvIiu.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZGXIBV.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzZWWye.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\ybGUEgd.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkAjvYQ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\EScZWTk.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\NiwfZfA.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\DgMEKXg.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\RogZAGS.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\AnnLmgR.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzVdNvI.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\wyxyMoc.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVopuCQ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JjvvRHK.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\luyhJOA.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\UfmFbhP.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\CkEutKZ.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\XtTViQF.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\MvVlhTn.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVtClPX.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
File created C:\Windows\System\tzawzeT.exe C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4480 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ZmDcZUK.exe
PID 4480 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ZmDcZUK.exe
PID 4480 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\DgMEKXg.exe
PID 4480 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\DgMEKXg.exe
PID 4480 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ylVptYz.exe
PID 4480 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ylVptYz.exe
PID 4480 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\nIxPwHg.exe
PID 4480 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\nIxPwHg.exe
PID 4480 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\SVBEZPK.exe
PID 4480 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\SVBEZPK.exe
PID 4480 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\hkAjvYQ.exe
PID 4480 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\hkAjvYQ.exe
PID 4480 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XLewlAX.exe
PID 4480 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XLewlAX.exe
PID 4480 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ncYBPSF.exe
PID 4480 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\ncYBPSF.exe
PID 4480 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\AvPqDfx.exe
PID 4480 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\AvPqDfx.exe
PID 4480 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\fCpvGog.exe
PID 4480 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\fCpvGog.exe
PID 4480 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\MaMnFSE.exe
PID 4480 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\MaMnFSE.exe
PID 4480 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FqeMVfR.exe
PID 4480 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\FqeMVfR.exe
PID 4480 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WGorJWH.exe
PID 4480 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WGorJWH.exe
PID 4480 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\TuWhDwE.exe
PID 4480 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\TuWhDwE.exe
PID 4480 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\dzZWWye.exe
PID 4480 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\dzZWWye.exe
PID 4480 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\UQTNsTi.exe
PID 4480 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\UQTNsTi.exe
PID 4480 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RogZAGS.exe
PID 4480 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RogZAGS.exe
PID 4480 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WewesnW.exe
PID 4480 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\WewesnW.exe
PID 4480 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\pzscvaK.exe
PID 4480 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\pzscvaK.exe
PID 4480 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\efobEiq.exe
PID 4480 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\efobEiq.exe
PID 4480 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jFjtLGy.exe
PID 4480 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\jFjtLGy.exe
PID 4480 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\xYPpuZz.exe
PID 4480 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\xYPpuZz.exe
PID 4480 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\tgylrhA.exe
PID 4480 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\tgylrhA.exe
PID 4480 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XdxTJuN.exe
PID 4480 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XdxTJuN.exe
PID 4480 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\CnPgnUd.exe
PID 4480 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\CnPgnUd.exe
PID 4480 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\mblFuUh.exe
PID 4480 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\mblFuUh.exe
PID 4480 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XCqvTmQ.exe
PID 4480 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\XCqvTmQ.exe
PID 4480 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\lwuCVrn.exe
PID 4480 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\lwuCVrn.exe
PID 4480 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\BYFkZTa.exe
PID 4480 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\BYFkZTa.exe
PID 4480 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RtIDJqk.exe
PID 4480 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\RtIDJqk.exe
PID 4480 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\qrlqdTI.exe
PID 4480 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\qrlqdTI.exe
PID 4480 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\HqjgGEz.exe
PID 4480 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe C:\Windows\System\HqjgGEz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\204bf9be46153d12f2782db369f04a80_NeikiAnalytics.exe"

