Malware Analysis Report

2025-04-19 17:39

Sample ID 240527-genrssah54
Target 20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe
SHA256 77716b96df71b40d46e07ea81c2388396cb06e3eb98003a65b2e47e4fe978dd9
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77716b96df71b40d46e07ea81c2388396cb06e3eb98003a65b2e47e4fe978dd9

Threat Level: Known bad

The file 20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 05:43

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 05:43

Reported

2024-05-27 05:45

Platform

win7-20240221-en

Max time kernel

134s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\fpJUkqc.exe N/A
N/A N/A C:\Windows\System\AMJOjlS.exe N/A
N/A N/A C:\Windows\System\sZgXJEb.exe N/A
N/A N/A C:\Windows\System\BmRYCJe.exe N/A
N/A N/A C:\Windows\System\ICPhsng.exe N/A
N/A N/A C:\Windows\System\risgRBr.exe N/A
N/A N/A C:\Windows\System\PBBEsjq.exe N/A
N/A N/A C:\Windows\System\vTDGnDt.exe N/A
N/A N/A C:\Windows\System\kosxUTX.exe N/A
N/A N/A C:\Windows\System\MUOCxbb.exe N/A
N/A N/A C:\Windows\System\wjWloOl.exe N/A
N/A N/A C:\Windows\System\aNUeRwF.exe N/A
N/A N/A C:\Windows\System\RXjEXxP.exe N/A
N/A N/A C:\Windows\System\rWiEDxv.exe N/A
N/A N/A C:\Windows\System\HLgkXqh.exe N/A
N/A N/A C:\Windows\System\CManzMh.exe N/A
N/A N/A C:\Windows\System\WMsRyMH.exe N/A
N/A N/A C:\Windows\System\lWHZKRa.exe N/A
N/A N/A C:\Windows\System\cizhUsk.exe N/A
N/A N/A C:\Windows\System\ZcMUhzY.exe N/A
N/A N/A C:\Windows\System\wSgmsJA.exe N/A
N/A N/A C:\Windows\System\NkJtvDG.exe N/A
N/A N/A C:\Windows\System\UJrjiNJ.exe N/A
N/A N/A C:\Windows\System\iryqCwA.exe N/A
N/A N/A C:\Windows\System\gKKkSUD.exe N/A
N/A N/A C:\Windows\System\lGtYcZc.exe N/A
N/A N/A C:\Windows\System\JeIiOjr.exe N/A
N/A N/A C:\Windows\System\VimhNQO.exe N/A
N/A N/A C:\Windows\System\zLYWffM.exe N/A
N/A N/A C:\Windows\System\PHOeFTP.exe N/A
N/A N/A C:\Windows\System\mkMqKFE.exe N/A
N/A N/A C:\Windows\System\yqnfOOQ.exe N/A
N/A N/A C:\Windows\System\ststrAR.exe N/A
N/A N/A C:\Windows\System\yKkzPdC.exe N/A
N/A N/A C:\Windows\System\TlsVMil.exe N/A
N/A N/A C:\Windows\System\SAGejRA.exe N/A
N/A N/A C:\Windows\System\EpDFQMu.exe N/A
N/A N/A C:\Windows\System\IrqYzNH.exe N/A
N/A N/A C:\Windows\System\YsXAXJF.exe N/A
N/A N/A C:\Windows\System\hUUKmXQ.exe N/A
N/A N/A C:\Windows\System\VUSWXeU.exe N/A
N/A N/A C:\Windows\System\RfBGKrd.exe N/A
N/A N/A C:\Windows\System\nqFXeeU.exe N/A
N/A N/A C:\Windows\System\AksRDXu.exe N/A
N/A N/A C:\Windows\System\AyxsTFe.exe N/A
N/A N/A C:\Windows\System\QwvHTsE.exe N/A
N/A N/A C:\Windows\System\KwobgHC.exe N/A
N/A N/A C:\Windows\System\WOeIOyf.exe N/A
N/A N/A C:\Windows\System\AvwlAbf.exe N/A
N/A N/A C:\Windows\System\CSoGQRZ.exe N/A
N/A N/A C:\Windows\System\QxrBjEL.exe N/A
N/A N/A C:\Windows\System\TisrHKl.exe N/A
N/A N/A C:\Windows\System\vQacyoy.exe N/A
N/A N/A C:\Windows\System\mUNZHMZ.exe N/A
N/A N/A C:\Windows\System\uKzOQrY.exe N/A
N/A N/A C:\Windows\System\zutfczL.exe N/A
N/A N/A C:\Windows\System\MmpinSe.exe N/A
N/A N/A C:\Windows\System\YbdKemF.exe N/A
N/A N/A C:\Windows\System\moUEhso.exe N/A
N/A N/A C:\Windows\System\SpiNVdg.exe N/A
N/A N/A C:\Windows\System\dscCtjT.exe N/A
N/A N/A C:\Windows\System\MDJcdFL.exe N/A
N/A N/A C:\Windows\System\hhhdOfV.exe N/A
N/A N/A C:\Windows\System\sPCmnaC.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RXjEXxP.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yqnfOOQ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvwlAbf.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FVgIqeM.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsXAXJF.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mUNZHMZ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJNKRdW.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ndiCUwe.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fpJUkqc.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTDGnDt.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNUeRwF.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JoLRQyb.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SxglxlO.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QyTsOkz.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NkJtvDG.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mkMqKFE.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tvLQjOU.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mlUHghT.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ReVirtw.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PMYvnWd.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aFWfjnK.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hUUKmXQ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fcJRVKC.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRGWbrm.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lOHMGYk.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\sQEUvmc.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GLGCBcB.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LAuxCWG.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JvTbDSW.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gWNCQVx.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BmRYCJe.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PBBEsjq.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IrqYzNH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTcEcWe.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wWRqgWM.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OBdJeoH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WMsRyMH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ststrAR.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKXiEwL.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CuXQIJa.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zLYWffM.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QxrBjEL.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWSCVjH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iJswwAr.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nlHQgOi.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lCoaZYw.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iljZVvz.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PHOeFTP.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GedUqau.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wjWloOl.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwobgHC.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHqKwcv.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\edrsBfE.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mXWeSmX.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOeIOyf.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ihtfDAT.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtzVpTh.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bzuQAfJ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeaIXOz.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\risgRBr.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUOCxbb.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zqQDZFJ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AksRDXu.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpptCmi.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fpJUkqc.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fpJUkqc.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fpJUkqc.exe
PID 2032 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\AMJOjlS.exe
PID 2032 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\AMJOjlS.exe
PID 2032 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\AMJOjlS.exe
PID 2032 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\sZgXJEb.exe
PID 2032 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\sZgXJEb.exe
PID 2032 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\sZgXJEb.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\BmRYCJe.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\BmRYCJe.exe
PID 2032 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\BmRYCJe.exe
PID 2032 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ICPhsng.exe
PID 2032 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ICPhsng.exe
PID 2032 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ICPhsng.exe
PID 2032 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\risgRBr.exe
PID 2032 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\risgRBr.exe
PID 2032 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\risgRBr.exe
PID 2032 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\PBBEsjq.exe
PID 2032 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\PBBEsjq.exe
PID 2032 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\PBBEsjq.exe
PID 2032 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\vTDGnDt.exe
PID 2032 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\vTDGnDt.exe
PID 2032 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\vTDGnDt.exe
PID 2032 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\kosxUTX.exe
PID 2032 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\kosxUTX.exe
PID 2032 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\kosxUTX.exe
PID 2032 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\MUOCxbb.exe
PID 2032 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\MUOCxbb.exe
PID 2032 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\MUOCxbb.exe
PID 2032 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wjWloOl.exe
PID 2032 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wjWloOl.exe
PID 2032 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wjWloOl.exe
PID 2032 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\aNUeRwF.exe
PID 2032 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\aNUeRwF.exe
PID 2032 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\aNUeRwF.exe
PID 2032 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\RXjEXxP.exe
PID 2032 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\RXjEXxP.exe
PID 2032 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\RXjEXxP.exe
PID 2032 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\rWiEDxv.exe
PID 2032 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\rWiEDxv.exe
PID 2032 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\rWiEDxv.exe
PID 2032 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HLgkXqh.exe
PID 2032 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HLgkXqh.exe
PID 2032 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HLgkXqh.exe
PID 2032 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\CManzMh.exe
PID 2032 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\CManzMh.exe
PID 2032 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\CManzMh.exe
PID 2032 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\WMsRyMH.exe
PID 2032 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\WMsRyMH.exe
PID 2032 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\WMsRyMH.exe
PID 2032 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\lWHZKRa.exe
PID 2032 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\lWHZKRa.exe
PID 2032 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\lWHZKRa.exe
PID 2032 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\cizhUsk.exe
PID 2032 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\cizhUsk.exe
PID 2032 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\cizhUsk.exe
PID 2032 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ZcMUhzY.exe
PID 2032 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ZcMUhzY.exe
PID 2032 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ZcMUhzY.exe
PID 2032 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wSgmsJA.exe
PID 2032 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wSgmsJA.exe
PID 2032 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wSgmsJA.exe
PID 2032 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\NkJtvDG.exe

Processes

C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe"

C:\Windows\System\fpJUkqc.exe

C:\Windows\System\fpJUkqc.exe

C:\Windows\System\AMJOjlS.exe

C:\Windows\System\AMJOjlS.exe

C:\Windows\System\sZgXJEb.exe

C:\Windows\System\sZgXJEb.exe

C:\Windows\System\BmRYCJe.exe

C:\Windows\System\BmRYCJe.exe

C:\Windows\System\ICPhsng.exe

C:\Windows\System\ICPhsng.exe

C:\Windows\System\risgRBr.exe

C:\Windows\System\risgRBr.exe

C:\Windows\System\PBBEsjq.exe

C:\Windows\System\PBBEsjq.exe

C:\Windows\System\vTDGnDt.exe

C:\Windows\System\vTDGnDt.exe

C:\Windows\System\kosxUTX.exe

C:\Windows\System\kosxUTX.exe

C:\Windows\System\MUOCxbb.exe

C:\Windows\System\MUOCxbb.exe

C:\Windows\System\wjWloOl.exe

C:\Windows\System\wjWloOl.exe

C:\Windows\System\aNUeRwF.exe

C:\Windows\System\aNUeRwF.exe

C:\Windows\System\RXjEXxP.exe

C:\Windows\System\RXjEXxP.exe

C:\Windows\System\rWiEDxv.exe

C:\Windows\System\rWiEDxv.exe

C:\Windows\System\HLgkXqh.exe

C:\Windows\System\HLgkXqh.exe

C:\Windows\System\CManzMh.exe

C:\Windows\System\CManzMh.exe

C:\Windows\System\WMsRyMH.exe

C:\Windows\System\WMsRyMH.exe

C:\Windows\System\lWHZKRa.exe

C:\Windows\System\lWHZKRa.exe

C:\Windows\System\cizhUsk.exe

C:\Windows\System\cizhUsk.exe

C:\Windows\System\ZcMUhzY.exe

C:\Windows\System\ZcMUhzY.exe

C:\Windows\System\wSgmsJA.exe

C:\Windows\System\wSgmsJA.exe

C:\Windows\System\NkJtvDG.exe

C:\Windows\System\NkJtvDG.exe

C:\Windows\System\UJrjiNJ.exe

C:\Windows\System\UJrjiNJ.exe

C:\Windows\System\iryqCwA.exe

C:\Windows\System\iryqCwA.exe

C:\Windows\System\gKKkSUD.exe

C:\Windows\System\gKKkSUD.exe

C:\Windows\System\lGtYcZc.exe

C:\Windows\System\lGtYcZc.exe

C:\Windows\System\JeIiOjr.exe

C:\Windows\System\JeIiOjr.exe

C:\Windows\System\VimhNQO.exe

C:\Windows\System\VimhNQO.exe

C:\Windows\System\zLYWffM.exe

C:\Windows\System\zLYWffM.exe

C:\Windows\System\PHOeFTP.exe

C:\Windows\System\PHOeFTP.exe

C:\Windows\System\mkMqKFE.exe

C:\Windows\System\mkMqKFE.exe

C:\Windows\System\yqnfOOQ.exe

C:\Windows\System\yqnfOOQ.exe

C:\Windows\System\ststrAR.exe

C:\Windows\System\ststrAR.exe

C:\Windows\System\yKkzPdC.exe

C:\Windows\System\yKkzPdC.exe

C:\Windows\System\TlsVMil.exe

C:\Windows\System\TlsVMil.exe

C:\Windows\System\SAGejRA.exe

C:\Windows\System\SAGejRA.exe

C:\Windows\System\EpDFQMu.exe

C:\Windows\System\EpDFQMu.exe

C:\Windows\System\IrqYzNH.exe

C:\Windows\System\IrqYzNH.exe

C:\Windows\System\YsXAXJF.exe

C:\Windows\System\YsXAXJF.exe

C:\Windows\System\hUUKmXQ.exe

C:\Windows\System\hUUKmXQ.exe

C:\Windows\System\VUSWXeU.exe

C:\Windows\System\VUSWXeU.exe

C:\Windows\System\RfBGKrd.exe

C:\Windows\System\RfBGKrd.exe

C:\Windows\System\nqFXeeU.exe

C:\Windows\System\nqFXeeU.exe

C:\Windows\System\AksRDXu.exe

C:\Windows\System\AksRDXu.exe

C:\Windows\System\AyxsTFe.exe

C:\Windows\System\AyxsTFe.exe

C:\Windows\System\QwvHTsE.exe

C:\Windows\System\QwvHTsE.exe

C:\Windows\System\KwobgHC.exe

C:\Windows\System\KwobgHC.exe

C:\Windows\System\WOeIOyf.exe

C:\Windows\System\WOeIOyf.exe

C:\Windows\System\AvwlAbf.exe

C:\Windows\System\AvwlAbf.exe

C:\Windows\System\CSoGQRZ.exe

C:\Windows\System\CSoGQRZ.exe

C:\Windows\System\QxrBjEL.exe

C:\Windows\System\QxrBjEL.exe

C:\Windows\System\TisrHKl.exe

C:\Windows\System\TisrHKl.exe

C:\Windows\System\vQacyoy.exe

C:\Windows\System\vQacyoy.exe

C:\Windows\System\mUNZHMZ.exe

C:\Windows\System\mUNZHMZ.exe

C:\Windows\System\uKzOQrY.exe

C:\Windows\System\uKzOQrY.exe

C:\Windows\System\zutfczL.exe

C:\Windows\System\zutfczL.exe

C:\Windows\System\MmpinSe.exe

C:\Windows\System\MmpinSe.exe

C:\Windows\System\YbdKemF.exe

C:\Windows\System\YbdKemF.exe

C:\Windows\System\moUEhso.exe

C:\Windows\System\moUEhso.exe

C:\Windows\System\SpiNVdg.exe

C:\Windows\System\SpiNVdg.exe

C:\Windows\System\dscCtjT.exe

C:\Windows\System\dscCtjT.exe

C:\Windows\System\MDJcdFL.exe

C:\Windows\System\MDJcdFL.exe

C:\Windows\System\hhhdOfV.exe

C:\Windows\System\hhhdOfV.exe

C:\Windows\System\sPCmnaC.exe

C:\Windows\System\sPCmnaC.exe

C:\Windows\System\mJeqCid.exe

C:\Windows\System\mJeqCid.exe

C:\Windows\System\rkhddau.exe

C:\Windows\System\rkhddau.exe

C:\Windows\System\exqhaqD.exe

C:\Windows\System\exqhaqD.exe

C:\Windows\System\AVwtgin.exe

C:\Windows\System\AVwtgin.exe

C:\Windows\System\rsAjABJ.exe

C:\Windows\System\rsAjABJ.exe

C:\Windows\System\inRmLxm.exe

C:\Windows\System\inRmLxm.exe

C:\Windows\System\oTcEcWe.exe

C:\Windows\System\oTcEcWe.exe

C:\Windows\System\iJNKRdW.exe

C:\Windows\System\iJNKRdW.exe

C:\Windows\System\VpBrSCB.exe

C:\Windows\System\VpBrSCB.exe

C:\Windows\System\LAuxCWG.exe

C:\Windows\System\LAuxCWG.exe

C:\Windows\System\OhFFlGn.exe

C:\Windows\System\OhFFlGn.exe

C:\Windows\System\OWeJXiH.exe

C:\Windows\System\OWeJXiH.exe

C:\Windows\System\vCsShGt.exe

C:\Windows\System\vCsShGt.exe

C:\Windows\System\yMilwQz.exe

C:\Windows\System\yMilwQz.exe

C:\Windows\System\kYNGmmc.exe

C:\Windows\System\kYNGmmc.exe

C:\Windows\System\aFWfjnK.exe

C:\Windows\System\aFWfjnK.exe

C:\Windows\System\UZKtdNn.exe

C:\Windows\System\UZKtdNn.exe

C:\Windows\System\BsyPGQU.exe

C:\Windows\System\BsyPGQU.exe

C:\Windows\System\tvLQjOU.exe

C:\Windows\System\tvLQjOU.exe

C:\Windows\System\JPlebLa.exe

C:\Windows\System\JPlebLa.exe

C:\Windows\System\bcYZzZB.exe

C:\Windows\System\bcYZzZB.exe

C:\Windows\System\aeLxtkV.exe

C:\Windows\System\aeLxtkV.exe

C:\Windows\System\RJcLcuV.exe

C:\Windows\System\RJcLcuV.exe

C:\Windows\System\JHqKwcv.exe

C:\Windows\System\JHqKwcv.exe

C:\Windows\System\YpptCmi.exe

C:\Windows\System\YpptCmi.exe

C:\Windows\System\ugiUtDR.exe

C:\Windows\System\ugiUtDR.exe

C:\Windows\System\EbkaTzL.exe

C:\Windows\System\EbkaTzL.exe

C:\Windows\System\txaYGUs.exe

C:\Windows\System\txaYGUs.exe

C:\Windows\System\FDYLMSk.exe

C:\Windows\System\FDYLMSk.exe

C:\Windows\System\xKXiEwL.exe

C:\Windows\System\xKXiEwL.exe

C:\Windows\System\RWSCVjH.exe

C:\Windows\System\RWSCVjH.exe

C:\Windows\System\WIVVEqv.exe

C:\Windows\System\WIVVEqv.exe

C:\Windows\System\SxglxlO.exe

C:\Windows\System\SxglxlO.exe

C:\Windows\System\NHLKhgH.exe

C:\Windows\System\NHLKhgH.exe

C:\Windows\System\JvTbDSW.exe

C:\Windows\System\JvTbDSW.exe

C:\Windows\System\oTsOezd.exe

C:\Windows\System\oTsOezd.exe

C:\Windows\System\ZOjVina.exe

C:\Windows\System\ZOjVina.exe

C:\Windows\System\JoLRQyb.exe

C:\Windows\System\JoLRQyb.exe

C:\Windows\System\mQUhIDw.exe

C:\Windows\System\mQUhIDw.exe

C:\Windows\System\vkiGZTb.exe

C:\Windows\System\vkiGZTb.exe

C:\Windows\System\CwZFLMd.exe

C:\Windows\System\CwZFLMd.exe

C:\Windows\System\SqDbJvb.exe

C:\Windows\System\SqDbJvb.exe

C:\Windows\System\LXrUVXp.exe

C:\Windows\System\LXrUVXp.exe

C:\Windows\System\QILhDdC.exe

C:\Windows\System\QILhDdC.exe

C:\Windows\System\tmiKxsJ.exe

C:\Windows\System\tmiKxsJ.exe

C:\Windows\System\fcJRVKC.exe

C:\Windows\System\fcJRVKC.exe

C:\Windows\System\BGsYBQq.exe

C:\Windows\System\BGsYBQq.exe

C:\Windows\System\wWRqgWM.exe

C:\Windows\System\wWRqgWM.exe

C:\Windows\System\QINFfmf.exe

C:\Windows\System\QINFfmf.exe

C:\Windows\System\edrsBfE.exe

C:\Windows\System\edrsBfE.exe

C:\Windows\System\ULTcqAD.exe

C:\Windows\System\ULTcqAD.exe

C:\Windows\System\iJswwAr.exe

C:\Windows\System\iJswwAr.exe

C:\Windows\System\DaEtfUC.exe

C:\Windows\System\DaEtfUC.exe

C:\Windows\System\KeuMNPQ.exe

C:\Windows\System\KeuMNPQ.exe

C:\Windows\System\bAdaUHC.exe

C:\Windows\System\bAdaUHC.exe

C:\Windows\System\mXWeSmX.exe

C:\Windows\System\mXWeSmX.exe

C:\Windows\System\YjZhELz.exe

C:\Windows\System\YjZhELz.exe

C:\Windows\System\zBgjiEh.exe

C:\Windows\System\zBgjiEh.exe

C:\Windows\System\nPaOpMM.exe

C:\Windows\System\nPaOpMM.exe

C:\Windows\System\qbmNntD.exe

C:\Windows\System\qbmNntD.exe

C:\Windows\System\ihtfDAT.exe

C:\Windows\System\ihtfDAT.exe

C:\Windows\System\zBwdqyV.exe

C:\Windows\System\zBwdqyV.exe

C:\Windows\System\uzqFsTf.exe

C:\Windows\System\uzqFsTf.exe

C:\Windows\System\aoSxXeT.exe

C:\Windows\System\aoSxXeT.exe

C:\Windows\System\ndiCUwe.exe