C:\Windows\System\ZmDcZUK.exe

C:\Windows\System\ZmDcZUK.exe

C:\Windows\System\DgMEKXg.exe

C:\Windows\System\DgMEKXg.exe

C:\Windows\System\ylVptYz.exe

C:\Windows\System\ylVptYz.exe

C:\Windows\System\nIxPwHg.exe

C:\Windows\System\nIxPwHg.exe

C:\Windows\System\SVBEZPK.exe

C:\Windows\System\SVBEZPK.exe

C:\Windows\System\hkAjvYQ.exe

C:\Windows\System\hkAjvYQ.exe

C:\Windows\System\XLewlAX.exe

C:\Windows\System\XLewlAX.exe

C:\Windows\System\ncYBPSF.exe

C:\Windows\System\ncYBPSF.exe

C:\Windows\System\AvPqDfx.exe

C:\Windows\System\AvPqDfx.exe

C:\Windows\System\fCpvGog.exe

C:\Windows\System\fCpvGog.exe

C:\Windows\System\MaMnFSE.exe

C:\Windows\System\MaMnFSE.exe

C:\Windows\System\FqeMVfR.exe

C:\Windows\System\FqeMVfR.exe

C:\Windows\System\WGorJWH.exe

C:\Windows\System\WGorJWH.exe

C:\Windows\System\TuWhDwE.exe

C:\Windows\System\TuWhDwE.exe

C:\Windows\System\dzZWWye.exe

C:\Windows\System\dzZWWye.exe

C:\Windows\System\UQTNsTi.exe

C:\Windows\System\UQTNsTi.exe

C:\Windows\System\RogZAGS.exe

C:\Windows\System\RogZAGS.exe

C:\Windows\System\WewesnW.exe

C:\Windows\System\WewesnW.exe

C:\Windows\System\pzscvaK.exe

C:\Windows\System\pzscvaK.exe

C:\Windows\System\efobEiq.exe

C:\Windows\System\efobEiq.exe

C:\Windows\System\jFjtLGy.exe

C:\Windows\System\jFjtLGy.exe

C:\Windows\System\xYPpuZz.exe

C:\Windows\System\xYPpuZz.exe

C:\Windows\System\tgylrhA.exe

C:\Windows\System\tgylrhA.exe

C:\Windows\System\XdxTJuN.exe

C:\Windows\System\XdxTJuN.exe

C:\Windows\System\CnPgnUd.exe

C:\Windows\System\CnPgnUd.exe

C:\Windows\System\mblFuUh.exe

C:\Windows\System\mblFuUh.exe

C:\Windows\System\XCqvTmQ.exe

C:\Windows\System\XCqvTmQ.exe

C:\Windows\System\lwuCVrn.exe

C:\Windows\System\lwuCVrn.exe

C:\Windows\System\BYFkZTa.exe

C:\Windows\System\BYFkZTa.exe

C:\Windows\System\RtIDJqk.exe

C:\Windows\System\RtIDJqk.exe

C:\Windows\System\qrlqdTI.exe

C:\Windows\System\qrlqdTI.exe

C:\Windows\System\HqjgGEz.exe

C:\Windows\System\HqjgGEz.exe

C:\Windows\System\stxIXiT.exe

C:\Windows\System\stxIXiT.exe

C:\Windows\System\NjlzITU.exe

C:\Windows\System\NjlzITU.exe

C:\Windows\System\wyxyMoc.exe

C:\Windows\System\wyxyMoc.exe

C:\Windows\System\tzawzeT.exe

C:\Windows\System\tzawzeT.exe

C:\Windows\System\IgYrnnE.exe

C:\Windows\System\IgYrnnE.exe

C:\Windows\System\NVIoNQm.exe

C:\Windows\System\NVIoNQm.exe

C:\Windows\System\CrilpNe.exe

C:\Windows\System\CrilpNe.exe

C:\Windows\System\itVWSTg.exe

C:\Windows\System\itVWSTg.exe

C:\Windows\System\OVopuCQ.exe

C:\Windows\System\OVopuCQ.exe

C:\Windows\System\mubgRIP.exe

C:\Windows\System\mubgRIP.exe

C:\Windows\System\QxYpJfK.exe

C:\Windows\System\QxYpJfK.exe

C:\Windows\System\NiwfZfA.exe

C:\Windows\System\NiwfZfA.exe

C:\Windows\System\txXxYOy.exe

C:\Windows\System\txXxYOy.exe

C:\Windows\System\IBfZPRO.exe

C:\Windows\System\IBfZPRO.exe

C:\Windows\System\RtWRuBk.exe

C:\Windows\System\RtWRuBk.exe

C:\Windows\System\MvVlhTn.exe

C:\Windows\System\MvVlhTn.exe

C:\Windows\System\LVfalFq.exe

C:\Windows\System\LVfalFq.exe

C:\Windows\System\gnwHmQn.exe

C:\Windows\System\gnwHmQn.exe

C:\Windows\System\YfvVYcO.exe

C:\Windows\System\YfvVYcO.exe

C:\Windows\System\QibznYt.exe

C:\Windows\System\QibznYt.exe

C:\Windows\System\hhvSxLz.exe

C:\Windows\System\hhvSxLz.exe

C:\Windows\System\tzxwnDY.exe

C:\Windows\System\tzxwnDY.exe

C:\Windows\System\SnNICAE.exe

C:\Windows\System\SnNICAE.exe