C:\Windows\System\ndiCUwe.exe

C:\Windows\System\eLMMvXo.exe

C:\Windows\System\eLMMvXo.exe

C:\Windows\System\bVNPFUF.exe

C:\Windows\System\bVNPFUF.exe

C:\Windows\System\FVgIqeM.exe

C:\Windows\System\FVgIqeM.exe

C:\Windows\System\ZFyAGsE.exe

C:\Windows\System\ZFyAGsE.exe

C:\Windows\System\mRslYoS.exe

C:\Windows\System\mRslYoS.exe

C:\Windows\System\zRGWbrm.exe

C:\Windows\System\zRGWbrm.exe

C:\Windows\System\bdXupQq.exe

C:\Windows\System\bdXupQq.exe

C:\Windows\System\mnNSMAE.exe

C:\Windows\System\mnNSMAE.exe

C:\Windows\System\CuXQIJa.exe

C:\Windows\System\CuXQIJa.exe

C:\Windows\System\OBdJeoH.exe

C:\Windows\System\OBdJeoH.exe

C:\Windows\System\rtzVpTh.exe

C:\Windows\System\rtzVpTh.exe

C:\Windows\System\bzuQAfJ.exe

C:\Windows\System\bzuQAfJ.exe

C:\Windows\System\mlUHghT.exe

C:\Windows\System\mlUHghT.exe

C:\Windows\System\ReVirtw.exe

C:\Windows\System\ReVirtw.exe

C:\Windows\System\itjjrPe.exe

C:\Windows\System\itjjrPe.exe

C:\Windows\System\jeaIXOz.exe

C:\Windows\System\jeaIXOz.exe

C:\Windows\System\gkAhwQT.exe

C:\Windows\System\gkAhwQT.exe

C:\Windows\System\ddCfTsi.exe

C:\Windows\System\ddCfTsi.exe

C:\Windows\System\yVsJIfg.exe

C:\Windows\System\yVsJIfg.exe

C:\Windows\System\girYypF.exe

C:\Windows\System\girYypF.exe

C:\Windows\System\ZsTTLpP.exe

C:\Windows\System\ZsTTLpP.exe

C:\Windows\System\nlHQgOi.exe

C:\Windows\System\nlHQgOi.exe

C:\Windows\System\PNLZnZM.exe

C:\Windows\System\PNLZnZM.exe

C:\Windows\System\hBbcZHE.exe

C:\Windows\System\hBbcZHE.exe

C:\Windows\System\HhLnPBc.exe

C:\Windows\System\HhLnPBc.exe

C:\Windows\System\rmfZZYm.exe

C:\Windows\System\rmfZZYm.exe

C:\Windows\System\NqAgtPy.exe

C:\Windows\System\NqAgtPy.exe

C:\Windows\System\GedUqau.exe

C:\Windows\System\GedUqau.exe

C:\Windows\System\QyTsOkz.exe

C:\Windows\System\QyTsOkz.exe

C:\Windows\System\FpWwvXm.exe

C:\Windows\System\FpWwvXm.exe

C:\Windows\System\hMIvvrb.exe

C:\Windows\System\hMIvvrb.exe

C:\Windows\System\lOHMGYk.exe

C:\Windows\System\lOHMGYk.exe

C:\Windows\System\abThIUi.exe

C:\Windows\System\abThIUi.exe

C:\Windows\System\JzeZuLJ.exe

C:\Windows\System\JzeZuLJ.exe

C:\Windows\System\LbAMrEC.exe

C:\Windows\System\LbAMrEC.exe

C:\Windows\System\knzIemN.exe

C:\Windows\System\knzIemN.exe

C:\Windows\System\YKBbEGn.exe

C:\Windows\System\YKBbEGn.exe

C:\Windows\System\pxeERES.exe

C:\Windows\System\pxeERES.exe

C:\Windows\System\lCoaZYw.exe

C:\Windows\System\lCoaZYw.exe

C:\Windows\System\JvyGmSV.exe

C:\Windows\System\JvyGmSV.exe

C:\Windows\System\CkmIaKT.exe

C:\Windows\System\CkmIaKT.exe

C:\Windows\System\BbkqpNY.exe

C:\Windows\System\BbkqpNY.exe

C:\Windows\System\ittWqdO.exe

C:\Windows\System\ittWqdO.exe

C:\Windows\System\NcEnZsy.exe

C:\Windows\System\NcEnZsy.exe

C:\Windows\System\sQEUvmc.exe

C:\Windows\System\sQEUvmc.exe

C:\Windows\System\xEvTOFi.exe

C:\Windows\System\xEvTOFi.exe

C:\Windows\System\FlgbzGu.exe

C:\Windows\System\FlgbzGu.exe

C:\Windows\System\WuYmxwg.exe

C:\Windows\System\WuYmxwg.exe

C:\Windows\System\gWNCQVx.exe

C:\Windows\System\gWNCQVx.exe

C:\Windows\System\fjGCPIe.exe

C:\Windows\System\fjGCPIe.exe

C:\Windows\System\hAiCBkx.exe

C:\Windows\System\hAiCBkx.exe

C:\Windows\System\GLGCBcB.exe

C:\Windows\System\GLGCBcB.exe

C:\Windows\System\vhBZTdD.exe

C:\Windows\System\vhBZTdD.exe

C:\Windows\System\qjhQebF.exe

C:\Windows\System\qjhQebF.exe

C:\Windows\System\wTXpulC.exe

C:\Windows\System\wTXpulC.exe

C:\Windows\System\iljZVvz.exe

C:\Windows\System\iljZVvz.exe

C:\Windows\System\xxmMirH.exe

C:\Windows\System\xxmMirH.exe

C:\Windows\System\zqQDZFJ.exe

C:\Windows\System\zqQDZFJ.exe

C:\Windows\System\KmlxEcT.exe

C:\Windows\System\KmlxEcT.exe

C:\Windows\System\fVJMuGW.exe

C:\Windows\System\fVJMuGW.exe

C:\Windows\System\qndHhpL.exe

C:\Windows\System\qndHhpL.exe

C:\Windows\System\YSNiyFO.exe

C:\Windows\System\YSNiyFO.exe

C:\Windows\System\PYHRAQe.exe

C:\Windows\System\PYHRAQe.exe

C:\Windows\System\ZmLjclo.exe

C:\Windows\System\ZmLjclo.exe

C:\Windows\System\PMYvnWd.exe

C:\Windows\System\PMYvnWd.exe

C:\Windows\System\fmUVFTp.exe

C:\Windows\System\fmUVFTp.exe

C:\Windows\System\PZLtkQp.exe

C:\Windows\System\PZLtkQp.exe

C:\Windows\System\OcMUcsd.exe

C:\Windows\System\OcMUcsd.exe

C:\Windows\System\nvOaohW.exe

C:\Windows\System\nvOaohW.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2032-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\fpJUkqc.exe

MD5 15cae02192dedfc0f5df690d12093a25
SHA1 4316a1d29a898e893f496e7224ebc2728fd3101d
SHA256 0bc53a5f44d543405f24243dfe088a9a2cca10a7fafd967cfec0305d311af69f
SHA512 2c8c56aa73dd69f9b04b7d12e5364e681f08c14b83e5464ce1c9d3ceec37fea677c7898989e6ed7671cb9073bc8e5395a5fbc005d479f99142bfc55cbe337bf7

C:\Windows\system\AMJOjlS.exe

MD5 758e6be14d8b7ab6d65d816e474e2c48
SHA1 b3c43b2c43bd1ee2f64fadd78d86b6188e482ea9
SHA256 6b4b34eb723dd5729f8b83d006a4bed989c105330f4fef0a1aacc0ffd2c53e54
SHA512 5c4ca9d540b362ec7e82f8f5f68157dbeb7a56fc095af63f954ea835e082e91a5574af51e50f97485e52d75ecb97128bd81f6b16827af62c4acfced95dea649c

C:\Windows\system\sZgXJEb.exe

MD5 672cdb6cebb21e9ff693ac1258348855
SHA1 02240ceecee9712bd25742d72f6c03fa76d4f1a5
SHA256 a648b5d77db2cd2bbc88f4a2412f097ae0421203c0617d47f77d93587159b4ff
SHA512 29eddc0e377e40cd9e08904b9a1770664978e603f5b8bfcbe50da930c86e25717a9a8dbb533cdd5f773934710d4299eadbed07742dabed85ec7bb6ae183a65a5

C:\Windows\system\BmRYCJe.exe

MD5 cbf04db8dacadf88bb9f1a6ebb62f72f
SHA1 8adf3b94588f7317480e3cf2c1fb7afc8bfbf88d
SHA256 611a6592f04f3029293aaf60c4114b7041db47dcd1209a8e9c7a5fb9ddaf6811
SHA512 ac69b24afee86291a6bbac04527272b866ca2a07a5eace24d7d38cadc6da6ffaa1dad53f6f714f727b169381fe70652d0bbbb49ba408bbe463d6e2d01f6fafc6

C:\Windows\system\ICPhsng.exe

MD5 976ba1014a0a854072040d0104148c97
SHA1 2345851c03c178946529e4a6e5b7c217edc6a1ad
SHA256 001a73937a91279049bbd87fe3d67e66af17642e475b8c19d6452246d82b317f
SHA512 a426267e13c460acaf7203e4ff68fb25b7162e89de77cc82ffd4c337d294e0a6c80fcf7a2b2875ac3860424df9c9fd141fd5cf2c96d742bf6a3c55c1bcb9cd11

C:\Windows\system\risgRBr.exe

MD5 5ea033475e5ce0fc92c6c5955c280ebc
SHA1 7fe24fa1630766ad8cb0dcde3e6554955971f34a
SHA256 2ee6131d8a3af27fe5c16d286df771ad3407ac1a20f89c23e081f1353071c3b2
SHA512 16a6aa0d6aec0450340ba4284917905021502415e422b1422fb2e1c89f262bc5371e312a8cabcd050c44416959fd2d264150ad4c6b37c012cccbd428b8a16d3f

C:\Windows\system\PBBEsjq.exe

MD5 7d13b370c0bcc6222c6ddb3e64fea976
SHA1 6b341cb3cf49a78e61ba5ffd45d7f35fd7db1615
SHA256 f6b9de4876719c97a0ea390e89c1fb34e499e18fc02ef899440a960d52d93642
SHA512 b60fb90326f00f30931828160a6cfcbcd16611943c8a2cee58a455855bb8377dd455564f010c5e32b427f9c94bc46252e7bee6828b8d1b85ff461fea77fdd90c

\Windows\system\MUOCxbb.exe

MD5 56d10e00e67e1dc69646dba1c83c1045
SHA1 658fa3ca003c3c1aa4e9bb66b1001624696cf53b
SHA256 d4baaec811ac07e7fdc75112ec75f2bcdb24af3f6bc1669da47d6202a8027f84
SHA512 9589df2b1ce1d8eb570550dc17f1a3d8916b28bdedd63c9596d1d4dc702c733d93cde4a4b6eee3f98a63c56f1e06054a67a1bb232bbf8abd4f8ee122cd8aec66

C:\Windows\system\wjWloOl.exe

MD5 f99e9bb1698c53db8de29ec28daa3f52
SHA1 b0f0d9f751837fe9c2182df0d149bae130db5640
SHA256 04b432c5f404c3baeffdec4ce4819788a01a71d59977f083856a8204591486b4
SHA512 dc0fb2a34ee2be50308d4e4acc743f6ca0ef8359d905be11f1d3dd322f1bea86acc4ce16d77054fee5d2b5d7b9a22552d5be49dcba90a1fa602403b33b38a94c

C:\Windows\system\aNUeRwF.exe

MD5 78d8640e8cd24159c29768d9bc9170b6
SHA1 c266d3ceda272825a228c98538d9355f491daf64
SHA256 cb9da00676adf2dad6ccc17e01346264066b9ff7cb450dbf549e46bbd5cdb812
SHA512 7c6699e071c7d34731623e86af68a3c62f460f990debda3607ea097ebc780b0fbf957eb0ba951e9075902c0afe446486d384e23a11505e6dcc061db0e6ef729c

C:\Windows\system\rWiEDxv.exe

MD5 fcf3b857ae5b0d5a5c2d3a32b561065b
SHA1 802ac0c0e70d8f861cbc151199fd26bd5a77a652
SHA256 af815af038204c0755686195d6d070f346069bb7fce8246a5fdaa8004fa88fc5
SHA512 c76622cd59a23abcd9dfacdce8483fc733b0cc2eb70e65228e2f4837128d9c60a28b6641573ef69aff6b7a3dfb70626235cce9bcd4415bd6ec0c232a8e71d7e9

C:\Windows\system\CManzMh.exe

MD5 84df8fb70a25e2fb4c256b296bb9cf80
SHA1 e783dae21a03c87b6a92deed2ea2128c1516ccea
SHA256 ed550b23aec51169f6fdb9124f43085aaf7b9219bd02c1d559c4fffd9bca2aba
SHA512 4da6a33064d5c47708c25e273bd40c6a0bb805a009c86740062bbffddb869c8379a4115ae313653b9cc0de37f49578f7a97e1b37df792b1284c18109ea872806

C:\Windows\system\NkJtvDG.exe

MD5 ed0132e6b60835e83b7cd3787ccfe79b
SHA1 5e2a89bd647cf45529b8181262bffe4cb4024e12
SHA256 cbb1c031d9d78442753acfe7f2e399e7e7c0f9087a50a37d053e16ad30acbc9f
SHA512 75c193396f289f73fa2cb4f015f6603a476696fe22bdb725300b4f15ba20e3a6e0dd2d83b814dfe637508d3f9537f688ac3d5dc84b917fbe987a945e96e5a09b

C:\Windows\system\iryqCwA.exe

MD5 e395841df3277c542de4c88034407a5c
SHA1 2dc891508ecaf3a91bd778e866ac17fb4bf26c24
SHA256 4d3d30c79c2f6e9c1df82a01201151637aa08bacd6a5cbdbc8fdf67234cade6a
SHA512 56e7ed6ff35ab85347aefdc859bc25fa63f50a55ff9bebfbf527fdd1bff0fe8f7c96807b6ae4734c8bbed3aef268e0d18b6b640614f988aa0694cedba05b4407

C:\Windows\system\VimhNQO.exe

MD5 bc99a5cd25a48bbbea64dc101091dbaf
SHA1 92dbe8e41d978f5065cd3a8a3d9e0c31e1c2a8c6
SHA256 df15f7586ebeb5e6bbce0297bac9ea01b204c31490cf1832a1753bc417026928
SHA512 bc281d6458cc088ce05c7f1233625d68f4e49f04706ae25fe603fc58d240e09bc082588ae8f2d5d693e2bee491283a5f5d9adf71635f76759f5e7de6ca4d29ec

C:\Windows\system\mkMqKFE.exe

MD5 9ae352db78269d3b24cdea683a0ed2fa
SHA1 2af51c71588e847bfa724c8a389670d70f2b4e87
SHA256 074e271f0f9cb5a8c0639f3dde5ccd35723ee14a216ed9cbd1a1762fd3b19bfd
SHA512 604903b6d05f3d9116d861087ff2aff9600e81ecf87dd9cd5cc2715a00dfd60494f51b9cb982a3f6826bb23550c66d1ca7e8acb8acc4b491eb3308b3a90ea7bf

C:\Windows\system\yqnfOOQ.exe

MD5 35f64990e7340a5599120004bd29eedf
SHA1 5ea6705ab48ad8e3b32a58a102581e4ba572ccda
SHA256 b599eeba032d9157ed0204dd84479d6120c7cf9e5e779fdbf08d6fbe9f4b989f
SHA512 a38958cad2debbdb89258d40af94f174eb740e785dabdabe319bcc68d9a5b337c5d9395c6121b45d717fd6fb33dc13f50c382c50ee7dbbc97ed951d8204a3750

C:\Windows\system\PHOeFTP.exe

MD5 1f40106205211bf5c39eba5d5070d4b1
SHA1 6ab77714054612c814ba8ce9fe98cef51de17195
SHA256 af6737221952282c5529256af3641933bc4e37451b841c4c39755fe0e11493c3
SHA512 16668745a39bb38b4cc40bfd3f7f08bcaed85008b7b1fd03022e0ca81ed1b4e652fcc5563bf03817f4a398fe939de353725a8d363a89e48f4741e1fa4d2d72e4

C:\Windows\system\zLYWffM.exe

MD5 cbaecb9a76fd36c37e877491e1eb8843
SHA1 585ef535abc85e41cccb344bc0afba8afe87e563
SHA256 18bbe3368b6e131144bf6ad0313e508adba9d4cf4b935ee0e5345ac2bd49b223
SHA512 5cde69fc64a2b7b7c0da7df4aff1e2e88a48d4667b2ed4c5dc44c650cc672defdaa935bb0baeb56b814007ec8cbc8a9937bc782b97ceadb45be1531b40eb9d43

C:\Windows\system\JeIiOjr.exe

MD5 4023a0d63ce3d5b7ac87740734464dec
SHA1 ea56491a00fd3eb9f12db4f280d2d218067ccf4f
SHA256 99f6fef732399f703d244d6938899f40cd67912ad51c7d050a0c782316421aed
SHA512 4a8ee1a8a675c0b1ad835edc67b61c0982ef92d0d2e7a216e9f1a68d5c8acf563ffac10fc37c9c153df65d99c4a49b62fbcb0b34780ca52ee65a6fd927568676

C:\Windows\system\lGtYcZc.exe

MD5 d2a4fe61fb7b268a372b301bd9b23b8d
SHA1 7e393ae7e4e72fcddf8817a35b541c7399479384
SHA256 9bc2869e08782de24259f194c020f1527a882d18932936c2289ac60410f79c06
SHA512 2cf115862e0c222c99d5110642e844cf8161bb0359cc58563be27906c6c398f9cdbdf10c9cfe1269227bedff512914c19094a004e39e7160ddafe1284c1860fe

C:\Windows\system\gKKkSUD.exe

MD5 1d59d12c62e2263b6851e6eff4151f4c
SHA1 4027e596df2bd20239587dfcc53b6d9d64e411d2
SHA256 34bb4b97c8f182aee72b4f194202c8dc37bc687a1dd851cd259e5977a2803f95
SHA512 2d5e84b5c643f05c21c99b30b6061b4cf70ccd595bf07dabee7787c4c162667d93a80da703266ffdb601be0c9bad667efb8ced67946b162e247d1a2457770f4a

C:\Windows\system\UJrjiNJ.exe

MD5 b1de1bae0f418f7c4bdc0540c02d1991
SHA1 c883569e123c1e3e9c57370e586c7ed679b011de
SHA256 0acc3dedcff4541b1b3459e3352c40c2340a6ff081e787f660ddced2fe522542
SHA512 1982d556098bbc0676de3767e76edda6d24dc023b7b8f1ff9221b7189952e31094dcc139721e3542a997b875c7829ece9fcd514e2e774729fbe7696539df0ac1

C:\Windows\system\wSgmsJA.exe

MD5 5035a9bb36d7922453697b206aacd817
SHA1 ae80a6041cca9c1351a41cf29d921c3195d4d565
SHA256 0893fe812cdc91657d27a94952824190fd013169dce55a4c7e89931889950c88
SHA512 9aa6fbcb6cf13fc14e32c4d6b94f4fe333971c8536f5463d59d12a2a93473962d462b59aed3baf44d824aa82dae01d242435370f5bb5c90d7c5848e2ab3c2606

C:\Windows\system\ZcMUhzY.exe

MD5 a9d5de79bd1522b911fbdf7b6e8689de
SHA1 2a1c447e94f80e313be00914185e578ced6bd15b
SHA256 aef252e546a42f34376cbdb69ae513870f5f1290003052f1ab015f5cbb97fd95
SHA512 7a9e006a5e1828db02111cf4a852d9dc8808b15a7f3bdc6d96e07646a3e4d70311b890c34a5951f3813a53aaeae5cd403ef1f4f3090d1ee73f4daa1dfa1f32f0

C:\Windows\system\cizhUsk.exe

MD5 9b9db7adf14ec03d7f50cb4b4d948797
SHA1 d4411bd1b43207caf2c83a8ddbc366f26ae6b47d
SHA256 cfa8168747ad7e58619d6dd44cfba9f969f7400be510a21d624030834a801215
SHA512 bc81f712d89a528e69085d13a2541345fe578d26ac9667d92c0273993d41f901cdf7108b77d3211d412b9a5d3487d3a75ee03d71da1d7342d54981bcbd5b7a3c

C:\Windows\system\lWHZKRa.exe

MD5 6524872e25155593f2b61bd5bd143ac4
SHA1 c442288441e0656229440bfb50e69f116971cd52
SHA256 a67d3765e6ec9feebf384aec423e1c20092639db58cc1c2cea72b1a6c1cecf98
SHA512 0f0ea0ae58f5805c5c050233af9f1d0137ceb1b8ad21114b1bf6ba07dc7d2ed40957b455ab429273844b5b8586c92605088e8c845565e689d65c5ac726180430

C:\Windows\system\WMsRyMH.exe

MD5 5bc41ae438c45dbe73610741aefbcad1
SHA1 02a8a8568f7aa310e3e80550f9229139323a0a4f
SHA256 2fcaa3168d18a774de12dc7ef79f384451dd29a7d1b654616141952f1406db31
SHA512 4e6b4e645702eb447fca9a1ae2c4d1e74ecd3807f5e6ecce7691ab379ce4c334942dc2993c552dd690dce82286b187ea864195bc9bbf258a8b51d7b54576f3a7

C:\Windows\system\HLgkXqh.exe

MD5 f5898f6b294ed09335c48ea8f7b5d28e
SHA1 0989dbe7869a5dbc0942d8b5609ff4480338a3cf
SHA256 a17d2cc53db0ce01903286aa1a764a63f5ae1e0221b8da334d40a5a9adcf17c6
SHA512 d667cc376a0186232488d229802aafe2b4eee43d599e0d388a4423e454c470ad22debfacfa70436aaae2cbcb81de86bd1926bb2c315d824bb1b5d2d73290914d

C:\Windows\system\RXjEXxP.exe

MD5 d5f1b1887770e929e7644146912294f1
SHA1 6943ddcba7b8ae2a818535583d2cb4531d100324
SHA256 302fbc28dd7dfeb78b97bc8c255e24543b1676fc3f9993d224d23b2a36b533ce
SHA512 4de16ebb516bd9aae09ea07de7994ff6333bd954e981566f7692cda773bce7955d14a44cb2f2d8cf4ce5f0b7c31b8f783983a9ab459e89342ccfa21a1f5ea874

C:\Windows\system\kosxUTX.exe

MD5 7639d920b6e4556b004eb446a996b069
SHA1 24f9f737cafc9f147559fe73bd45158274213fdf
SHA256 b7d69b660e4cc37f47473756add4a07e2b116d8c4ba6780d2bdbcd26c5a03381
SHA512 84ddf38c24e740590b6d8a322c6decdc3dc9b211fb8cb85d689ef364de1e95635d521c50ab848c3a85c59d390c7f4f328d541ed40fd9beba6d2eac4a16ccdac3

C:\Windows\system\vTDGnDt.exe

MD5 2572a215187dfc099b5ac59b4d0cb5ea
SHA1 f8be0ed12e001e904cf4ccf77e8df6e72f867aaa
SHA256 b8ce3580542dfe1bd160feeef78345d9dd5984dfba1c0e529b1694c683da9d99
SHA512 9fa17acaa3356120caea6bf7f8db5c297a27b27e041bf0091aa5630808d5466b9e0338245e103aee68281610bede313d01b6ce17783b49b9cbdb152d013426cb

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 05:43

Reported

2024-05-27 05:45

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe"