C:\Windows\System\QrhvcoO.exe

C:\Windows\System\QrhvcoO.exe

C:\Windows\System\sqRDqno.exe

C:\Windows\System\sqRDqno.exe

C:\Windows\System\pPHbJMV.exe

C:\Windows\System\pPHbJMV.exe

C:\Windows\System\PtVmsaT.exe

C:\Windows\System\PtVmsaT.exe

C:\Windows\System\xAFyAQa.exe

C:\Windows\System\xAFyAQa.exe

C:\Windows\System\kIOxDsr.exe

C:\Windows\System\kIOxDsr.exe

C:\Windows\System\ojgVTED.exe

C:\Windows\System\ojgVTED.exe

C:\Windows\System\lTTmsgW.exe

C:\Windows\System\lTTmsgW.exe

C:\Windows\System\wyeJxsL.exe

C:\Windows\System\wyeJxsL.exe

C:\Windows\System\jReIZUr.exe

C:\Windows\System\jReIZUr.exe

C:\Windows\System\DrsDfST.exe

C:\Windows\System\DrsDfST.exe

C:\Windows\System\HNIyIjB.exe

C:\Windows\System\HNIyIjB.exe

C:\Windows\System\BpWmmWK.exe

C:\Windows\System\BpWmmWK.exe

C:\Windows\System\kGITzBd.exe

C:\Windows\System\kGITzBd.exe

C:\Windows\System\ZrcdiYj.exe

C:\Windows\System\ZrcdiYj.exe

C:\Windows\System\EpbhMpG.exe

C:\Windows\System\EpbhMpG.exe

C:\Windows\System\GAoTkid.exe

C:\Windows\System\GAoTkid.exe

C:\Windows\System\oKQyTqP.exe

C:\Windows\System\oKQyTqP.exe

C:\Windows\System\aTmAyEq.exe

C:\Windows\System\aTmAyEq.exe

C:\Windows\System\qMVNlem.exe

C:\Windows\System\qMVNlem.exe

C:\Windows\System\cKMegfp.exe

C:\Windows\System\cKMegfp.exe

C:\Windows\System\Msgarlt.exe

C:\Windows\System\Msgarlt.exe

C:\Windows\System\ZPwecHX.exe

C:\Windows\System\ZPwecHX.exe

C:\Windows\System\XufpvDk.exe

C:\Windows\System\XufpvDk.exe

C:\Windows\System\hIznIip.exe

C:\Windows\System\hIznIip.exe

C:\Windows\System\nODldLP.exe

C:\Windows\System\nODldLP.exe

C:\Windows\System\vqdAKhy.exe

C:\Windows\System\vqdAKhy.exe

C:\Windows\System\emgLujz.exe

C:\Windows\System\emgLujz.exe

C:\Windows\System\LNbpYEG.exe

C:\Windows\System\LNbpYEG.exe

C:\Windows\System\NWmSJEp.exe

C:\Windows\System\NWmSJEp.exe

C:\Windows\System\WBvEirL.exe

C:\Windows\System\WBvEirL.exe

C:\Windows\System\DFkstAc.exe

C:\Windows\System\DFkstAc.exe

C:\Windows\System\uCVFEKK.exe

C:\Windows\System\uCVFEKK.exe

C:\Windows\System\sWlhYlI.exe

C:\Windows\System\sWlhYlI.exe

C:\Windows\System\rzTSUxY.exe

C:\Windows\System\rzTSUxY.exe

C:\Windows\System\EScZWTk.exe

C:\Windows\System\EScZWTk.exe

C:\Windows\System\tjwnRaU.exe

C:\Windows\System\tjwnRaU.exe

C:\Windows\System\MfBrEuC.exe

C:\Windows\System\MfBrEuC.exe

C:\Windows\System\llLnoOE.exe

C:\Windows\System\llLnoOE.exe

C:\Windows\System\EUzLzBS.exe

C:\Windows\System\EUzLzBS.exe

C:\Windows\System\gqDsPaO.exe

C:\Windows\System\gqDsPaO.exe

C:\Windows\System\RsFDDry.exe

C:\Windows\System\RsFDDry.exe

C:\Windows\System\JjvvRHK.exe

C:\Windows\System\JjvvRHK.exe

C:\Windows\System\ybGUEgd.exe

C:\Windows\System\ybGUEgd.exe

C:\Windows\System\hUtHcpn.exe

C:\Windows\System\hUtHcpn.exe

C:\Windows\System\oHnRwhk.exe

C:\Windows\System\oHnRwhk.exe

C:\Windows\System\YzyeoRP.exe

C:\Windows\System\YzyeoRP.exe

C:\Windows\System\Mrrczwl.exe

C:\Windows\System\Mrrczwl.exe

C:\Windows\System\gSMOgZQ.exe

C:\Windows\System\gSMOgZQ.exe

C:\Windows\System\rqVfbIe.exe

C:\Windows\System\rqVfbIe.exe

C:\Windows\System\LCMTQPa.exe

C:\Windows\System\LCMTQPa.exe

C:\Windows\System\YuViQnV.exe

C:\Windows\System\YuViQnV.exe

C:\Windows\System\ZrdMpKN.exe

C:\Windows\System\ZrdMpKN.exe

C:\Windows\System\XntpnyA.exe

C:\Windows\System\XntpnyA.exe

C:\Windows\System\LMpNLKF.exe

C:\Windows\System\LMpNLKF.exe

C:\Windows\System\KXdUrsM.exe