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lCFnNsN.exe N/A
N/A N/A C:\Windows\System\pmwWovw.exe N/A
N/A N/A C:\Windows\System\CIqhjZh.exe N/A
N/A N/A C:\Windows\System\BuYBrNJ.exe N/A
N/A N/A C:\Windows\System\pMBXjud.exe N/A
N/A N/A C:\Windows\System\EJBHBIP.exe N/A
N/A N/A C:\Windows\System\jPvRUHI.exe N/A
N/A N/A C:\Windows\System\opiGhQr.exe N/A
N/A N/A C:\Windows\System\oBbjgLb.exe N/A
N/A N/A C:\Windows\System\kewTHjh.exe N/A
N/A N/A C:\Windows\System\xPibOwb.exe N/A
N/A N/A C:\Windows\System\aNMClNf.exe N/A
N/A N/A C:\Windows\System\WoPjTQv.exe N/A
N/A N/A C:\Windows\System\wptNPAY.exe N/A
N/A N/A C:\Windows\System\FPufWTs.exe N/A
N/A N/A C:\Windows\System\UQvwWXe.exe N/A
N/A N/A C:\Windows\System\ENEjyDR.exe N/A
N/A N/A C:\Windows\System\gPRZaHt.exe N/A
N/A N/A C:\Windows\System\HqrGBmb.exe N/A
N/A N/A C:\Windows\System\DFcbSAi.exe N/A
N/A N/A C:\Windows\System\LFwYAXq.exe N/A
N/A N/A C:\Windows\System\tHokXoj.exe N/A
N/A N/A C:\Windows\System\YfNErGa.exe N/A
N/A N/A C:\Windows\System\fmuqfqM.exe N/A
N/A N/A C:\Windows\System\zfYQhAh.exe N/A
N/A N/A C:\Windows\System\fhiCjpv.exe N/A
N/A N/A C:\Windows\System\HWzZlwC.exe N/A
N/A N/A C:\Windows\System\AMOgSFf.exe N/A
N/A N/A C:\Windows\System\DRirybm.exe N/A
N/A N/A C:\Windows\System\RRHzUAC.exe N/A
N/A N/A C:\Windows\System\ivnVoBg.exe N/A
N/A N/A C:\Windows\System\dRntKxk.exe N/A
N/A N/A C:\Windows\System\VNiAjeq.exe N/A
N/A N/A C:\Windows\System\bgkNORM.exe N/A
N/A N/A C:\Windows\System\MKjpPYE.exe N/A
N/A N/A C:\Windows\System\jvyGVOg.exe N/A
N/A N/A C:\Windows\System\mqDNRmc.exe N/A
N/A N/A C:\Windows\System\YglNNLF.exe N/A
N/A N/A C:\Windows\System\zSTJldz.exe N/A
N/A N/A C:\Windows\System\YukBhnP.exe N/A
N/A N/A C:\Windows\System\CiodZaV.exe N/A
N/A N/A C:\Windows\System\YkWayaO.exe N/A
N/A N/A C:\Windows\System\ThZEOrn.exe N/A
N/A N/A C:\Windows\System\xYZyIzk.exe N/A
N/A N/A C:\Windows\System\bjmnzim.exe N/A
N/A N/A C:\Windows\System\GFkFgNj.exe N/A
N/A N/A C:\Windows\System\BLMuPEH.exe N/A
N/A N/A C:\Windows\System\iOkJLzU.exe N/A
N/A N/A C:\Windows\System\lagtfgq.exe N/A
N/A N/A C:\Windows\System\lUwegsz.exe N/A
N/A N/A C:\Windows\System\MrUCGkp.exe N/A
N/A N/A C:\Windows\System\QqWukpx.exe N/A
N/A N/A C:\Windows\System\TPkRtYC.exe N/A
N/A N/A C:\Windows\System\olgiZKM.exe N/A
N/A N/A C:\Windows\System\PjGLXGl.exe N/A
N/A N/A C:\Windows\System\ldHwQkt.exe N/A
N/A N/A C:\Windows\System\REbzsnB.exe N/A
N/A N/A C:\Windows\System\hvtItgZ.exe N/A
N/A N/A C:\Windows\System\YUftkbX.exe N/A
N/A N/A C:\Windows\System\PraNaTW.exe N/A
N/A N/A C:\Windows\System\nvYJqkr.exe N/A
N/A N/A C:\Windows\System\hJDWBGk.exe N/A
N/A N/A C:\Windows\System\nltcktC.exe N/A
N/A N/A C:\Windows\System\lkSXuWg.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\fmuqfqM.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ThZEOrn.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MrUCGkp.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KgSObYc.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPlQrVc.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcPeDRl.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aNMClNf.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ivnVoBg.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lkSXuWg.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImfgVmU.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\Sprjcue.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\djtckqf.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVMjxif.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BuIFeEH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfGIikL.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ietlgVE.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\bjXYqYH.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGHpUSB.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoSIaCU.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUdKEAn.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rpMckHL.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZoGWKbn.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoPjTQv.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wptNPAY.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NhGObbZ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkkUtgV.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRMHSvu.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjGLXGl.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hvtItgZ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\npHSxvA.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VRNaUGF.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LNRjzNT.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AJnJiOL.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JybGYGZ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SfEBfNh.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\brucDgi.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqVylqO.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnWbVqV.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HqrGBmb.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZaXpePb.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UntyETs.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVTzRDA.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RRHzUAC.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGBgJUR.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JWiMLJq.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LBryRDw.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uYMIReN.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\dqDyfmR.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IarQRxA.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zpRvGHZ.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJBQcBA.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kqAHQmM.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\opiGhQr.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\llzXiSF.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GWCOwcn.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tdlERbq.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lybYDZI.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUJhFIc.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iIIAhph.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENEjyDR.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNiAjeq.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\PuNrJNa.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fCfDXZb.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YglNNLF.exe C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3084 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\lCFnNsN.exe
PID 3084 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\lCFnNsN.exe
PID 3084 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\pmwWovw.exe
PID 3084 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\pmwWovw.exe
PID 3084 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\CIqhjZh.exe
PID 3084 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\CIqhjZh.exe
PID 3084 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\BuYBrNJ.exe
PID 3084 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\BuYBrNJ.exe
PID 3084 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\pMBXjud.exe
PID 3084 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\pMBXjud.exe
PID 3084 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\EJBHBIP.exe
PID 3084 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\EJBHBIP.exe
PID 3084 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\jPvRUHI.exe
PID 3084 wrote to memory of 1164 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\jPvRUHI.exe
PID 3084 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\opiGhQr.exe
PID 3084 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\opiGhQr.exe
PID 3084 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\oBbjgLb.exe
PID 3084 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\oBbjgLb.exe
PID 3084 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\kewTHjh.exe
PID 3084 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\kewTHjh.exe
PID 3084 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\xPibOwb.exe
PID 3084 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\xPibOwb.exe
PID 3084 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\aNMClNf.exe
PID 3084 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\aNMClNf.exe
PID 3084 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\WoPjTQv.exe
PID 3084 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\WoPjTQv.exe
PID 3084 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wptNPAY.exe
PID 3084 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\wptNPAY.exe
PID 3084 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\FPufWTs.exe
PID 3084 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\FPufWTs.exe
PID 3084 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\UQvwWXe.exe
PID 3084 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\UQvwWXe.exe
PID 3084 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ENEjyDR.exe
PID 3084 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ENEjyDR.exe
PID 3084 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\gPRZaHt.exe
PID 3084 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\gPRZaHt.exe
PID 3084 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HqrGBmb.exe
PID 3084 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HqrGBmb.exe
PID 3084 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\DFcbSAi.exe
PID 3084 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\DFcbSAi.exe
PID 3084 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\LFwYAXq.exe
PID 3084 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\LFwYAXq.exe
PID 3084 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\tHokXoj.exe
PID 3084 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\tHokXoj.exe
PID 3084 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\YfNErGa.exe
PID 3084 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\YfNErGa.exe
PID 3084 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fmuqfqM.exe
PID 3084 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fmuqfqM.exe
PID 3084 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\zfYQhAh.exe
PID 3084 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\zfYQhAh.exe
PID 3084 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fhiCjpv.exe
PID 3084 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\fhiCjpv.exe
PID 3084 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HWzZlwC.exe
PID 3084 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\HWzZlwC.exe
PID 3084 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\AMOgSFf.exe
PID 3084 wrote to memory of 4744 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\AMOgSFf.exe
PID 3084 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\DRirybm.exe
PID 3084 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\DRirybm.exe
PID 3084 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\RRHzUAC.exe
PID 3084 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\RRHzUAC.exe
PID 3084 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ivnVoBg.exe
PID 3084 wrote to memory of 4872 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\ivnVoBg.exe
PID 3084 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\dRntKxk.exe
PID 3084 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe C:\Windows\System\dRntKxk.exe

Processes

C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\20ffca5aab5b87daa0a2e56867397a10_NeikiAnalytics.exe"