C:\Windows\System\KXdUrsM.exe

C:\Windows\System\bmmpAqA.exe

C:\Windows\System\bmmpAqA.exe

C:\Windows\System\AnnLmgR.exe

C:\Windows\System\AnnLmgR.exe

C:\Windows\System\oQzjgfa.exe

C:\Windows\System\oQzjgfa.exe

C:\Windows\System\pHCxTOq.exe

C:\Windows\System\pHCxTOq.exe

C:\Windows\System\HXctXCU.exe

C:\Windows\System\HXctXCU.exe

C:\Windows\System\uVhOzYH.exe

C:\Windows\System\uVhOzYH.exe

C:\Windows\System\sQSvIiu.exe

C:\Windows\System\sQSvIiu.exe

C:\Windows\System\luyhJOA.exe

C:\Windows\System\luyhJOA.exe

C:\Windows\System\PyUugyi.exe

C:\Windows\System\PyUugyi.exe

C:\Windows\System\jeOjlXz.exe

C:\Windows\System\jeOjlXz.exe

C:\Windows\System\gSVPmEq.exe

C:\Windows\System\gSVPmEq.exe

C:\Windows\System\RYoYtXl.exe

C:\Windows\System\RYoYtXl.exe

C:\Windows\System\NtfsKxz.exe

C:\Windows\System\NtfsKxz.exe

C:\Windows\System\vAFFQAC.exe

C:\Windows\System\vAFFQAC.exe

C:\Windows\System\gZmroPr.exe

C:\Windows\System\gZmroPr.exe

C:\Windows\System\SUpnGDy.exe

C:\Windows\System\SUpnGDy.exe

C:\Windows\System\zdilMKf.exe

C:\Windows\System\zdilMKf.exe

C:\Windows\System\yozLlGE.exe

C:\Windows\System\yozLlGE.exe

C:\Windows\System\PzVdNvI.exe

C:\Windows\System\PzVdNvI.exe

C:\Windows\System\geDdFZd.exe

C:\Windows\System\geDdFZd.exe

C:\Windows\System\JZikTVM.exe

C:\Windows\System\JZikTVM.exe

C:\Windows\System\mMIUPLz.exe

C:\Windows\System\mMIUPLz.exe

C:\Windows\System\ThvTGOz.exe

C:\Windows\System\ThvTGOz.exe

C:\Windows\System\WRXyEzi.exe

C:\Windows\System\WRXyEzi.exe

C:\Windows\System\ImZsjpN.exe

C:\Windows\System\ImZsjpN.exe

C:\Windows\System\ugldtSV.exe

C:\Windows\System\ugldtSV.exe

C:\Windows\System\ZaTinvK.exe

C:\Windows\System\ZaTinvK.exe

C:\Windows\System\UfmFbhP.exe

C:\Windows\System\UfmFbhP.exe

C:\Windows\System\kZcIepq.exe

C:\Windows\System\kZcIepq.exe

C:\Windows\System\uTyfDKr.exe

C:\Windows\System\uTyfDKr.exe

C:\Windows\System\FzpkWOv.exe

C:\Windows\System\FzpkWOv.exe

C:\Windows\System\uIMhkKy.exe

C:\Windows\System\uIMhkKy.exe

C:\Windows\System\aSIDKpH.exe

C:\Windows\System\aSIDKpH.exe

C:\Windows\System\CkEutKZ.exe

C:\Windows\System\CkEutKZ.exe

C:\Windows\System\MgOJdOU.exe

C:\Windows\System\MgOJdOU.exe

C:\Windows\System\qauMCDS.exe

C:\Windows\System\qauMCDS.exe

C:\Windows\System\tGZqgvK.exe

C:\Windows\System\tGZqgvK.exe

C:\Windows\System\TQVahIa.exe

C:\Windows\System\TQVahIa.exe

C:\Windows\System\IiCvPKf.exe

C:\Windows\System\IiCvPKf.exe

C:\Windows\System\DGVjKdd.exe

C:\Windows\System\DGVjKdd.exe

C:\Windows\System\NlWiMhK.exe

C:\Windows\System\NlWiMhK.exe

C:\Windows\System\EkabQrT.exe

C:\Windows\System\EkabQrT.exe

C:\Windows\System\YoCKQdW.exe

C:\Windows\System\YoCKQdW.exe

C:\Windows\System\fzzOWXP.exe

C:\Windows\System\fzzOWXP.exe

C:\Windows\System\OuJjRtC.exe

C:\Windows\System\OuJjRtC.exe

C:\Windows\System\rrDDdDX.exe

C:\Windows\System\rrDDdDX.exe

C:\Windows\System\amQuMMg.exe

C:\Windows\System\amQuMMg.exe

C:\Windows\System\QZTrJBR.exe

C:\Windows\System\QZTrJBR.exe

C:\Windows\System\YMbTVAr.exe

C:\Windows\System\YMbTVAr.exe

C:\Windows\System\nvkLiRu.exe

C:\Windows\System\nvkLiRu.exe

C:\Windows\System\FMyxoim.exe

C:\Windows\System\FMyxoim.exe

C:\Windows\System\XtTViQF.exe

C:\Windows\System\XtTViQF.exe

C:\Windows\System\kMTKxGU.exe

C:\Windows\System\kMTKxGU.exe

C:\Windows\System\MwXdSSP.exe

C:\Windows\System\MwXdSSP.exe

C:\Windows\System\ZlvZbYp.exe