C:\Windows\System\lCFnNsN.exe

C:\Windows\System\lCFnNsN.exe

C:\Windows\System\pmwWovw.exe

C:\Windows\System\pmwWovw.exe

C:\Windows\System\CIqhjZh.exe

C:\Windows\System\CIqhjZh.exe

C:\Windows\System\BuYBrNJ.exe

C:\Windows\System\BuYBrNJ.exe

C:\Windows\System\pMBXjud.exe

C:\Windows\System\pMBXjud.exe

C:\Windows\System\EJBHBIP.exe

C:\Windows\System\EJBHBIP.exe

C:\Windows\System\jPvRUHI.exe

C:\Windows\System\jPvRUHI.exe

C:\Windows\System\opiGhQr.exe

C:\Windows\System\opiGhQr.exe

C:\Windows\System\oBbjgLb.exe

C:\Windows\System\oBbjgLb.exe

C:\Windows\System\kewTHjh.exe

C:\Windows\System\kewTHjh.exe

C:\Windows\System\xPibOwb.exe

C:\Windows\System\xPibOwb.exe

C:\Windows\System\aNMClNf.exe

C:\Windows\System\aNMClNf.exe

C:\Windows\System\WoPjTQv.exe

C:\Windows\System\WoPjTQv.exe

C:\Windows\System\wptNPAY.exe

C:\Windows\System\wptNPAY.exe

C:\Windows\System\FPufWTs.exe

C:\Windows\System\FPufWTs.exe

C:\Windows\System\UQvwWXe.exe

C:\Windows\System\UQvwWXe.exe

C:\Windows\System\ENEjyDR.exe

C:\Windows\System\ENEjyDR.exe

C:\Windows\System\gPRZaHt.exe

C:\Windows\System\gPRZaHt.exe

C:\Windows\System\HqrGBmb.exe

C:\Windows\System\HqrGBmb.exe

C:\Windows\System\DFcbSAi.exe

C:\Windows\System\DFcbSAi.exe

C:\Windows\System\LFwYAXq.exe

C:\Windows\System\LFwYAXq.exe

C:\Windows\System\tHokXoj.exe

C:\Windows\System\tHokXoj.exe

C:\Windows\System\YfNErGa.exe

C:\Windows\System\YfNErGa.exe

C:\Windows\System\fmuqfqM.exe

C:\Windows\System\fmuqfqM.exe

C:\Windows\System\zfYQhAh.exe

C:\Windows\System\zfYQhAh.exe

C:\Windows\System\fhiCjpv.exe

C:\Windows\System\fhiCjpv.exe

C:\Windows\System\HWzZlwC.exe

C:\Windows\System\HWzZlwC.exe

C:\Windows\System\AMOgSFf.exe

C:\Windows\System\AMOgSFf.exe

C:\Windows\System\DRirybm.exe

C:\Windows\System\DRirybm.exe

C:\Windows\System\RRHzUAC.exe

C:\Windows\System\RRHzUAC.exe

C:\Windows\System\ivnVoBg.exe

C:\Windows\System\ivnVoBg.exe

C:\Windows\System\dRntKxk.exe

C:\Windows\System\dRntKxk.exe

C:\Windows\System\VNiAjeq.exe

C:\Windows\System\VNiAjeq.exe

C:\Windows\System\bgkNORM.exe

C:\Windows\System\bgkNORM.exe

C:\Windows\System\MKjpPYE.exe

C:\Windows\System\MKjpPYE.exe

C:\Windows\System\jvyGVOg.exe

C:\Windows\System\jvyGVOg.exe

C:\Windows\System\mqDNRmc.exe

C:\Windows\System\mqDNRmc.exe

C:\Windows\System\YglNNLF.exe

C:\Windows\System\YglNNLF.exe

C:\Windows\System\zSTJldz.exe

C:\Windows\System\zSTJldz.exe

C:\Windows\System\YukBhnP.exe

C:\Windows\System\YukBhnP.exe

C:\Windows\System\CiodZaV.exe

C:\Windows\System\CiodZaV.exe

C:\Windows\System\YkWayaO.exe

C:\Windows\System\YkWayaO.exe

C:\Windows\System\ThZEOrn.exe

C:\Windows\System\ThZEOrn.exe

C:\Windows\System\xYZyIzk.exe

C:\Windows\System\xYZyIzk.exe

C:\Windows\System\bjmnzim.exe

C:\Windows\System\bjmnzim.exe

C:\Windows\System\GFkFgNj.exe

C:\Windows\System\GFkFgNj.exe

C:\Windows\System\BLMuPEH.exe

C:\Windows\System\BLMuPEH.exe

C:\Windows\System\iOkJLzU.exe

C:\Windows\System\iOkJLzU.exe

C:\Windows\System\lagtfgq.exe

C:\Windows\System\lagtfgq.exe

C:\Windows\System\lUwegsz.exe

C:\Windows\System\lUwegsz.exe

C:\Windows\System\MrUCGkp.exe

C:\Windows\System\MrUCGkp.exe

C:\Windows\System\QqWukpx.exe

C:\Windows\System\QqWukpx.exe

C:\Windows\System\TPkRtYC.exe

C:\Windows\System\TPkRtYC.exe

C:\Windows\System\olgiZKM.exe

C:\Windows\System\olgiZKM.exe

C:\Windows\System\PjGLXGl.exe

C:\Windows\System\PjGLXGl.exe

C:\Windows\System\ldHwQkt.exe

C:\Windows\System\ldHwQkt.exe

C:\Windows\System\REbzsnB.exe

C:\Windows\System\REbzsnB.exe

C:\Windows\System\hvtItgZ.exe

C:\Windows\System\hvtItgZ.exe

C:\Windows\System\YUftkbX.exe

C:\Windows\System\YUftkbX.exe

C:\Windows\System\PraNaTW.exe

C:\Windows\System\PraNaTW.exe

C:\Windows\System\nvYJqkr.exe

C:\Windows\System\nvYJqkr.exe

C:\Windows\System\hJDWBGk.exe

C:\Windows\System\hJDWBGk.exe

C:\Windows\System\nltcktC.exe

C:\Windows\System\nltcktC.exe

C:\Windows\System\lkSXuWg.exe

C:\Windows\System\lkSXuWg.exe

C:\Windows\System\xifvdTm.exe

C:\Windows\System\xifvdTm.exe

C:\Windows\System\llzXiSF.exe

C:\Windows\System\llzXiSF.exe

C:\Windows\System\gnWbVqV.exe

C:\Windows\System\gnWbVqV.exe

C:\Windows\System\ZaXpePb.exe

C:\Windows\System\ZaXpePb.exe

C:\Windows\System\pyfTrdH.exe

C:\Windows\System\pyfTrdH.exe

C:\Windows\System\JWiMLJq.exe

C:\Windows\System\JWiMLJq.exe

C:\Windows\System\SfEBfNh.exe

C:\Windows\System\SfEBfNh.exe

C:\Windows\System\UjHYoHd.exe

C:\Windows\System\UjHYoHd.exe

C:\Windows\System\IvGxyVI.exe

C:\Windows\System\IvGxyVI.exe

C:\Windows\System\NjPMQex.exe

C:\Windows\System\NjPMQex.exe

C:\Windows\System\QapDDwx.exe

C:\Windows\System\QapDDwx.exe

C:\Windows\System\LBryRDw.exe

C:\Windows\System\LBryRDw.exe

C:\Windows\System\rpMckHL.exe

C:\Windows\System\rpMckHL.exe

C:\Windows\System\xzqHZai.exe

C:\Windows\System\xzqHZai.exe

C:\Windows\System\XwdwYeH.exe

C:\Windows\System\XwdwYeH.exe

C:\Windows\System\XsRuCst.exe

C:\Windows\System\XsRuCst.exe

C:\Windows\System\BYzOleL.exe

C:\Windows\System\BYzOleL.exe

C:\Windows\System\naIkKLJ.exe

C:\Windows\System\naIkKLJ.exe

C:\Windows\System\ruuOrFf.exe

C:\Windows\System\ruuOrFf.exe

C:\Windows\System\brucDgi.exe

C:\Windows\System\brucDgi.exe

C:\Windows\System\GqVylqO.exe

C:\Windows\System\GqVylqO.exe

C:\Windows\System\MXrftAO.exe

C:\Windows\System\MXrftAO.exe

C:\Windows\System\GHFcvOE.exe

C:\Windows\System\GHFcvOE.exe

C:\Windows\System\uYMIReN.exe

C:\Windows\System\uYMIReN.exe

C:\Windows\System\GWCOwcn.exe

C:\Windows\System\GWCOwcn.exe

C:\Windows\System\dzmDwRz.exe

C:\Windows\System\dzmDwRz.exe

C:\Windows\System\UREpxes.exe

C:\Windows\System\UREpxes.exe

C:\Windows\System\XNAoXFV.exe

C:\Windows\System\XNAoXFV.exe

C:\Windows\System\ImfgVmU.exe

C:\Windows\System\ImfgVmU.exe

C:\Windows\System\hDrpAHh.exe

C:\Windows\System\hDrpAHh.exe

C:\Windows\System\BuIFeEH.exe

C:\Windows\System\BuIFeEH.exe

C:\Windows\System\vZwqnKh.exe

C:\Windows\System\vZwqnKh.exe

C:\Windows\System\tdlERbq.exe

C:\Windows\System\tdlERbq.exe

C:\Windows\System\NhGObbZ.exe

C:\Windows\System\NhGObbZ.exe

C:\Windows\System\QftjEbz.exe

C:\Windows\System\QftjEbz.exe

C:\Windows\System\twOSmWJ.exe

C:\Windows\System\twOSmWJ.exe

C:\Windows\System\iodrxKb.exe

C:\Windows\System\iodrxKb.exe

C:\Windows\System\XCQJxpS.exe

C:\Windows\System\XCQJxpS.exe

C:\Windows\System\xtwLLbF.exe

C:\Windows\System\xtwLLbF.exe

C:\Windows\System\lybYDZI.exe

C:\Windows\System\lybYDZI.exe

C:\Windows\System\xfGIikL.exe

C:\Windows\System\xfGIikL.exe

C:\Windows\System\ietlgVE.exe

C:\Windows\System\ietlgVE.exe

C:\Windows\System\DUdKEAn.exe

C:\Windows\System\DUdKEAn.exe

C:\Windows\System\kXEnEth.exe

C:\Windows\System\kXEnEth.exe

C:\Windows\System\dKhATHC.exe

C:\Windows\System\dKhATHC.exe

C:\Windows\System\uZhgfqJ.exe

C:\Windows\System\uZhgfqJ.exe

C:\Windows\System\gVRCXJY.exe

C:\Windows\System\gVRCXJY.exe

C:\Windows\System\JybGYGZ.exe

C:\Windows\System\JybGYGZ.exe

C:\Windows\System\PuNrJNa.exe

C:\Windows\System\PuNrJNa.exe

C:\Windows\System\jwuygzr.exe

C:\Windows\System\jwuygzr.exe

C:\Windows\System\PWNOwet.exe

C:\Windows\System\PWNOwet.exe

C:\Windows\System\ZoGWKbn.exe

C:\Windows\System\ZoGWKbn.exe

C:\Windows\System\KgSObYc.exe

C:\Windows\System\KgSObYc.exe

C:\Windows\System\oGBgJUR.exe

C:\Windows\System\oGBgJUR.exe

C:\Windows\System\gPlQrVc.exe

C:\Windows\System\gPlQrVc.exe

C:\Windows\System\rBfCBXK.exe

C:\Windows\System\rBfCBXK.exe

C:\Windows\System\mtMuaeg.exe

C:\Windows\System\mtMuaeg.exe

C:\Windows\System\LNRjzNT.exe

C:\Windows\System\LNRjzNT.exe

C:\Windows\System\RjcUleH.exe

C:\Windows\System\RjcUleH.exe

C:\Windows\System\dqDyfmR.exe

C:\Windows\System\dqDyfmR.exe

C:\Windows\System\SaXaJOl.exe

C:\Windows\System\SaXaJOl.exe

C:\Windows\System\IarQRxA.exe

C:\Windows\System\IarQRxA.exe

C:\Windows\System\kqAHQmM.exe

C:\Windows\System\kqAHQmM.exe

C:\Windows\System\zXhKpwm.exe

C:\Windows\System\zXhKpwm.exe

C:\Windows\System\PDIOMCN.exe

C:\Windows\System\PDIOMCN.exe

C:\Windows\System\Yvkomny.exe

C:\Windows\System\Yvkomny.exe

C:\Windows\System\npHSxvA.exe

C:\Windows\System\npHSxvA.exe

C:\Windows\System\kYqkwUi.exe

C:\Windows\System\kYqkwUi.exe

C:\Windows\System\RXOcJSB.exe

C:\Windows\System\RXOcJSB.exe

C:\Windows\System\JYfbtRi.exe

C:\Windows\System\JYfbtRi.exe

C:\Windows\System\AQXJmLb.exe

C:\Windows\System\AQXJmLb.exe

C:\Windows\System\QZdXeoj.exe

C:\Windows\System\QZdXeoj.exe

C:\Windows\System\bqkCfHH.exe

C:\Windows\System\bqkCfHH.exe

C:\Windows\System\iwzBfCJ.exe

C:\Windows\System\iwzBfCJ.exe

C:\Windows\System\EQirRHW.exe

C:\Windows\System\EQirRHW.exe

C:\Windows\System\FbdhJFW.exe

C:\Windows\System\FbdhJFW.exe

C:\Windows\System\buhWkPO.exe

C:\Windows\System\buhWkPO.exe

C:\Windows\System\QLeXILM.exe

C:\Windows\System\QLeXILM.exe

C:\Windows\System\fCfDXZb.exe

C:\Windows\System\fCfDXZb.exe

C:\Windows\System\fcQBATL.exe

C:\Windows\System\fcQBATL.exe

C:\Windows\System\oRaMBZy.exe

C:\Windows\System\oRaMBZy.exe

C:\Windows\System\PkkUtgV.exe

C:\Windows\System\PkkUtgV.exe

C:\Windows\System\gbxuANP.exe

C:\Windows\System\gbxuANP.exe

C:\Windows\System\lyccPPq.exe

C:\Windows\System\lyccPPq.exe

C:\Windows\System\CGHpUSB.exe

C:\Windows\System\CGHpUSB.exe

C:\Windows\System\qBRZzkq.exe

C:\Windows\System\qBRZzkq.exe

C:\Windows\System\TlPvSBH.exe

C:\Windows\System\TlPvSBH.exe

C:\Windows\System\GlOfZjh.exe

C:\Windows\System\GlOfZjh.exe

C:\Windows\System\DeKvKKD.exe

C:\Windows\System\DeKvKKD.exe

C:\Windows\System\AJnJiOL.exe

C:\Windows\System\AJnJiOL.exe

C:\Windows\System\VRNaUGF.exe

C:\Windows\System\VRNaUGF.exe

C:\Windows\System\UntyETs.exe

C:\Windows\System\UntyETs.exe

C:\Windows\System\wzpJfDS.exe

C:\Windows\System\wzpJfDS.exe

C:\Windows\System\ujSVPRx.exe

C:\Windows\System\ujSVPRx.exe

C:\Windows\System\rgYXpnX.exe

C:\Windows\System\rgYXpnX.exe

C:\Windows\System\BkLnDAA.exe

C:\Windows\System\BkLnDAA.exe

C:\Windows\System\YPMmXYn.exe

C:\Windows\System\YPMmXYn.exe

C:\Windows\System\zpRvGHZ.exe

C:\Windows\System\zpRvGHZ.exe

C:\Windows\System\hbdqMge.exe

C:\Windows\System\hbdqMge.exe

C:\Windows\System\UjGImRq.exe

C:\Windows\System\UjGImRq.exe

C:\Windows\System\eVNGMIm.exe

C:\Windows\System\eVNGMIm.exe

C:\Windows\System\MVTzRDA.exe

C:\Windows\System\MVTzRDA.exe

C:\Windows\System\qBffypv.exe

C:\Windows\System\qBffypv.exe

C:\Windows\System\PlYfQwB.exe

C:\Windows\System\PlYfQwB.exe

C:\Windows\System\Sprjcue.exe

C:\Windows\System\Sprjcue.exe

C:\Windows\System\rfStRiV.exe

C:\Windows\System\rfStRiV.exe

C:\Windows\System\bLCdMMq.exe

C:\Windows\System\bLCdMMq.exe

C:\Windows\System\WEqfInU.exe

C:\Windows\System\WEqfInU.exe

C:\Windows\System\wNpCezU.exe

C:\Windows\System\wNpCezU.exe

C:\Windows\System\MUJhFIc.exe

C:\Windows\System\MUJhFIc.exe

C:\Windows\System\djtckqf.exe

C:\Windows\System\djtckqf.exe

C:\Windows\System\safsfyQ.exe

C:\Windows\System\safsfyQ.exe

C:\Windows\System\UoSIaCU.exe

C:\Windows\System\UoSIaCU.exe

C:\Windows\System\MRMHSvu.exe

C:\Windows\System\MRMHSvu.exe

C:\Windows\System\yAbmkhM.exe

C:\Windows\System\yAbmkhM.exe

C:\Windows\System\ggWdJQT.exe

C:\Windows\System\ggWdJQT.exe

C:\Windows\System\hJBQcBA.exe

C:\Windows\System\hJBQcBA.exe

C:\Windows\System\mANSJNM.exe

C:\Windows\System\mANSJNM.exe

C:\Windows\System\bjXYqYH.exe

C:\Windows\System\bjXYqYH.exe

C:\Windows\System\hhchAzB.exe

C:\Windows\System\hhchAzB.exe

C:\Windows\System\iIIAhph.exe

C:\Windows\System\iIIAhph.exe

C:\Windows\System\ebvXTDY.exe

C:\Windows\System\ebvXTDY.exe

C:\Windows\System\yXvPhKm.exe

C:\Windows\System\yXvPhKm.exe

C:\Windows\System\dPIBEEI.exe

C:\Windows\System\dPIBEEI.exe

C:\Windows\System\cVMjxif.exe

C:\Windows\System\cVMjxif.exe

C:\Windows\System\RFaaITs.exe

C:\Windows\System\RFaaITs.exe

C:\Windows\System\zQSsBfi.exe

C:\Windows\System\zQSsBfi.exe

C:\Windows\System\FOUumHX.exe

C:\Windows\System\FOUumHX.exe

C:\Windows\System\bhlEgFp.exe

C:\Windows\System\bhlEgFp.exe

C:\Windows\System\kRBJQCm.exe

C:\Windows\System\kRBJQCm.exe

C:\Windows\System\enWtErK.exe

C:\Windows\System\enWtErK.exe

C:\Windows\System\ZcPeDRl.exe

C:\Windows\System\ZcPeDRl.exe

C:\Windows\System\BpyutFx.exe

C:\Windows\System\BpyutFx.exe

C:\Windows\System\nUnBjcz.exe

C:\Windows\System\nUnBjcz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 52.111.227.14:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/3084-0-0x000002BDBB6C0000-0x000002BDBB6D0000-memory.dmp

C:\Windows\System\lCFnNsN.exe

MD5 93e86d7984651c63c2aa9e676b391d13
SHA1 9a122555eb3e6594396493a4dccb4ec33a53ecf8
SHA256 fa0018ffee8b09bf605d7712f69bdee33355861fb1456a8b52a50f85f74c8a60
SHA512 6db38bd58ab4ebeffe44d0580421c87cd4985bc6dbc4295039b7800fdd74cc614725f9be5624caf341dab761885faf8f1faf8efa6886818cc23a882010b76ffa

C:\Windows\System\pmwWovw.exe

MD5 6e89f6793632b0e0672036004a2c84b7
SHA1 ced59999773c8f9d728d8e79d0a35c46a7119e4c
SHA256 a13830c217680d1430954ad5907a5c8963bf99778c0320c2ffd75c7c8fe32d9b
SHA512 a7e1ba88ad517a18d39cf43302e41a4fdd6e4c33d5fa30f04fe39c19ff95eaff02183e4f5047b63ea46fa8cfa0fb54ab0ec746d1680af5022643aa63034b8e74

C:\Windows\System\CIqhjZh.exe

MD5 a94b25631e6cc0ec2d880f90b9856485
SHA1 ec1ff5e1a10c5a9a04ba8f441f5a83e39bd6f665
SHA256 6414149f1d04378a04ab54c221063a7cbd8c38eaa90d51ede29de580413a6453
SHA512 2b1c90b9aa6488d530023b19567a1183688539b012da3abbda61b877a3c769ab6797f30455bbb4fd416ba95aeb024c1d21b1315d8b334727ff6d8befcb209707

C:\Windows\System\BuYBrNJ.exe

MD5 0a3446bd98ec76d1613a7ad975b5ebbd
SHA1 61a01875d4b9d61c9a0b26820b9442d322b76f1d
SHA256 48c3bd005bc17f1e35e02e5b96fd0700b869dac4681c25729ee6ac4dcda5bd17
SHA512 979d751301406a8a113c78f51f7605c77a8fcec503beab62c50185437ddd18f3bd8243f5b53724b5a54f5b042dd8a2a810773462c888eba3bf9433706ada8631

C:\Windows\System\pMBXjud.exe

MD5 c2e6ac39628335a9d9d00b1267e54ca5
SHA1 229c56696e6207a287fba42380e513ae5f9ed175
SHA256 9a88b1f142f303aa8b8c378e9ee6bfba4d2498670f37d890b70f47fbc5a884f9
SHA512 1f329f20c14eee267b2d62696bd8c572f3077bfd0badead3d6b9530e9c73cb8efd8e7ba6d52a5ec0b8230ee631784ac7a1ae351dda4d12f8b839852062dbab23

C:\Windows\System\EJBHBIP.exe

MD5 38ee721f74bcb88d9e1b05c70151bea0
SHA1 f463e337b5d6914b56a627682ab7c60cc8178719
SHA256 7f2524f75c98fd1adb47db093f3d5922cb27a6900b7da1d95f9b8b00b934986d
SHA512 e2cf997df4a1130963a81661edfc5ef8bb005d89f3a99091fc8b34a7a541d55750c864cb3b2b8a2a2af7b0457d3cb315363820f84631db6a5314633d93f98d32

C:\Windows\System\jPvRUHI.exe

MD5 3de029432620de59898ac1267e290bb5
SHA1 5c077296fdf908654dbdcb3741e78d079728f16e
SHA256 725ee6b7f9016c91eab49758f2ec98e63cc245d43e270c4b996e6da9d38e975b
SHA512 63e62a65599ae142ecdc04bdbb3ec603a0c3ce217451d24268d6baec35116e551a205b85c6a49cb802f00c673ab11a9630392a8260f8fc3a53217a14c3a8c5d8

C:\Windows\System\opiGhQr.exe

MD5 015137a74bafdfecc4eefac8084842f5
SHA1 7e64d872794b131184afe135a664226b2d566c21
SHA256 75439ca652c90c4a4abe6f9a7de04c27055ceabb1412c40789e15e1de6156474
SHA512 3cae6148c39f32d7cd5c15131590599ef1244c87d295ef5572d82210378654fa8832a11929c315d10392a0790624000133608ca0537aa4b82ac307ff896928df

C:\Windows\System\kewTHjh.exe

MD5 bf2efbbc478d43afdfc7d8057bad431d
SHA1 0b0f1b6b393bb0f9e6e16be4a4782a1b60bbe100
SHA256 5dcf7709f3a7e1914c37e43a82e24a4ad92411548aac5f98b02ae847dd799dfd
SHA512 e72ebe780f7febcfffaefd5f0c34a0ac40bd66e6c6f0af71f4b9c7fbb2db2c01f461579ab330bf295bc7d63ddcd22c228b36b73a8425643448c8a3757a9c23d4

C:\Windows\System\xPibOwb.exe

MD5 e0e19081da924f2a806580fb86b29444
SHA1 71b7aff76a4bb3064de9aced318c693af7a1faed
SHA256 5a2c4a1b6c9139e26d91d76c482b4c0e5dcc4eb560818ef8e61dcc6dd3599cea
SHA512 142bed9fbd7020818e0ee8bc3a7e07150329abbbf5c6b44f70ed2bd05392f268e442a106c7ea82c522afd88e572390a6fd0ed38538e7a2fb93c86cb34f7e17fe

C:\Windows\System\UQvwWXe.exe

MD5 74ca874a959fef55eddfa0f36765a62f
SHA1 55b5c0311a5f34df87ecb4a4304ba839891bccc6
SHA256 fe863bd2a24f3bb5ff989be41f56dde44d668b350328199bd4ef733b1539780a
SHA512 9bfdb7dbd8dd6e75b3c04f29b147adc4979934a2ac7310ac90f05d181c81837342c2b134f427559da6c0bb6e79331ec4059ea0184afea7139abfcc8502d66bb6