C:\Windows\System\ZlvZbYp.exe

C:\Windows\System\fZGXIBV.exe

C:\Windows\System\fZGXIBV.exe

C:\Windows\System\WInUomj.exe

C:\Windows\System\WInUomj.exe

C:\Windows\System\CRIdgOg.exe

C:\Windows\System\CRIdgOg.exe

C:\Windows\System\EbKJsWD.exe

C:\Windows\System\EbKJsWD.exe

C:\Windows\System\wYWKhqc.exe

C:\Windows\System\wYWKhqc.exe

C:\Windows\System\mEpsZfq.exe

C:\Windows\System\mEpsZfq.exe

C:\Windows\System\trxjHFJ.exe

C:\Windows\System\trxjHFJ.exe

C:\Windows\System\QepsOMN.exe

C:\Windows\System\QepsOMN.exe

C:\Windows\System\wNnLDPF.exe

C:\Windows\System\wNnLDPF.exe

C:\Windows\System\KyXAFwP.exe

C:\Windows\System\KyXAFwP.exe

C:\Windows\System\GMSXuTx.exe

C:\Windows\System\GMSXuTx.exe

C:\Windows\System\tyWUYib.exe

C:\Windows\System\tyWUYib.exe

C:\Windows\System\xwmvoUc.exe

C:\Windows\System\xwmvoUc.exe

C:\Windows\System\cwrKvWa.exe

C:\Windows\System\cwrKvWa.exe

C:\Windows\System\RGlZaka.exe

C:\Windows\System\RGlZaka.exe

C:\Windows\System\ZYmKzBc.exe

C:\Windows\System\ZYmKzBc.exe

C:\Windows\System\OEOWkxB.exe

C:\Windows\System\OEOWkxB.exe

C:\Windows\System\eRjoBTW.exe

C:\Windows\System\eRjoBTW.exe

C:\Windows\System\rmLnzAa.exe

C:\Windows\System\rmLnzAa.exe

C:\Windows\System\DdwpJzx.exe

C:\Windows\System\DdwpJzx.exe

C:\Windows\System\DkGcEWt.exe

C:\Windows\System\DkGcEWt.exe

C:\Windows\System\gyDbcXq.exe

C:\Windows\System\gyDbcXq.exe

C:\Windows\System\JVtClPX.exe

C:\Windows\System\JVtClPX.exe

C:\Windows\System\SPrUCoM.exe

C:\Windows\System\SPrUCoM.exe

C:\Windows\System\BMLLbwj.exe

C:\Windows\System\BMLLbwj.exe

C:\Windows\System\dSLOdPG.exe

C:\Windows\System\dSLOdPG.exe

C:\Windows\System\rmETIde.exe

C:\Windows\System\rmETIde.exe

C:\Windows\System\awzkoIc.exe

C:\Windows\System\awzkoIc.exe

C:\Windows\System\xkLHHKF.exe

C:\Windows\System\xkLHHKF.exe

C:\Windows\System\WNNDsGb.exe

C:\Windows\System\WNNDsGb.exe

C:\Windows\System\kfpHYIn.exe

C:\Windows\System\kfpHYIn.exe

C:\Windows\System\aHxeUVz.exe

C:\Windows\System\aHxeUVz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

memory/4480-0-0x000002304C640000-0x000002304C650000-memory.dmp

C:\Windows\System\ZmDcZUK.exe

MD5 e4d53e9d24b6ed21109c7a125bfc1fd6
SHA1 ae95aed7526891cdaecdabaa0173f49033c90fd8
SHA256 24cd3600a9e0d6a26524170adbb02e1854b394a28137e1e867f86c4a023b043b
SHA512 76c02c3a3a9a0a62aa95104ca5626c18b7a8faa59a298aa1775984363afba3938618d626e5d3907317d650666d335c1e531eecae3520f27e76d7eb23ce433944

C:\Windows\System\DgMEKXg.exe

MD5 a96b2f7348f338ebfe0ce7578ab9a20d
SHA1 d06b4d54f47446f7a2289440bf40b66aefe41a2e
SHA256 baa486926bef19571d6aabb313f238d8e6830eebf5d63e739ba3dae70612229f
SHA512 2ef577925a38004d835058a611f18ae9607ceb5d449253f489da99a0353645c31c66961788033a0489a543633f76f562de6d52a386b803a5e89b414a5bd2762b

C:\Windows\System\ylVptYz.exe

MD5 227fb67a6f365abc15b8de64da54250d
SHA1 03fef581d5eaeace57df97fc84c35137e48c55fc
SHA256 d481a85dd0a98971ab8fb6840c40a1cd5d76020835a76ab9e883607345aac361
SHA512 1ce8742231e68a8fa77138b536f67a1770f920066a76aa06fdac3e8d8a0cdb471f891f2f2ceef392a61255f12dada452d66e1e369e65ad910ecab28fad0521ea

C:\Windows\System\nIxPwHg.exe

MD5 f03fa09abc54b32a82eeb26973f62d4b
SHA1 bd0395679e7bf18697c505d7201695ed4f4653ef
SHA256 0bc7e82108c0857fa1ec5b9d78aee6bfcd7d2d7d2c72fa41d5edba12555ac587
SHA512 75cf5c8b888ac8a37d09e2d451a81ff9c45c41f98239c44e5e5311bd9e4c345dfafbbe19c6677a7be717cb18831fcf9cfe64ab236bebf230e9873c58164c7189

C:\Windows\System\SVBEZPK.exe

MD5 efec5bb15543429cecaefa5cd917d7be
SHA1 4570360fffa5e55f382a371f90206c4ce62126f0
SHA256 2f32f62e833454d585a6438b0699caebb26378b799866d7e75ba579c1fecad11
SHA512 c132918fec8ac9079b43af4a120a00ebb2aeb5d80e5aed536e6c743e4397bba523e28bcd4ec2d34b61669cd72284984a713ade06a6cdcdab1fabad5ccfbf4844

C:\Windows\System\stxIXiT.exe

MD5 9ce4a7f5e0dbabf6f0396b93f6fbce55
SHA1 7c6663d379a04f6d90392282b835ed8c604d1788
SHA256 d9b03f5d355be15ebe93c521d4dae4ff872718d047f3d0e913e0209e3b4ad888
SHA512 d50e552306a36a7097e07a8e187a72c036fefebc062b092b705ebf55a04046db90a0e459aca499fe333f14467f7e1c30f6c794158719c0d74c203ad6421c65b0

C:\Windows\System\qrlqdTI.exe

MD5 a4588ffa439f596c4857ad59c02c65fd
SHA1 1343be64cca7d131366c0e7fb10db76125930cfd
SHA256 f837c66d5da5caeff05f993dcf60a5392da8db247148079d0f6917691b76141a
SHA512 48fade50bddb9332fa84e88960ad897abdc3b5c8e4c35110c99abcc7f9faa950059975be861697a85656b4293b118ae8945363c573a0c10cd616645fffa8fdc3

C:\Windows\System\HqjgGEz.exe

MD5 6536fc5ad170ef35f0e78b00266765db
SHA1 110da3c7f27f4f38f9efeeaf297dab795815601d
SHA256 e6f6a0313923138d75039cf530a45f405cfc09bc6bf701fc3cf4a6f0ad8f137e
SHA512 f85b7f7e77c3515def6881458308431864d75633b0a425e7f272244b4a9c6c466db1f605bd592eae7e7f21c36cde1847422f513ade1ebf6f1b495709d06b3194

C:\Windows\System\RtIDJqk.exe

MD5 38453a5eea89ed1307905014d47e0c34
SHA1 cc9858006c6c7b73fc722a52568ac2a39c403e24
SHA256 69a42a79cf68d5289541236ac98381d9f096da2a44ee3a829b450bd7f2b9a98a
SHA512 2717fa2dfc8511c997b748194a9d9ac795a1fe0ab35552685e84da02b7e57948ec94956c6194f7f9e0e1e46b9808e03032e511c4642e6b4f3e556c8e0b4df91d

C:\Windows\System\BYFkZTa.exe

MD5 cdbf79400a2ba9706083ed2ff2dab444
SHA1 1c11fc8fcf1e6dc41375168f86b5376e83645ca2
SHA256 612b956cd09cbe12002c1379c275ccd1cb4d1b4034e2e57fca4c8ccd5f0540d5
SHA512 6ff889a1115b3f26861fdf3a1d962a8f4af8205cd85cb406570b6402017fb561095578ec900faf83584a27ef0b9030f04c562fab18fa928fa55b319cdb4f3e37

C:\Windows\System\lwuCVrn.exe

MD5 6f1b48fe0cf56e53dc33ca0805204c67
SHA1 2d3c499420933ca2a0c8aa74b35f09def1d49483
SHA256 c83477b8827948bb75ab2e901b29949b5f97d44ca30ff1680786072368a5cc17
SHA512 c34f6e790fa204ef0df2390e7671c67627a5749505b34c90b08b461ed8691fd4dda9bae07b644ab04e92a2b3c504cf0ee29eb781a0fd1fea91ef0dd6666fee5e

C:\Windows\System\XCqvTmQ.exe

MD5 9909c9b528c55718c25f9c6a405745ed
SHA1 536bd21d04c50f8374b77ecb4e76f49a71620257
SHA256 a3dab10261576a979b81b00f6bd00bbf325dd84e7593e3478531ef25efb18591
SHA512 c283814dbba424d6db0ff8e95cff4f39ad201f4c094b55cd3a187c245e267e249931896a99374b0c161ef0bb200cc7c7b69c936326afafc3b30e0a5f004eddd3

C:\Windows\System\mblFuUh.exe

MD5 8ff21cedc2c544f949d19090cbf66e6a
SHA1 8bf0cf277e86b4b2a7d74d959585a8c087c3062b
SHA256 369155170b3cdb3ff1a35b496c26c22abe800cd3ceb1b1319ea15a35f67f052d
SHA512 87cdb5efc0576e58529ff3c42cc38058c3162d935227d345c0e1ff78755d4a88227c7688b8a02031cf42c02decb17e2bdaaab0dc0fd7e1d002bc1ce1982313bc

C:\Windows\System\CnPgnUd.exe

MD5 9a62f84ce16666b4fc657d9a3f6726c0
SHA1 b06b161ced8f11662611434a120e0e76ce37b29a
SHA256 68e124f1ec1f67b51b6ea3576d7679ddf98c986f3554190d7274a028b746a31e
SHA512 3a917d8811fdfbb10580f4e771310e62db078a84ad7ecf65f155b2c1722d15c41525662da471778862ff079183de56b135e0f7f0ca8a7e20763b82d270c78d19