C:\Windows\System\gPRZaHt.exe

MD5 54db1aa6fdc208a60dbbe776e2b220f7
SHA1 ec8e6420aba9aa2c5a7ea8a31a4091f6a40ba57e
SHA256 9bb4ed40375dbc69be3c921d0e2431ded02f0de268002f7e1eec4b83d43b61b0
SHA512 9fd3f5b8fe22313ef088c8512036291eedb5892b6f918555869a3645c305503a1bf739ea0d4288059412870eb9fb76cf13b162969b4957a226ac2777f586c653

C:\Windows\System\DFcbSAi.exe

MD5 c4cc43b08435bd2cc4788c2e0c635c02
SHA1 3290f845f2b68d54ff4e5e7c0b4878dae7dccdb9
SHA256 772960823333389a2cf3e90d57295ba57a9840c7de45195d2c1c6f269be93879
SHA512 e63a56fea860bc9e4421dd60ad3917857843f4444226d0c97a8c523500dce4a5ff2c8964379efc56a61145daff64740b3fb9368785ea0c4ef5dcb34252b3be1a

C:\Windows\System\zfYQhAh.exe

MD5 e0b5281428fbc072351dc4b577af39e9
SHA1 06339af62d12a01fc954640786bf7578174212e2
SHA256 930cf7ca6a007b5c830bb8e97574356cc845f7480ed0a168300dbb067af25a5b
SHA512 1772b32943ddeeca251f62c4197e90bdf9262874c79026b7dd6e03dc7f9a8b1b7ed74c178f858f9a03cf6a8ea825eeeb77f27bbcab0c38381ff0ecf22d262d75

C:\Windows\System\AMOgSFf.exe

MD5 a6197fb81a66131b5736ea31ac918ad8
SHA1 ba7f2799eee96f79001d0e4e2283284bc67eade6
SHA256 ef3dd5059edf46872d5fcedc17cf3e8127ac3e6d199d827fbbe853fbd6a39032
SHA512 0be25a33b6b56d131ac639db2553a5eee6f6343396edded43dc5b8ba86dc5447aa8a86901bc24caec521f5a41b4d1050c679d569925d874a45ae1cc517927e08

C:\Windows\System\ivnVoBg.exe

MD5 1de9d5c9b08f51548037485a9ef279b0
SHA1 10c4b05a10d67b29dd05ee918efbf6cae64015d3
SHA256 06334c1639ba943ee48251b251908f672c96fd80c61c692171d32c7a12e563b6
SHA512 c81067bad0742704983af194df0e3f37fca40cd256d67ccd9695672810ccc28bb9f29911cdd3a4b8ae3f2551db02aca595a1dbeff4620397933e29ca8ccc786c

C:\Windows\System\VNiAjeq.exe

MD5 4ff2cd4abd04f851afdf151e4044900e
SHA1 b2e183302d001daa072bb142a191c4e478844ea3
SHA256 46086eca89dd3319851823bca4f854dc3c6946b9f246320c6c67cbb0a5fae5e8
SHA512 d574708cb75add976a45cbcad96183c3ddb406d2ab269af8979279f06c649488acb90da25fe7203c496bc97bde85bf84e1826404d8bac445b9df75097e82e9c6

C:\Windows\System\dRntKxk.exe

MD5 22fdaa0310c431200f9b7d6022a31835
SHA1 2ad393cc4c5175fd4192db34f39e07d8f7ed3213
SHA256 a410da5d506d9eb5ae5e0075c4383f4e537b2047683c1472dfc146178beb41d0
SHA512 ddccf9fcabe56c421a113eccba5b266ea02fde204e1728c83b5d6a1d063aeaf57722db16adb734341979b474c8f06e131f94b79bc0cd468dc3578c7c681ef23c

C:\Windows\System\RRHzUAC.exe

MD5 548a4c04712ccea7e0f264f2fa2a27f3
SHA1 42cc35189a230410103a5cf153cf67c8a0617cce
SHA256 9d5d805fd0ccee0f173af4d3605ac1947c42368d10b8420df300a7e3290c8a25
SHA512 99cd3198666686c1deea3a8f0b6b0f11d6a5d3e760f67abf7b0cd79f4589f0b70d8fba9bdb6db340e8a807e10485d685dcee10f0f1b1339483b5622088d11443

C:\Windows\System\DRirybm.exe

MD5 949d7ffd9d74251751479113bce350ca
SHA1 425a117eada0d7cfcc0c850b111df5c5457130f9
SHA256 db1834f39b6d5fa9f164754565055e8a992b9f1256ceb2ccd55f8cbb6e472372
SHA512 8f87a4f62c2ebb9093e6fc7848f568010ee33db7aa7615d1b2e68a3c7e08a6fc3188a687c242089e670bc1d6084c5f8b2458b0fcfd05d4c2573106976ec833be

C:\Windows\System\HWzZlwC.exe

MD5 ffaa525e98d9ba306c935970e02764ba
SHA1 f4d9276b87a216ed8c66413743a42891906907e7
SHA256 003a45b5a916820ff3317f5634860813b19d4283e1ae797a50cf888f77cb8bf1
SHA512 11e1a39e19959becfc2a236722cb580835b4744b95688d83714bb0d6cced63d1a62ef45e24c7f65cd615a6275592cc7412d38e1975f07c5dabc1d5b0ff375bff

C:\Windows\System\fhiCjpv.exe

MD5 3e82fcec2ee5a0067c50840b4430ca78
SHA1 11ae0153ce94af660b4931ebe75391e868f8cd86
SHA256 87e8ce346af501379f68477f74c0c1207d1466ed771a4064ec3775e97309e5c6
SHA512 04b4e7a353c1c794a78ce3db1e89be8b12b35aaa37eea9a6d712e3e255b77ee3b93260ecd731f44af22dff08ae8acd217d60a364f8bdfb2c86c2e73ceb81041d

C:\Windows\System\fmuqfqM.exe

MD5 ebaffb5507750601d63009a05dd3111e
SHA1 b264ebc42ec9ba77d50b38a4f0337cd5fcd76e1e
SHA256 083d27909008791339a75f1d7b1b10134dd3fa213f1f4846d97337f8aa6c43f0
SHA512 0c42cd9e98e398ea95b40314cc23a0b27112d27867d24f40f46df0bd35cc26a98ae67c68dfe688cbcb4d33e99577e243b0c1be3b71b65264b4ee5974fd9bad80

C:\Windows\System\YfNErGa.exe

MD5 2bd4c6b01d8a6ad41f4e82d20edc1f18
SHA1 a8187a25576680ef139d579f06c18c6dd2a75fe4
SHA256 9717224367ffe1e1c2cd19cdb6b9306a850e3804cbf5108ea96783f4ad80519c
SHA512 99d095d9f64fa7424595516d2ce41ee5446cbcdad893f0a88eb8384b8b2a91c05b99b948aceb9f8326ce2e7f2a00d407058830a2258fdb3384cce102d2b25ad4

C:\Windows\System\tHokXoj.exe

MD5 89931850a4f51d0c8e2cf91dd8ec61cc
SHA1 9bb43618eee6c30aa0c4a9472c18d0b38c2f4553
SHA256 064f55e8f23970d8cb4bc27b254662bd0f45fff8f2114be06e7cba18794a8946
SHA512 0d97469ec7b00346ef2b25bd3721c5d1b39428ae9e64370dbb46224d62bbdab1d47bd82e17f8b1b556dcb9ab2d759962000bbad6af4eecfd265103019dd03108

C:\Windows\System\LFwYAXq.exe

MD5 202f2af649da85a61ab1d23ac5f377dd
SHA1 c0d0db6be86fe2c405a09d5308c6570471d8584e
SHA256 3ac5ce66f76c898a811da373a6cff6cc0159abd6a903cd024df7402f98d68709
SHA512 cfd1bb946bbb0b4433d94f706f9597263f8f46d0d20944d42f25bb73bd101f710f8802af03422b1d663a1ac29b45aa1144d70bda65a6a9b68f97431f24614c23

C:\Windows\System\HqrGBmb.exe

MD5 1713fa53065cdfc0643aef097ebbefd3
SHA1 72a84cbf2ec515f8cd70b4ed27352aa7e5ad8e22
SHA256 8a3f148994d729946c2aa7b6b33a739caeaf87315ad2b13029c90532ce5bf14f
SHA512 e276e93b058c68c2f4d02ede9d5e1dcdcf48b1f966cf91873376eaed809054bb22f5f0baed73372f3c41f5ed03c86f1be49103d43de6c860e418941c6a0c256d

C:\Windows\System\ENEjyDR.exe

MD5 86b00e2fbe79d5acd7bc289df2b452b3
SHA1 a233c8e3fa01a64c5e82602649a751083bf4d8bc
SHA256 b01167c70d08ef95c9c7f2864396392f980657fe4b85556644441838bc1176cd
SHA512 29a4875541b13137437cd4622b78cbc167578facb3bb4ad456effc176e6e930102f85f74ec4056561127baa0a57ff4cd0ae032e5a3bb71191a507a2d3078b587

C:\Windows\System\FPufWTs.exe

MD5 8280cfa7eac86e16d48b6ae086a4929b
SHA1 534946a71134d9dcba7d8a69121e280424e8b76d
SHA256 83f17c69643e9da3fa15a0dfedc49cc4e434fb5c4677249abf0ae12568996ad6
SHA512 3208513aea34e05ea7debb9d0d3786cc0f1e948622b0292e86155ff3ec0db7ba8e49fda5248c028c66a205b79d60d179b60a9692c4ae874b1b0a80229d242d2e

C:\Windows\System\wptNPAY.exe

MD5 baa4c8d631a01aa2cf8e94d3901fdb90
SHA1 7aa70396ef85daedb975bcf6c90e0f1176b506ce
SHA256 06588b858d2a8613011c73f9ab439908f90467ffb3facbeae484f6b28e35084c
SHA512 21752842ecec70b14e4641b1694fada2e06185b54e1156247ed5c4866dbe963745214374b2296e3af3197bb18007bcda712769bd7820bafb22a43ffc025d6642

C:\Windows\System\WoPjTQv.exe

MD5 d27b955cec86bca45d17da547f21bc92
SHA1 1cb37f24d19dc1c4cdbf88788cb32d9f3f32473f
SHA256 348907cfc40ab39fe2e0a1413267d09415832d616b27e6824b211a6b4db48db4
SHA512 14ea98aee4bbfca239ec52738ed08d2f1580beeb8d6e4065661e157529f1c156b044537b4d1c491c0c0f1ab8104ac5c2c8c01ef5d68642853cd65450daeee383

C:\Windows\System\aNMClNf.exe

MD5 2b184124aaf7ca7a756a5d091ead8e32
SHA1 01708b173af874e5e5354f3b35dffac3c0b65895
SHA256 645cf15561d25d8dfd2bec137c0daa31fb84c230b37f9ac5ed805952678876f4
SHA512 2f6e44a778ce4fe6b1da07eebb1821b18ad00bd07b435c18cc80fef7618ae9c3d4ff747c509eb4516c0e91aff3a930a4a06c778b353c9e4d3039f2805eae71f0

C:\Windows\System\oBbjgLb.exe

MD5 83a08d41c73c14b087f2ec818a32c576
SHA1 afffacb4c1faec5bf4a114a2102cd4c14fcd18a4
SHA256 55dc978cea7aa2dd78db014bc03bb25acc1256ef729f13e14d0b64c69c403735
SHA512 0b0dda2613667b86ed7d591e65c7977157b815aa0197555d22a530344e629032bf3ed5c371e2e0ef8e0930de24d639f64af770a0823c93d2c51d8e440a4fef05