C:\Windows\System\XdxTJuN.exe

MD5 7f6805f831a76504a1d4bfafa58bfdc4
SHA1 cc1c884386cf79890fa65a5e0b549ca9a6415417
SHA256 8765c5d87709fe0982ae2067b0ae1f3a2325cf928c061da578da0d1fc7af8d84
SHA512 49964945724edf4ae06db2a29543e74c131fecbb632ab37e6698bb88ffc63bce188e188e249205f9ca24b63d55bd066426db267bedb7cc3a44765b775cb58dcd

C:\Windows\System\tgylrhA.exe

MD5 662cc31bf5d6112f13c627a2fedb8449
SHA1 1c4d46d5a2a9521fe866b853f6c57b120296f08a
SHA256 1b67629a40353491e707419bad98bd5f667755a75706531540edcc0919ce616f
SHA512 c49b7487de2d684d67217bd133e1be0f697bd2ee19d70c72af18bda97b8d0ecff8e6258205e42e6a518571dce5de88438e5d7908d137a77614203a68586044f8

C:\Windows\System\xYPpuZz.exe

MD5 464dacc4efa5e09a7f87574e128f7618
SHA1 571379c1315d395b445cf8fb6bddbddb9ab711cf
SHA256 0f638f84680b6327836497f3eda0615003afe2238df24ae9a91636b4b1dc97ee
SHA512 2e40425c3336262efe24fb20078b98eb1b7bd6d1f9f3dc2fca024093f42066be2d9f50ff49733454662025034af883ddfc84774404ec7ea593d7721ed49896f5

C:\Windows\System\jFjtLGy.exe

MD5 531c9e8649e7e3e6305c0b47c1440530
SHA1 de1d6c58d1df9947a7238695e92f87f0d55706b2
SHA256 9a9dfe9a14df920b786b56cdf0a3b27410047a60b1d049e11d9cacf2808f52a3
SHA512 289f7d59b410839cb4de5942762aee69c72e3adfd54a225e1733b45e39411733351c522c171d89ac44aa1f3bd35a11073eb5bbbab9559bf3f300ca46ec66ac02

C:\Windows\System\efobEiq.exe

MD5 31aef3e0aae45b104423684cd29383f1
SHA1 c94f2c1cfc2cb2122d8c182d9516a382053a0785
SHA256 95dfb1e97609453834ba603c27b82fc05e58b662a5e3b41d86038c4494d93885
SHA512 59c87220ab6e512d13c1c7e480fe4f34f54f52b799ef863310e9d61f7d05f1e83896a1f2f79934be9253f17a4b076218a24d8b9992b4b7f9566ea3b90ff04e5b

C:\Windows\System\pzscvaK.exe

MD5 46836c42e703fa34d1fd3154de10295b
SHA1 1500055f9ccaae274988ea32d78723e34964a49a
SHA256 458d0324cd3fd6c4d3094430af24bb2173ff4c5215aeaf0cd8e14b7b9270253e
SHA512 e2e1c6e87408fe3532467123d4e11c9fff2d24d2e1ef73e99160ec82eb9ae37b22e92e201c8de8e60e940c6f6004757084c1a6a28a581fb5f4f8a4a182981aba

C:\Windows\System\WewesnW.exe

MD5 bdeb70d12418504e17709b95ecd44eab
SHA1 2ddbaf332cc67a93a46b0a0e59002f5b94960411
SHA256 fca1f5d6a0e89e812f6e865df08bb0d75d2c5879c70511cb217560ffd71e8c67
SHA512 8e9536bc985a08f1a4d598bb2afc5e6dfb4c2ee3e7e2d33a096e2636fb855efa22d5ac697c57c7ccb277a08c77dff78d06edafeb79faafa9318142483c72e7b1

C:\Windows\System\RogZAGS.exe

MD5 d0486ad60ff5a89b4670278d2776b446
SHA1 ca32da823aa8046bab60728a55b7157e0d96a2ca
SHA256 acb4651b9213337d467406e6f14e2b16afe7c0b2794e371b4882d2e562e3f76e
SHA512 20cccd1f38b8f1a26421458684a264aca434274bdcdf9065f2a7cc3c4ce2428637ad37c8df80af75998382d0d4bc8fa0e43a14c10a24187046d5f2cc690c7349

C:\Windows\System\UQTNsTi.exe

MD5 c6f3fe2f6b9732811ec6c3502e740588
SHA1 0bd5a453281f1226c4332daac85d0f4e570a2d60
SHA256 467c8a96b9189971c7cf3cdf0a5a8cf590454dc6c6c96ff18776c5b85d63bd6a
SHA512 0b0c6af6e534a1df6c386317850ab67a946ddf4ffdc7ce20e9d5e4ceea219dd265e84a0b5da376ea53247a0e5e69b4f7615a6fc1388088478494e6b284405f5e

C:\Windows\System\dzZWWye.exe

MD5 970e3a196377aa8833c6c13d3bc27359
SHA1 ecb14dbab52ed1c0479c022d5cdf8616769d0e43
SHA256 f401555a8956c8b2eed9c02ee1550eeb6446f4f9d8908b1d2885d0320e7aa048
SHA512 fefd3b1058d772ca67cd5acca329060f00b2ff894de6b1dfb0e30fe069b56da476f9a0e899ef73d545a20687b2c1ddb661e3648b01e852a4669ae7f9dc29ca19

C:\Windows\System\TuWhDwE.exe

MD5 bdcd330b5a1de95995e8c0ea47f15bd2
SHA1 b18e8dad2598ea684aef7993158d3f987eac49c5
SHA256 6a44587a977691b0aaf627b362e426b2e0e191d5d5054f30413d19740050e110
SHA512 bac1ad1831407d733521fbe476cb8aa274f82997686c6d9c097e297d135c2bc2cdee3633c8f1a9ab3fe061e34cb8bcd210762fba3b8466aa4db4432a3c70befd

C:\Windows\System\WGorJWH.exe

MD5 0311c802ec112bca971d89654161a8b2
SHA1 fe04f2b5f3d82d2d0a29e2dc629321c202f01b72
SHA256 bdb53ac876fbde3c80b8350e71cf20f18aff11464793455e4797ae6defd103f8
SHA512 ac3a319186ca7aafc511b06f2a30394510bd792271013f8004b818eb3b7fe8031506983ceaf1f6a9188f83ee51280a386888c579e482763dd7acc131600f9cb0

C:\Windows\System\FqeMVfR.exe

MD5 d0435e0af91a1fee63cc1eed88623745
SHA1 bfd1d2d90b1291bee3d2153a5516e4d2128981fd
SHA256 b5c5e8ba84e45049937c217b3a1505605d1b952a7c1102a09407987f184e097e
SHA512 3278de8d38478299bbca3c58dcc6916fe2cb9e6905d8719e1a33dbdf2fbc682ca1dce7cc6ecf2eb4c792094f9cedd0a5d0395efce72c9fe26b67564d26a9293b

C:\Windows\System\MaMnFSE.exe

MD5 5d9c6a458a58435b68bfebd2d0618846
SHA1 d78416e869a238ce9d1c0e02692beed29a3748a3
SHA256 7ad6fe0c3638746d12f99870c13fa39fe5c8ea49c724b79d24cb7189f70f7c78
SHA512 0387befd2fe0377873d1cf6b7a30e55a7b42b48eeb623e165c68d5b0689176b4916ba7c453391abe95217cf5382f08201653105be92d53d78808af2d5efe7cef

C:\Windows\System\fCpvGog.exe

MD5 98adc28522bed1a6f46768039bee3ad4
SHA1 9d4817d68d9867043628393afcefd476f3065916
SHA256 cfe5ab8b8f6bf3acd15682af992eb257e0eb70baa15562065b14b0c54f50b2c2
SHA512 fe39fd7b2fd0779a64381f79c09a8b1bee30450866616df263ce7dca2b5bdb931d4188e2c4a11318e1bcb75279e4b35fdf0f154fdfa7133d4a01c81aaf667b57

C:\Windows\System\AvPqDfx.exe

MD5 74cb5fc9a165196e357e95b53ce24f64
SHA1 16683523a19478f8e1cad2d90b6d20db748256ef
SHA256 363c3278b09e47cb3db8126dd3c944b1dd8b3790dc2306603fe823405a1970ab
SHA512 87b5f50e54121eb2774d7ce139816cd3d4d248e8a0f7f5dca2bfd26f7ac9d5355e02e6d1b8ff01f75e1b5875bd88d20e1c98f8a7178586eee444c856ca9c2e84

C:\Windows\System\ncYBPSF.exe

MD5 59f043933ca198c61e3f52e07149086a
SHA1 528ee8b59da760d7cb4c8fe38809e6eec669b730
SHA256 33ac4fc8cf9ca869a5e54dfa5ffb6c424f10d660efb652e75610c2a78adf11d2
SHA512 4d15ca7435b83f6e06f2025db75f5d548870edc8affead17eebf4fc46f10350f882724485517c0d8f169a1687eb3b1514c31cea5d6be440bd0f969e61684105f

C:\Windows\System\XLewlAX.exe

MD5 58ebfabf32932793f29abb3135ab339f
SHA1 e3b7c68ace6d6879acdc40a87472e6f94a6f1bd9
SHA256 59d7ad7b4f3d3b90a2512fd832776d1ad8a9a7028c3b65250b2927fe1f3460a7
SHA512 bdda82d6238c58ee4be705f3ae9dc772adbca8b8e1efdaa3480a82bc68be64d0002ebfb971da29c3b70de91afa99be1e766c1fa5436da3dd2f26035e30a448a9

C:\Windows\System\hkAjvYQ.exe

MD5 4bec5b77e12d8517c2a706cd92198620
SHA1 9731e6d946914d992f7aded0cd007e2ce4bd3862
SHA256 64675503e2f50403d631e2d82a5fd2984eecd88dd37f17d892495adedbbd23fe
SHA512 b87e06483b2c8a54061375009a55f2c554e34c1160d1deb1a9a5cda0c57af2ea5a5809c6a8d784ecc8601424299a3a7f6be38794c957d73f0acfb7717d06b84d